Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Malwarebytes findet ctfmon.lnk im Startup-Ordner (https://www.trojaner-board.de/121180-malwarebytes-findet-ctfmon-lnk-startup-ordner.html)

trojaner64 03.08.2012 19:59
Malwarebytes findet ctfmon.lnk im Startup-Ordner
 
Hallo,
mein Rechner wurde heute leider auch vom Bundestrojaner infiziert. Nach einigen Stunden Recherche und mehreren Virus- und Malware-Scans erscheint das Logo des Trojaners nicht mehr.

Auch die Fehlermeldung nach dem Windows-Start, dass die Datei deo0_sar.exe nicht gefunden werden könne, konnte ich eliminieren, indem ich nochmal Malwarebytes suchen lies und den gefunden Link ctfmon.lnk (Trojan.Ransom.Gen) im Startup-Ordner meines Profils entfernt habe.

Ganz sicher bin ich mir aber nicht, ob ich damit schon alle Schritte zur
Beseitigung unternommen habe. Deshalb wende ich mich an das Helfer-Team mit der Bitte um Unterstützung.

Die Ergebnisse von defogger und OTL.exe habe ich beigefügt.

Vielen Dank für eure Mühe schon mal im voraus!

t'john 05.08.2012 06:37
:hallo:

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {70C16E2F-12AD-4B0B-A608-5914C44580C6}
IE:64bit: - HKLM\..\SearchScopes\{70C16E2F-12AD-4B0B-A608-5914C44580C6}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {D3925CDA-2A20-49B8-95A1-C851E2CB4969}
IE - HKLM\..\SearchScopes\{D3925CDA-2A20-49B8-95A1-C851E2CB4969}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {D3925CDA-2A20-49B8-95A1-C851E2CB4969}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.selectedEngine: "Englische Ergebnisse"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://go.web.de/tb/mff_startpage_home"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=2&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar_DE Toolbar) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart File not found
O4 - HKCU..\Run: [Media Finder] "C:\Program Files (x86)\Media Finder\Media Finder.exe" /opentotray File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a


[2012.08.03 09:42:17 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad



[2012.08.03 20:02:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.03 17:34:50 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[201
:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

trojaner64 05.08.2012 20:21
Hallo,

vielen Dank für die schnelle Reaktion. Das Log der OTL.exe habe ich beigefügt.

VG

Code:
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{70C16E2F-12AD-4B0B-A608-5914C44580C6}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70C16E2F-12AD-4B0B-A608-5914C44580C6}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\ deleted successfully.
C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D3925CDA-2A20-49B8-95A1-C851E2CB4969}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3925CDA-2A20-49B8-95A1-C851E2CB4969}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\ not found.
File C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "Englische Ergebnisse" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://go.web.de/tb/mff_startpage_home" removed from browser.startup.homepage
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=2&q=" removed from keyword.URL
Prefs.js: 0 removed from network.proxy.type
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\ not found.
File C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\ not found.
File C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}\ not found.
File C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Desktop Disc Tool deleted successfully.
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully.
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LexwareInfoService deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Media Finder deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\LaunchU3.exe -a not found.
C:\ProgramData\ras_0oed.pad moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
File 1 not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Andreas\Desktop\cmd.bat deleted successfully.
C:\Users\Andreas\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 16081492 bytes
->Temporary Internet Files folder emptied: 193789 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 31470292 bytes
->Flash cache emptied: 57112 bytes
 
User: All Users
 
User: Andreas
->Temp folder emptied: 48666063 bytes
->Temporary Internet Files folder emptied: 21417870 bytes
->Java cache emptied: 1349154 bytes
->FireFox cache emptied: 67805904 bytes
->Flash cache emptied: 57025 bytes
 
User: Brigitte
->Temp folder emptied: 301694863 bytes
->Temporary Internet Files folder emptied: 106206297 bytes
->Java cache emptied: 22398032 bytes
->FireFox cache emptied: 60111468 bytes
->Flash cache emptied: 12734818 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Jana
->Temp folder emptied: 2954828 bytes
->Temporary Internet Files folder emptied: 42655512 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 70585692 bytes
->Flash cache emptied: 506 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 416979 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 102494 bytes
RecycleBin emptied: 26304548384 bytes
 
Total Files Cleaned = 25.856,00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Andreas
->Flash cache emptied: 0 bytes
 
User: Brigitte
->Flash cache emptied: 0 bytes
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Jana
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.55.0 log created on 08052012_210423

