Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Win 7 mit UKASH- Trojaner (Bundespolizei- Trojaner) infiziert

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 27.07.2012, 13:23   #1
Ineedhelp:(
 
Win 7 mit UKASH- Trojaner (Bundespolizei- Trojaner) infiziert - Standard

Win 7 mit UKASH- Trojaner (Bundespolizei- Trojaner) infiziert



Hallo zusammen,
nach meiner Mutter hat jetzt nun auch meine Schwester sich den Ukash- Trojaner eingefangen.

So habe ich wie es Überall als anweisung steht erstmal den OTL.txt erstellt und nun hochgeladen.


Hier ist wie man dies tut, für die es noch nicht wissen

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop.
http://www.trojaner-board.de/85104-o...-oldtimer.html

Schliesse bitte nun alle Programme. (Wichtig)
Starte bitte die OTL.exe.
Klicke nun bitte auf den Quick Scan Button.
Wenn der Scan beendet wurde, werden 2 Textdokumente erstellt.
Kopiere nun den Inhalt aus OTL.txt deinen Thread

Nun bin ich auf eure Hilfe angewiesen.

Schon einmal vielen Dank im voraus.

Sascha
Angehängte Dateien
Dateityp: txt OTL.Txt (73,1 KB, 192x aufgerufen)

Alt 27.07.2012, 15:50   #2
t'john
/// Helfer-Team
 
Win 7 mit UKASH- Trojaner (Bundespolizei- Trojaner) infiziert - Standard

Win 7 mit UKASH- Trojaner (Bundespolizei- Trojaner) infiziert





Fixen mit OTLpe


  • Starte den unbootbaren Computer erneut mit der OTLPE-CD,
  • warte bis der Reatogo-X-Pe-Desktop erscheint und doppelklicke das OTLPE-Icon.



  • Kopiere folgendes Skript in das Textfeld unterhalb von Custom Scans/Fixes:
  • Sollte das mangels Internet-Verbindung nicht möglich sein,
  • kopiere den Text aus der folgenden Code-Box und speichere ihn als Fix.txt auf einen USB-Stick.
  • Schließe den USB-Stick an den Computer an und öffne Fix.txt mit dem Explorer auf dem Reatogo-Desktop.
  • Kopiere den Inhalt von Fix.txt in das Textfeld unterhalb von Custom Scans/Fixes:


Code:
ATTFilter
:OTL

IE - HKU\Flower_Power_ON_E\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - Reg Error: Key error. File not found 
IE - HKU\Flower_Power_ON_E\..\URLSearchHook: {f4c28532-b9d0-4950-a2df-e83f9929242b} - Reg Error: Key error. File not found 
IE - HKU\Flower_Power_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\Flower_Power_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 

