| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: 50 eur VirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
02.03.2012, 20:21
| #1 |
 |  50 eur Virus Mich hat der AKM virus (sieht aus wie der BKA) erwischt. Wenn ich den computer normal einschalte blockiert es alles und zeigt das fenster wo steht das der computer gesperrt worden ist und man 50 eur zahlen muss. Wenn ich windows in safe mode mit netzwerk starte kommt die meldung ebenfalls und bei safe mode ohne netzwerk ist der hintergrund weiss und es steht "Please wait while the connection is being established. Bitte warten sie während die verbindung hergestellt wird" (was normalerweise passiert bevor die 50eur meldung kommt). Machen kann ich dann nichts Wäre sehr sehr dankbar für hilfe. Ich verwende windows 7 - 32 bit und firefox. Geändert von DasInternet (02.03.2012 um 21:16 Uhr) |
|
02.03.2012, 22:05
| #2 |
| | 50 eur Virus Aus diesem thread http://www.trojaner-board.de/110730-...kverleger.html mit dem gleichen problem habe ich OTLPENet auf eine CD gebrannt falls ich diese auch brauche. Gestartet habe ich sie im infizierten computer noch nicht sondern warte auf anweisungen.
__________________ |
|
03.03.2012, 12:16
| #3 |
| /// Malware-holic   | 50 eur Virus hi, kannst du die otl cd mal starten und den bericht posten?
__________________
__________________ |
|
03.03.2012, 12:57
| #4 |
| | 50 eur Virus Die CD scheint nicht zu funktionieren, vielleicht wurde sie aber auch falsch gebrannt. Das kann ich leider erst in ein paar stunden auf einem zweiten PC mit laufwerk nachschauen. Ich könnte inzwischen combofix auf einem USB probieren wie hier: http://www.trojaner-board.de/110789-...geht-mehr.html Machen werde ichs natürlich nicht ohne anweisungen |
|
03.03.2012, 14:16
| #5 |
| /// Malware-holic | 50 eur Virus ja, kannst du versuchen :-)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.03.2012, 14:34
| #6 |
| | 50 eur Virus Ich hatte es inzwischen geschafft die CD neu zu brennen (war vorher defekt). Ich bin jetzt im REATOGO desktop, wenn ich aber OTLPE vom desktop öffne kommt "browse for folder". Scheint als ob OTLPE nicht installiert ist. Wenn ich ihn runterlade bekomme ich die meldung "this application has failed to start because framedyn.dll was not found. Re-installing the application may fix this problem" edit: ich führe jetzt combofix mit USB im abgesicherten modus mit eingabeaufforderung durch. Geändert von DasInternet (03.03.2012 um 15:11 Uhr) |
|
03.03.2012, 15:37
| #7 |
| | 50 eur Virus Habe erfolgreich combofix vom USB laufen lassen und jetzt startet der PC wieder! Combofix Logfile: Code:
ATTFilter ComboFix 12-03-02.01 - tom 03.03.2012 15:10:50.1.2 - x86 MINIMAL
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.43.1033.18.3069.2100 [GMT 1:00]
ausgeführt von:: h:\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\tom\AppData\Roaming\h6s5ruij653.exe
c:\windows\security\Database\tmp.edb
c:\windows\system32\oobe\audit.exe
c:\windows\system32\oobe\msoobe.exe
c:\windows\system32\oobe\oobeldr.exe
c:\windows\system32\oobe\Setup.exe
c:\windows\system32\oobe\setupsqm.exe
c:\windows\system32\oobe\windeploy.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-03 bis 2012-03-03 ))))))))))))))))))))))))))))))
.
.
