Ständig kurzzeitige Rechnerausfälle + andere Probleme (alle Logs gepostet)

#31 nun mach das gleiche noch mal mit:

http://www.virustotal.com/flash/index_en.html
http://sandbox.norman.no/live_4.html
http://www.kaspersky.com/de/remoteviruschk.html
Dr.Web online check
http://info.drweb.com/logo/#onlineforms
__________
MfG Sabina

rund um die PC-Sicherheit

#32 Virus Total

Complete scanning result of "wudfsvc.dll", received in VirusTotal at 09.11.2006, 20:14:19 (CET).

Antivirus Version Update Result
AntiVir 7.1.1.16 09.11.2006 no virus found
Authentium 4.93.8 09.11.2006 no virus found
Avast 4.7.844.0 09.11.2006 no virus found
AVG 386 09.11.2006 no virus found
BitDefender 7.2 09.11.2006 no virus found
CAT-QuickHeal 8.00 09.11.2006 no virus found
ClamAV devel-20060426 09.11.2006 no virus found
eTrust-InoculateIT 23.72.121 09.10.2006 no virus found
eTrust-Vet 30.3.3071 09.11.2006 no virus found
DrWeb 4.33 09.11.2006 no virus found
Ewido 4.0 09.11.2006 no virus found
Fortinet 2.77.0.0 09.11.2006 no virus found
F-Prot 3.16f 09.11.2006 no virus found
F-Prot4 4.2.1.29 09.11.2006 no virus found
Ikarus 0.2.65.0 09.11.2006 no virus found
Kaspersky 4.0.2.24 09.11.2006 no virus found
McAfee 4849 09.11.2006 no virus found
Microsoft 1.1560 09.11.2006 no virus found
NOD32v2 1.1749 09.11.2006 no virus found
Norman 5.80.02 09.11.2006 no virus found
Panda 9.0.0.4 09.11.2006 no virus found
Sophos 4.09.0 09.11.2006 no virus found
Symantec 8.0 09.11.2006 no virus found
TheHacker 5.9.8.209 09.11.2006 no virus found
UNA 1.83 09.11.2006 no virus found
VBA32 3.11.1 09.11.2006 no virus found
VirusBuster 4.3.7:9 09.11.2006 no virus found

Aditional Information
File size: 54272 bytes
MD5: 8a92b1f02571b634f50db35a934989f6
SHA1: 7ea08a6fc3ad64dc211b0e9959c56f0177fa8ce4

Virus Total

Complete scanning result of "regsearch.exe", processed in VirusTotal at 09/11/2006 20:44:13 (CET).

[ file data ]
* name: regsearch.exe
* size: 231936
* md5.: faedd080710c441b93f7178924b82702
* sha1: 61dd02eb1e953e52c0bc6094dec87e9bd7d91d5f

[ scan result ]
AntiVir 7.1.1.16/20060911 found nothing
Authentium 4.93.8/20060911 found [could be a corrupted executable file]
Avast 4.7.844.0/20060911 found nothing
AVG 386/20060911 found nothing
BitDefender 7.2/20060911 found nothing
CAT-QuickHeal 8.00/20060911 found nothing
ClamAV devel-20060426/20060911 found nothing
DrWeb 4.33/20060911 found nothing
eTrust-InoculateIT 23.72.121/20060910 found nothing
eTrust-Vet 30.3.3071/20060911 found nothing
Ewido 4.0/20060911 found nothing
F-Prot 3.16f/20060911 found nothing
F-Prot4 4.2.1.29/20060911 found nothing
Fortinet 2.77.0.0/20060911 found [suspicious]
Ikarus 0.2.65.0/20060911 found nothing
Kaspersky 4.0.2.24/20060911 found nothing
McAfee 4849/20060911 found nothing
Microsoft 1.1560/20060911 found nothing
NOD32v2 1.1749/20060911 found nothing
Norman 5.80.02/20060911 found nothing
Panda 9.0.0.4/20060911 found [Suspicious file]
Sophos 4.09.0/20060911 found nothing
Symantec 8.0/20060911 found nothing
TheHacker 5.9.8.209/20060911 found nothing
UNA 1.83/20060911 found nothing
VBA32 3.11.1/20060911 found nothing
VirusBuster 4.3.7:9/20060911 found nothing

[ notes ]
packers: UPX
packers: UPX
packers: UPX

Virus Total

Complete scanning result of "KWLGLMJDD.exe", processed in VirusTotal at 09/11/2006 20:39:40 (CET).

