#440402 Mailer Demon ... (pc.security)

verfaßt von Adi G., 08.08.2020, 18:14:21

> An alle mach-den-Rechner-platt-Schwadronierer hier insbesondere Mr
> Know-it-all Hausdoc:
> Habt ihr euch schon mal die Mühe gemacht, die IP aus dem Header zu
> überprüfen? Nein? Ich schon:
>
> IP Information for 113.173.168.64
> Quick Stats
> IP Location Viet Nam Viet Nam Ho Chi Minh City Vietnam Posts And
> Telecommunications Group
> ASN Viet Nam AS45899 VNPT-AS-VN VNPT Corp, VN (registered Aug 28, 2009)
> Resolve Host static.vnpt.vn
> Whois Server whois.apnic.net
> IP Address 113.173.168.64
>
> Wohnt Adi seit Neuestem in Vietnam?
>
> Das heißt, irgendjemand hat sein Mailpasswort abgegriffen. Ob das jetzt
> aus irgendeiner geleakten Datenbank, von einem Troyaner, Keylogger oder was
OK, ich habe das neue, aus diversen Sonderzeichen bestehende PW um den Faktor +1 Zeichen erhöht, schauen wir mal, ob das auch geknackt wird.  
> auch immer kommt wissen wir nicht. Ich würde erstmal Desinfec't oder
> ähnliches drüberlaufen lassen, um da Gewissheit zu haben.
Danke! Es geht nichts über die Fachleute!
Habe Jochens Tipp befolgt und (Hey Joe) Adwcleaner 8.0.7. drüberlaufen lassen:

Logfile:

# -------------------------------
# Malwarebytes AdwCleaner 8.0.7.0
# -------------------------------
# Build: 07-22-2020
# Database: 2020-07-20.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 08-08-2020
# Duration: 00:00:02
# OS: Windows 10 Pro
# Cleaned: 41
# Failed: 0


***** [ Services ] *****

Deleted chip1click

***** [ Folders ] *****

Deleted C:\Program Files (x86)\Chip Digital GmbH
Deleted C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
Deleted C:\ProgramData\IObit\Advanced SystemCare
Deleted C:\Users\Adi\AppData\LocalLow\IObit\Advanced SystemCare
Deleted C:\Users\Adi\AppData\Roaming\IObit\Advanced SystemCare
Deleted C:\Users\admin\AppData\LocalLow\IObit\Advanced SystemCare
Deleted C:\Users\admin\AppData\Local\Downloaded Installations\{DAD82379-C684-4D04-83D5-2B9934A9C362}
Deleted C:\Users\admin\AppData\Local\Temp\DMR
Deleted C:\Users\admin\AppData\Roaming\DESKTOPICONAMAZON
Deleted C:\Users\admin\AppData\Roaming\IObit\Advanced SystemCare
Deleted C:\Windows\Installer\{503CA94E-0834-4CEE-AD92-BA17AF4E809A}

***** [ Files ] *****

Deleted C:\Users\Adi\Desktop\..\Downloads\8GADGETPACK - CHIP-INSTALLER.EXE
Deleted C:\Users\Adi\Desktop\..\Downloads\SAMTOOLBOX - CHIP-INSTALLER.EXE

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\ICSW1.23
Deleted HKCU\Software\PRODUCTSETUP
Deleted HKCU\Software\csastats
Deleted HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\chip 1-click download service
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{2A5E2392-60DE-4ED6-BCA6-EFADFC4033A0}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{34EACA09-1773-4D21-A6C8-6019CEE612A9}
Deleted HKLM\SYSTEM\Setup\FirstBoot\Services\chip1click
Deleted HKLM\Software\Classes\Installer\Features\E49AC3054380EEC4DA29AB71FAE408A9
Deleted HKLM\Software\Classes\Installer\Products\E49AC3054380EEC4DA29AB71FAE408A9
Deleted HKLM\Software\Classes\Installer\UpgradeCodes\04A063A0BBEACF54EAEF493C49D9E3F6
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\04A063A0BBEACF54EAEF493C49D9E3F6
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E61B1AB66C44604797AC56F6BC3B0FF
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\37A47D4566095BF44A2CA19FBDFA04A9
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5B90A3D3F68EADC47B40D2D572B76E62
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\638EEBF8065E4B845AD5CAB77949D6CC
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\884DF2290FDFBE9408D20E763774932B
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F60B79E6444F2DE4EAC868B34B7EDADA
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FE90F95E2F75E9143B28CD4FD9C91A78
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E49AC3054380EEC4DA29AB71FAE408A9
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon
Deleted HKLM\Software\WebBar
Deleted HKLM\Software\Wow6432Node\IOBIT\ASC
Deleted HKLM\Software\Wow6432Node\IObit\Advanced SystemCare
Deleted HKLM\Software\Wow6432Node\IObit\RealTimeProtector
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{503CA94E-0834-4CEE-AD92-BA17AF4E809A}
Deleted HKU\S-1-5-21-1121674952-3228269391-2941979547-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotomi.com
Deleted HKU\S-1-5-21-1121674952-3228269391-2941979547-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dotomi.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [5961 octets] - [08/08/2020 17:28:00]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

LG

Adi

--
CADDY der bessere VW-Bus!

"Gerade das Unvollkommene bedarf unserer besonderen Liebe" frei uminterpretiert nach Oscar Wilde

Ich war dabei, bei 3 historischen Netz-Treff Treffen, die
insgesamt vom Freitag, den 25.6.2010 bis Sonntag, den 27.6.2010
in Bad Emstal und vom Freitag, den 17.06.2011 bis zum Sonntag den 19.06.2011 in Altdorf b. Nürnberg und vom Freitag, den 15.06.2012 bis zum Sonntag, den 17.06.2012 in Eisenach, dauerten.

Reparieren, Elektroschrott vermeiden!
www.repaircafe-altdorf.de

ACHTUNG! Wer zu weit nach Rechts abkommt, landet im Straßengraben!

Auch der Kluge macht Fehler, nur der Dumme lernt daraus nicht.

Deine Apotheke um die Ecke: gut beraten und gut behütet!

gesamter Thread: