Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   SUISA Trojaner legt Windows Vista lahm (https://www.trojaner-board.de/117815-suisa-trojaner-legt-windows-vista-lahm.html)

Psychotic 09.07.2012 09:49
Schritt 1: Fix mit FRST



Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument
Code:
HKU\Blangetti-Valentino\...\Run: [dmrvt.tmp] C:\Windows\system32\dmrvt.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmysm.tmp] C:\Windows\system32\dmysm.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmlyc.tmp] C:\Windows\system32\dmlyc.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmbvz.tmp] C:\Windows\system32\dmbvz.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmtua.tmp] C:\Windows\system32\dmtua.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmtwo.tmp] C:\Windows\system32\dmtwo.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmenj.tmp] C:\Windows\system32\dmenj.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmxgq.tmp] C:\Windows\system32\dmxgq.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmpbr.tmp] C:\Windows\system32\dmpbr.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmuxz.tmp] C:\Windows\system32\dmuxz.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmsoy.tmp] C:\Windows\system32\dmsoy.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmpwj.tmp] C:\Windows\system32\dmpwj.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmlwn.tmp] C:\Windows\system32\dmlwn.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmsad.tmp] C:\Windows\system32\dmsad.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmrms.tmp] C:\Windows\system32\dmrms.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmuor.tmp] C:\Windows\system32\dmuor.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmncc.tmp] C:\Windows\system32\dmncc.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmrfc.tmp] C:\Windows\system32\dmrfc.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmana.tmp] C:\Windows\system32\dmana.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmnew.tmp] C:\Windows\system32\dmnew.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmksu.tmp] C:\Windows\system32\dmksu.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmltp.tmp] C:\Windows\system32\dmltp.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmckq.tmp] C:\Windows\system32\dmckq.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmedd.tmp] C:\Windows\system32\dmedd.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmgjt.tmp] C:\Windows\system32\dmgjt.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmlpr.tmp] C:\Windows\system32\dmlpr.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmzrn.tmp] C:\Windows\system32\dmzrn.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmelv.tmp] C:\Windows\system32\dmelv.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmomk.tmp] C:\Windows\system32\dmomk.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmurz.tmp] C:\Windows\system32\dmurz.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmakw.tmp] C:\Windows\system32\dmakw.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmkjm.tmp] C:\Windows\system32\dmkjm.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmzmy.tmp] C:\Windows\system32\dmzmy.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmjcu.tmp] C:\Windows\system32\dmjcu.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmgju.tmp] C:\Windows\system32\dmgju.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmzpl.tmp] C:\Windows\system32\dmzpl.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmxbx.tmp] C:\Windows\system32\dmxbx.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmmgh.tmp] C:\Windows\system32\dmmgh.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmkvq.tmp] C:\Windows\system32\dmkvq.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmsfd.tmp] C:\Windows\system32\dmsfd.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmdsd.tmp] C:\Windows\system32\dmdsd.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmykh.tmp] C:\Windows\system32\dmykh.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmzkd.tmp] C:\Windows\system32\dmzkd.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmbfp.tmp] C:\Windows\system32\dmbfp.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmtdb.tmp] C:\Windows\system32\dmtdb.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmfra.tmp] C:\Windows\system32\dmfra.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmpou.tmp] C:\Windows\system32\dmpou.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmsqm.tmp] C:\Windows\system32\dmsqm.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmavd.tmp] C:\Windows\system32\dmavd.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmsjq.tmp] C:\Windows\system32\dmsjq.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmqbc.tmp] C:\Windows\system32\dmqbc.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmvsn.tmp] C:\Windows\system32\dmvsn.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmlok.tmp] C:\Windows\system32\dmlok.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmwrc.tmp] C:\Windows\system32\dmwrc.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmfvv.tmp] C:\Windows\system32\dmfvv.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmqmk.tmp] C:\Windows\system32\dmqmk.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmyag.tmp] C:\Windows\system32\dmyag.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmmef.tmp] C:\Windows\system32\dmmef.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmqnl.tmp] C:\Windows\system32\dmqnl.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmygo.tmp] C:\Windows\system32\dmygo.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmsve.tmp] C:\Windows\system32\dmsve.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmfrf.tmp] C:\Windows\system32\dmfrf.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmzgb.tmp] C:\Windows\system32\dmzgb.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmxhg.tmp] C:\Windows\system32\dmxhg.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmrnr.tmp] C:\Windows\system32\dmrnr.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmnok.tmp] C:\Windows\system32\dmnok.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmlrg.tmp] C:\Windows\system32\dmlrg.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmkrs.tmp] C:\Windows\system32\dmkrs.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmdyw.tmp] C:\Windows\system32\dmdyw.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmujn.tmp] C:\Windows\system32\dmujn.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmhqj.tmp] C:\Windows\system32\dmhqj.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmnvv.tmp] C:\Windows\system32\dmnvv.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmade.tmp] C:\Windows\system32\dmade.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmtkr.tmp] C:\Windows\system32\dmtkr.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmjbl.tmp] C:\Windows\system32\dmjbl.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmzsd.tmp] C:\Windows\system32\dmzsd.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmxpd.tmp] C:\Windows\system32\dmxpd.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmkke.tmp] C:\Windows\system32\dmkke.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmfci.tmp] C:\Windows\system32\dmfci.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmham.tmp] C:\Windows\system32\dmham.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmeyd.tmp] C:\Windows\system32\dmeyd.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmznf.tmp] C:\Windows\system32\dmznf.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmpzh.tmp] C:\Windows\system32\dmpzh.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmaxz.tmp] C:\Windows\system32\dmaxz.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmlrf.tmp] C:\Windows\system32\dmlrf.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmyxz.tmp] C:\Windows\system32\dmyxz.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmrsu.tmp] C:\Windows\system32\dmrsu.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmwck.tmp] C:\Windows\system32\dmwck.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmofp.tmp] C:\Windows\system32\dmofp.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmoub.tmp] C:\Windows\system32\dmoub.tmp [x]
HKU\Blangetti-Valentino\...\Run: [dmeux.tmp] C:\Windows\system32\dmeux.tmp [x]
HKU\Blangetti-Valentino\...\Run: [Fgefusuya] rundll32.exe "C:\Users\Blangetti-Valentino\AppData\Local\Kyoqobesitefesuf.dll",e [x]
C:\Users\Blangetti-Valentino\AppData\Local\Kyoqobesitefesuf.dll
C:\Windows\system32\*.tmp
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Fix Button.
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick.