[ file data ]
* name: KWLGLMJDD.exe
* size: 327763
* md5.: 62e62278c57303e456c646053e53f2e8
* sha1: 5c0d29d242dcd4a37eca378f69da4f2e1ae313dd

[ scan result ]
AntiVir 7.1.1.16/20060911 found nothing
Authentium 4.93.8/20060911 found nothing
Avast 4.7.844.0/20060911 found nothing
AVG 386/20060911 found nothing
BitDefender 7.2/20060911 found nothing
CAT-QuickHeal 8.00/20060911 found nothing
ClamAV devel-20060426/20060911 found nothing
DrWeb 4.33/20060911 found nothing
eTrust-InoculateIT 23.72.121/20060910 found nothing
eTrust-Vet 30.3.3071/20060911 found nothing
Ewido 4.0/20060911 found nothing
F-Prot 3.16f/20060911 found nothing
F-Prot4 4.2.1.29/20060911 found nothing
Fortinet 2.77.0.0/20060911 found nothing
Ikarus 0.2.65.0/20060911 found nothing
Kaspersky 4.0.2.24/20060911 found nothing
McAfee 4849/20060911 found nothing
Microsoft 1.1560/20060911 found nothing
NOD32v2 1.1749/20060911 found nothing
Norman 5.80.02/20060911 found nothing
Panda 9.0.0.4/20060911 found nothing
Sophos 4.09.0/20060911 found nothing
Symantec 8.0/20060911 found nothing
TheHacker 5.9.8.209/20060911 found nothing
UNA 1.83/20060911 found nothing
VBA32 3.11.1/20060911 found nothing
VirusBuster 4.3.7:9/20060911 found nothing

[ notes ]
packers: BINARYRES

Virus Total

Complete scanning result of "DQVCK.exe", processed in VirusTotal at 09/11/2006 20:39:40 (CET).

[ file data ]
* name: DQVCK.exe
* size: 430163
* md5.: 809010330ee37d3b9e199a4bdd4d6641
* sha1: dd8d306fe2d596bda6a54e4e276dde8290fd6a22

[ scan result ]
AntiVir 7.1.1.16/20060911 found nothing
Authentium 4.93.8/20060911 found nothing
Avast 4.7.844.0/20060911 found nothing
AVG 386/20060911 found nothing
BitDefender 7.2/20060911 found nothing
CAT-QuickHeal 8.00/20060911 found nothing
ClamAV devel-20060426/20060911 found nothing
DrWeb 4.33/20060911 found nothing
eTrust-InoculateIT 23.72.121/20060910 found nothing
eTrust-Vet 30.3.3071/20060911 found nothing
Ewido 4.0/20060911 found nothing
F-Prot 3.16f/20060911 found nothing
F-Prot4 4.2.1.29/20060911 found nothing
Fortinet 2.77.0.0/20060911 found nothing
Ikarus 0.2.65.0/20060911 found nothing
Kaspersky 4.0.2.24/20060911 found nothing
McAfee 4849/20060911 found nothing
Microsoft 1.1560/20060911 found nothing
NOD32v2 1.1749/20060911 found nothing
Norman 5.80.02/20060911 found nothing
Panda 9.0.0.4/20060911 found nothing
Sophos 4.09.0/20060911 found nothing
Symantec 8.0/20060911 found nothing
TheHacker 5.9.8.209/20060911 found nothing
UNA 1.83/20060911 found nothing
VBA32 3.11.1/20060911 found nothing
VirusBuster 4.3.7:9/20060911 found nothing

[ notes ]
packers: BINARYRES
_____________________________________________

kaspersky

Zu überprüfende Datei: WudfSvc.dll
Bekannte Viren: 222499 Updated: 11-09-2006
Größe der Datei (Kb): 53 Viren-Korpus: 0
Datei: 1 Warnungen: 0
Archive: 0 Verdächtigt: 0

Zu überprüfende Datei: regsearch.exe

Statistiken:
Bekannte Viren: 222499 Updated: 11-09-2006
Größe der Datei (Kb): 227 Viren-Korpus: 0
Datei: 1 Warnungen: 0
Archive: 0 Verdächtigt: 0

Zu überprüfende Datei: DQVCK.exe

Statistiken:
Bekannte Viren: 222499 Updated: 11-09-2006
Größe der Datei (Kb): 421 Viren-Korpus: 0
Datei: 1 Warnungen: 0
Archive: 0 Verdächtigt: 0

Zu überprüfende Datei: KWLGLMJDD.exe

Statistiken:
Bekannte Viren: 222499 Updated: 11-09-2006
Größe der Datei (Kb): 321 Viren-Korpus: 0
Datei: 1 Warnungen: 0
Archive: 0 Verdächtigt: 0

____________________________________________

dr web

File size: 420.1K
DQVCK.exe packed by BINARYRES
>DQVCK.exe - OK

File size: 320.1K
KWLGLMJDD.exe packed by BINARYRES
>KWLGLMJDD.exe - OK

File size: 226.5K
regsearch.exe packed by UPX
>regsearch.exe - OK

File size: 54272 bytes
WudfSvc.dll - OK

__________________________________________

SANDBOX

regsearch.exe : Not detected by Sandbox (Signature: NO_VIRUS)
[ General information ]
* Decompressing UPX.
* File length: 231936 bytes.
* MD5 hash: faedd080710c441b93f7178924b82702.
[ Process/window information ]
* Creates an event called .
* Modifies other process memory.


KWLGLMJDD.exe : Not detected by Sandbox (Signature: NO_VIRUS)
[ General information ]
* File length: 327763 bytes.
* MD5 hash: 62e62278c57303e456c646053e53f2e8.


