Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Bundeskriminalamt Virus (https://www.trojaner-board.de/101939-bundeskriminalamt-virus.html)

Levga 08.08.2011 12:30
Hier is das Logfile:
Code:
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\4E3E0230AEBB4E96 not found.
File C:\Recycle.Bin\Recycle.Bin.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\avupdate not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\autoexec.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4838fc4-8787-11e0-91cd-001dbab2376b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e4838fc4-8787-11e0-91cd-001dbab2376b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4838fc4-8787-11e0-91cd-001dbab2376b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e4838fc4-8787-11e0-91cd-001dbab2376b}\ not found.
File G:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4838fc4-8787-11e0-91cd-001dbab2376b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e4838fc4-8787-11e0-91cd-001dbab2376b}\ not found.
File G:\directx\dxsetup.exe install not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4838fc4-8787-11e0-91cd-001dbab2376b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e4838fc4-8787-11e0-91cd-001dbab2376b}\ not found.
File G:\setup.exe not found.
========== FILES ==========
File\Folder C:\Recycle.Bin not found.
File move failed. C:\Windows\System32\WinFXDocObj.exe scheduled to be moved on reboot.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.26.1 log created on 08072011_172110

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\WinFXDocObj.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...
Scheint im Prinzip ziemlich sinnlos gewesen zu sein, weil das ganze schon beim ersten mal verändert wurde ^^'
Noch läuft Windows jetz wieder normal...

cosinus 08.08.2011 13:04
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!


Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Levga 08.08.2011 14:18
Ok. Hier is das Logfile von GMER:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-08-08 15:08:22
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 FUJITSU_ rev.0041
Running: 4z0jpdwi.exe; Driver: C:\Users\Usesr\AppData\Local\Temp\kgloapoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text          C:\Windows\system32\DRIVERS\atikmdag.sys                                                            section is writeable [0x8DE0E000, 0x20BF92, 0xE8000020]
.text          C:\Windows\system32\DRIVERS\atksgt.sys                                                              section is writeable [0x9D200300, 0x3B6D8, 0xE8000020]
.text          C:\Windows\system32\DRIVERS\lirsgt.sys                                                              section is writeable [0x9D243300, 0x1BEE, 0xE8000020]

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                [74847817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                [7489A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]            [7484BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]      [7483F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                [748475E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]              [7483E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]  [74878395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]    [7484DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]            [7483FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]              [7483FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]              [748371CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]      [748CCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]          [7486C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]            [7483D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                      [74836853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                      [7483687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]        [74842AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
Mir ist ausserdem aufgefallen Malwarebytes die Verbindung zu "potentiell gefährlichen Websites" (IP-BLOCK) stoppt auch wenn ich nur hier im Forum oder auf Facebook bin. Kann sein das der Schutz in den letzten tagen
deaktiviert war und irgendwas im Hintergrund den Virus wieder draufgeladen hat.

