Win 7 mit UKASH- Trojaner (Bundespolizei- Trojaner) infiziert

Ineedhelp:( · 27.07.2012, 13:23

Hallo zusammen,
nach meiner Mutter hat jetzt nun auch meine Schwester sich den Ukash- Trojaner eingefangen.

So habe ich wie es Überall als anweisung steht erstmal den OTL.txt erstellt und nun hochgeladen.

Hier ist wie man dies tut, für die es noch nicht wissen

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop.
http://www.trojaner-board.de/85104-o...-oldtimer.html

Schliesse bitte nun alle Programme. (Wichtig)
Starte bitte die OTL.exe.
Klicke nun bitte auf den Quick Scan Button.
Wenn der Scan beendet wurde, werden 2 Textdokumente erstellt.
Kopiere nun den Inhalt aus OTL.txt deinen Thread

Nun bin ich auf eure Hilfe angewiesen.

Schon einmal vielen Dank im voraus.

Sascha

t'john · 27.07.2012, 15:50

Fixen mit OTLpe

Starte den unbootbaren Computer erneut mit der OTLPE-CD,
warte bis der Reatogo-X-Pe-Desktop erscheint und doppelklicke das OTLPE-Icon.

Kopiere folgendes Skript in das Textfeld unterhalb von Custom Scans/Fixes:
Sollte das mangels Internet-Verbindung nicht möglich sein,
kopiere den Text aus der folgenden Code-Box und speichere ihn als Fix.txt auf einen USB-Stick.
Schließe den USB-Stick an den Computer an und öffne Fix.txt mit dem Explorer auf dem Reatogo-Desktop.
Kopiere den Inhalt von Fix.txt in das Textfeld unterhalb von Custom Scans/Fixes:

Code:

ATTFilter

:OTL

IE - HKU\Flower_Power_ON_E\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - Reg Error: Key error. File not found 
IE - HKU\Flower_Power_ON_E\..\URLSearchHook: {f4c28532-b9d0-4950-a2df-e83f9929242b} - Reg Error: Key error. File not found 
IE - HKU\Flower_Power_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\Flower_Power_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 

O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - E:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) 
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found. 
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - E:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) 
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - E:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) 
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - E:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) 
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - E:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) 
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O3 - HKU\Flower_Power_ON_E\..\Toolbar\WebBrowser: (MyFunCards) - {210F1B36-3B7F-41A4-B5DA-3EB87F5A56C2} - E:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mbar.dll (MindSpark) 
O3 - HKU\Flower_Power_ON_E\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - E:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) 
O4 - HKLM..\Run: [] File not found 
O4 - HKLM..\Run: [Babylon Client] E:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.) 
O4 - HKLM..\Run: [SweetIM] E:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) 
O4 - HKLM..\Run: [Sweetpacks Communicator] E:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) 
O4 - HKLM..\Run: [WinampAgent] E:\Program Files (x86)\Winamp\Winampa.exe () 
O4 - HKU\Flower_Power_ON_E..\Run: [] E:\Users\Flower Power\AppData\Local\Temp\nlbsmkxperkyvbgtrnebhxq.exe (Asus) 
O4 - HKU\Flower_Power_ON_E..\Run: [Akamai NetSession Interface] E:\Users\Flower Power\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) 
O4 - HKU\Flower_Power_ON_E..\Run: [Facebook Update] E:\Users\Flower Power\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) 
O4 - HKU\Flower_Power_ON_E..\Run: [PCSpeedUp] E:\Program Files (x86)\PC Beschleunigen\PCSUNotifier.exe () 
O4 - HKU\LocalService_ON_E..\RunOnce: [mctadmin] File not found 
O4 - HKU\NetworkService_ON_E..\RunOnce: [mctadmin] File not found 
O4 - Startup: E:\Users\Flower Power\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk () 
O4 - Startup: E:\Users\Flower Power\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windrop Player.lnk () 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O8:64bit: - Extra context menu item: Translate this web page with Babylon - E:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) 
O8:64bit: - Extra context menu item: Translate with Babylon - E:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) 
O8:64bit: - Extra context menu item: Web-Suche - E:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html () 
O8 - Extra context menu item: Translate this web page with Babylon - E:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) 
O8 - Extra context menu item: Translate with Babylon - E:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) 
O8 - Extra context menu item: Web-Suche - E:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html () 
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - E:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) 
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - E:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - File not found - -- [ NTFS ] 
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] 
O33 - MountPoints2\{4783f9cc-b2df-11e1-b551-d067e51d43ff}\Shell - "" = AutoRun 
O33 - MountPoints2\{4783f9cc-b2df-11e1-b551-d067e51d43ff}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe 
O33 - MountPoints2\{8e06c97e-28ad-11e1-adf6-806e6f6e6963}\Shell - "" = AutoRun 
O33 - MountPoints2\{8e06c97e-28ad-11e1-adf6-806e6f6e6963}\Shell\AutoRun\command - "" = D:\reatogoMenu.exe 
O34 - HKLM BootExecute: (autocheck autochk *) - File not found 
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found 
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found 

[2012/07/27 07:50:19 | 004,503,728 | ---- | M] () -- E:\ProgramData\to_r0tsef.pad 
[2012/07/27 07:44:21 | 000,000,422 | ---- | M] () -- E:\Windows\tasks\SystemToolsDailyTest.job 
[2012/07/26 18:00:00 | 000,000,884 | ---- | M] () -- E:\Windows\tasks\Adobe Flash Player Updater.job 
[2012/07/26 17:55:05 | 000,001,166 | ---- | M] () -- E:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3266328987-1165673113-468293243-1000UA.job 
[2012/07/26 17:49:10 | 000,001,148 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3266328987-1165673113-468293243-1000UA.job 
[2012/07/26 17:23:10 | 000,000,564 | ---- | M] () -- E:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job 
[2012/07/26 17:23:10 | 000,000,564 | ---- | M] () -- E:\Windows\tasks\PCDoctorBackgroundMonitorTask.job 
[2012/07/15 12:52:27 | 000,001,891 | ---- | M] () -- E:\Users\Flower Power\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk 
[2012/07/12 16:01:57 | 000,001,144 | ---- | M] () -- E:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3266328987-1165673113-468293243-1000Core.job 
[2012/07/11 13:06:47 | 000,001,096 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3266328987-1165673113-468293243-1000Core.job 
[2012/07/10 15:29:35 | 000,000,374 | ---- | M] () -- E:\Windows\tasks\PC SpeedUp Service Deactivator.job 
[2012/07/10 15:25:36 | 000,000,462 | -H-- | M] () -- E:\Windows\tasks\Norton Security Scan for Flower Power.job 
[2012/07/27 07:48:36 | 000,000,000 | ---D | M] -- E:\ProgramData\Babylon 
[2012/06/01 11:39:23 | 000,000,000 | ---D | M] -- E:\ProgramData\SweetIM 
:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]

Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
Kopiere den Inhalt hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\OTLpe\MovedFiles\<datum_nummer.log>
Teste, ob den Computer nun wieder in den normalen Windows-Modus booten kannst und berichte.

Ineedhelp:( · 30.07.2012, 13:33

Erstmal vielen Dank für die schnelle Hilfe, aber leider ist ein Problem mit dem Skript aufgetaucht.
Nachdem ich auf Run Fix gedrückt habe bleibt OTL PE bei

IE - HKU\Flower_Power_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =

hängen.
Ich habe den Rechner ca. 2 Stunden weiterlaufen lassen aber nichts, also gehe ich davon aus das es sich aufgehängt.