O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - E:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) 
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found. 
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - E:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) 
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - E:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) 
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - E:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) 
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - E:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) 
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O3 - HKU\Flower_Power_ON_E\..\Toolbar\WebBrowser: (MyFunCards) - {210F1B36-3B7F-41A4-B5DA-3EB87F5A56C2} - E:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mbar.dll (MindSpark) 
O3 - HKU\Flower_Power_ON_E\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - E:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) 
O4 - HKLM..\Run: [] File not found 
O4 - HKLM..\Run: [Babylon Client] E:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.) 
O4 - HKLM..\Run: [SweetIM] E:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) 
O4 - HKLM..\Run: [Sweetpacks Communicator] E:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) 
O4 - HKLM..\Run: [WinampAgent] E:\Program Files (x86)\Winamp\Winampa.exe () 
O4 - HKU\Flower_Power_ON_E..\Run: [] E:\Users\Flower Power\AppData\Local\Temp\nlbsmkxperkyvbgtrnebhxq.exe (Asus) 
O4 - HKU\Flower_Power_ON_E..\Run: [Akamai NetSession Interface] E:\Users\Flower Power\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) 
O4 - HKU\Flower_Power_ON_E..\Run: [Facebook Update] E:\Users\Flower Power\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) 
O4 - HKU\Flower_Power_ON_E..\Run: [PCSpeedUp] E:\Program Files (x86)\PC Beschleunigen\PCSUNotifier.exe () 
O4 - HKU\LocalService_ON_E..\RunOnce: [mctadmin] File not found 
O4 - HKU\NetworkService_ON_E..\RunOnce: [mctadmin] File not found 
O4 - Startup: E:\Users\Flower Power\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk () 
O4 - Startup: E:\Users\Flower Power\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windrop Player.lnk () 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O8:64bit: - Extra context menu item: Translate this web page with Babylon - E:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) 
O8:64bit: - Extra context menu item: Translate with Babylon - E:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) 
O8:64bit: - Extra context menu item: Web-Suche - E:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html () 
O8 - Extra context menu item: Translate this web page with Babylon - E:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) 
O8 - Extra context menu item: Translate with Babylon - E:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) 
O8 - Extra context menu item: Web-Suche - E:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html () 
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - E:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) 
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - E:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - File not found - -- [ NTFS ] 
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] 
O33 - MountPoints2\{4783f9cc-b2df-11e1-b551-d067e51d43ff}\Shell - "" = AutoRun 
O33 - MountPoints2\{4783f9cc-b2df-11e1-b551-d067e51d43ff}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe 
O33 - MountPoints2\{8e06c97e-28ad-11e1-adf6-806e6f6e6963}\Shell - "" = AutoRun 
O33 - MountPoints2\{8e06c97e-28ad-11e1-adf6-806e6f6e6963}\Shell\AutoRun\command - "" = D:\reatogoMenu.exe 
O34 - HKLM BootExecute: (autocheck autochk *) - File not found 
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found 
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found 

[2012/07/27 07:50:19 | 004,503,728 | ---- | M] () -- E:\ProgramData\to_r0tsef.pad 
[2012/07/27 07:44:21 | 000,000,422 | ---- | M] () -- E:\Windows\tasks\SystemToolsDailyTest.job 
[2012/07/26 18:00:00 | 000,000,884 | ---- | M] () -- E:\Windows\tasks\Adobe Flash Player Updater.job 
[2012/07/26 17:55:05 | 000,001,166 | ---- | M] () -- E:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3266328987-1165673113-468293243-1000UA.job 
[2012/07/26 17:49:10 | 000,001,148 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3266328987-1165673113-468293243-1000UA.job 
[2012/07/26 17:23:10 | 000,000,564 | ---- | M] () -- E:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job 
[2012/07/26 17:23:10 | 000,000,564 | ---- | M] () -- E:\Windows\tasks\PCDoctorBackgroundMonitorTask.job 
[2012/07/15 12:52:27 | 000,001,891 | ---- | M] () -- E:\Users\Flower Power\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk 
[2012/07/12 16:01:57 | 000,001,144 | ---- | M] () -- E:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3266328987-1165673113-468293243-1000Core.job 
[2012/07/11 13:06:47 | 000,001,096 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3266328987-1165673113-468293243-1000Core.job 
[2012/07/10 15:29:35 | 000,000,374 | ---- | M] () -- E:\Windows\tasks\PC SpeedUp Service Deactivator.job 
[2012/07/10 15:25:36 | 000,000,462 | -H-- | M] () -- E:\Windows\tasks\Norton Security Scan for Flower Power.job 
[2012/07/27 07:48:36 | 000,000,000 | ---D | M] -- E:\ProgramData\Babylon 
[2012/06/01 11:39:23 | 000,000,000 | ---D | M] -- E:\ProgramData\SweetIM 
:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • Kopiere den Inhalt hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\OTLpe\MovedFiles\<datum_nummer.log>
  • Teste, ob den Computer nun wieder in den normalen Windows-Modus booten kannst und berichte.
__________________

__________________

Alt 30.07.2012, 13:33   #3
Ineedhelp:(
 
Win 7 mit UKASH- Trojaner (Bundespolizei- Trojaner) infiziert - Standard

Win 7 mit UKASH- Trojaner (Bundespolizei- Trojaner) infiziert



Erstmal vielen Dank für die schnelle Hilfe, aber leider ist ein Problem mit dem Skript aufgetaucht.
Nachdem ich auf Run Fix gedrückt habe bleibt OTL PE bei

IE - HKU\Flower_Power_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =

hängen.
Ich habe den Rechner ca. 2 Stunden weiterlaufen lassen aber nichts, also gehe ich davon aus das es sich aufgehängt.