Hier ein Logfile als Beispiel (05.08.2011). Hoffe das hilft evtl.:
Code:
12:06:41        Usesr        MESSAGE        Protection started successfully
12:06:46        Usesr        MESSAGE        IP Protection started successfully
23:21:07        Usesr        IP-BLOCK        94.100.30.253 (Type: outgoing, Port: 51352, Process: firefox.exe)
23:21:07        Usesr        IP-BLOCK        94.100.28.58 (Type: outgoing, Port: 51353, Process: firefox.exe)
23:21:07        Usesr        IP-BLOCK        94.100.30.253 (Type: outgoing, Port: 51354, Process: firefox.exe)
23:21:07        Usesr        IP-BLOCK        94.100.28.58 (Type: outgoing, Port: 51355, Process: firefox.exe)
23:21:07        Usesr        IP-BLOCK        94.100.30.253 (Type: outgoing, Port: 51357, Process: firefox.exe)
23:21:07        Usesr        IP-BLOCK        94.100.30.253 (Type: outgoing, Port: 51358, Process: firefox.exe)
23:21:07        Usesr        IP-BLOCK        94.100.30.253 (Type: outgoing, Port: 51359, Process: firefox.exe)
23:21:07        Usesr        IP-BLOCK        94.100.30.253 (Type: outgoing, Port: 51360, Process: firefox.exe)
23:21:07        Usesr        IP-BLOCK        94.100.28.58 (Type: outgoing, Port: 51361, Process: firefox.exe)
23:21:07        Usesr        IP-BLOCK        94.100.28.58 (Type: outgoing, Port: 51362, Process: firefox.exe)
23:21:07        Usesr        IP-BLOCK        94.100.28.58 (Type: outgoing, Port: 51363, Process: firefox.exe)
23:21:07        Usesr        IP-BLOCK        94.100.28.58 (Type: outgoing, Port: 51364, Process: firefox.exe)
23:21:07        Usesr        IP-BLOCK        94.100.28.56 (Type: outgoing, Port: 51369, Process: firefox.exe)
23:21:07        Usesr        IP-BLOCK        94.100.28.56 (Type: outgoing, Port: 51370, Process: firefox.exe)
23:21:07        Usesr        IP-BLOCK        94.100.28.54 (Type: outgoing, Port: 51371, Process: firefox.exe)
23:21:07        Usesr        IP-BLOCK        94.100.28.54 (Type: outgoing, Port: 51372, Process: firefox.exe)
23:21:07        Usesr        IP-BLOCK        94.100.28.54 (Type: outgoing, Port: 51373, Process: firefox.exe)
23:21:07        Usesr        IP-BLOCK        94.100.28.54 (Type: outgoing, Port: 51374, Process: firefox.exe)
23:21:07        Usesr        IP-BLOCK        94.100.28.54 (Type: outgoing, Port: 51375, Process: firefox.exe)
23:21:07        Usesr        IP-BLOCK        94.100.28.54 (Type: outgoing, Port: 51376, Process: firefox.exe)
23:21:07        Usesr        IP-BLOCK        94.100.30.253 (Type: outgoing, Port: 51384, Process: firefox.exe)
23:21:07        Usesr        IP-BLOCK        94.100.30.252 (Type: outgoing, Port: 51386, Process: firefox.exe)
23:21:07        Usesr        IP-BLOCK        94.100.28.56 (Type: outgoing, Port: 51387, Process: firefox.exe)
23:21:07        Usesr        IP-BLOCK        94.100.30.253 (Type: outgoing, Port: 51388, Process: firefox.exe)
23:21:07        Usesr        IP-BLOCK        94.100.28.58 (Type: outgoing, Port: 51389, Process: firefox.exe)
23:21:07        Usesr        IP-BLOCK        94.100.30.253 (Type: outgoing, Port: 51390, Process: firefox.exe)
23:21:07        Usesr        IP-BLOCK        94.100.30.253 (Type: outgoing, Port: 51391, Process: firefox.exe)
23:21:07        Usesr        IP-BLOCK        94.100.30.253 (Type: outgoing, Port: 51392, Process: firefox.exe)
23:21:07        Usesr        IP-BLOCK        94.100.30.252 (Type: outgoing, Port: 51393, Process: firefox.exe)
23:21:07        Usesr        IP-BLOCK        94.100.28.58 (Type: outgoing, Port: 51394, Process: firefox.exe)
23:21:07        Usesr        IP-BLOCK        94.100.28.58 (Type: outgoing, Port: 51395, Process: firefox.exe)
23:21:07        Usesr        IP-BLOCK        94.100.28.58 (Type: outgoing, Port: 51396, Process: firefox.exe)
23:21:07        Usesr        IP-BLOCK        94.100.28.56 (Type: outgoing, Port: 51397, Process: firefox.exe)
23:21:08        Usesr        IP-BLOCK        94.100.30.252 (Type: outgoing, Port: 51398, Process: firefox.exe)
23:21:08        Usesr        IP-BLOCK        94.100.30.253 (Type: outgoing, Port: 51399, Process: firefox.exe)
23:21:08        Usesr        IP-BLOCK        94.100.28.56 (Type: outgoing, Port: 51400, Process: firefox.exe)
23:21:08        Usesr        IP-BLOCK        94.100.28.58 (Type: outgoing, Port: 51401, Process: firefox.exe)
23:22:03        Usesr        MESSAGE        IP Protection stopped
23:22:07        Usesr        MESSAGE        Database updated successfully
23:22:08        Usesr        MESSAGE        IP Protection started successfully
23:22:39        Usesr        IP-BLOCK        94.100.30.252 (Type: outgoing, Port: 51431, Process: firefox.exe)
23:22:39        Usesr        IP-BLOCK        94.100.28.56 (Type: outgoing, Port: 51432, Process: firefox.exe)
23:22:39        Usesr        IP-BLOCK        195.226.218.185 (Type: outgoing, Port: 51436, Process: firefox.exe)
