[doppelt] TR/Dropper.Gen von meinen (externen) Festplatten entfernen bei Windows 7?

gkortenhaus · 04.10.2011, 04:32

Liebe Trojaner-Boardler,
tut mir Leid, dass ich das jetzt zweimal poste ich habe leider zu spät gemerkt, dass ich im falschen Überthema bin. Auch ich habe ein ähnliches Problem, wie Panda Bär
http://www.trojaner-board.de/103534-...entfernen.html
wahrscheinlich habe ich sogar den gleichen Trojaner da wir kurz vorher Daten über USB-Sticks und externe Festplatten ausgetauscht haben.
Auch bei mir werden die Ordner zum Teil als Verknüpfungen angezeigt und zwar sowohl auf der eigenen, als auch auf der externen Festplatte, meinem iPod und meiner SD-Card von der Digi-Cam.
Ich habe bereits die im anderen Forum empfohlenen Scans durchgeführt.
Die Logs sind:

Malwarebytes:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7850

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

02.10.2011 22:50:00
mbam-log-2011-10-02 (22-49-18).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Durchsuchte Objekte: 429026
Laufzeit: 57 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 25
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 19
Infizierte Dateien: 29

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{CC7BD6F1-565C-47ce-A5BB-9C935E77B59D} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{02AED140-2B62-4B49-8B3B-179020CC39B9} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{17BF1E05-C0E8-413C-BD1F-A481EEA3B8E9} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.CntntDic.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.CntntDic (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{CFC16189-8A92-4a29-A940-60248385F426} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.CntntDisp.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.CntntDisp (Adware.ShopperReports) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89F88394-3828-4d03-A0CF-8203604C3DA6} (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4233F04-1789-483c-A137-731E8F113DD5} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.info (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.info.1 (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles.1 (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE.1 (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.Stock (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.Stock.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\AppID\BRNstIE.DLL (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ClickPotatoLiteSA (Adware.ClickPotato) -> No action taken.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\ShopperReports 3.0.517.0 (Adware.HotBar) -> Value: ShopperReports 3.0.517.0 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790776B376595635A193 (Malware.Trace) -> Value: SRS_IT_E8790776B376595635A193 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ShopperReports@ShopperReports.com (ShopperReports) -> Value: ShopperReports@ShopperReports.com -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Value: ClickPotatoLite@ClickPotatoLite.com -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\programdata\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> No action taken.
c:\programdata\clickpotatolitesa (Adware.ClickPotato) -> No action taken.
c:\Users\Gustav\AppData\Roaming\shopperreports3 (Adware.ShopperReports) -> No action taken.
c:\program files (x86)\clickpotatolite (Adware.ClickPotato) -> No action taken.
c:\program files (x86)\clickpotatolite\bin (Adware.ClickPotato) -> No action taken.
c:\program files (x86)\clickpotatolite\bin\10.0.666.0 (Adware.ClickPotato) -> No action taken.
c:\program files (x86)\clickpotatolite\bin\10.0.666.0\firefox (Adware.ClickPotato) -> No action taken.
c:\program files (x86)\clickpotatolite\bin\10.0.666.0\firefox\extensions (Adware.ClickPotato) -> No action taken.
c:\program files (x86)\clickpotatolite\bin\10.0.666.0\firefox\extensions\plugins (Adware.ClickPotato) -> No action taken.
c:\program files (x86)\shopperreports3 (Adware.ShopperReports) -> No action taken.
c:\program files (x86)\shopperreports3\bin (Adware.ShopperReports) -> No action taken.
c:\program files (x86)\shopperreports3\bin\3.0.517.0 (Adware.ShopperReports) -> No action taken.
c:\program files (x86)\shopperreports3\bin\3.0.517.0\firefox (Adware.ShopperReports) -> No action taken.
c:\program files (x86)\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar (Adware.ShopperReports) -> No action taken.
c:\program files (x86)\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions (Adware.ShopperReports) -> No action taken.
c:\program files (x86)\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome (Adware.ShopperReports) -> No action taken.
c:\program files (x86)\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components (Adware.ShopperReports) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato (Adware.ClickPotato) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\shopperreports (Adware.ShopperReports) -> No action taken.