Files\Folders moved on Reboot...
C:\Users\Andreas\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Andreas\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

t'john 06.08.2012 02:48
Sehr gut! :daumenhoc

Wie laeuft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

trojaner64 06.08.2012 19:59
Hallo,

der Rechner zeigt keine Auffälligkeiten mehr. Aber es bleibt halt ein mulmiges Gefühl, wenn man feststellt, dass sich ein Virus oder ein Trojaner auf dem eigenen Rechner einschleichen konnte, obwohl man Vorkehrungen getroffen hat mit einem aktuellen Antiviren-Programm und Anti-Spyware.
Immerhin hat Malwarebytes jetzt keine bösartigen Objekte mehr gefunden.
Hier der Inhalt aus dem Log des AdwCleaners:

Code:
# AdwCleaner v1.800 - Logfile created 08/06/2012 at 19:33:19
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Andreas - LAPTOP
# Running from : C:\Users\Andreas\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Andreas\AppData\Local\Conduit
Folder Found : C:\Users\Brigitte\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Jana\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Andreas\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Andreas\AppData\LocalLow\Conduit
Folder Found : C:\Users\Andreas\AppData\LocalLow\uTorrentBar_DE
Folder Found : C:\Users\Administrator\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Andreas\AppData\Roaming\Media Finder
Folder Found : C:\Users\Andreas\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Folder Found : C:\Users\Brigitte\AppData\Roaming\Mozilla\Firefox\Profiles\vwiu0t4k.default\extensions\staged
Folder Found : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\htsyhxg3.default\ConduitCommon
Folder Found : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\htsyhxg3.default\CT2851647
Folder Found : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\htsyhxg3.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\uTorrentBar_DE

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2851647
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\MediaFinder
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Key Found : HKLM\SOFTWARE\Classes\MF
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar_DE Toolbar
Key Found : HKLM\SOFTWARE\Software
Key Found : HKLM\SOFTWARE\uTorrentBar_DE
[x64] Key Found : HKCU\Software\AppDataLow\Software\Conduit
[x64] Key Found : HKCU\Software\AppDataLow\Software\SmartBar
[x64] Key Found : HKCU\Software\AppDataLow\Toolbar
[x64] Key Found : HKCU\Software\MediaFinder
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
[x64] Key Found : HKLM\SOFTWARE\Classes\MF

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{2E61BEA4-D5C3-443E-92B7-672B0E36D5FE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{67949584-D2DB-452C-8B0C-DB1C7F5B381B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E57273A-4BA4-4758-B225-0199CEB20383}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2E61BEA4-D5C3-443E-92B7-672B0E36D5FE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2E61BEA4-D5C3-443E-92B7-672B0E36D5FE}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2E61BEA4-D5C3-443E-92B7-672B0E36D5FE}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\Brigitte\AppData\Roaming\Mozilla\Firefox\Profiles\vwiu0t4k.default\prefs.js

Found : user_pref("extensions.smarterwiki.search_surfcanyon", false);

Profile name : default
File : C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\99zdufqb.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\htsyhxg3.default\prefs.js

