| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Popup rechts unten im Browser, nervende Werbung auch als Flash, schiebt sich von unten reinWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
02.06.2012, 21:12
| #18 |
 |  Popup rechts unten im Browser, nervende Werbung auch als Flash, schiebt sich von unten rein Ohhhh! Das Script hat mächtig aufgeräumt. Es ist einiges Weg :-/ Passwörter, Links ....
__________________... aber die Malware scheint auch weg zu sein!? Hurra! Code:
ATTFilter All processes killed
========== OTL ==========
Prefs.js: "" removed from browser.search.defaultenginename
Prefs.js: "Freeware.de Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7e111a5c-3d11-4f56-9463-5310c3c69025} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e111a5c-3d11-4f56-9463-5310c3c69025}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLinkedConnections deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3339107563-512239636-558935408-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e634b82-cd94-11e0-9ac6-bcaec5159772}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e634b82-cd94-11e0-9ac6-bcaec5159772}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e634b82-cd94-11e0-9ac6-bcaec5159772}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e634b82-cd94-11e0-9ac6-bcaec5159772}\ not found.
File E:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebab1660-3a42-11e1-b5e6-5404a62f3bca}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ebab1660-3a42-11e1-b5e6-5404a62f3bca}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebab1660-3a42-11e1-b5e6-5404a62f3bca}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ebab1660-3a42-11e1-b5e6-5404a62f3bca}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\Win-Azure.pdf not found.
C:\Windows\SysWOW64\6.skb moved successfully.
C:\Windows\SysWOW64\5.skb moved successfully.
C:\Windows\SysWOW64\4.skb moved successfully.
C:\Windows\SysWOW64\3.skb moved successfully.
C:\Windows\SysWOW64\2.skb moved successfully.
C:\Windows\SysWOW64\1.skb moved successfully.
C:\Windows\SysWOW64\0.skb moved successfully.
C:\Users\Adrian *****\AppData\Roaming\Ybxow folder moved successfully.
C:\Users\Adrian *****\AppData\Roaming\Zaux folder moved successfully.
ADS C:\ProgramData\TEMP:0574215C deleted successfully.
========== FILES ==========
C:\acroldr folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: a0273787
User: Adrian *****
->Temp folder emptied: 450042058 bytes
->Temporary Internet Files folder emptied: 10330105250 bytes
->Java cache emptied: 350210 bytes
->FireFox cache emptied: 173081321 bytes
->Flash cache emptied: 176211 bytes
User: All Users
User: Classic .NET AppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 290628896 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 638 bytes
RecycleBin emptied: 2285984038 bytes
Total Files Cleaned = 12'904.00 mb
[EMPTYFLASH]
User: a0273787
User: Adrian *****
->Flash cache emptied: 0 bytes
User: All Users
User: Classic .NET AppPool
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: DefaultAppPool
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0.00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.44.0 log created on 06022012_220206
Files\Folders moved on Reboot...
C:\Users\Adrian *****\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
Bravo! Melde mich morgen nochmals, mit der abschliessenden Bestätigung. Danke, Adrian Ok! Die lästige Werbung ist weg. Super! Nach dem Aufräumen konnte ich auf einige Verzeichnisse und Ordner nicht mehr zugreifen. Sie waren im Besitz eines unbekannten Benutzers. Es war jedoch viel einfacher den Besitz wieder zu übernehmen, als das ganze System neu aufzusetzen. Nur zur Info für Euch, falls andere ähnlich Fälle auftreten. Vielen Dank, Adrian |
| Themen zu Popup rechts unten im Browser, nervende Werbung auch als Flash, schiebt sich von unten rein |
| .html, avira, browser, dasselbe, essen, essentials, flash, funde, gefunde, kaspersky, malwarebytes, nerve, nervende, nichts, popup, popup-fenster, problem, rechts, scans, schei, sämtliche, thema, werbung |
Baum-Darstellung