Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   GVU Trojaner 2.07 auf Vista eingefangen (https://www.trojaner-board.de/122789-gvu-trojaner-2-07-vista-eingefangen.html)

invizierter 26.08.2012 11:07
GVU Trojaner 2.07 auf Vista eingefangen
 
Hallo,

ich hab mir vor ein paar Tagen einen Trojaner eingefangen und nach einiger Recherche herausgefunden, dass es sich dabei wohl um den GVU Trojaner 2.07 handelt.
Mit Malwarebytes sind einige Infektionen entdeckt worden, mit denen ich leider nicht viel Anfangen kann.
Wenn ich den Rechner nicht im Abgesicherten Modus starte, kommt nach einigen Minuten sofort der Bildschirm des Trojaners mit der Aufforderungen Geld zu überweise.
Anbei die folgenden LOG´s:
OTL.txt und Extra.txt

Falls noch etwas fehlt, lasst es mich wissen.
Vielen Dank schonmal für eure Hilfe.

Grüße
invizierter

t'john 27.08.2012 03:41
:hallo:

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.

Ersetze die Platzhalter wieder in den Benutzernamen zurück!
Code:
:OTL
MOD - C:\Users\invizierter\AppData\Roaming\14001.017\components\AcroFF017.dll ()
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
IE - HKLM\..\SearchScopes,DefaultScope = {ABB9D7E1-CFEE-4A67-92A8-B5964E5B4803}
IE - HKLM\..\SearchScopes\{ABB9D7E1-CFEE-4A67-92A8-B5964E5B4803}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKLM\..\SearchScopes\{F91A88AB-7B29-4D0B-A874-A26BC37F3536}: "URL" = http://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-544559749-1310750081-3072045077-1000\..\SearchScopes,DefaultScope = {ABB9D7E1-CFEE-4A67-92A8-B5964E5B4803}
IE - HKU\S-1-5-21-544559749-1310750081-3072045077-1000\..\SearchScopes\{ABB9D7E1-CFEE-4A67-92A8-B5964E5B4803}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKU\S-1-5-21-544559749-1310750081-3072045077-1000\..\SearchScopes\{F91A88AB-7B29-4D0B-A874-A26BC37F3536}: "URL" = http://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKU\S-1-5-21-544559749-1310750081-3072045077-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-544559749-1310750081-3072045077-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..browser.search.defaultenginename: "Search the web"
FF - prefs.js..browser.search.order.1: "Search the web"
FF - prefs.js..browser.search.selectedEngine: "Search the web"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..keyword.URL: "http://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\IPSFFPlgn\ [2012.08.25 22:07:43 | 000,000,000 | ---D | M]
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKU\S-1-5-21-544559749-1310750081-3072045077-1000..\Run: [Userinit] C:\Users\invizierter\AppData\Roaming\appConf32.exe ()
O4 - HKU\S-1-5-21-544559749-1310750081-3072045077-1000..\Run: [Winouwpoos] C:\Users\invizierter\AppData\Roaming\Moec\amkik.exe (Rich October Company)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.09.11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
[2012.08.14 09:36:21 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012.08.25 23:53:30 | 000,177,632 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.08.25 23:52:11 | 000,177,632 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.08.25 23:51:59 | 004,503,728 | ---- | M] () -- C:\ProgramData\0tbpw.pad
[2012.08.25 13:08:34 | 000,001,720 | ---- | M] () -- C:\Users\invizierter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2008.12.09 17:23:13 | 000,050,640 | RHS- | C] () -- C:\Users\invizierter\AppData\Roaming\appConf32.exe