23:22:39        Usesr        IP-BLOCK        94.100.30.252 (Type: outgoing, Port: 51437, Process: firefox.exe)
23:22:39        Usesr        IP-BLOCK        94.100.28.56 (Type: outgoing, Port: 51438, Process: firefox.exe)
23:22:39        Usesr        IP-BLOCK        94.100.30.253 (Type: outgoing, Port: 51440, Process: firefox.exe)
23:22:39        Usesr        IP-BLOCK        94.100.28.58 (Type: outgoing, Port: 51441, Process: firefox.exe)
23:22:47        Usesr        IP-BLOCK        94.100.28.54 (Type: outgoing, Port: 51444, Process: firefox.exe)
23:22:47        Usesr        IP-BLOCK        94.100.30.252 (Type: outgoing, Port: 51446, Process: firefox.exe)
23:22:47        Usesr        IP-BLOCK        94.100.28.56 (Type: outgoing, Port: 51447, Process: firefox.exe)
23:22:47        Usesr        IP-BLOCK        94.100.30.252 (Type: outgoing, Port: 51448, Process: firefox.exe)
23:22:47        Usesr        IP-BLOCK        94.100.28.56 (Type: outgoing, Port: 51449, Process: firefox.exe)
23:22:47        Usesr        IP-BLOCK        94.100.30.253 (Type: outgoing, Port: 51450, Process: firefox.exe)
23:22:47        Usesr        IP-BLOCK        94.100.28.58 (Type: outgoing, Port: 51451, Process: firefox.exe)
23:22:47        Usesr        IP-BLOCK        94.100.30.252 (Type: outgoing, Port: 51452, Process: firefox.exe)
23:22:47        Usesr        IP-BLOCK        94.100.28.56 (Type: outgoing, Port: 51453, Process: firefox.exe)
23:22:47        Usesr        IP-BLOCK        94.100.30.252 (Type: outgoing, Port: 51454, Process: firefox.exe)
23:22:47        Usesr        IP-BLOCK        94.100.28.56 (Type: outgoing, Port: 51455, Process: firefox.exe)
23:22:47        Usesr        IP-BLOCK        94.100.30.252 (Type: outgoing, Port: 51456, Process: firefox.exe)
23:22:47        Usesr        IP-BLOCK        94.100.28.56 (Type: outgoing, Port: 51457, Process: firefox.exe)
23:22:47        Usesr        IP-BLOCK        94.100.30.252 (Type: outgoing, Port: 51458, Process: firefox.exe)
23:22:47        Usesr        IP-BLOCK        94.100.28.56 (Type: outgoing, Port: 51459, Process: firefox.exe)
23:22:47        Usesr        IP-BLOCK        94.100.30.252 (Type: outgoing, Port: 51460, Process: firefox.exe)
23:22:47        Usesr        IP-BLOCK        94.100.28.56 (Type: outgoing, Port: 51461, Process: firefox.exe)
23:22:47        Usesr        IP-BLOCK        94.100.28.54 (Type: outgoing, Port: 51462, Process: firefox.exe)
23:22:55        Usesr        IP-BLOCK        94.100.30.252 (Type: outgoing, Port: 51465, Process: firefox.exe)
23:22:55        Usesr        IP-BLOCK        94.100.28.56 (Type: outgoing, Port: 51466, Process: firefox.exe)
23:22:56        Usesr        IP-BLOCK        94.100.30.253 (Type: outgoing, Port: 51467, Process: firefox.exe)
23:22:56        Usesr        IP-BLOCK        94.100.28.58 (Type: outgoing, Port: 51468, Process: firefox.exe)
23:23:04        Usesr        IP-BLOCK        94.100.28.54 (Type: outgoing, Port: 51475, Process: firefox.exe)
23:24:16        Usesr        IP-BLOCK        94.100.30.252 (Type: outgoing, Port: 51517, Process: firefox.exe)
23:24:16        Usesr        IP-BLOCK        94.100.28.56 (Type: outgoing, Port: 51518, Process: firefox.exe)
23:24:40        Usesr        IP-BLOCK        94.100.28.57 (Type: outgoing, Port: 51521, Process: firefox.exe)
23:24:40        Usesr        IP-BLOCK        94.100.28.57 (Type: outgoing, Port: 51523, Process: firefox.exe)
23:24:48        Usesr        IP-BLOCK        195.242.152.146 (Type: outgoing, Port: 51528, Process: firefox.exe)
23:24:48        Usesr        IP-BLOCK        195.242.152.146 (Type: outgoing, Port: 51530, Process: firefox.exe)
23:25:04        Usesr        IP-BLOCK        94.100.28.53 (Type: outgoing, Port: 51539, Process: firefox.exe)
23:25:04        Usesr        IP-BLOCK        94.100.28.53 (Type: outgoing, Port: 51541, Process: firefox.exe)
23:25:36        Usesr        IP-BLOCK        94.100.30.251 (Type: outgoing, Port: 51568, Process: firefox.exe)
23:25:36        Usesr        IP-BLOCK        94.100.30.251 (Type: outgoing, Port: 51570, Process: firefox.exe)
23:26:24        Usesr        IP-BLOCK        217.23.5.96 (Type: outgoing, Port: 51589, Process: firefox.exe)
23:26:32        Usesr        IP-BLOCK        94.100.30.251 (Type: outgoing, Port: 51596, Process: firefox.exe)
23:26:32        Usesr        IP-BLOCK        94.100.30.251 (Type: outgoing, Port: 51598, Process: firefox.exe)
23:26:32        Usesr        IP-BLOCK        94.100.30.251 (Type: outgoing, Port: 51601, Process: firefox.exe)
23:26:40        Usesr        IP-BLOCK        195.242.152.146 (Type: outgoing, Port: 51608, Process: firefox.exe)
23:26:49        Usesr        IP-BLOCK        195.242.152.146 (Type: outgoing, Port: 51612, Process: firefox.exe)
