Ähnlich 2.04, aber Bereinigung funzt nicht

[wk_hk]

Hallo,

habe den Trojaner, dachte erst, es sei 2.04, ist es wohl nicht, denn recovery funzt nicht. Trojaner erscheint nach wie vor. Bitte um Hilfe.
Foto und OTL.txt bzw. extras.txt füge ich bei. Danke vorab.
Grüße
wk_hk

[RM]

Hallo wk_hk,



1. Fixen mit OTL

Hiermit fixen wir unnötige oder schädliche Einträge.

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

• Starte die OTL.exe.
  Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
• Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:

Code:

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{017E639E-7655-4B12-BF00-A9D580554CFD}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{D871CB93-D1FF-4B5B-AFAF-88164EA1652C}: "URL" = http://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE:64bit: - HKLM\..\SearchScopes\{FB9521CF-AA0D-400B-B12F-B15ADBD02725}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{017E639E-7655-4B12-BF00-A9D580554CFD}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
IE - HKLM\..\SearchScopes\{D871CB93-D1FF-4B5B-AFAF-88164EA1652C}: "URL" = http://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{FB9521CF-AA0D-400B-B12F-B15ADBD02725}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
E - HKU\S-1-5-21-3822535448-3256201283-2572153998-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-3822535448-3256201283-2572153998-1000\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3822535448-3256201283-2572153998-1000\..\SearchScopes,DefaultScope = {57BC455D-FE66-47C2-810E-CA1D797D6F43}
IE - HKU\S-1-5-21-3822535448-3256201283-2572153998-1000\..\SearchScopes\{017E639E-7655-4B12-BF00-A9D580554CFD}: "URL" = http://slirsredirect.search.aol.com.anonymize-me.de/?anonymto=687474703A2F2F736C69727372656469726563742E7365617263682E616F6C2E636F6D2F736C6972735F687474702F7372656469723F7372656469723D313134352671756572793D7B7365617263685465726D737D26696E766F636174696F6E547970653D746235306870636E64746965372D64652D6465&st={searchTerms}&clid=36842a04-1a25-48c3-bd68-ddcd70a4fa76&pid=freewarede&k=0
IE - HKU\S-1-5-21-3822535448-3256201283-2572153998-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=36842a04-1a25-48c3-bd68-ddcd70a4fa76&pid=freewarede&k=0
IE - HKU\S-1-5-21-3822535448-3256201283-2572153998-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = [String data over 1000 bytes]
IE - HKU\S-1-5-21-3822535448-3256201283-2572153998-1000\..\SearchScopes\{174F51EC-513A-4A04-9303-61293D27871A}: "URL" = http://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=36842a04-1a25-48c3-bd68-ddcd70a4fa76&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-3822535448-3256201283-2572153998-1000\..\SearchScopes\{40139343-38CF-4559-A63B-140A0DB6987C}: "URL" = http://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=36842a04-1a25-48c3-bd68-ddcd70a4fa76&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-3822535448-3256201283-2572153998-1000\..\SearchScopes\{57BC455D-FE66-47C2-810E-CA1D797D6F43}: "URL" = http://www.google.de/search?q={searchTerms}&rlz=1I7GPEA_de
IE - HKU\S-1-5-21-3822535448-3256201283-2572153998-1000\..\SearchScopes\{5CA184F1-7901-4694-9A8B-F9DE6FBE275A}: "URL" = http://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=36842a04-1a25-48c3-bd68-ddcd70a4fa76&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-3822535448-3256201283-2572153998-1000\..\SearchScopes\{61DE6D0B-23AC-4ABD-AB97-2157DD526197}: "URL" = http://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=36842a04-1a25-48c3-bd68-ddcd70a4fa76&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-3822535448-3256201283-2572153998-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26736F7572636569643D696537&st={searchTerms}&clid=36842a04-1a25-48c3-bd68-ddcd70a4fa76&pid=freewarede&k=0
IE - HKU\S-1-5-21-3822535448-3256201283-2572153998-1000\..\SearchScopes\{7314D63E-2284-49DB-A637-7F468F5FD07A}: "URL" = http://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=36842a04-1a25-48c3-bd68-ddcd70a4fa76&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-3822535448-3256201283-2572153998-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E636F6E647569742E636F6D2F526573756C74734578742E617370783F713D7B7365617263685465726D737D26536561726368536F757263653D3426637469643D435432373336343736&st={searchTerms}&clid=36842a04-1a25-48c3-bd68-ddcd70a4fa76&pid=freewarede&k=0
IE - HKU\S-1-5-21-3822535448-3256201283-2572153998-1000\..\SearchScopes\{D871CB93-D1FF-4B5B-AFAF-88164EA1652C}: "URL" = http://de.kelkoopartners.net.anonymize-me.de/?anonymto=687474703A2F2F64652E6B656C6B6F6F706172746E6572732E6E65742F63746C2F646F2F7365617263683F7369746553656172636851756572793D7B7365617263685465726D737D2666726F6D666F726D3D7472756526783D7472756526793D7472756526706172746E65723D687026706172746E657249643D3936393133393333&st={searchTerms}&clid=36842a04-1a25-48c3-bd68-ddcd70a4fa76&pid=freewarede&k=0
IE - HKU\S-1-5-21-3822535448-3256201283-2572153998-1000\..\SearchScopes\{E2CC0C35-5C6C-4A41-91A2-EC94C4A2D528}: "URL" = http://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=36842a04-1a25-48c3-bd68-ddcd70a4fa76&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-3822535448-3256201283-2572153998-1000\..\SearchScopes\{FB9521CF-AA0D-400B-B12F-B15ADBD02725}: "URL" = http://de.search.yahoo.com.anonymize-me.de/?anonymto=687474703A2F2F64652E7365617263682E7961686F6F2E636F6D2F7365617263683F703D7B7365617263685465726D737D2665693D7B696E707574456E636F64696E677D2666723D63622D6870303626747970653D696532303038&st={searchTerms}&clid=36842a04-1a25-48c3-bd68-ddcd70a4fa76&pid=freewarede&k=0
O4 - HKU\S-1-5-21-3822535448-3256201283-2572153998-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O1364bit: - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
:Files
C:\ProgramData\l_u0_0.pad
C:\Users\wkraus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
:Commands


