Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
MAILER-DAEMON@gmx.net - Trojaner?

MAILER-DAEMON@gmx.net - Trojaner?


Plagegeister aller Art und deren Bekämpfung: MAILER-DAEMON@gmx.net - Trojaner?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 24.08.2013, 17:48   #5
mantaray72
 
MAILER-DAEMON@gmx.net - Trojaner? - Standard

MAILER-DAEMON@gmx.net - Trojaner?


Hallo Leo
Hat etwas gedauert...
Hier die Logs:

Code:
ATTFilter
# AdwCleaner v3.000 - Report created 24/08/2013 at 14:10:46
# Updated 20/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Andreas - TINA-ANDI
# Running from : C:\Users\Andreas\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\ConduitEngine
Folder Deleted : C:\Program Files (x86)\Freeware.de
Folder Deleted : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar
Folder Deleted : C:\Users\Andreas\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Andreas\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Andreas\AppData\LocalLow\Dealio
Folder Deleted : C:\Users\Andreas\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Andreas\AppData\LocalLow\Freeware.de
Folder Deleted : C:\Users\Andreas\AppData\Roaming\QuickStoresToolbar
Folder Deleted : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\tsv2zjl9.default\Conduit
Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\quickstores@quickstores.de
File Deleted : C:\Users\Andreas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.url
File Deleted : C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.url
File Deleted : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\tsv2zjl9.default\searchplugins\11-suche.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\AppID\
Key Deleted : HKLM\SOFTWARE\Classes\AppID\
Key Deleted : HKLM\SOFTWARE\Classes\AppID\
Key Deleted : HKLM\SOFTWARE\Classes\AppID\
Key Deleted : HKLM\SOFTWARE\Classes\AppID\
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E111A5C-3D11-4F56-9463-5310C3C69025}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BADDDE37-CA26-4AB7-BFAF-61AD45447D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\
Key Deleted : HKLM\SOFTWARE\Classes\Interface\
Key Deleted : HKLM\SOFTWARE\Classes\Interface\
Key Deleted : HKLM\SOFTWARE\Classes\Interface\
Key Deleted : HKLM\SOFTWARE\Classes\Interface\
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BADDDE37-CA26-4AB7-BFAF-61AD45447D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{34E0CF8C-4882-4D9C-83E5-FA11E19A0FC1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7E111A5C-3D11-4F56-9463-5310C3C69025}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7E111A5C-3D11-4F56-9463-5310C3C69025}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7E111A5C-3D11-4F56-9463-5310C3C69025}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7E111A5C-3D11-4F56-9463-5310C3C69025}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\Freeware.de
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\Software\Freeware.de
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuickStores-Toolbar_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Freeware.de Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v23.0.1 (de)

[ File : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ihvg5101.default\prefs.js ]


[ File : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\tsv2zjl9.default\prefs.js ]

