|
Log-Analyse und Auswertung: Trojaner Weisser Bildschirm - OTLPE-Log AuswertungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
12.08.2012, 19:24 | #1 |
| Trojaner Weisser Bildschirm - OTLPE-Log Auswertung Hallo, ich hab mir den Trojaner "Weisser Bildschirm" eingefangen - Auch ein Hochfahren im abgesicherten Modus ist leider nicht mehr möglich - habe nun wie im Forum gelesen mit der Software REATOGO-X-PE gebootet und über OTLPE eine Logdatei erstellt. Kann mir hier nun jemand weiterhelfen - Vielen Dank Anhang = Log |
14.08.2012, 04:48 | #2 |
/// Helfer-Team | Trojaner Weisser Bildschirm - OTLPE-Log AuswertungFixen mit OTLpe
Code:
ATTFilter :OTL SRV - File not found [Auto] -- -- (W700bus) SRV - File not found [Auto] -- -- (UBHelper) SRV - File not found [Auto] -- -- (tpkmpsvc) SRV - File not found [Auto] -- -- (TPECioCtl) SRV - File not found [Auto] -- -- (tosrfnds) SRV - File not found [Auto] -- -- (symproxysvc) SRV - File not found [Auto] -- -- (se2Bunic) SRV - File not found [Auto] -- -- (SE2Bobex) SRV - File not found [Auto] -- -- (sddmi2) SRV - File not found [Auto] -- -- (pxfhbus) SRV - File not found [Auto] -- -- (PSDFilter) SRV - File not found [Auto] -- -- (nsm1mdfl) SRV - File not found [Auto] -- -- (npkcmsvc) SRV - File not found [Auto] -- -- (NOWMEMDF) SRV - File not found [Auto] -- -- (ngserver) SRV - File not found [Auto] -- -- (mwstick) SRV - File not found [Auto] -- -- (mvwebserver) SRV - File not found [Auto] -- -- (lxdj_device) SRV - File not found [Auto] -- -- (LVCap138) SRV - File not found [Auto] -- -- (incdpass) SRV - File not found [Auto] -- -- (iaimtv4) SRV - File not found [Auto] -- -- (hotspotshieldservice) SRV - File not found [Auto] -- -- (fsssvc) SRV - File not found [Auto] -- -- (ET5Drv) SRV - File not found [Auto] -- -- (DS1410D) SRV - File not found [Auto] -- -- (dpc_srv_webcast) SRV - File not found [Auto] -- -- (avg7alrt) SRV - [2012/07/11 11:15:03 | 004,419,392 | ---- | M] () [Auto] -- C:\program files\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai) IE - HKLM\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - Reg Error: Key error. File not found IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = IE - HKU\Tomboy_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2475029 IE - HKU\Tomboy_ON_C\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - Reg Error: Key error. File not found IE - HKU\Tomboy_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\Tomboy_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421; IE - HKU\Tomboy_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=127.0.0.1:12862 O2 - BHO: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. O2 - BHO: (no name) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - No CLSID value found. O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) F3 - HKU\Tomboy_ON_C WinNT: Load - (C:\Users\Tomboy\AppData\Local\Temp\{11226936-4792-9370-8158-693704815826}.exe) - File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKU\Tomboy_ON_C Winlogon: Shell - (C:\Users\Tomboy\AppData\Roaming\msconfig.dat) - C:\Users\Tomboy\AppData\Roaming\msconfig.dat () O20 - Winlogon\Notify\SDWinLogon: DllName - SDWinLogon.dll - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:C895616B [2012/07/11 16:43:07 | 004,503,728 | ---- | C] () -- C:\ProgramData\go_0molg.pad [2012/01/12 04:35:54 | 000,178,688 | ---- | C] () -- C:\Users\Tomboy\AppData\Roaming\msconfig.dat :Files ipconfig /flushdns /c :Commands [purity] [emptytemp]
__________________ |
14.08.2012, 08:20 | #3 |
| Trojaner Weisser Bildschirm - OTLPE-Log Auswertung Danke für die Infos / Unterstützung
__________________Konnte inzwischen meinen PC zum Laufen bekommen mit Kaspersky Rescue Disk - und hab danach mit Virensuchprogrammen bereits 4 Schädlinge gefunden und vom Rechner gelöscht - vermutlich sind aber im Hintergrund noch weitere Viren/Trojaner - wie kann ich diese nun am besten finden und vernichten ? (Auch über eine OTLPE-Auswertung ?) Die Windows Firewall kann ich aktuell leider auch nicht aktivieren ! DANKE |
14.08.2012, 08:34 | #4 |
/// Helfer-Team | Trojaner Weisser Bildschirm - OTLPE-Log Auswertung Hat Kaspersky ein Log hinterlassen? 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten. |
15.08.2012, 21:08 | #5 |
| Trojaner Weisser Bildschirm - OTLPE-Log Auswertung Log von Malwarbytes sieht gut aus - soll ich noch weitere Programme zur Kontrolle laufen lassen ? Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.15.07 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 Tomboy :: TOMBOY-PC [Administrator] Schutz: Aktiviert 15.08.2012 19:37:31 mbam-log-2012-08-15 (19-37-31).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 349010 Laufzeit: 1 Stunde(n), 36 Minute(n), 55 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