Vielleicht habe ich ja irgendwas falsch eingestellt.
Im Anhang ist der Screenshot.
__________________
Miniaturansicht angehängter Grafiken
Win 7 mit UKASH- Trojaner (Bundespolizei- Trojaner) infiziert-img_2660.jpg  

Alt 30.07.2012, 14:49   #4
t'john
/// Helfer-Team
 
Win 7 mit UKASH- Trojaner (Bundespolizei- Trojaner) infiziert - Standard

Win 7 mit UKASH- Trojaner (Bundespolizei- Trojaner) infiziert



neuer Fix:

Code:
ATTFilter
:OTL

O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - E:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) 
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found. 
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - E:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) 
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - E:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) 
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - E:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) 
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - E:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) 
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O3 - HKU\Flower_Power_ON_E\..\Toolbar\WebBrowser: (MyFunCards) - {210F1B36-3B7F-41A4-B5DA-3EB87F5A56C2} - E:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mbar.dll (MindSpark) 
O3 - HKU\Flower_Power_ON_E\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - E:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) 
O4 - HKLM..\Run: [] File not found 
O4 - HKLM..\Run: [Babylon Client] E:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.) 
O4 - HKLM..\Run: [SweetIM] E:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) 
O4 - HKLM..\Run: [Sweetpacks Communicator] E:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) 
O4 - HKLM..\Run: [WinampAgent] E:\Program Files (x86)\Winamp\Winampa.exe () 
O4 - HKU\Flower_Power_ON_E..\Run: [] E:\Users\Flower Power\AppData\Local\Temp\nlbsmkxperkyvbgtrnebhxq.exe (Asus) 
O4 - HKU\Flower_Power_ON_E..\Run: [Akamai NetSession Interface] E:\Users\Flower Power\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) 
O4 - HKU\Flower_Power_ON_E..\Run: [Facebook Update] E:\Users\Flower Power\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) 
O4 - HKU\Flower_Power_ON_E..\Run: [PCSpeedUp] E:\Program Files (x86)\PC Beschleunigen\PCSUNotifier.exe () 
O4 - HKU\LocalService_ON_E..\RunOnce: [mctadmin] File not found 
O4 - HKU\NetworkService_ON_E..\RunOnce: [mctadmin] File not found 
O4 - Startup: E:\Users\Flower Power\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk () 
O4 - Startup: E:\Users\Flower Power\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windrop Player.lnk () 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O8:64bit: - Extra context menu item: Translate this web page with Babylon - E:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) 
O8:64bit: - Extra context menu item: Translate with Babylon - E:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) 
O8:64bit: - Extra context menu item: Web-Suche - E:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html () 
O8 - Extra context menu item: Translate this web page with Babylon - E:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) 
O8 - Extra context menu item: Translate with Babylon - E:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) 
O8 - Extra context menu item: Web-Suche - E:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html () 
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - E:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) 
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - E:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - File not found - -- [ NTFS ] 
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] 
O33 - MountPoints2\{4783f9cc-b2df-11e1-b551-d067e51d43ff}\Shell - "" = AutoRun 
O33 - MountPoints2\{4783f9cc-b2df-11e1-b551-d067e51d43ff}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe 
O33 - MountPoints2\{8e06c97e-28ad-11e1-adf6-806e6f6e6963}\Shell - "" = AutoRun 
O33 - MountPoints2\{8e06c97e-28ad-11e1-adf6-806e6f6e6963}\Shell\AutoRun\command - "" = D:\reatogoMenu.exe 
O34 - HKLM BootExecute: (autocheck autochk *) - File not found 
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found 
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found 