Line Deleted : user_pref("CT2736476..clientLogIsEnabled", true);
Line Deleted : user_pref("CT2736476..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2736476..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT2736476.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT2736476.CTID", "ct2736476");
Line Deleted : user_pref("CT2736476.CurrentServerDate", "30-1-2011");
Line Deleted : user_pref("CT2736476.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2736476.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT2736476.EMailNotifierPollDate", "Sun Jan 30 2011 19:30:56 GMT+0100");
Line Deleted : user_pref("CT2736476.FirstServerDate", "30-1-2011");
Line Deleted : user_pref("CT2736476.FirstTime", true);
Line Deleted : user_pref("CT2736476.FirstTimeFF3", true);
Line Deleted : user_pref("CT2736476.FixPageNotFoundErrors", false);
Line Deleted : user_pref("CT2736476.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2736476.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT2736476.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT2736476.Initialize", true);
Line Deleted : user_pref("CT2736476.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2736476.InstallationAndCookieDataSentCount", 1);
Line Deleted : user_pref("CT2736476.InstallationId", "StubInstaller");
Line Deleted : user_pref("CT2736476.InstallationType", "ConduitIntegration");
Line Deleted : user_pref("CT2736476.InstalledDate", "Sun Jan 30 2011 19:30:56 GMT+0100");
Line Deleted : user_pref("CT2736476.IsGrouping", false);
Line Deleted : user_pref("CT2736476.IsMulticommunity", false);
Line Deleted : user_pref("CT2736476.IsOpenThankYouPage", false);
Line Deleted : user_pref("CT2736476.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT2736476.LanguagePackLastCheckTime", "Sun Jan 30 2011 19:31:19 GMT+0100");
Line Deleted : user_pref("CT2736476.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2736476.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT2736476.LastLogin_3.2.5.2", "Sun Jan 30 2011 19:30:56 GMT+0100");
Line Deleted : user_pref("CT2736476.LatestVersion", "3.2.5.2");
Line Deleted : user_pref("CT2736476.Locale", "de");
Line Deleted : user_pref("CT2736476.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2736476.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT2736476.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2736476.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2736476.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&q=");
Line Deleted : user_pref("CT2736476.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2736476.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2736476.SearchInNewTabLastCheckTime", "Sun Jan 30 2011 19:30:56 GMT+0100");
Line Deleted : user_pref("CT2736476.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2736476.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2736476.ServiceMapLastCheckTime", "Sun Jan 30 2011 19:30:55 GMT+0100");
Line Deleted : user_pref("CT2736476.SettingsLastCheckTime", "Sun Jan 30 2011 19:30:56 GMT+0100");
Line Deleted : user_pref("CT2736476.SettingsLastUpdate", "1295945146");
Line Deleted : user_pref("CT2736476.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2736476.ThirdPartyComponentsLastCheck", "Sun Jan 30 2011 19:30:55 GMT+0100");
Line Deleted : user_pref("CT2736476.ThirdPartyComponentsLastUpdate", "1255348257");
Line Deleted : user_pref("CT2736476.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
Line Deleted : user_pref("CT2736476.Uninstall", true);
Line Deleted : user_pref("CT2736476.UserID", "UN09797881728746838");
Line Deleted : user_pref("CT2736476.alertChannelId", "1128724");
Line Deleted : user_pref("CT2736476.components.1000082", false);
Line Deleted : user_pref("CT2736476.components.1000234", false);
Line Deleted : user_pref("CT2736476.ct2736476.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2736476.ct2736476.LanguagePackLastCheckTime", "Sun Jan 30 2011 19:31:19 GMT+0100");
Line Deleted : user_pref("CT2736476.ct2736476.Locale", "de");
Line Deleted : user_pref("CT2736476.ct2736476.SettingsLastCheckTime", "Sun Jan 30 2011 19:31:19 GMT+0100");
Line Deleted : user_pref("CT2736476.ct2736476.SettingsLastUpdate", "1295945146");
Line Deleted : user_pref("CT2736476.ct2736476.ThirdPartyComponentsLastCheck", "Sun Jan 30 2011 19:31:19 GMT+0100");
Line Deleted : user_pref("CT2736476.ct2736476.ThirdPartyComponentsLastUpdate", "1255348257");
Line Deleted : user_pref("CT2736476.ct2736476.toolbarAppMetaDataLastCheckTime", "Sun Jan 30 2011 19:31:19 GMT+0100");
Line Deleted : user_pref("CT2736476.ct2736476.toolbarContextMenuLastCheckTime", "Sun Jan 30 2011 19:31:19 GMT+0100");
Line Deleted : user_pref("CT2736476.myStuffEnabled", true);
Line Deleted : user_pref("CT2736476.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2736476.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2736476.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT2736476.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT2736476.testingCtid", "");
Line Deleted : user_pref("CT2736476.toolbarAppMetaDataLastCheckTime", "Sun Jan 30 2011 19:30:56 GMT+0100");
Line Deleted : user_pref("CT2736476.toolbarContextMenuLastCheckTime", "Sun Jan 30 2011 19:31:19 GMT+0100");
Line Deleted : user_pref("CT2736476.undefined", "Sun Jan 30 2011 19:31:19 GMT+0100");
Line Deleted : user_pref("CT2736476.usagesFlag", 1);
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1128724/1124413/DE", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2736476", "\"1288781014\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2736476", "\"1288781014\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=de", "L+tncv4eqt6Qm5T3dzChdA==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=de", "poKjTfHs0NrVUIalKI8jyg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=de", "QmycQXJXVyFVAzIiNllWhQ==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=de", "SuMy8xgBA7+FodOxmk9aiQ==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"634289840782570000\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634303635100000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2736476/CT2736476", "\"1295945146\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/ct2736476/CT2736476", "\"1295945146\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"634310612473900000\"");
Line Deleted : user_pref("CommunityToolbar.EngineOwner", "");
Line Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "");
Line Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "");
Line Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2736476");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2736476");
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sun Jan 30 2011 19:31:19 GMT+0100");
Line Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Line Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sun Jan 30 2011 19:30:55 GMT+0100");
Line Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291052234");
Line Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.alert.userId", "558e2bd8-cf31-40e8-ac12-227e040c60ac");
Line Deleted : user_pref("extensions.enabledItems", "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1,6,2,44,{20a82645-c095-46ed-80e3-08825760534b}:1.2.1,quickstores@quickstores.de:1.0.0,{CAFEEFAC-0016-0000-0024-ABCDEFFEDCB[...]
Line Deleted : user_pref("quickstores.toolbar.affid", "2002");
Line Deleted : user_pref("quickstores.toolbar.guid", "{53204D62-AE7A-6A41-FE87-B4E1C856A468}");

