Hallo,
erstmal sorry, dass ich so lange nicht antworten konnte, hatte in der Woche viel zu tun.
Den infizierten Rechner habe ich natürlich in dieser Zeit nicht weiter benutzt.
Hier die geforderten Logdateien:
mbam.txt Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlaufdatum: 11.05.2016
Suchlaufzeit: 16:46
Protokolldatei: mbam.txt
Administrator: Ja
Version: 2.2.1.1043
Malware-Datenbank: v2016.05.11.04
Rootkit-Datenbank: v2016.05.06.01
Lizenz: Testversion
Malware-Schutz: Aktiviert
Schutz vor bösartigen Websites: Aktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Günter
Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 328795
Abgelaufene Zeit: 5 Min., 32 Sek.
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(keine bösartigen Elemente erkannt)
Module: 0
(keine bösartigen Elemente erkannt)
Registrierungsschlüssel: 5
PUP.Optional.SecurePCCleaner, HKLM\SOFTWARE\WOW6432NODE\EVENT MONITOR, In Quarantäne, [9e02b81cedac989e24f7725f08fb5aa6],
PUP.Optional.SecurePCCleaner, HKLM\SOFTWARE\WOW6432NODE\SECURE\PC\Cleaner, In Quarantäne, [019f51839dfc92a4886d7f516f943ac6],
PUP.Optional.SecurePCCleaner, HKU\S-1-5-21-1613614739-695481456-658663263-1001\SOFTWARE\Event Monitor, In Quarantäne, [257b3b9951483afc6bafb9188d7634cc],
PUP.Optional.SecurePCCleaner, HKU\S-1-5-21-1613614739-695481456-658663263-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\AUDIO\POLICYCONFIG\PROPERTYSTORE\53E9E367_0, In Quarantäne, [fea2d5ff6732072ff9f69040699a718f],
PUP.Optional.SecurePCCleaner, HKU\S-1-5-21-1613614739-695481456-658663263-1001\SOFTWARE\SECURE\PC\Cleaner, In Quarantäne, [584818bca8f1d4626f827e528d763cc4],
Registrierungswerte: 2
PUP.Optional.SecurePCCleaner, HKLM\SOFTWARE\WOW6432NODE\EVENT MONITOR|TELNO, (844) 763-5838, In Quarantäne, [9e02b81cedac989e24f7725f08fb5aa6]
PUP.Optional.SecurePCCleaner, HKU\S-1-5-21-1613614739-695481456-658663263-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\AUDIO\POLICYCONFIG\PROPERTYSTORE\53e9e367_0, {2}.\\?\hdaudio#func_01&ven_10ec&dev_0887&subsys_1043855d&rev_1003#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\singlelineouttopo/00010001|\Device\HarddiskVolume4\Program Files (x86)\Secure PC Cleaner\SecurePCCleaner.exe%b{00000000-0000-0000-0000-000000000000}, In Quarantäne, [fea2d5ff6732072ff9f69040699a718f]
Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)
Ordner: 1
PUP.Optional.EventMonitor, C:\Users\Günter\AppData\Roaming\Event Monitor, In Quarantäne, [b8e8f4e0adecbe78df5b135054b033cd],
Dateien: 11
PUP.Optional.EventMonitor, C:\Users\Günter\AppData\Roaming\Event Monitor\em.exe, In Quarantäne, [cbd5b3211683b284e34716ac3fc24fb1],
PUP.Optional.EventMonitor, C:\Users\Günter\AppData\Roaming\Event Monitor\update.ini, In Quarantäne, [b8e8f4e0adecbe78df5b135054b033cd],
PUP.Optional.EventMonitor, C:\Users\Günter\AppData\Roaming\Event Monitor\eng_em.ini, In Quarantäne, [b8e8f4e0adecbe78df5b135054b033cd],
PUP.Optional.EventMonitor, C:\Users\Günter\AppData\Roaming\Event Monitor\French_em.ini, In Quarantäne, [b8e8f4e0adecbe78df5b135054b033cd],
PUP.Optional.EventMonitor, C:\Users\Günter\AppData\Roaming\Event Monitor\German_em.ini, In Quarantäne, [b8e8f4e0adecbe78df5b135054b033cd],
PUP.Optional.EventMonitor, C:\Users\Günter\AppData\Roaming\Event Monitor\ininotfound0.ini, In Quarantäne, [b8e8f4e0adecbe78df5b135054b033cd],
PUP.Optional.EventMonitor, C:\Users\Günter\AppData\Roaming\Event Monitor\ininotfound2.ini, In Quarantäne, [b8e8f4e0adecbe78df5b135054b033cd],
PUP.Optional.EventMonitor, C:\Users\Günter\AppData\Roaming\Event Monitor\isxdl.dll, In Quarantäne, [b8e8f4e0adecbe78df5b135054b033cd],
PUP.Optional.EventMonitor, C:\Users\Günter\AppData\Roaming\Event Monitor\log_05-03-2016.log, In Quarantäne, [b8e8f4e0adecbe78df5b135054b033cd],
PUP.Optional.EventMonitor, C:\Users\Günter\AppData\Roaming\Event Monitor\log_05-04-2016.log, In Quarantäne, [b8e8f4e0adecbe78df5b135054b033cd],
PUP.Optional.EventMonitor, C:\Users\Günter\AppData\Roaming\Event Monitor\log_05-05-2016.log, In Quarantäne, [b8e8f4e0adecbe78df5b135054b033cd],
Physische Sektoren: 0
(keine bösartigen Elemente erkannt)
(end)
Eset log.txt Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=08495d909e44ad4d8c50a2f191d3ab21
# end=init
# utc_time=2016-05-11 03:04:33
# local_time=2016-05-11 05:04:33 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 29441
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=08495d909e44ad4d8c50a2f191d3ab21
# end=updated
# utc_time=2016-05-11 03:07:53
# local_time=2016-05-11 05:07:53 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=08495d909e44ad4d8c50a2f191d3ab21
# engine=29441
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2016-05-11 03:14:44
# local_time=2016-05-11 05:14:44 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 2140 26769254 0 0
# scanned=23677
# found=0
# cleaned=0
# scan_time=411
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=08495d909e44ad4d8c50a2f191d3ab21
# end=init
# utc_time=2016-05-14 11:39:05
# local_time=2016-05-14 01:39:05 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 29471
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=08495d909e44ad4d8c50a2f191d3ab21
# end=updated
# utc_time=2016-05-14 11:40:08
# local_time=2016-05-14 01:40:08 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=08495d909e44ad4d8c50a2f191d3ab21
# engine=29471
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-05-14 12:42:45
# local_time=2016-05-14 02:42:45 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 156970 27019335 0 0
# scanned=281388
# found=0
# cleaned=0
# scan_time=3757
checkup.txt Code:
Results of screen317's Security Check version 1.009
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Defender
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Google Chrome (50.0.2661.102)
Google Chrome (50.0.2661.94)
Google Chrome (SetupMetrics.pma..)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes Anti-Malware mbamscheduler.exe
Windows Defender MpCmdRun.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
|
Malwarebytes Anti-Malware 
SecurityCheck und: