Gema trojaner - großes problem

MelvinZucker

Hallo

ich habe folgendes problem
wenn ich den laptop anmache (Dell), nach dem anmelden kommt eine meldung mit GEMA
ich habe die anweisungen von einem anderen thread ausprobiert und habe eine
'shell' text datei in welcher folgendes steht:



WIN_7 X64 Service Pack 1
Running from H:\

HKLM\..\Winlogon; Shell = explorer.exe [ Microsoft Corporation ]
.
.
.
Modified HKCU shell extension. Current Shell File = C:\Users\Metalmaster\AppData\Roaming\hw45esi4ss.exe
File C:\Users\Metalmaster\AppData\Roaming\hw45esi4ss.exe moved to H:\\infected or not found


[System Process]
System
smss.exe
csrss.exe
wininit.exe
csrss.exe
services.exe
lsass.exe
lsm.exe
winlogon.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
cmd.exe
conhost.exe
ctfmon.exe
svchost.exe
WmiPrvSE.exe
srep.exe
cmd.exe
conhost.exe
srep.exe


HKLM\..\Run [StartCCC] = "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM\..\Run [Dell Webcam Central] = "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
HKLM\..\Run [VirtualCloneDrive] = "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
HKLM\..\Run [HTC Sync Loader] = "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
HKLM\..\Run [NBAgent] = "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
HKLM\..\Run [avgnt] = "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
HKLM\..\Run [Babylon Client] = C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe -AutoStart

HKCU\..\Run [Sidebar] = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKCU\..\Run [msnmsgr] = "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKCU\..\Run [Skype] = "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
HKCU\..\Run [KPeerNexonEU] = C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe
HKCU\..\Run [Facebook Update] = "C:\Users\Metalmaster\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKCU\..\Run [Akamai NetSession Interface] = C:\Users\Metalmaster\AppData\Local\Akamai\netsession_win.exe
HKCU\..\Run [d56ij56itijcty] = C:\Users\Metalmaster\AppData\Roaming\e56ijd\ed6t57it5.exe
HKCU\..\Run [zC1tx7LKsdR39Qk] = C:\Users\Metalmaster\AppData\Roaming\hw45esi4ss.exe

HKU\.DEFAULT\..\Winlogon; Shell =
HKU\S-1-5-19\..\Winlogon; Shell =
HKU\S-1-5-20\..\Winlogon; Shell =
HKU\S-1-5-21-4259231173-51643865-1593951088-1000\..\Winlogon; Shell = explorer.exe
HKU\S-1-5-21-4259231173-51643865-1593951088-1000_Classes\..\Winlogon; Shell =
HKU\S-1-5-18\..\Winlogon; Shell =

HKU\S-1-5-19\..\Run [Sidebar] = %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\..\Run [Sidebar] = %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-4259231173-51643865-1593951088-1000\..\Run [Sidebar] = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\S-1-5-21-4259231173-51643865-1593951088-1000\..\Run [msnmsgr] = "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-4259231173-51643865-1593951088-1000\..\Run [Skype] = "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
HKU\S-1-5-21-4259231173-51643865-1593951088-1000\..\Run [KPeerNexonEU] = C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe
HKU\S-1-5-21-4259231173-51643865-1593951088-1000\..\Run [Facebook Update] = "C:\Users\Metalmaster\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-4259231173-51643865-1593951088-1000\..\Run [Akamai NetSession Interface] = C:\Users\Metalmaster\AppData\Local\Akamai\netsession_win.exe
HKU\S-1-5-21-4259231173-51643865-1593951088-1000\..\Run [d56ij56itijcty] = C:\Users\Metalmaster\AppData\Roaming\e56ijd\ed6t57it5.exe
HKU\S-1-5-21-4259231173-51643865-1593951088-1000\..\Run [zC1tx7LKsdR39Qk] = C:\Users\Metalmaster\AppData\Roaming\hw45esi4ss.exe


x64
HKLMx64\..\Winlogon; Shell = explorer.exe [ 2871808- ]
No action taken
HKCUx6464\..\Winlogon; Shell =
No action taken
HKLMx64\..\Winlogon, Shell = explorer.exe
HKCUx64\..\Winlogon, Shell = explorer.exe

==== FINISH 29.11-22.51 ====
WIN_7 X64 Service Pack 1
Running from H:\

HKLM\..\Winlogon; Shell = explorer.exe [ Microsoft Corporation ]
.
.
.
HKCU\..\Winlogon; Shell = explorer.exe
.


