Trojaner-Board - Gvu Trojaner / Windows 7

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Gvu Trojaner / Windows 7 (https://www.trojaner-board.de/120796-gvu-trojaner-windows-7-a.html)

Gvu Trojaner / Windows 7

Hallo miteinander,

auch ich habe nun das Problem mit dem GVU Trojaner. Leider bin ich kein wirklicher PC-Kenner. Ich hoffe ihr könnt mir trotzdem weiterhelfen.

Ich habe mir bereits das Programm OTL runtergeladen und durch meinen PC laufen lassen. Im Anhang die beiden Dateien, die mir ausgeworfen worden sind.

ich hoffe mit diesen Angaben habe ich euch weitergeholfen und Ihr könnt mir nun helfen. Wenn ihr noch Informationen braucht, sagt mir was noch fehlt.

Besten Dank im Voraus.

Gruß
Maule

:hallo:

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:

Code:

:OTL

MOD - [2012.07.13 17:59:05 | 000,197,632 | ---- | M] () -- C:\Users\MAULE~1.MAU\AppData\Local\Temp\fest0r_ot.exe 
 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} 

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 

IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW 

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 

IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} 

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 

IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_deDE432 

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found 

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 

CHR - Extension: Google-Suche = C:\Users\Maule.Maule-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ 

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. 

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\CoIEPlg.dll (Symantec Corporation) 

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) 

O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe () 

O4 - Startup: C:\Users\Maule.Maule-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Maule.Maule-PC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 

O32 - HKLM CDRom: AutoRun - 1 

O33 - MountPoints2\{105b271a-f712-11e0-8cfe-90fba64cc90f}\Shell - "" = AutoRun 

O33 - MountPoints2\{105b271a-f712-11e0-8cfe-90fba64cc90f}\Shell\AutoRun\command - "" = M:\AutoRun.exe 

O33 - MountPoints2\{105b272a-f712-11e0-8cfe-90fba64cc90f}\Shell - "" = AutoRun 

O33 - MountPoints2\{105b272a-f712-11e0-8cfe-90fba64cc90f}\Shell\AutoRun\command - "" = M:\AutoRun.exe 

O33 - MountPoints2\{532a515c-03a9-11e1-bc30-90fba64cc90f}\Shell - "" = AutoRun 

O33 - MountPoints2\{532a515c-03a9-11e1-bc30-90fba64cc90f}\Shell\AutoRun\command - "" = M:\AutoRun.exe 

O33 - MountPoints2\{935e690b-5a8d-11e1-a756-90fba64cc90f}\Shell - "" = AutoRun 

O33 - MountPoints2\{935e690b-5a8d-11e1-a756-90fba64cc90f}\Shell\AutoRun\command - "" = M:\AutoRun.exe 

O33 - MountPoints2\M\Shell - "" = AutoRun 

O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\AutoRun.exe 

[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] 

[2012.07.30 12:32:01 | 004,503,728 | ---- | M] () -- C:\ProgramData\to_r0tsef.pad 

[2012.07.13 17:59:06 | 000,001,911 | ---- | M] () -- C:\Users\Maule.Maule-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk 

[2012.01.11 18:13:41 | 000,002,048 | -HS- | C] () -- C:\Users\Maule.Maule-PC\AppData\Local\{b410ac1d-6041-4f85-5800-cc660dd96eab}\@ 

@Alternate Data Stream - 167 bytes -> C:\ProgramData\TEMP:DFC5A2B2 

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:5D7E5A8F 

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84 
 

[2012.07.30 17:23:12 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job 

[2012.07.30 17:23:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job 

[2012.07.30 12:34:47 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job 
 

:Files
 

C:\Users\MAULE~1.MAU\AppData\Local\Temp\fest0r_ot.exe
 

ipconfig /flushdns /c

:Commands

[purity]

[emptytemp]

[emptyflash]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Hallo t'john,

besten Dank für deine schnelle Antwort.
Ich sollte keinen Neustart machen, nachdem ich diesen Fix drüber laufen hab lassen und anbei die Antwort, die ich in der Log Datei erhalten habe:

Error: Unable to interpret <OTL EXTRAS Logfile:

OTL by OldTimer - Version 3.2.55.0 log created on 07302012_201224

Hoffe das hilft weiter?

