Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Security Shield auf dem Rechner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 24.07.2012, 16:11   #1
murphy-mops
 
Security Shield auf dem Rechner - Standard

Security Shield auf dem Rechner



Hallo!
Ich habe mir Security Shield eingefangen.
Wie oben angegeben habe ich Malwarebytes Antimalware runtergeladen und ausgeführt.

Folgende Logs habe ich:
mbam-log
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.24.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
server :: MSGCBIZU1 [limitiert]

Schutz: Aktiviert

24.07.2012 13:09:19
mbam-log-2012-07-24 (13-09-19).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 354212
Laufzeit: 1 Stunde(n), 1 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 7
C:\Users\server\AppData\Local\whjxc.exe (Trojan.LameShield) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\server\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3ER8OGL\soft3[1].exe (RootKit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\server\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YGYF2AZE\soft4[1].exe (Trojan.LameShield) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{17d591ea-5889-c138-cd19-034d4eb76928}\U\800000cb.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\server\2gweorjqjutp92vjy9gake (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\server\AppData\Roaming\Adobe\shed\thr1.chm (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\server\AppData\Roaming\Adobe\plugs\mmc26304545.txt (Trojan.Agent.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

protection-log
Code:
ATTFilter
2012/07/24 13:06:29 +0200	MSGCBIZU1	server	MESSAGE	Starting protection
2012/07/24 13:06:31 +0200	MSGCBIZU1	server	MESSAGE	Protection started successfully
2012/07/24 13:06:34 +0200	MSGCBIZU1	server	MESSAGE	Starting IP protection
2012/07/24 13:06:35 +0200	MSGCBIZU1	server	MESSAGE	IP Protection started successfully
2012/07/24 13:06:43 +0200	MSGCBIZU1	server	MESSAGE	Starting database refresh
2012/07/24 13:06:43 +0200	MSGCBIZU1	server	MESSAGE	Stopping IP protection
2012/07/24 13:08:01 +0200	MSGCBIZU1	server	MESSAGE	IP Protection stopped
2012/07/24 13:08:03 +0200	MSGCBIZU1	server	MESSAGE	Database refreshed successfully
2012/07/24 13:08:03 +0200	MSGCBIZU1	server	MESSAGE	Starting IP protection
2012/07/24 13:08:04 +0200	MSGCBIZU1	server	MESSAGE	IP Protection started successfully
2012/07/24 13:09:16 +0200	MSGCBIZU1	server	DETECTION	C:\Windows\Installer\{17d591ea-5889-c138-cd19-034d4eb76928}\U\800000cb.@	Rootkit.0Access	QUARANTINE
2012/07/24 13:09:40 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:10:12 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:10:20 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:10:28 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:10:44 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:11:01 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:11:17 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:11:26 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:11:42 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:11:42 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:11:58 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:12:07 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:13:23 +0200	MSGCBIZU1	server	DETECTION	C:\Windows\Installer\{17d591ea-5889-c138-cd19-034d4eb76928}\U\800000cb.@	Rootkit.0Access	DENY
2012/07/24 13:14:55 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:15:12 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:16:00 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:16:16 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:17:45 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:18:09 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:18:25 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:18:33 +0200	MSGCBIZU1	server	IP-BLOCK	77.78.225.4 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:19:22 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:19:38 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:22:27 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:22:59 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:23:07 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:23:23 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:23:40 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:24:12 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:24:12 +0200	MSGCBIZU1	server	IP-BLOCK	83.128.58.86 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:24:20 +0200	MSGCBIZU1	server	IP-BLOCK	83.128.58.86 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:24:52 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:25:17 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:25:41 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:26:05 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:26:13 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:26:37 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:27:01 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:27:26 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:27:50 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:30:30 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:31:03 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:31:11 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:31:35 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:31:51 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:32:07 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:32:24 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:32:32 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:32:48 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:32:56 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:33:52 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:34:01 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:34:57 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:36:10 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:36:18 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:37:06 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:37:23 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:37:31 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:37:47 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:38:03 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:38:11 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:38:27 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:38:44 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:38:44 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:38:52 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:39:32 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:39:40 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:39:40 +0200	MSGCBIZU1	server	IP-BLOCK	77.78.225.4 