Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   GEMA Virus Win 7 OTL Fix erbeten (https://www.trojaner-board.de/120904-gema-virus-win-7-otl-fix-erbeten.html)

simpledisast 31.07.2012 19:53
GEMA Virus Win 7 OTL Fix erbeten
 
Hallo Leute,

auch ich habe mir nun endlich diesen Gema Virus eingefangen und kann mit meinen Freunden wieder mitreden:balla:

Das Coole ist, dass ich nicht in den abgesicherten Modus und Task Manager komme und somit fast alle Tipps bei mir nicht funktionieren. Somit jetzt die Hoffnung mit OTLPE. Ich habe hier einen Scan erstellt und würde mich stark freuen, wenn ein Fix erstellt werden könnte. Ich würds selbst machen, habe leider keine Ahnung davon und auch nirgends eine Anleitung gefunden.

Ich bedanke mich im Voraus!!!!! Sehr!!!!

Viele Grüße!!!:dankeschoen:

t'john 31.07.2012 23:51
:hallo:

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
:OTL
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\Vincent_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Vincent_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
O4 - HKU\Vincent_ON_F..\Run: [AdobeBridge] File not found
O4 - HKU\LocalService_ON_F..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_F..\RunOnce: [mctadmin] File not found
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\Vincent_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (C:\Users\Vincent\AppData\Local\Temp\1eD28Ki.exe) - F:\Users\Vincent\AppData\Local\Temp\1eD28Ki.exe ()
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O31 - SafeBoot: AlternateShell - C:\Users\Vincent\AppData\Local\Temp\1eD28Ki.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
 


[2012/07/31 13:18:25 | 000,000,923 | ---- | M] () -- F:\Users\Vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1eD28Ki.exe.lnk
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
@Alternate Data Stream - 180 bytes -> F:\ProgramData\TEMP:FB1B13D8
@Alternate Data Stream - 141 bytes -> F:\ProgramData\TEMP:0B174FAE
@Alternate Data Stream - 122 bytes -> F:\ProgramData\TEMP:A1063995
[2011/08/12 00:19:37 | 000,001,392 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/08/12 00:19:37 | 000,001,153 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/08/12 00:19:37 | 000,006,805 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/08/12 00:19:37 | 000,001,178 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/08/12 00:19:37 | 000,001,105 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
[2011/08/12 00:14:12 | 000,002,252 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/07/31 12:42:42 | 000,000,884 | ---- | M] () -- F:\Windows\tasks\Adobe Flash Player Updater.job
 
:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

simpledisast 01.08.2012 09:17
Hi t'john,:Boogie:

das ging ja richtig schnell und richtig erfolgreich. Ich danke Dir dafür schon mal sehr sehr sehr!!!! Schon komisch, wenn man auf einmal nicht mehr an seinen Rechner kommt, wenn man das möchte...

Hier das log, welches erstellt wurde und ich posten soll.
Code:
========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\Vincent_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\Vincent_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_USERS\Vincent_ON_F\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\LocalService_ON_F\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.
Registry key HKEY_USERS\NetworkService_ON_F\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.
File Error locating startup folders. not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLinkedConnections deleted successfully.
Registry value HKEY_USERS\Vincent_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_USERS\LocalService_ON_F\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_USERS\NetworkService_ON_F\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_USERS\systemprofile_ON_F\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_USERS\Vincent_ON_F\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_USERS\LocalService_ON_F\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_USERS\NetworkService_ON_F\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_USERS\systemprofile_ON_F\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_USERS\Vincent_ON_F\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}\ not found.
File {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}\ not found.
File {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324}\ not found.
File {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Vincent\AppData\Local\Temp\1eD28Ki.exe deleted successfully.
F:\Users\Vincent\AppData\Local\Temp\1eD28Ki.exe moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\\AlternateShell deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File move failed. X:\AUTORUN.INF scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
F:\Users\Vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1eD28Ki.exe.lnk moved successfully.
ADS F:\ProgramData\TEMP:FB1B13D8 deleted successfully.
ADS F:\ProgramData\TEMP:0B174FAE deleted successfully.
ADS F:\ProgramData\TEMP:A1063995 deleted successfully.
F:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml moved successfully.
F:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml moved successfully.
F:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml moved successfully.
F:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml moved successfully.
F:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml moved successfully.
F:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml moved successfully.
F:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
An internal error occurred: The system cannot find the file specified.
 