[PURITY]
[EMPTYTEMP]

• Schließe alle Programme.
• Klicke auf den Fix Button.
• Wenn OTL einen Neustart verlangt, bitte zulassen.
• Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
  Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!


2.
Mache bitte im Anschluss einen vollständigen Scan mit Malwarebytes und poste hier das Logfile. Anleitung und Download hier.

3.
Deinstalliere bitte alle Toolbars wie z.B. von ebay, Ask, MSN, Conduit, Yahoo, SweetIM, Bandoo, iLivid usw. unter Systemsteuerung - Programme.

4.
Du hast eine veraltete Java Version installiert. Bitte unter Systemsteuerung - Programme (Software) deinstallieren und von Java neu laden und installieren.

5.
Prüfe hier deine Plugins auf Aktualität und mache updates wenn dies angezeigt wird.

[wk_hk]

Code:

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{017E639E-7655-4B12-BF00-A9D580554CFD}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{017E639E-7655-4B12-BF00-A9D580554CFD}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D871CB93-D1FF-4B5B-AFAF-88164EA1652C}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D871CB93-D1FF-4B5B-AFAF-88164EA1652C}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FB9521CF-AA0D-400B-B12F-B15ADBD02725}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB9521CF-AA0D-400B-B12F-B15ADBD02725}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{7e111a5c-3d11-4f56-9463-5310c3c69025} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e111a5c-3d11-4f56-9463-5310c3c69025}\ not found.
File C:\Program Files (x86)\Freeware.de\prxtbFree.dll not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{017E639E-7655-4B12-BF00-A9D580554CFD}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{017E639E-7655-4B12-BF00-A9D580554CFD}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D871CB93-D1FF-4B5B-AFAF-88164EA1652C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D871CB93-D1FF-4B5B-AFAF-88164EA1652C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FB9521CF-AA0D-400B-B12F-B15ADBD02725}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB9521CF-AA0D-400B-B12F-B15ADBD02725}\ not found.
Registry value HKEY_USERS\S-1-5-21-3822535448-3256201283-2572153998-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{7e111a5c-3d11-4f56-9463-5310c3c69025} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e111a5c-3d11-4f56-9463-5310c3c69025}\ not found.
File C:\Program Files (x86)\Freeware.de\prxtbFree.dll not found.
HKEY_USERS\S-1-5-21-3822535448-3256201283-2572153998-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3822535448-3256201283-2572153998-1000\Software\Microsoft\Internet Explorer\SearchScopes\{017E639E-7655-4B12-BF00-A9D580554CFD}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{017E639E-7655-4B12-BF00-A9D580554CFD}\ not found.
Registry key HKEY_USERS\S-1-5-21-3822535448-3256201283-2572153998-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3822535448-3256201283-2572153998-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_USERS\S-1-5-21-3822535448-3256201283-2572153998-1000\Software\Microsoft\Internet Explorer\SearchScopes\{174F51EC-513A-4A04-9303-61293D27871A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{174F51EC-513A-4A04-9303-61293D27871A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3822535448-3256201283-2572153998-1000\Software\Microsoft\Internet Explorer\SearchScopes\{40139343-38CF-4559-A63B-140A0DB6987C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40139343-38CF-4559-A63B-140A0DB6987C}\ not found.
Registry key HKEY_USERS\S-1-5-21-3822535448-3256201283-2572153998-1000\Software\Microsoft\Internet Explorer\SearchScopes\{57BC455D-FE66-47C2-810E-CA1D797D6F43}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57BC455D-FE66-47C2-810E-CA1D797D6F43}\ not found.
Registry key HKEY_USERS\S-1-5-21-3822535448-3256201283-2572153998-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5CA184F1-7901-4694-9A8B-F9DE6FBE275A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CA184F1-7901-4694-9A8B-F9DE6FBE275A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3822535448-3256201283-2572153998-1000\Software\Microsoft\Internet Explorer\SearchScopes\{61DE6D0B-23AC-4ABD-AB97-2157DD526197}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61DE6D0B-23AC-4ABD-AB97-2157DD526197}\ not found.
Registry key HKEY_USERS\S-1-5-21-3822535448-3256201283-2572153998-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_USERS\S-1-5-21-3822535448-3256201283-2572153998-1000\Software\Microsoft\Internet Explorer\SearchScopes\{7314D63E-2284-49DB-A637-7F468F5FD07A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7314D63E-2284-49DB-A637-7F468F5FD07A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3822535448-3256201283-2572153998-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-3822535448-3256201283-2572153998-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D871CB93-D1FF-4B5B-AFAF-88164EA1652C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D871CB93-D1FF-4B5B-AFAF-88164EA1652C}\ not found.
Registry key HKEY_USERS\S-1-5-21-3822535448-3256201283-2572153998-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E2CC0C35-5C6C-4A41-91A2-EC94C4A2D528}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2CC0C35-5C6C-4A41-91A2-EC94C4A2D528}\ not found.
Registry key HKEY_USERS\S-1-5-21-3822535448-3256201283-2572153998-1000\Software\Microsoft\Internet Explorer\SearchScopes\{FB9521CF-AA0D-400B-B12F-B15ADBD02725}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB9521CF-AA0D-400B-B12F-B15ADBD02725}\ not found.
Registry value HKEY_USERS\S-1-5-21-3822535448-3256201283-2572153998-1000\Software\Microsoft\Windows\CurrentVersion\Run\\WMPNSCFG not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
========== FILES ==========
File\Folder C:\ProgramData\l_u0_0.pad not found.
File\Folder C:\Users\wkraus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Admin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: All Users
 
