Trojaner-Board - Ucash trojaner, TR/RevetonCM.A, TR/Graftor.39522.1

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Ucash trojaner, TR/RevetonCM.A, TR/Graftor.39522.1 (https://www.trojaner-board.de/121927-ucash-trojaner-tr-revetoncm-a-tr-graftor-39522-1-a.html)

Ucash trojaner, TR/RevetonCM.A, TR/Graftor.39522.1

Hallo Leute, leider kenne ich mich überhaupt nich mit dem ganzen Zeug aus und brauche deshalb dringend hilfe

Seit etwa einer Woche bekomme ich immer eine Meldung dass ich Geld in Höhe von 100 € zahlen solle weil sonst ja noch viel schlimmere Sachen passieren und das mein PC gesperrt ist, kann dann auch überhaupt nichts mehr machen außer den Laptop neu starten, dann ist auch erstmal alles gut, bis ich nach unbestimmter Zeit wieder die gleiche meldeung bekomme.

Außerdem zeigt mir Antivir ständig den TR/RevetonCM.A und seit gerade eben auch den TR/Graftor.39522.1 , habe ich in Quarantäne verschoben.

Habe nach der Anleitung Malwarebytes scannen lassen und dann den Logfile im Anhang bekommen

Außerdem habe ich otl by oldtimer scannen lassen und noch zwei logfiles bekommen, alle logfiles sind im Anhang.
Was muss ich jetzt machen helft mir bitte!!!

Danke schonmal im voraus!!

:hallo:

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:

Code:

:OTL

MOD - [2012.08.10 15:43:59 | 000,219,136 | ---- | M] () -- C:\Users\Aaron\AppData\Local\Temp\update00.b.exe 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox 

IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found 

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 

IE - HKU\S-1-5-21-3799577095-3413659936-2557766462-1001\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) 

IE - HKU\S-1-5-21-3799577095-3413659936-2557766462-1001\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found 

IE - HKU\S-1-5-21-3799577095-3413659936-2557766462-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 

IE - HKU\S-1-5-21-3799577095-3413659936-2557766462-1001\..\SearchScopes\{369D2F82-F855-475A-8280-EABA282D3C7D}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=de3221b8-9f52-4939-bfda-6f085e482ae5&apn_sauid=FFCA5BE9-4365-4111-ACBE-116D8AA177B8 

IE - HKU\S-1-5-21-3799577095-3413659936-2557766462-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 

IE - HKU\S-1-5-21-3799577095-3413659936-2557766462-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 

FF - prefs.js..browser.search.defaultengine: "Ask.com" 

FF - prefs.js..browser.search.defaultenginename: "Ask.com" 

FF - prefs.js..browser.search.order.1: "Ask.com" 

FF - prefs.js..browser.search.selectedEngine: "Ask.com" 

FF - prefs.js..browser.startup.homepage: "google.de" 

FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=de3221b8-9f52-4939-bfda-6f085e482ae5&apn_ptnrs=%5EABT&apn_sauid=FFCA5BE9-4365-4111-ACBE-116D8AA177B8&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=" 

FF - user.js - File not found 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found 

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll File not found 

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found 

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found 

O2 - BHO: (no name) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - No CLSID value found. 

O2 - BHO: (no name) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - No CLSID value found. 

O2 - BHO: (no name) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found. 

O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) 

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 

O3 - HKLM\..\Toolbar: (no name) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found. 

O3 - HKLM\..\Toolbar: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found. 

O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) 

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 

O3 - HKU\S-1-5-21-3799577095-3413659936-2557766462-1001\..\Toolbar\WebBrowser: (no name) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - No CLSID value found. 

O3 - HKU\S-1-5-21-3799577095-3413659936-2557766462-1001\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found. 