Please contact Microsoft Product Support Services for further help.
Additional information: Unable to open registry key for tcpip.
F:\cmd.bat deleted successfully.
F:\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
-> No Temporary Internet Files cache folder defined!
 
User: AppData
-> No Temporary Internet Files cache folder defined!
 
User: Default
-> No Temporary Internet Files cache folder defined!
 
User: Default User
-> No Temporary Internet Files cache folder defined!
 
User: Public
-> No Temporary Internet Files cache folder defined!
 
User: Vincent
-> No Temporary Internet Files cache folder defined!
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 228411 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 51518 bytes
 
Total Files Cleaned = 0.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
-> No Temporary Internet Files cache folder defined!
 
User: AppData
-> No Temporary Internet Files cache folder defined!
 
User: Default
-> No Temporary Internet Files cache folder defined!
 
User: Default User
-> No Temporary Internet Files cache folder defined!
 
User: Public
-> No Temporary Internet Files cache folder defined!
 
User: Vincent
-> No Temporary Internet Files cache folder defined!
 
Total Flash Files Cleaned = 0.00 mb
 
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 08012012_115647

Danke nochmal!!
Weitere Schritte sind wahrscheinlich noch Scans mit z.B. Malwarebytes oder?

Viele Grüße!

t'john 01.08.2012 12:24
Sehr gut! :daumenhoc

Wie laeuft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

simpledisast 02.08.2012 16:34
Hi t'john,

ich kann wieder auf alles zugreifen und an sich läuft er sehr stabil. :)

Habe die Funde gelöscht.

Hier das MBAM log:
Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.01.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Vincent :: ROCKLAND [Administrator]

01.08.2012 12:40:55
mbam-log-2012-08-01 (12-40-55).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 648823
Laufzeit: 5 Stunde(n), 15 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 15
HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 3
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: VShareTB -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten:  -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Microsoft|adver_id (Malware.Trace) -> Daten: 0 -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoViewContextMenu (PUM.RightClick.Disabled) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Restrictions|NoBrowserContextMenu (PUM.RightClick.Disabled) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 6
C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Keine Aktion durchgeführt.
C:\Users\Vincent\Documents\CD-Keys und Cracks\145 EA Games\EA Keygen 2007.exe (RiskWare.Tool.CK) -> Keine Aktion durchgeführt.
C:\Users\Vincent\Documents\Tools\Microsoft.Office.Professional.Plus.2010.x64.German.VL.Edition-TIw\0ffice2010ActivC0nKit\mini-KMS_Activator_v1.3_Office2010_VL_ENG.exe (Riskware.Tool.CK) -> Keine Aktion durchgeführt.
C:\Users\Vincent\Documents\Tools\Windows 7 aktivieren\Aktivierung\Chew-WGA 0.9 – The Windows 7 Patch\CW.eXe (Hacktool.ChewWGA) -> Keine Aktion durchgeführt.
C:\Users\Vincent\Documents\Tools\Windows XP Pro. 100% Original machen!\Windows XP Pro. 100% Original machen!\Die Tools\Keyfinder.exe (RiskWare.Tool.CK) -> Keine Aktion durchgeführt.
C:\Users\Vincent\AppData\Local\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

und hier das adwcleaner log:

Code:
# AdwCleaner v1.703 - Logfile created 08/02/2012 at 19:30:28
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Vincent - ROCKLAND
# Running from : C:\Users\Vincent\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Vincent\AppData\Local\TempDir
Folder Found : C:\Users\Vincent\AppData\Roaming\pdfforge
Folder Found : C:\Users\Vincent\AppData\Roaming\Mozilla\Firefox\Profiles\lzb0o0b1.default\Conduit
Folder Found : C:\Program Files (x86)\vShare.tv plugin
File Found : C:\Program Files (x86)\Mozilla Firefox\Plugins\npvsharetvplg.dll

***** [Registry] *****

Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\StartSearch
Key Found : HKCU\Software\vshare.tv
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\DT Soft
[x64] Key Found : HKCU\Software\Conduit
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKCU\Software\StartSearch
[x64] Key Found : HKCU\Software\vshare.tv
[x64] Key Found : HKLM\SOFTWARE\Software

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\Vincent\AppData\Roaming\Mozilla\Firefox\Profiles\lzb0o0b1.default\prefs.js

