Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   50 eur Virus (https://www.trojaner-board.de/110774-50-eur-virus.html)

DasInternet 02.03.2012 20:21
50 eur Virus
 
Mich hat der AKM virus (sieht aus wie der BKA) erwischt. Wenn ich den computer normal einschalte blockiert es alles und zeigt das fenster wo steht das der computer gesperrt worden ist und man 50 eur zahlen muss. Wenn ich windows in safe mode mit netzwerk starte kommt die meldung ebenfalls und bei safe mode ohne netzwerk ist der hintergrund weiss und es steht "Please wait while the connection is being established. Bitte warten sie während die verbindung hergestellt wird" (was normalerweise passiert bevor die 50eur meldung kommt). Machen kann ich dann nichts

Wäre sehr sehr dankbar für hilfe. Ich verwende windows 7 - 32 bit und firefox.

DasInternet 02.03.2012 22:05
Aus diesem thread http://www.trojaner-board.de/110730-...kverleger.html mit dem gleichen problem habe ich OTLPENet auf eine CD gebrannt falls ich diese auch brauche. Gestartet habe ich sie im infizierten computer noch nicht sondern warte auf anweisungen.

markusg 03.03.2012 12:16
hi, kannst du die otl cd mal starten und den bericht posten?

DasInternet 03.03.2012 12:57
Die CD scheint nicht zu funktionieren, vielleicht wurde sie aber auch falsch gebrannt. Das kann ich leider erst in ein paar stunden auf einem zweiten PC mit laufwerk nachschauen. Ich könnte inzwischen combofix auf einem USB probieren wie hier: http://www.trojaner-board.de/110789-...geht-mehr.html

Machen werde ichs natürlich nicht ohne anweisungen

markusg 03.03.2012 14:16
ja, kannst du versuchen :-)

DasInternet 03.03.2012 14:34
Ich hatte es inzwischen geschafft die CD neu zu brennen (war vorher defekt). Ich bin jetzt im REATOGO desktop, wenn ich aber OTLPE vom desktop öffne kommt "browse for folder". Scheint als ob OTLPE nicht installiert ist.

Wenn ich ihn runterlade bekomme ich die meldung "this application has failed to start because framedyn.dll was not found. Re-installing the application may fix this problem"

edit: ich führe jetzt combofix mit USB im abgesicherten modus mit eingabeaufforderung durch.

DasInternet 03.03.2012 15:37
Habe erfolgreich combofix vom USB laufen lassen und jetzt startet der PC wieder!