[2012/07/27 07:50:19 | 004,503,728 | ---- | M] () -- E:\ProgramData\to_r0tsef.pad 
[2012/07/27 07:44:21 | 000,000,422 | ---- | M] () -- E:\Windows\tasks\SystemToolsDailyTest.job 
[2012/07/26 18:00:00 | 000,000,884 | ---- | M] () -- E:\Windows\tasks\Adobe Flash Player Updater.job 
[2012/07/26 17:55:05 | 000,001,166 | ---- | M] () -- E:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3266328987-1165673113-468293243-1000UA.job 
[2012/07/26 17:49:10 | 000,001,148 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3266328987-1165673113-468293243-1000UA.job 
[2012/07/26 17:23:10 | 000,000,564 | ---- | M] () -- E:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job 
[2012/07/26 17:23:10 | 000,000,564 | ---- | M] () -- E:\Windows\tasks\PCDoctorBackgroundMonitorTask.job 
[2012/07/15 12:52:27 | 000,001,891 | ---- | M] () -- E:\Users\Flower Power\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk 
[2012/07/12 16:01:57 | 000,001,144 | ---- | M] () -- E:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3266328987-1165673113-468293243-1000Core.job 
[2012/07/11 13:06:47 | 000,001,096 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3266328987-1165673113-468293243-1000Core.job 
[2012/07/10 15:29:35 | 000,000,374 | ---- | M] () -- E:\Windows\tasks\PC SpeedUp Service Deactivator.job 
[2012/07/10 15:25:36 | 000,000,462 | -H-- | M] () -- E:\Windows\tasks\Norton Security Scan for Flower Power.job 
[2012/07/27 07:48:36 | 000,000,000 | ---D | M] -- E:\ProgramData\Babylon 
[2012/06/01 11:39:23 | 000,000,000 | ---D | M] -- E:\ProgramData\SweetIM 
:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
         
__________________
Mfg, t'john
Das TB unterstützen

Alt 31.07.2012, 21:01   #5
Ineedhelp:(
 
Win 7 mit UKASH- Trojaner (Bundespolizei- Trojaner) infiziert - Standard

Win 7 mit UKASH- Trojaner (Bundespolizei- Trojaner) infiziert



Gute Nachrichten.
Es scheint zu funktionierten.
Jetzt hoffe ich nur noch dass die Code -Tags die richtigen sind.