[System Process]
System
smss.exe
csrss.exe
wininit.exe
csrss.exe
services.exe
lsass.exe
lsm.exe
winlogon.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
cmd.exe
conhost.exe
ctfmon.exe
svchost.exe
srep.exe
WmiPrvSE.exe


HKLM\..\Run [StartCCC] = "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM\..\Run [Dell Webcam Central] = "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
HKLM\..\Run [VirtualCloneDrive] = "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
HKLM\..\Run [HTC Sync Loader] = "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
HKLM\..\Run [NBAgent] = "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
HKLM\..\Run [avgnt] = "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
HKLM\..\Run [Babylon Client] = C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe -AutoStart

HKCU\..\Run [Sidebar] = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKCU\..\Run [msnmsgr] = "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKCU\..\Run [Skype] = "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
HKCU\..\Run [KPeerNexonEU] = C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe
HKCU\..\Run [Facebook Update] = "C:\Users\Metalmaster\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKCU\..\Run [Akamai NetSession Interface] = C:\Users\Metalmaster\AppData\Local\Akamai\netsession_win.exe
HKCU\..\Run [d56ij56itijcty] = C:\Users\Metalmaster\AppData\Roaming\e56ijd\ed6t57it5.exe
HKCU\..\Run [zC1tx7LKsdR39Qk] = C:\Users\Metalmaster\AppData\Roaming\hw45esi4ss.exe

HKU\.DEFAULT\..\Winlogon; Shell =
HKU\S-1-5-19\..\Winlogon; Shell =
HKU\S-1-5-20\..\Winlogon; Shell =
HKU\S-1-5-21-4259231173-51643865-1593951088-1000\..\Winlogon; Shell = explorer.exe
HKU\S-1-5-21-4259231173-51643865-1593951088-1000_Classes\..\Winlogon; Shell =
HKU\S-1-5-18\..\Winlogon; Shell =

HKU\S-1-5-19\..\Run [Sidebar] = %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\..\Run [Sidebar] = %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-4259231173-51643865-1593951088-1000\..\Run [Sidebar] = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\S-1-5-21-4259231173-51643865-1593951088-1000\..\Run [msnmsgr] = "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-4259231173-51643865-1593951088-1000\..\Run [Skype] = "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
HKU\S-1-5-21-4259231173-51643865-1593951088-1000\..\Run [KPeerNexonEU] = C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe
HKU\S-1-5-21-4259231173-51643865-1593951088-1000\..\Run [Facebook Update] = "C:\Users\Metalmaster\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-4259231173-51643865-1593951088-1000\..\Run [Akamai NetSession Interface] = C:\Users\Metalmaster\AppData\Local\Akamai\netsession_win.exe
HKU\S-1-5-21-4259231173-51643865-1593951088-1000\..\Run [d56ij56itijcty] = C:\Users\Metalmaster\AppData\Roaming\e56ijd\ed6t57it5.exe
HKU\S-1-5-21-4259231173-51643865-1593951088-1000\..\Run [zC1tx7LKsdR39Qk] = C:\Users\Metalmaster\AppData\Roaming\hw45esi4ss.exe


x64
HKLMx64\..\Winlogon; Shell = explorer.exe [ 2871808- ]
No action taken
HKCUx6464\..\Winlogon; Shell =
No action taken
HKLMx64\..\Winlogon, Shell = explorer.exe
HKCUx64\..\Winlogon, Shell = explorer.exe

==== FINISH 29.11-23.01 ====


ich hoffe mir kann da jetzt jemand weiterhelfen