2012-03-03 14:18 . 2012-03-03 14:19 -------- d-----w- c:\users\tom\AppData\Local\temp
2012-03-03 14:18 . 2012-03-03 14:18 -------- d-----w- c:\users\postgres\AppData\Local\temp
2012-03-02 12:34 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D258ABEC-745A-46FA-A741-FFCADCA8B0F3}\mpengine.dll
2012-02-24 15:47 . 2012-02-24 15:47 -------- d-----w- c:\users\tom\AppData\Roaming\TuneUp Software
2012-02-24 15:46 . 2012-02-24 15:47 -------- d-----w- c:\programdata\TuneUp Software
2012-02-24 15:45 . 2012-02-24 15:45 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-02-24 11:11 . 2012-02-24 11:11 -------- d-----w- c:\users\tom\AppData\Roaming\pdfforge
2012-02-24 11:11 . 2001-10-28 16:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2012-02-24 11:11 . 1998-06-24 00:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2012-02-24 11:11 . 1998-07-06 17:55 158208 ----a-w- c:\windows\system32\MSCMCDE.DLL
2012-02-24 11:11 . 1998-07-06 17:55 64512 ----a-w- c:\windows\system32\MSCC2DE.DLL
2012-02-24 11:11 . 1998-07-06 00:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2012-02-24 11:11 . 2012-02-24 11:11 -------- d-----w- c:\program files\PDFCreator
2012-02-23 20:25 . 2012-02-23 20:25 -------- d-----w- c:\users\tom\AppData\Roaming\Malwarebytes
2012-02-23 20:24 . 2012-02-23 20:24 -------- d-----w- c:\programdata\Malwarebytes
2012-02-23 20:24 . 2012-02-23 20:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-23 20:24 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-22 22:18 . 2012-02-22 22:18 -------- d-----w- c:\program files\ESET
2012-02-21 20:48 . 2012-02-23 22:19 -------- d-----w- c:\users\tom\AppData\Roaming\FileZilla
2012-02-21 20:48 . 2012-02-21 20:49 -------- d-----w- c:\program files\FileZilla FTP Client
2012-02-16 17:38 . 2012-02-16 17:38 -------- d-----w- c:\windows\system32\Adobe
2012-02-15 22:17 . 2012-02-15 22:17 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-02-15 22:17 . 2012-02-15 22:17 -------- d--h--r- c:\users\tom\AppData\Roaming\SecuROM
2012-02-15 22:15 . 2012-02-15 22:15 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-02-15 22:12 . 2012-02-23 20:38 -------- d-----w- c:\users\tom\AppData\Roaming\Weuw
2012-02-15 22:12 . 2012-02-23 18:01 -------- d-----w- c:\users\tom\AppData\Roaming\Nyv
2012-02-15 21:56 . 2012-02-15 21:56 -------- d-----w- c:\users\tom\AppData\Roaming\Pogo
2012-02-15 21:56 . 2012-02-15 21:56 -------- d-----w- c:\programdata\Pogo
2012-02-06 14:51 . 2012-02-06 14:51 -------- d-----w- c:\programdata\ALM
2012-02-06 13:41 . 2012-02-19 19:38 -------- d-----w- c:\users\tom\AppData\Local\SugarSync
2012-02-06 13:41 . 2012-02-06 13:42 -------- d-----w- c:\program files\SugarSync
2012-02-06 13:02 . 2012-02-13 12:05 -------- d-----w- c:\users\tom\AppData\Local\Thunderbird
2012-02-06 13:02 . 2012-02-06 13:02 -------- d-----w- c:\users\tom\AppData\Roaming\Thunderbird
2012-02-06 13:02 . 2012-02-18 22:42 -------- d-----w- c:\program files\Mozilla Thunderbird
2012-02-05 23:23 . 2012-02-17 12:30 -------- d-----w- c:\program files\Microsoft Silverlight
2012-02-05 16:13 . 2012-02-05 16:13 -------- d-----w- c:\users\tom\AppData\Roaming\Nokia Suite
2012-02-05 16:08 . 2012-02-05 16:08 -------- d-----w- c:\program files\PC Connectivity Solution
2012-02-04 21:45 . 2012-02-04 21:45 -------- d-----w- c:\users\tom\AppData\Roaming\WTablet
2012-02-04 21:45 . 2011-09-08 16:48 1107832 ----a-w- c:\windows\system32\Pen_Touch_Tablet.dll
2012-02-04 21:44 . 2011-09-08 16:49 10752 ----a-w- c:\windows\system32\drivers\wacmoumonitor.sys
2012-02-04 21:44 . 2011-09-08 16:49 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
2012-02-04 21:44 . 2011-09-08 16:49 14120 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
2012-02-04 21:44 . 2011-09-08 16:48 1156472 ----a-w- c:\windows\system32\Wintab32.dll
2012-02-04 21:44 . 2011-09-08 16:48 1152888 ----a-w- c:\windows\system32\WacomMT.dll
2012-02-04 21:44 . 2011-09-08 16:48 1369464 ----a-w- c:\windows\system32\Pen_Tablet.dll
2012-02-04 21:44 . 2012-02-04 21:45 -------- d-----w- c:\program files\Tablet
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-17 12:33 . 2011-05-23 18:44 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-29 04:10 . 2011-04-29 20:25 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-12-28 21:58 . 2011-06-23 10:44 409088 ----a-w- c:\windows\system32\systemcpl.dll
2011-12-28 21:58 . 2011-06-23 10:44 13824 ----a-w- c:\windows\system32\slwga.dll
2011-12-28 21:58 . 2011-06-23 10:45 811520 ----a-w- c:\windows\system32\user32.dll
