Trojaner-Board
Seite 3 von 3 12 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Avira / Quarantäne: adware/installcore.gen (https://www.trojaner-board.de/141703-avira-quarantaene-adware-installcore-gen.html)

schrauber 25.09.2013 08:30
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.golsearch.com/?babsrc=HP_ss_Btisdt6&mntrId=E6CF889FFA35A8E4&affID=119357&tt=160913_m1&tsp=5011
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=E6CF889FFA35A8E4&affID=119357&tt=160913_m1&tsp=5011
BHO: LyriXeeker-1 - {11111111-1111-1111-1111-110411181156} - C:\Program Files (x86)\LyriXeeker-1\LyriXeeker-1-bho64.dll (Lyrics)
BHO-x32: LyriXeeker-1 - {11111111-1111-1111-1111-110411181156} - C:\Program Files (x86)\LyriXeeker-1\LyriXeeker-1-bho.dll (Lyrics)
BHO-x32: No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.24.6\bh\delta.dll (Delta-search.com)
Toolbar: HKLM-x32 -  No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.24.6\deltaTlbr.dll (Delta-search.com)
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} -  No File
FF Extension: No Name - C:\Users\Kirchner\AppData\Roaming\Mozilla\Firefox\Profiles\rx6bjkrc.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com
FF Extension: No Name - C:\Users\Kirchner\AppData\Roaming\Mozilla\Firefox\Profiles\rx6bjkrc.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
2013-09-20 20:56 - 2013-09-24 12:56 - 00000304 _____ C:\Windows\Tasks\UpdaterEX.job
2013-09-20 20:56 - 2013-09-20 20:56 - 00003256 _____ C:\Windows\System32\Tasks\UpdaterEX
2013-09-20 20:55 - 2013-09-20 20:55 - 00003406 _____ C:\Windows\System32\Tasks\EPUpdater
2013-09-20 20:55 - 2013-09-20 20:55 - 00000000 ____D C:\Users\Kirchner\AppData\Roaming\UpdaterEX
2013-09-20 20:55 - 2013-09-20 20:55 - 00000000 ____D C:\Users\Kirchner\AppData\Roaming\Babylon
2013-09-20 20:55 - 2013-09-20 20:55 - 00000000 ____D C:\Users\Kirchner\AppData\Roaming\BabSolution
2013-09-20 20:55 - 2013-09-20 20:55 - 00000000 ____D C:\ProgramData\DSearchLink
2013-09-20 20:55 - 2013-09-20 20:55 - 00000000 ____D C:\ProgramData\Babylon
2013-09-20 20:55 - 2013-09-20 20:55 - 00000000 ____D C:\Program Files (x86)\Delta
2013-09-17 12:10 - 2013-09-17 12:10 - 00003118 _____ C:\Windows\System32\Tasks\Advanced System Protector_startup
2013-09-17 12:10 - 2012-07-25 12:03 - 00016896 _____ C:\Windows\system32\sasnative64.exe
2013-09-17 12:09 - 2013-09-17 12:09 - 00003338 _____ C:\Windows\System32\Tasks\Advanced System Protector
2013-09-17 12:09 - 2013-09-17 12:09 - 00003108 _____ C:\Windows\System32\Tasks\RegClean Pro
2013-09-15 18:53 - 2013-09-24 19:41 - 00001302 _____ C:\Windows\Tasks\LyriXeeker-1-updater.job
2013-09-15 18:53 - 2013-09-24 19:41 - 00001206 _____ C:\Windows\Tasks\LyriXeeker-1-codedownloader.job
2013-09-15 18:53 - 2013-09-24 19:41 - 00001106 _____ C:\Windows\Tasks\LyriXeeker-1-enabler.job
2013-09-15 18:53 - 2013-09-20 20:56 - 00004332 _____ C:\Windows\System32\Tasks\LyriXeeker-1-updater
2013-09-15 18:53 - 2013-09-20 20:56 - 00004136 _____ C:\Windows\System32\Tasks\LyriXeeker-1-enabler
2013-09-15 18:53 - 2013-09-20 20:55 - 00004236 _____ C:\Windows\System32\Tasks\LyriXeeker-1-codedownloader
2013-09-15 18:51 - 2013-09-24 19:41 - 00001840 _____ C:\Windows\Tasks\LyriXeeker-1-firefoxinstaller.job
2013-09-15 18:51 - 2013-09-15 18:53 - 00000000 ____D C:\Program Files (x86)\LyriXeeker-1

