Computer Virus von Programm Download savE oN und SW_Sustainer

basti1992 · 03.07.2014, 16:50

HALLO Leute,

ich hab ein dickes Problem, ich wollte mir was downloaden..aber dummerweise war es eine Datei mit einer menge an "kostenloser Programme" drauf

.Und dann hab ich schnell gemerkt das ich ein Virus hab...konnte nichts mehr mache aber hab dann geschafft schnell den Prozess zu BEENDEN und dann konnte ich einige Deinstallieren. AAABER jetzt hab ich noch eins drauf was ich nicht Deinstallieren kann -.- und das heißt SW_Sustainer 1.80 und in meinen Google Chrome Browser ist eine Erweiterung die immer Werbung spammt das heißt savE oN 2.14 wenn ich das entferne kommt es immer wieder sobald ich den Browser neu starte. Ich pack auch mal Bilder dazu. ich hoffe mir kann jemand helfen.
Ich nutze Win 7 64 bit
Danke im voraus LG Basti

schrauber · 03.07.2014, 17:47

Hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

basti1992 · 03.07.2014, 19:06

Also bei Whitelist habe ich alle Hacken gelassen ( Registry, Service, Drivers, Processes, KnowDLLs, Internet

und bei Optiomal Scan war nix also hab ich auch nix hinzugefügt, ist das richtig ?

hier alles was rauskam:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-07-2014
Ran by Basti (administrator) on BASTI-PC on 03-07-2014 18:59:10
Running from C:\Users\Basti\Downloads
Platform: Windows 7 Ultimate (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Razer USA Ltd) C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre7\bin\javaw.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre7\bin\javaw.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Razer Imperator Driver] => C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe [979360 2012-02-09] (Razer USA Ltd)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-02] (AVAST Software)
HKLM-x32\...\Run: [t4pc_en_8] => [X]
HKU\S-1-5-21-4009068668-1903683971-2860272963-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-4009068668-1903683971-2860272963-1000\...\Run: [GoogleChromeAutoLaunch_63D8154278637FAC558C6DCA49B059DF] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.)
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL File Not Found
AppInit_DLLs-x32: c:\progra~2\suptab\search~1.dll => "c:\progra~2\suptab\search~1.dll" File Not Found
AppInit_DLLs-x32: c:\progra~2\sw_boo~1\assist~1.dll => "c:\progra~2\sw_boo~1\assist~1.dll" File Not Found
ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.certified-toolbar.com?si=82443&tid=24086&ver=6.4&ts=1404287180495&tguid=82443-24086-1404287180495-438F1C07F41AEC9618078D63A8FA3642&st=chrome&q=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1401468991&from=wld&uid=WDCXWD5000AAKS-07YGA0_WD-WCAS8459276392763
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=82443&tid=24086&ver=6.4&ts=1404287180495&tguid=82443-24086-1404287180495-438F1C07F41AEC9618078D63A8FA3642&st=chrome&q=
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=82443&tid=24086&ver=6.4&ts=1404287180495&tguid=82443-24086-1404287180495-438F1C07F41AEC9618078D63A8FA3642&st=chrome&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1401468991&from=wld&uid=WDCXWD5000AAKS-07YGA0_WD-WCAS8459276392763&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1401468991&from=wld&uid=WDCXWD5000AAKS-07YGA0_WD-WCAS8459276392763
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1401468991&from=wld&uid=WDCXWD5000AAKS-07YGA0_WD-WCAS8459276392763
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1401468991&from=wld&uid=WDCXWD5000AAKS-07YGA0_WD-WCAS8459276392763&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=82443&tid=24086&ver=6.4&ts=1404287180495&tguid=82443-24086-1404287180495-438F1C07F41AEC9618078D63A8FA3642&st=chrome&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1401468991&from=wld&uid=WDCXWD5000AAKS-07YGA0_WD-WCAS8459276392763
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:newtab
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.certified-toolbar.com?si=82443&tid=24086&ver=6.4&ts=1404287180495&tguid=82443-24086-1404287180495-438F1C07F41AEC9618078D63A8FA3642&st=chrome&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=82443&tid=24086&ver=6.4&ts=1404287180495&tguid=82443-24086-1404287180495-438F1C07F41AEC9618078D63A8FA3642&st=chrome&q=
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {05AA5F20-06DB-4746-BCC9-0C74D1AE190B} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM - {05AA5F20-06DB-4746-BCC9-0C74D1AE190B} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1401468991&from=wld&uid=WDCXWD5000AAKS-07YGA0_WD-WCAS8459276392763&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1401468991&from=wld&uid=WDCXWD5000AAKS-07YGA0_WD-WCAS8459276392763&q={searchTerms}
SearchScopes: HKCU - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRaHp8Pk5fza5XP2LokZRZTrGrmUdZw5a1hndvGLVL8mGEIpL4uTJs82J-SjzlYw2-MTGgPVwJzuXNaTfpDdHhGR0DZS8MjP10knTaE42ufvuPS9Lh6wqo8FSH5rUlE_BcUUtl8JhjEZfdAgDmkgYQt24ApHu5KsLYP98P7oY-_DEw4C7gEkiiXxikiSjLOenFvEy0cRlSw9W0cTrCVc,&q={searchTerms}
SearchScopes: HKCU - {05AA5F20-06DB-4746-BCC9-0C74D1AE190B} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1401468991&from=wld&uid=WDCXWD5000AAKS-07YGA0_WD-WCAS8459276392763&q={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKCU - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========

Kennt niemand eine Lösung ?

schrauber · 04.07.2014, 13:12

Anstatt fett rot zu nerven würde ich mal die Anleitung anständig abarbeiten

FRST.txt ist unvollständig, Additon.txt fehlt komplett, Logs sind nicht in Codetags.

Hellsehen kann ich nicht

Computer Virus von Programm Download savE oN und SW_Sustainer

Plagegeister aller Art und deren Bekämpfung: Computer Virus von Programm Download savE oN und SW_Sustainer