2012-02-18 13:29 . 2011-04-29 20:19 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-12-28 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-02-03 18:47 365648 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-02-03 18:47 365648 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-02-03 18:47 365648 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-02-03 18:47 365648 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"SugarSync"="c:\program files\SugarSync\SugarSyncManager.exe" [2012-02-03 9401424]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-21 458844]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-13 1541416]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"MMReminderService"="d:\programs\MM\MMReminderService.exe" [2011-09-14 37728]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bitmeter2.lnk - c:\program files\Codebox\BitMeter\BitMeter2.exe [2011-4-17 1462272]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^tom^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 02:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2009-11-24 09:07 323640 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 15:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 08:27 17351304 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-11-29 13:19 1242448 ----a-w- d:\games\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2011-08-25 11:13 2816328 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\VeohWebPlayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid]
2011-01-17 19:41 8192 ----a-w- c:\program files\Xvid\CheckUpdate.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"RemoTerm.exe"=c:\program files\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\aestsrv.exe [2009-03-01 81920]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
R2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files\Giraffic\Veoh_GirafficWatchdog.exe [2012-01-22 2230416]
R2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-07-16 26168]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files/PostgreSQL/8.4/data -w [x]
R2 Remote Solver for Flow Simulation 2011;Remote Solver for Flow Simulation 2011;d:\programs\Solidworks\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [2010-12-01 89864]
R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
R2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-08 5554552]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-08 451960]
R3 azvusb;Virtual USB Hub;c:\windows\system32\DRIVERS\azvusb.sys [2009-08-24 44544]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;d:\programs\Solidworks\SolidWorks\swScheduler\DTSCoordinatorService.exe [2011-01-08 87336]
R3 GPWADrv;Service for L6 GuitarPort Driver (WDM);c:\windows\system32\Drivers\GPWADrv.sys [2010-03-09 571264]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-20 116136]
R3 Ltn_stk7070P;PCTV based TV tuner device;c:\windows\system32\DRIVERS\Ltn_stk7070P.sys [2007-10-19 466048]
R3 Ltn_stkrc;PCTV Infrared Receiver;c:\windows\system32\DRIVERS\Ltn_stkrc.sys [2007-10-19 13440]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-11-01 137600]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2011-11-01 8576]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2011-09-08 10752]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-28 1343400]
R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-02-15 242240]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{90EF4A5E-85DB-4825-96F5-1AB93C2A8EEB}]
2011-09-14 10:52 1409 ----a-r- d:\programs\MM\sys\MmInternetExplorerActiveSetup.vbs
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE:
IE: An OneNote s&enden - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Send Image To MindManager - d:\programs\MM\Mm8InternetExplorer.dll/201
IE: Send Link To MindManager - d:\programs\MM\Mm8InternetExplorer.dll/203
IE: Send Page To MindManager - d:\programs\MM\Mm8InternetExplorer.dll/204
IE: Send Text To MindManager - d:\programs\MM\Mm8InternetExplorer.dll/202
Trusted Zone: line6.net
TCP: DhcpNameServer = 212.186.211.21 195.34.133.21
FF - ProfilePath - c:\users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\tyv65err.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-AdobeBridge - (no file)
HKCU-Run-VX2bt1oYNKCLnkO - c:\users\tom\AppData\Roaming\h6s5ruij653.exe
MSConfigStartUp-NokiaOviSuite2 - c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
MSConfigStartUp-Raptr - c:\progra~1\Raptr\raptrstub.exe
MSConfigStartUp-WinampAgent - d:\programs\Winamp\winampa.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-434657249-1887988469-1959241683-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f3,c0,99,65,f0,0f,a4,ea,a8,98,c6,3b,05,cf,23,3b,ab,2e,ab,8a,f7,d8,82,
13,9e,40,6a,eb,96,3b,6b,c0,b9,cf,c7,c9,81,eb,ca,7b,fc,32,a3,1f,77,ce,15,2d,\
"??"=hex:02,2d,d3,da,8d,10,e2,c7,ba,eb,66,3d,90,fe,af,1d
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-03-03 15:20:26
ComboFix-quarantined-files.txt 2012-03-03 14:20
.