15.08.2012, 21:37 | #6 |
/// Helfer-Team | Trojaner Weisser Bildschirm - OTLPE-Log Auswertung Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ --> Trojaner Weisser Bildschirm - OTLPE-Log Auswertung |
16.08.2012, 18:19 | #7 |
| Trojaner Weisser Bildschirm - OTLPE-Log Auswertung # AdwCleaner v1.801 - Logfile created 08/16/2012 at 19:18:15 # Updated 14/08/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (32 bits) # User : Tomboy - TOMBOY-PC # Boot Mode : Normal # Running from : C:\Users\Tomboy\Downloads\adwcleaner.exe # Option [Search] ***** [Services] ***** ***** [Files / Folders] ***** Folder Found : C:\Users\Tomboy\AppData\Local\Conduit Folder Found : C:\Users\Tomboy\AppData\LocalLow\Conduit Folder Found : C:\Users\Tomboy\AppData\LocalLow\ConduitEngine Folder Found : C:\Users\Tomboy\AppData\LocalLow\MyAshampoo Folder Found : C:\Users\Tomboy\AppData\Roaming\Mozilla\Firefox\Profiles\xi6k0bf7.default\Conduit Folder Found : C:\Program Files\Conduit Folder Found : C:\Program Files\ConduitEngine Folder Found : C:\Program Files\MyAshampoo File Found : C:\Users\Tomboy\AppData\Roaming\Mozilla\Firefox\Profiles\xi6k0bf7.default\searchplugins\Conduit.xml ***** [Registry] ***** [*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2319825[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2475029 Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\AppDataLow\Software\conduitEngine Key Found : HKCU\Software\AppDataLow\Toolbar Key Found : HKCU\Software\Softonic Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine Key Found : HKLM\SOFTWARE\Conduit Key Found : HKLM\SOFTWARE\conduitEngine Key Found : HKLM\SOFTWARE\conduitEngine Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyAshampoo Toolbar Key Found : HKLM\SOFTWARE\MyAshampoo ***** [Registre - GUID] ***** Key Found : HKLM\SOFTWARE\Classes\CLSID\{3D8030A3-8257-4738-BA51-460EC7E0428C} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{20352A66-44DD-4592-B01C-DC998D7C9613} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D081FE79-2DB6-4DD4-AE5B-BFD9030D55E3} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C26306A-1585-4049-B661-5875A88698C4} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3D8030A3-8257-4738-BA51-460EC7E0428C} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4} Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}] ***** [Internet Browsers] ***** -\\ Internet Explorer v8.0.7601.17514 [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2475029 -\\ Mozilla Firefox v14.0.1 (de) Profile name : default File : C:\Users\Tomboy\AppData\Roaming\Mozilla\Firefox\Profiles\xi6k0bf7.default\prefs.js Found : user_pref("CT2319825.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Found : user_pref("CT2319825.CTID", "CT2319825"); Found : user_pref("CT2319825.CurrentServerDate", "4-11-2010"); Found : user_pref("CT2319825.DialogsAlignMode", "LTR"); Found : user_pref("CT2319825.EMailNotifierPollDate", "Thu Nov 04 2010 16:16:55 GMT+0100"); Found : user_pref("CT2319825.FeedPollDate11908299", "Thu Nov 04 2010 16:01:54 GMT+0100"); Found : user_pref("CT2319825.FirstServerDate", "4-11-2010"); Found : user_pref("CT2319825.FirstTime", true); Found : user_pref("CT2319825.FirstTimeFF3", true); Found : user_pref("CT2319825.FixPageNotFoundErrors", true); Found : user_pref("CT2319825.GroupingServerCheckInterval", 1440); Found : user_pref("CT2319825.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Found : user_pref("CT2319825.Initialize", true); Found : user_pref("CT2319825.InitializeCommonPrefs", true); Found : user_pref("CT2319825.InstalledDate", "Thu Nov 04 2010 11:31:48 GMT+0100"); Found : user_pref("CT2319825.InvalidateCache", false); Found : user_pref("CT2319825.IsGrouping", false); Found : user_pref("CT2319825.IsMulticommunity", false); Found : user_pref("CT2319825.IsOpenThankYouPage", false); Found : user_pref("CT2319825.IsOpenUninstallPage", true); Found : user_pref("CT2319825.LanguagePackLastCheckTime", "Thu Nov 04 2010 11:31:55 GMT+0100"); Found : user_pref("CT2319825.LanguagePackReloadIntervalMM", 1440); Found : user_pref("CT2319825.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Found : user_pref("CT2319825.LastLogin_2.5.8.6", "Thu Nov 04 2010 15:31:53 GMT+0100"); Found : user_pref("CT2319825.LatestVersion", "2.7.2.0"); Found : user_pref("CT2319825.Locale", "de"); Found : user_pref("CT2319825.LoginCache", 4); Found : user_pref("CT2319825.MCDetectTooltipHeight", "83"); Found : user_pref("CT2319825.