Starte den Rechner nun umgehend im abgesicherten Modus!


Abgesicherter Modus zur Bereinigung



Schritt 2: Combofix


Lösche die vorhandene Combofix.exe vom Desktop!


Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.




Poste in deiner nächsten antwort die Logs von FRST und Combofix!

jeeg 10.07.2012 21:50
Hallo

Hier der Inhalt der ComboFix.txt. Meiner Meinung nach steht da noch weniger drin als beim letzten Mal.

Code:
ComboFix 12-07-10.01 - Blangetti-Valentino 10.07.2012  22:29:06.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.41.1031.18.2046.1534 [GMT 2:00]
ausgeführt von:: C:\Users\Blangetti-Valentino\Desktop\ComboFix.exe
AV: McAfee  Anti-Virus und Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee  Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee  Anti-Virus und Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
Und hier noch der Inhalt von Fixlog.txt:

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 04-07-2012 02
Ran by SYSTEM at 2012-07-10 22:15:23 Run:1
Running from E:\

==============================================

HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmrvt.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmysm.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmlyc.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmbvz.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmtua.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmtwo.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmenj.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmxgq.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmpbr.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmuxz.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmsoy.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmpwj.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmlwn.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmsad.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmrms.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmuor.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmncc.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmrfc.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmana.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmnew.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmksu.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmltp.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmckq.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmedd.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmgjt.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmlpr.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmzrn.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmelv.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmomk.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmurz.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmakw.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmkjm.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmzmy.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmjcu.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmgju.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmzpl.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmxbx.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmmgh.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmkvq.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmsfd.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmdsd.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmykh.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmzkd.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmbfp.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmtdb.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmfra.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmpou.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmsqm.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmavd.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmsjq.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmqbc.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmvsn.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmlok.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmwrc.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmfvv.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmqmk.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmyag.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmmef.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmqnl.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmygo.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmsve.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmfrf.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmzgb.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmxhg.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmrnr.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmnok.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmlrg.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmkrs.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmdyw.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmujn.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmhqj.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmnvv.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmade.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmtkr.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmjbl.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmzsd.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmxpd.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmkke.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmfci.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmham.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmeyd.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmznf.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmpzh.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmaxz.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmlrf.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmyxz.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmrsu.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmwck.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmofp.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmoub.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\dmeux.tmp Value deleted successfully.
HKEY_USERS\Blangetti-Valentino\Software\Microsoft\Windows\CurrentVersion\Run\\Fgefusuya Value deleted successfully.
C:\Users\Blangetti-Valentino\AppData\Local\Kyoqobesitefesuf.dll not found.
C:\Windows\system32\*.tmp not found.