23:26:49        Usesr        IP-BLOCK        195.242.152.146 (Type: outgoing, Port: 51614, Process: firefox.exe)
Hier auch noch das OSAM-Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 15:26:23 on 08.08.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 5.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"iproset.cpl" - "Intel(R) Corporation" - C:\Windows\system32\iproset.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"PROSet Tools" - "Intel(R) Corporation" - C:\Windows\System32\iPROSet.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"catchme" (catchme) - ? - C:\Users\Usesr\AppData\Local\Temp\catchme.sys  (File not found)
"igfx" (igfx) - ? - C:\Windows\System32\DRIVERS\igdkmd32.sys  (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"kgloapoc" (kgloapoc) - ? - C:\Users\Usesr\AppData\Local\Temp\kgloapoc.sys  (Hidden registry entry, rootkit activity | File not found)
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"regi" (regi) - "InterVideo" - C:\Windows\System32\drivers\regi.sys
"Sony DMI Call service" (DMICall) - "Sony Corporation" - C:\Windows\System32\DRIVERS\DMICall.sys
"WimFltr" (WimFltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wimfltr.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.7.0" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\npjpi170.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} "Java Plug-in 1.7.0" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\npjpi170.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.7.0" - ? - ü6ˆƒ˜v\bin\npjpi170.dll  (File not found) / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Usesr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"AlcoholAutomount" - "Alcohol Soft Development Team" - "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
"NSUFloatingUI" - "Sony Corporation" - "C:\Program Files\Sony\Network Utility\LANUtil.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"ISBMgr.exe" - ? - "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"MarketingTools" - "Sony Corporation" - C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"StartCCC" - "Advanced Micro Devices, Inc." - "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ArcSoft Connect Daemon" (ACDaemon) - "ArcSoft Inc." - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
"VAIO Power Management" (VAIO Power Management) - "Sony Corporation" - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
"CamMonitor" (uCamMonitor) - "ArcSoft, Inc." - C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Google Updater Service" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Intel® PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
"Intel® PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"IviRegMgr" (IviRegMgr) - "InterVideo" - c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"MSCSPTISRV" (MSCSPTISRV) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
"NSUService" (NSUService) - "Sony Corporation" - C:\Program Files\sony\Network Utility\NSUService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"PACSPTISVR" (PACSPTISVR) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
"Realtek Audio Service" (RtkAudioService) - "Realtek Semiconductor" - C:\Windows\RtkAudioService.exe
"Sony SPTI Service" (SPTISRV) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
"SQL Server (MSSMLBIZ)" (MSSQL$MSSMLBIZ) - "Microsoft Corporation" - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
"SQL Server-Startdienst für Business Contact Manager" (BcmSqlStartupSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
"StarWind AE Service" (StarWindServiceAE) - "Rocket Division Software" - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
"VAIO Content Folder Watcher" (VCFw) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
"VAIO Content Metadata Intelligent Analyzing Manager" (VcmIAlzMgr) - "Sony Corporation" - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
"VAIO Content Metadata XML Interface" (VcmXmlIfHelper) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
"VAIO Entertainment Database Service" (VzCdbSvc) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
"VAIO Entertainment TV Device Arbitration Service" (VAIO Entertainment TV Device Arbitration Service) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
"VAIO Entertainment UPnP Client Adapter" (Vcsw) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
"VAIO Event Service" (VAIO Event Service) - "Sony Corporation" - C:\Program Files\sony\VAIO Event Service\VESMgr.exe
"VAIO Media plus Content Importer" (SOHCImp) - "Sony Corporation" - C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
"VAIO Media plus Device Searcher" (SOHDs) - "Sony Corporation" - C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
"VAIO Media plus Digital Media Server" (SOHDms) - "Sony Corporation" - C:\Program Files\Sony\VAIO Media plus\SOHDms.exe

