Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Polizei Virus xter Versuch des Löschens

Polizei Virus xter Versuch des Löschens


Plagegeister aller Art und deren Bekämpfung: Polizei Virus xter Versuch des Löschens

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 1 von 2 1 2
Alt 15.08.2012, 14:46   #1
picollo
 
Polizei Virus xter Versuch des Löschens - Standard

Polizei Virus xter Versuch des Löschens


Hallo Zusammen.

Vorab - Ich bin ein absoluter "sich nicht auskenner" wenn es um den PC geht - Ich kenne zwar gewisse basics aber da hört es dann auch schon auf.

Ich habe mich hier Registriert, da ich hoffe, dass ihr mir helfen könnt.

Wie viele andere vor mir, habe auch ich das Glück mir den oben genannten Trojaner bzw Virus eingefangen zu haben.

Die ersten 4-5 Male wo ich das hatte konnte ich über den Abgesicherten Win7 Modus die Dateien entfernen (C:\Program Data/Apps/Loca/)

Diese wurden von Microsoft Security Essentials erkannt und von mir dann händisch gelöscht.

Heute ist der Virus allerdings erneut aufgetreten - und ich finde keine dieser Suspekten Dateien - Weder über das Antivirus Programm - noch Händisch (Suche nach Änderungsparametern).

Kann mir da jemand weiterhelfen?

Vielen Dank und LG


Picollo

Alt 15.08.2012, 14:54   #2
t'john
/// Helfer-Team
 
Polizei Virus xter Versuch des Löschens - Standard

Polizei Virus xter Versuch des Löschens




1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

2. Schritt
Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

  • Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Wähle Scanne Alle Benuzer
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Klicke nun auf Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________
Alt 15.08.2012, 16:14   #3
picollo
 
Polizei Virus xter Versuch des Löschens - Standard

Polizei Virus xter Versuch des Löschens


Also gleich mal vorab - Genialer Service trotz extrem vieler Anfragen - VIELEN DANKE

Da die Logfiles zu groß sind, wurden diese als Zipfile angehängt.

Ich für meinen Teil kann mit diesen Texten ja nichts anfangen - deswegen hoffe ich neuerlich auf eure Hilfe...

Wobei ich jetzt nicht mehr im Abgesicherten Modus arbeiten muss - dass ist schon sehr viel Wert...


Vielen Dank nochmals im Voraus.

LG Picollo
__________________
Alt 15.08.2012, 22:20   #4
t'john
/// Helfer-Team
 
Polizei Virus xter Versuch des Löschens - Standard

Polizei Virus xter Versuch des Löschens


Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
MOD - C:\Users\Privat\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll () 
DRV - (WinRing0_1_2_0) -- C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys File not found 
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found 
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found 
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found 
DRV - (PCDSRVC{3037D694-FD904ACA-06000000}_0) -- c:\program files\pc-doctor\pcdsrvc.pkms File not found 
DRV - (h643331) -- system32\drivers\h643331.sys File not found 
DRV - (dgderdrv) -- System32\drivers\dgderdrv.sys File not found 
IE - HKLM\..\URLSearchHook: {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Programme\FreeSoundRecorder\prxtbFree.dll (Conduit Ltd.) 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-905036566-1828708054-3587640490-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=109989&tt=090212_noffx&babsrc=HP_ss&mntrId=148cb7920000000000000026c6bf7ebd 
IE - HKU\S-1-5-21-905036566-1828708054-3587640490-1000\..\URLSearchHook: {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Programme\FreeSoundRecorder\prxtbFree.dll (Conduit Ltd.) 
IE - HKU\S-1-5-21-905036566-1828708054-3587640490-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-905036566-1828708054-3587640490-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=109989&tt=090212_noffx&babsrc=SP_ss&mntrId=148cb7920000000000000026c6bf7ebd 
IE - HKU\S-1-5-21-905036566-1828708054-3587640490-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - prefs.js..
FF - user.js - File not found 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found 
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) 
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) 
O2 - BHO: (FreeSoundRecorder Toolbar) - {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Programme\FreeSoundRecorder\prxtbFree.dll (Conduit Ltd.) 
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) 
O3 - HKLM\..\Toolbar: (FreeSoundRecorder Toolbar) - {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Programme\FreeSoundRecorder\prxtbFree.dll (Conduit Ltd.) 
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) 
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) 
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) 
O3 - HKU\S-1-5-21-905036566-1828708054-3587640490-1000\..\Toolbar\WebBrowser: (FreeSoundRecorder Toolbar) - {32B29DF0-2237-4370-9A29-37CEBB730E9B} - C:\Programme\FreeSoundRecorder\prxtbFree.dll (Conduit Ltd.) 
O4 - HKLM..\Run: [] File not found 
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) 
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () 
O4 - HKLM..\Run: [muibllarqcjlvwf] C:\ProgramData\muibllar.exe File not found 
O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe File not found 
O4 - HKU\S-1-5-21-905036566-1828708054-3587640490-1000..\Run: [muibllarqcjlvwf] C:\ProgramData\muibllar.exe File not found 
O4 - HKU\S-1-5-21-905036566-1828708054-3587640490-1000..\Run: [umujrjdnvsiuxsj] C:\ProgramData\umujrjdn.exe File not found 
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) 
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 
O7 - HKU\S-1-5-21-905036566-1828708054-3587640490-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) 
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] 
O33 - MountPoints2\{15092c50-596b-11e1-aa4a-028037ec0200}\Shell - "" = AutoRun 
O33 - MountPoints2\{15092c50-596b-11e1-aa4a-028037ec0200}\Shell\AutoRun\command - "" = D:\Autorun.exe 
O33 - MountPoints2\{96fbf093-cc1e-11e1-adda-028037ec0200}\Shell - "" = AutoRun 
O33 - MountPoints2\{96fbf093-cc1e-11e1-adda-028037ec0200}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a 