Infizierte Dateien:
c:\program files (x86)\shopperreports3\bin\3.0.517.0\cntntcntr.dll (Adware.ShopperReports) -> No action taken.
c:\program files (x86)\clickpotatolite\bin\10.0.666.0\firefox\extensions\plugins\npclntax_clickpotatolitesa.dll (Adware.ClickPotato) -> No action taken.
c:\program files (x86)\mozilla firefox\plugins\npclntax_clickpotatolitesa.dll (Adware.ClickPotato) -> No action taken.
c:\program files (x86)\shopperreports3\bin\3.0.517.0\mozillaps.dll (Adware.ShopperReports) -> No action taken.
c:\program files (x86)\shopperreports3\bin\3.0.517.0\Pltfrm.dll (Adware.ShopperReports) -> No action taken.
c:\program files (x86)\shopperreports3\bin\3.0.517.0\shopperreports.dll (Adware.ShopperReports) -> No action taken.
c:\program files (x86)\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll (Adware.ShopperReports) -> No action taken.
c:\Users\Gustav\AppData\Roaming\Pzwewt.exe (Backdoor.WimNort.Gen) -> No action taken.
c:\Users\Gustav\downloads\Internet\xvidsetup.exe (Adware.Hotbar) -> No action taken.
e:\RECYCLER\b845ef76.exe (Backdoor.WimNort.Gen) -> No action taken.
f:\RECYCLER\b845ef76.exe (Backdoor.WimNort.Gen) -> No action taken.
i:\RECYCLER\b845ef76.exe (Backdoor.WimNort.Gen) -> No action taken.
c:\programdata\clickpotatolitesa\clickpotatolitesa.dat (Adware.ClickPotato) -> No action taken.
c:\programdata\clickpotatolitesa\clickpotatolitesaabout.mht (Adware.ClickPotato) -> No action taken.
c:\programdata\clickpotatolitesa\clickpotatolitesaau.dat (Adware.ClickPotato) -> No action taken.
c:\programdata\clickpotatolitesa\clickpotatolitesaeula.mht (Adware.ClickPotato) -> No action taken.
c:\programdata\clickpotatolitesa\clickpotatolitesa_kyf.dat (Adware.ClickPotato) -> No action taken.
c:\program files (x86)\clickpotatolite\bin\10.0.666.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> No action taken.
c:\program files (x86)\shopperreports3\bin\3.0.517.0\link.ico (Adware.ShopperReports) -> No action taken.
c:\program files (x86)\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome.manifest (Adware.ShopperReports) -> No action taken.
c:\program files (x86)\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\install.rdf (Adware.ShopperReports) -> No action taken.
c:\program files (x86)\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome\firefoxtoolbar.jar (Adware.ShopperReports) -> No action taken.
c:\program files (x86)\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.xpt (Adware.ShopperReports) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\About Us.lnk (Adware.ClickPotato) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\clickpotato customer support.lnk (Adware.ClickPotato) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\clickpotato uninstall instructions.lnk (Adware.ClickPotato) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\shopperreports\About Us.lnk (Adware.ShopperReports) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\shopperreports\customer support.lnk (Adware.ShopperReports) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\shopperreports\shopperreports uninstall instructions.lnk (Adware.ShopperReports) -> No action taken.

Eset:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=57fc91a18feb98459bcae2b911d49758
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-03 07:05:40
# local_time=2011-10-03 01:05:40 (-0600, Mittelamerikanische Normalzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5893 16776573 100 94 0 69163554 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=238757
# found=7
# cleaned=0
# scan_time=5436
E:\$RECYCLE.BIN.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
E:\Abipräsentation.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
E:\Daemon Tools.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
E:\Filme.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
E:\Fotos.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
E:\Musik.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
E:\Spiele.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I

OTL:
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,97 Gb Total Physical Memory | 2,80 Gb Available Physical Memory | 70,69% Memory free
7,93 Gb Paging File | 6,69 Gb Available in Paging File | 84,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,99 Gb Total Space | 170,84 Gb Free Space | 59,94% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 276,95 Gb Free Space | 59,46% Space Free | Partition Type: NTFS
Drive F: | 3,68 Gb Total Space | 3,68 Gb Free Space | 99,99% Space Free | Partition Type: FAT32
Drive I: | 74,31 Gb Total Space | 41,77 Gb Free Space | 56,21% Space Free | Partition Type: FAT32

Computer Name: GUSTAV-PC | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.10.03 08:28:11 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Gustav\Downloads\OTL.exe
PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.02.14 19:32:52 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.04.15 02:17:14 | 000,427,328 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
PRC - [2010.04.15 02:16:48 | 000,288,064 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
PRC - [2010.04.02 02:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010.02.09 12:57:46 | 000,704,032 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
PRC - [2010.01.29 17:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
PRC - [2010.01.28 17:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2010.01.08 07:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2009.12.14 02:06:12 | 000,206,072 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2009.09.24 06:14:56 | 000,825,864 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.EXE
PRC - [2009.06.04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2008.01.16 01:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007.01.04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

========== Modules (No Company Name) ==========

MOD - [2011.02.14 19:33:34 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.02.14 19:32:52 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.11.17 06:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009.12.14 02:06:12 | 000,206,072 | ---- | M] () -- C:\Windows\PLFSetI.exe