O4 - HKLM..\Run: [] File not found 

O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) 

O4 - HKU\S-1-5-21-3799577095-3413659936-2557766462-1001..\Run: [LicenseValidator] C:\Users\Aaron\AppData\Roaming\Identities\{0ACC21B6-A7C3-46D4-8135-AE6B1C628A31}\LicenseValidator.exe File not found 

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 

O4 - HKU\S-1-5-21-3799577095-3413659936-2557766462-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 

O8:64bit: - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201 File not found 

O8:64bit: - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204 File not found 

O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203 File not found 

O8:64bit: - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202 File not found 

O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201 File not found 

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204 File not found 

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203 File not found 

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202 File not found 

O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found 

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 

O32 - HKLM CDRom: AutoRun - 1 

[2012.08.04 18:57:22 | 000,000,000 | ---D | C] -- C:\ProgramData\tmp 

[2012.08.12 17:01:45 | 000,001,893 | ---- | M] () -- C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk 

[2012.08.12 17:01:20 | 004,503,728 | ---- | M] () -- C:\ProgramData\00etadpu.pad 

[2012.07.10 07:02:58 | 004,503,728 | ---- | M] () -- C:\ProgramData\go_0molg.pad 
 
 

@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:CDFF58FE 

@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E36F5B57 

@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:E1F04E8D 

@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:798A3728 

[2012.08.12 17:11:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job 

[2012.08.12 17:02:43 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 

[2012.08.12 17:02:43 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 
 

:Files
 
 

ipconfig /flushdns /c

:Commands

[purity]

[emptytemp]

[emptyflash]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Danke erstmal für die schnelle antwort habe aber vorher noch eine Frage.
Welche Einstellungen muss ich bei otl vornehmen, habe dazu ein Bild hochgeladen?! oder soll ich alles so lassen, den text einfügen und dan fix?

Reicht es bei dem Code auf "alles kopieren" zu klicken, weil ich dann nichts einfügen kann, oder kann ich das auch einfach mit "alles auswählen" und Strg+C machen? Macht das einen unterschied?

Danke

Rauskopieren und in OTL einfuegen und Fix drücken.

Ok hab ich alles gemacht.

Dann kam eine Windows Meldung das mein System beeinflusst wird oder so weiß leider den genauen Text nicht mehr, dann musste ich das System neu starten und danach den Product Key von Windows eingeben, aber wie kann ich jetzt herausfinden ob mein System clean ist?

Greatz und Danke
kacktrojaner

Suche das Fix-Log!

Zitat:

Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Gefunden.... denke ich :)

Code:

All processes killed

========== OTL ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{40c3cc16-7269-4b32-9531-17f2950fb06f} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

Registry value HKEY_USERS\S-1-5-21-3799577095-3413659936-2557766462-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.

C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully.

Registry value HKEY_USERS\S-1-5-21-3799577095-3413659936-2557766462-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{40c3cc16-7269-4b32-9531-17f2950fb06f} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.

HKEY_USERS\S-1-5-21-3799577095-3413659936-2557766462-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-3799577095-3413659936-2557766462-1001\Software\Microsoft\Internet Explorer\SearchScopes\{369D2F82-F855-475A-8280-EABA282D3C7D}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{369D2F82-F855-475A-8280-EABA282D3C7D}\ not found.

HKU\S-1-5-21-3799577095-3413659936-2557766462-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

HKU\S-1-5-21-3799577095-3413659936-2557766462-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!

Prefs.js: "Ask.com" removed from browser.search.defaultengine

Prefs.js: "Ask.com" removed from browser.search.defaultenginename

Prefs.js: "Ask.com" removed from browser.search.order.1

Prefs.js: "Ask.com" removed from browser.search.selectedEngine

Prefs.js: "google.de" removed from browser.startup.homepage

Prefs.js: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=de3221b8-9f52-4939-bfda-6f085e482ae5&apn_ptnrs=%5EABT&apn_sauid=FFCA5BE9-4365-4111-ACBE-116D8AA177B8&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=" removed from keyword.URL

64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{000123B4-9B42-4900-B3F7-F4B073EFC214}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.

File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{40c3cc16-7269-4b32-9531-17f2950fb06f} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_USERS\S-1-5-21-3799577095-3413659936-2557766462-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{40C3CC16-7269-4B32-9531-17F2950FB06F} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40C3CC16-7269-4B32-9531-17F2950FB06F}\ not found.