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


steffiglaubi 25.09.2013 11:05
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-09-2013
Ran by Kirchner at 2013-09-25 12:01:57 Run:1
Running from C:\Users\Kirchner\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.golsearch.com/?babsrc=HP_ss_Btisdt6&mntrId=E6CF889FFA35A8E4&affID=119357&tt=160913_m1&tsp=5011
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=E6CF889FFA35A8E4&affID=119357&tt=160913_m1&tsp=5011
BHO: LyriXeeker-1 - {11111111-1111-1111-1111-110411181156} - C:\Program Files (x86)\LyriXeeker-1\LyriXeeker-1-bho64.dll (Lyrics)
BHO-x32: LyriXeeker-1 - {11111111-1111-1111-1111-110411181156} - C:\Program Files (x86)\LyriXeeker-1\LyriXeeker-1-bho.dll (Lyrics)
BHO-x32: No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.24.6\bh\delta.dll (Delta-search.com)
Toolbar: HKLM-x32 -  No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.24.6\deltaTlbr.dll (Delta-search.com)
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} -  No File
FF Extension: No Name - C:\Users\Kirchner\AppData\Roaming\Mozilla\Firefox\Profiles\rx6bjkrc.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com
FF Extension: No Name - C:\Users\Kirchner\AppData\Roaming\Mozilla\Firefox\Profiles\rx6bjkrc.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
2013-09-20 20:56 - 2013-09-24 12:56 - 00000304 _____ C:\Windows\Tasks\UpdaterEX.job
2013-09-20 20:56 - 2013-09-20 20:56 - 00003256 _____ C:\Windows\System32\Tasks\UpdaterEX
2013-09-20 20:55 - 2013-09-20 20:55 - 00003406 _____ C:\Windows\System32\Tasks\EPUpdater
2013-09-20 20:55 - 2013-09-20 20:55 - 00000000 ____D C:\Users\Kirchner\AppData\Roaming\UpdaterEX
2013-09-20 20:55 - 2013-09-20 20:55 - 00000000 ____D C:\Users\Kirchner\AppData\Roaming\Babylon
2013-09-20 20:55 - 2013-09-20 20:55 - 00000000 ____D C:\Users\Kirchner\AppData\Roaming\BabSolution
2013-09-20 20:55 - 2013-09-20 20:55 - 00000000 ____D C:\ProgramData\DSearchLink
2013-09-20 20:55 - 2013-09-20 20:55 - 00000000 ____D C:\ProgramData\Babylon
2013-09-20 20:55 - 2013-09-20 20:55 - 00000000 ____D C:\Program Files (x86)\Delta
2013-09-17 12:10 - 2013-09-17 12:10 - 00003118 _____ C:\Windows\System32\Tasks\Advanced System Protector_startup
2013-09-17 12:10 - 2012-07-25 12:03 - 00016896 _____ C:\Windows\system32\sasnative64.exe
2013-09-17 12:09 - 2013-09-17 12:09 - 00003338 _____ C:\Windows\System32\Tasks\Advanced System Protector
2013-09-17 12:09 - 2013-09-17 12:09 - 00003108 _____ C:\Windows\System32\Tasks\RegClean Pro
2013-09-15 18:53 - 2013-09-24 19:41 - 00001302 _____ C:\Windows\Tasks\LyriXeeker-1-updater.job
2013-09-15 18:53 - 2013-09-24 19:41 - 00001206 _____ C:\Windows\Tasks\LyriXeeker-1-codedownloader.job
2013-09-15 18:53 - 2013-09-24 19:41 - 00001106 _____ C:\Windows\Tasks\LyriXeeker-1-enabler.job
2013-09-15 18:53 - 2013-09-20 20:56 - 00004332 _____ C:\Windows\System32\Tasks\LyriXeeker-1-updater
2013-09-15 18:53 - 2013-09-20 20:56 - 00004136 _____ C:\Windows\System32\Tasks\LyriXeeker-1-enabler
2013-09-15 18:53 - 2013-09-20 20:55 - 00004236 _____ C:\Windows\System32\Tasks\LyriXeeker-1-codedownloader
2013-09-15 18:51 - 2013-09-24 19:41 - 00001840 _____ C:\Windows\Tasks\LyriXeeker-1-firefoxinstaller.job
2013-09-15 18:51 - 2013-09-15 18:53 - 00000000 ____D C:\Program Files (x86)\LyriXeeker-1
       
