Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Malwarebytes findet ctfmon.lnk im Startup-Ordner

Malwarebytes findet ctfmon.lnk im Startup-Ordner


Log-Analyse und Auswertung: Malwarebytes findet ctfmon.lnk im Startup-Ordner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Seite 1 von 2 1 2
Alt 03.08.2012, 19:59   #1
trojaner64
 
Malwarebytes findet ctfmon.lnk im Startup-Ordner - Standard

Malwarebytes findet ctfmon.lnk im Startup-Ordner


Hallo,
mein Rechner wurde heute leider auch vom Bundestrojaner infiziert. Nach einigen Stunden Recherche und mehreren Virus- und Malware-Scans erscheint das Logo des Trojaners nicht mehr.

Auch die Fehlermeldung nach dem Windows-Start, dass die Datei deo0_sar.exe nicht gefunden werden könne, konnte ich eliminieren, indem ich nochmal Malwarebytes suchen lies und den gefunden Link ctfmon.lnk (Trojan.Ransom.Gen) im Startup-Ordner meines Profils entfernt habe.

Ganz sicher bin ich mir aber nicht, ob ich damit schon alle Schritte zur
Beseitigung unternommen habe. Deshalb wende ich mich an das Helfer-Team mit der Bitte um Unterstützung.

Die Ergebnisse von defogger und OTL.exe habe ich beigefügt.

Vielen Dank für eure Mühe schon mal im voraus!

Alt 05.08.2012, 06:37   #2
t'john
/// Helfer-Team
 
Malwarebytes findet ctfmon.lnk im Startup-Ordner - Standard

Malwarebytes findet ctfmon.lnk im Startup-Ordner




Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {70C16E2F-12AD-4B0B-A608-5914C44580C6} 
IE:64bit: - HKLM\..\SearchScopes\{70C16E2F-12AD-4B0B-A608-5914C44580C6}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox 
IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.) 
IE - HKLM\..\SearchScopes,DefaultScope = {D3925CDA-2A20-49B8-95A1-C851E2CB4969} 
IE - HKLM\..\SearchScopes\{D3925CDA-2A20-49B8-95A1-C851E2CB4969}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox 
IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.) 
IE - HKCU\..\SearchScopes,DefaultScope = {D3925CDA-2A20-49B8-95A1-C851E2CB4969} 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - prefs.js..browser.search.selectedEngine: "Englische Ergebnisse" 
FF - prefs.js..browser.search.useDBForOrder: true 
FF - prefs.js..browser.startup.homepage: "http://go.web.de/tb/mff_startpage_home" 
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=2&q=" 
FF - prefs.js..network.proxy.type: 0 
FF - user.js - File not found 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found 
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. 
O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.) 
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.) 
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar_DE Toolbar) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.) 
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe () 
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () 
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart File not found 
O4 - HKCU..\Run: [Media Finder] "C:\Program Files (x86)\Media Finder\Media Finder.exe" /opentotray File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O8:64bit: - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found 
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found 
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) 
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) 
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) 
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
O33 - MountPoints2\E\Shell - "" = AutoRun 
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a 


[2012.08.03 09:42:17 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad 



[2012.08.03 20:02:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job 
[2012.08.03 17:34:50 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job 
[201
:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________

__________________
Alt 05.08.2012, 20:21   #3
trojaner64
 
Malwarebytes findet ctfmon.lnk im Startup-Ordner - Standard

Malwarebytes findet ctfmon.lnk im Startup-Ordner


Hallo,

vielen Dank für die schnelle Reaktion. Das Log der OTL.exe habe ich beigefügt.

VG

Code:
ATTFilter
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{70C16E2F-12AD-4B0B-A608-5914C44580C6}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70C16E2F-12AD-4B0B-A608-5914C44580C6}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\ deleted successfully.
C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D3925CDA-2A20-49B8-95A1-C851E2CB4969}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3925CDA-2A20-49B8-95A1-C851E2CB4969}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\ not found.
File C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "Englische Ergebnisse" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://go.web.de/tb/mff_startpage_home" removed from browser.startup.homepage
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=2&q=" removed from keyword.URL
Prefs.js: 0 removed from network.proxy.type
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\ not found.
File C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\ not found.
File C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}\ not found.
File C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Desktop Disc Tool deleted successfully.
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully.
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LexwareInfoService deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Media Finder deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\LaunchU3.exe -a not found.
C:\ProgramData\ras_0oed.pad moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
File 1 not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Andreas\Desktop\cmd.bat deleted successfully.
C:\Users\Andreas\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 16081492 bytes
->Temporary Internet Files folder emptied: 193789 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 31470292 bytes
->Flash cache emptied: 57112 bytes
 
User: All Users
 
User: Andreas
->Temp folder emptied: 48666063 bytes
->Temporary Internet Files folder emptied: 21417870 bytes
->Java cache emptied: 1349154 bytes
->FireFox cache emptied: 67805904 bytes
->Flash cache emptied: 57025 bytes
 
User: Brigitte
->Temp folder emptied: 301694863 bytes
->Temporary Internet Files folder emptied: 106206297 bytes
->Java cache emptied: 22398032 bytes
->FireFox cache emptied: 60111468 bytes
->Flash cache emptied: 12734818 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Jana
->Temp folder emptied: 2954828 bytes
->Temporary Internet Files folder emptied: 42655512 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 70585692 bytes
->Flash cache emptied: 506 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 416979 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 102494 bytes
RecycleBin emptied: 26304548384 bytes
 
Total Files Cleaned = 25.856,00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Andreas
->Flash cache emptied: 0 bytes
 
User: Brigitte
->Flash cache emptied: 0 bytes
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Jana
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.55.0 log created on 08052012_210423

Files\Folders moved on Reboot...
C:\Users\Andreas\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Andreas\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...
__________________
Alt 06.08.2012, 02:48   #4
t'john
/// Helfer-Team
 
Malwarebytes findet ctfmon.lnk im Startup-Ordner - Standard

Malwarebytes findet ctfmon.lnk im Startup-Ordner


Sehr gut!