[2012.08.25 19:23:40 | 000,000,000 | ---D | C] -- C:\xmldm
[2012.08.25 19:23:40 | 000,000,000 | ---D | C] -- C:\kock
[2012.08.22 16:13:17 | 000,000,000 | ---D | C] -- C:\Users\invizierter\AppData\Roaming\UAs
[2012.08.21 20:20:48 | 000,000,000 | ---D | C] -- C:\Users\invizierter\AppData\Roaming\14001.016
[2012.08.21 20:20:26 | 000,000,000 | ---D | C] -- C:\Users\invizierter\AppData\Roaming\xmldm
[2012.08.21 20:20:25 | 000,000,000 | ---D | C] -- C:\Users\invizierter\AppData\Roaming\kock
[2012.08.21 20:20:57 | 000,006,400 | ---- | M] () -- C:\Users\invizierter\AppData\Roaming\BAcroIEHelpe.dll
[2012.08.21 20:20:38 | 000,000,016 | ---- | C] () -- C:\Users\invizierter\AppData\Roaming\blckdom.res
[2012.08.25 23:19:06 | 000,001,162 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-544559749-1310750081-3072045077-1000UA.job
[2012.08.25 22:55:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.24 19:24:14 | 000,199,824 | ---- | M] () -- C:\Users\invizierter\AppData\Roaming\AcroIEHelpe200.dll
[2012.08.24 19:24:14 | 000,006,400 | ---- | M] () -- C:\Users\invizierter\AppData\Roaming\BAcroIEHelpe200.dll

:Files
C:\Users\invizierter\AppData\Roaming\*croIEHelp*.*
C:\Users\invizierter\AppData\Roaming\140*
C:\Users\invizierter\AppData\Local\{*}
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\invizierter\AppData\Local\Temp\*.exe
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

invizierter 28.08.2012 19:55
Hallo,

hier das Log File:

All processes killed
========== OTL ==========
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
File system32\DRIVERS\nwlnkfwd.sys File not found not found.
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
File system32\DRIVERS\nwlnkflt.sys File not found not found.
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
File system32\DRIVERS\ipinip.sys File not found not found.
Service blbdrive stopped successfully!
Service blbdrive deleted successfully!
File C:\Windows\system32\drivers\blbdrive.sys File not found not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ABB9D7E1-CFEE-4A67-92A8-B5964E5B4803}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABB9D7E1-CFEE-4A67-92A8-B5964E5B4803}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F91A88AB-7B29-4D0B-A874-A26BC37F3536}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F91A88AB-7B29-4D0B-A874-A26BC37F3536}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKEY_USERS\S-1-5-21-544559749-1310750081-3072045077-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-544559749-1310750081-3072045077-1000\Software\Microsoft\Internet Explorer\SearchScopes\{ABB9D7E1-CFEE-4A67-92A8-B5964E5B4803}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABB9D7E1-CFEE-4A67-92A8-B5964E5B4803}\ not found.
Registry key HKEY_USERS\S-1-5-21-544559749-1310750081-3072045077-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F91A88AB-7B29-4D0B-A874-A26BC37F3536}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F91A88AB-7B29-4D0B-A874-A26BC37F3536}\ not found.
HKU\S-1-5-21-544559749-1310750081-3072045077-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-544559749-1310750081-3072045077-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "Search the web" removed from browser.search.defaultenginename
Prefs.js: "Search the web" removed from browser.search.order.1
Prefs.js: "Search the web" removed from browser.search.selectedEngine
Prefs.js: false removed from browser.search.update
Prefs.js: "www.google.de" removed from browser.startup.homepage
Prefs.js: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" removed from keyword.URL
Prefs.js: 0 removed from network.proxy.type
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBDA0591-3099-440a-AA10-41764D9DB4DB}\ not found.
File C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\IPSFFPlgn\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5.5ServiceManager deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully.
C:\Program Files\DivX\DivX Update\DivXUpdate.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SweetIM deleted successfully.
C:\Program Files\SweetIM\Messenger\SweetIM.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-544559749-1310750081-3072045077-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Userinit deleted successfully.
File C:\Users\invizierter\AppData\Roaming\appConf32.exe not found.
Registry value HKEY_USERS\S-1-5-21-544559749-1310750081-3072045077-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Winouwpoos deleted successfully.
File C:\Users\invizierter\AppData\Roaming\Moec\amkik.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLinkedConnections deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
D:\AUTOMODE moved successfully.
C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\x86 folder moved successfully.
C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86 folder moved successfully.
C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521} folder moved successfully.
C:\ProgramData\nvModes.001 moved successfully.
C:\ProgramData\nvModes.dat moved successfully.
C:\ProgramData\0tbpw.pad moved successfully.
File C:\Users\invizierter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
File C:\Users\invizierter\AppData\Roaming\appConf32.exe not found.
C:\xmldm folder moved successfully.
C:\kock folder moved successfully.
C:\Users\invizierter\AppData\Roaming\UAs folder moved successfully.
C:\Users\invizierter\AppData\Roaming\14001.016\components folder moved successfully.
C:\Users\invizierter\AppData\Roaming\14001.016 folder moved successfully.
C:\Users\invizierter\AppData\Roaming\xmldm folder moved successfully.
C:\Users\invizierter\AppData\Roaming\kock folder moved successfully.
C:\Users\invizierter\AppData\Roaming\BAcroIEHelpe.dll moved successfully.
C:\Users\invizierter\AppData\Roaming\blckdom.res moved successfully.
C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-544559749-1310750081-3072045077-1000UA.job moved successfully.
C:\WINDOWS\Tasks\Adobe Flash Player Updater.job moved successfully.
C:\Users\invizierter\AppData\Roaming\AcroIEHelpe200.dll moved successfully.
C:\Users\invizierter\AppData\Roaming\BAcroIEHelpe200.dll moved successfully.
========== FILES ==========
C:\Users\invizierter\AppData\Roaming\AcroIEHelpe.txt moved successfully.
C:\Users\invizierter\AppData\Roaming\14001.017\components folder moved successfully.
C:\Users\invizierter\AppData\Roaming\14001.017 folder moved successfully.
C:\Users\invizierter\AppData\Local\{25712FEC-1757-4BF2-9D64-049F571C0A0E} folder moved successfully.
C:\Users\invizierter\AppData\Local\{6B353001-735E-4E7C-8922-F72035B092FB} folder moved successfully.
C:\Users\invizierter\AppData\Local\{8B66354C-6253-44B2-8AE0-7B9229B53BA2} folder moved successfully.
C:\Users\invizierter\AppData\Local\{AD63CC39-15B8-4DC5-8201-01327B4A9C5E} folder moved successfully.
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\TEMP not found.
C:\Users\invizierter\AppData\Local\Temp\CommonInstaller.exe moved successfully.
C:\Users\invizierter\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe moved successfully.
C:\Users\invizierter\AppData\Local\Temp\HPQSi.exe moved successfully.
C:\Users\invizierter\AppData\Local\Temp\MachineIdCreator.exe moved successfully.
C:\Users\invizierter\AppData\Local\Temp\meo21C2.exe moved successfully.
C:\Users\invizierter\AppData\Local\Temp\ose00001.exe moved successfully.
C:\Users\invizierter\AppData\Local\Temp\Shortcut_sweetimsetup.exe moved successfully.
C:\Users\invizierter\AppData\Local\Temp\SIMEEIInstaller.exe moved successfully.
C:\Users\invizierter\AppData\Local\Temp\SkypeSetup.exe moved successfully.
C:\Users\invizierter\AppData\Local\Temp\symlcsv1.exe moved successfully.
C:\Users\invizierter\AppData\Local\Temp\ToolbarInstaller.exe moved successfully.
C:\Users\invizierter\AppData\Local\Temp\Uninstall.exe moved successfully.
C:\Users\invizierter\AppData\Local\Temp\wlsetup-cvr.exe moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\invizierter\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\invizierter\Desktop\cmd.bat deleted successfully.
C:\Users\invizierter\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: invizierter
->Temp folder emptied: 5275333626 bytes
->Temporary Internet Files folder emptied: 17504474 bytes
->FireFox cache emptied: 234568283 bytes
->Flash cache emptied: 203117 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 146063229 bytes
RecycleBin emptied: 60794 bytes

Total Files Cleaned = 5.411,00 mb


OTL by OldTimer - Version 3.2.58.1 log created on 08282012_204209

Files\Folders moved on Reboot...
File\Folder C:\Users\invizierter\AppData\Local\Temp\~DF8288.tmp not found!
File\Folder C:\Users\invizierter\AppData\Local\Temp\~DF837B.tmp not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Grüße und vielen vielen Dank schon mal vorab

t'john 29.08.2012 03:05
Sehr gut! :daumenhoc

Wie laeuft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

invizierter 16.09.2012 10:06
Moin,
sry hat etwas gedauert. War nicht zuhause Verfügbar.

