Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Trojaner auf USB: Exploit CVE 2010-2568 (https://www.trojaner-board.de/101819-trojaner-usb-exploit-cve-2010-2568-a.html)

Schreibtisch 29.07.2011 08:59
Trojaner auf USB: Exploit CVE 2010-2568
 
Hallo Forum,

ich habe gestern mit Erschrecken feststellen müssen, dass ich auf meinem USB-Stick einen Trojaner mit dem Namen Exploit CVE 2010-2568 habe. Auf dem Stick selbst befindet sich ein RECYCLER-Ordner, daneben 2 Dateien mit dem Namen "Copy of Shortcut to (1)" bzw. "...(2)".
McAfee findet den Trojaner, meldet ihn als entfernt, er taucht jedoch immer wieder auf, lässt sich also nicht entfernen. Ich habe auch schon andere Antivirenprogramme versucht, unter anderem AVG Antivirus, der findet zwar auch den Trojaner, kann ihn aber auch nicht entfernen. (Andere Sticks scheinen nicht befallen zu sein, sie zeigen mir zumindest keine der oben genannten Dateien an bzw. ich bekomme auch keine Meldung vom Antiviren-Programm, dass dort etwas drauf ist - aber das muss ja vielleicht nichts heißen....)

Den Stick einfach nicht mehr benutzen kann ich nicht, den brauche ich, da sind quasi alle wichtigen Unidaten nochmal gesichert und z.T. einiges, was ich nicht auf dem Rechner habe.

Ich habe mich bereits ein wenig eingelesen bei euch und habe defogger runtergeladen und wie beschrieben auf "disable" geklickt. Zum Neustart hat mich das Programm nicht aufgefordert, die Log-Datei ist aber trotzdem erstellt worden und schreibt dabei folgendes:

Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 09:37 on 29/07/2011

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
Den Stick hatte ich dabei nicht angeschlossen (das ist mir jetzt erst aufgefallen, entschuldigt, ich habe von dem Ganzen herzlich wenig Ahnung, deshalb bin ich ja auch hier...) - sollte ich das damit nochmal wiederholen?

Ich hoffe, ihr könnt mir helfen.

Danke und Grüße vom Schreibtisch

cosinus 29.07.2011 10:25
Deaktivier erstmal die automatische Wiedergabe komplett => Einstellungen für automatische Wiedergabe ändern

Danach wird ein Autorun-Schädling nicht mehr automatisch gestartet wenn ein derart infizierter Datenträger angesteckt wird.

Bitte dann routinemäßig einen Vollscan mit malwarebytes machen und Log posten. (alle externen Datenträger auch überprüfen lassen!)
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!


Danach OTL-Custom:


CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schreibtisch 29.07.2011 12:23
Hallo Cosinus,

schonmal danke für deine Antwort und dass du dich mit meinem Problem befasst.

Ich habe den Scan mit Malware ausgeführt und die Log-Datei zeigt folgendes an:
Code:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7315

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

29.07.2011 12:41:42
mbam-log-2011-07-29 (12-41-42).txt

Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 275540
Laufzeit: 1 Stunde(n), 3 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 239