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Found : user_pref("CT2319825.MCDetectTooltipWidth", "295"); Found : user_pref("CT2319825.RadioIsPodcast", false); Found : user_pref("CT2319825.RadioLastCheckTime", "Thu Nov 04 2010 11:31:54 GMT+0100"); Found : user_pref("CT2319825.RadioLastUpdateIPServer", "3"); Found : user_pref("CT2319825.RadioLastUpdateServer", "129224641269630000"); Found : user_pref("CT2319825.RadioMediaID", "11949532"); Found : user_pref("CT2319825.RadioMediaType", "Media Player"); Found : user_pref("CT2319825.RadioMenuSelectedID", "EBRadioMenu_CT231982511949532"); Found : user_pref("CT2319825.RadioShrinked", "shrinked"); Found : user_pref("CT2319825.RadioStationName", "1Live"); Found : user_pref("CT2319825.RadioStationURL", "hxxp://gffstream.ic.llnwd.net/stream/gffstream_stream_wdr_ei[...] Found : user_pref("CT2319825.SHRINK_TOOLBAR", 0); Found : user_pref("CT2319825.SavedHomepage", "hxxp://www.ttblb.de/TomboysParadise/Linkseite/Linkseite.htm"); Found : user_pref("CT2319825.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...] Found : user_pref("CT2319825.SearchFromAddressBarIsInit", true); Found : user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT231[...] Found : user_pref("CT2319825.SearchInNewTabEnabled", true); Found : user_pref("CT2319825.SearchInNewTabIntervalMM", 1440); Found : user_pref("CT2319825.SearchInNewTabLastCheckTime", "Thu Nov 04 2010 11:31:53 GMT+0100"); Found : user_pref("CT2319825.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Found : user_pref("CT2319825.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Found : user_pref("CT2319825.SettingsCheckIntervalMin", 120); Found : user_pref("CT2319825.SettingsLastCheckTime", "Thu Nov 04 2010 14:46:00 GMT+0100"); Found : user_pref("CT2319825.SettingsLastUpdate", "1288790396"); Found : user_pref("CT2319825.ThirdPartyComponentsInterval", 504); Found : user_pref("CT2319825.ThirdPartyComponentsLastCheck", "Thu Nov 04 2010 11:31:12 GMT+0100"); Found : user_pref("CT2319825.ThirdPartyComponentsLastUpdate", "1255348257"); Found : user_pref("CT2319825.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...] Found : user_pref("CT2319825.UserID", "UN48589574510707691"); Found : user_pref("CT2319825.ValidationData_Toolbar", 2); Found : user_pref("CT2319825.WeatherNetwork", ""); Found : user_pref("CT2319825.WeatherPollDate", "Thu Nov 04 2010 16:01:54 GMT+0100"); Found : user_pref("CT2319825.WeatherUnit", "C"); Found : user_pref("CT2319825.alertChannelId", "715912"); Found : user_pref("CT2319825.backendstorage.id", "31383333323630"); Found : user_pref("CT2319825.clientLogIsEnabled", true); Found : user_pref("CT2319825.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...] Found : user_pref("CT2319825.myStuffEnabled", true); Found : user_pref("CT2319825.myStuffPublihserMinWidth", 400); Found : user_pref("CT2319825.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Found : user_pref("CT2319825.myStuffServiceIntervalMM", 1440); Found : user_pref("CT2319825.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Found : user_pref("CT2319825.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/868510/864310/DE", "\"0\"")[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874426/870225/DE", "\"0\"")[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874430/870228/DE", "\"0\"")[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874431/870229/DE", "\"0\"")[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874435/870233/DE", "\"0\"")[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874437/870235/DE", "\"0\"")[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874438/870236/DE", "\"0\"")[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874439/870237/DE", "\"0\"")[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874440/870238/DE", "\"0\"")[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874441/870239/DE", "\"0\"")[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874443/870241/DE", "\"0\"")[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...] Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2475029", [...] Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2481020", [...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...] Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2475029",[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2475029/CT2475029[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/ct2481020/CT2475029[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/equaliz[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/minimiz[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/play.gi[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/stop.gi[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/vol.gif[...] Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"634[...] Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...] Found : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/1344951.xml", "\"db6b44641e8629f4af6c[...] Found : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/16887175.xml", "\"25d46a90f30a0b82a62[...] Found : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/17151925.xml", "\"97f203cb82fe7e14b49[...] Found : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/20536157.xml", "\"75cb3aea40264959b36[...] Found : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/30261067.xml", "\"274a781e10b797f092e[...] Found : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/34655603.xml", "\"2e5f13b749bae35bfec[...] Found : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/759251.xml", "\"dd50f2a8df3f3b250904a[...] Found : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/816653.xml", "\"b9d5a9e77f7b4dea9991a[...] Found : user_pref("CommunityToolbar.EngineOwner", ""); Found : user_pref("CommunityToolbar.EngineOwnerGuid", "{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"); Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "myashampoo"); Found : user_pref("CommunityToolbar.IsEngineShown", true); Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Tomboy\\AppData\\Roaming\\Mozilla\\[...] Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.5.0.12"); Found : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2475029"); Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"); Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "myashampoo"); Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...] Found : user_pref("CommunityToolbar.ToolbarsList", "CT2319825"); Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2319825"); Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat Jun 04 2011 21:22:02 GMT+02[...] Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440); Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Jun 29 2011 18:55:55 GMT+0200"); Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Found : user_pref("CommunityToolbar.alert.locale", "en"); Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Jun 29 2011 22:15:51 GMT+0200"); Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559"); Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Found : user_pref("CommunityToolbar.alert.showTrayIcon", false); Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Found : user_pref("CommunityToolbar.alert.userId", "9d69e0d5-0e72-4108-9fa2-0d1a3734ea09"); Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Thu Nov 04 2010 11:31:54 GMT+0100"); Found : user_pref("CommunityToolbar.globalUserId", "e85cf3cb-b24a-4e9d-b558-69e788441cca"); Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2319825"); Found : user_pref("CommunityToolbar.killedEngine", true); Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Jul 24 2011 12:14:2[...] Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com"); Found : user_pref("CommunityToolbar.notifications.locale", "en"); Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440); Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu Jul 28 2011 11:20:08 GMT+0200"); Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1305622559"); Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com"); Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false); Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); Found : user_pref("CommunityToolbar.notifications.userId", "2e35f1f6-9c6a-45a8-9cf1-7b049f668bb6"); Found : user_pref("CommunityToolbar.twitter.user_1344951.LastCheckTime", "Sat Jun 04 2011 21:22:59 GMT+0200"[...] Found : user_pref("CommunityToolbar.twitter.user_16887175.LastCheckTime", "Sat Jun 04 2011 21:22:59 GMT+0200[...] Found : user_pref("CommunityToolbar.twitter.user_17151925.LastCheckTime", "Sat Jun 04 2011 21:22:59 GMT+0200[...] Found : user_pref("CommunityToolbar.twitter.user_20536157.LastCheckTime", "Sat Jun 04 2011 21:22:59 GMT+0200[...] Found : user_pref("CommunityToolbar.twitter.user_30261067.LastCheckTime", "Sat Jun 04 2011 21:22:59 GMT+0200[...] Found : user_pref("CommunityToolbar.twitter.user_34655603.LastCheckTime", "Sat Jun 04 2011 21:22:59 GMT+0200[...] Found : user_pref("CommunityToolbar.twitter.user_759251.LastCheckTime", "Sat Jun 04 2011 21:22:59 GMT+0200")[...] Found : user_pref("CommunityToolbar.twitter.user_816653.LastCheckTime", "Sat Jun 04 2011 21:22:59 GMT+0200")[...] Found : user_pref("CommunityToolbar.undefined", ""); Found : user_pref("browser.search.defaultthis.engineName", "MyAshampoo Customized Web Search"); Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&Sea[...] -\\ Google Chrome v [Unable to get version] File : C:\Users\Tomboy\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [19291 octets] - [16/08/2012 19:18:15] ########## EOF - C:\AdwCleaner[R1].txt - [19420 octets] ########## |
17.08.2012, 01:09 | #8 |
/// Helfer-Team | Trojaner Weisser Bildschirm - OTLPE-Log Auswertung Sehr gut!
danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
17.08.2012, 21:50 | #9 |
| Trojaner Weisser Bildschirm - OTLPE-Log Auswertung # AdwCleaner v1.801 - Logfile created 08/17/2012 at 20:57:55 # Updated 14/08/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (32 bits) # User : Tomboy - TOMBOY-PC # Boot Mode : Normal # Running from : C:\Users\Tomboy\Downloads\adwcleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Users\Tomboy\AppData\Local\Conduit Folder Deleted : C:\Users\Tomboy\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Tomboy\AppData\LocalLow\ConduitEngine Folder Deleted : C:\Users\Tomboy\AppData\LocalLow\MyAshampoo Folder Deleted : C:\Users\Tomboy\AppData\Roaming\Mozilla\Firefox\Profiles\xi6k0bf7.default\Conduit Folder Deleted : C:\Program Files\Conduit Folder Deleted : C:\Program Files\ConduitEngine Folder Deleted : C:\Program Files\MyAshampoo File Deleted : C:\Users\Tomboy\AppData\Roaming\Mozilla\Firefox\Profiles\xi6k0bf7.default\searchplugins\Conduit.xml ***** [Registry] ***** [*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2319825[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2475029 Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKCU\Software\Softonic Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine Key Deleted : HKLM\SOFTWARE\Conduit Key Deleted : HKLM\SOFTWARE\conduitEngine Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyAshampoo Toolbar Key Deleted : HKLM\SOFTWARE\MyAshampoo ***** [Registre - GUID] ***** Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3D8030A3-8257-4738-BA51-460EC7E0428C} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{20352A66-44DD-4592-B01C-DC998D7C9613} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D081FE79-2DB6-4DD4-AE5B-BFD9030D55E3} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C26306A-1585-4049-B661-5875A88698C4} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3D8030A3-8257-4738-BA51-460EC7E0428C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}] ***** [Internet Browsers] ***** -\\ Internet Explorer v8.0.7601.17514 Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2475029 --> hxxp://www.google.com -\\ Mozilla Firefox v14.0.1 (de) Profile name : default File : C:\Users\Tomboy\AppData\Roaming\Mozilla\Firefox\Profiles\xi6k0bf7.default\prefs.js C:\Users\Tomboy\AppData\Roaming\Mozilla\Firefox\Profiles\xi6k0bf7.default\user.js ... Deleted ! Deleted : user_pref("CT2319825.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Deleted : user_pref("CT2319825.CTID", "CT2319825"); Deleted : user_pref("CT2319825.CurrentServerDate", "4-11-2010"); Deleted : user_pref("CT2319825.DialogsAlignMode", "LTR"); Deleted : user_pref("CT2319825.EMailNotifierPollDate", "Thu Nov 04 2010 16:16:55 GMT+0100"); Deleted : user_pref("CT2319825.FeedPollDate11908299", "Thu Nov 04 2010 16:01:54 GMT+0100"); Deleted : user_pref("CT2319825.FirstServerDate", "4-11-2010"); Deleted : user_pref("CT2319825.FirstTime", true); Deleted : user_pref("CT2319825.FirstTimeFF3", true); Deleted : user_pref("CT2319825.FixPageNotFoundErrors", true); Deleted : user_pref("CT2319825.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT2319825.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("CT2319825.Initialize", true); Deleted : user_pref("CT2319825.InitializeCommonPrefs", true); Deleted : user_pref("CT2319825.InstalledDate", "Thu Nov 04 2010 11:31:48 GMT+0100"); Deleted : user_pref("CT2319825.InvalidateCache", false); Deleted : user_pref("CT2319825.IsGrouping", false); Deleted : user_pref("CT2319825.IsMulticommunity", false); Deleted : user_pref("CT2319825.IsOpenThankYouPage", false); Deleted : user_pref("CT2319825.IsOpenUninstallPage", true); Deleted : user_pref("CT2319825.LanguagePackLastCheckTime", "Thu Nov 04 2010 11:31:55 GMT+0100"); Deleted : user_pref("CT2319825.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT2319825.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Deleted : user_pref("CT2319825.LastLogin_2.5.8.6", "Thu Nov 04 2010 15:31:53 GMT+0100"); Deleted : user_pref("CT2319825.LatestVersion", "2.7.2.0"); Deleted : user_pref("CT2319825.Locale", "de"); Deleted : user_pref("CT2319825.LoginCache", 4); Deleted : user_pref("CT2319825.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT2319825.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Deleted : user_pref("CT2319825.