Windows Vista, Firefox, "http://www.searchnu.com/406?tag=newtab"

JambalayaJam · 24.03.2013, 00:00

Hey Leo,

hier der Log von OTL

All processes killed
========== OTL ==========
C:\ProgramData\Wincert folder moved successfully.
C:\Program Files\Search Results Toolbar\Datamngr\FirefoxExtension\content folder moved successfully.
C:\Program Files\Search Results Toolbar\Datamngr\FirefoxExtension\components folder moved successfully.
C:\Program Files\Search Results Toolbar\Datamngr\FirefoxExtension folder moved successfully.
C:\Program Files\Search Results Toolbar\Datamngr folder moved successfully.
C:\Program Files\Search Results Toolbar folder moved successfully.
C:\ProgramData\Datamngr folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\Wincert\WIN32C~1.DLL deleted successfully.
File C:\ProgramData\Wincert\win32cert.dll not found.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
Folder C:\PROGRAM FILES\SEARCH RESULTS TOOLBAR\DATAMNGR\FIREFOXEXTENSION\ not found.
Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems
Prefs.js: "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=706&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=6554020327914509&o=APN10645&q=" removed from keyword.URL
C:\Program Files\Enigma Software Group\SpyHunter\Log folder moved successfully.
C:\Program Files\Enigma Software Group\SpyHunter\Data folder moved successfully.
C:\Program Files\Enigma Software Group\SpyHunter folder moved successfully.
C:\Program Files\Enigma Software Group folder moved successfully.
C:\Program Files\Common Files\Wise Installation Wizard folder moved successfully.
C:\Users\Besitzer\Pictures\Desktop\SpyHunter-Installer.exe moved successfully.
Service esgiguard stopped successfully!
Service esgiguard deleted successfully!
File C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Besitzer
->Temp folder emptied: 434320072 bytes
->Temporary Internet Files folder emptied: 12658351 bytes
->Java cache emptied: 4112745 bytes
->FireFox cache emptied: 95449836 bytes
->Apple Safari cache emptied: 1660928 bytes
->Flash cache emptied: 15748086 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Gast
->Temp folder emptied: 9701630 bytes
->Temporary Internet Files folder emptied: 34029975 bytes
->Flash cache emptied: 3147 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1319902 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 381676336 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 945,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 03232013_181240

Files\Folders moved on Reboot...
File\Folder C:\Users\Besitzer\AppData\Local\Temp\2011-09-20-1184499465_04-RG.PDF not found!
C:\Users\Besitzer\AppData\Local\Temp\ehmsas.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

MBAM Log

Malwarebytes Anti-Malware 1.70.0.1100
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2013.03.23.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19401
Besitzer :: BESITZER-PC [Administrator]

23.03.2013 18:30:21
mbam-log-2013-03-23 (18-30-21).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P
Deaktivierte Suchlaufeinstellungen:
Durchsuchte Objekte: 231192
Laufzeit: 7 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Log von ESET

Keine infizierten Dateien gefunden!

Log von SecurityCheck

Mein Avast-Programm hat mich davor gewarnt, das zu öffnen und meinte, es sei eine FileRepMalware! Was hast du mir da geschickt?!

Jedenfalls scheinen auf meinem Rechner keine infizierten Dateien mehr zu sein, und auch die searchnu-Toolbar / -Tabs sind weg. Tausend Dank dir. Auch wenn ich jetzt nicht wirklich weiß, was ich davon halten soll, dass du mir ein scheinbar bösartiges Programm geschickt hast. Erklärung bitte!

Cheers,
Sarah

Windows Vista, Firefox, "http://www.searchnu.com/406?tag=newtab"

Plagegeister aller Art und deren Bekämpfung: Windows Vista, Firefox, "http://www.searchnu.com/406?tag=newtab"

Windows Vista, Firefox, "http://www.searchnu.com/406?tag=newtab"

Ähnliche Themen: Windows Vista, Firefox, "http://www.searchnu.com/406?tag=newtab"