[9 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] 

[2012.08.15 12:38:56 | 000,000,000 | ---D | C] -- C:\Users\Privat\AppData\Roaming\hellomoto 

[2012.08.15 17:01:12 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job 
[2012.08.15 16:44:52 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job 
[2012.08.15 12:21:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job 

:Files


ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________
Mfg, t'john
Das TB unterstützen

Alt 16.08.2012, 05:40   #5
picollo
 
Polizei Virus xter Versuch des Löschens - Standard

Polizei Virus xter Versuch des Löschens


Nochmals vielen Dank für die Hilfe ^^

Hier das gewünschte Script.


All processes killed
========== OTL ==========
Service WinRing0_1_2_0 stopped successfully!
Service WinRing0_1_2_0 deleted successfully!
File C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys File not found not found.
Service VGPU stopped successfully!
Service VGPU deleted successfully!
File System32\drivers\rdvgkmd.sys File not found not found.
Service tsusbhub stopped successfully!
Service tsusbhub deleted successfully!
File system32\drivers\tsusbhub.sys File not found not found.
Service Synth3dVsc stopped successfully!
Service Synth3dVsc deleted successfully!
File System32\drivers\synth3dvsc.sys File not found not found.
Service PCDSRVC{3037D694-FD904ACA-06000000}_0 stopped successfully!
Service PCDSRVC{3037D694-FD904ACA-06000000}_0 deleted successfully!
File c:\program files\pc-doctor\pcdsrvc.pkms File not found not found.
Service h643331 stopped successfully!
Service h643331 deleted successfully!
File system32\drivers\h643331.sys File not found not found.
Service dgderdrv stopped successfully!
Service dgderdrv deleted successfully!
File System32\drivers\dgderdrv.sys File not found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{32b29df0-2237-4370-9a29-37cebb730e9b} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32b29df0-2237-4370-9a29-37cebb730e9b}\ deleted successfully.
C:\Programme\FreeSoundRecorder\prxtbFree.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-905036566-1828708054-3587640490-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-905036566-1828708054-3587640490-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{32b29df0-2237-4370-9a29-37cebb730e9b} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32b29df0-2237-4370-9a29-37cebb730e9b}\ not found.
File C:\Programme\FreeSoundRecorder\prxtbFree.dll not found.
HKEY_USERS\S-1-5-21-905036566-1828708054-3587640490-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-905036566-1828708054-3587640490-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
HKU\S-1-5-21-905036566-1828708054-3587640490-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: prefs.js.. removed from
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{32b29df0-2237-4370-9a29-37cebb730e9b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32b29df0-2237-4370-9a29-37cebb730e9b}\ not found.
File C:\Programme\FreeSoundRecorder\prxtbFree.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Programme\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32b29df0-2237-4370-9a29-37cebb730e9b} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32b29df0-2237-4370-9a29-37cebb730e9b}\ not found.
File C:\Programme\FreeSoundRecorder\prxtbFree.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully.
C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
File C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll not found.
Registry value HKEY_USERS\S-1-5-21-905036566-1828708054-3587640490-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32B29DF0-2237-4370-9A29-37CEBB730E9B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32B29DF0-2237-4370-9A29-37CEBB730E9B}\ not found.
File C:\Programme\FreeSoundRecorder\prxtbFree.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Programme\Ask.com\Updater\Updater.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully.
C:\Programme\DivX\DivX Update\DivXUpdate.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\muibllarqcjlvwf deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tsnp2uvc deleted successfully.
Registry value HKEY_USERS\S-1-5-21-905036566-1828708054-3587640490-1000\Software\Microsoft\Windows\CurrentVersion\Run\\muibllarqcjlvwf deleted successfully.
Registry value HKEY_USERS\S-1-5-21-905036566-1828708054-3587640490-1000\Software\Microsoft\Windows\CurrentVersion\Run\\umujrjdnvsiuxsj deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_USERS\S-1-5-21-905036566-1828708054-3587640490-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{15092c50-596b-11e1-aa4a-028037ec0200}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15092c50-596b-11e1-aa4a-028037ec0200}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{15092c50-596b-11e1-aa4a-028037ec0200}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15092c50-596b-11e1-aa4a-028037ec0200}\ not found.
File D:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{96fbf093-cc1e-11e1-adda-028037ec0200}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96fbf093-cc1e-11e1-adda-028037ec0200}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{96fbf093-cc1e-11e1-adda-028037ec0200}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96fbf093-cc1e-11e1-adda-028037ec0200}\ not found.
File H:\LaunchU3.exe -a not found.
C:\Windows\System32\SET45DB.tmp deleted successfully.
C:\Windows\System32\tmp313D.tmp deleted successfully.
C:\Windows\System32\tmp313E.tmp deleted successfully.
C:\Windows\System32\tmp41CE.tmp deleted successfully.
C:\Windows\System32\tmp41CF.tmp deleted successfully.
C:\Windows\System32\tmp862C.tmp deleted successfully.
C:\Windows\System32\tmp864C.tmp deleted successfully.
C:\Windows\System32\tmpE7A0.tmp deleted successfully.
C:\Windows\System32\tmpE7A1.tmp deleted successfully.
C:\Users\Privat\AppData\Roaming\hellomoto folder moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Privat\Desktop\cmd.bat deleted successfully.
C:\Users\Privat\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56478 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Privat
->Temp folder emptied: 34289680 bytes
->Temporary Internet Files folder emptied: 62508100 bytes
->Java cache emptied: 17307130 bytes
->FireFox cache emptied: 236833663 bytes
->Flash cache emptied: 112469 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17152649 bytes
RecycleBin emptied: 782966 bytes