Wie laeuft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
Mfg, t'john
Das TB unterstützen

Alt 06.08.2012, 19:59   #5
trojaner64
 
Malwarebytes findet ctfmon.lnk im Startup-Ordner - Standard

Malwarebytes findet ctfmon.lnk im Startup-Ordner


Hallo,

der Rechner zeigt keine Auffälligkeiten mehr. Aber es bleibt halt ein mulmiges Gefühl, wenn man feststellt, dass sich ein Virus oder ein Trojaner auf dem eigenen Rechner einschleichen konnte, obwohl man Vorkehrungen getroffen hat mit einem aktuellen Antiviren-Programm und Anti-Spyware.
Immerhin hat Malwarebytes jetzt keine bösartigen Objekte mehr gefunden.
Hier der Inhalt aus dem Log des AdwCleaners:

Code:
ATTFilter
# AdwCleaner v1.800 - Logfile created 08/06/2012 at 19:33:19
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Andreas - LAPTOP
# Running from : C:\Users\Andreas\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Andreas\AppData\Local\Conduit
Folder Found : C:\Users\Brigitte\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Jana\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Andreas\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Andreas\AppData\LocalLow\Conduit
Folder Found : C:\Users\Andreas\AppData\LocalLow\uTorrentBar_DE
Folder Found : C:\Users\Administrator\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Andreas\AppData\Roaming\Media Finder
Folder Found : C:\Users\Andreas\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Folder Found : C:\Users\Brigitte\AppData\Roaming\Mozilla\Firefox\Profiles\vwiu0t4k.default\extensions\staged
Folder Found : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\htsyhxg3.default\ConduitCommon
Folder Found : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\htsyhxg3.default\CT2851647
Folder Found : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\htsyhxg3.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\uTorrentBar_DE

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2851647
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\MediaFinder
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Key Found : HKLM\SOFTWARE\Classes\MF
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar_DE Toolbar
Key Found : HKLM\SOFTWARE\Software
Key Found : HKLM\SOFTWARE\uTorrentBar_DE
[x64] Key Found : HKCU\Software\AppDataLow\Software\Conduit
[x64] Key Found : HKCU\Software\AppDataLow\Software\SmartBar
[x64] Key Found : HKCU\Software\AppDataLow\Toolbar
[x64] Key Found : HKCU\Software\MediaFinder
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
[x64] Key Found : HKLM\SOFTWARE\Classes\MF

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{2E61BEA4-D5C3-443E-92B7-672B0E36D5FE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{67949584-D2DB-452C-8B0C-DB1C7F5B381B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E57273A-4BA4-4758-B225-0199CEB20383}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2E61BEA4-D5C3-443E-92B7-672B0E36D5FE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2E61BEA4-D5C3-443E-92B7-672B0E36D5FE}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2E61BEA4-D5C3-443E-92B7-672B0E36D5FE}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\Brigitte\AppData\Roaming\Mozilla\Firefox\Profiles\vwiu0t4k.default\prefs.js

Found : user_pref("extensions.smarterwiki.search_surfcanyon", false);

Profile name : default 
File : C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\99zdufqb.default\prefs.js

[OK] File is clean.

Profile name : default 
File : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\htsyhxg3.default\prefs.js