Vielleicht habe ich ja irgendwas falsch eingestellt.
Im Anhang ist der Screenshot.

t'john · 30.07.2012, 14:49

neuer Fix:

Code:

ATTFilter

:OTL

O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - E:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) 
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found. 
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - E:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) 
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - E:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) 
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - E:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) 
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - E:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) 
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O3 - HKU\Flower_Power_ON_E\..\Toolbar\WebBrowser: (MyFunCards) - {210F1B36-3B7F-41A4-B5DA-3EB87F5A56C2} - E:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mbar.dll (MindSpark) 
O3 - HKU\Flower_Power_ON_E\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - E:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) 
O4 - HKLM..\Run: [] File not found 
O4 - HKLM..\Run: [Babylon Client] E:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.) 
O4 - HKLM..\Run: [SweetIM] E:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) 
O4 - HKLM..\Run: [Sweetpacks Communicator] E:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) 
O4 - HKLM..\Run: [WinampAgent] E:\Program Files (x86)\Winamp\Winampa.exe () 
O4 - HKU\Flower_Power_ON_E..\Run: [] E:\Users\Flower Power\AppData\Local\Temp\nlbsmkxperkyvbgtrnebhxq.exe (Asus) 
O4 - HKU\Flower_Power_ON_E..\Run: [Akamai NetSession Interface] E:\Users\Flower Power\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) 
O4 - HKU\Flower_Power_ON_E..\Run: [Facebook Update] E:\Users\Flower Power\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) 
O4 - HKU\Flower_Power_ON_E..\Run: [PCSpeedUp] E:\Program Files (x86)\PC Beschleunigen\PCSUNotifier.exe () 
O4 - HKU\LocalService_ON_E..\RunOnce: [mctadmin] File not found 
O4 - HKU\NetworkService_ON_E..\RunOnce: [mctadmin] File not found 
O4 - Startup: E:\Users\Flower Power\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk () 
O4 - Startup: E:\Users\Flower Power\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windrop Player.lnk () 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O8:64bit: - Extra context menu item: Translate this web page with Babylon - E:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) 
O8:64bit: - Extra context menu item: Translate with Babylon - E:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) 
O8:64bit: - Extra context menu item: Web-Suche - E:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html () 
O8 - Extra context menu item: Translate this web page with Babylon - E:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) 
O8 - Extra context menu item: Translate with Babylon - E:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) 
O8 - Extra context menu item: Web-Suche - E:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html () 
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - E:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) 
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - E:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - File not found - -- [ NTFS ] 
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] 
O33 - MountPoints2\{4783f9cc-b2df-11e1-b551-d067e51d43ff}\Shell - "" = AutoRun 
O33 - MountPoints2\{4783f9cc-b2df-11e1-b551-d067e51d43ff}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe 
O33 - MountPoints2\{8e06c97e-28ad-11e1-adf6-806e6f6e6963}\Shell - "" = AutoRun 
O33 - MountPoints2\{8e06c97e-28ad-11e1-adf6-806e6f6e6963}\Shell\AutoRun\command - "" = D:\reatogoMenu.exe 
O34 - HKLM BootExecute: (autocheck autochk *) - File not found 
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found 
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found 