Total Files Cleaned = 352,00 mb


OTL by OldTimer - Version 3.2.57.0 log created on 08162012_063333

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2496.log moved successfully.

PendingFileRenameOperations files...
[2009.07.14 03:14:23 | 000,093,696 | ---- | M] (Microsoft Corporation) C:\Windows\System32\mctadmin.exe : MD5=BBA1A5B86134F496B926DDAF247DB871
File C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2496.log not found!

Registry entries deleted on Reboot...


Muss ich jetzt noch was tun?


LG


Alt 16.08.2012, 12:31   #6
t'john
/// Helfer-Team
 
Polizei Virus xter Versuch des Löschens - Standard

Polizei Virus xter Versuch des Löschens


Sehr gut!

Wie laeuft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
--> Polizei Virus xter Versuch des Löschens

Alt 16.08.2012, 17:41   #7
picollo
 
Polizei Virus xter Versuch des Löschens - Standard

Polizei Virus xter Versuch des Löschens


hier noch das gewünschte Logfile:

# AdwCleaner v1.801 - Logfile created 08/16/2012 at 18:40:53
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Enterprise Service Pack 1 (32 bits)
# User : Privat - PRIVAT-PC
# Boot Mode : Normal
# Running from : C:\Users\Privat\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Privat\AppData\Local\Babylon
Folder Found : C:\Users\Privat\AppData\Local\Conduit
Folder Found : C:\Users\Privat\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Privat\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Privat\AppData\LocalLow\Conduit
Folder Found : C:\Users\Privat\AppData\LocalLow\FreeSoundRecorder
Folder Found : C:\Users\Privat\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Privat\AppData\Roaming\Babylon
Folder Found : C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\3bcf1vxd.default\CT2704262
Folder Found : C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\3bcf1vxd.default\Smartbar
Folder Found : C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\3bcf1vxd.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}
Folder Found : C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\3bcf1vxd.default\extensions\toolbar@ask.com
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\Program Files\Ask.com
Folder Found : C:\Program Files\BabylonToolbar
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\FreeSoundRecorder
Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\user.js

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2704262
Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\BabylonToolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKLM\SOFTWARE\APN
Key Found : HKLM\SOFTWARE\AskToolbar
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\BabylonToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\b
Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\FreeSoundRecorder
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeSoundRecorder Toolbar

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A5812E8F-0E16-4C65-88F7-492D36174CB2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A5812E8F-0E16-4C65-88F7-492D36174CB2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2449F66E-541D-488A-A855-040EFC6029D3}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{458E3EDB-9654-4740-B88D-3FD3C4276FD5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5812E8F-0E16-4C65-88F7-492D36174CB2}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5812E8F-0E16-4C65-88F7-492D36174CB2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A5812E8F-0E16-4C65-88F7-492D36174CB2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A5812E8F-0E16-4C65-88F7-492D36174CB2}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\3bcf1vxd.default\prefs.js