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT2319825.RadioIsPodcast", false); Deleted : user_pref("CT2319825.RadioLastCheckTime", "Thu Nov 04 2010 11:31:54 GMT+0100"); Deleted : user_pref("CT2319825.RadioLastUpdateIPServer", "3"); Deleted : user_pref("CT2319825.RadioLastUpdateServer", "129224641269630000"); Deleted : user_pref("CT2319825.RadioMediaID", "11949532"); Deleted : user_pref("CT2319825.RadioMediaType", "Media Player"); Deleted : user_pref("CT2319825.RadioMenuSelectedID", "EBRadioMenu_CT231982511949532"); Deleted : user_pref("CT2319825.RadioShrinked", "shrinked"); Deleted : user_pref("CT2319825.RadioStationName", "1Live"); Deleted : user_pref("CT2319825.RadioStationURL", "hxxp://gffstream.ic.llnwd.net/stream/gffstream_stream_wdr_ei[...] Deleted : user_pref("CT2319825.SHRINK_TOOLBAR", 0); Deleted : user_pref("CT2319825.SavedHomepage", "hxxp://www.ttblb.de/TomboysParadise/Linkseite/Linkseite.htm"); Deleted : user_pref("CT2319825.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...] Deleted : user_pref("CT2319825.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT231[...] Deleted : user_pref("CT2319825.SearchInNewTabEnabled", true); Deleted : user_pref("CT2319825.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT2319825.SearchInNewTabLastCheckTime", "Thu Nov 04 2010 11:31:53 GMT+0100"); Deleted : user_pref("CT2319825.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Deleted : user_pref("CT2319825.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Deleted : user_pref("CT2319825.SettingsCheckIntervalMin", 120); Deleted : user_pref("CT2319825.SettingsLastCheckTime", "Thu Nov 04 2010 14:46:00 GMT+0100"); Deleted : user_pref("CT2319825.SettingsLastUpdate", "1288790396"); Deleted : user_pref("CT2319825.ThirdPartyComponentsInterval", 504); Deleted : user_pref("CT2319825.ThirdPartyComponentsLastCheck", "Thu Nov 04 2010 11:31:12 GMT+0100"); Deleted : user_pref("CT2319825.ThirdPartyComponentsLastUpdate", "1255348257"); Deleted : user_pref("CT2319825.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...] Deleted : user_pref("CT2319825.UserID", "UN48589574510707691"); Deleted : user_pref("CT2319825.ValidationData_Toolbar", 2); Deleted : user_pref("CT2319825.WeatherNetwork", ""); Deleted : user_pref("CT2319825.WeatherPollDate", "Thu Nov 04 2010 16:01:54 GMT+0100"); Deleted : user_pref("CT2319825.WeatherUnit", "C"); Deleted : user_pref("CT2319825.alertChannelId", "715912"); Deleted : user_pref("CT2319825.backendstorage.id", "31383333323630"); Deleted : user_pref("CT2319825.clientLogIsEnabled", true); Deleted : user_pref("CT2319825.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...] Deleted : user_pref("CT2319825.myStuffEnabled", true); Deleted : user_pref("CT2319825.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT2319825.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Deleted : user_pref("CT2319825.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT2319825.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Deleted : user_pref("CT2319825.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/868510/864310/DE", "\"0\"")[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874426/870225/DE", "\"0\"")[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874430/870228/DE", "\"0\"")[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874431/870229/DE", "\"0\"")[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874435/870233/DE", "\"0\"")[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874437/870235/DE", "\"0\"")[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874438/870236/DE", "\"0\"")[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874439/870237/DE", "\"0\"")[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874440/870238/DE", "\"0\"")[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874441/870239/DE", "\"0\"")[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874443/870241/DE", "\"0\"")[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2475029", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2481020", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2475029",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2475029/CT2475029[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/ct2481020/CT2475029[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/equaliz[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/minimiz[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/play.gi[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/stop.gi[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