==== End of Fixlog ====

jeeg 26.07.2012 21:25
Hallo Marius

Ich war ein paar Tage weg.
Das Problem scheint behoben zu sein. Ich wollte mich schon mal herzlich für Deine Hilfe bedanken. Gibt es noch etwas zu tun?

Gruss
jeeg

Psychotic 06.08.2012 10:42
Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist

jeeg 06.08.2012 17:37
Hallo

Wie gesagt, die Symptome sind verschwunden, der Rechner arbeitet wieder wie zuvor, ob er aber sauber ist, kann ich nicht sagen. Welches weitere Vorgehen schlägst Du vor?

Danke
jeeg

Psychotic 07.08.2012 08:24
Drücke die Windows- und die R-Taste gleichzeitig und kopiere folgendes in die Textbox:

Code:
ComboFix /nombr
Klicke OK --> Combofix wird starten.

Ist das erzeugte Lox jetzt umfangreicher?

Psychotic 13.08.2012 07:51
Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist

jeeg 13.08.2012 10:41
Hallo,

Ich habe den Befehl eingegeben, ComboFix wurde aber so nicht gefunden. Dann habe ich halt ComboFix direkt über das Icon auf dem Desktop gestartet, ist dann aber irgendwie abgestürzt. Ich probiere's heute abend nochmals.
Was heisst für Dich, ob das Log umfangreicher ist? Womit soll ich es vergleichen? Mit meinem Eintrag vom 10.07.2012 22:50?
Code:
ComboFix 12-07-10.01 - Blangetti-Valentino 10.07.2012  22:29:06.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.41.1031.18.2046.1534 [GMT 2:00]
ausgeführt von:: C:\Users\Blangetti-Valentino\Desktop\ComboFix.exe
AV: McAfee  Anti-Virus und Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee  Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee  Anti-Virus und Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
Danke und Gruss
jeeg

Hallo,
Habe ComboFix nochmals laufen lassen, hier das log:

Code:
ComboFix 12-08-13.01 - Blangetti-Valentino 13.08.2012  21:38:30.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.41.1031.18.2046.1196 [GMT 2:00]
ausgeführt von:: c:\users\Blangetti-Valentino\Desktop\ComboFix.exe
AV: McAfee  Anti-Virus und Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee  Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee  Anti-Virus und Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\BLANGE~1\AppData\Local\Temp\IadHide4.dll
c:\users\Blangetti-Valentino\AppData\Local\temp\IadHide4.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-07-13 bis 2012-08-13  ))))))))))))))))))))))))))))))
.
.
2012-08-13 19:51 . 2012-08-13 19:51        --------        d-----w-        c:\users\Default\AppData\Local\temp
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-05 09:43 . 2012-04-29 12:39        426184        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-08-05 09:43 . 2011-06-28 18:44        70344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-29 08:44 . 2012-08-10 18:49        6891424        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{2BF7B14F-5874-4705-A484-9A9C4179B826}\mpengine.dll
2012-06-13 13:40 . 2012-07-14 01:18        2047488        ----a-w-        c:\windows\system32\win32k.sys
2012-06-05 16:47 . 2012-07-13 22:42        1401856        ----a-w-        c:\windows\system32\msxml6.dll
2012-06-05 16:47 . 2012-07-13 22:41        1248768        ----a-w-        c:\windows\system32\msxml3.dll
2012-06-04 15:26 . 2012-07-13 22:36        440704        ----a-w-        c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-06-22 18:34        53784        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 18:34        45080        ----a-w-        c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 18:32        35864        ----a-w-        c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 18:32        577048        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-22 18:34        1933848        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-22 18:34        2422272        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-22 18:32        88576        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-22 18:31        171904        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-22 18:31        33792        ----a-w-        c:\windows\system32\wuapp.exe
2012-06-02 08:33 . 2012-07-14 01:04        1800192        ----a-w-        c:\windows\system32\jscript9.dll
2012-06-02 08:25 . 2012-07-14 01:04        1129472        ----a-w-        c:\windows\system32\wininet.dll
2012-06-02 08:25 . 2012-07-14 01:04        1427968        ----a-w-        c:\windows\system32\inetcpl.cpl
2012-06-02 08:20 . 2012-07-14 01:04        142848        ----a-w-        c:\windows\system32\ieUnatt.exe
2012-06-02 08:16 . 2012-07-14 01:04        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2012-06-02 00:04 . 2012-07-13 22:36        278528        ----a-w-        c:\windows\system32\schannel.dll
2012-06-02 00:03 . 2012-07-13 22:36        204288        ----a-w-        c:\windows\system32\ncrypt.dll
2012-05-31 10:25 . 2011-11-19 23:06        237072        ------w-        c:\windows\system32\MpSigStub.exe
1999-04-16 18:40 . 2007-05-17 12:03        828416        ----a-w-        c:\program files\Leechftp.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2006-11-12 446976]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2007-04-22 20480]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-02 68856]
"mRouterConfig"="c:\program files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe" [2006-03-02 290816]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-03-09 247728]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-10-21 433872]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2006-11-17 17920]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2006-10-13 184320]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"CamWizard"="c:\program files\Common Files\Logitech\QCDRV\BIN\CamWizrd.exe" [2005-05-13 184320]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"Sunrise"="c:\program files\Sunrise\bin\sprtcmd.exe" [2008-06-27 202016]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-13 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-13 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-13 81920]
"SigmatelSysTrayApp"="sttray.exe" [2007-02-08 303104]
"MoneyStartUp10.0"="c:\program files\Microsoft Money\System\Activation.exe" [2001-07-25 245810]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1318816]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-08-31 623960]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"OPSE reminder"="c:\program files\ScanSoft\OmniPageSE2.0\EregGer\Ereg.exe" [2003-07-07 729088]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-4-8 50688]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-4-22 450560]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
QuickSet.lnk - c:\windows\Installer\{53A01CC6-14B0-4512-A2E7-10D39BF83DC4}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-4-8 45056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 09:43]
.
2012-08-12 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-02 18:17]
.
2012-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc92db1b3f34d0.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-04 20:49]
.
2012-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-04 20:49]
.
2012-08-05 c:\windows\Tasks\Norton Security Scan for Blangetti-Valentino.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-09 07:48]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.blangetti-valentino.ch/
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: jetaviation.ch\mail
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 194.230.1.71 194.230.1.39
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} - hxxp://www.ifolor.ch/ORDERINGGENERAL/LowRes/app_support/_2_1_8/ActiveX/IfolorUploader_chkr.cab
DPF: {48580E34-E37A-454A-8EC4-FC7598B01D77} - hxxp://order.ifolor.ch/GENERAL/LowRes/app_support/1/ActiveX/IfolorUploader_chkr.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-Corel Photo Downloader - c:\program files\Corel\Corel Snapfire Plus\PhotoDownloader.exe
HKU-Default-RunOnce-IETI - c:\program files\Skype\Phone\IEPlugin\unins000.exe
AddRemove-ifolor-OrderClient36-CHDE - c:\users\Blangetti-Valentino\Desktop\OrderClient36\Uninstall.exe
AddRemove-Migros Photo Service - c:\users\Blangetti-Valentino\Desktop\Migros Photo Service\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-08-13 22:04
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(5880)
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\McAfee\SiteAdvisor\McSACore.exe
c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe
c:\windows\system32\rundll32.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Sunrise\bin\sprtsvc.exe
c:\program files\TomTom HOME 2\TomTomHOMEService.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe
c:\windows\system32\conime.exe
c:\windows\sttray.exe
c:\program files\Dell\QuickSet\quickset.exe
c:\windows\System32\rundll32.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe
c:\windows\servicing\TrustedInstaller.exe
c:\progra~1\mcafee.com\agent\mcupdate.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-08-13  22:13:11 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-08-13 20:12
.
Vor Suchlauf: 17 Verzeichnis(se), 16'480'194'560 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 16'448'413'696 Bytes frei
.
- - End Of File - - FB712778846E4B4F4162BE49C68576CF
Erachtest Du das als umfangreicher im Vergleich zu den vorhergehenden logs?