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:39:56 +0200	MSGCBIZU1	server	IP-BLOCK	77.78.225.4 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:40:28 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:40:37 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:40:45 +0200	MSGCBIZU1	server	IP-BLOCK	77.78.225.4 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:40:53 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:41:09 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:41:25 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:41:25 +0200	MSGCBIZU1	server	IP-BLOCK	77.78.225.4 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:41:34 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:41:42 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:41:50 +0200	MSGCBIZU1	server	IP-BLOCK	77.78.225.4 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:42:06 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:42:22 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:42:38 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:42:47 +0200	MSGCBIZU1	server	IP-BLOCK	77.78.225.4 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:42:47 +0200	MSGCBIZU1	server	IP-BLOCK	77.78.225.4 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:42:55 +0200	MSGCBIZU1	server	IP-BLOCK	77.78.225.4 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:42:55 +0200	MSGCBIZU1	server	IP-BLOCK	77.78.225.4 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:43:43 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:44:00 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:44:16 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:44:32 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:45:12 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:52:35 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:56:04 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:56:36 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 13:56:52 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 14:00:29 +0200	MSGCBIZU1	server	IP-BLOCK	83.128.58.86 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 14:00:54 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 14:01:42 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 14:01:58 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 14:02:14 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 14:03:03 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 14:03:19 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 14:05:03 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 14:05:19 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 14:05:35 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 14:06:00 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 14:06:08 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 14:08:48 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 14:08:57 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 14:09:21 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 14:09:37 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 14:09:45 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 14:10:01 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 14:10:18 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 14:10:34 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 14:11:31 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 14:11:47 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 14:11:55 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 14:12:27 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 14:12:35 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 14:12:51 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 14:12:59 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 14:13:40 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 14:13:56 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 14:14:04 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 14:16:13 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 14:16:37 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 14:17:49 +0200	MSGCBIZU1	server	IP-BLOCK	77.78.225.4 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 14:18:22 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 14:18:54 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 14:19:10 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 14:19:26 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 14:19:34 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 14:19:58 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 14:20:14 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 14:20:31 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 14:20:47 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 14:20:55 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 14:21:03 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 14:21:19 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 14:22:07 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 14:26:16 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 14:26:41 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 14:26:57 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 14:27:13 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 14:27:53 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 14:28:10 +0200	MSGCBIZU1	server	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 56847, Process: services.exe)
2012/07/24 14:33:09 +0200	MSGCBIZU1	server	MESSAGE	Starting protection
2012/07/24 14:33:13 +0200	MSGCBIZU1	server	MESSAGE	Protection started successfully
2012/07/24 14:33:16 +0200	MSGCBIZU1	server	MESSAGE	Starting IP protection
2012/07/24 14:33:16 +0200	MSGCBIZU1	server	ERROR	IP protection failed:  FwpmEngineOpen0 failed with error code 1753
2012/07/24 14:37:14 +0200	MSGCBIZU1	server	DETECTION	C:\Windows\Installer\{17d591ea-5889-c138-cd19-034d4eb76928}\U\800000cb.@	Rootkit.0Access	QUARANTINE
2012/07/24 14:40:56 +0200	MSGCBIZU1	server	DETECTION	C:\Windows\Installer\{17d591ea-5889-c138-cd19-034d4eb76928}\U\800000cb.@	Rootkit.0Access	DENY
         

Ergebnis von ESET
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9950feafe9916843899bf67020d0bf30
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-24 02:01:25
# local_time=2012-07-24 04:01:25 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 107316 79675041 4846 0
# compatibility_mode=5893 16776574 66 94 32929090 94764435 0 0
# compatibility_mode=8192 67108863 100 0 139 139 0 0
# scanned=161948
# found=2
# cleaned=0
# scan_time=3900
C:\Temp\PDFCreator-1_2_3_setup.exe	Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
C:\Windows\Installer\{17d591ea-5889-c138-cd19-034d4eb76928}\U\80000000.@	Win64/Sirefef.AL trojan (unable to clean)	00000000000000000000000000000000	I
         
Ich hoffe, ihr könnt mir helfen, den Rechner wieder vom Security Shield zu befreien.
Danke und Gruß!

