Trojaner-Board - GVU-Trojaner Win 7 64bit

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - GVU-Trojaner Win 7 64bit (https://www.trojaner-board.de/120752-gvu-trojaner-win-7-64bit.html)

GVU-Trojaner Win 7 64bit

Hallo,

hatte den GVU Trojaner auf meinem Rechner. Hab eine Systemwiederherstellung gemacht und Malewarebytes Anti-Maleware drüberlaufenlassen. Wollte fragen, ob der Rechner anhand der Logs nun wieder sauber ist?

MfG

Sleepy6280

:hallo:

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:

Ersetze die *** Sternchen wieder in den Benutzernamen zurück!

Code:



:OTL

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox 

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox 

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 203.232.208.116:8080 

FF - prefs.js..browser.search.selectedEngine: "Search the Web" 

FF - prefs.js..browser.search.useDBForOrder: true 

FF - prefs.js..browser.startup.homepage: "www.google.de" 

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found 

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found 

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\***\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found 

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) 

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) 

File not found (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZP2TR5NC.DEFAULT\EXTENSIONS\{AFE43E80-0ABC-4DF2-81A0-3FE44B74ABE8}.XPI 

CHR - Extension: avast! WebRep = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\ 

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 

O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found 

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 

O32 - HKLM CDRom: AutoRun - 1 

O32 - AutoRun File - [2004.08.18 20:46:19 | 000,000,150 | R--- | M] () - E:\autorun.inf -- [ CDFS ] 

O33 - MountPoints2\{1f99b26f-fe2a-11df-b8ac-90fba688c671}\Shell - "" = AutoRun 

O33 - MountPoints2\{1f99b26f-fe2a-11df-b8ac-90fba688c671}\Shell\AutoRun\command - "" = J:\DisneySplash.exe 

O33 - MountPoints2\{81e9e3e0-ebb1-11df-924c-806e6f6e6963}\Shell - "" = AutoRun 

O33 - MountPoints2\{81e9e3e0-ebb1-11df-924c-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup\rsrc\AUTORUN.EXE -- [2004.08.03 22:29:57 | 000,057,344 | R--- | M] () 

O33 - MountPoints2\{9c068c9e-8dd5-11e0-96f0-90fba688c671}\Shell - "" = AutoRun 

O33 - MountPoints2\{9c068c9e-8dd5-11e0-96f0-90fba688c671}\Shell\AutoRun\command - "" = K:\dvdcheck.exe 
 
 
 

[2012.07.30 01:14:21 | 004,503,728 | ---- | M] () -- C:\ProgramData\zak_lo0i7g.pad 
 
 

 
 
 

[2012.07.29 20:21:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job 

[2012.07.29 20:15:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job 
 

:Files
 

ipconfig /flushdns /c

:Commands

[purity]

[emptytemp]

[emptyflash]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Hier der neue Log:

Code:

All processes killed

========== OTL ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!

Prefs.js: "Search the Web" removed from browser.search.selectedEngine

Prefs.js: true removed from browser.search.useDBForOrder

Prefs.js: "www.google.de" removed from browser.startup.homepage

Prefs.js: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1 removed from extensions.enabledItems

64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.

C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.

File C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.

Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin\ deleted successfully.

Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.

C:\Users\***\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll moved successfully.

Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.

File C:\Users\***\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll not found.

C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\_locales\zh_TW folder moved successfully.

C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\_locales\zh_CN folder moved successfully.

C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\_locales\vi folder moved successfully.

C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\_locales\ur folder moved successfully.

C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\_locales\uk folder moved successfully.

C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\_locales\tr folder moved successfully.

C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\_locales\th folder moved successfully.

C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\_locales\sv folder moved successfully.

C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\_locales\sr folder moved successfully.

C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\_locales\sl folder moved successfully.

C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\_locales\sk folder moved successfully.

C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\_locales\ru folder moved successfully.

C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\_locales\ro folder moved successfully.

C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\_locales\pt_PT folder moved successfully.

C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\_locales\pt_BR folder moved successfully.

C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\_locales\pl folder moved successfully.