Found : user_pref("CT2319825..clientLogIsEnabled", true);
Found : user_pref("CT2319825..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2319825..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2319825.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2319825.CurrentServerDate", "9-5-2011");
Found : user_pref("CT2319825.DialogsAlignMode", "LTR");
Found : user_pref("CT2319825.DialogsGetterLastCheckTime", "Mon May 09 2011 22:03:21 GMT+0200");
Found : user_pref("CT2319825.DownloadReferralCookieData", "");
Found : user_pref("CT2319825.EMailNotifierPollDate", "Mon May 09 2011 22:03:20 GMT+0200");
Found : user_pref("CT2319825.FeedPollDate11908299", "Mon May 09 2011 22:03:36 GMT+0200");
Found : user_pref("CT2319825.FirstServerDate", "9-5-2011");
Found : user_pref("CT2319825.FirstTimeFF3", true);
Found : user_pref("CT2319825.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2319825.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2319825.HasUserGlobalKeys", true);
Found : user_pref("CT2319825.Initialize", true);
Found : user_pref("CT2319825.InitializeCommonPrefs", true);
Found : user_pref("CT2319825.InstallationAndCookieDataSentCount", 1);
Found : user_pref("CT2319825.InstalledDate", "Mon May 09 2011 22:03:22 GMT+0200");
Found : user_pref("CT2319825.InvalidateCache", false);
Found : user_pref("CT2319825.IsGrouping", false);
Found : user_pref("CT2319825.IsMulticommunity", false);
Found : user_pref("CT2319825.IsOpenThankYouPage", true);
Found : user_pref("CT2319825.IsOpenUninstallPage", true);
Found : user_pref("CT2319825.LanguagePackLastCheckTime", "Mon May 09 2011 22:03:22 GMT+0200");
Found : user_pref("CT2319825.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2319825.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2319825.LastLogin_3.3.3.2", "Mon May 09 2011 22:03:21 GMT+0200");
Found : user_pref("CT2319825.LatestVersion", "3.3.3.2");
Found : user_pref("CT2319825.Locale", "de");
Found : user_pref("CT2319825.MCDetectTooltipHeight", "83");
Found : user_pref("CT2319825.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2319825.MCDetectTooltipWidth", "295");
Found : user_pref("CT2319825.RadioIsPodcast", false);
Found : user_pref("CT2319825.RadioLastCheckTime", "Mon May 09 2011 22:03:22 GMT+0200");
Found : user_pref("CT2319825.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2319825.RadioLastUpdateServer", "129224641269630000");
Found : user_pref("CT2319825.RadioMediaID", "11949532");
Found : user_pref("CT2319825.RadioMediaType", "Media Player");
Found : user_pref("CT2319825.RadioMenuSelectedID", "EBRadioMenu_CT231982511949532");
Found : user_pref("CT2319825.RadioStationName", "1Live");
Found : user_pref("CT2319825.RadioStationURL", "hxxp://gffstream.ic.llnwd.net/stream/gffstream_stream_wdr_ei[...]
Found : user_pref("CT2319825.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2319825.SearchInNewTabEnabled", true);
Found : user_pref("CT2319825.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2319825.SearchInNewTabLastCheckTime", "Mon May 09 2011 22:03:22 GMT+0200");
Found : user_pref("CT2319825.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2319825.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2319825.ServiceMapLastCheckTime", "Mon May 09 2011 22:03:20 GMT+0200");
Found : user_pref("CT2319825.SettingsLastCheckTime", "Mon May 09 2011 22:03:20 GMT+0200");
Found : user_pref("CT2319825.SettingsLastUpdate", "1300873232");
Found : user_pref("CT2319825.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2319825.ThirdPartyComponentsLastCheck", "Mon May 09 2011 22:03:20 GMT+0200");
Found : user_pref("CT2319825.ThirdPartyComponentsLastUpdate", "1255344657");
Found : user_pref("CT2319825.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2319825");
Found : user_pref("CT2319825.UserID", "UN20907014336751295");
Found : user_pref("CT2319825.WeatherNetwork", "");
Found : user_pref("CT2319825.WeatherPollDate", "Mon May 09 2011 22:03:22 GMT+0200");
Found : user_pref("CT2319825.WeatherUnit", "C");
Found : user_pref("CT2319825.alertChannelId", "715912");
Found : user_pref("CT2319825.backendstorage.id", "38393938313533");
Found : user_pref("CT2319825.generalConfigFromLogin", "{\"SocialDomains\":\"social.conduit.com;apps.conduit.[...]
Found : user_pref("CT2319825.globalFirstTimeInfoLastCheckTime", "Mon May 09 2011 22:03:21 GMT+0200");
Found : user_pref("CT2319825.isAppTrackingManagerOn", true);
Found : user_pref("CT2319825.myStuffEnabled", true);
Found : user_pref("CT2319825.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2319825.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2319825.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2319825.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2319825.testingCtid", "");
Found : user_pref("CT2319825.toolbarAppMetaDataLastCheckTime", "Mon May 09 2011 22:03:21 GMT+0200");
Found : user_pref("CT2319825.toolbarContextMenuLastCheckTime", "Mon May 09 2011 22:03:22 GMT+0200");
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2319825", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2319825",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2319825/CT2319825[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"634[...]
Found : user_pref("CommunityToolbar.EngineOwner", "CT2319825");
Found : user_pref("CommunityToolbar.EngineOwnerGuid", "{40c3cc16-7269-4b32-9531-17f2950fb06f}");
Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "winload");
Found : user_pref("CommunityToolbar.IsEngineShown", true);
Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Found : user_pref("CommunityToolbar.OriginalEngineOwner", "");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "");
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2319825");
Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Mon May 09 2011 22:03:24 GMT+02[...]
Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.alert.locale", "en");
Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Mon May 09 2011 22:03:20 GMT+0200");
Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1303303927");
Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.alert.userId", "5e2f58a0-86eb-4967-b628-94147b6660cd");
Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon May 09 2011 22:03:22 GMT+0200");
Found : user_pref("CommunityToolbar.globalUserId", "7947bc24-0370-49c1-9872-0b9d85c32fcb");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("ConduitEngine.HideEngineAfterRestart", true);
Found : user_pref("extensions.aniweather.timeShifted", 373687);
Found : user_pref("vshare.install.fresh", "true");