Danke und Gruss
jeeg

Psychotic 14.08.2012 13:30
aha!


Sieht ganz gut aus - kontrollieren wir alles nochmal! :)


Schritt 1: MBAM vollständig


Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Vollständigen Scan durchführen und drücke auf Scannen. (Hinweis: Alle Festplatten anhaken!)
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.



Schritt 2: ESET



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


jeeg 15.08.2012 19:21
Hallo Marius

Habe mal MBAM laufen lassen. Ich habe es über Nacht laufen lassen, leider wurden am nächsten morgen keine Ergebnisse angezeigt, deshalb konnte ich keine Funde entfernen. Trotzdem sende ich Dir die 2 Log-Dateien, die generiert wurden. ESET werde ich erst jetzt laufen lassen.

Code:
2012/08/14 20:48:31 +0200        UNSERNOTEBOOK        Blangetti-Valentino        MESSAGE        Starting protection
2012/08/14 20:48:33 +0200        UNSERNOTEBOOK        Blangetti-Valentino        MESSAGE        Executing scheduled update:  Daily
2012/08/14 20:48:37 +0200        UNSERNOTEBOOK        Blangetti-Valentino        MESSAGE        Protection started successfully
2012/08/14 20:48:41 +0200        UNSERNOTEBOOK        Blangetti-Valentino        MESSAGE        Starting IP protection
2012/08/14 20:48:47 +0200        UNSERNOTEBOOK        Blangetti-Valentino        MESSAGE        IP Protection started successfully
2012/08/14 20:49:04 +0200        UNSERNOTEBOOK        Blangetti-Valentino        MESSAGE        Scheduled update executed successfully:  database updated from version v2012.07.03.05 to version v2012.08.14.06
2012/08/14 20:49:04 +0200        UNSERNOTEBOOK        Blangetti-Valentino        MESSAGE        Starting database refresh
2012/08/14 20:49:04 +0200        UNSERNOTEBOOK        Blangetti-Valentino        MESSAGE        Stopping IP protection
2012/08/14 20:49:08 +0200        UNSERNOTEBOOK        Blangetti-Valentino        MESSAGE        IP Protection stopped
2012/08/14 20:49:12 +0200        UNSERNOTEBOOK        Blangetti-Valentino        MESSAGE        Database refreshed successfully
2012/08/14 20:49:12 +0200        UNSERNOTEBOOK        Blangetti-Valentino        MESSAGE        Starting IP protection
2012/08/14 20:49:16 +0200        UNSERNOTEBOOK        Blangetti-Valentino        MESSAGE        IP Protection started successfully
2012/08/14 21:15:25 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 49862, Process: iexplore.exe)
2012/08/14 21:15:26 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 49861, Process: iexplore.exe)
2012/08/14 21:15:26 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 49863, Process: iexplore.exe)
2012/08/14 21:15:26 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 49864, Process: iexplore.exe)
2012/08/14 21:15:26 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 49866, Process: iexplore.exe)
2012/08/14 21:15:26 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 49865, Process: iexplore.exe)
2012/08/14 21:15:26 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 49867, Process: iexplore.exe)
2012/08/14 21:15:26 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 49868, Process: iexplore.exe)
2012/08/14 21:24:36 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        217.23.14.123 (Type: outgoing, Port: 49976, Process: iexplore.exe)
2012/08/14 21:24:36 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        217.23.14.123 (Type: outgoing, Port: 49978, Process: iexplore.exe)
2012/08/14 21:24:36 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        173.241.240.153 (Type: outgoing, Port: 49985, Process: iexplore.exe)
2012/08/14 21:24:36 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        173.241.240.153 (Type: outgoing, Port: 49988, Process: iexplore.exe)
2012/08/14 21:30:57 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        217.23.14.123 (Type: outgoing, Port: 50085, Process: iexplore.exe)
2012/08/14 21:30:57 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        217.23.14.123 (Type: outgoing, Port: 50087, Process: iexplore.exe)
2012/08/14 21:37:49 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 50197, Process: iexplore.exe)
2012/08/14 21:37:49 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 50198, Process: iexplore.exe)
2012/08/14 21:37:49 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 50199, Process: iexplore.exe)
2012/08/14 21:37:49 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 50211, Process: iexplore.exe)
2012/08/14 21:37:49 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 50212, Process: iexplore.exe)
2012/08/14 21:37:49 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 50214, Process: iexplore.exe)
2012/08/14 21:37:49 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 50215, Process: iexplore.exe)
2012/08/14 21:37:49 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 50217, Process: iexplore.exe)
2012/08/14 21:40:38 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 50274, Process: iexplore.exe)
2012/08/14 21:40:38 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 50277, Process: iexplore.exe)
2012/08/14 21:40:38 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 50279, Process: iexplore.exe)
2012/08/14 21:40:38 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 50281, Process: iexplore.exe)
2012/08/14 21:46:51 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 50470, Process: iexplore.exe)