Registry value HKEY_USERS\S-1-5-21-3799577095-3413659936-2557766462-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.

C:\Program Files (x86)\Ask.com\Updater\Updater.exe moved successfully.

Registry value HKEY_USERS\S-1-5-21-3799577095-3413659936-2557766462-1001\Software\Microsoft\Windows\CurrentVersion\Run\\LicenseValidator not found.

Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_USERS\S-1-5-21-3799577095-3413659936-2557766462-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.

64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Download by Orbit\ deleted successfully.

64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Grab video by Orbit\ deleted successfully.

64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Do&wnload selected by Orbit\ deleted successfully.

64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Down&load all by Orbit\ deleted successfully.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Download by Orbit\ not found.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Grab video by Orbit\ not found.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Do&wnload selected by Orbit\ not found.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Down&load all by Orbit\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{7815BE26-237D-41A8-A98F-F7BD75F71086}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7815BE26-237D-41A8-A98F-F7BD75F71086}\ not found.

64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\ProgramData\tmp folder moved successfully.

File C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.

C:\ProgramData\00etadpu.pad moved successfully.

C:\ProgramData\go_0molg.pad moved successfully.

ADS C:\ProgramData\Temp:CDFF58FE deleted successfully.

ADS C:\ProgramData\Temp:E36F5B57 deleted successfully.

ADS C:\ProgramData\Temp:E1F04E8D deleted successfully.

ADS C:\ProgramData\Temp:798A3728 deleted successfully.

C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.

C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 moved successfully.

C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 moved successfully.

========== FILES ==========
 < ipconfig /flushdns /c >

Windows-IP-Konfiguration

Der DNS-Aufl”sungscache wurde geleert.

C:\Users\Aaron\Desktop\cmd.bat deleted successfully.

C:\Users\Aaron\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Aaron

->Temp folder emptied: 18011357 bytes

->Temporary Internet Files folder emptied: 135611022 bytes

->Java cache emptied: 2020137 bytes

->FireFox cache emptied: 65912590 bytes

->Google Chrome cache emptied: 17322894 bytes

->Flash cache emptied: 537 bytes

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

 

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 5356701 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36028471 bytes

RecycleBin emptied: 54247656 bytes

 

Total Files Cleaned = 319,00 mb

 

 

[EMPTYFLASH]

 

User: Aaron

->Flash cache emptied: 0 bytes

 

User: All Users

 

User: Default

 

User: Default User

 

User: Public

 

User: UpdatusUser

 

Total Flash Files Cleaned = 0,00 mb

 

 

OTL by OldTimer - Version 3.2.57.0 log created on 08142012_060306

Danke schonmal!!

Sehr gut! :daumenhoc

Wie laeuft der Rechner?

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Hab jetzt gerade ersmal mit malware gescannt und das sah auch schon ganz nett aus

Code:

Malwarebytes Anti-Malware (Test) 1.62.0.1300

www.malwarebytes.org
 

Datenbank Version: v2012.08.15.04
 

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

Aaron :: AARON-PC [Administrator]
 

Schutz: Aktiviert
 

15.08.2012 16:02:32

mbam-log-2012-08-15 (16-02-32).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 405042

Laufzeit: 1 Stunde(n), 43 Minute(n), 30 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Jetz mach ich dann noch den scan mit dem anderen Moped da.

Vielen Dank schonmal!

SO hab dann jetz auch mit Adwcleaner gesucht

Code:

# AdwCleaner v1.801 - Logfile created 08/15/2012 at 19:59:47

# Updated 14/08/2012 by Xplode

# Operating system : Windows 7 Home Premium  (64 bits)

# User : Aaron - AARON-PC

# Boot Mode : Normal

# Running from : C:\Users\Aaron\Downloads\adwcleaner.exe

# Option [Search]
 
 

***** [Services] *****
 
 