Found : user_pref("CT2704262.1000082.currentList", "[{\"stationId\":\"21037024\",\"url\":\"hxxp://feedlive.n[...]
Found : user_pref("CT2704262.1000082.isPlayDisplay", "true");
Found : user_pref("CT2704262.1000082.localStations", "[{\"stationId\":\"9962\",\"url\":\"hxxp://feedlive.net[...]
Found : user_pref("CT2704262.1000082.nowPlaying", "{\"stationId\":\"21037024\",\"url\":\"hxxp://feedlive.net[...]
Found : user_pref("CT2704262.1000082.publisherStations", "[{\"stationId\":\"21037024\",\"url\":\"hxxp://feed[...]
Found : user_pref("CT2704262.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Found : user_pref("CT2704262.129531285794663056.APP_WIN_FEATURES", "resizable=0,hscroll=0,vscroll=0,titlebar[...]
Found : user_pref("CT2704262.129674822392465408.APP_WIN_FEATURES", "resizable=no,scrollbars=no,titlebar=no,o[...]
Found : user_pref("CT2704262.129738587603157113.APP_WIN_FEATURES", "openposition=offset:50;50,savelocation=0[...]
Found : user_pref("CT2704262.129738587703159675.APP_WIN_FEATURES", "resizable=no,hscroll=no,vscroll=no,savel[...]
Found : user_pref("CT2704262.2704262a129531303481232105000000paramsGK0", "{\"updateReqTime\":1345128357622,\[...]
Found : user_pref("CT2704262.CT2704262ads1", "%7B%22ads%22%3A%5B%7B%22aid%22%3A%2237761%22%2C%22title%22%3A%[...]
Found : user_pref("CT2704262.CT2704262current_term", "");
Found : user_pref("CT2704262.CT2704262sdate", "16");
Found : user_pref("CT2704262.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT2704262.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Found : user_pref("CT2704262.Facebook_Mode", "2");
Found : user_pref("CT2704262.Facebook_User_Locale", "de");
Found : user_pref("CT2704262.FirstTime", "true");
Found : user_pref("CT2704262.FirstTimeFF3", "true");
Found : user_pref("CT2704262.PrintItGreenStatus", "true");
Found : user_pref("CT2704262.RSS_Pub_Config", "{\"settings\":{\"icon\":\"hxxp://storage.conduit.com/62/270/C[...]
Found : user_pref("CT2704262.RSSapp2704262a129531303481232105000000ReadItemsArr", "%7B%22hxxp%3A%2F%2Fwww.ny[...]
Found : user_pref("CT2704262.RSSapp2704262a129531303481232105000000cat0", "%5B%7B%22type%22%3A%22rss%22%2C%2[...]
Found : user_pref("CT2704262.RSSapp2704262a129531303481232105000000cat1", "%5B%7B%22type%22%3A%22rss%22%2C%2[...]
Found : user_pref("CT2704262.RSSapp2704262a129531303481232105000000cat2", "%5B%7B%22type%22%3A%22rss%22%2C%2[...]
Found : user_pref("CT2704262.RSSapp2704262a129531303481232105000000cat3", "%5B%7B%22type%22%3A%22rss%22%2C%2[...]
Found : user_pref("CT2704262.RSSapp2704262a129531303481232105000000embeddedVersion", "2.5.0");
Found : user_pref("CT2704262.RSSapp2704262a129531303481232105000000feedsObj", "%7B%22channels%22%3A%7B%22id%[...]
Found : user_pref("CT2704262.RSSapp2704262a129531303481232105000000lastReportTime", "1345128362977 ");
Found : user_pref("CT2704262.RSSapp2704262a129531303481232105000000newFeeds", "newFeeds");
Found : user_pref("CT2704262.UserID", "UN01573872704037215");
Found : user_pref("CT2704262.addressBarTakeOverEnabledInHidden", "true");
Found : user_pref("CT2704262.autoDisableScopes", -1);
Found : user_pref("CT2704262.autocompletepro_enable", "1");
Found : user_pref("CT2704262.autocompletepro_enable_auto", "1");
Found : user_pref("CT2704262.cb_experience_000", "53");
Found : user_pref("CT2704262.cb_firstuse0100", "1");
Found : user_pref("CT2704262.cb_user_id_000", "CB553892901494_Firefox");
Found : user_pref("CT2704262.cbcountry_000", "AT");
Found : user_pref("CT2704262.cbcountry_001", "AT");
Found : user_pref("CT2704262.cbfirsttime", "Thu Apr 05 2012 17:55:58 GMT+0200");
Found : user_pref("CT2704262.defaultSearch", "false");
Found : user_pref("CT2704262.embeddedsData", "[{\"appId\":\"129234816889425546\",\"apiPermissions\":{\"cross[...]
Found : user_pref("CT2704262.enableAlerts", "false");
Found : user_pref("CT2704262.enableFix404", "true");
Found : user_pref("CT2704262.enableSearchFromAddressBar", "true");