Combofix Logfile:
Code:
ComboFix 12-03-02.01 - tom 03.03.2012  15:10:50.1.2 - x86 MINIMAL
Microsoft Windows 7 Ultimate  6.1.7601.1.1252.43.1033.18.3069.2100 [GMT 1:00]
ausgeführt von:: h:\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\tom\AppData\Roaming\h6s5ruij653.exe
c:\windows\security\Database\tmp.edb
c:\windows\system32\oobe\audit.exe
c:\windows\system32\oobe\msoobe.exe
c:\windows\system32\oobe\oobeldr.exe
c:\windows\system32\oobe\Setup.exe
c:\windows\system32\oobe\setupsqm.exe
c:\windows\system32\oobe\windeploy.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-02-03 bis 2012-03-03  ))))))))))))))))))))))))))))))
.
.
2012-03-03 14:18 . 2012-03-03 14:19        --------        d-----w-        c:\users\tom\AppData\Local\temp
2012-03-03 14:18 . 2012-03-03 14:18        --------        d-----w-        c:\users\postgres\AppData\Local\temp
2012-03-02 12:34 . 2012-02-08 06:03        6552120        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{D258ABEC-745A-46FA-A741-FFCADCA8B0F3}\mpengine.dll
2012-02-24 15:47 . 2012-02-24 15:47        --------        d-----w-        c:\users\tom\AppData\Roaming\TuneUp Software
2012-02-24 15:46 . 2012-02-24 15:47        --------        d-----w-        c:\programdata\TuneUp Software
2012-02-24 15:45 . 2012-02-24 15:45        --------        d-sh--w-        c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-02-24 11:11 . 2012-02-24 11:11        --------        d-----w-        c:\users\tom\AppData\Roaming\pdfforge
2012-02-24 11:11 . 2001-10-28 16:42        116224        ----a-w-        c:\windows\system32\pdfcmnnt.dll
2012-02-24 11:11 . 1998-06-24 00:00        137000        ----a-w-        c:\windows\system32\MSMAPI32.OCX
2012-02-24 11:11 . 1998-07-06 17:55        158208        ----a-w-        c:\windows\system32\MSCMCDE.DLL
2012-02-24 11:11 . 1998-07-06 17:55        64512        ----a-w-        c:\windows\system32\MSCC2DE.DLL
2012-02-24 11:11 . 1998-07-06 00:00        23552        ----a-w-        c:\windows\system32\MSMPIDE.DLL
2012-02-24 11:11 . 2012-02-24 11:11        --------        d-----w-        c:\program files\PDFCreator
2012-02-23 20:25 . 2012-02-23 20:25        --------        d-----w-        c:\users\tom\AppData\Roaming\Malwarebytes
2012-02-23 20:24 . 2012-02-23 20:24        --------        d-----w-        c:\programdata\Malwarebytes
2012-02-23 20:24 . 2012-02-23 20:24        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-02-23 20:24 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-02-22 22:18 . 2012-02-22 22:18        --------        d-----w-        c:\program files\ESET
2012-02-21 20:48 . 2012-02-23 22:19        --------        d-----w-        c:\users\tom\AppData\Roaming\FileZilla
2012-02-21 20:48 . 2012-02-21 20:49        --------        d-----w-        c:\program files\FileZilla FTP Client
2012-02-16 17:38 . 2012-02-16 17:38        --------        d-----w-        c:\windows\system32\Adobe
2012-02-15 22:17 . 2012-02-15 22:17        107888        ----a-w-        c:\windows\system32\CmdLineExt.dll
2012-02-15 22:17 . 2012-02-15 22:17        --------        d--h--r-        c:\users\tom\AppData\Roaming\SecuROM
2012-02-15 22:15 . 2012-02-15 22:15        242240        ----a-w-        c:\windows\system32\drivers\dtsoftbus01.sys
2012-02-15 22:12 . 2012-02-23 20:38        --------        d-----w-        c:\users\tom\AppData\Roaming\Weuw
2012-02-15 22:12 . 2012-02-23 18:01        --------        d-----w-        c:\users\tom\AppData\Roaming\Nyv
2012-02-15 21:56 . 2012-02-15 21:56        --------        d-----w-        c:\users\tom\AppData\Roaming\Pogo
2012-02-15 21:56 . 2012-02-15 21:56        --------        d-----w-        c:\programdata\Pogo
2012-02-06 14:51 . 2012-02-06 14:51        --------        d-----w-        c:\programdata\ALM
2012-02-06 13:41 . 2012-02-19 19:38        --------        d-----w-        c:\users\tom\AppData\Local\SugarSync
2012-02-06 13:41 . 2012-02-06 13:42        --------        d-----w-        c:\program files\SugarSync
2012-02-06 13:02 . 2012-02-13 12:05        --------        d-----w-        c:\users\tom\AppData\Local\Thunderbird
2012-02-06 13:02 . 2012-02-06 13:02        --------        d-----w-        c:\users\tom\AppData\Roaming\Thunderbird
2012-02-06 13:02 . 2012-02-18 22:42        --------        d-----w-        c:\program files\Mozilla Thunderbird
2012-02-05 23:23 . 2012-02-17 12:30        --------        d-----w-        c:\program files\Microsoft Silverlight
2012-02-05 16:13 . 2012-02-05 16:13        --------        d-----w-        c:\users\tom\AppData\Roaming\Nokia Suite
2012-02-05 16:08 . 2012-02-05 16:08        --------        d-----w-        c:\program files\PC Connectivity Solution
2012-02-04 21:45 . 2012-02-04 21:45        --------        d-----w-        c:\users\tom\AppData\Roaming\WTablet
2012-02-04 21:45 . 2011-09-08 16:48        1107832        ----a-w-        c:\windows\system32\Pen_Touch_Tablet.dll
2012-02-04 21:44 . 2011-09-08 16:49        10752        ----a-w-        c:\windows\system32\drivers\wacmoumonitor.sys
2012-02-04 21:44 . 2011-09-08 16:49        11312        ----a-w-        c:\windows\system32\drivers\wacommousefilter.sys
2012-02-04 21:44 . 2011-09-08 16:49        14120        ----a-w-        c:\windows\system32\drivers\wacomvhid.sys
2012-02-04 21:44 . 2011-09-08 16:48        1156472        ----a-w-        c:\windows\system32\Wintab32.dll
2012-02-04 21:44 . 2011-09-08 16:48        1152888        ----a-w-        c:\windows\system32\WacomMT.dll
2012-02-04 21:44 . 2011-09-08 16:48        1369464        ----a-w-        c:\windows\system32\Pen_Tablet.dll
2012-02-04 21:44 . 2012-02-04 21:45        --------        d-----w-        c:\program files\Tablet
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-17 12:33 . 2011-05-23 18:44        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-29 04:10 . 2011-04-29 20:25        237072        ------w-        c:\windows\system32\MpSigStub.exe
2011-12-28 21:58 . 2011-06-23 10:44        409088        ----a-w-        c:\windows\system32\systemcpl.dll