2012/08/14 21:46:51 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 50471, Process: iexplore.exe)
2012/08/14 21:46:51 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 50472, Process: iexplore.exe)
2012/08/14 21:46:51 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 50473, Process: iexplore.exe)
2012/08/14 21:52:55 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 50602, Process: iexplore.exe)
2012/08/14 21:52:55 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 50601, Process: iexplore.exe)
2012/08/14 21:52:55 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 50603, Process: iexplore.exe)
2012/08/14 21:52:55 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 50604, Process: iexplore.exe)
2012/08/14 21:53:36 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 50629, Process: iexplore.exe)
2012/08/14 21:53:36 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 50628, Process: iexplore.exe)
2012/08/14 21:53:36 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 50630, Process: iexplore.exe)
2012/08/14 21:53:36 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 50631, Process: iexplore.exe)
2012/08/14 21:53:36 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 50632, Process: iexplore.exe)
2012/08/14 21:53:36 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 50633, Process: iexplore.exe)
2012/08/14 21:53:36 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 50634, Process: iexplore.exe)
2012/08/14 21:56:42 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 50763, Process: iexplore.exe)
2012/08/14 21:56:42 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 50764, Process: iexplore.exe)
2012/08/14 21:56:42 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 50765, Process: iexplore.exe)
2012/08/14 21:56:42 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 50776, Process: iexplore.exe)
2012/08/14 21:56:42 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 50775, Process: iexplore.exe)
2012/08/14 21:56:42 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 50777, Process: iexplore.exe)
2012/08/14 21:56:42 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 50778, Process: iexplore.exe)
2012/08/14 21:59:57 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 50850, Process: iexplore.exe)
2012/08/14 21:59:57 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 50849, Process: iexplore.exe)
2012/08/14 21:59:57 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 50851, Process: iexplore.exe)
2012/08/14 21:59:57 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 50852, Process: iexplore.exe)
2012/08/14 21:59:57 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 50860, Process: iexplore.exe)
2012/08/14 22:02:55 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 50926, Process: iexplore.exe)
2012/08/14 22:02:55 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 50927, Process: iexplore.exe)
2012/08/14 22:02:55 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 50930, Process: iexplore.exe)
2012/08/14 22:02:55 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 50933, Process: iexplore.exe)
2012/08/14 22:02:55 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 50934, Process: iexplore.exe)
2012/08/14 22:02:55 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 50935, Process: iexplore.exe)
2012/08/14 22:03:11 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 51005, Process: iexplore.exe)
2012/08/14 22:03:11 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 51007, Process: iexplore.exe)
2012/08/14 22:03:11 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 51009, Process: iexplore.exe)
2012/08/14 22:03:11 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 51011, Process: iexplore.exe)
2012/08/14 22:03:11 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 51012, Process: iexplore.exe)
2012/08/14 22:21:04 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 51657, Process: iexplore.exe)
2012/08/14 22:22:12 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 51663, Process: iexplore.exe)
2012/08/14 22:22:12 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 51662, Process: iexplore.exe)
2012/08/14 22:22:12 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 51664, Process: iexplore.exe)
2012/08/14 22:22:12 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 51665, Process: iexplore.exe)
2012/08/14 22:23:11 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 51671, Process: iexplore.exe)
2012/08/14 22:24:00 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 51673, Process: iexplore.exe)
2012/08/14 22:24:00 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 51674, Process: iexplore.exe)
2012/08/14 22:24:00 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 51675, Process: iexplore.exe)
2012/08/14 22:27:32 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 51686, Process: iexplore.exe)
2012/08/14 22:27:32 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 51688, Process: iexplore.exe)
2012/08/14 22:51:13 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 52179, Process: iexplore.exe)
2012/08/14 22:51:15 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 52180, Process: iexplore.exe)
2012/08/14 22:51:15 +0200        UNSERNOTEBOOK        Blangetti-Valentino        IP-BLOCK        66.152.78.239 (Type: outgoing, Port: 52181, Process: iexplore.exe)