***** [Files / Folders] *****
 

Folder Found : C:\Users\Aaron\AppData\Local\Conduit

Folder Found : C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk

Folder Found : C:\Users\Aaron\AppData\LocalLow\AskToolbar

Folder Found : C:\Users\Aaron\AppData\LocalLow\Conduit

Folder Found : C:\Users\Aaron\AppData\LocalLow\Winload

Folder Found : C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\k5hmb5jg.default\extensions\toolbar@ask.com

Folder Found : C:\ProgramData\boost_interprocess

Folder Found : C:\Program Files (x86)\Ask.com

Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

File Found : C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\k5hmb5jg.default\searchplugins\Askcom.xml
 

***** [Registry] *****

[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2319825

Key Found : HKCU\Software\APN

Key Found : HKCU\Software\AppDataLow\Software\AskToolbar

Key Found : HKCU\Software\AppDataLow\Software\Conduit

Key Found : HKCU\Software\AppDataLow\Toolbar

Key Found : HKCU\Software\Ask.com

Key Found : HKCU\Software\Ask.com.tmp

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}

Key Found : HKCU\Software\Softonic

Key Found : HKLM\SOFTWARE\APN

Key Found : HKLM\SOFTWARE\AskToolbar

Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL

Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine

Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd

Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1

Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF

Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

Key Found : HKLM\SOFTWARE\Conduit

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Key Found : HKLM\SOFTWARE\Winload

[x64] Key Found : HKCU\Software\APN

[x64] Key Found : HKCU\Software\AppDataLow\Software\AskToolbar

[x64] Key Found : HKCU\Software\AppDataLow\Software\Conduit

[x64] Key Found : HKCU\Software\AppDataLow\Toolbar

[x64] Key Found : HKCU\Software\Ask.com

[x64] Key Found : HKCU\Software\Ask.com.tmp

[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}

[x64] Key Found : HKCU\Software\Softonic

[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL

[x64] Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine

[x64] Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd

[x64] Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1

[x64] Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF

[x64] Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar

[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
 

***** [Registre - GUID] *****
 

Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Key Found : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}

Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{347822B2-60B8-4E3A-9D1C-355A20EC1700}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78CD2B43-C891-4E04-B62B-E5C7A74E96DA}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{53CE1D6A-7EB1-448B-B494-5434B7380A2B}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{53CE1D6A-7EB1-448B-B494-5434B7380A2B}

[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{53CE1D6A-7EB1-448B-B494-5434B7380A2B}
 

***** [Internet Browsers] *****
 

-\\ Internet Explorer v9.0.8112.16421
 

[OK] Registry is clean.
 

-\\ Mozilla Firefox v14.0.1 (de)
 

Profile name : default 

File : C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\k5hmb5jg.default\prefs.js
 

Found : user_pref("extensions.asktb.ff-original-keyword-url", "");
 

-\\ Google Chrome v [Unable to get version]
 

File : C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Preferences
 

Found :                "update_url": "hxxp://autoupdate.chromewebtb.conduit-services.com/?productId=CT231982[...]
 

*************************
 

AdwCleaner[R1].txt - [6722 octets] - [15/08/2012 19:59:47]
 

########## EOF - C:\AdwCleaner[R1].txt - [6850 octets] ##########

Alles gut?
Vielen Dank!!!!!!!!! läuft übrigens alles sehr gut

Sehr gut! :daumenhoc

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

danach:

Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

OK hab jetzt die Datei von AdwCleaner

Code:

# AdwCleaner v1.801 - Logfile created 08/15/2012 at 20:01:20

# Updated 14/08/2012 by Xplode

# Operating system : Windows 7 Home Premium  (64 bits)

# User : Aaron - AARON-PC

# Boot Mode : Normal

# Running from : C:\Users\Aaron\Downloads\adwcleaner.exe

# Option [Delete]
 
 

***** [Services] *****
 
 

***** [Files / Folders] *****
 

Folder Deleted : C:\Users\Aaron\AppData\Local\Conduit

Folder Deleted : C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk

Folder Deleted : C:\Users\Aaron\AppData\LocalLow\AskToolbar

Folder Deleted : C:\Users\Aaron\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Aaron\AppData\LocalLow\Winload