Found : user_pref("CT2851647..clientLogIsEnabled", false);
Found : user_pref("CT2851647..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2851647..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2851647.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT2851647.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2851647.AppTrackingLastCheckTime", "Thu Jul 19 2012 09:15:28 GMT+0200");
Found : user_pref("CT2851647.CTID", "CT2851647");
Found : user_pref("CT2851647.CurrentServerDate", "6-8-2012");
Found : user_pref("CT2851647.DSInstall", false);
Found : user_pref("CT2851647.DialogsAlignMode", "LTR");
Found : user_pref("CT2851647.DialogsGetterLastCheckTime", "Sun Aug 05 2012 20:55:21 GMT+0200");
Found : user_pref("CT2851647.DownloadReferralCookieData", "");
Found : user_pref("CT2851647.EMailNotifierPollDate", "Mon Aug 06 2012 17:38:57 GMT+0200");
Found : user_pref("CT2851647.FeedLastCount2532783744689806690", 501);
Found : user_pref("CT2851647.FeedPollDate2429156812186649977", "Mon Aug 06 2012 17:39:00 GMT+0200");
Found : user_pref("CT2851647.FeedPollDate2429156813040823546", "Mon Aug 06 2012 17:39:00 GMT+0200");
Found : user_pref("CT2851647.FeedPollDate2429156813130095866", "Mon Aug 06 2012 17:39:00 GMT+0200");
Found : user_pref("CT2851647.FeedPollDate2429156813224203613", "Mon Aug 06 2012 17:39:00 GMT+0200");
Found : user_pref("CT2851647.FeedPollDate2429156813230837251", "Mon Aug 06 2012 17:39:00 GMT+0200");
Found : user_pref("CT2851647.FeedPollDate2429156813454291735", "Mon Aug 06 2012 17:39:00 GMT+0200");
Found : user_pref("CT2851647.FeedPollDate2429156813729834876", "Mon Aug 06 2012 17:39:00 GMT+0200");
Found : user_pref("CT2851647.FeedPollDate2429156813860870021", "Mon Aug 06 2012 17:39:00 GMT+0200");
Found : user_pref("CT2851647.FeedPollDate2429156814264681793", "Mon Aug 06 2012 17:39:00 GMT+0200");
Found : user_pref("CT2851647.FeedPollDate2429156814863075366", "Mon Aug 06 2012 17:39:00 GMT+0200");
Found : user_pref("CT2851647.FeedPollDate2429156815257761081", "Mon Aug 06 2012 17:39:00 GMT+0200");
Found : user_pref("CT2851647.FeedTTL2429156813040823546", 15);
Found : user_pref("CT2851647.FeedTTL2429156813130095866", 10);
Found : user_pref("CT2851647.FeedTTL2429156813454291735", 5);
Found : user_pref("CT2851647.FeedTTL2429156814264681793", 5);
Found : user_pref("CT2851647.FirstServerDate", "12-6-2012");
Found : user_pref("CT2851647.FirstTime", true);
Found : user_pref("CT2851647.FirstTimeFF3", true);
Found : user_pref("CT2851647.FirstTimeHiddenVer", true);
Found : user_pref("CT2851647.FixPageNotFoundErrors", true);
Found : user_pref("CT2851647.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2851647.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2851647.HPInstall", false);
Found : user_pref("CT2851647.HasUserGlobalKeys", true);
Found : user_pref("CT2851647.HomePageProtectorEnabled", false);
Found : user_pref("CT2851647.HomepageBeforeUnload", "hxxp://go.web.de/tb/mff_startpage_home");
Found : user_pref("CT2851647.Initialize", true);
Found : user_pref("CT2851647.InitializeCommonPrefs", true);
Found : user_pref("CT2851647.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2851647.InstallationId", "fft5939.tmp.exe");
Found : user_pref("CT2851647.InstallationType", "XPE");
Found : user_pref("CT2851647.InstalledDate", "Tue Jun 12 2012 19:10:03 GMT+0200");
Found : user_pref("CT2851647.IsAlertDBUpdated", true);
Found : user_pref("CT2851647.IsGrouping", false);
Found : user_pref("CT2851647.IsInitSetupIni", true);
Found : user_pref("CT2851647.IsMulticommunity", false);
Found : user_pref("CT2851647.IsOpenThankYouPage", true);
Found : user_pref("CT2851647.IsOpenUninstallPage", false);
Found : user_pref("CT2851647.LanguagePackLastCheckTime", "Mon Aug 06 2012 17:39:01 GMT+0200");
Found : user_pref("CT2851647.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2851647.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2851647.LastLogin_3.13.0.6", "Thu Jul 19 2012 09:15:20 GMT+0200");
Found : user_pref("CT2851647.LastLogin_3.14.1.0", "Mon Aug 06 2012 17:38:59 GMT+0200");
Found : user_pref("CT2851647.LatestVersion", "3.14.1.0");
Found : user_pref("CT2851647.Locale", "de");
Found : user_pref("CT2851647.MCDetectTooltipHeight", "83");
Found : user_pref("CT2851647.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2851647.MCDetectTooltipWidth", "295");
Found : user_pref("CT2851647.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT2851647.OriginalFirstVersion", "3.13.0.6");
Found : user_pref("CT2851647.SearchCaption", "uTorrentBar_DE Customized Web Search");
Found : user_pref("CT2851647.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Found : user_pref("CT2851647.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2851647.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT285[...]
Found : user_pref("CT2851647.SearchInNewTabEnabled", true);
Found : user_pref("CT2851647.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2851647.SearchInNewTabLastCheckTime", "Mon Aug 06 2012 17:38:57 GMT+0200");
