Trojaner-Board - BKA Trojaner eingefangen

Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
Code:
:OTL

FF - prefs.js..browser.search.defaultenginename: "Live Search"

FF - prefs.js..browser.search.defaultthis.engineName: "turk3 Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1524161&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.selectedEngine: "turk3 Customized Web Search"

FF - prefs.js..browser.search.useDBForOrder: true

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O33 - MountPoints2\{4e3ee0a0-b3ea-11de-9053-001377ade1b6}\Shell - "" = AutoRun

O33 - MountPoints2\{4e3ee0a0-b3ea-11de-9053-001377ade1b6}\Shell\AutoRun\command - "" = F:\autorun.exe

O33 - MountPoints2\{55263407-1a1e-11df-aa35-001377ade1b6}\Shell\AutoRun\command - "" = hm1bfpuj.exe

O33 - MountPoints2\{55263407-1a1e-11df-aa35-001377ade1b6}\Shell\open\Command - "" = hm1bfpuj.exe

O33 - MountPoints2\{66684699-ca0e-11de-8bb2-001377ade1b6}\Shell - "" = AutoRun

O33 - MountPoints2\{66684699-ca0e-11de-8bb2-001377ade1b6}\Shell\AutoRun\command - "" = H:\shelexec.exe start.html

O33 - MountPoints2\{806070f2-e1ab-11dd-91d1-001377ade1b6}\Shell - "" = AutoRun

O33 - MountPoints2\{806070f2-e1ab-11dd-91d1-001377ade1b6}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a

O33 - MountPoints2\{8b1785c8-ea49-11de-a8da-001377ade1b6}\Shell - "" = AutoRun

O33 - MountPoints2\{8b1785c8-ea49-11de-a8da-001377ade1b6}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a

O33 - MountPoints2\{99db23b5-6047-11df-bc8a-001377ade1b6}\Shell - "" = AutoRun

O33 - MountPoints2\{99db23b5-6047-11df-bc8a-001377ade1b6}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a

O33 - MountPoints2\{ba3e1acd-e970-11dd-9f02-001377ade1b6}\Shell - "" = Autorun

O33 - MountPoints2\{ba3e1acd-e970-11dd-9f02-001377ade1b6}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com f:

O33 - MountPoints2\{ba3e1acd-e970-11dd-9f02-001377ade1b6}\Shell\Open\command - "" = resycled\boot.com f:

O33 - MountPoints2\{d8c8cd72-ebf3-11de-9b05-001377ade1b6}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\RECYCLER\S-1-5-21-1482476501-3352491937-682996330-1013\SPY_NET_RAT.exe

O33 - MountPoints2\{d8c8cd72-ebf3-11de-9b05-001377ade1b6}\Shell\Open\command - "" = G:\RECYCLER\S-1-5-21-1482476501-3352491937-682996330-1013\SPY_NET_RAT.exe

O20 - HKU\Ebru_ON_C Winlogon: Shell - (C:\Users\Ebru\AppData\Local\Temp\0.9937469958022859.exe) - C:\Users\Ebru\AppData\Local\Temp\0.9937469958022859.exe ()

[2011/04/26 12:28:43 | 000,000,000 | ---D | C] -- C:\Users\Ebru\AppData\Local\{C22F3ED5-81B3-4B60-9FF9-A3EEB34A085D}

[2011/04/25 13:08:19 | 000,000,000 | ---D | C] -- C:\Users\Ebru\AppData\Local\{5577A5F9-E4AB-4114-97EE-368D2A0F392F}

[2011/04/24 18:11:59 | 000,000,000 | ---D | C] -- C:\Users\Ebru\AppData\Local\{DF786120-02FB-460F-8C4C-FD3449E62947}

[2011/04/24 04:04:17 | 000,000,000 | ---D | C] -- C:\Users\Ebru\AppData\Local\{A16AA075-190E-4561-A18C-AD26B0AFE0E4}

[2011/04/24 03:27:13 | 000,000,000 | ---D | C] -- C:\Users\Ebru\AppData\Local\{58CE1D6D-640A-4E1E-9CDE-D4D32A250ADF}

[2011/04/23 11:45:16 | 000,000,000 | ---D | C] -- C:\Users\Ebru\AppData\Local\{5DC0EC4F-79C9-45EB-8F72-7DDD0142F2EC}

[2011/04/22 16:29:07 | 000,000,000 | ---D | C] -- C:\Users\Ebru\AppData\Local\{E103BED4-AB8B-40C7-94C9-4B9989130A2A}

[2011/04/22 03:41:22 | 000,000,000 | ---D | C] -- C:\Users\Ebru\AppData\Local\{DDDCFECC-179C-4DA3-A7F0-02C0428CBFA3}