*****************

HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully.
HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411181156} => Key deleted successfully.
HKCR\CLSID\{11111111-1111-1111-1111-110411181156} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411181156} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{11111111-1111-1111-1111-110411181156} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{41564952-412D-5637-00A7-7A786E7484D7} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{41564952-412D-5637-00A7-7A786E7484D7} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{41564952-412D-5637-00A7-7A786E7484D7} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{82E1477C-B154-48D3-9891-33D83C26BCD3} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3} => Key deleted successfully.
HKCR\PROTOCOLS\Handler\cdo => Key deleted successfully.
HKCR\CLSID\{CD00020A-8B95-11D1-82DB-00C04FB1625D} => Key not found.
C:\Users\Kirchner\AppData\Roaming\Mozilla\Firefox\Profiles\rx6bjkrc.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com => Moved successfully.
C:\Users\Kirchner\AppData\Roaming\Mozilla\Firefox\Profiles\rx6bjkrc.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi => Moved successfully.
C:\Windows\Tasks\UpdaterEX.job => Moved successfully.
C:\Windows\System32\Tasks\UpdaterEX => Moved successfully.
C:\Windows\System32\Tasks\EPUpdater => Moved successfully.

"C:\Users\Kirchner\AppData\Roaming\UpdaterEX" directory move:

C:\Users\Kirchner\AppData\Roaming\UpdaterEX\UpdateProc\config.dat => Moved successfully.
C:\Users\Kirchner\AppData\Roaming\UpdaterEX\UpdateProc\prod.dat => Moved successfully.
C:\Users\Kirchner\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe => Moved successfully.
Could not move "C:\Users\Kirchner\AppData\Roaming\UpdaterEX" directory. => Scheduled to move on reboot.

C:\Users\Kirchner\AppData\Roaming\Babylon => Moved successfully.
C:\Users\Kirchner\AppData\Roaming\BabSolution => Moved successfully.
C:\ProgramData\DSearchLink => Moved successfully.
C:\ProgramData\Babylon => Moved successfully.
C:\Program Files (x86)\Delta => Moved successfully.
C:\Windows\System32\Tasks\Advanced System Protector_startup => Moved successfully.
C:\Windows\system32\sasnative64.exe => Moved successfully.
C:\Windows\System32\Tasks\Advanced System Protector => Moved successfully.
C:\Windows\System32\Tasks\RegClean Pro => Moved successfully.
C:\Windows\Tasks\LyriXeeker-1-updater.job => Moved successfully.
C:\Windows\Tasks\LyriXeeker-1-codedownloader.job => Moved successfully.
C:\Windows\Tasks\LyriXeeker-1-enabler.job => Moved successfully.
C:\Windows\System32\Tasks\LyriXeeker-1-updater => Moved successfully.
C:\Windows\System32\Tasks\LyriXeeker-1-enabler => Moved successfully.
C:\Windows\System32\Tasks\LyriXeeker-1-codedownloader => Moved successfully.
C:\Windows\Tasks\LyriXeeker-1-firefoxinstaller.job => Moved successfully.
C:\Program Files (x86)\LyriXeeker-1 => Moved successfully.

=========== Result of Scheduled Files to move ===========

"C:\Users\Kirchner\AppData\Roaming\UpdaterEX" => Directory could not move.

==== End of Fixlog ====

schrauber 25.09.2013 18:18
Noch Probleme?

steffiglaubi 25.09.2013 18:19
nein nicht mehr!!!! :-D

Jetzt die Bereinigung von Seite 1?

schrauber 26.09.2013 08:03
Genau, fertig :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:12 Uhr.
Seite 3 von 3 12 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19