Vermutlich von einem Virus oder Trojana betroffen

sansooo · 16.08.2012, 18:44

Hallo an alle,

ich hoffe ich bekomme hier hilfe.

Ich habe eine "schwindlige" Datei heruntergeladen, als ich diese öffnen wollte passierte nichts. Jetzt vermute ich dass diese EXE ein Virus oder ein Trojaner war.

AntiVir und Anti Maleware hat nichts gefunden.

Hier die Daten von HijackThis v2.0.4:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:39:47, on 16.08.2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Users\Sandro\Downloads\chatroulette_generator_rapidshare.exe
C:\torrent.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\Sandro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sandro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sandro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sandro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sandro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sandro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sandro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sandro\Downloads\HiJackThis204 (1).exe
C:\Users\Sandro\Downloads\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/4
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/4
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ironto&s={searchTerms}&f=4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: loadtbs - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\Sandro\AppData\Roaming\loadtbs\toolbar.dll
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Google Update] "C:\Users\Sandro\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [iPhone PC Suite] C:\Program Files (x86)\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe /start
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Startup: Logitech Touch Mouse Server.lnk = Sandro\Desktop\Touch Mouse\Logitech Touch Mouse Server\iTouch-Server-Win.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: FILSHtray.lnk = C:\Program Files (x86)\FILSHtray\FILSHtray.exe
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sandro\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: hxxp://*.mcafee.com (HKLM)
O15 - Trusted Zone: hxxp://betavscan.mcafeeasap.com (HKLM)
O15 - Trusted Zone: hxxp://vs.mcafeeasap.com (HKLM)
O15 - Trusted Zone: hxxp://www.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: hxxp://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: hxxp://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: hxxp://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: hxxp://www.mcafeeasap.com (HKLM)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Hotkey Monitor (hpHotkeyMonitor) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13026 bytes

Bitte um kurze Info ob hier etwas ungewöhliches dabei ist.

Vielen Dank im voraus.

markusg · 16.08.2012, 18:45

hi
was für eine datei:
lade sie hoch.
Trojaner-Board Upload Channel
und sende mir den download link als private nachicht

sansooo · 16.08.2012, 19:07

Habs hochgeladen aber keinen Link bekommen ?

markusg · 16.08.2012, 19:15

ja habs gesehen, danke
wollte den link, von dem du es geladen hast, als private nachicht

sansooo · 16.08.2012, 19:18

Sry find ich nicht mehr

Und ? schon was gefunden ? glg

markusg · 16.08.2012, 20:20

ja, wer sich angebliche generatoren für rapit share etc läd muss sich ja echt nicht wundern...
zumindest war das dein plan, laut dateiname
malwarebytes:
Downloade Dir bitte Malwarebytes

Installiere
das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche
nach Aktualisierung
Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
Wenn der Scan beendet
ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste
das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

sansooo · 16.08.2012, 22:21

Nichts gefunden

Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.16.10

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Sandro :: SANDRO-HP [Administrator]

Schutz: Deaktiviert

16.08.2012 21:25:18
mbam-log-2012-08-16 (21-25-18).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 352623
Laufzeit: 1 Stunde(n), 51 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

markusg · 17.08.2012, 18:55

download:
Download AdwCleaner 1.801 Free - Adware and toolbar remover - Softpedia
Programm starten und Search wählen
Anschließend Logfile posten

sansooo · 17.08.2012, 22:05

# AdwCleaner v1.801 - Logfile created 08/17/2012 at 23:04:44
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : Sandro - SANDRO-HP
# Boot Mode : Normal
# Running from : C:\Users\Sandro\Downloads\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

Folder Found : C:\Users\Sandro\AppData\Local\Babylon
Folder Found : C:\Users\Sandro\AppData\Local\Conduit
Folder Found : C:\Users\Sandro\AppData\Local\Temp\BabylonToolbar
Folder Found : C:\Users\Sandro\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Sandro\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Sandro\AppData\LocalLow\Conduit
Folder Found : C:\Users\Sandro\AppData\LocalLow\facemoods.com
Folder Found : C:\Users\Sandro\AppData\Roaming\Babylon
Folder Found : C:\Users\Sandro\AppData\Roaming\loadtbs
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\Program Files (x86)\Conduit
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml
File Found : C:\user.js

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Key Found : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Key Found : HKLM\SOFTWARE\Conduit
[x64] Key Found : HKCU\Software\AppDataLow\Software\Conduit
[x64] Key Found : HKCU\Software\AppDataLow\Software\SmartBar
[x64] Key Found : HKCU\Software\Conduit
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
[x64] Key Found : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=ironto&s={searchTerms}&f=4