Gruß
Maule

FALSCH!!!

Du sollst den Fix ins OTL einfuegen!

Nochmal! Anleitung beachten!

Oh sorry, da is mir wohl ein Fehler bei copy and paste passiert :(

Nun hab ich auch meinen PC neu starten müssen.
Hoffe doch, dass dies nun hilfreicher / besser ist?

Code:

All processes killed

========== OTL ==========

Releasing module C:\Users\MAULE~1.MAU\AppData\Local\Temp\fest0r_ot.exe

C:\Users\MAULE~1.MAU\AppData\Local\Temp\fest0r_ot.exe moved successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!

64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.

C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.

File C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.

C:\Users\Maule.Maule-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\zh_TW folder moved successfully.

C:\Users\Maule.Maule-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\zh_CN folder moved successfully.

C:\Users\Maule.Maule-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\vi folder moved successfully.

C:\Users\Maule.Maule-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\uk folder moved successfully.

C:\Users\Maule.Maule-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\tr folder moved successfully.

C:\Users\Maule.Maule-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\th folder moved successfully.

C:\Users\Maule.Maule-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\sv folder moved successfully.

C:\Users\Maule.Maule-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\sr folder moved successfully.

C:\Users\Maule.Maule-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\sl folder moved successfully.

C:\Users\Maule.Maule-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\sk folder moved successfully.

C:\Users\Maule.Maule-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ru folder moved successfully.

C:\Users\Maule.Maule-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ro folder moved successfully.

C:\Users\Maule.Maule-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\pt_PT folder moved successfully.

C:\Users\Maule.Maule-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\pt_BR folder moved successfully.

C:\Users\Maule.Maule-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\pl folder moved successfully.

C:\Users\Maule.Maule-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\no folder moved successfully.

C:\Users\Maule.Maule-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\nl folder moved successfully.

C:\Users\Maule.Maule-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\lv folder moved successfully.

C:\Users\Maule.Maule-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\lt folder moved successfully.

C:\Users\Maule.Maule-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ko folder moved successfully.

C:\Users\Maule.Maule-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ja folder moved successfully.

C:\Users\Maule.Maule-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\it folder moved successfully.

C:\Users\Maule.Maule-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\id folder moved successfully.

C:\Users\Maule.Maule-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\hu folder moved successfully.

C:\Users\Maule.Maule-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\hr folder moved successfully.

C:\Users\Maule.Maule-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\hi folder moved successfully.

C:\Users\Maule.Maule-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\he folder moved successfully.

C:\Users\Maule.Maule-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\fr folder moved successfully.

C:\Users\Maule.Maule-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\fil folder moved successfully.

C:\Users\Maule.Maule-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\fi folder moved successfully.

C:\Users\Maule.Maule-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\et folder moved successfully.

C:\Users\Maule.Maule-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\es_419 folder moved successfully.

C:\Users\Maule.Maule-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\es folder moved successfully.

C:\Users\Maule.Maule-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\en_US folder moved successfully.

C:\Users\Maule.Maule-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\en_GB folder moved successfully.

C:\Users\Maule.Maule-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\en folder moved successfully.

C:\Users\Maule.Maule-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\el folder moved successfully.

C:\Users\Maule.Maule-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\de folder moved successfully.

C:\Users\Maule.Maule-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\da folder moved successfully.

C:\Users\Maule.Maule-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\cs folder moved successfully.

C:\Users\Maule.Maule-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ca folder moved successfully.

C:\Users\Maule.Maule-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\bg folder moved successfully.

C:\Users\Maule.Maule-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ar folder moved successfully.

C:\Users\Maule.Maule-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales folder moved successfully.