Found : user_pref("CT2851647.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2851647.SearchProtectorEnabled", false);
Found : user_pref("CT2851647.SearchProtectorToolbarDisabled", false);
Found : user_pref("CT2851647.SendProtectorDataViaLogin", true);
Found : user_pref("CT2851647.ServiceMapLastCheckTime", "Mon Aug 06 2012 17:38:58 GMT+0200");
Found : user_pref("CT2851647.SettingsLastCheckTime", "Mon Aug 06 2012 17:38:56 GMT+0200");
Found : user_pref("CT2851647.SettingsLastUpdate", "1342353909");
Found : user_pref("CT2851647.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2851647&SearchSource=13");
Found : user_pref("CT2851647.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2851647.ThirdPartyComponentsLastCheck", "Thu Jul 26 2012 20:07:05 GMT+0200");
Found : user_pref("CT2851647.ThirdPartyComponentsLastUpdate", "1331806000");
Found : user_pref("CT2851647.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT2851647.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2851647");
Found : user_pref("CT2851647.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT2851647.UserID", "UN85873740707211467");
Found : user_pref("CT2851647.ValidationData_Toolbar", 1);
Found : user_pref("CT2851647.WeatherNetwork", "");
Found : user_pref("CT2851647.WeatherPollDate", "Mon Aug 06 2012 17:39:00 GMT+0200");
Found : user_pref("CT2851647.WeatherUnit", "C");
Found : user_pref("CT2851647.alertChannelId", "1243681");
Found : user_pref("CT2851647.autoDisableScopes", -1);
Found : user_pref("CT2851647.backendstorage.cb_experience_000", "35");
Found : user_pref("CT2851647.backendstorage.cb_firstuse0100", "31");
Found : user_pref("CT2851647.backendstorage.cb_user_id_000", "43423138353834313733313537335F46697265666F78")[...]
Found : user_pref("CT2851647.backendstorage.cbcountry_000", "4445");
Found : user_pref("CT2851647.backendstorage.cbcountry_001", "4445");
Found : user_pref("CT2851647.backendstorage.cbfirsttime", "547565204A756E20313220323031322031393A31303A31312[...]
Found : user_pref("CT2851647.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...]
Found : user_pref("CT2851647.backendstorage.url_history0001", "687474703A2F2F7777772E62722E64652F726164696F2[...]
Found : user_pref("CT2851647.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT2851647.globalFirstTimeInfoLastCheckTime", "Mon Aug 06 2012 17:39:01 GMT+0200");
Found : user_pref("CT2851647.homepageProtectorEnableByLogin", true);
Found : user_pref("CT2851647.initDone", true);
Found : user_pref("CT2851647.isAppTrackingManagerOn", true);
Found : user_pref("CT2851647.myStuffEnabled", true);
Found : user_pref("CT2851647.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2851647.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2851647.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2851647.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2851647.navigateToUrlOnSearch", false);
Found : user_pref("CT2851647.oldAppsList", "129351532244963279,129351532245275780,1000234,129791456886122866[...]
Found : user_pref("CT2851647.revertSettingsEnabled", true);
Found : user_pref("CT2851647.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT2851647.searchProtectorEnableByLogin", true);
Found : user_pref("CT2851647.testingCtid", "");
Found : user_pref("CT2851647.toolbarAppMetaDataLastCheckTime", "Mon Aug 06 2012 17:39:01 GMT+0200");
Found : user_pref("CT2851647.toolbarContextMenuLastCheckTime", "Mon Jul 30 2012 17:39:21 GMT+0200");
Found : user_pref("CT2851647.usagesFlag", 2);
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2851647/CT2851647[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2851647", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2851647",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"d12[...]
Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Andreas\\AppData\\Roaming\\Mozilla\[...]
Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.14.1.0");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2851647");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2851647");
Found : user_pref("CommunityToolbar.ToolbarsList4", "CT2851647");
Found : user_pref("CommunityToolbar.globalUserId", "40556531-ed25-416a-b3d3-6187ad4deda4");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2851647");
Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Jul 30 2012 17:39:2[...]
Found : user_pref("CommunityToolbar.notifications.alertEnabled", false);
Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.notifications.locale", "en");
Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Aug 06 2012 17:39:02 GMT+0200");
Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.notifications.userId", "fc916a99-b53b-4968-bfb1-b2b2407e0998");
Found : user_pref("CommunityToolbar.originalHomepage", "hxxp://go.web.de/tb/mff_startpage_home");
Found : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]
Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=2&q=[...]