Vor Suchlauf: 83.341.197.312 bytes free
Nach Suchlauf: 86.125.178.880 bytes free
.
- - End Of File - - 19953908434A3F6F75AF11AB0650AC31
|
|
03.03.2012, 15:41
| #8 |
| /// Malware-holic | 50 eur Virus öffne computer c: qoobox rechtsklick quarantain, mit winrar oder anderem pack programm packen und hochladen: Trojaner-Board Upload Channel
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.03.2012, 15:47
| #9 |
| | 50 eur Virus Ich bin mir nicht sicher wie ich es in quarantäne gebe. Bei rechts click auf den ordner sehe ich keine möglichkeit es zu machen. |
|
03.03.2012, 16:14
| #10 |
| /// Malware-holic | 50 eur Virus dann senden an, zip komprimierter ordner
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.03.2012, 16:21
| #11 |
| | 50 eur Virus Wurde als Zip hochgeladen |
|
03.03.2012, 16:23
| #12 |
| /// Malware-holic | 50 eur Virus danke. öffne malwarebytes, poste alle bisher erstellten berichte
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.03.2012, 16:34
| #13 |
| | 50 eur Virus Unter "logs" gibt es ansonsten eigentlich nur diese Code:
ATTFilter Malwarebytes Anti-Malware (Trial) 1.60.1.1000 www.malwarebytes.org Database version: v2012.02.23.03 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 tom :: TOM-LAPTOP [administrator] Protection: Enabled 23.02.2012 21:44:06 mbam-log-2012-02-23 (21-44-06).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 431989 Time elapsed: 1 hour(s), 57 minute(s), 21 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) |
|
03.03.2012, 16:38
| #14 |
| /// Malware-holic | 50 eur Virus gibt es noch weitere logs?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.03.2012, 16:53
| #15 |
| | 50 eur Virus Diese sind wahrscheinlich doch wichtig, ich dachte es steht bei allem nur das sich malwarebyte eingeschlatet hat aber bei anderen steht doch mehr. Es gibt von jedem tag die hier: Code:
ATTFilter 2012/02/23 21:26:28 +0100 TOM-LAPTOP tom MESSAGE Starting protection
2012/02/23 21:26:31 +0100 TOM-LAPTOP tom MESSAGE Protection started successfully
2012/02/23 21:26:33 +0100 TOM-LAPTOP tom MESSAGE Executing scheduled update: Daily
2012/02/23 21:26:34 +0100 TOM-LAPTOP tom MESSAGE Starting IP protection
2012/02/23 21:26:35 +0100 TOM-LAPTOP tom MESSAGE Database already up-to-date
2012/02/23 21:26:36 +0100 TOM-LAPTOP tom MESSAGE IP Protection started successfully
2012/02/23 21:41:14 +0100 TOM-LAPTOP tom MESSAGE Starting protection
2012/02/23 21:41:17 +0100 TOM-LAPTOP tom MESSAGE Protection started successfully
2012/02/23 21:41:20 +0100 TOM-LAPTOP tom MESSAGE Starting IP protection
2012/02/23 21:41:22 +0100 TOM-LAPTOP tom MESSAGE IP Protection started successfully
2012/02/23 21:42:42 +0100 TOM-LAPTOP tom IP-BLOCK 213.182.204.17 (Type: outgoing, Port: 60421, Process: skype.exe)
2012/02/23 21:42:42 +0100 TOM-LAPTOP tom IP-BLOCK 213.182.204.17 (Type: outgoing, Port: 60421, Process: skype.exe)
2012/02/23 21:42:50 +0100 TOM-LAPTOP tom IP-BLOCK 213.182.204.17 (Type: outgoing, Port: 60421, Process: skype.exe)
2012/02/23 22:36:15 +0100 TOM-LAPTOP tom IP-BLOCK 213.182.204.17 (Type: outgoing, Port: 60421, Process: skype.exe)
2012/02/23 22:36:24 +0100 TOM-LAPTOP tom IP-BLOCK 213.182.204.17 (Type: outgoing, Port: 60421, Process: skype.exe)
2012/02/23 22:36:24 +0100 TOM-LAPTOP tom IP-BLOCK 213.182.204.17 (Type: outgoing, Port: 60421, Process: skype.exe)
Code:
ATTFilter 2012/02/24 03:36:11 +0100 TOM-LAPTOP tom IP-BLOCK 109.236.82.41 (Type: outgoing, Port: 54074, Process: firefox.exe)
2012/02/24 03:36:11 +0100 TOM-LAPTOP tom IP-BLOCK 109.236.82.41 (Type: outgoing, Port: 54076, Process: firefox.exe)
2012/02/24 03:36:19 +0100 TOM-LAPTOP tom IP-BLOCK 109.236.82.41 (Type: outgoing, Port: 54077, Process: firefox.exe)
2012/02/24 03:36:27 +0100 TOM-LAPTOP tom IP-BLOCK 109.236.82.41 (Type: outgoing, Port: 54082, Process: firefox.exe)
2012/02/24 11:12:45 +0100 TOM-LAPTOP tom IP-BLOCK 109.236.82.41 (Type: outgoing, Port: 55123, Process: firefox.exe)
2012/02/24 11:13:01 +0100 TOM-LAPTOP tom IP-BLOCK 109.236.82.41 (Type: outgoing, Port: 55133, Process: firefox.exe)
2012/02/24 21:15:41 +0100 TOM-LAPTOP tom IP-BLOCK 213.182.204.17 (Type: outgoing, Port: 60421, Process: skype.exe)
2012/02/24 21:15:49 +0100 TOM-LAPTOP tom IP-BLOCK 213.182.204.17 (Type: outgoing, Port: 60421, Process: skype.exe)
2012/02/24 21:15:49 +0100 TOM-LAPTOP tom IP-BLOCK 213.182.204.17 (Type: outgoing, Port: 60421, Process: skype.exe)
2012/02/24 22:21:46 +0100 TOM-LAPTOP tom IP-BLOCK 193.107.16.78 (Type: outgoing, Port: 63681, Process: firefox.exe)
2012/02/24 22:22:27 +0100 TOM-LAPTOP tom IP-BLOCK 193.107.16.78 (Type: outgoing, Port: 63918, Process: firefox.exe)
2012/02/24 22:25:33 +0100 TOM-LAPTOP tom IP-BLOCK 109.236.82.41 (Type: outgoing, Port: 64285, Process: firefox.exe)
2012/02/24 22:26:53 +0100 TOM-LAPTOP tom IP-BLOCK 109.236.82.41 (Type: outgoing, Port: 64307, Process: firefox.exe)
Code:
ATTFilter 2012/02/25 02:35:18 +0100 TOM-LAPTOP tom IP-BLOCK 213.182.204.17 (Type: outgoing, Port: 60421, Process: skype.exe)
2012/02/25 02:35:19 +0100 TOM-LAPTOP tom IP-BLOCK 213.182.204.17 (Type: outgoing, Port: 60421, Process: skype.exe)
2012/02/25 02:35:27 +0100 TOM-LAPTOP tom IP-BLOCK 213.182.204.17 (Type: outgoing, Port: 60421, Process: skype.exe)
2012/02/25 03:45:55 +0100 TOM-LAPTOP tom IP-BLOCK 109.236.82.41 (Type: outgoing, Port: 49375, Process: firefox.exe)
2012/02/25 03:46:19 +0100 TOM-LAPTOP tom IP-BLOCK 109.236.82.41 (Type: outgoing, Port: 49382, Process: firefox.exe)
2012/02/25 03:48:51 +0100 TOM-LAPTOP tom IP-BLOCK 195.68.160.170 (Type: outgoing, Port: 49584, Process: firefox.exe)
2012/02/25 03:48:51 +0100 TOM-LAPTOP tom IP-BLOCK 195.68.160.218 (Type: outgoing, Port: 49585, Process: firefox.exe)
2012/02/25 03:49:15 +0100 TOM-LAPTOP tom IP-BLOCK 195.68.160.170 (Type: outgoing, Port: 49629, Process: firefox.exe)
2012/02/25 03:49:15 +0100 TOM-LAPTOP tom IP-BLOCK 195.68.160.218 (Type: outgoing, Port: 49630, Process: firefox.exe)
Code:
ATTFilter 2012/02/27 10:38:30 +0100 TOM-LAPTOP tom IP-BLOCK 85.234.173.133 (Type: outgoing, Port: 60421, Process: skype.exe)