C:\Users\Maule.Maule-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0 folder moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ deleted successfully.

C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\CoIEPlg.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

64bit-Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ deleted successfully.

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Hotkey Utility deleted successfully.

C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe moved successfully.

C:\Users\Maule.Maule-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk moved successfully.

C:\Users\Maule.Maule-PC\AppData\Roaming\Dropbox\bin\Dropbox.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{105b271a-f712-11e0-8cfe-90fba64cc90f}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{105b271a-f712-11e0-8cfe-90fba64cc90f}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{105b271a-f712-11e0-8cfe-90fba64cc90f}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{105b271a-f712-11e0-8cfe-90fba64cc90f}\ not found.

File M:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{105b272a-f712-11e0-8cfe-90fba64cc90f}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{105b272a-f712-11e0-8cfe-90fba64cc90f}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{105b272a-f712-11e0-8cfe-90fba64cc90f}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{105b272a-f712-11e0-8cfe-90fba64cc90f}\ not found.

File M:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{532a515c-03a9-11e1-bc30-90fba64cc90f}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{532a515c-03a9-11e1-bc30-90fba64cc90f}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{532a515c-03a9-11e1-bc30-90fba64cc90f}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{532a515c-03a9-11e1-bc30-90fba64cc90f}\ not found.

File M:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{935e690b-5a8d-11e1-a756-90fba64cc90f}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{935e690b-5a8d-11e1-a756-90fba64cc90f}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{935e690b-5a8d-11e1-a756-90fba64cc90f}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{935e690b-5a8d-11e1-a756-90fba64cc90f}\ not found.

File M:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\M\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\M\ not found.

File M:\AutoRun.exe not found.

C:\Windows\SysWow64\sho6D79.tmp deleted successfully.

C:\ProgramData\to_r0tsef.pad moved successfully.

C:\Users\Maule.Maule-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk moved successfully.

C:\Users\Maule.Maule-PC\AppData\Local\{b410ac1d-6041-4f85-5800-cc660dd96eab}\@ moved successfully.

ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.

ADS C:\ProgramData\TEMP:5D7E5A8F deleted successfully.

ADS C:\ProgramData\TEMP:430C6D84 deleted successfully.

C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.

C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.

C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.

========== FILES ==========

File\Folder C:\Users\MAULE~1.MAU\AppData\Local\Temp\fest0r_ot.exe not found.
 < ipconfig /flushdns /c >

Windows-IP-Konfiguration

Der DNS-Aufl”sungscache wurde geleert.

C:\Users\Maule.Maule-PC\Desktop\cmd.bat deleted successfully.

C:\Users\Maule.Maule-PC\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Maule

 

User: Maule.Maule-PC

->Temp folder emptied: 162575133 bytes

->Temporary Internet Files folder emptied: 3419886682 bytes

->Java cache emptied: 425267 bytes

->Google Chrome cache emptied: 21809020 bytes

->Apple Safari cache emptied: 0 bytes

->Opera cache emptied: 53863239 bytes

->Flash cache emptied: 819230 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 174753863 bytes

%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 646245 bytes

%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 740 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67765 bytes

RecycleBin emptied: 255443761 bytes

 

Total Files Cleaned = 3.901,00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: Default

 

User: Default User

 

User: Maule

 

User: Maule.Maule-PC

->Flash cache emptied: 0 bytes

 

User: Public

 

Total Flash Files Cleaned = 0,00 mb

 

 

OTL by OldTimer - Version 3.2.55.0 log created on 07302012_211011
 

Files\Folders moved on Reboot...

C:\Users\Maule.Maule-PC\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
 

PendingFileRenameOperations files...

File C:\Users\Maule.Maule-PC\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
 

Registry entries deleted on Reboot...

Gruß
Maule

Sehr gut! :daumenhoc

Wie laeuft der Rechner?

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Also Rechner läuft soweit wieder.