Found : user_pref("CT2851647..clientLogIsEnabled", false);
Found : user_pref("CT2851647..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2851647..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2851647.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT2851647.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2851647.AppTrackingLastCheckTime", "Thu Jul 19 2012 09:15:28 GMT+0200");
Found : user_pref("CT2851647.CTID", "CT2851647");
Found : user_pref("CT2851647.CurrentServerDate", "6-8-2012");
Found : user_pref("CT2851647.DSInstall", false);
Found : user_pref("CT2851647.DialogsAlignMode", "LTR");
Found : user_pref("CT2851647.DialogsGetterLastCheckTime", "Sun Aug 05 2012 20:55:21 GMT+0200");
Found : user_pref("CT2851647.DownloadReferralCookieData", "");
Found : user_pref("CT2851647.EMailNotifierPollDate", "Mon Aug 06 2012 17:38:57 GMT+0200");
Found : user_pref("CT2851647.FeedLastCount2532783744689806690", 501);
Found : user_pref("CT2851647.FeedPollDate2429156812186649977", "Mon Aug 06 2012 17:39:00 GMT+0200");
Found : user_pref("CT2851647.FeedPollDate2429156813040823546", "Mon Aug 06 2012 17:39:00 GMT+0200");
Found : user_pref("CT2851647.FeedPollDate2429156813130095866", "Mon Aug 06 2012 17:39:00 GMT+0200");
Found : user_pref("CT2851647.FeedPollDate2429156813224203613", "Mon Aug 06 2012 17:39:00 GMT+0200");
Found : user_pref("CT2851647.FeedPollDate2429156813230837251", "Mon Aug 06 2012 17:39:00 GMT+0200");
Found : user_pref("CT2851647.FeedPollDate2429156813454291735", "Mon Aug 06 2012 17:39:00 GMT+0200");
Found : user_pref("CT2851647.FeedPollDate2429156813729834876", "Mon Aug 06 2012 17:39:00 GMT+0200");
Found : user_pref("CT2851647.FeedPollDate2429156813860870021", "Mon Aug 06 2012 17:39:00 GMT+0200");
Found : user_pref("CT2851647.FeedPollDate2429156814264681793", "Mon Aug 06 2012 17:39:00 GMT+0200");
Found : user_pref("CT2851647.FeedPollDate2429156814863075366", "Mon Aug 06 2012 17:39:00 GMT+0200");
Found : user_pref("CT2851647.FeedPollDate2429156815257761081", "Mon Aug 06 2012 17:39:00 GMT+0200");
Found : user_pref("CT2851647.FeedTTL2429156813040823546", 15);
Found : user_pref("CT2851647.FeedTTL2429156813130095866", 10);
Found : user_pref("CT2851647.FeedTTL2429156813454291735", 5);
Found : user_pref("CT2851647.FeedTTL2429156814264681793", 5);
Found : user_pref("CT2851647.FirstServerDate", "12-6-2012");
Found : user_pref("CT2851647.FirstTime", true);
Found : user_pref("CT2851647.FirstTimeFF3", true);
Found : user_pref("CT2851647.FirstTimeHiddenVer", true);
Found : user_pref("CT2851647.FixPageNotFoundErrors", true);
Found : user_pref("CT2851647.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2851647.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2851647.HPInstall", false);
Found : user_pref("CT2851647.HasUserGlobalKeys", true);
Found : user_pref("CT2851647.HomePageProtectorEnabled", false);
Found : user_pref("CT2851647.HomepageBeforeUnload", "hxxp://go.web.de/tb/mff_startpage_home");
Found : user_pref("CT2851647.Initialize", true);
Found : user_pref("CT2851647.InitializeCommonPrefs", true);
Found : user_pref("CT2851647.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2851647.InstallationId", "fft5939.tmp.exe");
Found : user_pref("CT2851647.InstallationType", "XPE");
Found : user_pref("CT2851647.InstalledDate", "Tue Jun 12 2012 19:10:03 GMT+0200");
Found : user_pref("CT2851647.IsAlertDBUpdated", true);
Found : user_pref("CT2851647.IsGrouping", false);
Found : user_pref("CT2851647.IsInitSetupIni", true);
Found : user_pref("CT2851647.IsMulticommunity", false);
Found : user_pref("CT2851647.IsOpenThankYouPage", true);
Found : user_pref("CT2851647.IsOpenUninstallPage", false);
Found : user_pref("CT2851647.LanguagePackLastCheckTime", "Mon Aug 06 2012 17:39:01 GMT+0200");
Found : user_pref("CT2851647.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2851647.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2851647.LastLogin_3.13.0.6", "Thu Jul 19 2012 09:15:20 GMT+0200");
Found : user_pref("CT2851647.LastLogin_3.14.1.0", "Mon Aug 06 2012 17:38:59 GMT+0200");
Found : user_pref("CT2851647.LatestVersion", "3.14.1.0");
Found : user_pref("CT2851647.Locale", "de");
Found : user_pref("CT2851647.MCDetectTooltipHeight", "83");
Found : user_pref("CT2851647.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2851647.MCDetectTooltipWidth", "295");
Found : user_pref("CT2851647.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT2851647.OriginalFirstVersion", "3.13.0.6");
Found : user_pref("CT2851647.SearchCaption", "uTorrentBar_DE Customized Web Search");
Found : user_pref("CT2851647.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Found : user_pref("CT2851647.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2851647.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT285[...]
Found : user_pref("CT2851647.SearchInNewTabEnabled", true);
Found : user_pref("CT2851647.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2851647.SearchInNewTabLastCheckTime", "Mon Aug 06 2012 17:38:57 GMT+0200");
Found : user_pref("CT2851647.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2851647.SearchProtectorEnabled", false);
Found : user_pref("CT2851647.SearchProtectorToolbarDisabled", false);
Found : user_pref("CT2851647.SendProtectorDataViaLogin", true);
Found : user_pref("CT2851647.ServiceMapLastCheckTime", "Mon Aug 06 2012 17:38:58 GMT+0200");
Found : user_pref("CT2851647.SettingsLastCheckTime", "Mon Aug 06 2012 17:38:56 GMT+0200");
Found : user_pref("CT2851647.SettingsLastUpdate", "1342353909");
Found : user_pref("CT2851647.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2851647&SearchSource=13");
Found : user_pref("CT2851647.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2851647.ThirdPartyComponentsLastCheck", "Thu Jul 26 2012 20:07:05 GMT+0200");
Found : user_pref("CT2851647.ThirdPartyComponentsLastUpdate", "1331806000");
Found : user_pref("CT2851647.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT2851647.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2851647");
Found : user_pref("CT2851647.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT2851647.UserID", "UN85873740707211467");
Found : user_pref("CT2851647.ValidationData_Toolbar", 1);
Found : user_pref("CT2851647.WeatherNetwork", "");
Found : user_pref("CT2851647.WeatherPollDate", "Mon Aug 06 2012 17:39:00 GMT+0200");
Found : user_pref("CT2851647.WeatherUnit", "C");
Found : user_pref("CT2851647.alertChannelId", "1243681");
Found : user_pref("CT2851647.autoDisableScopes", -1);
Found : user_pref("CT2851647.backendstorage.cb_experience_000", "35");
Found : user_pref("CT2851647.backendstorage.cb_firstuse0100", "31");
Found : user_pref("CT2851647.backendstorage.cb_user_id_000", "43423138353834313733313537335F46697265666F78")[...]
Found : user_pref("CT2851647.backendstorage.cbcountry_000", "4445");
Found : user_pref("CT2851647.backendstorage.cbcountry_001", "4445");
Found : user_pref("CT2851647.backendstorage.cbfirsttime", "547565204A756E20313220323031322031393A31303A31312[...]
Found : user_pref("CT2851647.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...]
Found : user_pref("CT2851647.backendstorage.url_history0001", "687474703A2F2F7777772E62722E64652F726164696F2[...]
Found : user_pref("CT2851647.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT2851647.globalFirstTimeInfoLastCheckTime", "Mon Aug 06 2012 17:39:01 GMT+0200");
Found : user_pref("CT2851647.homepageProtectorEnableByLogin", true);
Found : user_pref("CT2851647.initDone", true);
Found : user_pref("CT2851647.isAppTrackingManagerOn", true);
Found : user_pref("CT2851647.myStuffEnabled", true);
Found : user_pref("CT2851647.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2851647.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2851647.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2851647.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2851647.navigateToUrlOnSearch", false);
Found : user_pref("CT2851647.oldAppsList", "129351532244963279,129351532245275780,1000234,129791456886122866[...]
Found : user_pref("CT2851647.revertSettingsEnabled", true);
Found : user_pref("CT2851647.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT2851647.searchProtectorEnableByLogin", true);
Found : user_pref("CT2851647.testingCtid", "");
Found : user_pref("CT2851647.toolbarAppMetaDataLastCheckTime", "Mon Aug 06 2012 17:39:01 GMT+0200");
Found : user_pref("CT2851647.toolbarContextMenuLastCheckTime", "Mon Jul 30 2012 17:39:21 GMT+0200");
Found : user_pref("CT2851647.usagesFlag", 2);
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2851647/CT2851647[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2851647", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2851647",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"d12[...]
Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Andreas\\AppData\\Roaming\\Mozilla\[...]
Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.14.1.0");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2851647");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2851647");
Found : user_pref("CommunityToolbar.ToolbarsList4", "CT2851647");
Found : user_pref("CommunityToolbar.globalUserId", "40556531-ed25-416a-b3d3-6187ad4deda4");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2851647");
Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Jul 30 2012 17:39:2[...]
Found : user_pref("CommunityToolbar.notifications.alertEnabled", false);
Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.notifications.locale", "en");
Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Aug 06 2012 17:39:02 GMT+0200");
Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.notifications.userId", "fc916a99-b53b-4968-bfb1-b2b2407e0998");
Found : user_pref("CommunityToolbar.originalHomepage", "hxxp://go.web.de/tb/mff_startpage_home");
Found : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]
Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=2&q=[...]

Profile name : default 
File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ib2txj42.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [17790 octets] - [06/08/2012 19:33:19]

########## EOF - C:\AdwCleaner[R1].txt - [17919 octets] ##########
VG


Alt 07.08.2012, 13:52   #6
t'john
/// Helfer-Team
 
Malwarebytes findet ctfmon.lnk im Startup-Ordner - Standard

Malwarebytes findet ctfmon.lnk im Startup-Ordner


Wo ist das Malwarebytes Logfile?
__________________
--> Malwarebytes findet ctfmon.lnk im Startup-Ordner

Alt 07.08.2012, 16:39   #7
trojaner64
 
Malwarebytes findet ctfmon.lnk im Startup-Ordner - Standard

Malwarebytes findet ctfmon.lnk im Startup-Ordner


Sorry,

hab' ich glatt überlesen und reiche den Inhalt hiermit nach.

Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.06.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Andreas :: LAPTOP [Administrator]

06.08.2012 17:45:19
mbam-log-2012-08-06 (17-45-19).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 413856
Laufzeit: 1 Stunde(n), 33 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Alt 07.08.2012, 17:23   #8
t'john
/// Helfer-Team
 
Malwarebytes findet ctfmon.lnk im Startup-Ordner - Standard

Malwarebytes findet ctfmon.lnk im Startup-Ordner


Sehr gut!


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 08.08.2012, 18:53   #9
trojaner64
 
Malwarebytes findet ctfmon.lnk im Startup-Ordner - Standard

Malwarebytes findet ctfmon.lnk im Startup-Ordner


Hallo,

hier die Ergebnisse der Scans.