========== Win32 Services (SafeList) ==========

und dann noch
OTL Extras logfile created on: 03.10.2011 08:30:57 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Gustav\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,97 Gb Total Physical Memory | 2,80 Gb Available Physical Memory | 70,69% Memory free
7,93 Gb Paging File | 6,69 Gb Available in Paging File | 84,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,99 Gb Total Space | 170,84 Gb Free Space | 59,94% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 276,95 Gb Free Space | 59,46% Space Free | Partition Type: NTFS
Drive F: | 3,68 Gb Total Space | 3,68 Gb Free Space | 99,99% Space Free | Partition Type: FAT32
Drive I: | 74,31 Gb Total Space | 41,77 Gb Free Space | 56,21% Space Free | Partition Type: FAT32

Computer Name: GUSTAV-PC | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*

Danach habe ich den angegebenen OTL-Fix durchgeführt:
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Dvgugx not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\autoexec.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{17fe463e-51a0-11e0-9b2c-0019db06db58}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17fe463e-51a0-11e0-9b2c-0019db06db58}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{17fe463e-51a0-11e0-9b2c-0019db06db58}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17fe463e-51a0-11e0-9b2c-0019db06db58}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{17fe464d-51a0-11e0-9b2c-0019db06db58}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17fe464d-51a0-11e0-9b2c-0019db06db58}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{17fe464d-51a0-11e0-9b2c-0019db06db58}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17fe464d-51a0-11e0-9b2c-0019db06db58}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{271cc1bb-7b1b-11e0-be9e-001617544ae9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{271cc1bb-7b1b-11e0-be9e-001617544ae9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{271cc1bb-7b1b-11e0-be9e-001617544ae9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{271cc1bb-7b1b-11e0-be9e-001617544ae9}\ not found.
File M:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49cdee29-0931-11d6-8065-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49cdee29-0931-11d6-8065-00038a000015}\ not found.
File D:\programs\nu2menu\nu2menu.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{72fc8003-c7e6-11df-98b1-001617544ae9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72fc8003-c7e6-11df-98b1-001617544ae9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{72fc8003-c7e6-11df-98b1-001617544ae9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72fc8003-c7e6-11df-98b1-001617544ae9}\ not found.
File H:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7be823f6-c4e0-11e0-bc8b-001617544ae9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7be823f6-c4e0-11e0-bc8b-001617544ae9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7be823f6-c4e0-11e0-bc8b-001617544ae9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7be823f6-c4e0-11e0-bc8b-001617544ae9}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82e02ede-734e-11e0-bef7-001617544ae9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82e02ede-734e-11e0-bef7-001617544ae9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82e02ede-734e-11e0-bef7-001617544ae9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82e02ede-734e-11e0-bef7-001617544ae9}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3d61049-c1ea-11e0-b9ff-001617544ae9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d3d61049-c1ea-11e0-b9ff-001617544ae9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3d61049-c1ea-11e0-b9ff-001617544ae9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d3d61049-c1ea-11e0-b9ff-001617544ae9}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed803c49-5be1-11e0-9e7e-001617544ae9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ed803c49-5be1-11e0-9e7e-001617544ae9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed803c49-5be1-11e0-9e7e-001617544ae9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ed803c49-5be1-11e0-9e7e-001617544ae9}\ not found.
File D:\automenu.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\M\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\M\ not found.
File M:\AutoRun.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Dvgugx\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: admin
-> No Temporary Internet Files cache folder defined!

User: All Users
-> No Temporary Internet Files cache folder defined!

User: Default
-> No Temporary Internet Files cache folder defined!

User: Default User
-> No Temporary Internet Files cache folder defined!

User: Gustav
-> No Temporary Internet Files cache folder defined!

User: Public
-> No Temporary Internet Files cache folder defined!

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 120103757 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 95016060 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 205,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.29.1 log created on 10032011_085658

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Den Kaspersky-Tool habe ich auch ausgeführt allerdings hatte er bei mir ein anderes Format als das angegebene und ich habe auch keinen Log einsehen können.
Ich wollte jetzt lieber nochmal nachfragen bevor ich ComboFix benutze, ob ich nach dem gleichen Prozedere wie Panda Bär verfahren kann, obwohl ich ein anderes Betriebssystem (Windows 7) habe.
Vielen Dank schon mal im Vorraus
Viele Grüße aus Costa Rica
Gustav

cosinus · 04.10.2011, 16:58

Hier gehts weiter => http://www.trojaner-board.de/103804-...ndows-7-a.html

Und du führst die Tools bitte erst nach Anweisung hin aus und nicht "einfach so" nur weil es in einem anderen Strang so war. Da hat der TO schließlich auch erst das so ausgeführt, als der Helfer es gepostet hat.

[doppelt] TR/Dropper.Gen von meinen (externen) Festplatten entfernen bei Windows 7?

Mülltonne: [doppelt] TR/Dropper.Gen von meinen (externen) Festplatten entfernen bei Windows 7?

[doppelt] TR/Dropper.Gen von meinen (externen) Festplatten entfernen bei Windows 7?

[doppelt] TR/Dropper.Gen von meinen (externen) Festplatten entfernen bei Windows 7?

Ähnliche Themen: [doppelt] TR/Dropper.Gen von meinen (externen) Festplatten entfernen bei Windows 7?