Folder Deleted : C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\k5hmb5jg.default\extensions\toolbar@ask.com

Folder Deleted : C:\ProgramData\boost_interprocess

Folder Deleted : C:\Program Files (x86)\Ask.com

Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

File Deleted : C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\k5hmb5jg.default\searchplugins\Askcom.xml
 

***** [Registry] *****

[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2319825

Key Deleted : HKCU\Software\APN

Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Toolbar

Key Deleted : HKCU\Software\Ask.com

Key Deleted : HKCU\Software\Ask.com.tmp

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKLM\SOFTWARE\APN

Key Deleted : HKLM\SOFTWARE\AskToolbar

Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL

Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine

Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd

Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1

Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF

Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

Key Deleted : HKLM\SOFTWARE\Conduit

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Key Deleted : HKLM\SOFTWARE\Winload

[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
 

***** [Registre - GUID] *****
 

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{347822B2-60B8-4E3A-9D1C-355A20EC1700}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78CD2B43-C891-4E04-B62B-E5C7A74E96DA}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{53CE1D6A-7EB1-448B-B494-5434B7380A2B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{53CE1D6A-7EB1-448B-B494-5434B7380A2B}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
 

***** [Internet Browsers] *****
 

-\\ Internet Explorer v9.0.8112.16421
 

[OK] Registry is clean.
 

-\\ Mozilla Firefox v14.0.1 (de)
 

Profile name : default 

File : C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\k5hmb5jg.default\prefs.js
 

Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
 

-\\ Google Chrome v [Unable to get version]
 

File : C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Preferences
 

Deleted :                "update_url": "hxxp://autoupdate.chromewebtb.conduit-services.com/?productId=CT231982[...]
 

*************************
 

AdwCleaner[R1].txt - [6797 octets] - [15/08/2012 19:59:47]

AdwCleaner[S1].txt - [5161 octets] - [15/08/2012 20:01:20]
 

########## EOF - C:\AdwCleaner[S1].txt - [5289 octets] ##########

Lade dann jetzt das nächste runter.

Dankeschöön

Also wenn ich emsisoft runterlade und es anwende dann steht da das man servicepack1 oder sowas braucht für windows 7..... was jetz?? und nur interessehalber, muss ich da noch viele Programme drüberlaufen lassen?

Vielen Dank!!

Alle Windows Updates einspielen, inkl. SP1!!

OK SP1 runterladen ist klar aber wie kann ich denn windows updaten?

Greatz
Kacktrojaner

Start -> Systemsteuerung -> Updates

Jop hab ich schon gefunden und jetzt auch alles geupdated bin jetzt aber erst am montag wieder da bis dahin ist der laptop aus, werde dann den scan mit emsisoft durchführen und berichten.

vielen dank bis dahin
kacktrojaner

Ok hab den Scan mit emsisoft auch gemacht, es wurde aber nichts mehr gefunden... was nun hab ichs geschafft??? Bitte sag Ja!!

Vielen Dank für die gute Unterstützung schonmal!!!!!!!!!!

Wo ist das Log? (siehe Anleitung)

Ah Ja OK

Code:

Emsisoft Anti-Malware - Version 6.6

Letztes Update: 20.08.2012 18:12:58
 

Scan Einstellungen:
 

Scan Methode: Detail Scan

Objekte: Rootkits, Speicher, Traces, C:\

Archiv Scan: An

ADS Scan: An
 

Scan Beginn:        20.08.2012 18:13:48
 
 

Gescannt        691894

Gefunden        0
 

Scan Ende:        20.08.2012 19:49:23

Scan Zeit:        1:35:35

Danke!!

Sehr gut! :daumenhoc

Deinstalliere:
Emsisoft Anti-Malware

ESET Online Scanner

Vorbereitung

Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.

Los geht's

Lade und starte Eset Smartinstaller
Haken setzen bei YES, I accept the Terms of Use.
Klick auf Start.
Haken setzen bei Remove found threads und Scan archives.
Klick auf Start.
Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Finish drücken.
Browser schließen.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
Logfile hier posten.
Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.