2011-12-28 21:58 . 2011-06-23 10:44        13824        ----a-w-        c:\windows\system32\slwga.dll
2011-12-28 21:58 . 2011-06-23 10:45        811520        ----a-w-        c:\windows\system32\user32.dll
2012-02-18 13:29 . 2011-04-29 20:19        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-12-28 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-02-03 18:47        365648        ----a-w-        c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-02-03 18:47        365648        ----a-w-        c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-02-03 18:47        365648        ----a-w-        c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-02-03 18:47        365648        ----a-w-        c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"SugarSync"="c:\program files\SugarSync\SugarSyncManager.exe" [2012-02-03 9401424]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-21 458844]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-13 1541416]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"MMReminderService"="d:\programs\MM\MMReminderService.exe" [2011-09-14 37728]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bitmeter2.lnk - c:\program files\Codebox\BitMeter\BitMeter2.exe [2011-4-17 1462272]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^tom^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 02:44        500208        ------w-        c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 18:56        1230704        ----a-w-        c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2009-11-24 09:07        323640        ----a-w-        c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 15:38        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 08:27        17351304        ----a-r-        c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-11-29 13:19        1242448        ----a-w-        d:\games\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44        248552        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2011-08-25 11:13        2816328        ----a-w-        c:\program files\Veoh Networks\VeohWebPlayer\VeohWebPlayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid]
2011-01-17 19:41        8192        ----a-w-        c:\program files\Xvid\CheckUpdate.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"RemoTerm.exe"=c:\program files\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\aestsrv.exe [2009-03-01 81920]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
R2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files\Giraffic\Veoh_GirafficWatchdog.exe [2012-01-22 2230416]
R2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-07-16 26168]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files/PostgreSQL/8.4/data -w [x]
R2 Remote Solver for Flow Simulation 2011;Remote Solver for Flow Simulation 2011;d:\programs\Solidworks\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [2010-12-01 89864]
R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
R2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-08 5554552]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-08 451960]
R3 azvusb;Virtual USB Hub;c:\windows\system32\DRIVERS\azvusb.sys [2009-08-24 44544]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;d:\programs\Solidworks\SolidWorks\swScheduler\DTSCoordinatorService.exe [2011-01-08 87336]
R3 GPWADrv;Service for L6 GuitarPort Driver (WDM);c:\windows\system32\Drivers\GPWADrv.sys [2010-03-09 571264]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-20 116136]
R3 Ltn_stk7070P;PCTV based TV tuner device;c:\windows\system32\DRIVERS\Ltn_stk7070P.sys [2007-10-19 466048]
R3 Ltn_stkrc;PCTV Infrared Receiver;c:\windows\system32\DRIVERS\Ltn_stkrc.sys [2007-10-19 13440]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-11-01 137600]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2011-11-01 8576]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2011-09-08 10752]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-28 1343400]
R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-02-15 242240]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
HPService        REG_MULTI_SZ          HPSLPSVC
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{90EF4A5E-85DB-4825-96F5-1AB93C2A8EEB}]
2011-09-14 10:52        1409        ----a-r-        d:\programs\MM\sys\MmInternetExplorerActiveSetup.vbs
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE:       
IE: An OneNote s&enden - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Send Image To MindManager - d:\programs\MM\Mm8InternetExplorer.dll/201
IE: Send Link To MindManager - d:\programs\MM\Mm8InternetExplorer.dll/203
IE: Send Page To MindManager - d:\programs\MM\Mm8InternetExplorer.dll/204
IE: Send Text To MindManager - d:\programs\MM\Mm8InternetExplorer.dll/202
Trusted Zone: line6.net
TCP: DhcpNameServer = 212.186.211.21 195.34.133.21
FF - ProfilePath - c:\users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\tyv65err.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-AdobeBridge - (no file)
HKCU-Run-VX2bt1oYNKCLnkO - c:\users\tom\AppData\Roaming\h6s5ruij653.exe
MSConfigStartUp-NokiaOviSuite2 - c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
MSConfigStartUp-Raptr - c:\progra~1\Raptr\raptrstub.exe
MSConfigStartUp-WinampAgent - d:\programs\Winamp\winampa.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-434657249-1887988469-1959241683-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f3,c0,99,65,f0,0f,a4,ea,a8,98,c6,3b,05,cf,23,3b,ab,2e,ab,8a,f7,d8,82,
  13,9e,40,6a,eb,96,3b,6b,c0,b9,cf,c7,c9,81,eb,ca,7b,fc,32,a3,1f,77,ce,15,2d,\
"??"=hex:02,2d,d3,da,8d,10,e2,c7,ba,eb,66,3d,90,fe,af,1d
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-03-03  15:20:26
ComboFix-quarantined-files.txt  2012-03-03 14:20
.
Vor Suchlauf: 83.341.197.312 bytes free
Nach Suchlauf: 86.125.178.880 bytes free
.
- - End Of File - - 19953908434A3F6F75AF11AB0650AC31
--- --- ---