Code:
2012/08/15 06:35:14 +0200        UNSERNOTEBOOK        Blangetti-Valentino        MESSAGE        Starting protection
2012/08/15 06:35:31 +0200        UNSERNOTEBOOK        Blangetti-Valentino        MESSAGE        Protection started successfully
2012/08/15 06:35:34 +0200        UNSERNOTEBOOK        Blangetti-Valentino        MESSAGE        Starting IP protection
2012/08/15 06:35:38 +0200        UNSERNOTEBOOK        Blangetti-Valentino        MESSAGE        IP Protection started successfully
2012/08/15 12:04:01 +0200        UNSERNOTEBOOK        Blangetti-Valentino        MESSAGE        Executing scheduled update:  Daily
2012/08/15 12:04:17 +0200        UNSERNOTEBOOK        Blangetti-Valentino        MESSAGE        Scheduled update executed successfully:  database updated from version v2012.08.14.06 to version v2012.08.15.03
2012/08/15 12:04:17 +0200        UNSERNOTEBOOK        Blangetti-Valentino        MESSAGE        Starting database refresh
2012/08/15 12:04:17 +0200        UNSERNOTEBOOK        Blangetti-Valentino        MESSAGE        Stopping IP protection
2012/08/15 12:04:20 +0200        UNSERNOTEBOOK        Blangetti-Valentino        MESSAGE        IP Protection stopped
2012/08/15 12:04:34 +0200        UNSERNOTEBOOK        Blangetti-Valentino        MESSAGE        Database refreshed successfully
2012/08/15 12:04:34 +0200        UNSERNOTEBOOK        Blangetti-Valentino        MESSAGE        Starting IP protection
2012/08/15 12:04:38 +0200        UNSERNOTEBOOK        Blangetti-Valentino        MESSAGE        IP Protection started successfully
und hier noch das logfile von ESET

Code:
C:\Users\Blangetti-Valentino\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\264f54ca-7175e8ba        Java/Exploit.CVE-2012-0507.BV trojan
Gruss
jeeg

Psychotic 15.08.2012 23:17
Macht der Rechner noch Probleme? :)

jeeg 16.08.2012 09:00
Hallo

Nein, der Rechner macht keine Probleme.

Als MBAM lief wurden allerdings 4 infizierte Files während des Scans angezeigt, die ich aus bereits erklärten Gründen am Schluss nicht entfernen konnte.

Bei ESET wurde 1 infiziertes File angezeigt, welches ich aber gemäss Instruktionen nicht entfernt habe (Es hiess ja "bei Remove found threads keinen Haken setzen").

Soll ich MBAM nochmals laufen lassen? Braucht ca. 3 Std oder mehr.

Danke und Gruss
jeeg

Psychotic 20.08.2012 07:04
Dann zeige mir bitte die logfiles von MBAM - du findest sie im Programm unter dem entsprechenden Reiter.

Zippe am besten alle vorhandenen und hänge sie mir hier als Anhang an!

jeeg 25.08.2012 13:49
Hallo Marius

Sorry für die einwöchige Funkstille. Ich war sehr beschäftigt.
Die Log-Files von MBAM hatte ich am 15.8. um 20.21 schon hochgeladen. Brauchst Du die nochmals?

Gruss
jeeg

Psychotic 27.08.2012 06:24
Hallo jeeg,

was du gepostet hast, sind die protection logs von MBAM - was wir brauchen, sind die Logdateien des Malwarescans. Waren das alle Logs, die im Programm angezeigt werden?

Wenn ja, dann scanne erneut und poste die Logdatei!


Alle Zeitangaben in WEZ +1. Es ist jetzt 20:38 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131