Profile name : default
File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ib2txj42.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [17790 octets] - [06/08/2012 19:33:19]

########## EOF - C:\AdwCleaner[R1].txt - [17919 octets] ##########
VG

t'john 07.08.2012 13:52
Wo ist das Malwarebytes Logfile?

trojaner64 07.08.2012 16:39
Sorry,

hab' ich glatt überlesen und reiche den Inhalt hiermit nach.

Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.06.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Andreas :: LAPTOP [Administrator]

06.08.2012 17:45:19
mbam-log-2012-08-06 (17-45-19).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 413856
Laufzeit: 1 Stunde(n), 33 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

t'john 07.08.2012 17:23
Sehr gut! :daumenhoc


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

trojaner64 08.08.2012 18:53
Hallo,

hier die Ergebnisse der Scans.

AdwCleaner

Code:
# AdwCleaner v1.800 - Logfile created 08/08/2012 at 17:47:33
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Andreas - LAPTOP
# Running from : C:\Users\Andreas\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Andreas\AppData\Local\Conduit
Folder Deleted : C:\Users\Brigitte\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Jana\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Andreas\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Andreas\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Andreas\AppData\LocalLow\uTorrentBar_DE
Folder Deleted : C:\Users\Administrator\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Andreas\AppData\Roaming\Media Finder
Folder Deleted : C:\Users\Andreas\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Folder Deleted : C:\Users\Brigitte\AppData\Roaming\Mozilla\Firefox\Profiles\vwiu0t4k.default\extensions\staged
Folder Deleted : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\htsyhxg3.default\ConduitCommon
Folder Deleted : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\htsyhxg3.default\CT2851647
Folder Deleted : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\htsyhxg3.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\uTorrentBar_DE

***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2851647
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Ask.com.tmp
Key Deleted : HKCU\Software\MediaFinder
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Key Deleted : HKLM\SOFTWARE\Classes\MF
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar_DE Toolbar
Key Deleted : HKLM\SOFTWARE\Software
Key Deleted : HKLM\SOFTWARE\uTorrentBar_DE

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2E61BEA4-D5C3-443E-92B7-672B0E36D5FE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{67949584-D2DB-452C-8B0C-DB1C7F5B381B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E57273A-4BA4-4758-B225-0199CEB20383}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2E61BEA4-D5C3-443E-92B7-672B0E36D5FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2E61BEA4-D5C3-443E-92B7-672B0E36D5FE}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\Brigitte\AppData\Roaming\Mozilla\Firefox\Profiles\vwiu0t4k.default\prefs.js

Deleted : user_pref("extensions.smarterwiki.search_surfcanyon", false);

Profile name : default
File : C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\99zdufqb.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\htsyhxg3.default\prefs.js