DQVCK.exe : Not detected by Sandbox (Signature: NO_VIRUS)
[ General information ]
* File length: 430163 bytes.
* MD5 hash: 809010330ee37d3b9e199a4bdd4d6641.


WudfSvc.dll : Not detected by Sandbox (Signature: NO_VIRUS)
[ General information ]
* File length: 54272 bytes.
* MD5 hash: 8a92b1f02571b634f50db35a934989f6.

_____________________________________
gmer

GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-09-11 21:36:54
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.10 ----

SSDT 823EFC38 ZwConnectPort
SSDT sptd.sys ZwCreateKey
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT sptd.sys ZwOpenKey
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT sptd.sys ZwSetValueKey

---- Devices - GMER 1.0.10 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 827A5808
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 823E34A8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 827A5EB0
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 827A5EB0
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 827A5EB0
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 827A5EB0
Device \Driver\NetBT \Device\NetBT_Tcpip_{1BD71E28-3D8C-4EC8-8565-671F8865E9D5} IRP_MJ_CREATE 8245A0E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 827A50E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 827A50E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 8268DDE0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 823E90E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 823E90E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSEIRP_MJ_READ 823E90E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 823E90E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 823E90E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 823E90E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 823E90E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 823E90E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 823E90E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 823E90E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 823E90E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 823E90E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 823E90E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 823E90E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 823E90E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 823E90E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 823E90E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 823E90E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 823E90E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 823E90E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 823E90E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 823E90E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 823E90E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 823E90E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 823E90E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 823E90E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_PNP 823E90E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 8268DDE0
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE 827A50E8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CREATE 827A50E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 8245A0E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 8245A0E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 827A5A40
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_CREATE 827A5A40
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 823E5EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 823E5EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSEIRP_MJ_READ 823E5EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 823E5EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 823E5EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 823E5EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 823E5EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 823E5EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 823E5EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 823E5EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 823E5EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 823E5EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 823E5EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 823E5EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 823E5EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 823E5EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 823E5EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 823E5EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 823E5EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 823E5EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 823E5EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 823E5EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 823E5EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 823E5EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 823E5EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 823E5EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 823E5EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP_POWER 823E5EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 823E5EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 823E5EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSEIRP_MJ_READ 823E5EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 823E5EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 823E5EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 823E5EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 823E5EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 823E5EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 823E5EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 823E5EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 823E5EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 823E5EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 823E5EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 823E5EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 823E5EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 823E5EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 823E5EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 823E5EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 823E5EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 823E5EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 823E5EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 823E5EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 823E5EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 823E5EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 823E5EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 823E5EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 823E5EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP_POWER 823E5EB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE 8240D9D0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE_NAMED_PIPE 8240D9D0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLOSEIRP_MJ_READ 8240D9D0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_WRITE 8240D9D0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_INFORMATION 8240D9D0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_INFORMATION 8240D9D0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_EA 8240D9D0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 827A50E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE 8240DEB0
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 823E34A8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 82439240

---- Files - GMER 1.0.10 ----

File C:\System Volume Information\MountPointManagerRemoteDatabase
File C:\System Volume Information\tracking.log
File C:\System Volume Information\_restore{7146E9AB-1288-4533-9592-8A3F0599A86B}
File G:\System Volume Information\MountPointManagerRemoteDatabase
File G:\System Volume Information\tracking.log
File G:\System Volume Information\_restore{7146E9AB-1288-4533-9592-8A3F0599A86B}
File H:\System Volume Information\MountPointManagerRemoteDatabase
File H:\System Volume Information\tracking.log
File H:\System Volume Information\_restore{7146E9AB-1288-4533-9592-8A3F0599A86B}

---- EOF - GMER 1.0.10 ----
[/b]

#33 Avenger

Zitat

Files to delete:
C:\Dokumente und Einstellungen\sögel\Lokale Einstellungen\Temp\DQVCK.exe
C:\Dokumente und Einstellungen\sögel\Lokale Einstellungen\Temp\KWLGLMJDD.exe

dann hab ich noch mal drueber nachgedacht, der fakt, dass der Trojan.Runas.A usw, auf dem Rechner war (auf D:\) , dann noch andere malware, usw. usw...
an deiner Stelle wuerde ich alles platt machen, also alle partionen, denn alle waren/sind mehr oder weniger verseucht.
selbst wenn die scanner nicht s mehr finden, das System ist kompromitiert und nicht mehr sicher.
__________
MfG Sabina

rund um die PC-Sicherheit

#34 ich hab gehört zum formatieren soll das programm partition magic gut sein...soll ich das benutzen, wenn ja...kennst du einen guten download dafür + anleitung?

#35 mit diesen Sachen wende dich bitte ins Technik-Forum vom Protecus-Forum, denn da kenne ich mich nicht mehr so gut aus

du solltest dir jedoch ein Image anlegen, wenn der Rechner verseucht ist, brauchst du nicht zu formatieren, sondern spielst einfach das Image zurueck
http://archiv.chip.de/artikel/c1_archiv_artikel_17104889.html
es gibt mehr links fuer Image,mach dich schlau
__________
MfG Sabina

rund um die PC-Sicherheit