*************************

AdwCleaner[R1].txt - [13002 octets] - [02/08/2012 19:30:28]

########## EOF - C:\AdwCleaner[R1].txt - [13131 octets] ##########

wie geht es jetzt weiter?

Viele dankende Grüße!

t'john 02.08.2012 16:57
Sehr gut! :daumenhoc


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

simpledisast 02.08.2012 21:08
Hi t'john,

danke für's Weiterhelfen.

Hier das AdwCleaner Log:

Code:
# AdwCleaner v1.703 - Logfile created 08/02/2012 at 19:59:57
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Vincent - ROCKLAND
# Running from : C:\Users\Vincent\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Vincent\AppData\Local\TempDir
Folder Deleted : C:\Users\Vincent\AppData\Roaming\pdfforge
Folder Deleted : C:\Users\Vincent\AppData\Roaming\Mozilla\Firefox\Profiles\lzb0o0b1.default\Conduit
Folder Deleted : C:\Program Files (x86)\vShare.tv plugin
File Deleted : C:\Program Files (x86)\Mozilla Firefox\Plugins\npvsharetvplg.dll

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\vshare.tv
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\DT Soft
[x64] Key Deleted : HKLM\SOFTWARE\Software

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\Vincent\AppData\Roaming\Mozilla\Firefox\Profiles\lzb0o0b1.default\prefs.js

Deleted : user_pref("CT2319825..clientLogIsEnabled", true);
Deleted : user_pref("CT2319825..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2319825..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2319825.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2319825.CurrentServerDate", "9-5-2011");
Deleted : user_pref("CT2319825.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2319825.DialogsGetterLastCheckTime", "Mon May 09 2011 22:03:21 GMT+0200");
Deleted : user_pref("CT2319825.DownloadReferralCookieData", "");
Deleted : user_pref("CT2319825.EMailNotifierPollDate", "Mon May 09 2011 22:03:20 GMT+0200");
Deleted : user_pref("CT2319825.FeedPollDate11908299", "Mon May 09 2011 22:03:36 GMT+0200");
Deleted : user_pref("CT2319825.FirstServerDate", "9-5-2011");
Deleted : user_pref("CT2319825.FirstTimeFF3", true);
Deleted : user_pref("CT2319825.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2319825.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2319825.HasUserGlobalKeys", true);
Deleted : user_pref("CT2319825.Initialize", true);
Deleted : user_pref("CT2319825.InitializeCommonPrefs", true);
Deleted : user_pref("CT2319825.InstallationAndCookieDataSentCount", 1);
Deleted : user_pref("CT2319825.InstalledDate", "Mon May 09 2011 22:03:22 GMT+0200");
Deleted : user_pref("CT2319825.InvalidateCache", false);
Deleted : user_pref("CT2319825.IsGrouping", false);
Deleted : user_pref("CT2319825.IsMulticommunity", false);
Deleted : user_pref("CT2319825.IsOpenThankYouPage", true);
Deleted : user_pref("CT2319825.IsOpenUninstallPage", true);
Deleted : user_pref("CT2319825.LanguagePackLastCheckTime", "Mon May 09 2011 22:03:22 GMT+0200");
Deleted : user_pref("CT2319825.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2319825.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2319825.LastLogin_3.3.3.2", "Mon May 09 2011 22:03:21 GMT+0200");
Deleted : user_pref("CT2319825.LatestVersion", "3.3.3.2");
Deleted : user_pref("CT2319825.Locale", "de");
Deleted : user_pref("CT2319825.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2319825.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2319825.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2319825.RadioIsPodcast", false);
Deleted : user_pref("CT2319825.RadioLastCheckTime", "Mon May 09 2011 22:03:22 GMT+0200");
Deleted : user_pref("CT2319825.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2319825.RadioLastUpdateServer", "129224641269630000");
Deleted : user_pref("CT2319825.RadioMediaID", "11949532");
Deleted : user_pref("CT2319825.RadioMediaType", "Media Player");
Deleted : user_pref("CT2319825.RadioMenuSelectedID", "EBRadioMenu_CT231982511949532");
Deleted : user_pref("CT2319825.RadioStationName", "1Live");
Deleted : user_pref("CT2319825.RadioStationURL", "hxxp://gffstream.ic.llnwd.net/stream/gffstream_stream_wdr_ei[...]
Deleted : user_pref("CT2319825.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2319825.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2319825.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2319825.SearchInNewTabLastCheckTime", "Mon May 09 2011 22:03:22 GMT+0200");
Deleted : user_pref("CT2319825.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2319825.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2319825.ServiceMapLastCheckTime", "Mon May 09 2011 22:03:20 GMT+0200");
Deleted : user_pref("CT2319825.SettingsLastCheckTime", "Mon May 09 2011 22:03:20 GMT+0200");
Deleted : user_pref("CT2319825.SettingsLastUpdate", "1300873232");
Deleted : user_pref("CT2319825.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2319825.ThirdPartyComponentsLastCheck", "Mon May 09 2011 22:03:20 GMT+0200");
Deleted : user_pref("CT2319825.ThirdPartyComponentsLastUpdate", "1255344657");
Deleted : user_pref("CT2319825.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2319825");
Deleted : user_pref("CT2319825.UserID", "UN20907014336751295");
Deleted : user_pref("CT2319825.WeatherNetwork", "");
Deleted : user_pref("CT2319825.WeatherPollDate", "Mon May 09 2011 22:03:22 GMT+0200");
Deleted : user_pref("CT2319825.WeatherUnit", "C");
Deleted : user_pref("CT2319825.alertChannelId", "715912");
Deleted : user_pref("CT2319825.backendstorage.id", "38393938313533");
Deleted : user_pref("CT2319825.generalConfigFromLogin", "{\"SocialDomains\":\"social.conduit.com;apps.conduit.[...]
Deleted : user_pref("CT2319825.globalFirstTimeInfoLastCheckTime", "Mon May 09 2011 22:03:21 GMT+0200");
Deleted : user_pref("CT2319825.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2319825.myStuffEnabled", true);
Deleted : user_pref("CT2319825.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2319825.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2319825.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2319825.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2319825.testingCtid", "");
Deleted : user_pref("CT2319825.toolbarAppMetaDataLastCheckTime", "Mon May 09 2011 22:03:21 GMT+0200");
Deleted : user_pref("CT2319825.toolbarContextMenuLastCheckTime", "Mon May 09 2011 22:03:22 GMT+0200");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2319825", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2319825",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2319825/CT2319825[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"634[...]
Deleted : user_pref("CommunityToolbar.EngineOwner", "CT2319825");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{40c3cc16-7269-4b32-9531-17f2950fb06f}");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "winload");
Deleted : user_pref("CommunityToolbar.IsEngineShown", true);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2319825");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Mon May 09 2011 22:03:24 GMT+02[...]
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Mon May 09 2011 22:03:20 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1303303927");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "5e2f58a0-86eb-4967-b628-94147b6660cd");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon May 09 2011 22:03:22 GMT+0200");
Deleted : user_pref("CommunityToolbar.globalUserId", "7947bc24-0370-49c1-9872-0b9d85c32fcb");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("ConduitEngine.HideEngineAfterRestart", true);
Deleted : user_pref("extensions.aniweather.timeShifted", 373687);
Deleted : user_pref("vshare.install.fresh", "true");