Found : user_pref("CT2704262.firstTimeDialogOpened", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Found : user_pref("CT2704262.fixPageNotFoundErrorInHidden", "true");
Found : user_pref("CT2704262.fixUrls", true);
Found : user_pref("CT2704262.installId", "ConduitNSISIntegration");
Found : user_pref("CT2704262.installType", "ConduitXPEIntegration");
Found : user_pref("CT2704262.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT2704262.isNewTabEnabled", true);
Found : user_pref("CT2704262.isPerformedSmartBarTransition", "true");
Found : user_pref("CT2704262.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Found : user_pref("CT2704262.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
Found : user_pref("CT2704262.search.searchAppId", "129234816889425546");
Found : user_pref("CT2704262.search.searchCount", "0");
Found : user_pref("CT2704262.searchInNewTabEnabledInHidden", "true");
Found : user_pref("CT2704262.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT2704262.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Found : user_pref("CT2704262.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Found : user_pref("CT2704262.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Found : user_pref("CT2704262.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Found : user_pref("CT2704262.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Found : user_pref("CT2704262.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Found : user_pref("CT2704262.serviceLayer_services_app.twitter.user-cnet_lastUpdate", "1345091297292");
Found : user_pref("CT2704262.serviceLayer_services_app.twitter.user-cnnbrk_lastUpdate", "1345091297347");
Found : user_pref("CT2704262.serviceLayer_services_app.twitter.user-computeractive_lastUpdate", "13450912973[...]
Found : user_pref("CT2704262.serviceLayer_services_app.twitter.user-dailymirror_lastUpdate", "1345091297516"[...]
Found : user_pref("CT2704262.serviceLayer_services_app.twitter.user-google_lastUpdate", "1345091297315");
Found : user_pref("CT2704262.serviceLayer_services_app.twitter.user-techcrunch_lastUpdate", "1345091297213")[...]
Found : user_pref("CT2704262.serviceLayer_services_app.twitter.user-time_lastUpdate", "1345091297591");
Found : user_pref("CT2704262.serviceLayer_services_app.twitter.user-wired_lastUpdate", "1345091297538");
Found : user_pref("CT2704262.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1345039114108");
Found : user_pref("CT2704262.serviceLayer_services_appTracking_lastUpdate", "1345038876255");
Found : user_pref("CT2704262.serviceLayer_services_appsMetadata_lastUpdate", "1345038994076");
Found : user_pref("CT2704262.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1345038994168");
Found : user_pref("CT2704262.serviceLayer_services_login_10.10.20.14_lastUpdate", "1345091289058");
Found : user_pref("CT2704262.serviceLayer_services_optimizer_lastUpdate", "1345038875786");
Found : user_pref("CT2704262.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1345038994207");
Found : user_pref("CT2704262.serviceLayer_services_searchAPI_lastUpdate", "1345038994461");
Found : user_pref("CT2704262.serviceLayer_services_serviceMap_lastUpdate", "1345038993677");
Found : user_pref("CT2704262.serviceLayer_services_toolbarContextMenu_lastUpdate", "1345038994093");
Found : user_pref("CT2704262.serviceLayer_services_toolbarSettings_lastUpdate", "1345091288551");
Found : user_pref("CT2704262.serviceLayer_services_translation_lastUpdate", "1345038994248");
Found : user_pref("CT2704262.settingsINI", true);
Found : user_pref("CT2704262.smartbar.CTID", "CT2704262");
Found : user_pref("CT2704262.smartbar.Uninstall", "0");
Found : user_pref("CT2704262.smartbar.toolbarName", "FreeSoundRecorder ");
Found : user_pref("CT2704262.toolbarBornServerTime", "15-08-2012");
Found : user_pref("CT2704262.toolbarCurrentServerTime", "16-8-2012");
Found : user_pref("CT2704262.url_history0001", "hxxp://www.facebook.com/browse/likes/?id=3563411212626:::cli[...]

