Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.
Besten Dank für die schnelle Antwort. Anbei das LogFile
Code:
ATTFilter
��========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HidServ deleted successfully.
File File not found not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AppMgmt deleted successfully.
File File not found not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xpsec deleted successfully.
File File not found not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xcpip deleted successfully.
File File not found not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WDICA deleted successfully.
File File not found not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PDRFRAME deleted successfully.
File File not found not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PDRELI deleted successfully.
File File not found not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PDFRAME deleted successfully.
File File not found not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PDCOMP deleted successfully.
File File not found not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCIDump deleted successfully.
File File not found not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\osguo2kk.sys deleted successfully.
File File not found not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lbrtfdc deleted successfully.
File File not found not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i2omgmt deleted successfully.
File File not found not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Changer deleted successfully.
File File not found not found.
HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\Wingman_ON_C\Software\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKU\Wingman_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\bC4lJzJAS4eHdGa deleted successfully.
C:\Dokumente und Einstellungen\Wingman\Anwendungsdaten\w6j6rt45jtuhdre5.exe moved successfully.
Registry value HKEY_USERS\Wingman_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\bC4lJzJAS4eHdGa deleted successfully.
File C:\Dokumente und Einstellungen\Wingman\Anwendungsdaten\w6j6rt45jtuhdre5.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\Wingman_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\Wingman_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktop deleted successfully.
Registry value HKEY_USERS\Wingman_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry value HKEY_USERS\Wingman_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\Wingman_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Dokumente und Einstellungen\Wingman\Anwendungsdaten\w6j6rt45jtuhdre5.exe deleted successfully.
File C:\Dokumente und Einstellungen\Wingman\Anwendungsdaten\w6j6rt45jtuhdre5.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Dokumente und Einstellungen\Wingman\Anwendungsdaten\w6j6rt45jtuhdre5.exe deleted successfully.
File C:\Dokumente und Einstellungen\Wingman\Anwendungsdaten\w6j6rt45jtuhdre5.exe not found.
Registry value HKEY_USERS\Wingman_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Dokumente und Einstellungen\Wingman\Anwendungsdaten\w6j6rt45jtuhdre5.exe deleted successfully.
File C:\Dokumente und Einstellungen\Wingman\Anwendungsdaten\w6j6rt45jtuhdre5.exe not found.
Registry value HKEY_USERS\Wingman_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Dokumente und Einstellungen\Wingman\Anwendungsdaten\w6j6rt45jtuhdre5.exe deleted successfully.
File C:\Dokumente und Einstellungen\Wingman\Anwendungsdaten\w6j6rt45jtuhdre5.exe not found.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
X:\AUTORUN.INF moved successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
File C:\Dokumente und Einstellungen\Wingman\Anwendungsdaten\w6j6rt45jtuhdre5.exe not found.
ADS C:\Dokumente und Einstellungen\Wingman\Desktop\Mein Lieblingscampingplatz in der N�he von Dover.docx:AFP_AfpInfo deleted successfully.
C:\Dokumente und Einstellungen\Wingman\Anwendungsdaten\Babylon folder moved successfully.
C:\Dokumente und Einstellungen\Wingman\Anwendungsdaten\Complitly\64 folder moved successfully.
C:\Dokumente und Einstellungen\Wingman\Anwendungsdaten\Complitly folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon folder moved successfully.
C:\Dokumente und Einstellungen\Wingman\Anwendungsdaten\BabylonToolbar\BabylonToolbar folder moved successfully.
C:\Dokumente und Einstellungen\Wingman\Anwendungsdaten\BabylonToolbar folder moved successfully.
========== FILES ==========
File\Folder olbar not found.
File\Folder C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon not found.
< ipconfig /flushdns /c >
Windows IP Configuration
C:\cmd.bat deleted successfully.
C:\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 931101 bytes
User: Wingman
->Temp folder emptied: 290305057 bytes
->Temporary Internet Files folder emptied: 53215788 bytes
->FireFox cache emptied: 48685716 bytes
->Flash cache emptied: 18291 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16709096 bytes
Total Files Cleaned = 391.00 mb
OTLPE by OldTimer - Version 3.1.48.0 log created on 08212012_010904
20.08.2012, 21:14
Hybrid-Darstellung