2012/02/27 10:38:30 +0100 TOM-LAPTOP tom IP-BLOCK 85.234.173.133 (Type: outgoing, Port: 60421, Process: skype.exe)
2012/02/27 12:46:31 +0100 TOM-LAPTOP tom IP-BLOCK 195.3.147.99 (Type: outgoing, Port: 52773, Process: firefox.exe)
2012/02/27 12:46:31 +0100 TOM-LAPTOP tom IP-BLOCK 193.105.134.194 (Type: outgoing, Port: 52774, Process: firefox.exe)
2012/02/27 12:46:31 +0100 TOM-LAPTOP tom IP-BLOCK 109.163.227.73 (Type: outgoing, Port: 52783, Process: firefox.exe)
2012/02/27 12:46:31 +0100 TOM-LAPTOP tom IP-BLOCK 109.163.227.73 (Type: outgoing, Port: 52785, Process: firefox.exe)
2012/02/27 12:46:31 +0100 TOM-LAPTOP tom IP-BLOCK 193.105.134.194 (Type: outgoing, Port: 52786, Process: firefox.exe)
2012/02/27 12:47:51 +0100 TOM-LAPTOP tom IP-BLOCK 195.3.147.99 (Type: outgoing, Port: 52874, Process: firefox.exe)
2012/02/27 13:02:34 +0100 TOM-LAPTOP tom IP-BLOCK 195.3.147.99 (Type: outgoing, Port: 53548, Process: firefox.exe)
2012/02/27 13:15:08 +0100 TOM-LAPTOP tom IP-BLOCK 193.105.134.194 (Type: outgoing, Port: 53788, Process: firefox.exe)
2012/02/27 15:47:46 +0100 TOM-LAPTOP tom IP-BLOCK 213.182.204.17 (Type: outgoing, Port: 60421, Process: skype.exe)
2012/02/27 15:47:46 +0100 TOM-LAPTOP tom IP-BLOCK 213.182.204.17 (Type: outgoing, Port: 60421, Process: skype.exe)
2012/02/27 15:47:54 +0100 TOM-LAPTOP tom IP-BLOCK 213.182.204.17 (Type: outgoing, Port: 60421, Process: skype.exe)
2012/02/27 16:17:19 +0100 TOM-LAPTOP tom IP-BLOCK 83.133.125.36 (Type: outgoing, Port: 57562, Process: firefox.exe)
2012/02/27 16:33:53 +0100 TOM-LAPTOP tom IP-BLOCK 66.96.219.101 (Type: outgoing, Port: 58261, Process: firefox.exe)
2012/02/27 16:33:53 +0100 TOM-LAPTOP tom IP-BLOCK 66.96.219.101 (Type: outgoing, Port: 58288, Process: firefox.exe)
2012/02/27 16:33:53 +0100 TOM-LAPTOP tom IP-BLOCK 66.96.219.101 (Type: outgoing, Port: 58289, Process: firefox.exe)
Code:
ATTFilter 2012/02/28 14:39:54 +0100 TOM-LAPTOP tom IP-BLOCK 91.203.146.110 (Type: outgoing, Port: 51216, Process: firefox.exe)
2012/02/28 14:39:54 +0100 TOM-LAPTOP tom IP-BLOCK 91.203.146.110 (Type: outgoing, Port: 51217, Process: firefox.exe)
2012/02/28 14:40:03 +0100 TOM-LAPTOP tom MESSAGE Stopping IP protection
2012/02/28 14:42:29 +0100 TOM-LAPTOP tom MESSAGE IP Protection stopped
2012/02/28 19:54:42 +0100 TOM-LAPTOP tom MESSAGE Starting protection
2012/02/28 19:54:45 +0100 TOM-LAPTOP tom MESSAGE Protection started successfully
2012/02/28 19:54:48 +0100 TOM-LAPTOP tom MESSAGE Starting IP protection
2012/02/28 19:54:49 +0100 TOM-LAPTOP tom MESSAGE IP Protection started successfully
2012/02/28 20:36:14 +0100 TOM-LAPTOP tom MESSAGE Starting protection
2012/02/28 20:36:17 +0100 TOM-LAPTOP tom MESSAGE Protection started successfully
2012/02/28 20:36:20 +0100 TOM-LAPTOP tom MESSAGE Starting IP protection
2012/02/28 20:36:21 +0100 TOM-LAPTOP tom MESSAGE IP Protection started successfully
Code:
ATTFilter 2012/02/29 10:54:14 +0100 TOM-LAPTOP tom IP-BLOCK 77.78.233.246 (Type: outgoing, Port: 60421, Process: skype.exe)
2012/02/29 10:54:14 +0100 TOM-LAPTOP tom IP-BLOCK 77.78.233.246 (Type: outgoing, Port: 60421, Process: skype.exe)