*************************

AdwCleaner[R1].txt - [17072 octets] - [16/08/2012 18:40:54]

########## EOF - C:\AdwCleaner[R1].txt - [17201 octets] ##########

Werden hier von mir noch etwaige Schritte benötigt?

Vielen Dank und LG

Alt 17.08.2012, 01:17   #8
t'john
/// Helfer-Team
 
Polizei Virus xter Versuch des Löschens - Standard

Polizei Virus xter Versuch des Löschens


Bitte das Malwarebytes Logfile posten!
(Reiter Logberichte)
__________________
Mfg, t'john
Das TB unterstützen

Alt 17.08.2012, 07:10   #9
picollo
 
Polizei Virus xter Versuch des Löschens - Standard

Polizei Virus xter Versuch des Löschens


Hier das gewünschte Logfile...

Alt 17.08.2012, 15:41   #10
t'john
/// Helfer-Team
 
Polizei Virus xter Versuch des Löschens - Standard

Polizei Virus xter Versuch des Löschens


Sehr gut!


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 17.08.2012, 15:54   #11
picollo
 
Polizei Virus xter Versuch des Löschens - Standard

Polizei Virus xter Versuch des Löschens


So - Hier mal Logfile Nr 1


# AdwCleaner v1.801 - Logfile created 08/17/2012 at 16:49:15
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Enterprise Service Pack 1 (32 bits)
# User : Privat - PRIVAT-PC
# Boot Mode : Normal
# Running from : C:\Users\Privat\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Privat\AppData\Local\Babylon
Folder Deleted : C:\Users\Privat\AppData\Local\Conduit
Folder Deleted : C:\Users\Privat\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Privat\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Privat\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Privat\AppData\LocalLow\FreeSoundRecorder
Folder Deleted : C:\Users\Privat\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Privat\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\3bcf1vxd.default\CT2704262
Folder Deleted : C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\3bcf1vxd.default\Smartbar
Folder Deleted : C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\3bcf1vxd.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}
Folder Deleted : C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\3bcf1vxd.default\extensions\toolbar@ask.com
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\BabylonToolbar
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\FreeSoundRecorder
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\user.js

***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2704262
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\FreeSoundRecorder
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeSoundRecorder Toolbar

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A5812E8F-0E16-4C65-88F7-492D36174CB2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2449F66E-541D-488A-A855-040EFC6029D3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{458E3EDB-9654-4740-B88D-3FD3C4276FD5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5812E8F-0E16-4C65-88F7-492D36174CB2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A5812E8F-0E16-4C65-88F7-492D36174CB2}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\3bcf1vxd.default\prefs.js