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"igfxcui" - ? - igfxdev.dll  (File not found)
"VESWinlogon" - "Sony Corporation" - C:\Windows\system32\VESWinlogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
Und zu guter letzt noch aswMBR:
Code:
aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-08 15:30:00
-----------------------------
15:30:00.833    OS Version: Windows 6.0.6002 Service Pack 2
15:30:00.833    Number of processors: 2 586 0x170A
15:30:00.833    ComputerName: USESR-PC  UserName: Usesr
15:30:02.221    Initialize success
15:33:11.682    AVAST engine defs: 11080800
15:34:05.986    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:34:05.990    Disk 0 Vendor: FUJITSU_ 0041 Size: 238475MB BusType: 3
15:34:05.994    Disk 1  \Device\Harddisk1\DR1 -> \Device\00000060
15:34:05.998    Disk 1 Vendor: RICOH 01 Size: 238475MB BusType: 0
15:34:06.005    Disk 2  \Device\Harddisk2\DR2 -> \Device\00000061
15:34:06.009    Disk 2 Vendor: RICOH 02 Size: 238475MB BusType: 0
15:34:06.196    Disk 0 MBR read successfully
15:34:06.201    Disk 0 MBR scan
15:34:06.208    Disk 0 Windows VISTA default MBR code
15:34:06.496    Disk 0 scanning sectors +488394752
15:34:07.052    Disk 0 scanning C:\Windows\system32\drivers
15:35:25.068    Service scanning
15:35:26.550    Modules scanning
15:36:42.319    Disk 0 trace - called modules:
15:36:42.366    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
15:36:42.381    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x859dcac8]
15:36:42.381    3 CLASSPNP.SYS[8a1a88b3] -> nt!IofCallDriver -> [0x84ef2900]
15:36:42.397    5 acpi.sys[806966bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x854a3028]
15:36:43.192    AVAST engine scan C:\Windows
15:36:58.746    AVAST engine scan C:\Windows\system32
15:40:06.772    AVAST engine scan C:\Windows\system32\drivers
15:40:48.424    AVAST engine scan C:\Users\Usesr
15:55:51.586    AVAST engine scan C:\ProgramData
15:57:52.190    Scan finished successfully
16:02:48.933    Disk 0 MBR has been saved successfully to "C:\Users\Usesr\Desktop\MBR.dat"
16:02:48.949    The log file has been saved successfully to "C:\Users\Usesr\Desktop\aswMBR.txt"

