|
Computer Virus von Programm Download savE oN und SW_Sustainer HALLO Leute, ich hab ein dickes Problem, ich wollte mir was downloaden..aber dummerweise war es eine Datei mit einer menge an "kostenloser Programme" drauf:headbang: .Und dann hab ich schnell gemerkt das ich ein Virus hab...konnte nichts mehr mache aber hab dann geschafft schnell den Prozess zu BEENDEN und dann konnte ich einige Deinstallieren. AAABER jetzt hab ich noch eins drauf was ich nicht Deinstallieren kann -.- und das heißt SW_Sustainer 1.80 und in meinen Google Chrome Browser ist eine Erweiterung die immer Werbung spammt das heißt savE oN 2.14 wenn ich das entferne kommt es immer wieder sobald ich den Browser neu starte. Ich pack auch mal Bilder dazu. ich hoffe mir kann jemand helfen. Ich nutze Win 7 64 bit Danke im voraus LG Basti :) http://s7.directupload.net/images/140703/q4zgcw5b.jpg http://s14.directupload.net/images/140703/5vjus8vd.jpg http://s14.directupload.net/images/140703/sm42qn3z.jpg |
Hi, Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
|
Also bei Whitelist habe ich alle Hacken gelassen ( Registry, Service, Drivers, Processes, KnowDLLs, Internet und bei Optiomal Scan war nix also hab ich auch nix hinzugefügt, ist das richtig ? hier alles was rauskam: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-07-2014 Ran by Basti (administrator) on BASTI-PC on 03-07-2014 18:59:10 Running from C:\Users\Basti\Downloads Platform: Windows 7 Ultimate (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Razer USA Ltd) C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Oracle Corporation) C:\Program Files (x86)\Java\jre7\bin\javaw.exe (Oracle Corporation) C:\Program Files (x86)\Java\jre7\bin\javaw.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Razer Imperator Driver] => C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe [979360 2012-02-09] (Razer USA Ltd) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-02] (AVAST Software) HKLM-x32\...\Run: [t4pc_en_8] => [X] HKU\S-1-5-21-4009068668-1903683971-2860272963-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\S-1-5-21-4009068668-1903683971-2860272963-1000\...\Run: [GoogleChromeAutoLaunch_63D8154278637FAC558C6DCA49B059DF] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.) AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL File Not Found AppInit_DLLs-x32: c:\progra~2\suptab\search~1.dll => "c:\progra~2\suptab\search~1.dll" File Not Found AppInit_DLLs-x32: c:\progra~2\sw_boo~1\assist~1.dll => "c:\progra~2\sw_boo~1\assist~1.dll" File Not Found ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ShellIconOverlayIdentifiers-x32: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.certified-toolbar.com?si=82443&tid=24086&ver=6.4&ts=1404287180495&tguid=82443-24086-1404287180495-438F1C07F41AEC9618078D63A8FA3642&st=chrome&q= HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1401468991&from=wld&uid=WDCXWD5000AAKS-07YGA0_WD-WCAS8459276392763 HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=82443&tid=24086&ver=6.4&ts=1404287180495&tguid=82443-24086-1404287180495-438F1C07F41AEC9618078D63A8FA3642&st=chrome&q= HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=82443&tid=24086&ver=6.4&ts=1404287180495&tguid=82443-24086-1404287180495-438F1C07F41AEC9618078D63A8FA3642&st=chrome&q= HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1401468991&from=wld&uid=WDCXWD5000AAKS-07YGA0_WD-WCAS8459276392763&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1401468991&from=wld&uid=WDCXWD5000AAKS-07YGA0_WD-WCAS8459276392763 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1401468991&from=wld&uid=WDCXWD5000AAKS-07YGA0_WD-WCAS8459276392763 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1401468991&from=wld&uid=WDCXWD5000AAKS-07YGA0_WD-WCAS8459276392763&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=82443&tid=24086&ver=6.4&ts=1404287180495&tguid=82443-24086-1404287180495-438F1C07F41AEC9618078D63A8FA3642&st=chrome&q= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1401468991&from=wld&uid=WDCXWD5000AAKS-07YGA0_WD-WCAS8459276392763 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:newtab HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.certified-toolbar.com?si=82443&tid=24086&ver=6.4&ts=1404287180495&tguid=82443-24086-1404287180495-438F1C07F41AEC9618078D63A8FA3642&st=chrome&q= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=82443&tid=24086&ver=6.4&ts=1404287180495&tguid=82443-24086-1404287180495-438F1C07F41AEC9618078D63A8FA3642&st=chrome&q= StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {05AA5F20-06DB-4746-BCC9-0C74D1AE190B} URL = hxxp://www.sm.de/?q={searchTerms} SearchScopes: HKLM - {05AA5F20-06DB-4746-BCC9-0C74D1AE190B} URL = hxxp://www.sm.de/?q={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1401468991&from=wld&uid=WDCXWD5000AAKS-07YGA0_WD-WCAS8459276392763&q={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1401468991&from=wld&uid=WDCXWD5000AAKS-07YGA0_WD-WCAS8459276392763&q={searchTerms} SearchScopes: HKCU - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRaHp8Pk5fza5XP2LokZRZTrGrmUdZw5a1hndvGLVL8mGEIpL4uTJs82J-SjzlYw2-MTGgPVwJzuXNaTfpDdHhGR0DZS8MjP10knTaE42ufvuPS9Lh6wqo8FSH5rUlE_BcUUtl8JhjEZfdAgDmkgYQt24ApHu5KsLYP98P7oY-_DEw4C7gEkiiXxikiSjLOenFvEy0cRlSw9W0cTrCVc,&q={searchTerms} SearchScopes: HKCU - {05AA5F20-06DB-4746-BCC9-0C74D1AE190B} URL = hxxp://www.sm.de/?q={searchTerms} SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1401468991&from=wld&uid=WDCXWD5000AAKS-07YGA0_WD-WCAS8459276392763&q={searchTerms} BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.) Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKCU - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== Kennt niemand eine Lösung ? :balla: |
Anstatt fett rot zu nerven würde ich mal die Anleitung anständig abarbeiten ;) FRST.txt ist unvollständig, Additon.txt fehlt komplett, Logs sind nicht in Codetags. Hellsehen kann ich nicht :) |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 04:41 Uhr. |
Copyright ©2000-2025, Trojaner-Board