| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Google Chrome Add On Nicht Löschbar/ Ständige WerbungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
20.07.2014, 21:18
| #9 |
 |  Google Chrome Add On Nicht Löschbar/ Ständige Werbung Fixlog.TXT Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-07-2014 01
Ran by Nicklas-Pc at 2014-07-18 16:47:35 Run:1
Running from C:\Users\Nicklas-Pc\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Task: {45245F15-4E51-4242-B36B-31DB386F4577} - \VisualBeeRecovery No Task File <==== ATTENTION
Task: {F330A9BE-468E-42CE-9AE7-4ADCB401FFD8} - \Browser Manager No Task File <==== ATTENTION
Reboot:
end
*****************
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
'HKLM\SOFTWARE\Policies\Google' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{45245F15-4E51-4242-B36B-31DB386F4577}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{45245F15-4E51-4242-B36B-31DB386F4577}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\VisualBeeRecovery' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F330A9BE-468E-42CE-9AE7-4ADCB401FFD8}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F330A9BE-468E-42CE-9AE7-4ADCB401FFD8}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Browser Manager' => Key deleted successfully.
The system needed a reboot.
==== End of Fixlog ====
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=ff65c212a6f1234991a272c09d921aca
# engine=19262
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-07-20 06:18:59
# local_time=2014-07-20 08:18:59 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 17046 40885549 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 31394910 157510189 0 0
# scanned=544410
# found=17
# cleaned=0
# scan_time=16775
sh=03CE054D16C5439B518BA33DD592EDEA65B550BF ft=1 fh=2308d662b91f16ff vn="Win32/Somoto.F evtl. unerwünschte Anwendung" ac=I fn="C:\!Sicherung\?LIS?•feat•Wollf\HC2Setup.exe"
sh=235376759F2F38B7C3DB0AAAF367E59F9AE6BB4B ft=1 fh=da516f948c77ab70 vn="Win32/Somoto.F evtl. unerwünschte Anwendung" ac=I fn="C:\!Sicherung\?LIS?•feat•Wollf\HC2Setup64.exe"
sh=9386D5C57EA50C728126CECB6CA969E97F65555E ft=0 fh=0000000000000000 vn="Win32/Somoto.F evtl. unerwünschte Anwendung" ac=I fn="C:\!Sicherung\?LIS?•feat•Wollf\HyperCam_2.25.01.zip"
sh=B98C851D46F6F34607DEC601FF82469DA350D9EC ft=1 fh=95a049650cc65f75 vn="Variante von Win64/Adware.Adpeak.C Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\004\rqpbhevlkc64.exe.vir"
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert0.dll.vir"
sh=047D99E909F761A7DEA06B779AFE19B554A50C8E ft=1 fh=2380586d2a5d399e vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir"
sh=D900E7A2C4BEC4703960CFAC1B7F534858C113C4 ft=1 fh=61d87035b3a8bda7 vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir"
sh=5CA319EBA10412E2FF4A47FD20624385C11A0C2A ft=1 fh=8ad6e907be4811df vn="Variante von Win32/Adware.Yontoo.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir"
sh=DB7443E84D223B0924EFFE7FDA41D419A152B76F ft=1 fh=df82bdeae5a92cc4 vn="Variante von Win32/Toolbar.Babylon.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\VisualBee\VisualBeeSoftware.exe.vir"
sh=251A3803C9AB15C6EAF576250F78DC4CC1D843F7 ft=1 fh=bbd71f22d491c083 vn="Variante von Win32/ELEX.AM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsProtectManger\wprotectmanager.exe.vir"
sh=9D7E00EC736140394D5885417303D94D44553A41 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nicklas-Pc\AppData\Roaming\Mozilla\Firefox\Profiles\jv4m07bm.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\194.js.vir"
sh=BA012C56975F4ED772CF56D3C20E0DEC65058981 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nicklas-Pc\AppData\Roaming\Mozilla\Firefox\Profiles\jv4m07bm.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\91.js.vir"
sh=7D63628FCFD34BB1E4FF7589F10DB4E496D8100B ft=1 fh=0c57fd79b9b40362 vn="Win32/Somoto.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Nicklas-Pc\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000"
sh=7AA207CDAD27ADBA81F8B57B2C3F2EA84B50A348 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H Anwendung" ac=I fn="C:\zoek_backup\C_PROGRA~3_jhokmamofjfcppikpghpfbfapdoiojnf\wiKrUrSlDHs.js"
sh=64A88B609519E0CF1F239778A1D25296509FB4CF ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H Anwendung" ac=I fn="C:\zoek_backup\C_Users_NICKLA~1_AppData_Roaming_Mozilla_Firefox_Profiles_jv4m07bm.default_extensions_779_u@yeiioo.com\content\bg.js"
sh=62CFF91202CB4611B56ACA99403A1AF5AAE30F13 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H Anwendung" ac=I fn="C:\zoek_backup\C_Users_NICKLA~1_AppData_Roaming_Mozilla_Firefox_Profiles_jv4m07bm.default_extensions_hom09zc@youyeu.co.uk\content\bg.js"
Code:
ATTFilter Results of screen317's Security Check version 0.99.85 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Java(TM) 7 Update 5 Java version out of Date! Adobe Flash Player 14.0.0.145 Adobe Reader 10.1.3 Adobe Reader out of Date! Mozilla Firefox (28.0) Mozilla Thunderbird (24.5.0) Google Chrome 32.0.1700.76 Google Chrome 36.0.1985.125 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
Baum-Darstellung