2012/02/29 10:54:22 +0100 TOM-LAPTOP tom IP-BLOCK 77.78.233.246 (Type: outgoing, Port: 60421, Process: skype.exe)
2012/02/29 11:05:23 +0100 TOM-LAPTOP tom IP-BLOCK 109.236.82.41 (Type: outgoing, Port: 54461, Process: firefox.exe)
2012/02/29 11:05:23 +0100 TOM-LAPTOP tom IP-BLOCK 109.236.82.41 (Type: outgoing, Port: 54462, Process: firefox.exe)
2012/02/29 11:05:23 +0100 TOM-LAPTOP tom IP-BLOCK 109.236.82.41 (Type: outgoing, Port: 54463, Process: firefox.exe)
2012/02/29 11:05:23 +0100 TOM-LAPTOP tom IP-BLOCK 109.236.81.227 (Type: outgoing, Port: 54467, Process: firefox.exe)
2012/02/29 11:05:23 +0100 TOM-LAPTOP tom IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 54468, Process: firefox.exe)
2012/02/29 11:05:23 +0100 TOM-LAPTOP tom IP-BLOCK 109.236.81.227 (Type: outgoing, Port: 54470, Process: firefox.exe)
2012/02/29 11:05:23 +0100 TOM-LAPTOP tom IP-BLOCK 109.236.81.227 (Type: outgoing, Port: 54471, Process: firefox.exe)
2012/02/29 11:05:23 +0100 TOM-LAPTOP tom IP-BLOCK 109.236.81.227 (Type: outgoing, Port: 54472, Process: firefox.exe)
2012/02/29 11:05:23 +0100 TOM-LAPTOP tom IP-BLOCK 109.236.81.227 (Type: outgoing, Port: 54474, Process: firefox.exe)
2012/02/29 11:05:23 +0100 TOM-LAPTOP tom IP-BLOCK 109.236.81.227 (Type: outgoing, Port: 54475, Process: firefox.exe)
2012/02/29 11:05:23 +0100 TOM-LAPTOP tom IP-BLOCK 109.236.81.227 (Type: outgoing, Port: 54478, Process: firefox.exe)
2012/02/29 11:05:23 +0100 TOM-LAPTOP tom IP-BLOCK 109.236.81.227 (Type: outgoing, Port: 54479, Process: firefox.exe)
2012/02/29 11:05:23 +0100 TOM-LAPTOP tom IP-BLOCK 109.236.81.227 (Type: outgoing, Port: 54480, Process: firefox.exe)
2012/02/29 11:05:23 +0100 TOM-LAPTOP tom IP-BLOCK 109.236.81.227 (Type: outgoing, Port: 54481, Process: firefox.exe)
2012/02/29 11:05:23 +0100 TOM-LAPTOP tom IP-BLOCK 109.236.81.227 (Type: outgoing, Port: 54482, Process: firefox.exe)
2012/02/29 11:05:23 +0100 TOM-LAPTOP tom IP-BLOCK 109.236.81.227 (Type: outgoing, Port: 54483, Process: firefox.exe)
2012/02/29 11:05:23 +0100 TOM-LAPTOP tom IP-BLOCK 109.236.81.227 (Type: outgoing, Port: 54484, Process: firefox.exe)
2012/02/29 11:05:23 +0100 TOM-LAPTOP tom IP-BLOCK 109.236.81.227 (Type: outgoing, Port: 54485, Process: firefox.exe)
2012/02/29 11:05:23 +0100 TOM-LAPTOP tom IP-BLOCK 109.236.81.227 (Type: outgoing, Port: 54486, Process: firefox.exe)
2012/02/29 16:29:20 +0100 TOM-LAPTOP tom IP-BLOCK 193.105.134.194 (Type: outgoing, Port: 58351, Process: firefox.exe)
2012/02/29 16:29:20 +0100 TOM-LAPTOP tom IP-BLOCK 195.3.147.99 (Type: outgoing, Port: 58353, Process: firefox.exe)
2012/02/29 16:47:56 +0100 TOM-LAPTOP tom IP-BLOCK 77.78.233.246 (Type: outgoing, Port: 60421, Process: skype.exe)
2012/02/29 16:47:56 +0100 TOM-LAPTOP tom IP-BLOCK 77.78.233.246 (Type: outgoing, Port: 60421, Process: skype.exe)
2012/02/29 16:59:27 +0100 TOM-LAPTOP tom IP-BLOCK 109.163.227.73 (Type: outgoing, Port: 58522, Process: firefox.exe)
2012/02/29 17:01:50 +0100 TOM-LAPTOP tom MESSAGE Stopping IP protection
2012/02/29 17:04:57 +0100 TOM-LAPTOP tom MESSAGE IP Protection stopped