Deleted : user_pref("CT2704262.1000082.currentList", "[{\"stationId\":\"21037024\",\"url\":\"hxxp://feedlive.n[...]
Deleted : user_pref("CT2704262.1000082.isPlayDisplay", "true");
Deleted : user_pref("CT2704262.1000082.localStations", "[{\"stationId\":\"9962\",\"url\":\"hxxp://feedlive.net[...]
Deleted : user_pref("CT2704262.1000082.nowPlaying", "{\"stationId\":\"21037024\",\"url\":\"hxxp://feedlive.net[...]
Deleted : user_pref("CT2704262.1000082.publisherStations", "[{\"stationId\":\"21037024\",\"url\":\"hxxp://feed[...]
Deleted : user_pref("CT2704262.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Deleted : user_pref("CT2704262.129531285794663056.APP_WIN_FEATURES", "resizable=0,hscroll=0,vscroll=0,titlebar[...]
Deleted : user_pref("CT2704262.129674822392465408.APP_WIN_FEATURES", "resizable=no,scrollbars=no,titlebar=no,o[...]
Deleted : user_pref("CT2704262.129738587603157113.APP_WIN_FEATURES", "openposition=offset:50;50,savelocation=0[...]
Deleted : user_pref("CT2704262.129738587703159675.APP_WIN_FEATURES", "resizable=no,hscroll=no,vscroll=no,savel[...]
Deleted : user_pref("CT2704262.2704262a129531303481232105000000paramsGK0", "{\"updateReqTime\":1345212625345,\[...]
Deleted : user_pref("CT2704262.CT2704262ads1", "%7B%22ads%22%3A%5B%7B%22aid%22%3A%2244883%22%2C%22title%22%3A%[...]
Deleted : user_pref("CT2704262.CT2704262current_term", "");
Deleted : user_pref("CT2704262.CT2704262sdate", "17");
Deleted : user_pref("CT2704262.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2704262.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT2704262.Facebook_Mode", "2");
Deleted : user_pref("CT2704262.Facebook_User_Locale", "de");
Deleted : user_pref("CT2704262.FirstTime", "true");
Deleted : user_pref("CT2704262.FirstTimeFF3", "true");
Deleted : user_pref("CT2704262.PrintItGreenStatus", "true");
Deleted : user_pref("CT2704262.RSS_Pub_Config", "{\"settings\":{\"icon\":\"hxxp://storage.conduit.com/62/270/C[...]
Deleted : user_pref("CT2704262.RSSapp2704262a129531303481232105000000ReadItemsArr", "%7B%22hxxp%3A%2F%2Fwww.ny[...]
Deleted : user_pref("CT2704262.RSSapp2704262a129531303481232105000000cat0", "%5B%7B%22type%22%3A%22rss%22%2C%2[...]
Deleted : user_pref("CT2704262.RSSapp2704262a129531303481232105000000cat1", "%5B%7B%22type%22%3A%22rss%22%2C%2[...]
Deleted : user_pref("CT2704262.RSSapp2704262a129531303481232105000000cat2", "%5B%7B%22type%22%3A%22rss%22%2C%2[...]
Deleted : user_pref("CT2704262.RSSapp2704262a129531303481232105000000cat3", "%5B%7B%22type%22%3A%22rss%22%2C%2[...]
Deleted : user_pref("CT2704262.RSSapp2704262a129531303481232105000000embeddedVersion", "2.5.0");
Deleted : user_pref("CT2704262.RSSapp2704262a129531303481232105000000feedsObj", "%7B%22channels%22%3A%7B%22id%[...]
Deleted : user_pref("CT2704262.RSSapp2704262a129531303481232105000000lastReportTime", "1345214926579 ");
Deleted : user_pref("CT2704262.RSSapp2704262a129531303481232105000000newFeeds", "newFeeds");
Deleted : user_pref("CT2704262.UserID", "UN01573872704037215");
Deleted : user_pref("CT2704262.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT2704262.autoDisableScopes", -1);
Deleted : user_pref("CT2704262.autocompletepro_enable", "1");
Deleted : user_pref("CT2704262.autocompletepro_enable_auto", "1");
Deleted : user_pref("CT2704262.cb_experience_000", "57");
Deleted : user_pref("CT2704262.cb_firstuse0100", "1");
Deleted : user_pref("CT2704262.cb_user_id_000", "CB553892901494_Firefox");
Deleted : user_pref("CT2704262.cbcountry_000", "AT");
Deleted : user_pref("CT2704262.cbcountry_001", "AT");
Deleted : user_pref("CT2704262.cbfirsttime", "Thu Apr 05 2012 17:55:58 GMT+0200");
Deleted : user_pref("CT2704262.defaultSearch", "false");
Deleted : user_pref("CT2704262.embeddedsData", "[{\"appId\":\"129234816889425546\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT2704262.enableAlerts", "false");
Deleted : user_pref("CT2704262.enableFix404", "true");
Deleted : user_pref("CT2704262.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT2704262.firstTimeDialogOpened", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Deleted : user_pref("CT2704262.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT2704262.fixUrls", true);
Deleted : user_pref("CT2704262.installId", "ConduitNSISIntegration");
Deleted : user_pref("CT2704262.installType", "ConduitXPEIntegration");
Deleted : user_pref("CT2704262.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2704262.isNewTabEnabled", true);
Deleted : user_pref("CT2704262.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT2704262.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT2704262.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
Deleted : user_pref("CT2704262.search.searchAppId", "129234816889425546");
Deleted : user_pref("CT2704262.search.searchCount", "0");
Deleted : user_pref("CT2704262.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT2704262.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2704262.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT2704262.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT2704262.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT2704262.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT2704262.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT2704262.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT2704262.serviceLayer_services_app.twitter.user-cnet_lastUpdate", "1345213955883");
Deleted : user_pref("CT2704262.serviceLayer_services_app.twitter.user-cnnbrk_lastUpdate", "1345213956085");
Deleted : user_pref("CT2704262.serviceLayer_services_app.twitter.user-computeractive_lastUpdate", "13452139561[...]
Deleted : user_pref("CT2704262.serviceLayer_services_app.twitter.user-dailymirror_lastUpdate", "1345213956060"[...]
Deleted : user_pref("CT2704262.serviceLayer_services_app.twitter.user-google_lastUpdate", "1345213955992");
Deleted : user_pref("CT2704262.serviceLayer_services_app.twitter.user-techcrunch_lastUpdate", "1345213955966")[...]
Deleted : user_pref("CT2704262.serviceLayer_services_app.twitter.user-time_lastUpdate", "1345213956351");
Deleted : user_pref("CT2704262.serviceLayer_services_app.twitter.user-wired_lastUpdate", "1345213956327");
Deleted : user_pref("CT2704262.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1345039114108");
Deleted : user_pref("CT2704262.serviceLayer_services_appTracking_lastUpdate", "1345038876255");
Deleted : user_pref("CT2704262.serviceLayer_services_appsMetadata_lastUpdate", "1345201937260");
Deleted : user_pref("CT2704262.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1345038994168");
Deleted : user_pref("CT2704262.serviceLayer_services_login_10.10.20.14_lastUpdate", "1345201938451");
Deleted : user_pref("CT2704262.serviceLayer_services_optimizer_lastUpdate", "1345204401822");
Deleted : user_pref("CT2704262.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1345038994207");
Deleted : user_pref("CT2704262.serviceLayer_services_searchAPI_lastUpdate", "1345201938145");
Deleted : user_pref("CT2704262.serviceLayer_services_serviceMap_lastUpdate", "1345201937048");
Deleted : user_pref("CT2704262.serviceLayer_services_toolbarContextMenu_lastUpdate", "1345038994093");
Deleted : user_pref("CT2704262.serviceLayer_services_toolbarSettings_lastUpdate", "1345209137719");
Deleted : user_pref("CT2704262.serviceLayer_services_translation_lastUpdate", "1345201937704");
Deleted : user_pref("CT2704262.settingsINI", true);
Deleted : user_pref("CT2704262.smartbar.CTID", "CT2704262");
Deleted : user_pref("CT2704262.smartbar.Uninstall", "0");
Deleted : user_pref("CT2704262.smartbar.toolbarName", "FreeSoundRecorder ");
Deleted : user_pref("CT2704262.toolbarBornServerTime", "15-08-2012");
Deleted : user_pref("CT2704262.toolbarCurrentServerTime", "17-8-2012");
Deleted : user_pref("CT2704262.url_history0001", "javascript:YpCAnDwN();:::clickhandler:::1345213103152,,,java[...]