Hab nun einmal des Malwarebytes drüber laufen lassen, hier das Ergebnis:

Code:

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org
 

Datenbank Version: v2012.07.31.06
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Maule :: MAULE-PC [Administrator]
 

31.07.2012 14:39:00

mbam-log-2012-07-31 (17-20-40).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|G:\|H:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 440074

Laufzeit: 50 Minute(n), 34 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 2

C:\cxlacuxatx.exe (Trojan.SpyEyes.Gen) -> Keine Aktion durchgeführt.

C:\moonxxxxxx.exe (Trojan.SpyEyes.Gen) -> Keine Aktion durchgeführt.
 

Infizierte Dateien: 38

C:\Backup\Maule\AppData\Local\Opera\Opera\temporary_downloads\facebook-pic000163927.exe (Backdoor.Bot) -> Keine Aktion durchgeführt.

C:\Backup\Maule\AppData\Local\Temp\0.27588327887970554.exe (Trojan.FakeAlert) -> Keine Aktion durchgeführt.

C:\Backup\Maule\AppData\Local\Temp\0.5080461989554499.exe (Trojan.Agent) -> Keine Aktion durchgeführt.

C:\Backup\Maule\AppData\Local\Temp\0.6668113084932545.exe (Spyware.Passwords.XGen) -> Keine Aktion durchgeführt.

C:\Backup\Maule\AppData\Local\Temp\0.890566644664649.exe (Spyware.Passwords.XGen) -> Keine Aktion durchgeführt.

C:\Backup\Maule\AppData\Local\Temp\495B.tmp (Rootkit.TDSS) -> Keine Aktion durchgeführt.

C:\Backup\Maule\AppData\Local\Temp\B028.tmp (Rootkit.TDSS) -> Keine Aktion durchgeführt.

C:\Backup\Maule\AppData\Local\Temp\b93ba25c.exe (Trojan.FakeAlert) -> Keine Aktion durchgeführt.

C:\Backup\Maule\AppData\Local\Temp\csrss.exe (Backdoor.Cycbot.Gen) -> Keine Aktion durchgeführt.

C:\Backup\Maule\AppData\Local\Temp\ms0cfg32.exe (Backdoor.Cycbot.Gen) -> Keine Aktion durchgeführt.

C:\Backup\Maule\AppData\Local\Temp\setup264832196.exe (Rootkit.TDSS) -> Keine Aktion durchgeführt.

C:\Backup\Maule\AppData\Local\Temp\setup3387143896.exe (Rootkit.TDSS) -> Keine Aktion durchgeführt.

C:\Backup\Maule\AppData\Local\Temp\upd402C.tmp (Spyware.Passwords.XGen) -> Keine Aktion durchgeführt.

C:\Backup\Maule\AppData\Local\Temp\upd411E.tmp (Spyware.Passwords.XGen) -> Keine Aktion durchgeführt.

C:\Backup\Maule\AppData\Local\Temp\upd4F1C.tmp (Spyware.Passwords.XGen) -> Keine Aktion durchgeführt.

C:\Backup\Maule\AppData\Local\Temp\upd82E8.tmp (Spyware.Passwords.XGen) -> Keine Aktion durchgeführt.

C:\Backup\Maule\AppData\Local\Temp\updA6B.tmp (Spyware.Passwords.XGen) -> Keine Aktion durchgeführt.

C:\Backup\Maule\AppData\Local\Temp\updB79F.tmp (Spyware.Passwords.XGen) -> Keine Aktion durchgeführt.

C:\Backup\Maule\AppData\Local\Temp\updB99B.tmp (Spyware.Passwords.XGen) -> Keine Aktion durchgeführt.

C:\Backup\Maule\AppData\Local\Temp\updF2B8.tmp (Spyware.Passwords.XGen) -> Keine Aktion durchgeführt.

C:\Backup\Maule\AppData\Local\Temp\updFDDD.tmp (Spyware.Passwords.XGen) -> Keine Aktion durchgeführt.