Code:
ATTFilter
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
E:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}\ deleted successfully.
E:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
E:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully.
E:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ deleted successfully.
File E:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\Flower_Power_ON_E\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{210F1B36-3B7F-41A4-B5DA-3EB87F5A56C2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{210F1B36-3B7F-41A4-B5DA-3EB87F5A56C2}\ deleted successfully.
E:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mbar.dll moved successfully.
Registry value HKEY_USERS\Flower_Power_ON_E\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
File E:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\Babylon Client deleted successfully.
E:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\SweetIM deleted successfully.
E:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\Sweetpacks Communicator deleted successfully.
E:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\WinampAgent deleted successfully.
E:\Program Files (x86)\Winamp\winampa.exe moved successfully.
Registry key HKEY_USERS\Flower_Power_ON_E\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
E:\Users\Flower Power\AppData\Local\Temp\nlbsmkxperkyvbgtrnebhxq.exe moved successfully.
Registry key HKEY_USERS\Flower_Power_ON_E\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
E:\Users\Flower Power\AppData\Local\Akamai\netsession_win.exe moved successfully.
Registry key HKEY_USERS\Flower_Power_ON_E\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
E:\Users\Flower Power\AppData\Local\Facebook\Update\FacebookUpdate.exe moved successfully.
Registry key HKEY_USERS\Flower_Power_ON_E\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
E:\Program Files (x86)\PC Beschleunigen\PCSUNotifier.exe moved successfully.
Registry key HKEY_USERS\LocalService_ON_E\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.
Registry key HKEY_USERS\NetworkService_ON_E\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.
E:\Users\Flower Power\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk moved successfully.
E:\Users\Flower Power\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windrop Player.lnk moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon\ deleted successfully.
File E:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon\ deleted successfully.
File E:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Web-Suche\ deleted successfully.
File Suche - E:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon\ not found.
File E:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon\ not found.
File E:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Web-Suche\ not found.
File Suche - E:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ not found.
File E:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ not found.
File E:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File File not found - -- not found.
File move failed. X:\AUTORUN.INF scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4783f9cc-b2df-11e1-b551-d067e51d43ff}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4783f9cc-b2df-11e1-b551-d067e51d43ff}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4783f9cc-b2df-11e1-b551-d067e51d43ff}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4783f9cc-b2df-11e1-b551-d067e51d43ff}\ not found.
File F:\LGAutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e06c97e-28ad-11e1-adf6-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8e06c97e-28ad-11e1-adf6-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e06c97e-28ad-11e1-adf6-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8e06c97e-28ad-11e1-adf6-806e6f6e6963}\ not found.
File D:\reatogoMenu.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
E:\ProgramData\to_r0tsef.pad moved successfully.
E:\Windows\Tasks\SystemToolsDailyTest.job moved successfully.
E:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
E:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3266328987-1165673113-468293243-1000UA.job moved successfully.
E:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3266328987-1165673113-468293243-1000UA.job moved successfully.
E:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job moved successfully.
E:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job moved successfully.
File E:\Users\Flower Power\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
E:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3266328987-1165673113-468293243-1000Core.job moved successfully.
E:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3266328987-1165673113-468293243-1000Core.job moved successfully.
E:\Windows\Tasks\PC SpeedUp Service Deactivator.job moved successfully.
E:\Windows\Tasks\Norton Security Scan for Flower Power.job moved successfully.
E:\ProgramData\Babylon\LocalUI\js folder moved successfully.