*************************

AdwCleaner[R1].txt - [17203 octets] - [16/08/2012 18:40:54]
AdwCleaner[S1].txt - [17107 octets] - [17/08/2012 16:49:15]

########## EOF - C:\AdwCleaner[S1].txt - [17236 octets] ##########

Alt 17.08.2012, 17:45   #12
t'john
/// Helfer-Team
 
Polizei Virus xter Versuch des Löschens - Standard

Polizei Virus xter Versuch des Löschens


Emsisoft Scan?
__________________
Mfg, t'john
Das TB unterstützen

Alt 17.08.2012, 22:24   #13
picollo
 
Polizei Virus xter Versuch des Löschens - Standard

Polizei Virus xter Versuch des Löschens


Der ist leider noch gelaufen als ich noch zu nem Kundentermin musste ^^

Emsisoft Anti-Malware - Version 6.6
Letztes Update: 17.08.2012 17:05:38

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, L:\
Archiv Scan: An
ADS Scan: An

Scan Beginn: 17.08.2012 17:06:14

C:\Program Files\EA Sports\Fussball Mangager 12\Manager12.exe gefunden: Trojan.Crypt!E2
C:\Program Files\EA Sports\Fussball Mangager 12\GfxCore.dll gefunden: Win32.SuspectCrc!E2
C:\Program Files\Cheat Engine 6.1\cheatengine-i386.exe gefunden: Riskware.Win32.HackTool.CheatEngine.AB!E1
L:\games\remalea\mlb2k12.exe gefunden: Virus.Win32.Heur!E2
L:\games\pizza\Turbo Pizza\Turbo Pizza\TurboPizza.RWG gefunden: Virus.Win32.Heur!E2
L:\games\PES\Pro Evolution Soccer 2012\rld.dll gefunden: Packed.Win32.VMProtect.AMN!E1
L:\games\PES\Pro Evolution Soccer 2012\rld.dll.bak gefunden: Packed.Win32.VMProtect.AMN!E1
L:\games\PES\Pro Evolution Soccer 2012\pes2012.exe gefunden: Virus.Win32.Heur!E2
L:\games\boxen\Boxsport Manager.exe gefunden: Trojan.Crypt!E2

Gescannt 714535
Gefunden 9

Scan Ende: 17.08.2012 19:36:11
Scan Zeit: 2:29:57

Alt 18.08.2012, 14:54   #14
t'john
/// Helfer-Team
 
Polizei Virus xter Versuch des Löschens - Standard

Polizei Virus xter Versuch des Löschens


Sehr gut!

Lasse die Funde loeschen, dann:

Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
__________________
Mfg, t'john
Das TB unterstützen

Alt 18.08.2012, 19:35   #15
picollo
 
Polizei Virus xter Versuch des Löschens - Standard

Polizei Virus xter Versuch des Löschens


ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9a2a52d1c72ad741baa96b3df11bf188
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-18 06:20:18
# local_time=2012-08-18 08:20:18 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 15641547 96935234 0 0
# compatibility_mode=8192 67108863 100 0 113 113 0 0
# scanned=275336
# found=5
# cleaned=5
# scan_time=9974
C:\Users\Privat\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4a5877bd-2d32794b multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\08162012_063333\C_Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\08162012_063333\C_Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
L:\games\remalea\rld-mlb2k12.iso a variant of Win32/Packed.VMProtect.AAH trojan (deleted - quarantined) 00000000000000000000000000000000 C
L:\games\remalea\rld.dll a variant of Win32/Packed.VMProtect.AAH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Muss leider alles nochmals machen - der Post hat nicht funktioniert... Werd es nacher gleich nochmals starten - sry. Post folgt morgen vormittag

Antwort
Seite 1 von 2 1 2

Themen zu Polizei Virus xter Versuch des Löschens
abgesicherten, absoluter, andere, antivirus, dateien, eingefangen, entferne, entfernen, erkannt, erneut, essen, hoffe, konnte, löschen, microsoft, modus, programm, registriert, security, suche, trojaner, virus, weiterhelfen, win, win7


« Alle Browser leiten oft ungefragt auf verschiedene Webseiten weiter. | GVU 2.07 eingefangen »


Ähnliche Themen: Polizei Virus xter Versuch des Löschens


  1. Polizei virus
    Plagegeister aller Art und deren Bekämpfung - 21.08.2013 (9)
  2. Polizei Virus
    Plagegeister aller Art und deren Bekämpfung - 08.06.2013 (23)
  3. Polizei Virus
    Plagegeister aller Art und deren Bekämpfung - 24.03.2013 (34)
  4. Polizei Virus
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (10)
  5. Polizei Virus 5.2
    Plagegeister aller Art und deren Bekämpfung - 20.10.2012 (4)
  6. Polizei Virus
    Plagegeister aller Art und deren Bekämpfung - 18.10.2012 (4)
  7. Polizei Virus
    Plagegeister aller Art und deren Bekämpfung - 29.09.2012 (14)
  8. Polizei Virus
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (13)
  9. Polizei Virus Neu?
    Plagegeister aller Art und deren Bekämpfung - 05.09.2012 (1)
  10. Polizei Virus vom 8.8.12
    Log-Analyse und Auswertung - 26.08.2012 (19)
  11. Bafi.H / acroFF.dll - trotz Löschens immer wieder neuer Befall
    Plagegeister aller Art und deren Bekämpfung - 06.08.2012 (1)
  12. Polizei Einheit 5.2 Virus Österreich Virus
    Log-Analyse und Auswertung - 05.08.2012 (14)
  13. ----- Polizei Virus -----
    Plagegeister aller Art und deren Bekämpfung - 08.06.2012 (11)
  14. Task-manager durch virus blockiert, Polizei-virus
    Log-Analyse und Auswertung - 02.04.2012 (1)
  15. (2x) 2. VERSUCH - "WIN7" System wurde gesperrt + Skype Virus
    Mülltonne - 12.03.2012 (2)
  16. Bundespolizei-Virus! Probleme bei Versuch des Löschens trotz Befolgung einiger ähnlicher Threads
    Log-Analyse und Auswertung - 14.09.2011 (24)
  17. Trojaner trotz löschens wieder da
    Log-Analyse und Auswertung - 09.03.2011 (13)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Polizei Virus xter Versuch des Löschens - Hallo Zusammen. Vorab - Ich bin ein absoluter "sich nicht auskenner" wenn es um den PC geht - Ich kenne zwar gewisse basics aber da hört es dann auch schon - Polizei Virus xter Versuch des Löschens...
Archiv
Du betrachtest: Polizei Virus xter Versuch des Löschens auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129