C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\_locales\nl folder moved successfully.

C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\_locales\nb folder moved successfully.

C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\_locales\ms folder moved successfully.

C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\_locales\lv folder moved successfully.

C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\_locales\ko folder moved successfully.

C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\_locales\ja folder moved successfully.

C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\_locales\it folder moved successfully.

C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\_locales\id folder moved successfully.

C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\_locales\hu folder moved successfully.

C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\_locales\hr folder moved successfully.

C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\_locales\hi folder moved successfully.

C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\_locales\he folder moved successfully.

C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\_locales\fr folder moved successfully.

C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\_locales\fi folder moved successfully.

C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\_locales\fa folder moved successfully.

C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\_locales\et folder moved successfully.

C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\_locales\es folder moved successfully.

C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\_locales\en_GB folder moved successfully.

C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\_locales\en folder moved successfully.

C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\_locales\el folder moved successfully.

C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\_locales\de folder moved successfully.

C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\_locales\da folder moved successfully.

C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\_locales\cs folder moved successfully.

C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\_locales\ca folder moved successfully.

C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\_locales\bn folder moved successfully.

C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\_locales\bg folder moved successfully.

C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\_locales\be folder moved successfully.

C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\_locales\ar folder moved successfully.

C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\_locales folder moved successfully.

C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\skin\images\icons folder moved successfully.

C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\skin\images folder moved successfully.

C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\skin\css folder moved successfully.

C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\skin folder moved successfully.

C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\scripts folder moved successfully.

C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0 folder moved successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.

64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Google Photos Screensa&ver\ deleted successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

File move failed. E:\autorun.inf scheduled to be moved on reboot.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f99b26f-fe2a-11df-b8ac-90fba688c671}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f99b26f-fe2a-11df-b8ac-90fba688c671}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f99b26f-fe2a-11df-b8ac-90fba688c671}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f99b26f-fe2a-11df-b8ac-90fba688c671}\ not found.

File J:\DisneySplash.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{81e9e3e0-ebb1-11df-924c-806e6f6e6963}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81e9e3e0-ebb1-11df-924c-806e6f6e6963}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{81e9e3e0-ebb1-11df-924c-806e6f6e6963}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81e9e3e0-ebb1-11df-924c-806e6f6e6963}\ not found.

File move failed. E:\Setup\rsrc\AUTORUN.EXE scheduled to be moved on reboot.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c068c9e-8dd5-11e0-96f0-90fba688c671}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c068c9e-8dd5-11e0-96f0-90fba688c671}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c068c9e-8dd5-11e0-96f0-90fba688c671}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c068c9e-8dd5-11e0-96f0-90fba688c671}\ not found.

File K:\dvdcheck.exe not found.

C:\ProgramData\zak_lo0i7g.pad moved successfully.

C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.

C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.

========== FILES ==========
 < ipconfig /flushdns /c >

Windows-IP-Konfiguration

Der DNS-Aufl”sungscache wurde geleert.

C:\Users\***\Desktop\cmd.bat deleted successfully.

C:\Users\***\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: ***

->Temp folder emptied: 7218516 bytes

->Temporary Internet Files folder emptied: 265238761 bytes

->Java cache emptied: 890359 bytes

->FireFox cache emptied: 56359501 bytes

->Google Chrome cache emptied: 512656694 bytes

->Flash cache emptied: 139361394 bytes

 

User: Public

 

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 1156165 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50568 bytes

RecycleBin emptied: 213781450 bytes

 

Total Files Cleaned = 1.141,00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: Default

 

User: Default User

 

User: ***

->Flash cache emptied: 0 bytes

 

User: Public

 

User: UpdatusUser

 

Total Flash Files Cleaned = 0,00 mb

 

 

OTL by OldTimer - Version 3.2.53.1 log created on 07302012_130033
 

Files\Folders moved on Reboot...

File move failed. E:\autorun.inf scheduled to be moved on reboot.

File move failed. E:\Setup\rsrc\AUTORUN.EXE scheduled to be moved on reboot.

C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
 

PendingFileRenameOperations files...