AdwCleaner

Code:
ATTFilter
# AdwCleaner v1.800 - Logfile created 08/08/2012 at 17:47:33
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Andreas - LAPTOP
# Running from : C:\Users\Andreas\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Andreas\AppData\Local\Conduit
Folder Deleted : C:\Users\Brigitte\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Jana\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Andreas\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Andreas\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Andreas\AppData\LocalLow\uTorrentBar_DE
Folder Deleted : C:\Users\Administrator\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Andreas\AppData\Roaming\Media Finder
Folder Deleted : C:\Users\Andreas\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Folder Deleted : C:\Users\Brigitte\AppData\Roaming\Mozilla\Firefox\Profiles\vwiu0t4k.default\extensions\staged
Folder Deleted : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\htsyhxg3.default\ConduitCommon
Folder Deleted : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\htsyhxg3.default\CT2851647
Folder Deleted : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\htsyhxg3.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\uTorrentBar_DE

***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2851647
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Ask.com.tmp
Key Deleted : HKCU\Software\MediaFinder
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Key Deleted : HKLM\SOFTWARE\Classes\MF
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar_DE Toolbar
Key Deleted : HKLM\SOFTWARE\Software
Key Deleted : HKLM\SOFTWARE\uTorrentBar_DE

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2E61BEA4-D5C3-443E-92B7-672B0E36D5FE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{67949584-D2DB-452C-8B0C-DB1C7F5B381B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E57273A-4BA4-4758-B225-0199CEB20383}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2E61BEA4-D5C3-443E-92B7-672B0E36D5FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2E61BEA4-D5C3-443E-92B7-672B0E36D5FE}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\Brigitte\AppData\Roaming\Mozilla\Firefox\Profiles\vwiu0t4k.default\prefs.js

Deleted : user_pref("extensions.smarterwiki.search_surfcanyon", false);

Profile name : default 
File : C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\99zdufqb.default\prefs.js

[OK] File is clean.

Profile name : default 
File : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\htsyhxg3.default\prefs.js

Deleted : user_pref("CT2851647..clientLogIsEnabled", false);
Deleted : user_pref("CT2851647..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2851647..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2851647.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2851647.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2851647.AppTrackingLastCheckTime", "Thu Jul 19 2012 09:15:28 GMT+0200");
Deleted : user_pref("CT2851647.CTID", "CT2851647");
Deleted : user_pref("CT2851647.CurrentServerDate", "8-8-2012");
Deleted : user_pref("CT2851647.DSInstall", false);
Deleted : user_pref("CT2851647.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2851647.DialogsGetterLastCheckTime", "Sun Aug 05 2012 20:55:21 GMT+0200");
Deleted : user_pref("CT2851647.DownloadReferralCookieData", "");
Deleted : user_pref("CT2851647.EMailNotifierPollDate", "Wed Aug 08 2012 17:45:24 GMT+0200");
Deleted : user_pref("CT2851647.FeedLastCount2532783744689806690", 501);
Deleted : user_pref("CT2851647.FeedPollDate2429156812186649977", "Wed Aug 08 2012 17:35:25 GMT+0200");
Deleted : user_pref("CT2851647.FeedPollDate2429156813040823546", "Wed Aug 08 2012 17:35:25 GMT+0200");
Deleted : user_pref("CT2851647.FeedPollDate2429156813130095866", "Wed Aug 08 2012 17:35:25 GMT+0200");
Deleted : user_pref("CT2851647.FeedPollDate2429156813224203613", "Wed Aug 08 2012 17:35:25 GMT+0200");
Deleted : user_pref("CT2851647.FeedPollDate2429156813230837251", "Wed Aug 08 2012 17:35:25 GMT+0200");
Deleted : user_pref("CT2851647.FeedPollDate2429156813454291735", "Wed Aug 08 2012 17:35:25 GMT+0200");
Deleted : user_pref("CT2851647.FeedPollDate2429156813729834876", "Wed Aug 08 2012 17:35:25 GMT+0200");
Deleted : user_pref("CT2851647.FeedPollDate2429156813860870021", "Wed Aug 08 2012 17:35:25 GMT+0200");
Deleted : user_pref("CT2851647.FeedPollDate2429156814264681793", "Wed Aug 08 2012 17:35:25 GMT+0200");
Deleted : user_pref("CT2851647.FeedPollDate2429156814863075366", "Wed Aug 08 2012 17:35:25 GMT+0200");
Deleted : user_pref("CT2851647.FeedPollDate2429156815257761081", "Wed Aug 08 2012 17:35:25 GMT+0200");
Deleted : user_pref("CT2851647.FeedTTL2429156813040823546", 15);
Deleted : user_pref("CT2851647.FeedTTL2429156813130095866", 10);
Deleted : user_pref("CT2851647.FeedTTL2429156813454291735", 5);
Deleted : user_pref("CT2851647.FeedTTL2429156814264681793", 5);
Deleted : user_pref("CT2851647.FirstServerDate", "12-6-2012");
Deleted : user_pref("CT2851647.FirstTime", true);
Deleted : user_pref("CT2851647.FirstTimeFF3", true);
Deleted : user_pref("CT2851647.FirstTimeHiddenVer", true);
Deleted : user_pref("CT2851647.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2851647.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2851647.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2851647.HPInstall", false);
Deleted : user_pref("CT2851647.HasUserGlobalKeys", true);
Deleted : user_pref("CT2851647.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2851647.HomepageBeforeUnload", "hxxp://go.web.de/tb/mff_startpage_home");
Deleted : user_pref("CT2851647.Initialize", true);
Deleted : user_pref("CT2851647.InitializeCommonPrefs", true);
Deleted : user_pref("CT2851647.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2851647.InstallationId", "fft5939.tmp.exe");
Deleted : user_pref("CT2851647.InstallationType", "XPE");
Deleted : user_pref("CT2851647.InstalledDate", "Tue Jun 12 2012 19:10:03 GMT+0200");
Deleted : user_pref("CT2851647.IsAlertDBUpdated", true);
Deleted : user_pref("CT2851647.IsGrouping", false);
Deleted : user_pref("CT2851647.IsInitSetupIni", true);
Deleted : user_pref("CT2851647.IsMulticommunity", false);
Deleted : user_pref("CT2851647.IsOpenThankYouPage", true);
Deleted : user_pref("CT2851647.IsOpenUninstallPage", false);
Deleted : user_pref("CT2851647.LanguagePackLastCheckTime", "Wed Aug 08 2012 17:35:24 GMT+0200");
Deleted : user_pref("CT2851647.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2851647.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2851647.LastLogin_3.13.0.6", "Thu Jul 19 2012 09:15:20 GMT+0200");
Deleted : user_pref("CT2851647.LastLogin_3.14.1.0", "Wed Aug 08 2012 17:35:24 GMT+0200");
Deleted : user_pref("CT2851647.LatestVersion", "3.14.1.0");
Deleted : user_pref("CT2851647.Locale", "de");
Deleted : user_pref("CT2851647.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2851647.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2851647.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2851647.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2851647.OriginalFirstVersion", "3.13.0.6");
Deleted : user_pref("CT2851647.SearchCaption", "uTorrentBar_DE Customized Web Search");
Deleted : user_pref("CT2851647.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Deleted : user_pref("CT2851647.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2851647.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT285[...]
Deleted : user_pref("CT2851647.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2851647.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2851647.SearchInNewTabLastCheckTime", "Wed Aug 08 2012 17:35:23 GMT+0200");
Deleted : user_pref("CT2851647.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2851647.SearchProtectorEnabled", false);
Deleted : user_pref("CT2851647.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2851647.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT2851647.ServiceMapLastCheckTime", "Wed Aug 08 2012 17:35:23 GMT+0200");
Deleted : user_pref("CT2851647.SettingsLastCheckTime", "Wed Aug 08 2012 17:35:21 GMT+0200");
Deleted : user_pref("CT2851647.SettingsLastUpdate", "1342353909");
Deleted : user_pref("CT2851647.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2851647&SearchSource=13");
Deleted : user_pref("CT2851647.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2851647.ThirdPartyComponentsLastCheck", "Thu Jul 26 2012 20:07:05 GMT+0200");
Deleted : user_pref("CT2851647.ThirdPartyComponentsLastUpdate", "1331806000");
Deleted : user_pref("CT2851647.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2851647.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2851647");
Deleted : user_pref("CT2851647.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2851647.UserID", "UN85873740707211467");
Deleted : user_pref("CT2851647.ValidationData_Toolbar", 1);
Deleted : user_pref("CT2851647.WeatherNetwork", "");
Deleted : user_pref("CT2851647.WeatherPollDate", "Wed Aug 08 2012 17:35:25 GMT+0200");
Deleted : user_pref("CT2851647.WeatherUnit", "C");
Deleted : user_pref("CT2851647.alertChannelId", "1243681");
Deleted : user_pref("CT2851647.autoDisableScopes", -1);
Deleted : user_pref("CT2851647.backendstorage.cb_experience_000", "35");
Deleted : user_pref("CT2851647.backendstorage.cb_firstuse0100", "31");
Deleted : user_pref("CT2851647.backendstorage.cb_user_id_000", "43423138353834313733313537335F46697265666F78")[...]
Deleted : user_pref("CT2851647.backendstorage.cbcountry_000", "4445");
Deleted : user_pref("CT2851647.backendstorage.cbcountry_001", "4445");
Deleted : user_pref("CT2851647.backendstorage.cbfirsttime", "547565204A756E20313220323031322031393A31303A31312[...]
Deleted : user_pref("CT2851647.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...]
Deleted : user_pref("CT2851647.backendstorage.url_history0001", "687474703A2F2F7777772E74726F6A616E65722D626F6[...]
Deleted : user_pref("CT2851647.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2851647.globalFirstTimeInfoLastCheckTime", "Mon Aug 06 2012 17:39:01 GMT+0200");
Deleted : user_pref("CT2851647.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2851647.initDone", true);
Deleted : user_pref("CT2851647.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2851647.myStuffEnabled", true);
Deleted : user_pref("CT2851647.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2851647.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2851647.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2851647.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2851647.navigateToUrlOnSearch", false);
Deleted : user_pref("CT2851647.oldAppsList", "129351532244963279,129351532245275780,1000234,129791456886122866[...]
Deleted : user_pref("CT2851647.revertSettingsEnabled", true);
Deleted : user_pref("CT2851647.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2851647.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2851647.testingCtid", "");
Deleted : user_pref("CT2851647.toolbarAppMetaDataLastCheckTime", "Wed Aug 08 2012 17:35:24 GMT+0200");
Deleted : user_pref("CT2851647.toolbarContextMenuLastCheckTime", "Mon Jul 30 2012 17:39:21 GMT+0200");
Deleted : user_pref("CT2851647.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2851647/CT2851647[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2851647", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2851647",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"ecc[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Andreas\\AppData\\Roaming\\Mozilla\[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.14.1.0");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2851647");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2851647");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2851647");
Deleted : user_pref("CommunityToolbar.globalUserId", "40556531-ed25-416a-b3d3-6187ad4deda4");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2851647");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Aug 07 2012 17:34:1[...]
Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", false);
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed Aug 08 2012 17:35:27 GMT+0200");
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "fc916a99-b53b-4968-bfb1-b2b2407e0998");
Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://go.web.de/tb/mff_startpage_home");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=2&q=[...]