Deleted : user_pref("CT2851647..clientLogIsEnabled", false);
Deleted : user_pref("CT2851647..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2851647..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2851647.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2851647.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2851647.AppTrackingLastCheckTime", "Thu Jul 19 2012 09:15:28 GMT+0200");
Deleted : user_pref("CT2851647.CTID", "CT2851647");
Deleted : user_pref("CT2851647.CurrentServerDate", "8-8-2012");
Deleted : user_pref("CT2851647.DSInstall", false);
Deleted : user_pref("CT2851647.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2851647.DialogsGetterLastCheckTime", "Sun Aug 05 2012 20:55:21 GMT+0200");
Deleted : user_pref("CT2851647.DownloadReferralCookieData", "");
Deleted : user_pref("CT2851647.EMailNotifierPollDate", "Wed Aug 08 2012 17:45:24 GMT+0200");
Deleted : user_pref("CT2851647.FeedLastCount2532783744689806690", 501);
Deleted : user_pref("CT2851647.FeedPollDate2429156812186649977", "Wed Aug 08 2012 17:35:25 GMT+0200");
Deleted : user_pref("CT2851647.FeedPollDate2429156813040823546", "Wed Aug 08 2012 17:35:25 GMT+0200");
Deleted : user_pref("CT2851647.FeedPollDate2429156813130095866", "Wed Aug 08 2012 17:35:25 GMT+0200");
Deleted : user_pref("CT2851647.FeedPollDate2429156813224203613", "Wed Aug 08 2012 17:35:25 GMT+0200");
Deleted : user_pref("CT2851647.FeedPollDate2429156813230837251", "Wed Aug 08 2012 17:35:25 GMT+0200");
Deleted : user_pref("CT2851647.FeedPollDate2429156813454291735", "Wed Aug 08 2012 17:35:25 GMT+0200");
Deleted : user_pref("CT2851647.FeedPollDate2429156813729834876", "Wed Aug 08 2012 17:35:25 GMT+0200");
Deleted : user_pref("CT2851647.FeedPollDate2429156813860870021", "Wed Aug 08 2012 17:35:25 GMT+0200");
Deleted : user_pref("CT2851647.FeedPollDate2429156814264681793", "Wed Aug 08 2012 17:35:25 GMT+0200");
Deleted : user_pref("CT2851647.FeedPollDate2429156814863075366", "Wed Aug 08 2012 17:35:25 GMT+0200");
Deleted : user_pref("CT2851647.FeedPollDate2429156815257761081", "Wed Aug 08 2012 17:35:25 GMT+0200");
Deleted : user_pref("CT2851647.FeedTTL2429156813040823546", 15);
Deleted : user_pref("CT2851647.FeedTTL2429156813130095866", 10);
Deleted : user_pref("CT2851647.FeedTTL2429156813454291735", 5);
Deleted : user_pref("CT2851647.FeedTTL2429156814264681793", 5);
Deleted : user_pref("CT2851647.FirstServerDate", "12-6-2012");
Deleted : user_pref("CT2851647.FirstTime", true);
Deleted : user_pref("CT2851647.FirstTimeFF3", true);
Deleted : user_pref("CT2851647.FirstTimeHiddenVer", true);
Deleted : user_pref("CT2851647.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2851647.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2851647.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2851647.HPInstall", false);
Deleted : user_pref("CT2851647.HasUserGlobalKeys", true);
Deleted : user_pref("CT2851647.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2851647.HomepageBeforeUnload", "hxxp://go.web.de/tb/mff_startpage_home");
Deleted : user_pref("CT2851647.Initialize", true);
Deleted : user_pref("CT2851647.InitializeCommonPrefs", true);
Deleted : user_pref("CT2851647.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2851647.InstallationId", "fft5939.tmp.exe");
Deleted : user_pref("CT2851647.InstallationType", "XPE");
Deleted : user_pref("CT2851647.InstalledDate", "Tue Jun 12 2012 19:10:03 GMT+0200");
Deleted : user_pref("CT2851647.IsAlertDBUpdated", true);
Deleted : user_pref("CT2851647.IsGrouping", false);
Deleted : user_pref("CT2851647.IsInitSetupIni", true);
Deleted : user_pref("CT2851647.IsMulticommunity", false);
Deleted : user_pref("CT2851647.IsOpenThankYouPage", true);
Deleted : user_pref("CT2851647.IsOpenUninstallPage", false);
Deleted : user_pref("CT2851647.LanguagePackLastCheckTime", "Wed Aug 08 2012 17:35:24 GMT+0200");
Deleted : user_pref("CT2851647.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2851647.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2851647.LastLogin_3.13.0.6", "Thu Jul 19 2012 09:15:20 GMT+0200");
Deleted : user_pref("CT2851647.LastLogin_3.14.1.0", "Wed Aug 08 2012 17:35:24 GMT+0200");
Deleted : user_pref("CT2851647.LatestVersion", "3.14.1.0");
Deleted : user_pref("CT2851647.Locale", "de");
Deleted : user_pref("CT2851647.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2851647.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2851647.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2851647.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2851647.OriginalFirstVersion", "3.13.0.6");
Deleted : user_pref("CT2851647.SearchCaption", "uTorrentBar_DE Customized Web Search");
Deleted : user_pref("CT2851647.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Deleted : user_pref("CT2851647.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2851647.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT285[...]