[2004.08.18 20:46:19 | 000,000,150 | R--- | M] () E:\autorun.inf : MD5=1F5086F43F967DC5D3B6E67F8C029C78

[2004.08.03 22:29:57 | 000,057,344 | R--- | M] () E:\Setup\rsrc\AUTORUN.EXE : MD5=C4E66A4F43E73B2B4021FD7DB0007772

File C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

[2012.07.30 13:03:51 | 000,000,000 | ---- | M] () C:\Windows\temp\_avast_\Webshlock.txt : Unable to obtain MD5
 

Registry entries deleted on Reboot...

MfG

Sleepy6280

Sehr gut! :daumenhoc

Wie laeuft der Rechner?

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Hier die beiden Logs:

Code:

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org
 

Datenbank Version: v2012.07.29.09
 

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

*** :: ***-PC [Administrator]
 

30.07.2012 20:42:06

mbam-log-2012-07-30 (20-42-06).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 386791

Laufzeit: 41 Minute(n), 57 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Code:

# AdwCleaner v1.703 - Logfile created 07/30/2012 at 21:25:39

# Updated 20/07/2012 by Xplode

# Operating system : Windows 7 Home Premium  (64 bits)

# User : *** - ***-PC

# Running from : C:\Users\***\Desktop\adwcleaner.exe

# Option [Search]
 
 

***** [Services] *****
 
 

***** [Files / Folders] *****
 

Folder Found : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zp2tr5nc.default\extensions\staged
 

***** [Registry] *****
 

Key Found : HKCU\Software\Softonic

Key Found : HKLM\SOFTWARE\DT Soft

Key Found : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43

[x64] Key Found : HKCU\Software\Softonic

[x64] Key Found : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
 

***** [Registre - GUID] *****
 
 

***** [Internet Browsers] *****
 

-\\ Internet Explorer v9.0.8112.16421
 

[OK] Registry is clean.
 

-\\ Mozilla Firefox v12.0 (de)
 

Profile name : default 

File : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\zp2tr5nc.default\prefs.js
 

Found : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.2808538.KeywordHistory", "sailor%2520moon%2520m[...]

Found : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.AutoSearchEventData", "auto%20search");

Found : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.ClearCacheDate", 26);

Found : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.DisplayEULA", false);

Found : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.DnsCatchEventData", "dns%20catch");

Found : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.FirstLaunchShown", true);

Found : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.LoadLayoutDate.62781", 26);

Found : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.NewTabSearchEventData", "tab%20search");

Found : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.ShowRecommendedOptions", true);

Found : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.StateReportDate", "1343264148725");

Found : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.TopRightSearchEventData", "top%20right%20search[...]

Found : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.customNewTab", false);

Found : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.helpUsImprove", true);

Found : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.hideOthers", false);

Found : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.processAddrBar", false);

Found : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.restoreSearch", false);

Found : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.revision", "36");

Found : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.searchHistory", true);

Found : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.session", "489347D3019376DF48B6584C7C4D6F5ACC9A[...]

Found : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.showFirstLaunchOptions", false);

Found : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.tb_lang", "en");

Found : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.tool_id", "62781");

Found : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.user_id", "63665917");

Found : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.user_key", "2fdd89b955f147b3c218c1b8750cb7aa477[...]

Found : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.user_layouts", "62781");

Found : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.user_lnames", "Gamers%20Unite%21%20Snag%20Bar")[...]

Found : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.xml_service_url", "64e3a27980eeceb34248bc3e680b[...]

Found : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.yahooSearch", false);
 

-\\ Google Chrome v18.0.1025.152
 

File : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences
 

Found :          "name": "Winamp Application Detector",

Found :          "name": "Winamp Application Detector"
 

*************************
 

AdwCleaner[S1].txt - [4283 octets] - [30/07/2012 01:40:10]

AdwCleaner[R2].txt - [4057 octets] - [30/07/2012 21:25:39]
 

########## EOF - C:\AdwCleaner[R2].txt - [4185 octets] ##########

MfG

Sleepy6280

Sehr gut! :daumenhoc

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

danach:

Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.