[2011/04/22 03:05:57 | 000,000,000 | ---D | C] -- C:\Users\Ebru\AppData\Local\{3F699E8B-4E0F-43F8-965D-08FF67105A1D}

[2011/04/21 12:25:08 | 000,000,000 | ---D | C] -- C:\Users\Ebru\AppData\Local\{C427272B-860F-48BF-9982-5AFB0399C813}

[2011/04/20 13:21:51 | 000,000,000 | ---D | C] -- C:\Users\Ebru\AppData\Local\{275568D9-2633-42BF-B468-80A8670AB630}

[2011/04/19 13:11:47 | 000,000,000 | ---D | C] -- C:\Users\Ebru\AppData\Local\{02338344-DC89-48E4-8D98-ADE8EE890640}

[2011/04/19 09:34:12 | 000,000,000 | ---D | C] -- C:\Users\Ebru\AppData\Local\{E41B3DCB-45A2-45C5-922C-87F5469E5CBE}

[2011/04/18 12:13:48 | 000,000,000 | ---D | C] -- C:\Users\Ebru\AppData\Local\{DC09FEC6-9E3E-4AC5-9038-EE7287E4B440}

[2011/04/17 15:39:11 | 000,000,000 | ---D | C] -- C:\Users\Ebru\AppData\Local\{70BF64E5-8A89-4B07-85A2-55B280B65725}

[2011/04/17 07:37:03 | 000,000,000 | ---D | C] -- C:\Users\Ebru\AppData\Local\{F1FDAB78-F685-42D8-B524-FD2148B30ADB}

[2011/04/16 15:57:36 | 000,000,000 | ---D | C] -- C:\Users\Ebru\AppData\Local\{BBC72A45-5F19-4F82-AAAA-5BD419905DEF}

[2011/04/15 15:27:10 | 000,000,000 | ---D | C] -- C:\Users\Ebru\AppData\Local\{B028023F-4ADA-459F-B10F-1684FFE6B9B8}

[2011/04/14 15:19:36 | 000,000,000 | ---D | C] -- C:\Users\Ebru\AppData\Local\{7A3D1E65-C54E-4B79-87AF-48342D0EAECD}

[2011/04/14 11:49:18 | 000,000,000 | ---D | C] -- C:\Users\Ebru\AppData\Local\{0D7B4133-A59C-4AF8-BA4F-647835CDB6C1}

[2011/04/14 09:57:35 | 000,000,000 | ---D | C] -- C:\Users\Ebru\AppData\Local\{91A6096A-270B-4313-BDA2-818670D8C0EF}

[2011/04/13 14:30:14 | 000,000,000 | ---D | C] -- C:\Users\Ebru\AppData\Local\{019AEC31-A864-4B4F-8A72-F90BA3F2CEBB}

[2011/04/13 14:25:14 | 000,000,000 | ---D | C] -- C:\Users\Ebru\AppData\Local\{A7F17625-AAC7-4707-8CA0-C3011097160F}

[2011/04/13 14:17:12 | 000,000,000 | ---D | C] -- C:\Users\Ebru\AppData\Local\{38C61CBA-15BD-42DB-8311-97E9DEAEDC95}

[2011/04/13 13:38:58 | 000,000,000 | ---D | C] -- C:\Users\Ebru\AppData\Local\{AFF76337-5BAF-48DF-862F-4C15EFD198D7}

[2011/04/13 13:15:41 | 000,000,000 | ---D | C] -- C:\Users\Ebru\AppData\Local\{70436D8D-D9D4-4242-A936-BDC40A983F3A}

[2011/04/13 12:40:30 | 000,000,000 | ---D | C] -- C:\Users\Ebru\AppData\Local\{0D8E4B3A-A3DA-4805-990E-7FAC55BADAB6}

[2011/04/13 04:01:33 | 000,000,000 | ---D | C] -- C:\Users\Ebru\AppData\Local\{4AED297F-958A-49A7-9515-5B2A79739BAA}

[2011/04/12 15:20:03 | 000,000,000 | ---D | C] -- C:\Users\Ebru\AppData\Local\{5933DA96-D21E-4A5B-BD78-5CA56FBA3A66}

[2011/04/12 12:21:31 | 000,000,000 | ---D | C] -- C:\Users\Ebru\AppData\Local\{DF416022-999D-4790-B73C-C2311957F45D}

[2011/04/12 00:40:06 | 000,000,000 | ---D | C] -- C:\Users\Ebru\AppData\Local\{A24616ED-4675-473C-ABF7-21BF7122BD2A}

[2011/04/11 16:15:10 | 000,000,000 | ---D | C] -- C:\Users\Ebru\AppData\Local\{7088846A-2919-4189-8984-184857A1B47C}