User: AppData
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: wkraus
->Temp folder emptied: 35649553 bytes
->Temporary Internet Files folder emptied: 311606 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 492 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 124655223 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1048559 bytes
 
Total Files Cleaned = 154,00 mb
 
 
OTL by OldTimer - Version 3.2.53.1 log created on 07052012_153210

Files\Folders moved on Reboot...
C:\Users\wkraus\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TXNJ0CVX\xd_arbiter[1].htm moved successfully.
C:\Users\wkraus\AppData\Local\Temp\Temporary Internet Files\Content.IE5\T1BDCPWA\newreply[1].htm moved successfully.
C:\Users\wkraus\AppData\Local\Temp\Temporary Internet Files\Content.IE5\B6LIPMO2\xd_arbiter[1].htm moved successfully.
C:\Users\wkraus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.

PendingFileRenameOperations files...
File C:\Users\wkraus\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TXNJ0CVX\xd_arbiter[1].htm not found!
File C:\Users\wkraus\AppData\Local\Temp\Temporary Internet Files\Content.IE5\T1BDCPWA\newreply[1].htm not found!
File C:\Users\wkraus\AppData\Local\Temp\Temporary Internet Files\Content.IE5\B6LIPMO2\xd_arbiter[1].htm not found!
File C:\Users\wkraus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!

Registry entries deleted on Reboot...

[wk_hk]

Hallo,

Leider, OTL lief nicht zuende, sondern wurde überraschend geschlossen. Dies ist das Logfile vom 2. Lauf.

Gruß
wk_hk

[RM]

Ist der Sperrbildschirm verschwunden?
Kommst Du wieder in den normalen Windows Modus?
Bitte noch die Punkte abarbeiten.

[wk_hk]

Ja, der Sperrbildschirm ist weg. Tausend Dank ! Mir fällt ein Stein....usw.

Brauchst Du noch das Logfile von Malwarebytes ? Läuft gerade.

Gruß
WK_HK

[RM]

Ja, bitte noch posten.

[wk_hk]

Hier wäre dann das Malwarebytes-Logfile:

Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.05.05

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
wkraus :: PC-PRIVAT [Administrator]

Schutz: Aktiviert

05.07.2012 15:49:15
mbam-log-2012-07-05 (15-49-15).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 707034
Laufzeit: 3 Stunde(n), 45 Minute(n),

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Program Files (x86)\AquaSoft\DiaShow Studio 6\Data\Start.exe (Trojan.Autorun) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)


Alles ok ?
Die übrigen Aktivitäten asuf deiner Liste führe ich jetzt noch aus.

Nochmals Danke
und Grüße
wk_hk

[RM]

Alles okay.

Beachte bitte auch folgende Artikel für die Zukunft:
Malware entfernt? Was nun?
Wie mache ich mein Windows sicher?
Wie kann ich mein System in Zukunft von Malware frei halten?
Wie kann ich prüfen, ob meine Software aktuell ist?
Mozilla Plugins aktuell? Hier prüfen!
DNS manipuliert?