Profile name : default 
File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ib2txj42.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [17899 octets] - [06/08/2012 19:33:19]
AdwCleaner[S1].txt - [17557 octets] - [08/08/2012 17:47:33]

########## EOF - C:\AdwCleaner[S1].txt - [17686 octets] ##########

Und der Bericht von Emsisoft

Code:
ATTFilter
Emsisoft Anti-Malware - Version 6.6
Letztes Update: 08.08.2012 17:58:30

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:	08.08.2012 18:04:08

C:\Users\Jana\Saved Games\Polar Bowler\Polar.Bowler.v1.0-NiTROUS\crack.zip -> Polar.exe 	gefunden: Email-Worm.Win32.Brontok!E2
C:\Users\Jana\Saved Games\Polar Bowler\Polar.Bowler.v1.0-NiTROUS\Polar.exe 	gefunden: Email-Worm.Win32.Brontok!E2
C:\Users\Jana\Downloads\Polar.Bowler.v1.0-NiTROUS.ZIP -> Polar.Bowler.v1.0-NiTROUS\crack.zip 	gefunden: Email-Worm.Win32.Brontok!E2
C:\Users\Jana\Downloads\Polar.Bowler.v1.0-NiTROUS.ZIP -> Polar.Bowler.v1.0-NiTROUS\crack.zip -> Polar.exe 	gefunden: Email-Worm.Win32.Brontok!E2
C:\Users\Andreas\Downloads\Windows+7+Loader+v2.1.1+by+Daz+(x86+&+x64).zip -> Windows Loader\Windows Loader.exe 	gefunden: HackTool.Win32.Gendows!E2
C:\Users\Andreas\Downloads\Windows Loader\Windows Loader.exe 	gefunden: HackTool.Win32.Gendows.AMN!E1
C:\Users\Andreas\Desktop\Download\ Polar Bowler.rar -> Polar Bowler\Polar.exe 	gefunden: Email-Worm.Win32.Brontok!E2
C:\source\Easytools\easyusetool_frontend_0514_gsmfree.exe 	gefunden: Backdoor.Win32.Hupigon!E2
C:\$Recycle.Bin\S-1-5-21-3292852919-811151621-2006029298-1004\$R67DO79.exe 	gefunden: Email-Worm.Win32.Brontok!E2

Gescannt	602907
Gefunden	9

Scan Ende:	08.08.2012 19:41:52
Scan Zeit:	1:37:44

C:\source\Easytools\easyusetool_frontend_0514_gsmfree.exe	Quarantäne Backdoor.Win32.Hupigon!E2
C:\Users\Andreas\Downloads\Windows Loader\Windows Loader.exe	Quarantäne HackTool.Win32.Gendows.AMN!E1
C:\Users\Andreas\Downloads\Windows+7+Loader+v2.1.1+by+Daz+(x86+&+x64).zip -> Windows Loader\Windows Loader.exe	Quarantäne HackTool.Win32.Gendows!E2
C:\Users\Jana\Saved Games\Polar Bowler\Polar.Bowler.v1.0-NiTROUS\crack.zip -> Polar.exe	Quarantäne Email-Worm.Win32.Brontok!E2
C:\Users\Jana\Saved Games\Polar Bowler\Polar.Bowler.v1.0-NiTROUS\Polar.exe	Quarantäne Email-Worm.Win32.Brontok!E2
C:\Users\Jana\Downloads\Polar.Bowler.v1.0-NiTROUS.ZIP -> Polar.Bowler.v1.0-NiTROUS\crack.zip	Quarantäne Email-Worm.Win32.Brontok!E2
C:\Users\Andreas\Desktop\Download\ Polar Bowler.rar -> Polar Bowler\Polar.exe	Quarantäne Email-Worm.Win32.Brontok!E2
C:\$Recycle.Bin\S-1-5-21-3292852919-811151621-2006029298-1004\$R67DO79.exe	Quarantäne Email-Worm.Win32.Brontok!E2

Quarantäne	8
VG

Alt 08.08.2012, 19:08   #10
t'john
/// Helfer-Team
 
Malwarebytes findet ctfmon.lnk im Startup-Ordner - Standard

Malwarebytes findet ctfmon.lnk im Startup-Ordner


Sehr gut!


Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
__________________
Mfg, t'john
Das TB unterstützen

Alt 08.08.2012, 21:23   #11
trojaner64
 
Malwarebytes findet ctfmon.lnk im Startup-Ordner - Standard

Malwarebytes findet ctfmon.lnk im Startup-Ordner


Hallo,

ich frage vorsichtshalber mal nach. Die letzte Nachricht ist identisch mit der vorletzten. Ist die Empfehlung, die Schritte nochmal zu wiederholen?

mfg
trojaner64

Alt 09.08.2012, 07:45   #12
t'john
/// Helfer-Team
 
Malwarebytes findet ctfmon.lnk im Startup-Ordner - Standard

Malwarebytes findet ctfmon.lnk im Startup-Ordner


Sorry, habs korrigiert: http://www.trojaner-board.de/121180-...tml#post887041
__________________
Mfg, t'john
Das TB unterstützen

Alt 09.08.2012, 19:26   #13
trojaner64
 
Malwarebytes findet ctfmon.lnk im Startup-Ordner - Standard

Malwarebytes findet ctfmon.lnk im Startup-Ordner


Hallo,

nachfolgend das Log von Eset.