Alt 24.07.2012, 17:22   #2
markusg
/// Malware-holic
 
Security Shield auf dem Rechner - Standard

Security Shield auf dem Rechner



hi
wenn du onlinebanking machst, rufe die bank an, lasse es wegen zero access rootkit sperren.
du musst am ende alle passwörter endern
da dieses rootkit gefärhlich ist:

der pc muss neu aufgesetzt und dann abgesichert werden
1. Datenrettung:2. Formatieren, Windows neu instalieren:3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________

__________________

Antwort

Themen zu Security Shield auf dem Rechner
800000cb.@, adobe, anti-malware, antimalware, appdata, autostart, code, dateien, downloader, escan, explorer, failed, gelöscht, malwarebytes, malwarebytes antimalware, microsoft, port, quarantäne, rechner, roaming, security, security shield oder securityshield entfernen, services.exe, shield, speicher, test, trojan.agent.ge, version



Ähnliche Themen: Security Shield auf dem Rechner


  1. Security Shield
    Log-Analyse und Auswertung - 07.11.2012 (23)
  2. Security Shield
    Plagegeister aller Art und deren Bekämpfung - 01.08.2012 (11)
  3. (2x) Security Shield / TR Atraps.Gen entfernt - ist mein Rechner jetzt wieder sauber?
    Mülltonne - 28.07.2012 (1)
  4. Security Shield
    Plagegeister aller Art und deren Bekämpfung - 25.07.2012 (15)
  5. My Security Shield
    Plagegeister aller Art und deren Bekämpfung - 17.07.2012 (34)
  6. My Security Shield
    Log-Analyse und Auswertung - 12.07.2012 (14)
  7. Security Shield auf dem PC
    Plagegeister aller Art und deren Bekämpfung - 08.07.2012 (7)
  8. Security Shield
    Log-Analyse und Auswertung - 04.07.2012 (1)
  9. Security Shield
    Plagegeister aller Art und deren Bekämpfung - 01.07.2012 (1)
  10. Security Shield -Was nun?-
    Log-Analyse und Auswertung - 29.06.2012 (1)
  11. Security Shield Warnmeldungen und Rechner geht aus
    Plagegeister aller Art und deren Bekämpfung - 29.06.2012 (3)
  12. security shield
    Plagegeister aller Art und deren Bekämpfung - 29.05.2012 (1)
  13. Nach Security Shield - Scan sind Kopien meiner Dateien da verursacht von Sec.Shield - Was tun ?
    Log-Analyse und Auswertung - 13.04.2012 (57)
  14. Security Shield!
    Plagegeister aller Art und deren Bekämpfung - 04.04.2012 (98)
  15. Production Security Services- Problem nach Security Shield Attacke
    Plagegeister aller Art und deren Bekämpfung - 18.03.2012 (14)
  16. Security Shield
    Plagegeister aller Art und deren Bekämpfung - 27.05.2011 (1)
  17. "Security Shield" (rouge) legt Rechner lahm
    Plagegeister aller Art und deren Bekämpfung - 24.05.2011 (12)

Zum Thema Security Shield auf dem Rechner - Hallo! Ich habe mir Security Shield eingefangen. Wie oben angegeben habe ich Malwarebytes Antimalware runtergeladen und ausgeführt. Folgende Logs habe ich: mbam-log Code: Alles auswählen Aufklappen ATTFilter Malwarebytes Anti-Malware (Test) - Security Shield auf dem Rechner...
Archiv
Du betrachtest: Security Shield auf dem Rechner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.