-\\ Google Chrome v21.0.1180.79

File : C:\Users\Sandro\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found : "homepage": "hxxp://search.conduit.com/?ctid=CT2319825&SearchSource=48&sspv=CHSB18",
Found : "path": "plugins/ConduitChromeApiPlugin.dll",
Found : "update_url": "hxxp://autoupdate.chromewebtb.conduit-services.com/sb/?productId=CT231[...]
Found : "homepage": "hxxp://search.conduit.com/?ctid=CT2319825&SearchSource=48&sspv=CHSB18",

*************************

AdwCleaner[R1].txt - [6029 octets] - [17/08/2012 23:04:44]

########## EOF - C:\AdwCleaner[R1].txt - [6157 octets] ##########

sansooo · 20.08.2012, 11:24

Und ? Was meinst du ? LG

markusg · 20.08.2012, 16:12

hi
bitte jetzt delete wählen. und neues log posten.

sansooo · 21.08.2012, 20:15

Nach dem deleten wurde der Laptop automatisch neugestartet, danach kam diese LOG-Datei

# AdwCleaner v1.801 - Logfile created 08/21/2012 at 21:01:17
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : Sandro - SANDRO-HP
# Boot Mode : Normal
# Running from : C:\Users\Sandro\Downloads\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Users\Sandro\AppData\Local\Babylon
Folder Deleted : C:\Users\Sandro\AppData\Local\Conduit
Folder Deleted : C:\Users\Sandro\AppData\Local\Temp\BabylonToolbar
Folder Deleted : C:\Users\Sandro\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Sandro\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Sandro\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Sandro\AppData\LocalLow\facemoods.com
Folder Deleted : C:\Users\Sandro\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Sandro\AppData\Roaming\loadtbs
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Program Files (x86)\Conduit
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml
File Deleted : C:\user.js

***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Key Deleted : HKLM\SOFTWARE\Conduit

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=ironto&s={searchTerms}&f=4 --> hxxp://www.google.com

-\\ Google Chrome v21.0.1180.79

File : C:\Users\Sandro\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted : "homepage": "hxxp://search.conduit.com/?ctid=CT2319825&SearchSource=48&sspv=CHSB18",
Deleted : "path": "plugins/ConduitChromeApiPlugin.dll",
Deleted : "update_url": "hxxp://autoupdate.chromewebtb.conduit-services.com/sb/?productId=CT231[...]
Deleted : "homepage": "hxxp://search.conduit.com/?ctid=CT2319825&SearchSource=48&sspv=CHSB18",

*************************

AdwCleaner[R1].txt - [6118 octets] - [17/08/2012 23:04:44]
AdwCleaner[S1].txt - [4666 octets] - [21/08/2012 21:01:17]

########## EOF - C:\AdwCleaner[S1].txt - [4794 octets] ##########

markusg · 21.08.2012, 22:08

gut,
lade den CCleaner standard:
CCleaner Download - CCleaner 3.21.1767
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

sansooo · 26.08.2012, 00:07

Hier die Liste :

PS: Ich kenne die wenigsten Programme deshalb habe ich keine gekennzeichnet.

