Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.
ADSPY/Bho.GamePla.F gefunden in C:\Users\Graf Fitsch\AppData\Local\Temp\tmp-f9h.xpi
So, hier das Fix-Log. Was mir spontan aufgefallen ist: Der Browser hat seit einigen Wochen beim Systemstart rel. lang gebraucht, bis die vorherigen Tabs geladen waren, das ging mMn nach gerade wieder schneller. Gutes Zeichen?
Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{092cce5a-c8c1-11de-8ce9-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{092cce5a-c8c1-11de-8ce9-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{092cce5a-c8c1-11de-8ce9-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{092cce5a-c8c1-11de-8ce9-806e6f6e6963}\ not found.
File D:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61afbd99-3b14-11df-8fb2-ae7b50358787}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61afbd99-3b14-11df-8fb2-ae7b50358787}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61afbd99-3b14-11df-8fb2-ae7b50358787}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61afbd99-3b14-11df-8fb2-ae7b50358787}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61afbda6-3b14-11df-8fb2-ae7b50358787}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61afbda6-3b14-11df-8fb2-ae7b50358787}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61afbda6-3b14-11df-8fb2-ae7b50358787}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61afbda6-3b14-11df-8fb2-ae7b50358787}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{66c28994-8a86-11df-95d9-ff5804a70ae0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66c28994-8a86-11df-95d9-ff5804a70ae0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{66c28994-8a86-11df-95d9-ff5804a70ae0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66c28994-8a86-11df-95d9-ff5804a70ae0}\ not found.
File H:\ff9pcsx.d3u5.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad59aa7f-c8c6-11de-bb00-00241dd481aa}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ad59aa7f-c8c6-11de-bb00-00241dd481aa}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad59aa7f-c8c6-11de-bb00-00241dd481aa}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ad59aa7f-c8c6-11de-bb00-00241dd481aa}\ not found.
File E:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb30ef82-3bdf-11df-b3c5-e61414f955fe}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb30ef82-3bdf-11df-b3c5-e61414f955fe}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb30ef82-3bdf-11df-b3c5-e61414f955fe}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb30ef82-3bdf-11df-b3c5-e61414f955fe}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
File D:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ not found.
File I:\LaunchU3.exe -a not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 51189 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Graf Fitsch
->Temp folder emptied: 11134279027 bytes
->Temporary Internet Files folder emptied: 2172472158 bytes
->Java cache emptied: 23551973 bytes
->FireFox cache emptied: 990462683 bytes
->Flash cache emptied: 6421 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 719872 bytes
%systemroot%\System32 (64bit) .tmp files removed: 8556032 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 317147559 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 7548826083 bytes
Total Files Cleaned = 21.168,00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default
User: Default User
User: Graf Fitsch
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.43.0 log created on 05212012_110939
Files\Folders moved on Reboot...
C:\Users\Graf Fitsch\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\SysNative\SET3BA4.tmp not found!
Registry entries deleted on Reboot...
Themen zu ADSPY/Bho.GamePla.F gefunden in C:\Users\Graf Fitsch\AppData\Local\Temp\tmp-f9h.xpi
Zum Thema ADSPY/Bho.GamePla.F gefunden in C:\Users\Graf Fitsch\AppData\Local\Temp\tmp-f9h.xpi - So, hier das Fix-Log. Was mir spontan aufgefallen ist: Der Browser hat seit einigen Wochen beim Systemstart rel. lang gebraucht, bis die vorherigen Tabs geladen waren, das ging mMn nach - ADSPY/Bho.GamePla.F gefunden in C:\Users\Graf Fitsch\AppData\Local\Temp\tmp-f9h.xpi...
21.05.2012, 10:16
Baum-Darstellung