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{D1B40E74-AF7B-B217-576C-93620E923162} (Trojan.ZbotR.Gen) -> Value: {D1B40E74-AF7B-B217-576C-93620E923162} -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\***\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\A8JGPJ2N\ndhpjrck[1].htm (Backdoor.IRCBot.Gen) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\C2MW5X06\luckrmksmy[1].htm (Trojan.EnoV.Gen) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\B3BC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\qbTplyZo.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\aRNfqsWs.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\ieTfXIWP.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\ShkOFVSk.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\BPGDYVAH.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\YKDNCCTO.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\AHhUeLKG.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\qIibWHYD.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\dKtbaeIR.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\kwFDiNyc.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\aOPIqytt.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\VMKsjiAi.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\GhheadwA.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\EFaklmIn.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\lWXHfwoh.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\TSwcxvUI.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\Frjsjvkk.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\xOxpGrUT.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\urpkojMm.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\uyNjVnkU.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\fGwwxBQQ.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\FGmXZOng.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\kDtfBANp.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\ihyCBmDZ.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\APTMmnCr.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\sOIuBVTZ.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\sZyZELHk.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\rBwvcPcv.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\YYrRIOcD.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\NOHiWBRP.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\ArPidEIh.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\EMSnsaFY.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\JRApRpHG.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\ENJSPQtk.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\slnJqidV.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\ylXKVRKc.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\MjidZiwQ.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\IJVmmEWo.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\jnsskLPE.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\stkJcaCV.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\WnHKVvBp.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\TmoVEgGe.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\sHatFAms.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\HMTEBIkS.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\vUysLWWT.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\rQWvMyDR.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\nFDGUdAA.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\sdOPZcrK.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\QfHSsnet.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\qHfqhUuO.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\umnahIIg.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\hnRlRAoT.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\usMWnesX.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\JaRBnSEH.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\ggNjYUxy.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\XskvdMpH.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\ZEGvtAAU.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\MWWRNpdy.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\ikQKPOdd.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\chsrfXJA.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\bvVXDhSL.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\cmXsSAWk.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\LVVCIoWq.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\srvRFwxH.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\GbSsGSkr.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\LZMCsvOJ.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\cWgoirdF.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\vXdujVve.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\sspiCrvw.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\aiwNdRpC.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\OlsltiOK.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\JhQgpbFk.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\BnvjCDtY.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\DhfdLraL.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\QpBJkxWm.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\AEakdOfp.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\xwBTWCXR.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\LZKRoBXa.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\NfdRUZlB.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\OOVIeFOY.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\arUeaYBf.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\BmrDsvEQ.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\mIpOdFCD.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\AxhTMsxa.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\XRfWJOrL.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\eSUdKTDK.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\lunTHhYZ.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\brxbAMUP.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\IjKwiVZB.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\jBnAxUbq.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\TKmiIJiU.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\NSRKkbeX.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\GgRxxney.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\bCOThQGH.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\mSpwreqK.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\VYRfOVaE.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\qxmCfAVQ.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\RCfiBFSe.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\afIxKceW.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\bbUSqHEK.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\nbuvwGZV.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\HfevRKPk.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\EIENBHMf.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\LrddpSgR.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\xVwARXZY.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\EpIpFbAG.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\OGvgUogv.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\xDkRaQax.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\VOldthSa.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\IpWqthRN.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\qYCVsTAu.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\pIALWVKn.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\irNufWNB.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\lhWWJnRE.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\TeBrOJZE.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\kIXTYGIn.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\gIxKKNWr.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\gDbKlyIv.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\PHEmMqJW.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\WTGEpgup.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\boCEyIBK.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\ageqivby.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\XayiybEn.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\mLNDbjZr.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\tTcghFlh.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\LjZvJGkm.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\sUmTfkiQ.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\wKkFNTUI.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\vECuswjD.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\ZjHHmXnf.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\AqiADnHW.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\BmBKMwPk.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\VYfGGnfK.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\eGrGVZUM.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\aKRRcwyH.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\AHAZrQHh.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\iSjwhoto.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\HyRscYip.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\ETLjyiEF.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\BVoSAyNy.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\aFWcwkAP.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\YWghoVFV.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\wAcoxTOA.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\risuWKee.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\gDTPdHFB.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\VJRCTnUp.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\dogfTEmR.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\txREtNJM.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\QPOuEgBl.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\AUcIDEnc.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\WAQajCPv.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\CXkSsbWw.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\RDJKWrQc.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\gcJmbaDn.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\TYnYZyfN.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\SvCeEXVs.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\GgwrmiDE.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\sxqNayyk.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\tANjOUBg.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\KYIvbGbq.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\TSZQaaJq.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\DpDxDwfW.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\wtUojTyj.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\iQrYsKAW.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\ynxhhuXt.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\ShueHLbK.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\ijMCbOeL.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\fryvsBMJ.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\nsbDCFNk.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\xtGmLBpv.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\uEPpOWZU.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\fFqmYPGv.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\QTgZLNGQ.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\NiSmsmXR.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\HpClpEyx.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\vafpfAaO.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\LJDtTXSc.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\ySGiiITf.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\VkSyPHPu.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\vmTQGJZA.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\GZwiPLYY.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\wZXwWdIW.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\OUUVAcNa.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\MmPrEDFE.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\fRTYsCRf.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\HcpCsmMX.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\TkNiRHgv.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\pJJuasTA.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\ydoGmaII.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\WICuCBAi.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\lbHkwWxh.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\muFYOwMn.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\YPBNbgmZ.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\ZbNUUEbq.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\DfJwLbDQ.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\bAvAAAJv.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\ADlhFGFM.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\HpsUVWdK.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\vcHSqRnI.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\CcDvvgtQ.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\sfiDdhfC.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\HmwGkeHQ.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\JryDldhO.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\EHUeLwJe.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\FypcTTGF.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\imQJOsxK.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\bCCcjpWa.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\ioHgokCI.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\lmIjVfAJ.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\swOMEUYg.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\ShlUfnhG.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\McvyncjY.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\THnrOSyn.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\QMkZNIBm.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\pByMqukO.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\sSRGTVeG.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\rHydeVbt.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\NEYVjcLW.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\hxOeXLRN.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\BlBvxwAa.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\mlpFooxT.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\HTfjFCIB.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\oDtMiFvZ.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\keReQPgh.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\vQSaaFAQ.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\CAKwnGFd.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\ZcRrJvKq.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\iNGNDAwW.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\mIeklofR.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\ZOgWUSYS.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\aGVaqmFb.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\acPeUQdE.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\eTyJHOeY.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\FgKxIaYp.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\pbIGQRHs.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
f:\RECYCLER\s-7-4-58-7046232575-6175146116-312348370-1503\IAHJoQEa.cpl (Virus.Ramnit) -> Quarantined and deleted successfully.
Ältere Logs sind nicht vorhanden, das ist der einzige.