/vol.gif[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"634[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/1344951.xml", "\"db6b44641e8629f4af6c[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/16887175.xml", "\"25d46a90f30a0b82a62[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/17151925.xml", "\"97f203cb82fe7e14b49[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/20536157.xml", "\"75cb3aea40264959b36[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/30261067.xml", "\"274a781e10b797f092e[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/34655603.xml", "\"2e5f13b749bae35bfec[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/759251.xml", "\"dd50f2a8df3f3b250904a[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/816653.xml", "\"b9d5a9e77f7b4dea9991a[...] Deleted : user_pref("CommunityToolbar.EngineOwner", ""); Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"); Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "myashampoo"); Deleted : user_pref("CommunityToolbar.IsEngineShown", true); Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Tomboy\\AppData\\Roaming\\Mozilla\\[...] Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.5.0.12"); Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2475029"); Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"); Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "myashampoo"); Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...] Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2319825"); Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2319825"); Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat Jun 04 2011 21:22:02 GMT+02[...] Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440); Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Jun 29 2011 18:55:55 GMT+0200"); Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Deleted : user_pref("CommunityToolbar.alert.locale", "en"); Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Jun 29 2011 22:15:51 GMT+0200"); Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559"); Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false); Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Deleted : user_pref("CommunityToolbar.alert.userId", "9d69e0d5-0e72-4108-9fa2-0d1a3734ea09"); Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Thu Nov 04 2010 11:31:54 GMT+0100"); Deleted : user_pref("CommunityToolbar.globalUserId", "e85cf3cb-b24a-4e9d-b558-69e788441cca"); Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2319825"); Deleted : user_pref("CommunityToolbar.killedEngine", true); Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Jul 24 2011 12:14:2[...] Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com"); Deleted : user_pref("CommunityToolbar.notifications.locale", "en"); Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440); Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu Jul 28 2011 11:20:08 GMT+0200"); Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1305622559"); Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com"); Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false); Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); Deleted : user_pref("CommunityToolbar.notifications.userId", "2e35f1f6-9c6a-45a8-9cf1-7b049f668bb6"); Deleted : user_pref("CommunityToolbar.twitter.user_1344951.LastCheckTime", "Sat Jun 04 2011 21:22:59 GMT+0200"[...] Deleted : user_pref("CommunityToolbar.twitter.user_16887175.LastCheckTime", "Sat Jun 04 2011 21:22:59 GMT+0200[...] Deleted : user_pref("CommunityToolbar.twitter.user_17151925.LastCheckTime", "Sat Jun 04 2011 21:22:59 GMT+0200[...] Deleted : user_pref("CommunityToolbar.twitter.user_20536157.LastCheckTime", "Sat Jun 04 2011 21:22:59 GMT+0200[...] Deleted : user_pref("CommunityToolbar.twitter.user_30261067.LastCheckTime", "Sat Jun 04 2011 21:22:59 GMT+0200[...] Deleted : user_pref("CommunityToolbar.twitter.user_34655603.LastCheckTime", "Sat Jun 04 2011 21:22:59 GMT+0200[...] Deleted : user_pref("CommunityToolbar.twitter.user_759251.LastCheckTime", "Sat Jun 04 2011 21:22:59 GMT+0200")[...] Deleted : user_pref("CommunityToolbar.twitter.user_816653.LastCheckTime", "Sat Jun 04 2011 21:22:59 GMT+0200")[...] Deleted : user_pref("CommunityToolbar.undefined", ""); Deleted : user_pref("browser.search.defaultthis.engineName", "MyAshampoo Customized Web Search"); Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&Sea[...] -\\ Google