markusg 03.03.2012 15:41
öffne computer c:
qoobox rechtsklick quarantain, mit winrar oder anderem pack programm packen und hochladen:
Trojaner-Board Upload Channel

DasInternet 03.03.2012 15:47
Ich bin mir nicht sicher wie ich es in quarantäne gebe. Bei rechts click auf den ordner sehe ich keine möglichkeit es zu machen.

markusg 03.03.2012 16:14
dann senden an, zip komprimierter ordner

DasInternet 03.03.2012 16:21
Wurde als Zip hochgeladen

markusg 03.03.2012 16:23
danke.
öffne malwarebytes, poste alle bisher erstellten berichte

DasInternet 03.03.2012 16:34
Unter "logs" gibt es ansonsten eigentlich nur diese

Code:
Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.23.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
tom :: TOM-LAPTOP [administrator]

Protection: Enabled

23.02.2012 21:44:06
mbam-log-2012-02-23 (21-44-06).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 431989
Time elapsed: 1 hour(s), 57 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

markusg 03.03.2012 16:38
gibt es noch weitere logs?

DasInternet 03.03.2012 16:53
Diese sind wahrscheinlich doch wichtig, ich dachte es steht bei allem nur das sich malwarebyte eingeschlatet hat aber bei anderen steht doch mehr. Es gibt von jedem tag die hier:

Code:
2012/02/23 21:26:28 +0100        TOM-LAPTOP        tom        MESSAGE        Starting protection
2012/02/23 21:26:31 +0100        TOM-LAPTOP        tom        MESSAGE        Protection started successfully
2012/02/23 21:26:33 +0100        TOM-LAPTOP        tom        MESSAGE        Executing scheduled update:  Daily
2012/02/23 21:26:34 +0100        TOM-LAPTOP        tom        MESSAGE        Starting IP protection
2012/02/23 21:26:35 +0100        TOM-LAPTOP        tom        MESSAGE        Database already up-to-date
2012/02/23 21:26:36 +0100        TOM-LAPTOP        tom        MESSAGE        IP Protection started successfully
2012/02/23 21:41:14 +0100        TOM-LAPTOP        tom        MESSAGE        Starting protection
2012/02/23 21:41:17 +0100        TOM-LAPTOP        tom        MESSAGE        Protection started successfully
2012/02/23 21:41:20 +0100        TOM-LAPTOP        tom        MESSAGE        Starting IP protection
2012/02/23 21:41:22 +0100        TOM-LAPTOP        tom        MESSAGE        IP Protection started successfully
2012/02/23 21:42:42 +0100        TOM-LAPTOP        tom        IP-BLOCK        213.182.204.17 (Type: outgoing, Port: 60421, Process: skype.exe)
2012/02/23 21:42:42 +0100        TOM-LAPTOP        tom        IP-BLOCK        213.182.204.17 (Type: outgoing, Port: 60421, Process: skype.exe)
2012/02/23 21:42:50 +0100        TOM-LAPTOP        tom        IP-BLOCK        213.182.204.17 (Type: outgoing, Port: 60421, Process: skype.exe)
2012/02/23 22:36:15 +0100        TOM-LAPTOP        tom        IP-BLOCK        213.182.204.17 (Type: outgoing, Port: 60421, Process: skype.exe)
2012/02/23 22:36:24 +0100        TOM-LAPTOP        tom        IP-BLOCK        213.182.204.17 (Type: outgoing, Port: 60421, Process: skype.exe)
2012/02/23 22:36:24 +0100        TOM-LAPTOP        tom        IP-BLOCK        213.182.204.17 (Type: outgoing, Port: 60421, Process: skype.exe)
Code:
2012/02/24 03:36:11 +0100        TOM-LAPTOP        tom        IP-BLOCK        109.236.82.41 (Type: outgoing, Port: 54074, Process: firefox.exe)
2012/02/24 03:36:11 +0100        TOM-LAPTOP        tom        IP-BLOCK        109.236.82.41 (Type: outgoing, Port: 54076, Process: firefox.exe)
2012/02/24 03:36:19 +0100        TOM-LAPTOP        tom        IP-BLOCK        109.236.82.41 (Type: outgoing, Port: 54077, Process: firefox.exe)
2012/02/24 03:36:27 +0100        TOM-LAPTOP        tom        IP-BLOCK        109.236.82.41 (Type: outgoing, Port: 54082, Process: firefox.exe)
2012/02/24 11:12:45 +0100        TOM-LAPTOP        tom        IP-BLOCK        109.236.82.41 (Type: outgoing, Port: 55123, Process: firefox.exe)
2012/02/24 11:13:01 +0100        TOM-LAPTOP        tom        IP-BLOCK        109.236.82.41 (Type: outgoing, Port: 55133, Process: firefox.exe)
2012/02/24 21:15:41 +0100        TOM-LAPTOP        tom        IP-BLOCK        213.182.204.17 (Type: outgoing, Port: 60421, Process: skype.exe)
2012/02/24 21:15:49 +0100        TOM-LAPTOP        tom        IP-BLOCK        213.182.204.17 (Type: outgoing, Port: 60421, Process: skype.exe)
2012/02/24 21:15:49 +0100        TOM-LAPTOP        tom        IP-BLOCK        213.182.204.17 (Type: outgoing, Port: 60421, Process: skype.exe)
2012/02/24 22:21:46 +0100        TOM-LAPTOP        tom        IP-BLOCK        193.107.16.78 (Type: outgoing, Port: 63681, Process: firefox.exe)
2012/02/24 22:22:27 +0100        TOM-LAPTOP        tom        IP-BLOCK        193.107.16.78 (Type: outgoing, Port: 63918, Process: firefox.exe)
2012/02/24 22:25:33 +0100        TOM-LAPTOP        tom        IP-BLOCK        109.236.82.41 (Type: outgoing, Port: 64285, Process: firefox.exe)
2012/02/24 22:26:53 +0100        TOM-LAPTOP        tom        IP-BLOCK        109.236.82.41 (Type: outgoing, Port: 64307, Process: firefox.exe)
Code:
2012/02/25 02:35:18 +0100        TOM-LAPTOP        tom        IP-BLOCK        213.182.204.17 (Type: outgoing, Port: 60421, Process: skype.exe)
2012/02/25 02:35:19 +0100        TOM-LAPTOP        tom        IP-BLOCK        213.182.204.17 (Type: outgoing, Port: 60421, Process: skype.exe)
2012/02/25 02:35:27 +0100        TOM-LAPTOP        tom        IP-BLOCK        213.182.204.17 (Type: outgoing, Port: 60421, Process: skype.exe)