Malware-Log:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.09.10.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Invizierter :: I [Administrator]

Schutz: Aktiviert

15.09.2012 20:07:04
mbam-log-2012-09-15 (20-07-04).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 378837
Laufzeit: 1 Stunde(n), 57 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\_OTL\MovedFiles\08282012_204209\C_Users\Invizierter\AppData\Roaming\14001.017\components\AcroFF017.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

AWD-Cleaner-Log:

# AdwCleaner v2.001 - Datei am 09/16/2012 um 10:38:16 erstellt
# Aktualisiert am 09/09/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Invizierter - I
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Invizierter\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Datei Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Datei Gefunden : C:\Users\Invizierter\AppData\Roaming\Mozilla\Firefox\Profiles\ie1gq6c9.default\searchplugins\SweetIm.xml
Ordner Gefunden : C:\Program Files\SweetIM
Ordner Gefunden : C:\ProgramData\SweetIM
Ordner Gefunden : C:\Users\Invizierter\AppData\LocalLow\boost_interprocess
Ordner Gefunden : C:\Users\Invizierter\AppData\Roaming\Mozilla\Firefox\Profiles\ie1gq6c9.default\SweetPacksToolbarData
Ordner Gefunden : C:\Users\Invizierter\AppData\Roaming\toolplugin
Ordner Gefunden : C:\Windows\Installer\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-89AF-189327213627}
Schlüssel Gefunden : HKCU\Software\SweetIm
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-89AF-189327213627}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\S
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\sim-packages
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}
Schlüssel Gefunden : HKLM\Software\SweetIm
Schlüssel Gefunden : HKU\S-1-5-21-544559749-1310750081-3072045077-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-89AF-189327213627}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v14.0.1 (de)

Profilname : default
Datei : C:\Users\Invizierter\AppData\Roaming\Mozilla\Firefox\Profiles\ie1gq6c9.default\prefs.js

Gefunden : user_pref("keyword.URL", "hxxp://search.sweetim.com/search.asp?src=2&crg=3.1010006&q=");
Gefunden : user_pref("sweetim.toolbar.cargo", "3.1010006");
Gefunden : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
Gefunden : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-h[...]
Gefunden : user_pref("sweetim.toolbar.dialogs.0.height", "335");
Gefunden : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
Gefunden : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
Gefunden : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.html")[...]
Gefunden : user_pref("sweetim.toolbar.dialogs.0.width", "761");
Gefunden : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
Gefunden : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-h[...]
Gefunden : user_pref("sweetim.toolbar.dialogs.1.height", "300");
Gefunden : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
Gefunden : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
Gefunden : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"[...]
Gefunden : user_pref("sweetim.toolbar.dialogs.1.width", "500");
Gefunden : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.goog[...]
Gefunden : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Gefunden : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Gefunden : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Gefunden : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Gefunden : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Gefunden : user_pref("sweetim.toolbar.mode.debug", "false");
Gefunden : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://search.sweetim.com/search.asp?src=2&q=");
Gefunden : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
Gefunden : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
Gefunden : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
Gefunden : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
Gefunden : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
Gefunden : user_pref("sweetim.toolbar.scripts.0.enable", "true");
Gefunden : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
Gefunden : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
Gefunden : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "false");
Gefunden : user_pref("sweetim.toolbar.scripts.1.callback", "");
Gefunden : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..[...]
Gefunden : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "");
Gefunden : user_pref("sweetim.toolbar.scripts.1.elementid", "id_predict_include_script");
Gefunden : user_pref("sweetim.toolbar.scripts.1.enable", "false");
Gefunden : user_pref("sweetim.toolbar.scripts.1.id", "id_script_prad");
Gefunden : user_pref("sweetim.toolbar.scripts.1.url", "hxxp://cdn1.predictad.com/scripts/publishers/sweetim/pre[...]
Gefunden : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Gefunden : user_pref("sweetim.toolbar.search.history.capacity", "10");
Gefunden : user_pref("sweetim.toolbar.searchguard.enable", "true");
Gefunden : user_pref("sweetim.toolbar.simapp_id", "{5242C727-D52F-401F-B00A-C2EFC8F2826E}");

*************************

AdwCleaner[R1].txt - [8158 octets] - [16/09/2012 10:38:16]

########## EOF - C:\AdwCleaner[R1].txt - [8218 octets] ##########


Mein Rechner läuft soweit wieder ganz gut. Also der Virus scheint nicht mehr zu kommen. Es poppen jedoch andauern Meldungen (Prevalence Reporter) auf.

Trotzdem schon mal vielen Dank und Grüße

t'john 16.09.2012 17:17
Sehr gut! :daumenhoc


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

t'john 01.11.2012 04:36
Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:19 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129