E:\ProgramData\Babylon\LocalUI\img-ie6\rslt folder moved successfully.
E:\ProgramData\Babylon\LocalUI\img-ie6\Ftxt folder moved successfully.
E:\ProgramData\Babylon\LocalUI\img-ie6\frameIE6 folder moved successfully.
E:\ProgramData\Babylon\LocalUI\img-ie6\frame2_ folder moved successfully.
E:\ProgramData\Babylon\LocalUI\img-ie6\frame\Tabs folder moved successfully.
E:\ProgramData\Babylon\LocalUI\img-ie6\frame folder moved successfully.
E:\ProgramData\Babylon\LocalUI\img-ie6\dropdown folder moved successfully.
E:\ProgramData\Babylon\LocalUI\img-ie6\controls folder moved successfully.
E:\ProgramData\Babylon\LocalUI\img-ie6\Btn folder moved successfully.
E:\ProgramData\Babylon\LocalUI\img-ie6\banner1_ folder moved successfully.
E:\ProgramData\Babylon\LocalUI\img-ie6 folder moved successfully.
E:\ProgramData\Babylon\LocalUI\img\rslt folder moved successfully.
E:\ProgramData\Babylon\LocalUI\img\Ftxt folder moved successfully.
E:\ProgramData\Babylon\LocalUI\img\frame2 folder moved successfully.
E:\ProgramData\Babylon\LocalUI\img\frame\Tabs folder moved successfully.
E:\ProgramData\Babylon\LocalUI\img\frame folder moved successfully.
E:\ProgramData\Babylon\LocalUI\img\dropdown folder moved successfully.
E:\ProgramData\Babylon\LocalUI\img\crsl_ folder moved successfully.
E:\ProgramData\Babylon\LocalUI\img\controls folder moved successfully.
E:\ProgramData\Babylon\LocalUI\img\cmnty folder moved successfully.
E:\ProgramData\Babylon\LocalUI\img\Btn folder moved successfully.
E:\ProgramData\Babylon\LocalUI\img\banner_ folder moved successfully.
E:\ProgramData\Babylon\LocalUI\img folder moved successfully.
E:\ProgramData\Babylon\LocalUI\Content\WelcomeScreen folder moved successfully.
E:\ProgramData\Babylon\LocalUI\Content\WaitForRes folder moved successfully.
E:\ProgramData\Babylon\LocalUI\Content\MsgResult folder moved successfully.
E:\ProgramData\Babylon\LocalUI\Content\KeyHandlerJS folder moved successfully.
E:\ProgramData\Babylon\LocalUI\Content\img folder moved successfully.
E:\ProgramData\Babylon\LocalUI\Content\GlossResult folder moved successfully.
E:\ProgramData\Babylon\LocalUI\Content\ExpTransCap folder moved successfully.
E:\ProgramData\Babylon\LocalUI\Content\ExpNag folder moved successfully.
E:\ProgramData\Babylon\LocalUI\Content\ExpDefault folder moved successfully.
E:\ProgramData\Babylon\LocalUI\Content\ExpDailyCap folder moved successfully.
E:\ProgramData\Babylon\LocalUI\Content\EmptyTrans folder moved successfully.
E:\ProgramData\Babylon\LocalUI\Content\DwnldInst folder moved successfully.
E:\ProgramData\Babylon\LocalUI\Content\CorrectResult folder moved successfully.
E:\ProgramData\Babylon\LocalUI\Content\CorpGlossResult folder moved successfully.
E:\ProgramData\Babylon\LocalUI\Content\ConvertResult folder moved successfully.
E:\ProgramData\Babylon\LocalUI\Content\Convert folder moved successfully.
E:\ProgramData\Babylon\LocalUI\Content\ConjWait folder moved successfully.
E:\ProgramData\Babylon\LocalUI\Content\Conjugation folder moved successfully.
E:\ProgramData\Babylon\LocalUI\Content\AutoComp folder moved successfully.
E:\ProgramData\Babylon\LocalUI\Content\AskComm folder moved successfully.
E:\ProgramData\Babylon\LocalUI\Content\AddGloss folder moved successfully.
E:\ProgramData\Babylon\LocalUI\Content\AcrbtOcrHelp folder moved successfully.
E:\ProgramData\Babylon\LocalUI\Content folder moved successfully.
E:\ProgramData\Babylon\LocalUI\Config\img folder moved successfully.
E:\ProgramData\Babylon\LocalUI\Config folder moved successfully.
E:\ProgramData\Babylon\LocalUI folder moved successfully.
E:\ProgramData\Babylon\Gloss folder moved successfully.
E:\ProgramData\Babylon folder moved successfully.
E:\ProgramData\SweetIM\Messenger\update folder moved successfully.
E:\ProgramData\SweetIM\Messenger\logs folder moved successfully.
E:\ProgramData\SweetIM\Messenger\data\packages\FailDialog folder moved successfully.
E:\ProgramData\SweetIM\Messenger\data\packages folder moved successfully.
E:\ProgramData\SweetIM\Messenger\data\contentdb folder moved successfully.
E:\ProgramData\SweetIM\Messenger\data\Bars\Default\400 folder moved successfully.
E:\ProgramData\SweetIM\Messenger\data\Bars\Default\200 folder moved successfully.
E:\ProgramData\SweetIM\Messenger\data\Bars\Default\100 folder moved successfully.
E:\ProgramData\SweetIM\Messenger\data\Bars\Default folder moved successfully.
E:\ProgramData\SweetIM\Messenger\data\Bars folder moved successfully.
E:\ProgramData\SweetIM\Messenger\data folder moved successfully.
E:\ProgramData\SweetIM\Messenger\conf\users folder moved successfully.
E:\ProgramData\SweetIM\Messenger\conf folder moved successfully.
E:\ProgramData\SweetIM\Messenger folder moved successfully.
E:\ProgramData\SweetIM\Communicator\Logs folder moved successfully.
E:\ProgramData\SweetIM\Communicator\conf folder moved successfully.
E:\ProgramData\SweetIM\Communicator folder moved successfully.
E:\ProgramData\SweetIM folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
E:\cmd.bat deleted successfully.
E:\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
 