2012/02/25 03:45:55 +0100        TOM-LAPTOP        tom        IP-BLOCK        109.236.82.41 (Type: outgoing, Port: 49375, Process: firefox.exe)
2012/02/25 03:46:19 +0100        TOM-LAPTOP        tom        IP-BLOCK        109.236.82.41 (Type: outgoing, Port: 49382, Process: firefox.exe)
2012/02/25 03:48:51 +0100        TOM-LAPTOP        tom        IP-BLOCK        195.68.160.170 (Type: outgoing, Port: 49584, Process: firefox.exe)
2012/02/25 03:48:51 +0100        TOM-LAPTOP        tom        IP-BLOCK        195.68.160.218 (Type: outgoing, Port: 49585, Process: firefox.exe)
2012/02/25 03:49:15 +0100        TOM-LAPTOP        tom        IP-BLOCK        195.68.160.170 (Type: outgoing, Port: 49629, Process: firefox.exe)
2012/02/25 03:49:15 +0100        TOM-LAPTOP        tom        IP-BLOCK        195.68.160.218 (Type: outgoing, Port: 49630, Process: firefox.exe)
Code:
2012/02/27 10:38:30 +0100        TOM-LAPTOP        tom        IP-BLOCK        85.234.173.133 (Type: outgoing, Port: 60421, Process: skype.exe)
2012/02/27 10:38:30 +0100        TOM-LAPTOP        tom        IP-BLOCK        85.234.173.133 (Type: outgoing, Port: 60421, Process: skype.exe)
2012/02/27 12:46:31 +0100        TOM-LAPTOP        tom        IP-BLOCK        195.3.147.99 (Type: outgoing, Port: 52773, Process: firefox.exe)
2012/02/27 12:46:31 +0100        TOM-LAPTOP        tom        IP-BLOCK        193.105.134.194 (Type: outgoing, Port: 52774, Process: firefox.exe)
2012/02/27 12:46:31 +0100        TOM-LAPTOP        tom        IP-BLOCK        109.163.227.73 (Type: outgoing, Port: 52783, Process: firefox.exe)
2012/02/27 12:46:31 +0100        TOM-LAPTOP        tom        IP-BLOCK        109.163.227.73 (Type: outgoing, Port: 52785, Process: firefox.exe)
2012/02/27 12:46:31 +0100        TOM-LAPTOP        tom        IP-BLOCK        193.105.134.194 (Type: outgoing, Port: 52786, Process: firefox.exe)
2012/02/27 12:47:51 +0100        TOM-LAPTOP        tom        IP-BLOCK        195.3.147.99 (Type: outgoing, Port: 52874, Process: firefox.exe)
2012/02/27 13:02:34 +0100        TOM-LAPTOP        tom        IP-BLOCK        195.3.147.99 (Type: outgoing, Port: 53548, Process: firefox.exe)
2012/02/27 13:15:08 +0100        TOM-LAPTOP        tom        IP-BLOCK        193.105.134.194 (Type: outgoing, Port: 53788, Process: firefox.exe)
2012/02/27 15:47:46 +0100        TOM-LAPTOP        tom        IP-BLOCK        213.182.204.17 (Type: outgoing, Port: 60421, Process: skype.exe)
2012/02/27 15:47:46 +0100        TOM-LAPTOP        tom        IP-BLOCK        213.182.204.17 (Type: outgoing, Port: 60421, Process: skype.exe)
2012/02/27 15:47:54 +0100        TOM-LAPTOP        tom        IP-BLOCK        213.182.204.17 (Type: outgoing, Port: 60421, Process: skype.exe)
2012/02/27 16:17:19 +0100        TOM-LAPTOP        tom        IP-BLOCK        83.133.125.36 (Type: outgoing, Port: 57562, Process: firefox.exe)
2012/02/27 16:33:53 +0100        TOM-LAPTOP        tom        IP-BLOCK        66.96.219.101 (Type: outgoing, Port: 58261, Process: firefox.exe)
2012/02/27 16:33:53 +0100        TOM-LAPTOP        tom        IP-BLOCK        66.96.219.101 (Type: outgoing, Port: 58288, Process: firefox.exe)
2012/02/27 16:33:53 +0100        TOM-LAPTOP        tom        IP-BLOCK        66.96.219.101 (Type: outgoing, Port: 58289, Process: firefox.exe)
Code:
2012/02/28 14:39:54 +0100        TOM-LAPTOP        tom        IP-BLOCK        91.203.146.110 (Type: outgoing, Port: 51216, Process: firefox.exe)
2012/02/28 14:39:54 +0100        TOM-LAPTOP        tom        IP-BLOCK        91.203.146.110 (Type: outgoing, Port: 51217, Process: firefox.exe)
2012/02/28 14:40:03 +0100        TOM-LAPTOP        tom        MESSAGE        Stopping IP protection
2012/02/28 14:42:29 +0100        TOM-LAPTOP        tom        MESSAGE        IP Protection stopped
2012/02/28 19:54:42 +0100        TOM-LAPTOP        tom        MESSAGE        Starting protection
2012/02/28 19:54:45 +0100        TOM-LAPTOP        tom        MESSAGE        Protection started successfully
2012/02/28 19:54:48 +0100        TOM-LAPTOP        tom        MESSAGE        Starting IP protection
