Trojaner-Board - Windows7 141861-problem-beim-starten-c-users-benutzer-appdata-roaming-babsolution-shared-enhancednt-dll.html

Ich hasse ja Vollzitate. Aber hier muss es wohl mal sein :confused:

Zitat:

Zitat von cosinus (Beitrag 1417513)

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

HKLM\...\Run: [] => [X]

HKU\S-1-5-21-2631089936-2126389838-1365947476-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.

ProxyServer: [.DEFAULT] => http=127.0.0.1:49319;https=127.0.0.1:49319

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbQlzfY23FxTb9PwZyXtcFf9B7DGHKarnHgb80W6DTxthbp-0UGoWoS4UdXf76Nt97iv6lD7A1vKTrz8vbhCdOmjV85r_4KgqPdYLwnxDk3vPwerDUIBxr_y6BrM0tyUA-8NDxPCfabjoKfMiveUYGNZxAvGQmy-7HRika7m4U4,&q={searchTerms}

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\.DEFAULT -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbQlzfY23FxTb9PwZyXtcFf9B7DGHKarnHgb80W6DTxthbp-0UGoWoS4UdXf76Nt97iv6lD7A1vKTrz8vbhCdOmjV85r_4KgqPdYLwnxDk3vPwerDUIBxr_y6BrM0tyUA-8NDxPCfabjoKfMiveUYGNZxAvGQmy-7HRika7m4U4,&q={searchTerms}

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-2631089936-2126389838-1365947476-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 

Toolbar: HKLM - Gutscheinmieze - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\BAAX\AppData\Roaming\Gutscheinmieze\toolbar.dll No File

Toolbar: HKU\S-1-5-21-2631089936-2126389838-1365947476-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File

Toolbar: HKU\S-1-5-21-2631089936-2126389838-1365947476-1000 -> Gutscheinmieze - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\BAAX\AppData\Roaming\Gutscheinmieze\toolbar.dll No File

CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

Task: {48F2F8D6-C0ED-4AF0-8A15-64E5CC0679A9} - System32\Tasks\{7FF2796E-85A3-4CB7-B279-4ED302779A1B} => pcalua.exe -a "C:\Program Files\Feven 1.5\Uninstall.exe" -c /fromcontrolpanel=1

Task: {4D2A64AE-59A6-40C0-A8A4-F7017D9AF965} - System32\Tasks\{AED37218-957B-400F-BAFC-BF3A3D9E7464} => pcalua.exe -a "C:\Program Files\Feven 1.5\Uninstall.exe" -c /fromcontrolpanel=1

Task: {7EE49644-2186-40EF-B52A-EB47F85BFCEC} - System32\Tasks\{1DA80BCC-2F5B-4949-8270-7A050CBA9E88} => pcalua.exe -a C:\Users\BAAX\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=cvs <==== ATTENTION

Task: {80731AB5-E8CC-419E-8378-F562D7E497B1} - System32\Tasks\{D69AEA43-0B7E-4081-83F5-671300D0C6F3} => pcalua.exe -a "C:\Program Files\Feven 1.5\Uninstall.exe" -c /fromcontrolpanel=1

Task: {AB9FDC53-BD99-4CE2-8362-291146CCF6C5} - System32\Tasks\{1FF8DCA5-C5FA-409D-BE6C-CDAC783900DA} => pcalua.exe -a "C:\Program Files\Feven 1.5\Uninstall.exe" -c /fromcontrolpanel=1

Task: {B254EAA7-CA46-448D-83F9-F083C1F5ECFA} - System32\Tasks\{C4668ACF-A7F5-419F-8392-12DF91AF3230} => pcalua.exe -a C:\Users\BAAX\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=cvs <==== ATTENTION

Task: {D423FE9A-7E9E-4C41-B222-A025684DDC4E} - System32\Tasks\{65BD746E-C32A-40E2-89EA-D6175B963874} => pcalua.exe -a "C:\Program Files\Feven 1.5\Uninstall.exe" -c /fromcontrolpanel=1

Task: {E8CEDD43-41FC-46F8-8FA4-F917917BC562} - System32\Tasks\{AB8F4E4F-F176-4E72-B1CC-3523DEFEEE63} => pcalua.exe -a C:\Users\BAAX\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=cvs <==== ATTENTION

AlternateDataStreams: C:\ProgramData\Temp:373E1720

AlternateDataStreams: C:\ProgramData\Temp:798A3728

AlternateDataStreams: C:\ProgramData\Temp:B623B5B8

AlternateDataStreams: C:\ProgramData\Temp:BB24555F

AlternateDataStreams: C:\ProgramData\Temp:BF31A799

AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE

AlternateDataStreams: C:\ProgramData\Temp:CE0A077E

AlternateDataStreams: C:\ProgramData\Temp:DCAF903C

C:\Users\BAAX\AppData\Roaming\webssearches

C:\Program Files\Feven 1.5

C:\Users\BAAX\AppData\Roaming\Gutscheinmieze

EmptyTemp:

Hosts:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.