Die OTL.txt und die extras.txt habe ich als Anhang angefügt, ich hoffe, ich habe das richtige eingefügt, ich war mir nicht ganz sicher, was du als Inhalt meintest.

Grüße vom Schreibtisch

cosinus 29.07.2011 12:26
Laufwerk F: ist deine externe Platte?
Hattest du diese mal bei einem Bekannten an einem infizierten Rechner angeschlossen?

Schreibtisch 29.07.2011 12:35
Hallo,

ja, F: ist der Stick. Ich bin mir nicht mehr ganz sicher, ob ich den in letzter Zeit an einen anderen Rechner angeschlossen habe... Wenn überhaupt, dann auch nur an den Laptop meiner Mutter (vor ca. 2 Wochen), der, soweit ich weiß, aber nicht infiziert ist/war. Danach habe ich den nur noch an meinem Laptop angeschlossen gehabt und bekam da keine Trojaner-Meldung. Die habe ich erst gestern bekommen, letzte Woche habe ich den Stick aber noch benutzt und etwas darauf gespeichert (Word-Dokument).

Grüße vom Schreibtisch

Schreibtisch 29.07.2011 13:28
Hallo,

ich hab da nochmal eine kurze Frage: Kann ich die Daten, die auf dem Stick drauf sind, auf meinen Rechner kopieren, OHNE mir den Trojaner auch auf den Rechner zu überspielen, oder überträgt der sich dann mit? Könnt ihr sehen, ob der sich schon auf das System übertragen hat? Wenn ich nämlich einfach nur z.B. nach dem RECYCLER-Ordner suche, dann finde ich so nichts (wenn der Stick nicht angeschlossen ist)...

Grüße vom Schreibtisch

cosinus 29.07.2011 13:28
Hast du die automatische Wiederhabe wie beschrieben deaktiviert?
Lass dir auch alle Dateien anzeigen => http://www.trojaner-board.de/59624-a...-sichtbar.html

Danach mal den Stick im Arbeitsplatz/Computer öffnen, falls eine autorun.inf zu sehen ist, diese umbenennen von autorun.inf zu autorun.txt, dann mit dem Texteditor öffnen und den Inhalt (Text) hier posten.