*************************

AdwCleaner[R1].txt - [13107 octets] - [02/08/2012 19:30:28]
AdwCleaner[R2].txt - [13168 octets] - [02/08/2012 19:59:51]
AdwCleaner[S1].txt - [12563 octets] - [02/08/2012 19:59:57]

########## EOF - C:\AdwCleaner[S1].txt - [12692 octets] ##########


Und hier das Emsisoft Log ohne etwas gelöscht zu haben:

Code:
Emsisoft Anti-Malware - Version 6.6
Letztes Update: 02.08.2012 20:12:01

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:        02.08.2012 20:12:19

Key: hkey_local_machine\software\trymedia systems        gefunden: Trace.Registry.trymedia!E1
Key: hkey_local_machine\software\trymedia systems\activemark software        gefunden: Trace.Registry.trymedia!E1
C:\Users\Vincent\Pictures\Wallpaper\WallPaper HD3\WallPaper HD - 3143.jpg        gefunden: JPG.IframeRef!E2
C:\Users\Vincent\Documents\Tools\FLACToMP3ConverterSetup.exe        gefunden: Trojan.Win32.DeFile.AMN!E1
C:\Users\Vincent\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\6ce27c62-13071dcd -> b.class        gefunden: Exploit.Java.CVE-2010!E2
C:\Users\Vincent\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\3a5dfb24-27a4d8e7 -> a\Msgs.class        gefunden: Trojan.Java.Agent!E2
C:\Users\Vincent\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\3a5dfb24-27a4d8e7 -> a\Test.class        gefunden: Exploit.Java.CVE!E2
C:\Users\Vincent\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\6ce27c62-13071dcd -> a.class        gefunden: Exploit.Java.CVE-2010!E2
C:\Users\Vincent\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\6ce27c62-13071dcd -> Field.class        gefunden: Exploit.Java.CVE-2010!E2
C:\Users\Vincent\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\6ce27c62-13071dcd -> Photo.class        gefunden: Exploit.Java.CVE!E2


Gescannt        898822
Gefunden        10

Scan Ende:        03.08.2012 00:02:05
Scan Zeit:        3:49:46


Viele Grüße!

t'john 03.08.2012 13:12
Sehr gut! :daumenhoc


Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

simpledisast 04.08.2012 14:55
hi t'john,

hier das Log von Eset:
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=dfc51c15d54f2040b9d27830082ebc88
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-03 08:30:36
# local_time=2012-08-03 10:30:36 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5121 16777213 100 75 1390134 9237127 0 0
# compatibility_mode=5893 16776574 100 94 35524076 95641481 0 0
# compatibility_mode=8192 67108863 100 0 115 115 0 0
# scanned=481987
# found=4
# cleaned=4
# scan_time=14205
C:\Users\Vincent\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\6ce27c62-13071dcd        a variant of Java/TrojanDownloader.Agent.AD trojan (deleted - quarantined)        00000000000000000000000000000000        C
C:\Users\Vincent\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\3a5dfb24-27a4d8e7        multiple threats (deleted - quarantined)        00000000000000000000000000000000        C
C:\Users\Vincent\Documents\Tools\FLACToMP3ConverterSetup.exe        Win32/DeFile.Gen application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
C:\Users\Vincent\Documents\Tools\MSN\MsgPlusLive-490.exe        a variant of Win32/MessengerPlus application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
Sieht doch soweit schon ganz gut aus oder?

Viele Grüße!

t'john 04.08.2012 16:03
Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 5 ) herunter laden.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
  • Klicke erneut OK.


Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

t'john 22.08.2012 01:16
Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.

simpledisast 22.08.2012 17:19
Hi t'john,

ich habe die alten Java Versionen deinstalliert, die neueste installiert und die Einstellungen angepasst bzw. alte Daten runtergeschmissen.

Müsste noch was getan werden?

Vielen Dank für die ganze Hilfe.
Bislang rennt alles wie vor dem Vorfall :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:04 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19