Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Pop-up Alarm

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 29.08.2009, 12:05   #1
Dra_goon312
 
Pop-up Alarm - Ausrufezeichen

Pop-up Alarm



Hallo Community. Seit einiger Zeit oeffnen sich bei mir ohne Vorwarnung haufenweise Pop-ups. Egal wo ich surfe. Alle 5 min Werbungssites von DarkOrbit usw. Kann sein das ich mir da was eingefangen habe bei irgendnem Download. Konnt ihr mir weiterhelfen ? Sollte ich vllt mein System Defragmentieren ? Oder was an der HiJackThis-Log File aendern. Wenn ja dann wie ? Mein Inet lauft seitdem auch Langsam ... laedt zum Teil langsam und auch alle 10 min kommt die Meldung "kein antwort" ... ich hoffe ich muss nicht formatieren.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:34:52 PM, on 8/29/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Lexmark 1200 Series\LXCZbmgr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\***\Program Files\DNA\btdna.exe
C:\Program Files\phonostar\ps_timer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://search.conduit.com?SearchSource=10&ctid=CT1750559
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Media Access Startup - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Media Access Startup\1.5.5.900\HPIEAddOn.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.6.3.4500\NPIEAddOn.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.3.5.960\ssd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Cosmina\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [PhonostarTimer] C:\Program Files\phonostar\ps_timer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: SecretCity 3DChat - {D401C3A2-12EF-4D1D-A086-F3AB10B565BF} - C:\PROGRA~1\SECRET~1\\SECRET~1.EXE (file missing)
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F4089DF-130F-47E5-893F-7F08A99B82C7}: NameServer = 193.231.236.25 193.231.236.30
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: lxcz_device - - C:\Windows\system32\lxczcoms.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Sukoku Service - Unknown owner - C:\ProgramData\Sukoku\sukoku115.exe

--
End of file - 7177 bytes

Alt 29.08.2009, 12:16   #2
john.doe
 
Pop-up Alarm - Standard

Pop-up Alarm



Hallo und

Dein Log sieht aus wie ein Schlachtfeld. Befindest du dich zur Zeit in Rumänien nähe Bukarest?

Klicke auf "Für alle Neuen" in meiner Signatur, lies alles aufmerksam und arbeite die komplette Liste unter Punkt 2 ab.

ciao, andreas
__________________

__________________

Alt 29.08.2009, 12:23   #3
Dra_goon312
 
Pop-up Alarm - Icon17

Pop-up Alarm



ok ich versuchs.... hilft es denn mein Problem zu beheben ?
__________________

Alt 29.08.2009, 12:25   #4
john.doe
 
Pop-up Alarm - Standard

Pop-up Alarm



Zitat:
Befindest du dich zur Zeit in Rumänien nähe Bukarest?
ciao, andreas
__________________
Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung!
Privatbetreuung nur gegen Bezahlung und ich koste sehr teuer.
Für alle Neuen
Anleitungen
Virenscanner
Kompromittierung unvermeidbar?

Alt 29.08.2009, 12:28   #5
Dra_goon312
 
Pop-up Alarm - Standard

Pop-up Alarm



Ahm ja bin im Urlaub... ist das den wichtig xD ... gott ich will bitte das Problem loesen. Ich folge deinen Schritten dort und posten gleich die Ergebnisse hier.

Kannst du jetzt schon was sagen ? Ob es noch zu retten ist ?


Geändert von Dra_goon312 (29.08.2009 um 12:37 Uhr)

Alt 29.08.2009, 12:38   #6
john.doe
 
Pop-up Alarm - Standard

Pop-up Alarm



Eine rumänische IP auf einem deutschen Rechner ist schon ungewöhnlich, aber wenn es passt, dann müssen wir da nichts ändern.

Hinweis an Vistabenutzer: Alle Programme mit Mausklick rechts => Ausführen als Administrator starten.

1.) Starte HJT => Do a system scan only => Markiere:
Code:
ATTFilter
Alle R0, R1, R3, O2, O3 und O9-Einträge
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Cosmina\Program Files\DNA\btdna.exe"
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Sukoku Service - Unknown owner - C:\ProgramData\Sukoku\sukoku115.exe
         
=> Fix checked => Neustart

2.) Lade bitte die Datei
Zitat:
C:\ProgramData\Sukoku\sukoku115.exe
bei uns hoch => http://www.trojaner-board.de/54791-a...ner-board.html (nur Schritt 2)

ciao, andreas
__________________
--> Pop-up Alarm

Alt 29.08.2009, 12:39   #7
Dra_goon312
 
Pop-up Alarm - Icon17

Pop-up Alarm



Soll ich also alles markieren und fixen ???

Alt 29.08.2009, 12:41   #8
john.doe
 
Pop-up Alarm - Standard

Pop-up Alarm



Ja.

ciao, andreas
__________________
Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung!
Privatbetreuung nur gegen Bezahlung und ich koste sehr teuer.
Für alle Neuen
Anleitungen
Virenscanner
Kompromittierung unvermeidbar?