Chrome v [Unable to get version] File : C:\Users\Tomboy\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[S1].txt - [19800 octets] - [17/08/2012 20:57:55] ########## EOF - C:\AdwCleaner[S1].txt - [19929 octets] ########## Bericht von EMSISOFT - Es wurden 2 Trojaner gefunden - dann tat sich nichts mehr und ich hab das Programm "abgebrochen" ! Emsisoft Anti-Malware - Version 6.6 Letztes Update: 17.08.2012 22:17:33 Scan Einstellungen: Scan Methode: Detail Scan Objekte: Rootkits, Speicher, Traces, C:\, D:\ Archiv Scan: An ADS Scan: An Scan Beginn: 17.08.2012 22:18:09 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XVD1C9P0\in[1].htm gefunden: Trojan.IframeRef!E2 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XVD1C9P0\in[2].htm gefunden: Trojan.IframeRef!E2 Gescannt 492161 Gefunden 2 Scan Ende: 17.08.2012 22:41:26 Scan Zeit: 0:23:17 |
18.08.2012, 14:56 | #10 |
/// Helfer-Team | Trojaner Weisser Bildschirm - OTLPE-Log Auswertung Sehr gut! Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
|
18.08.2012, 20:42 | #11 |
| Trojaner Weisser Bildschirm - OTLPE-Log Auswertung ESETSmartInstaller@High as downloader log: all ok Update failed (45315). Trying proxy socks=127.0.0.112862 finished. ret_update=-1 e_gle=45315 esets_scanner_update returned -1 esets_gle=0 # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=f135a59b697c974b9bcc2c77605343a8 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-08-18 06:23:12 # local_time=2012-08-18 08:23:12 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1792 16777215 100 0 2329115 2329115 0 0 # compatibility_mode=5893 16776574 66 94 14685895 96945383 0 0 # compatibility_mode=8192 67108863 100 0 170 170 0 0 # scanned=0 # found=0 # cleaned=0 # scan_time=0 ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=f135a59b697c974b9bcc2c77605343a8 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-08-18 07:31:25 # local_time=2012-08-18 09:31:25 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1792 16777215 100 0 2329512 2329512 0 0 # compatibility_mode=5893 16776574 66 94 14686292 96945780 0 0 # compatibility_mode=8192 67108863 100 0 567 567 0 0 # scanned=176539 # found=2 # cleaned=2 # scan_time=3695 C:\Users\Tomboy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\77bfab4-546b3885 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\Tomboy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\7f98637e-2ed48ab9 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C |
19.08.2012, 16:58 | #12 |
/// Helfer-Team | Trojaner Weisser Bildschirm - OTLPE-Log Auswertung Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck |
19.08.2012, 20:24 | #13 |
| Trojaner Weisser Bildschirm - OTLPE-Log Auswertung PluginCheck Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen. Überprüft wird: Browser, Flash, Java und Adobe Reader Version. Firefox 14.0.1 ist aktuell Flash (11,3,300,265) ist aktuell. Java (1,7,0,5) ist aktuell. Adobe Reader ist nicht installiert oder aktiviert. Habe den PDF-XChangeViewer installiert weil es nicht geklappt hat die neueste Adobe Reader Version zu installieren ! - ist das okay ? |
19.08.2012, 20:45 | #14 | |
/// Helfer-Team | Trojaner Weisser Bildschirm - OTLPE-Log AuswertungZitat:
Sehr gut! damit bist Du sauber und entlassen! adwCleaner entfernen
Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
Zurücksetzen der Sicherheitszonen Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen. Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html Systemwiederherstellungen leeren Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein: Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7 Danach wieder aktivieren. Aufräumen mit CCleaner Lasse mit CCleaner (Download) (Anleitung) Fehler in der
Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html PC wird immer langsamer - was tun? |
21.08.2012, 21:25 | #15 |
| Trojaner Weisser Bildschirm - OTLPE-Log Auswertung VIIIELEN DANK http://www.trojaner-board.de/images/smilies/taenzer.gif Sieht alles ganz gut aus - nur die Windows-Firewall kann ich nicht aktivieren - Fehlercode 0x8007042c Ist das auch noch ein Problem wegen dem Trojaner ? |
Themen zu Trojaner Weisser Bildschirm - OTLPE-Log Auswertung |
abgesicherte, abgesicherten, abgesicherten modus, auswertung, bildschirm, eingefangen, erstell, fehlercode 0x8007042c, forum, gefangen, hochfahren, logdatei, modus, nicht mehr, otlpe, reatogo-x-pe, software, trojaner, weisser, weisser bildschirm, weiterhelfen |