[2012/07/27 07:50:19 | 004,503,728 | ---- | M] () -- E:\ProgramData\to_r0tsef.pad 
[2012/07/27 07:44:21 | 000,000,422 | ---- | M] () -- E:\Windows\tasks\SystemToolsDailyTest.job 
[2012/07/26 18:00:00 | 000,000,884 | ---- | M] () -- E:\Windows\tasks\Adobe Flash Player Updater.job 
[2012/07/26 17:55:05 | 000,001,166 | ---- | M] () -- E:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3266328987-1165673113-468293243-1000UA.job 
[2012/07/26 17:49:10 | 000,001,148 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3266328987-1165673113-468293243-1000UA.job 
[2012/07/26 17:23:10 | 000,000,564 | ---- | M] () -- E:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job 
[2012/07/26 17:23:10 | 000,000,564 | ---- | M] () -- E:\Windows\tasks\PCDoctorBackgroundMonitorTask.job 
[2012/07/15 12:52:27 | 000,001,891 | ---- | M] () -- E:\Users\Flower Power\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk 
[2012/07/12 16:01:57 | 000,001,144 | ---- | M] () -- E:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3266328987-1165673113-468293243-1000Core.job 
[2012/07/11 13:06:47 | 000,001,096 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3266328987-1165673113-468293243-1000Core.job 
[2012/07/10 15:29:35 | 000,000,374 | ---- | M] () -- E:\Windows\tasks\PC SpeedUp Service Deactivator.job 
[2012/07/10 15:25:36 | 000,000,462 | -H-- | M] () -- E:\Windows\tasks\Norton Security Scan for Flower Power.job 
[2012/07/27 07:48:36 | 000,000,000 | ---D | M] -- E:\ProgramData\Babylon 
[2012/06/01 11:39:23 | 000,000,000 | ---D | M] -- E:\ProgramData\SweetIM 
:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]

Ineedhelp:( · 31.07.2012, 21:01

Gute Nachrichten.
Es scheint zu funktionierten.
Jetzt hoffe ich nur noch dass die Code -Tags die richtigen sind.

Code:

ATTFilter

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
E:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}\ deleted successfully.
E:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
E:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully.
E:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ deleted successfully.
File E:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\Flower_Power_ON_E\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{210F1B36-3B7F-41A4-B5DA-3EB87F5A56C2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{210F1B36-3B7F-41A4-B5DA-3EB87F5A56C2}\ deleted successfully.
E:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mbar.dll moved successfully.
Registry value HKEY_USERS\Flower_Power_ON_E\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
File E:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\Babylon Client deleted successfully.
E:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\SweetIM deleted successfully.
E:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\Sweetpacks Communicator deleted successfully.
E:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\WinampAgent deleted successfully.
E:\Program Files (x86)\Winamp\winampa.exe moved successfully.
Registry key HKEY_USERS\Flower_Power_ON_E\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
E:\Users\Flower Power\AppData\Local\Temp\nlbsmkxperkyvbgtrnebhxq.exe moved successfully.
Registry key HKEY_USERS\Flower_Power_ON_E\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
E:\Users\Flower Power\AppData\Local\Akamai\netsession_win.exe moved successfully.
Registry key HKEY_USERS\Flower_Power_ON_E\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
E:\Users\Flower Power\AppData\Local\Facebook\Update\FacebookUpdate.exe moved successfully.
Registry key HKEY_USERS\Flower_Power_ON_E\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
E:\Program Files (x86)\PC Beschleunigen\PCSUNotifier.exe moved successfully.
Registry key HKEY_USERS\LocalService_ON_E\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.
Registry key HKEY_USERS\NetworkService_ON_E\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.
E:\Users\Flower Power\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk moved successfully.
E:\Users\Flower Power\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windrop Player.lnk moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon\ deleted successfully.
File E:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon\ deleted successfully.
File E:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Web-Suche\ deleted successfully.
File Suche - E:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon\ not found.
File E:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon\ not found.
File E:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Web-Suche\ not found.
File Suche - E:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ not found.
File E:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ not found.
File E:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File File not found - -- not found.
File move failed. X:\AUTORUN.INF scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4783f9cc-b2df-11e1-b551-d067e51d43ff}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4783f9cc-b2df-11e1-b551-d067e51d43ff}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4783f9cc-b2df-11e1-b551-d067e51d43ff}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4783f9cc-b2df-11e1-b551-d067e51d43ff}\ not found.
File F:\LGAutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e06c97e-28ad-11e1-adf6-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8e06c97e-28ad-11e1-adf6-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e06c97e-28ad-11e1-adf6-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8e06c97e-28ad-11e1-adf6-806e6f6e6963}\ not found.
File D:\reatogoMenu.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
E:\ProgramData\to_r0tsef.pad moved successfully.
E:\Windows\Tasks\SystemToolsDailyTest.job moved successfully.
E:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
E:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3266328987-1165673113-468293243-1000UA.job moved successfully.
E:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3266328987-1165673113-468293243-1000UA.job moved successfully.
E:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job moved successfully.
E:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job moved successfully.
File E:\Users\Flower Power\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
E:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3266328987-1165673113-468293243-1000Core.job moved successfully.
E:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3266328987-1165673113-468293243-1000Core.job moved successfully.
E:\Windows\Tasks\PC SpeedUp Service Deactivator.job moved successfully.
E:\Windows\Tasks\Norton Security Scan for Flower Power.job moved successfully.
E:\ProgramData\Babylon\LocalUI\js folder moved successfully.
E:\ProgramData\Babylon\LocalUI\img-ie6\rslt folder moved successfully.
E:\ProgramData\Babylon\LocalUI\img-ie6\Ftxt folder moved successfully.
E:\ProgramData\Babylon\LocalUI\img-ie6\frameIE6 folder moved successfully.
E:\ProgramData\Babylon\LocalUI\img-ie6\frame2_ folder moved successfully.
E:\ProgramData\Babylon\LocalUI\img-ie6\frame\Tabs folder moved successfully.
E:\ProgramData\Babylon\LocalUI\img-ie6\frame folder moved successfully.
