| |
| |||||||
Log-Analyse und Auswertung: Verunsichert nach Deinstallation von möglicher MalwareWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
22.06.2012, 10:25
| #5 |
 |  Verunsichert nach Deinstallation von möglicher Malware # AdwCleaner v1.609 - Logfile created 06/22/2012 at 11:24:24 # Updated 10/06/2012 by Xplode # Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits) # User : Claudia - CLAUDIA-PC # Running from : C:\Users\Claudia\Desktop\adwcleaner.exe # Option [Search] ***** [Services] ***** Found : Web Assistant Updater ***** [Files / Folders] ***** Folder Found : C:\Users\Claudia\AppData\LocalLow\Incredibar.com Folder Found : C:\Program Files\Web Assistant ***** [Registry] ***** Key Found : HKCU\Software\IM Key Found : HKCU\Software\ImInstaller Key Found : HKCU\Software\Softonic Key Found : HKLM\SOFTWARE\Web Assistant Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1 Key Found : HKLM\SOFTWARE\Classes\AppID\Extension.DLL Key Found : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1 Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}] ***** [Registre - GUID] ***** Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Key Found : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B} Key Found : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087} Key Found : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77} ***** [Internet Browsers] ***** -\\ Internet Explorer v8.0.6001.19272 [OK] Registry is clean. -\\ Mozilla Firefox v12.0 (de) Profile name : default File : C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\mv0z2h91.default\prefs.js Found : user_pref("extensions.incredibar.admin", false); Found : user_pref("extensions.incredibar.aflt", "orgnl"); Found : user_pref("extensions.incredibar.cntry", "DE"); Found : user_pref("extensions.incredibar.dfltLng", ""); Found : user_pref("extensions.incredibar.dfltSrch", false); Found : user_pref("extensions.incredibar.did", "10665"); Found : user_pref("extensions.incredibar.envrmnt", "production"); Found : user_pref("extensions.incredibar.excTlbr", false); Found : user_pref("extensions.incredibar.hdrMd5", "0C8C8BFE905BDBC0F7C80EAA8853A141"); Found : user_pref("extensions.incredibar.hmpg", false); Found : user_pref("extensions.incredibar.id", "f00433650000000000000015af7923fe"); Found : user_pref("extensions.incredibar.installerproductid", "26"); Found : user_pref("extensions.incredibar.instlDay", "15512"); Found : user_pref("extensions.incredibar.instlRef", ""); Found : user_pref("extensions.incredibar.isDcmntCmplt", true); Found : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.149:14:30"); Found : user_pref("extensions.incredibar.mntrvrsn", "1.2.0"); Found : user_pref("extensions.incredibar.newTab", false); Found : user_pref("extensions.incredibar.noFFXTlbr", false); Found : user_pref("extensions.incredibar.ppd", ""); Found : user_pref("extensions.incredibar.prdct", "incredibar"); Found : user_pref("extensions.incredibar.productid", "26"); Found : user_pref("extensions.incredibar.prtnrId", "Incredibar"); Found : user_pref("extensions.incredibar.sg", "none"); Found : user_pref("extensions.incredibar.smplGrp", "none"); Found : user_pref("extensions.incredibar.tlbrId", "base"); Found : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyFBddvr9&loc=IB_T[...] Found : user_pref("extensions.incredibar.upn2", "6OyFBddvr9"); Found : user_pref("extensions.incredibar.upn2n", "92261622355322391"); Found : user_pref("extensions.incredibar.vrsn", "1.5.11.14"); Found : user_pref("extensions.incredibar.vrsnTs", "1.5.11.149:14:30"); Found : user_pref("extensions.incredibar.vrsni", "1.5.11.14"); Found : user_pref("extensions.incredibar_i.aflt", "orgnl"); Found : user_pref("extensions.incredibar_i.dfltLng", ""); Found : user_pref("extensions.incredibar_i.did", "10665"); Found : user_pref("extensions.incredibar_i.excTlbr", false); Found : user_pref("extensions.incredibar_i.id", "f00433650000000000000015af7923fe"); Found : user_pref("extensions.incredibar_i.installerproductid", "26"); Found : user_pref("extensions.incredibar_i.instlDay", "15512"); Found : user_pref("extensions.incredibar_i.instlRef", ""); Found : user_pref("extensions.incredibar_i.ms_url_id", ""); Found : user_pref("extensions.incredibar_i.newTab", false); Found : user_pref("extensions.incredibar_i.ppd", ""); Found : user_pref("extensions.incredibar_i.prdct", "incredibar"); Found : user_pref("extensions.incredibar_i.productid", "26"); Found : user_pref("extensions.incredibar_i.prtnrId", "Incredibar"); Found : user_pref("extensions.incredibar_i.smplGrp", "none"); Found : user_pref("extensions.incredibar_i.tlbrId", "base"); Found : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyFBddvr9&loc=IB[...] Found : user_pref("extensions.incredibar_i.upn2", "6OyFBddvr9"); Found : user_pref("extensions.incredibar_i.upn2n", "92261622355322391"); Found : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14"); Found : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.149:14:30"); Found : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14"); Found : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/mb165/?loc=IB_DS&a=6OyFBddvr9&&i=26&search="[...] Found : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...] ************************* AdwCleaner[R1].txt - [6709 octets] - [22/06/2012 11:24:24] ########## EOF - C:\AdwCleaner[R1].txt - [6837 octets] ########## |
| Themen zu Verunsichert nach Deinstallation von möglicher Malware |
| ahnung, bot, datei, deinstallation, festgestellt, forum, guten, home, hängt, installation, installiert, kaspersky, kostenlose, kreativ, laptop, malware, plötzlich, probleme, seite, softonic, software, startseite, suchmaschine, tmp, trotz, versteckte |
Baum-Darstellung