2012/02/28 19:54:49 +0100        TOM-LAPTOP        tom        MESSAGE        IP Protection started successfully
2012/02/28 20:36:14 +0100        TOM-LAPTOP        tom        MESSAGE        Starting protection
2012/02/28 20:36:17 +0100        TOM-LAPTOP        tom        MESSAGE        Protection started successfully
2012/02/28 20:36:20 +0100        TOM-LAPTOP        tom        MESSAGE        Starting IP protection
2012/02/28 20:36:21 +0100        TOM-LAPTOP        tom        MESSAGE        IP Protection started successfully
Code:
2012/02/29 10:54:14 +0100        TOM-LAPTOP        tom        IP-BLOCK        77.78.233.246 (Type: outgoing, Port: 60421, Process: skype.exe)
2012/02/29 10:54:14 +0100        TOM-LAPTOP        tom        IP-BLOCK        77.78.233.246 (Type: outgoing, Port: 60421, Process: skype.exe)
2012/02/29 10:54:22 +0100        TOM-LAPTOP        tom        IP-BLOCK        77.78.233.246 (Type: outgoing, Port: 60421, Process: skype.exe)
2012/02/29 11:05:23 +0100        TOM-LAPTOP        tom        IP-BLOCK        109.236.82.41 (Type: outgoing, Port: 54461, Process: firefox.exe)
2012/02/29 11:05:23 +0100        TOM-LAPTOP        tom        IP-BLOCK        109.236.82.41 (Type: outgoing, Port: 54462, Process: firefox.exe)
2012/02/29 11:05:23 +0100        TOM-LAPTOP        tom        IP-BLOCK        109.236.82.41 (Type: outgoing, Port: 54463, Process: firefox.exe)
2012/02/29 11:05:23 +0100        TOM-LAPTOP        tom        IP-BLOCK        109.236.81.227 (Type: outgoing, Port: 54467, Process: firefox.exe)
2012/02/29 11:05:23 +0100        TOM-LAPTOP        tom        IP-BLOCK        109.163.230.114 (Type: outgoing, Port: 54468, Process: firefox.exe)
2012/02/29 11:05:23 +0100        TOM-LAPTOP        tom        IP-BLOCK        109.236.81.227 (Type: outgoing, Port: 54470, Process: firefox.exe)
2012/02/29 11:05:23 +0100        TOM-LAPTOP        tom        IP-BLOCK        109.236.81.227 (Type: outgoing, Port: 54471, Process: firefox.exe)
2012/02/29 11:05:23 +0100        TOM-LAPTOP        tom        IP-BLOCK        109.236.81.227 (Type: outgoing, Port: 54472, Process: firefox.exe)
2012/02/29 11:05:23 +0100        TOM-LAPTOP        tom        IP-BLOCK        109.236.81.227 (Type: outgoing, Port: 54474, Process: firefox.exe)
2012/02/29 11:05:23 +0100        TOM-LAPTOP        tom        IP-BLOCK        109.236.81.227 (Type: outgoing, Port: 54475, Process: firefox.exe)
2012/02/29 11:05:23 +0100        TOM-LAPTOP        tom        IP-BLOCK        109.236.81.227 (Type: outgoing, Port: 54478, Process: firefox.exe)
2012/02/29 11:05:23 +0100        TOM-LAPTOP        tom        IP-BLOCK        109.236.81.227 (Type: outgoing, Port: 54479, Process: firefox.exe)
2012/02/29 11:05:23 +0100        TOM-LAPTOP        tom        IP-BLOCK        109.236.81.227 (Type: outgoing, Port: 54480, Process: firefox.exe)
2012/02/29 11:05:23 +0100        TOM-LAPTOP        tom        IP-BLOCK        109.236.81.227 (Type: outgoing, Port: 54481, Process: firefox.exe)
2012/02/29 11:05:23 +0100        TOM-LAPTOP        tom        IP-BLOCK        109.236.81.227 (Type: outgoing, Port: 54482, Process: firefox.exe)
2012/02/29 11:05:23 +0100        TOM-LAPTOP        tom        IP-BLOCK        109.236.81.227 (Type: outgoing, Port: 54483, Process: firefox.exe)
2012/02/29 11:05:23 +0100        TOM-LAPTOP        tom        IP-BLOCK        109.236.81.227 (Type: outgoing, Port: 54484, Process: firefox.exe)
2012/02/29 11:05:23 +0100        TOM-LAPTOP        tom        IP-BLOCK        109.236.81.227 (Type: outgoing, Port: 54485, Process: firefox.exe)
2012/02/29 11:05:23 +0100        TOM-LAPTOP        tom        IP-BLOCK        109.236.81.227 (Type: outgoing, Port: 54486, Process: firefox.exe)
2012/02/29 16:29:20 +0100        TOM-LAPTOP        tom        IP-BLOCK        193.105.134.194 (Type: outgoing, Port: 58351, Process: firefox.exe)
2012/02/29 16:29:20 +0100        TOM-LAPTOP        tom        IP-BLOCK        195.3.147.99 (Type: outgoing, Port: 58353, Process: firefox.exe)
2012/02/29 16:47:56 +0100        TOM-LAPTOP        tom        IP-BLOCK        77.78.233.246 (Type: outgoing, Port: 60421, Process: skype.exe)