C:\Backup\Maule\AppData\Roaming\dwm.exe (Backdoor.Cycbot.Gen) -> Keine Aktion durchgeführt.

C:\Backup\Maule\AppData\Roaming\Microsoft\conhost.exe (Backdoor.Cycbot.Gen) -> Keine Aktion durchgeführt.

C:\Backup\Maule\AppData\Roaming\Qeboi\olwoe.exe (Trojan.Agent) -> Keine Aktion durchgeführt.

C:\Backup\Maule\Desktop\YCemSCi.exe (Trojan.FakeAlert) -> Keine Aktion durchgeführt.

C:\cxlacuxatx.exe\cxlacuxatx.exe (Spyware.Passwords.XGen) -> Keine Aktion durchgeführt.

C:\moonxxxxxx.exe\moonxxxxxx.exe (Spyware.Passwords.XGen) -> Keine Aktion durchgeführt.

C:\Users\Maule.Maule-PC\AppData\Local\{b410ac1d-6041-4f85-5800-cc660dd96eab}\n (Rootkit.0Access) -> Keine Aktion durchgeführt.

C:\_OTL\MovedFiles\07302012_211011\C_Users\MAULE~1.MAU\AppData\Local\Temp\fest0r_ot.exe (Spyware.Zbot.DG) -> Keine Aktion durchgeführt.

F:\Deskmodding\Icons for PC\78856.exe (Adware.NewDotNet) -> Keine Aktion durchgeführt.

F:\Miranda IM\Erhaltene Dateien\lisa\LANGEWEI.exe (PUP.Joke.Langeweile) -> Keine Aktion durchgeführt.

F:\Miranda IM\Erhaltene Dateien\püppi\Intellig.exe (Joke.Zappa) -> Keine Aktion durchgeführt.

F:\Miranda\Erhaltene Dateien\473858351\jo.exe (Hoax.BadJoke.Autoit) -> Keine Aktion durchgeführt.

G:\Deskmodding\Icons for PC\78856.exe (Adware.NewDotNet) -> Keine Aktion durchgeführt.

G:\DAEMON Tools\SetupDTSB.exe (Adware.WhenU) -> Keine Aktion durchgeführt.

C:\Users\Maule.Maule-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Keine Aktion durchgeführt.

C:\cxlacuxatx.exe\config.bin (Trojan.SpyEyes.Gen) -> Keine Aktion durchgeführt.

C:\moonxxxxxx.exe\config.bin (Trojan.SpyEyes.Gen) -> Keine Aktion durchgeführt.
 

(Ende)

Anschließend hab ich das AdwCleaner gestartet mit folgendem Ergebnis:

Code:

# AdwCleaner v1.703 - Logfile created 07/31/2012 at 22:15:43

# Updated 20/07/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Maule - MAULE-PC

# Running from : C:\Users\Maule.Maule-PC\Desktop\adwcleaner.exe

# Option [Search]
 
 

***** [Services] *****
 
 

***** [Files / Folders] *****
 
 

***** [Registry] *****
 
 

***** [Registre - GUID] *****
 
 

***** [Internet Browsers] *****
 

-\\ Internet Explorer v9.0.8112.16421
 

[OK] Registry is clean.
 

-\\ Google Chrome v17.0.963.83
 

-\\ Opera v12.0.1467.0
 

*************************
 

AdwCleaner[R1].txt - [597 octets] - [31/07/2012 22:15:43]
 

########## EOF - C:\AdwCleaner[R1].txt - [724 octets] ##########

Passt das nun? Oder ist noch was zu tun?

Gruß
Maule

Also so einen Mehrfach-verseuchten PC sieht man auch selten.
Du hast mehrere schwere Infektionen auf deinem Rechner, das Ding solltest du sofort vom Internet trennen und Neuaufsetzen.

Ich hoffe du hast kein Online-Banking gemacht.

http://www.trojaner-board.de/51262-a...sicherung.html
http://www.trojaner-board.de/82533-d...ted-magic.html