GVU Trojaner Win7 64bit

t'john · 23.07.2012, 18:34

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:

Code:

ATTFilter

:OTL
MOD - [2012.03.03 14:20:55 | 000,115,137 | ---- | M] () -- C:\Users\Ich Selbst\AppData\Local\Temp\85e80529-e4f2-4f39-a0f4-8e660bf7f00d\CliSecureRT.dll 
MOD - [2009.07.10 09:07:18 | 000,166,912 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL 
MOD - [2009.02.06 18:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL 
SRV - [2012.07.20 16:28:00 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.) 
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2736476 
IE - HKCU\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.) 
IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - prefs.js..browser.startup.homepage: "http://www.shortnews.de/" 
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9 
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5 
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.265.2 
FF - prefs.js..extensions.enabledItems: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}:3.6.0.10 
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 
FF - prefs.js..extensions.enabledItems: quickstores@quickstores.de:1.2.0 
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:3.0.1 
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:3.1.2 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 
FF - prefs.js..extensions.enabledItems: battlefieldplay4free@ea.com:1.0.53.2 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 
FF - prefs.js..network.proxy.backup.ftp: "24.159.189.101" 
FF - prefs.js..network.proxy.backup.ftp_port: 36081 
FF - prefs.js..network.proxy.backup.socks: "24.159.189.101" 
FF - prefs.js..network.proxy.backup.socks_port: 36081 
FF - prefs.js..network.proxy.backup.ssl: "24.159.189.101" 
FF - prefs.js..network.proxy.backup.ssl_port: 36081 
FF - prefs.js..network.proxy.ftp: "24.159.189.101" 
FF - prefs.js..network.proxy.ftp_port: 36081 
FF - prefs.js..network.proxy.http: "24.159.189.101" 
FF - prefs.js..network.proxy.http_port: 36081 
FF - prefs.js..network.proxy.share_proxy_settings: true 
FF - prefs.js..network.proxy.socks: "24.159.189.101" 
FF - prefs.js..network.proxy.socks_port: 36081 
FF - prefs.js..network.proxy.ssl: "24.159.189.101" 
FF - prefs.js..network.proxy.ssl_port: 36081 
FF - prefs.js..network.proxy.type: 0 
FF - user.js - File not found 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found 
O2 - BHO: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.) 
O3 - HKLM\..\Toolbar: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.) 
O3 - HKCU\..\Toolbar\WebBrowser: (Freeware.de Toolbar) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.) 
O4 - HKLM..\Run: [NapsterShell] C:\Program Files (x86)\Napster\napster.exe /systray File not found 
O4 - HKCU..\Run: [Tunebite] C:\Program Files (x86)\RapidSolution\Tunebite\Tunebite.exe -tray File not found 
O4 - Startup: C:\Users\Ich Selbst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O32 - HKLM CDRom: AutoRun - 1 
O33 - MountPoints2\{f76ef869-d660-11e0-ba73-806e6f6e6963}\Shell - "" = AutoRun 
O33 - MountPoints2\{f76ef869-d660-11e0-ba73-806e6f6e6963}\Shell\AutoRun\command - "" = H:\CdAutoRun.exe -- [2006.10.30 17:54:10 | 000,049,152 | R--- | M] () 
[2012.07.23 18:10:58 | 004,503,728 | ---- | M] () -- C:\ProgramData\piz_0ef.pad 
[2012.07.18 20:37:58 | 004,503,728 | ---- | M] () -- C:\ProgramData\pmt_0piot.pad 
[2012.07.23 15:48:02 | 004,503,728 | ---- | C] () -- C:\ProgramData\piz_0ef.pad 
[2012.07.18 20:25:23 | 004,503,728 | ---- | C] () -- C:\ProgramData\pmt_0piot.pad 

[2012.07.18 20:25:25 | 000,000,000 | ---D | C] -- C:\Users\Ich Selbst\AppData\Roaming\UAs 
[2012.07.18 20:25:23 | 004,503,728 | ---- | C] () -- C:\ProgramData\pmt_0piot.pad 
[2012.07.18 20:25:25 | 000,000,000 | ---D | M] -- C:\Users\Ich Selbst\AppData\Roaming\UAs 
[2012.07.18 20:25:52 | 000,000,000 | ---D | M] -- C:\Users\Ich Selbst\AppData\Roaming\xmldm 
[2012.07.17 21:34:42 | 000,000,000 | ---D | C] -- C:\Users\Ich Selbst\AppData\Roaming\13001.026 
[2012.07.17 21:34:22 | 000,000,000 | ---D | C] -- C:\Users\Ich Selbst\AppData\Roaming\xmldm 
[2012.07.17 21:34:17 | 000,000,000 | ---D | C] -- C:\Users\Ich Selbst\AppData\Roaming\kock 

[2012.07.23 15:50:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job 
 
[2011.09.03 21:28:11 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL 
:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

GVU Trojaner Win7 64bit

Log-Analyse und Auswertung: GVU Trojaner Win7 64bit

GVU Trojaner Win7 64bit

Ähnliche Themen: GVU Trojaner Win7 64bit