User: Flower Power
->Temp folder emptied: 1522938401 bytes
->Temporary Internet Files folder emptied: 1256379246 bytes
->Java cache emptied: 51262 bytes
->Google Chrome cache emptied: 14057597 bytes
->Flash cache emptied: 111408 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
 
Total Files Cleaned = 2,664.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
 
User: Flower Power
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0.00 mb
 
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 08012012_032607
         


Alt 31.07.2012, 21:58   #6
t'john
/// Helfer-Team
 
Win 7 mit UKASH- Trojaner (Bundespolizei- Trojaner) infiziert - Standard

Win 7 mit UKASH- Trojaner (Bundespolizei- Trojaner) infiziert



Sehr gut!

Wie laeuft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
--> Win 7 mit UKASH- Trojaner (Bundespolizei- Trojaner) infiziert

Alt 21.08.2012, 03:38   #7
t'john
/// Helfer-Team
 
Win 7 mit UKASH- Trojaner (Bundespolizei- Trojaner) infiziert - Standard

Win 7 mit UKASH- Trojaner (Bundespolizei- Trojaner) infiziert



Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu Win 7 mit UKASH- Trojaner (Bundespolizei- Trojaner) infiziert
anweisung, beendet, dokumente, erstell, erstellt, hallo zusammen, herunter, infiziert, inhalt, klicke, mutter, oldtimer, otl.txt, quick, scan, starte, troja, trojaner, ukash-trojaner, wichtig, win, win 7, wissen, zusammen



Ähnliche Themen: Win 7 mit UKASH- Trojaner (Bundespolizei- Trojaner) infiziert


  1. Bundespolizei/GVU/UKASH-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 14.05.2013 (23)
  2. Bundespolizei-Trojaner (Ukash etc.) auf Win XP
    Plagegeister aller Art und deren Bekämpfung - 27.11.2012 (15)
  3. Trojaner Ukash Bundespolizei
    Plagegeister aller Art und deren Bekämpfung - 20.11.2012 (27)
  4. GUV Trojaner / ukash / Bundespolizei
    Log-Analyse und Auswertung - 26.09.2012 (17)
  5. Trojaner Bundespolizei Ukash
    Plagegeister aller Art und deren Bekämpfung - 19.09.2012 (5)
  6. Trojaner: Bundespolizei - 100€ Ukash
    Log-Analyse und Auswertung - 30.08.2012 (9)
  7. Computer mit Bundespolizei-Virus (Ukash) infiziert
    Plagegeister aller Art und deren Bekämpfung - 22.08.2012 (3)
  8. BKA Trojaner: ukash bundespolizei trojaner bka popup
    Plagegeister aller Art und deren Bekämpfung - 09.08.2012 (17)
  9. Trojaner Bundespolizei, Ukash 100€
    Plagegeister aller Art und deren Bekämpfung - 01.08.2012 (5)
  10. Bundespolizei-Trojaner (ukash)
    Plagegeister aller Art und deren Bekämpfung - 31.07.2012 (19)
  11. XP Trojaner bundespolizei Ukash
    Log-Analyse und Auswertung - 30.07.2012 (13)
  12. UKash Bundespolizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 26.07.2012 (1)
  13. UKASH Bundespolizei Trojaner auf xp
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (8)
  14. Ukash-Bundespolizei Trojaner
    Log-Analyse und Auswertung - 03.07.2012 (15)
  15. Windows Vista 32bit von Bundespolizei uKash infiziert.
    Plagegeister aller Art und deren Bekämpfung - 12.10.2011 (10)
  16. Bundespolizei - BKA - UKASH - Trojaner
    Log-Analyse und Auswertung - 04.07.2011 (18)
  17. Bundespolizei Ukash Trojaner WIE?
    Plagegeister aller Art und deren Bekämpfung - 01.06.2011 (25)

Zum Thema Win 7 mit UKASH- Trojaner (Bundespolizei- Trojaner) infiziert - Hallo zusammen, nach meiner Mutter hat jetzt nun auch meine Schwester sich den Ukash- Trojaner eingefangen. So habe ich wie es Überall als anweisung steht erstmal den OTL.txt erstellt und - Win 7 mit UKASH- Trojaner (Bundespolizei- Trojaner) infiziert...
Archiv
Du betrachtest: Win 7 mit UKASH- Trojaner (Bundespolizei- Trojaner) infiziert auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.