2012/02/29 16:47:56 +0100        TOM-LAPTOP        tom        IP-BLOCK        77.78.233.246 (Type: outgoing, Port: 60421, Process: skype.exe)
2012/02/29 16:59:27 +0100        TOM-LAPTOP        tom        IP-BLOCK        109.163.227.73 (Type: outgoing, Port: 58522, Process: firefox.exe)
2012/02/29 17:01:50 +0100        TOM-LAPTOP        tom        MESSAGE        Stopping IP protection
2012/02/29 17:04:57 +0100        TOM-LAPTOP        tom        MESSAGE        IP Protection stopped
Code:
2012/03/01 08:21:45 +0100        TOM-LAPTOP        tom        MESSAGE        Executing scheduled update:  Daily
2012/03/01 08:21:53 +0100        TOM-LAPTOP        tom        MESSAGE        Starting database refresh
2012/03/01 08:21:53 +0100        TOM-LAPTOP        tom        MESSAGE        Scheduled update executed successfully:  database updated from version v2012.02.23.03 to version v2012.03.01.01
2012/03/01 08:22:28 +0100        TOM-LAPTOP        tom        MESSAGE        Database refreshed successfully
2012/03/01 21:37:31 +0100        TOM-LAPTOP        tom        MESSAGE        Starting protection
2012/03/01 21:37:33 +0100        TOM-LAPTOP        tom        MESSAGE        Protection started successfully
2012/03/01 21:37:36 +0100        TOM-LAPTOP        tom        MESSAGE        Starting IP protection
2012/03/01 21:37:38 +0100        TOM-LAPTOP        tom        MESSAGE        IP Protection started successfully
Code:
2012/03/02 01:17:35 +0100        TOM-LAPTOP        tom        IP-BLOCK        85.92.159.84 (Type: outgoing, Port: 53526, Process: firefox.exe)
2012/03/02 01:17:35 +0100        TOM-LAPTOP        tom        IP-BLOCK        85.92.159.84 (Type: outgoing, Port: 53527, Process: firefox.exe)
2012/03/02 01:17:43 +0100        TOM-LAPTOP        tom        MESSAGE        Stopping IP protection
2012/03/02 01:20:32 +0100        TOM-LAPTOP        tom        MESSAGE        IP Protection stopped
2012/03/02 08:13:20 +0100        TOM-LAPTOP        tom        MESSAGE        Executing scheduled update:  Daily
2012/03/02 08:13:31 +0100        TOM-LAPTOP        tom        MESSAGE        Scheduled update executed successfully:  database updated from version v2012.03.01.01 to version v2012.03.02.01
2012/03/02 09:52:58 +0100        TOM-LAPTOP        tom        MESSAGE        Starting database refresh
2012/03/02 09:53:08 +0100        TOM-LAPTOP        tom        MESSAGE        Database refreshed successfully
2012/03/02 19:57:38 +0100        TOM-LAPTOP        tom        DETECTION        C:\Users\tom\AppData\Local\Temp\0.22678263742227645g8j8.exe        Trojan.VUPX.CESI1        ALLOW
2012/03/02 19:57:39 +0100        TOM-LAPTOP        tom        DETECTION        C:\Users\tom\AppData\Local\Temp\0.22678263742227645g8j8.exe        Trojan.VUPX.CESI1        ALLOW
Code:
2012/03/03 15:25:46 +0100        TOM-LAPTOP        tom        MESSAGE        Starting protection
2012/03/03 15:25:49 +0100        TOM-LAPTOP        tom        MESSAGE        Executing scheduled update:  Daily
2012/03/03 15:25:49 +0100        TOM-LAPTOP        tom        MESSAGE        Protection started successfully
2012/03/03 15:25:52 +0100        TOM-LAPTOP        tom        MESSAGE        Starting IP protection
2012/03/03 15:25:54 +0100        TOM-LAPTOP        tom        MESSAGE        IP Protection started successfully
2012/03/03 15:26:02 +0100        TOM-LAPTOP        tom        MESSAGE        Starting database refresh
2012/03/03 15:26:02 +0100        TOM-LAPTOP        tom        MESSAGE        Scheduled update executed successfully:  database updated from version v2012.03.02.01 to version v2012.03.03.05
2012/03/03 15:26:02 +0100        TOM-LAPTOP        tom        MESSAGE        Stopping IP protection
2012/03/03 15:28:21 +0100        TOM-LAPTOP        tom        MESSAGE        IP Protection stopped
2012/03/03 15:28:23 +0100        TOM-LAPTOP        tom        MESSAGE        Database refreshed successfully
2012/03/03 15:28:23 +0100        TOM-LAPTOP        tom        MESSAGE        Starting IP protection
2012/03/03 15:28:25 +0100        TOM-LAPTOP        tom        MESSAGE        IP Protection started successfully


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:37 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19