E:\ProgramData\Babylon\LocalUI\img-ie6\dropdown folder moved successfully.
E:\ProgramData\Babylon\LocalUI\img-ie6\controls folder moved successfully.
E:\ProgramData\Babylon\LocalUI\img-ie6\Btn folder moved successfully.
E:\ProgramData\Babylon\LocalUI\img-ie6\banner1_ folder moved successfully.
E:\ProgramData\Babylon\LocalUI\img-ie6 folder moved successfully.
E:\ProgramData\Babylon\LocalUI\img\rslt folder moved successfully.
E:\ProgramData\Babylon\LocalUI\img\Ftxt folder moved successfully.
E:\ProgramData\Babylon\LocalUI\img\frame2 folder moved successfully.
E:\ProgramData\Babylon\LocalUI\img\frame\Tabs folder moved successfully.
E:\ProgramData\Babylon\LocalUI\img\frame folder moved successfully.
E:\ProgramData\Babylon\LocalUI\img\dropdown folder moved successfully.
E:\ProgramData\Babylon\LocalUI\img\crsl_ folder moved successfully.
E:\ProgramData\Babylon\LocalUI\img\controls folder moved successfully.
E:\ProgramData\Babylon\LocalUI\img\cmnty folder moved successfully.
E:\ProgramData\Babylon\LocalUI\img\Btn folder moved successfully.
E:\ProgramData\Babylon\LocalUI\img\banner_ folder moved successfully.
E:\ProgramData\Babylon\LocalUI\img folder moved successfully.
E:\ProgramData\Babylon\LocalUI\Content\WelcomeScreen folder moved successfully.
E:\ProgramData\Babylon\LocalUI\Content\WaitForRes folder moved successfully.
E:\ProgramData\Babylon\LocalUI\Content\MsgResult folder moved successfully.
E:\ProgramData\Babylon\LocalUI\Content\KeyHandlerJS folder moved successfully.
E:\ProgramData\Babylon\LocalUI\Content\img folder moved successfully.
E:\ProgramData\Babylon\LocalUI\Content\GlossResult folder moved successfully.
E:\ProgramData\Babylon\LocalUI\Content\ExpTransCap folder moved successfully.
E:\ProgramData\Babylon\LocalUI\Content\ExpNag folder moved successfully.
E:\ProgramData\Babylon\LocalUI\Content\ExpDefault folder moved successfully.
E:\ProgramData\Babylon\LocalUI\Content\ExpDailyCap folder moved successfully.
E:\ProgramData\Babylon\LocalUI\Content\EmptyTrans folder moved successfully.
E:\ProgramData\Babylon\LocalUI\Content\DwnldInst folder moved successfully.
E:\ProgramData\Babylon\LocalUI\Content\CorrectResult folder moved successfully.
E:\ProgramData\Babylon\LocalUI\Content\CorpGlossResult folder moved successfully.
E:\ProgramData\Babylon\LocalUI\Content\ConvertResult folder moved successfully.
E:\ProgramData\Babylon\LocalUI\Content\Convert folder moved successfully.
E:\ProgramData\Babylon\LocalUI\Content\ConjWait folder moved successfully.
E:\ProgramData\Babylon\LocalUI\Content\Conjugation folder moved successfully.
E:\ProgramData\Babylon\LocalUI\Content\AutoComp folder moved successfully.
E:\ProgramData\Babylon\LocalUI\Content\AskComm folder moved successfully.
E:\ProgramData\Babylon\LocalUI\Content\AddGloss folder moved successfully.
E:\ProgramData\Babylon\LocalUI\Content\AcrbtOcrHelp folder moved successfully.
E:\ProgramData\Babylon\LocalUI\Content folder moved successfully.
E:\ProgramData\Babylon\LocalUI\Config\img folder moved successfully.
E:\ProgramData\Babylon\LocalUI\Config folder moved successfully.
E:\ProgramData\Babylon\LocalUI folder moved successfully.
E:\ProgramData\Babylon\Gloss folder moved successfully.
E:\ProgramData\Babylon folder moved successfully.
E:\ProgramData\SweetIM\Messenger\update folder moved successfully.
E:\ProgramData\SweetIM\Messenger\logs folder moved successfully.
E:\ProgramData\SweetIM\Messenger\data\packages\FailDialog folder moved successfully.
E:\ProgramData\SweetIM\Messenger\data\packages folder moved successfully.
E:\ProgramData\SweetIM\Messenger\data\contentdb folder moved successfully.
E:\ProgramData\SweetIM\Messenger\data\Bars\Default\400 folder moved successfully.
E:\ProgramData\SweetIM\Messenger\data\Bars\Default\200 folder moved successfully.
E:\ProgramData\SweetIM\Messenger\data\Bars\Default\100 folder moved successfully.
E:\ProgramData\SweetIM\Messenger\data\Bars\Default folder moved successfully.
E:\ProgramData\SweetIM\Messenger\data\Bars folder moved successfully.
E:\ProgramData\SweetIM\Messenger\data folder moved successfully.
E:\ProgramData\SweetIM\Messenger\conf\users folder moved successfully.
E:\ProgramData\SweetIM\Messenger\conf folder moved successfully.
E:\ProgramData\SweetIM\Messenger folder moved successfully.
E:\ProgramData\SweetIM\Communicator\Logs folder moved successfully.
E:\ProgramData\SweetIM\Communicator\conf folder moved successfully.
E:\ProgramData\SweetIM\Communicator folder moved successfully.
E:\ProgramData\SweetIM folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
E:\cmd.bat deleted successfully.
E:\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
 
User: Flower Power
->Temp folder emptied: 1522938401 bytes
->Temporary Internet Files folder emptied: 1256379246 bytes
->Java cache emptied: 51262 bytes
->Google Chrome cache emptied: 14057597 bytes
->Flash cache emptied: 111408 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
 
Total Files Cleaned = 2,664.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
 
User: Flower Power
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0.00 mb
 
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 08012012_032607

t'john · 31.07.2012, 21:58

Sehr gut!

Wie laeuft der Rechner?

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

t'john · 21.08.2012, 03:38

Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.

Win 7 mit UKASH- Trojaner (Bundespolizei- Trojaner) infiziert

Plagegeister aller Art und deren Bekämpfung: Win 7 mit UKASH- Trojaner (Bundespolizei- Trojaner) infiziert