Deleted : user_pref("CT2851647.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2851647.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2851647.SearchInNewTabLastCheckTime", "Wed Aug 08 2012 17:35:23 GMT+0200");
Deleted : user_pref("CT2851647.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2851647.SearchProtectorEnabled", false);
Deleted : user_pref("CT2851647.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2851647.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT2851647.ServiceMapLastCheckTime", "Wed Aug 08 2012 17:35:23 GMT+0200");
Deleted : user_pref("CT2851647.SettingsLastCheckTime", "Wed Aug 08 2012 17:35:21 GMT+0200");
Deleted : user_pref("CT2851647.SettingsLastUpdate", "1342353909");
Deleted : user_pref("CT2851647.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2851647&SearchSource=13");
Deleted : user_pref("CT2851647.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2851647.ThirdPartyComponentsLastCheck", "Thu Jul 26 2012 20:07:05 GMT+0200");
Deleted : user_pref("CT2851647.ThirdPartyComponentsLastUpdate", "1331806000");
Deleted : user_pref("CT2851647.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2851647.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2851647");
Deleted : user_pref("CT2851647.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2851647.UserID", "UN85873740707211467");
Deleted : user_pref("CT2851647.ValidationData_Toolbar", 1);
Deleted : user_pref("CT2851647.WeatherNetwork", "");
Deleted : user_pref("CT2851647.WeatherPollDate", "Wed Aug 08 2012 17:35:25 GMT+0200");
Deleted : user_pref("CT2851647.WeatherUnit", "C");
Deleted : user_pref("CT2851647.alertChannelId", "1243681");
Deleted : user_pref("CT2851647.autoDisableScopes", -1);
Deleted : user_pref("CT2851647.backendstorage.cb_experience_000", "35");
Deleted : user_pref("CT2851647.backendstorage.cb_firstuse0100", "31");
Deleted : user_pref("CT2851647.backendstorage.cb_user_id_000", "43423138353834313733313537335F46697265666F78")[...]
Deleted : user_pref("CT2851647.backendstorage.cbcountry_000", "4445");
Deleted : user_pref("CT2851647.backendstorage.cbcountry_001", "4445");
Deleted : user_pref("CT2851647.backendstorage.cbfirsttime", "547565204A756E20313220323031322031393A31303A31312[...]
Deleted : user_pref("CT2851647.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...]
Deleted : user_pref("CT2851647.backendstorage.url_history0001", "687474703A2F2F7777772E74726F6A616E65722D626F6[...]
Deleted : user_pref("CT2851647.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2851647.globalFirstTimeInfoLastCheckTime", "Mon Aug 06 2012 17:39:01 GMT+0200");
Deleted : user_pref("CT2851647.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2851647.initDone", true);
Deleted : user_pref("CT2851647.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2851647.myStuffEnabled", true);
Deleted : user_pref("CT2851647.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2851647.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2851647.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2851647.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2851647.navigateToUrlOnSearch", false);
Deleted : user_pref("CT2851647.oldAppsList", "129351532244963279,129351532245275780,1000234,129791456886122866[...]
Deleted : user_pref("CT2851647.revertSettingsEnabled", true);
Deleted : user_pref("CT2851647.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2851647.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2851647.testingCtid", "");
Deleted : user_pref("CT2851647.toolbarAppMetaDataLastCheckTime", "Wed Aug 08 2012 17:35:24 GMT+0200");
Deleted : user_pref("CT2851647.toolbarContextMenuLastCheckTime", "Mon Jul 30 2012 17:39:21 GMT+0200");
Deleted : user_pref("CT2851647.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2851647/CT2851647[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2851647", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2851647",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"ecc[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Andreas\\AppData\\Roaming\\Mozilla\[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.14.1.0");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2851647");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2851647");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2851647");
Deleted : user_pref("CommunityToolbar.globalUserId", "40556531-ed25-416a-b3d3-6187ad4deda4");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2851647");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Aug 07 2012 17:34:1[...]
Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", false);
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed Aug 08 2012 17:35:27 GMT+0200");
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "fc916a99-b53b-4968-bfb1-b2b2407e0998");
Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://go.web.de/tb/mff_startpage_home");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=2&q=[...]