*************************

AdwCleaner[R0].txt - [23417 octets] - [24/08/2013 14:06:28]
AdwCleaner[R1].txt - [23478 octets] - [24/08/2013 14:10:10]
AdwCleaner[S0].txt - [19314 octets] - [24/08/2013 14:10:46]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [19375 octets] ##########
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.08.24.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Andreas :: TINA-ANDI [Administrator]

24.08.2013 14:18:42
mbam-log-2013-08-24 (14-18-42).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 227133
Laufzeit: 12 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Andreas\AppData\Local\Temp\is-8T3RO.tmp\dealio.exe (PUP.Dealio.TB) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=232396e71dbbd7449644cbb842a5277e
# engine=14887
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-24 04:40:29
# local_time=2013-08-24 06:40:29 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5122 16777213 100 88 14515025 126145025 0 0
# compatibility_mode=5893 16776574 66 85 3714642 128992279 0 0
# scanned=361784
# found=0
# cleaned=0
# scan_time=13447
Wenn ich es richtig verstanden habe, haben die Programme nur 1 Datei gefunden, welche infiziert ist.

Vielen Dank mal wieder....


 

Themen zu MAILER-DAEMON@gmx.net - Trojaner?
abend, charset, could, delivery, failed, folge, folgendes, gestern, gmx.net, heute, inhalt, iphone, localhost, mail delivery, mails, meldung, message, nemesis, not, original, permanent, problem, temp, this, troja, trojaner, trojaner?, unterschiedliche


« gvu virus - kann window nicht mehr aus dem gesicherten modus starten | Miese Masche Inkassobüro: Anwaltskanzlei Jannis Altdorfer Ms Dos anwendung zip datei wie wegbekommen ? »


Ähnliche Themen: MAILER-DAEMON@gmx.net - Trojaner?


  1. Mailer-Daemon-Mail Hack oder Spam?
    Überwachung, Datenschutz und Spam - 13.04.2015 (3)
  2. Mysteriöse Mailer-Daemon-mail
    Überwachung, Datenschutz und Spam - 13.07.2014 (15)
  3. [Win 8.1] Spam Email GMX mailer-daemon und .exe Anhänge
    Log-Analyse und Auswertung - 07.06.2014 (3)
  4. GMX mailer-daemon
    Plagegeister aller Art und deren Bekämpfung - 14.03.2014 (4)
  5. Windows 7: Mailer-Daemon Mails von gmx ohne Ende
    Log-Analyse und Auswertung - 29.10.2013 (3)
  6. Flut von Mailer Daemon @ GMX Mails!
    Log-Analyse und Auswertung - 28.10.2013 (6)
  7. E-Mail Account gehackt? mailer-daemon@gmx.de
    Plagegeister aller Art und deren Bekämpfung - 24.07.2013 (17)
  8. Lauter Mailer-Daemon-Nachrichten im GMX-Posteingang
    Plagegeister aller Art und deren Bekämpfung - 18.06.2013 (11)
  9. Mailer-Daemon Flut bei gmx-account
    Log-Analyse und Auswertung - 03.02.2013 (13)
  10. e-Mail Flut mit mailer-daemon Meldungen
    Plagegeister aller Art und deren Bekämpfung - 21.12.2012 (24)
  11. Mailer-Daemon - erhalte für EINGEGANGENE Mails Mailer-Daemon-Nachrichten
    Plagegeister aller Art und deren Bekämpfung - 09.12.2012 (3)
  12. Mailer Daemon Nachrichten im gmx.de Account
    Überwachung, Datenschutz und Spam - 28.09.2012 (22)
  13. Mailer Daemon-Flut bei GMX-Konto
    Überwachung, Datenschutz und Spam - 20.11.2011 (14)
  14. Spam von MAILER-DAEMON@mailout-de.gmx.net
    Plagegeister aller Art und deren Bekämpfung - 11.07.2011 (8)
  15. mailer-daemon@mail.gmx.de
    Überwachung, Datenschutz und Spam - 14.04.2011 (26)
  16. Plötzlich hunderte MAILER-DAEMON@mail.gmx.net emails
    Plagegeister aller Art und deren Bekämpfung - 19.10.2010 (1)
  17. mailer-daemon@mx0.gmx.net=virus?
    Plagegeister aller Art und deren Bekämpfung - 08.12.2005 (5)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema MAILER-DAEMON@gmx.net - Trojaner? - Hallo Leo Hat etwas gedauert... Hier die Logs: Code: Alles auswählen Aufklappen ATTFilter # AdwCleaner v3.000 - Report created 24/08/2013 at 14:10:46 # Updated 20/08/2013 by Xplode # Operating System - MAILER-DAEMON@gmx.net - Trojaner?...
Archiv
Du betrachtest: MAILER-DAEMON@gmx.net - Trojaner? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132