7-Zip 9.20 05.11.2011
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 23.03.2011 6,00MB 10.2.153.1
Apple Application Support Apple Inc. 03.01.2012 61,1MB 2.1.6
Apple Mobile Device Support Apple Inc. 03.01.2012 24,4MB 4.0.0.97
Apple Software Update Apple Inc. 30.06.2011 2,25MB 2.1.3.127
ATI Catalyst Install Manager ATI Technologies, Inc. 01.12.2010 22,3MB 3.0.778.0
Avira AntiVir Personal - Free Antivirus Avira GmbH 14.02.2012 69,3MB 10.2.0.707
AviSynth 2.5 30.06.2011
BitTornado 0.3.18 John Hoffman 01.07.2012 0.3.18
Bonjour Apple Inc. 12.10.2011 2,00MB 3.0.0.10
Broadcom 2070 Bluetooth 3.0 Broadcom Corporation 01.12.2010 183MB 6.3.0.6300
Broadcom 802.11 Wireless LAN Adapter Broadcom Corporation 02.12.2010 5.60.350.6
CCleaner Piriform 22.08.2012 3.22
Corel Office Corel Corporation 30.04.2012 131MB 5.0.108.971
DivX-Setup DivX, LLC 27.12.2011 2.6.1.3
Easy2Convert PCD to JPG 1.2 Easy2Convert Software 07.08.2012 3,77MB 1.2
FILSHtray FILSH Media GmbH 21.06.2012 15,3MB 0.12
Free Video to iPhone Converter version 3.2.19.602 DVDVideoSoft Limited. 30.06.2011 30,0MB
Free YouTube to MP3 Converter version 3.11.24.608 DVDVideoSoft Ltd. 21.06.2012 90,1MB 3.11.24.608
Google Chrome Google Inc. 22.03.2011 21.0.1180.83
HP Advisor Hewlett-Packard 08.09.2010 53,9MB 3.4.10262.3295
HP Documentation Hewlett-Packard 08.09.2010 883MB 1.5.1.0
HP ESU for Microsoft Windows 7 Hewlett-Packard Company 12.10.2011 15,0MB 1.1.8.1
HP HotKey Support Hewlett-Packard Company 30.03.2011 11,6MB 4.0.3.1
HP Setup Hewlett-Packard Company 08.09.2010 8.2.4130.3367
HP SoftPaq Download Manager Hewlett-Packard Company 08.09.2010 14,3MB 3.0.5.0
HP Software Framework Hewlett-Packard Company 08.09.2010 2,37MB 4.0.51.1
HP Software Setup Hewlett-Packard Company 08.09.2010 11,7MB 7.0.1.6
HP Support Assistant Hewlett-Packard Company 19.01.2012 78,4MB 6.1.12.1
HP Webcam Roxio 30.03.2011 9,76MB 1.0.25.0
HP Webcam Driver Realtek Semiconductor Corp. 01.12.2010 6.1.7600.0049
HP Wireless Assistant Hewlett-Packard 08.09.2010 5,59MB 4.0.6.0
iCloud Apple Inc. 03.01.2012 31,1MB 1.0.2.17
IDT Audio IDT 09.11.2011 1.0.6300.0
Infix 4.29 Iceni Technology 09.06.2011 57,2MB
iTunes Apple Inc. 03.01.2012 170MB 10.5.2.11
Java(TM) 6 Update 30 Oracle 08.06.2011 97,0MB 6.0.300
Java(TM) 7 Update 5 Oracle 11.07.2012 99,3MB 7.0.50
JavaFX 2.1.1 Oracle Corporation 11.07.2012 20,8MB 2.1.1
LightScribe System Software LightScribe 08.09.2010 23,3MB 1.18.12.1
loadtbs-3.0 07.08.2012
Logitech Touch Mouse Server 1.0 Logitech Inc. 07.07.2011 1.0
Malwarebytes Anti-Malware Version 1.62.0.1300 Malwarebytes Corporation 16.08.2012 18,7MB 1.62.0.1300
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 24.03.2011 38,8MB 4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 24.03.2011 2,93MB 4.0.30319
Microsoft .NET Framework 4 Extended Microsoft Corporation 21.06.2012 51,9MB 4.0.30319
Microsoft .NET Framework 4 Extended DEU Language Pack Microsoft Corporation 21.06.2012 10,6MB 4.0.30319
Microsoft Silverlight Microsoft Corporation 12.05.2012 120MB 4.1.10329.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Corporation 27.04.2011 260KB 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 08.09.2010 708KB 8.0.61000
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Corporation 30.04.2011 580KB 8.0.51011
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Corporation 30.04.2011 790KB 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 30.04.2011 598KB 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 08.09.2010 788KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 01.12.2010 788KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 24.06.2011 788KB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 23.03.2011 596KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 24.06.2011 600KB 9.0.30729.6161
MKVtoolnix 4.6.0 Moritz Bunkus 13.04.2011 4.6.0
Optimizer Pro v3.0 PC Utilities Pro 07.08.2012 3.0
PDF Complete Special Edition PDF Complete, Inc 02.12.2010 3.5.117
qBittorrent 2.9.7 01.07.2012
QuickTime Apple Inc. 10.08.2011 73,0MB 7.70.80.34
RAD Video Tools 20.06.2012
Realtek Ethernet Controller All-In-One Windows Driver Realtek 08.09.2010 1.12.0011
Skype™ 4.2 Skype Technologies S.A. 01.12.2010 31,7MB 4.2.163
Synaptics Pointing Device Driver Synaptics Incorporated 08.09.2010 15.0.10.0
Veetle TV Veetle, Inc 14.12.2011 0.9.18
VLC media player 1.1.8 VideoLAN 25.03.2011 1.1.8
Windows 7 Default Setting Hewlett-Packard Company 08.09.2010 32,0KB 1.0.1.7
Windows Live ID Sign-in Assistant Microsoft Corporation 08.09.2010 10,0MB 6.500.3165.0
WinRAR 4.00 (32-Bit) win.rar GmbH 22.03.2011 4.00.0

sansooo · 27.08.2012, 21:33

Und ist was auffälliges dabei ? lg

16.08.2012, 18:45	#2
markusg /// Malware-holic	Vermutlich von einem Virus oder Trojana betroffen hi was für eine datei: lade sie hoch. Trojaner-Board Upload Channel und sende mir den download link als private nachicht __________________ __________________

20.08.2012, 16:12	#11
markusg /// Malware-holic	Vermutlich von einem Virus oder Trojana betroffen hi bitte jetzt delete wählen. und neues log posten. __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

Vermutlich von einem Virus oder Trojana betroffen

Plagegeister aller Art und deren Bekämpfung: Vermutlich von einem Virus oder Trojana betroffen