Profile name : default
File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ib2txj42.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [17899 octets] - [06/08/2012 19:33:19]
AdwCleaner[S1].txt - [17557 octets] - [08/08/2012 17:47:33]

########## EOF - C:\AdwCleaner[S1].txt - [17686 octets] ##########

Und der Bericht von Emsisoft

Code:
Emsisoft Anti-Malware - Version 6.6
Letztes Update: 08.08.2012 17:58:30

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:        08.08.2012 18:04:08

C:\Users\Jana\Saved Games\Polar Bowler\Polar.Bowler.v1.0-NiTROUS\crack.zip -> Polar.exe        gefunden: Email-Worm.Win32.Brontok!E2
C:\Users\Jana\Saved Games\Polar Bowler\Polar.Bowler.v1.0-NiTROUS\Polar.exe        gefunden: Email-Worm.Win32.Brontok!E2
C:\Users\Jana\Downloads\Polar.Bowler.v1.0-NiTROUS.ZIP -> Polar.Bowler.v1.0-NiTROUS\crack.zip        gefunden: Email-Worm.Win32.Brontok!E2
C:\Users\Jana\Downloads\Polar.Bowler.v1.0-NiTROUS.ZIP -> Polar.Bowler.v1.0-NiTROUS\crack.zip -> Polar.exe        gefunden: Email-Worm.Win32.Brontok!E2
C:\Users\Andreas\Downloads\Windows+7+Loader+v2.1.1+by+Daz+(x86+&+x64).zip -> Windows Loader\Windows Loader.exe        gefunden: HackTool.Win32.Gendows!E2
C:\Users\Andreas\Downloads\Windows Loader\Windows Loader.exe        gefunden: HackTool.Win32.Gendows.AMN!E1
C:\Users\Andreas\Desktop\Download\ Polar Bowler.rar -> Polar Bowler\Polar.exe        gefunden: Email-Worm.Win32.Brontok!E2
C:\source\Easytools\easyusetool_frontend_0514_gsmfree.exe        gefunden: Backdoor.Win32.Hupigon!E2
C:\$Recycle.Bin\S-1-5-21-3292852919-811151621-2006029298-1004\$R67DO79.exe        gefunden: Email-Worm.Win32.Brontok!E2

Gescannt        602907
Gefunden        9

Scan Ende:        08.08.2012 19:41:52
Scan Zeit:        1:37:44

C:\source\Easytools\easyusetool_frontend_0514_gsmfree.exe        Quarantäne Backdoor.Win32.Hupigon!E2
C:\Users\Andreas\Downloads\Windows Loader\Windows Loader.exe        Quarantäne HackTool.Win32.Gendows.AMN!E1
C:\Users\Andreas\Downloads\Windows+7+Loader+v2.1.1+by+Daz+(x86+&+x64).zip -> Windows Loader\Windows Loader.exe        Quarantäne HackTool.Win32.Gendows!E2
C:\Users\Jana\Saved Games\Polar Bowler\Polar.Bowler.v1.0-NiTROUS\crack.zip -> Polar.exe        Quarantäne Email-Worm.Win32.Brontok!E2
C:\Users\Jana\Saved Games\Polar Bowler\Polar.Bowler.v1.0-NiTROUS\Polar.exe        Quarantäne Email-Worm.Win32.Brontok!E2
C:\Users\Jana\Downloads\Polar.Bowler.v1.0-NiTROUS.ZIP -> Polar.Bowler.v1.0-NiTROUS\crack.zip        Quarantäne Email-Worm.Win32.Brontok!E2
C:\Users\Andreas\Desktop\Download\ Polar Bowler.rar -> Polar Bowler\Polar.exe        Quarantäne Email-Worm.Win32.Brontok!E2
C:\$Recycle.Bin\S-1-5-21-3292852919-811151621-2006029298-1004\$R67DO79.exe        Quarantäne Email-Worm.Win32.Brontok!E2

Quarantäne        8
VG

t'john 08.08.2012 19:08
Sehr gut! :daumenhoc


Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

trojaner64 08.08.2012 21:23
Hallo,

ich frage vorsichtshalber mal nach. Die letzte Nachricht ist identisch mit der vorletzten. Ist die Empfehlung, die Schritte nochmal zu wiederholen?

mfg
trojaner64

t'john 09.08.2012 07:45
Sorry, habs korrigiert: http://www.trojaner-board.de/121180-...tml#post887041

trojaner64 09.08.2012 19:26
Hallo,

nachfolgend das Log von Eset.

VG

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c1fe810d46c705459e36fc82485e9a14
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-09 05:51:43
# local_time=2012-08-09 07:51:43 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 25310362 25310362 0 0
# compatibility_mode=5893 16776573 100 94 85132 96156642 0 0
# compatibility_mode=8192 67108863 100 0 166 166 0 0
# scanned=169154
# found=2
# cleaned=2
# scan_time=7932
C:\Users\Brigitte\Downloads\Setup_MoviesToDVD.exe        Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
C:\Users\Brigitte\Downloads\Microsoft.Windows.7.Enterprise.x64.SP1.GERMAN-BIE-PLZ\bie764sp1g.iso        a variant of Win32/HackKMS.A application (deleted - quarantined)        00000000000000000000000000000000        C

t'john 10.08.2012 12:43
Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 5 ) herunter laden.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
  • Klicke erneut OK.


Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

trojaner64 14.08.2012 15:25
Hallo,

die neueste Java-Version habe ich installiert. Wie ich bei der Bereinigung des Systems gesehen hatte, ist der Trojaner auch über Java in mein System gelangt.

Die Java-Einstellungen habe ich auch gemäß eurer Empfehlung eingestellt.

:dankeschoen:


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:02 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131