VG

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c1fe810d46c705459e36fc82485e9a14
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-09 05:51:43
# local_time=2012-08-09 07:51:43 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 25310362 25310362 0 0
# compatibility_mode=5893 16776573 100 94 85132 96156642 0 0
# compatibility_mode=8192 67108863 100 0 166 166 0 0
# scanned=169154
# found=2
# cleaned=2
# scan_time=7932
C:\Users\Brigitte\Downloads\Setup_MoviesToDVD.exe	Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\Brigitte\Downloads\Microsoft.Windows.7.Enterprise.x64.SP1.GERMAN-BIE-PLZ\bie764sp1g.iso	a variant of Win32/HackKMS.A application (deleted - quarantined)	00000000000000000000000000000000	C

Alt 10.08.2012, 12:43   #14
t'john
/// Helfer-Team
 
Malwarebytes findet ctfmon.lnk im Startup-Ordner - Standard

Malwarebytes findet ctfmon.lnk im Startup-Ordner


Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 5 ) herunter laden.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
  • Klicke erneut OK.


Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 14.08.2012, 15:25   #15
trojaner64
 
Malwarebytes findet ctfmon.lnk im Startup-Ordner - Standard

Malwarebytes findet ctfmon.lnk im Startup-Ordner


Hallo,

die neueste Java-Version habe ich installiert. Wie ich bei der Bereinigung des Systems gesehen hatte, ist der Trojaner auch über Java in mein System gelangt.

Die Java-Einstellungen habe ich auch gemäß eurer Empfehlung eingestellt.
Antwort
Seite 1 von 2 1 2

Themen zu Malwarebytes findet ctfmon.lnk im Startup-Ordner
bundes, bundestrojaner, ctfmon.lnk, datei, defogger, deo0_sar.exe, eliminieren, entfern, entfernt, ergebnisse, erschein, erscheint, fehlermeldung, gefunde, heute, infiziert., konnte, link, malwarebytes, mehreren, otl.exe, rechner, schritte, stunde, stunden, suche, trojan.ransom.gen, trojaners


« Polizei Virus Österreich | GVU Trojaner »


Ähnliche Themen: Malwarebytes findet ctfmon.lnk im Startup-Ordner


  1. Malwarebytes findet PUP
    Plagegeister aller Art und deren Bekämpfung - 31.07.2015 (30)
  2. Malwarebytes 2.0 scannt nicht alle Ordner
    Antiviren-, Firewall- und andere Schutzprogramme - 25.04.2014 (25)
  3. Avast findet Virus und Malwarebytes findet Viren
    Plagegeister aller Art und deren Bekämpfung - 12.03.2014 (7)
  4. Kaspersky findet 7 Trojaner, kann aber nur 2 verarbeiten - malwarebytes findet nichts
    Plagegeister aller Art und deren Bekämpfung - 18.12.2013 (6)
  5. AVG findet 32 Rootkits,kann sie aber nicht eliminieren ,Malwarebytes findet nichts
    Plagegeister aller Art und deren Bekämpfung - 16.10.2013 (5)
  6. avast findet JS:Downloader-blr, malwarebytes findet Exploit.Drop.GSA
    Plagegeister aller Art und deren Bekämpfung - 03.04.2013 (6)
  7. Malewarebytes Fund Trojan.Ransom.Gen c:\..\AppData\Roaming\Microsoft\Windows\StartMenu\Programs\Startup\ctfmon.Ink und Hijack.Shell.Gen
    Log-Analyse und Auswertung - 01.11.2012 (8)
  8. BKA-Trojaner - ..\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen)
    Log-Analyse und Auswertung - 14.09.2012 (9)
  9. AntiVir findet nichts doch Malwarebytes findet 22 infizierte Dateien
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (21)
  10. Trojan.Ransom.Gen in …\Start Menu\Programs\Startup\ctfmon.lnk
    Plagegeister aller Art und deren Bekämpfung - 07.08.2012 (19)
  11. ctfmon.lnk (Trojan.Ranson.Gen) in User Startup (lt. Malwarebytes), vorher BR/RevetonBX.A.1
    Log-Analyse und Auswertung - 05.08.2012 (10)
  12. 0_0uI.exe,FQ10 c:\user\musterman\appdate\roaming\microsoft\windows\startmenü\programs\startup\ctfmon
    Log-Analyse und Auswertung - 09.07.2012 (3)
  13. Antivirus findet versteckten Ordner in System32
    Log-Analyse und Auswertung - 09.01.2012 (1)
  14. Trojan Hunt findet die Trojaner sinowal.727 und agent.28. Malwarebytes findet nichts?
    Plagegeister aller Art und deren Bekämpfung - 15.11.2011 (1)
  15. Suche alle möglichen startup ordner/registrys
    Alles rund um Windows - 22.04.2011 (2)
  16. malwarebytes findet schädlinge
    Plagegeister aller Art und deren Bekämpfung - 09.09.2010 (20)
  17. vwbrwhj.exe Findet ss&D in system 32 ordner
    Plagegeister aller Art und deren Bekämpfung - 05.12.2007 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Malwarebytes findet ctfmon.lnk im Startup-Ordner - Hallo, mein Rechner wurde heute leider auch vom Bundestrojaner infiziert. Nach einigen Stunden Recherche und mehreren Virus- und Malware-Scans erscheint das Logo des Trojaners nicht mehr. Auch die Fehlermeldung nach - Malwarebytes findet ctfmon.lnk im Startup-Ordner...
Archiv
Du betrachtest: Malwarebytes findet ctfmon.lnk im Startup-Ordner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19