Schreibtisch 29.07.2011 13:53
Hallo,

ja, die automatische Wiedergabe habe ich deaktiviert. McAfee findet den Trojaner trotzdem immer noch - falls die Info von Bedeutung ist, ich kenn mich wie gesagt damit gar nicht aus...

Ich habe jetzt auch alle Daten entsprechend der Anleitung sichtbar gemacht. Auf dem Stick war eine autorun.inf-Datei, die ich dann umbenannt habe. Der Inhalt ist folgender:

RmN

Grüße vom Schreibtisch

cosinus 29.07.2011 14:02
Zitat:
ja, die automatische Wiedergabe habe ich deaktiviert. McAfee findet den Trojaner trotzdem immer noch
Wieso denn "trotzdem"??
Die automatische Wiedergabe entfernt nichts, sie sorgt nur dafür, dass die autorun.inf nicht automatisch verarbeitet wird!

Zitat:
Der Inhalt ist folgender:

RmN
Mehr steht da nicht?
Lösch mal den gesamten Inhalt in f:\RECYCLER\

Schreibtisch 29.07.2011 14:12
Hallo,

ich dachte, wenn die automatische Wiedergabe deaktiviert ist, greift der da vielleicht nicht mehr drauf zu, mir war schon klar, dass der Trojaner deswegen nicht weg ist. Ich sagte schon, ich kenn mich auf dem Gebiet doch gar nicht aus...

Mehr als die 3 Buchstaben stehen in der autorun-Datei nicht. Den gesamten Recycler-Ordner habe ich schon mehrfach versucht zu löschen, er taucht allerdings innerhalb weniger Sekunden danach wieder auf. Es scheint auch so zu sein, dass der Ordner mit der Zeit immer größer wird (vom Dateivolumen), falls das eine relevante Info ist. Im Recycler-Ordner ist weiterer Ordner mit einer elends langen Zahlenkombination.

Grüße vom Schreibtisch

cosinus 29.07.2011 14:31
Lass den Stick mal dran und führe ESET aus:



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

n.

Schreibtisch 29.07.2011 16:24
Hallo,

ich habe den Eset-Scan durchgeführt und dann die Log-Datei erstellt und sie hier als Anhang an den Beitrag gehängt.

cosinus 30.07.2011 18:08
Ich befürchet dein System ist im Eimer. ESET meldet da massenweise Infektionen vom Fileinfektor Ramnit...

Ich würde dir eine Neuinstallation von Windows dringend empfehlen.

Schreibtisch 01.08.2011 08:49
Hallo,

ich hab's schon fast befürchtet bei den ganzen gemeldeten Funden...ist dann wohl auch die bessere Idee. Dann habe ich dazu aber noch ein paar Fragen:

Inwiefern darf ich vorher eine Datensicherung machen, ohne nachher die ganze Malware wieder mit aufzuspielen? Kann ich überhaupt irgendwas sichern? Darf ich eine andere externe Festplatte anschließen und dann Sachen darauf speichern oder ist das zu "riskant", nach dem Befall vom Stick?

Was mache ich denn nun mit meinem USB-Stick (also Laufwerk F: )? Ist da "nie wieder benutzen" bzw. formatieren die einzige Möglichkeit? Kann ich da noch Daten auf den PC holen, dann eine Datensicherung machen und dann alles neu installieren, oder fange ich mir unweigerlich damit was ein?

Ich bedanke mich schonmal für deine Geduld und deine Hilfe, ohne Anleitung hätte ich das so nicht geschafft, geschweige denn rausgefunden...

cosinus 01.08.2011 10:11
Zitat:
Inwiefern darf ich vorher eine Datensicherung machen, ohne nachher die ganze Malware wieder mit aufzuspielen?
Wenn überhaupt nur von einer sauberen Umgebung wie Knoppix oder Ubuntu im Ausprobiermodus aus sichern - und dann nur persönliche Dateien wie Bilder, Musik, Videos, persönliche Dokumente, KEINE ausführbaren Dateien (Programme, Spiele, Setupdateien)

Folge dem 2. Link in meiner Signatur - Datensicherung via Ubuntu.


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:22 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131