Alt 29.08.2009, 12:44   #9
Dra_goon312
 
Pop-up Alarm - Icon22

Pop-up Alarm



Gut ... habe Sudoku hochgeladen. Soll ich das mit dem Fixen sofort machen oder erst die Malwarebytes zum Ende kommen lassen ??

Alt 29.08.2009, 12:47   #10
john.doe
 
Pop-up Alarm - Standard

Pop-up Alarm



Lass Malwarebytes erst durchlaufen und poste das Log. Der wird es hoffentlich erkennen.

ciao, andreas
__________________
Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung!
Privatbetreuung nur gegen Bezahlung und ich koste sehr teuer.
Für alle Neuen
Anleitungen
Virenscanner
Kompromittierung unvermeidbar?

Alt 29.08.2009, 12:49   #11
Dra_goon312
 
Pop-up Alarm - Rotes Gesicht

Pop-up Alarm



Hoffentlich ....

Alt 29.08.2009, 12:59   #12
Dra_goon312
 
Pop-up Alarm - Standard

Pop-up Alarm



Folgendes Ergab sich aus dem Scan. Selbst ich erkenne das dies nix gutes ist, hoffe aber weiterhin um die Formatierung drum rum zu kommen.


Malwarebytes' Anti-Malware 1.40
Datenbank Version: 2551
Windows 6.0.6000

8/29/2009 2:54:41 PM
mbam-log-2009-08-29 (14-54-41).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|)
Durchsuchte Objekte: 165364
Laufzeit: 28 minute(s), 56 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 4
Infizierte Registrierungsschlüssel: 27
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 19
Infizierte Dateien: 35

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
C:\Program Files\Media Access Startup\1.5.5.900\HPCommon.dll (Adware.DoubleD) -> Delete on reboot.
C:\Program Files\Media Access Startup\1.5.5.900\FF\components\HPFFAddOn.dll (Adware.DoubleD) -> Delete on reboot.
C:\Program Files\Internet Saving Optimizer\3.6.3.4500\NPCommon.dll (Adware.DoubleD) -> Delete on reboot.
C:\Program Files\Internet Saving Optimizer\3.6.3.4500\FF\components\NPFFAddOn.dll (Adware.DoubleD) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c28a0312-c403-417b-a425-a915bc0519cd} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1fb52ab3-5987-45a2-85e0-f3ec30dddc29}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16b6279b-9ff5-41fb-8bf9-404324f5dd1f}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c5096216-7703-409e-b85a-8a6ee7395128}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{0ba0192d-94a5-45e3-b2b8-3ec5a1a0b5ec} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{2224e955-00e9-4613-a844-ce69fccaae91} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Program Files\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\GamingHarbor Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup (Adware.DoubleD) -> Delete on reboot.
C:\Program Files\Media Access Startup\1.5.5.900 (Adware.DoubleD) -> Delete on reboot.
C:\Program Files\Media Access Startup\1.5.5.900\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.5.900\FF (Adware.DoubleD) -> Delete on reboot.
C:\Program Files\Media Access Startup\1.5.5.900\FF\chrome (Adware.DoubleD) -> Delete on reboot.
C:\Program Files\Media Access Startup\1.5.5.900\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.5.900\FF\components (Adware.DoubleD) -> Delete on reboot.
C:\Program Files\Internet Saving Optimizer (Adware.DoubleD) -> Delete on reboot.
C:\Program Files\Internet Saving Optimizer\3.6.3.4500 (Adware.DoubleD) -> Delete on reboot.
C:\Program Files\Internet Saving Optimizer\3.6.3.4500\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.6.3.4500\FF (Adware.DoubleD) -> Delete on reboot.
C:\Program Files\Internet Saving Optimizer\3.6.3.4500\FF\chrome (Adware.DoubleD) -> Delete on reboot.
C:\Program Files\Internet Saving Optimizer\3.6.3.4500\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.6.3.4500\FF\components (Adware.DoubleD) -> Delete on reboot.
C:\Program Files\System Search Dispatcher (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.5.960 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.5.960\Data (Adware.DoubleD) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Program Files\Media Access Startup\1.5.5.900\HPIEAddOn.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.5.960\ssd.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.6.3.4500\NPIEAddOn.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.5.900\HPCommon.dll (Adware.DoubleD) -> Delete on reboot.
C:\Program Files\Media Access Startup\1.5.5.900\hppx.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.5.900\MAHelper.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.5.900\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.5.900\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.5.900\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.5.900\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.5.900\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.5.900\FF\chrome\HPAddOn.jar (Adware.DoubleD) -> Delete on reboot.
C:\Program Files\Media Access Startup\1.5.5.900\FF\chrome\content\HPAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.5.900\FF\chrome\content\HPAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.5.900\FF\components\HPFFAddOn.dll (Adware.DoubleD) -> Delete on reboot.
C:\Program Files\Media Access Startup\1.5.5.900\FF\components\HPFFAddOn.xpt (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.5.900\FF\components\HPFFHelperComponent.js (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.6.3.4500\adwpx.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.6.3.4500\NPCommon.dll (Adware.DoubleD) -> Delete on reboot.
C:\Program Files\Internet Saving Optimizer\3.6.3.4500\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.6.3.4500\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.6.3.4500\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.6.3.4500\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.6.3.4500\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.6.3.4500\FF\chrome\NPAddOn.jar (Adware.DoubleD) -> Delete on reboot.
C:\Program Files\Internet Saving Optimizer\3.6.3.4500\FF\chrome\content\NPAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.6.3.4500\FF\chrome\content\NPAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.6.3.4500\FF\components\NPFFAddOn.dll (Adware.DoubleD) -> Delete on reboot.
C:\Program Files\Internet Saving Optimizer\3.6.3.4500\FF\components\NPFFAddOn.xpt (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.6.3.4500\FF\components\NPFFHelperComponent.js (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.5.960\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.5.960\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.5.960\Data\eacore.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.5.960\Data\URLDynamic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.5.960\Data\URLStatic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

Alt 29.08.2009, 13:04   #13
john.doe
 
Pop-up Alarm - Standard

Pop-up Alarm



Nicht weinen, das wird schon wieder. Die Funde von Malwarebytes sind nicht wirklich schlimm. Du solltest in Zukunft aber etwas vorsichtiger mit Laden aus dem Internet und Installieren sein. Jetzt führe das Fixen durch und starte den Rechner neu.

Versuchen wir es anschließend noch mit http://www.trojaner-board.de/51871-a...tispyware.html

ciao, andreas
__________________
Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung!
Privatbetreuung nur gegen Bezahlung und ich koste sehr teuer.
Für alle Neuen
Anleitungen
Virenscanner
Kompromittierung unvermeidbar?

Alt 29.08.2009, 13:09   #14
Dra_goon312
 
Pop-up Alarm - Standard

Pop-up Alarm



Danke. Was is den aber mit RSIT ?...mhm gut gefixt hab ich nun zu superspyware

Geändert von Dra_goon312 (29.08.2009 um 13:16 Uhr)

Alt 29.08.2009, 13:24   #15
john.doe
 
Pop-up Alarm - Standard

Pop-up Alarm



Zitat:
Was is den aber mit RSIT ?
Poste beide Logs von RSIT, das kannst du auch starten, solange SUPERAntiSpyware läuft.

Gehen denn noch immer Fenster auf?

ciao, andreas
__________________
Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung!
Privatbetreuung nur gegen Bezahlung und ich koste sehr teuer.
Für alle Neuen
Anleitungen
Virenscanner
Kompromittierung unvermeidbar?

Antwort

Themen zu Pop-up Alarm
adobe, antivir, antivir guard, ask toolbar, avg, avira, bho, defender, desktop, explorer, file, firefox, gservice, helper, hijack, internet, internet explorer, langsam, microsoft, mozilla, plug-in, pop-up, programdata, rundll, saving, software, system, tiere, toolbars, vista, windows, yahoo




Ähnliche Themen: Pop-up Alarm


  1. Trojaner Alarm
    Log-Analyse und Auswertung - 07.10.2009 (3)
  2. trojaner-alarm?
    Log-Analyse und Auswertung - 15.07.2009 (2)
  3. ZoneAlarm-Alarm
    Antiviren-, Firewall- und andere Schutzprogramme - 13.09.2008 (8)
  4. Trojaner Alarm?
    Log-Analyse und Auswertung - 30.12.2007 (4)
  5. Trojaner Alarm
    Plagegeister aller Art und deren Bekämpfung - 27.08.2007 (6)
  6. Antivir Alarm!
    Plagegeister aller Art und deren Bekämpfung - 28.04.2007 (2)
  7. Falscher Alarm?
    Plagegeister aller Art und deren Bekämpfung - 26.02.2007 (4)
  8. Wurm Alarm
    Plagegeister aller Art und deren Bekämpfung - 22.12.2006 (3)
  9. Zone Alarm
    Antiviren-, Firewall- und andere Schutzprogramme - 22.11.2006 (4)
  10. Trojaner Alarm!!!
    Plagegeister aller Art und deren Bekämpfung - 11.11.2006 (7)
  11. trojaner alarm
    Log-Analyse und Auswertung - 04.01.2006 (3)
  12. Trojaner-Alarm
    Plagegeister aller Art und deren Bekämpfung - 17.08.2005 (17)
  13. spy sweeper alarm
    Antiviren-, Firewall- und andere Schutzprogramme - 15.09.2004 (1)
  14. zone alarm auf zone alarm pro
    Antiviren-, Firewall- und andere Schutzprogramme - 17.03.2003 (1)
  15. Zone Alarm
    Antiviren-, Firewall- und andere Schutzprogramme - 14.02.2003 (1)

Zum Thema Pop-up Alarm - Hallo Community. Seit einiger Zeit oeffnen sich bei mir ohne Vorwarnung haufenweise Pop-ups. Egal wo ich surfe. Alle 5 min Werbungssites von DarkOrbit usw. Kann sein das ich mir da - Pop-up Alarm...
Archiv
Du betrachtest: Pop-up Alarm auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.