Code:
ATTFilter 2012/03/01 08:21:45 +0100 TOM-LAPTOP tom MESSAGE Executing scheduled update: Daily
2012/03/01 08:21:53 +0100 TOM-LAPTOP tom MESSAGE Starting database refresh
2012/03/01 08:21:53 +0100 TOM-LAPTOP tom MESSAGE Scheduled update executed successfully: database updated from version v2012.02.23.03 to version v2012.03.01.01
2012/03/01 08:22:28 +0100 TOM-LAPTOP tom MESSAGE Database refreshed successfully
2012/03/01 21:37:31 +0100 TOM-LAPTOP tom MESSAGE Starting protection
2012/03/01 21:37:33 +0100 TOM-LAPTOP tom MESSAGE Protection started successfully
2012/03/01 21:37:36 +0100 TOM-LAPTOP tom MESSAGE Starting IP protection
2012/03/01 21:37:38 +0100 TOM-LAPTOP tom MESSAGE IP Protection started successfully
Code:
ATTFilter 2012/03/02 01:17:35 +0100 TOM-LAPTOP tom IP-BLOCK 85.92.159.84 (Type: outgoing, Port: 53526, Process: firefox.exe)
2012/03/02 01:17:35 +0100 TOM-LAPTOP tom IP-BLOCK 85.92.159.84 (Type: outgoing, Port: 53527, Process: firefox.exe)
2012/03/02 01:17:43 +0100 TOM-LAPTOP tom MESSAGE Stopping IP protection
2012/03/02 01:20:32 +0100 TOM-LAPTOP tom MESSAGE IP Protection stopped
2012/03/02 08:13:20 +0100 TOM-LAPTOP tom MESSAGE Executing scheduled update: Daily
2012/03/02 08:13:31 +0100 TOM-LAPTOP tom MESSAGE Scheduled update executed successfully: database updated from version v2012.03.01.01 to version v2012.03.02.01
2012/03/02 09:52:58 +0100 TOM-LAPTOP tom MESSAGE Starting database refresh
2012/03/02 09:53:08 +0100 TOM-LAPTOP tom MESSAGE Database refreshed successfully
2012/03/02 19:57:38 +0100 TOM-LAPTOP tom DETECTION C:\Users\tom\AppData\Local\Temp\0.22678263742227645g8j8.exe Trojan.VUPX.CESI1 ALLOW
2012/03/02 19:57:39 +0100 TOM-LAPTOP tom DETECTION C:\Users\tom\AppData\Local\Temp\0.22678263742227645g8j8.exe Trojan.VUPX.CESI1 ALLOW
Code:
ATTFilter 2012/03/03 15:25:46 +0100 TOM-LAPTOP tom MESSAGE Starting protection
2012/03/03 15:25:49 +0100 TOM-LAPTOP tom MESSAGE Executing scheduled update: Daily
2012/03/03 15:25:49 +0100 TOM-LAPTOP tom MESSAGE Protection started successfully
2012/03/03 15:25:52 +0100 TOM-LAPTOP tom MESSAGE Starting IP protection
2012/03/03 15:25:54 +0100 TOM-LAPTOP tom MESSAGE IP Protection started successfully
2012/03/03 15:26:02 +0100 TOM-LAPTOP tom MESSAGE Starting database refresh
2012/03/03 15:26:02 +0100 TOM-LAPTOP tom MESSAGE Scheduled update executed successfully: database updated from version v2012.03.02.01 to version v2012.03.03.05
2012/03/03 15:26:02 +0100 TOM-LAPTOP tom MESSAGE Stopping IP protection
2012/03/03 15:28:21 +0100 TOM-LAPTOP tom MESSAGE IP Protection stopped
2012/03/03 15:28:23 +0100 TOM-LAPTOP tom MESSAGE Database refreshed successfully
2012/03/03 15:28:23 +0100 TOM-LAPTOP tom MESSAGE Starting IP protection
2012/03/03 15:28:25 +0100 TOM-LAPTOP tom MESSAGE IP Protection started successfully
|
|
| Themen zu 50 eur Virus |
| 32 bit, akm virus, bitte warten, bitte warten sie während die verbindung hergestellt wird, blockiert, compu, computer, dankbar, fenster, firefox, please wait, virus, windows, windows 7, zahlen |
Hybrid-Darstellung