cosinus 08.08.2011 15:23
Sieht soweit ok aus. Werden immer noch IPs geblockt?

Levga 09.08.2011 13:26
Nein, bis jetzt ist nichts aufgetaucht. Hoffentlich bleibts so.
Vielen Dank für die Mühe und Hilfe! :)

cosinus 09.08.2011 14:50
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Levga 09.08.2011 17:20
Malwarebytes hat nichts gefunden. Hier ist das Logfile (obwohl eigentlich nichts drinnensteht):
Code:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7417

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

09.08.2011 18:11:30
mbam-log-2011-08-09 (18-11-30).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 295007
Laufzeit: 1 Stunde(n), 4 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Den Rest schick ich morgen da ich heute vermutlich nicht mehr dazu komme.

Levga 12.08.2011 14:11
Es tut mir leid, es kommt alles ein wenig zu spät!

SuperAntiSpywareLog:
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 08/12/2011 at 03:04 AM

Application Version : 4.56.1000

Core Rules Database Version : 7547
Trace Rules Database Version: 5359

Scan type      : Complete Scan
Total Scan Time : 14:20:02

Memory items scanned      : 827
Memory threats detected  : 0
Registry items scanned    : 9444
Registry threats detected : 0
File items scanned        : 139012
File threats detected    : 11

Adware.Tracking Cookie
        C:\Users\Usesr\AppData\Roaming\Microsoft\Windows\Cookies\usesr@2o7[1].txt
        C:\Users\Usesr\AppData\Roaming\Microsoft\Windows\Cookies\usesr@ad.adc-serv[1].txt
        C:\Users\Usesr\AppData\Roaming\Microsoft\Windows\Cookies\usesr@traffictrack[1].txt
        C:\Users\Usesr\AppData\Roaming\Microsoft\Windows\Cookies\usesr@apmebf[1].txt
        C:\Users\Usesr\AppData\Roaming\Microsoft\Windows\Cookies\usesr@tradedoubler[1].txt
        C:\Users\Usesr\AppData\Roaming\Microsoft\Windows\Cookies\usesr@trackmania-nations-forever.softonic[1].txt
        C:\Users\Usesr\AppData\Roaming\Microsoft\Windows\Cookies\usesr@doubleclick[2].txt
        C:\Users\Usesr\AppData\Roaming\Microsoft\Windows\Cookies\usesr@www.usenext[1].txt
        C:\Users\Usesr\AppData\Roaming\Microsoft\Windows\Cookies\usesr@webmasterplan[2].txt
        cloud.video.unrulymedia.com [ C:\Users\Usesr\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Q8DYWPTZ ]
Tut mir Leid ich hab ESET bereits vor einer Woche mal unaufgefordert durchlaufen lassen:
Hier der erste Log:
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=d8c698e890cbe44baef1be7bc5fe62ae
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-08 12:10:22
# local_time=2011-08-08 02:10:22 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776573 100 100 258840 150331733 0 0
# compatibility_mode=8192 67108863 100 0 240 240 0 0
# scanned=139867
# found=7
# cleaned=7
# scan_time=6417
C:\Users\Usesr\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\3abc9e00-71cf3f61        Variante von Java/TrojanDownloader.OpenStream.NBU Trojaner (gelöscht - in Quarantäne kopiert)        00000000000000000000000000000000        C
C:\Users\Usesr\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\35b51792-796d4d5a        Mehrere Bedrohungen (gelöscht - in Quarantäne kopiert)        00000000000000000000000000000000        C
C:\Users\Usesr\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\19d067db-6262946e        Java/TrojanDownloader.OpenStream.NBV Trojaner (gelöscht - in Quarantäne kopiert)        00000000000000000000000000000000        C
C:\Users\Usesr\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\c669a2-79bc4a45        möglicherweise Variante von Java/Agent.AF Trojaner (gelöscht - in Quarantäne kopiert)        00000000000000000000000000000000        C
C:\Users\Usesr\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\726f6486-2f555b9e        Variante von Java/TrojanDownloader.OpenConnection.MU Trojaner (gelöscht - in Quarantäne kopiert)        00000000000000000000000000000000        C
C:\Users\Usesr\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\3501ad47-33d70c03        Mehrere Bedrohungen (gelöscht - in Quarantäne kopiert)        00000000000000000000000000000000        C
C:\_OTL\MovedFiles.zip        Win32/Spy.SpyEye.CA Trojaner (gelöscht - in Quarantäne kopiert)        00000000000000000000000000000000        C

cosinus 12.08.2011 14:22
Nur Überreste und Cookies.
Kann alles weg.
Rechner soweit wieder im Lot?