[2011/04/11 15:52:43 | 000,000,000 | ---D | C] -- C:\Users\Ebru\AppData\Local\{7D7475B2-2534-4A7C-A6E4-1C15378A9CD0}

[2011/04/11 14:48:18 | 000,000,000 | ---D | C] -- C:\Users\Ebru\AppData\Local\{8F8740B0-8FE9-4054-BC88-1265BC9FE458}

[2011/04/11 13:16:36 | 000,000,000 | ---D | C] -- C:\Users\Ebru\AppData\Local\{C906929D-A0CD-4659-B661-61A3FD949D80}

[2011/04/10 10:35:28 | 000,000,000 | ---D | C] -- C:\Users\Ebru\AppData\Local\{9CB04BBB-E9E5-4361-A0EB-44787AFE2D85}

[2011/04/09 10:42:46 | 000,000,000 | ---D | C] -- C:\Users\Ebru\AppData\Local\{1BCE0CBC-AA2D-43C5-BB46-5F221B5F372D}

[2011/04/08 09:58:19 | 000,000,000 | ---D | C] -- C:\Users\Ebru\AppData\Local\{A6A56B61-2504-4C06-B3EB-8CA5F89B1E62}

[2011/04/07 15:09:41 | 000,000,000 | ---D | C] -- C:\Users\Ebru\AppData\Local\{16464E57-11F8-47D2-95BD-E3F9AE92FF79}

[2011/04/06 16:25:17 | 000,000,000 | ---D | C] -- C:\Users\Ebru\AppData\Local\{90E62C23-CD11-4B3A-B157-60FA242558B2}

[2011/04/06 03:14:48 | 000,000,000 | ---D | C] -- C:\Users\Ebru\AppData\Local\{4837D251-2CF9-4BDD-B14A-81AF274A4C60}

[2011/04/05 14:22:43 | 000,000,000 | ---D | C] -- C:\Users\Ebru\AppData\Local\{D9290F51-67B0-4468-A5C8-FA1DA9A88E1A}

[2011/04/04 12:19:18 | 000,000,000 | ---D | C] -- C:\Users\Ebru\AppData\Local\{B1367F42-EF01-426F-8B67-6699EBAACDAA}

[2011/04/03 11:34:58 | 000,000,000 | ---D | C] -- C:\Users\Ebru\AppData\Local\{C58A48C2-0F09-4742-AEA7-20930C9CC44D}

[2011/04/02 15:37:06 | 000,000,000 | ---D | C] -- C:\Users\Ebru\AppData\Local\{0A80781B-06A6-4301-942F-8B3F19BDA3B4}

[2011/04/01 06:57:02 | 000,000,000 | ---D | C] -- C:\Users\Ebru\AppData\Local\{9CA5645E-C913-4D5A-BCEC-DE19BADA8CBB}

[2011/04/01 06:51:39 | 000,000,000 | ---D | C] -- C:\Users\Ebru\AppData\Local\{7B2BBA5D-95EC-4459-99F2-45D01E3EF3B8}

[2011/04/01 06:02:51 | 000,000,000 | ---D | C] -- C:\Users\Ebru\AppData\Local\{6B501F22-8844-4C32-A7D7-682A9DF469DE}

[2011/04/01 02:49:57 | 000,000,000 | ---D | C] -- C:\Users\Ebru\AppData\Local\{68C29341-4EF6-41D8-AA54-2F47C1CDB1B2}

[2011/03/31 14:08:11 | 000,000,000 | ---D | C] -- C:\Users\Ebru\AppData\Local\{1D6E9E2B-8BF9-45A5-B18C-294DC6B28285}

[2011/03/31 12:58:05 | 000,000,000 | ---D | C] -- C:\Users\Ebru\AppData\Local\{3B1D2835-1D97-4C8E-AB61-8C64C46DC4A9}

[2011/03/30 06:31:57 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit

[2011/03/30 06:31:53 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine

[2011/03/30 06:31:49 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoftTB

[2011/03/30 06:31:49 | 000,000,000 | ---D | C] -- C:\Users\Ebru\AppData\Local\Conduit

[2011/03/30 03:22:48 | 000,000,000 | ---D | C] -- C:\Users\Ebru\AppData\Local\{B3D764D9-DD11-4AFA-9A81-E7478BCB4D3B}

[2011/03/29 11:32:38 | 000,000,000 | ---D | C] -- C:\Users\Ebru\AppData\Local\{06350250-6483-4169-B9D1-8C53CC5EE524}

[2011/03/28 13:31:30 | 000,000,000 | ---D | C] -- C:\Users\Ebru\AppData\Local\{E7A1310B-0C7B-4BC6-AD56-A7531A93F5DF}

:Commands

[purity]

[resethosts]

[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.