Levga 12.08.2011 16:46
Sieht so aus! ESET hab ich nochmal drüberlaufen lassen und der hat auch
nichts gefunden :)
Tausend Dank an dieser Stelle!
Eine Frage hät ich noch und zwar: Was würdet ihr mir für einen Virenschutz empfehlen?

cosinus 12.08.2011 19:15
Die Frage - welcher Virenscanner oder ob der installierte reicht - taucht ständig auf.
Der Virenscanner - egal welcher - kann und wird niemals 100% Schutz bieten können. Neue/unbekannte Schädlinge können immer durch die Lappen gehen. Bleib bei dem Scanner oder nimm Microsoft Security Essentials.
Abgesehen davon nutzen verschiedene Virenscanner unterschiedliche Signaturen und Techniken, das führt dazu, dass zB Scanner1 Schädling X entdeckt, aber Schädling Y übersieht. Scanner2 erkennt Schädling Y, dafür aber Schädling X nicht...
Wichtiger ist, dass du dich an Regeln hälst. Der beste Virenscanner bringt nichts, wenn du dich falsch verhälst und fahrlässig/unvorsichtig bist. Airbag und Sicherheitsgurt im Auto sind ja auch keine Gründe dafür auf die Verkehrsregeln zu pfeifen.

Halte Dich am besten grob an diese Regeln:
  1. Sei misstrauisch im Internet und v.a. bei unbekannten E-Mails, sei vorsichtig bei der Herausgabe persönlicher Daten!!
  2. Halte Windows und alle verwendeten Programme immer aktuell - unterstützen kann dich dabei Secunia PSI
  3. Führe regelmäßig Backups auf externe Medien durch
  4. Arbeite mit eingeschränkten Rechten
  5. Nutze sichere Programme wie zB Opera oder Firefox zum Surfen statt den IE, zum Mailen Thunderbird statt Outlook Express - E-Mails nur als reinen text anzeigen lassen
  6. automatische Wiedergabe von allen Laufwerken komplett deaktivieren, denn das ist ein unnötiges Sicherheitsrisiko
  7. Bei der Installation von Software möglichst darauf achten, dass die Setups aus offiziellen Quellen stammen und du bei der Installation nach Möglichkeit die benutzerdefinierte Methode wählst - dann hast du die Möglichkeit etwaigen Schrott (wie Toolbars oder sowas wie RegistryBooster) abzuwählen, welcher sonst einfach mitinstalliert wird.
  8. Bösartige bzw. ungewollte Sites von vornherein blockieren lassen mit Hilfe der MVPS Hosts File => Blocking Unwanted Parasites with a Hosts File


Alles noch genauer erklärt steht hier => Kompromittierung unvermeidbar?

Levga 14.08.2011 00:17
Ok! Ich habe noch eine weitere letzte Frage:
Meine Mum hat sich ein Notebook mit Windows 7 gekauft. Es ist neu und garantiert malwarefrei. Kann ich über das Notebook einen Stick erstellen, mit dem ich Windows 7 auf diesen Laptop aufspielen kann (nach Formatierung natürlich)??
:)

cosinus 15.08.2011 11:02
Zitat:
Kann ich über das Notebook einen Stick erstellen, mit dem ich Windows 7 auf diesen Laptop aufspielen kann (nach Formatierung natürlich)??
Du willst auf dem neuen Notebook ein Stick erstellen und dann mit diesem Stick das neue Notebook plätten?? :wtf:

Levga 16.08.2011 19:31
Nein, das wär leicht dämlich!
Windows 7 gehört auf diesen Laptop, den wir "gereinigt" haben. Das Notebook ist ja von meiner Mutter.

cosinus 17.08.2011 10:08
Und wieso muss es ein Stick sein? Hat das andere Notebook kein optisches Laufwerk?
Außerdem darfst du rechtlich gesehen eine Windows-Lizenz NICHT auf zwei oder mehr Rechnern gleichzeitig benutzen!


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:30 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131