| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU Trojaner Befall, Windows 7. Vermutlich nach Installation von infizierter SoftwareWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
14.08.2012, 16:39
| #1 |
| /// Helfer-Team  |  GVU Trojaner Befall, Windows 7. Vermutlich nach Installation von infizierter Software Das war nicht der Fix, NOCHMAL! |
|
14.08.2012, 16:57
| #2 | |
 | GVU Trojaner Befall, Windows 7. Vermutlich nach Installation von infizierter SoftwareZitat:
Jetzt aber: Code:
ATTFilter All processes killed
========== OTL ==========
Service SearchAnonymizer stopped successfully!
Service SearchAnonymizer deleted successfully!
C:\Users\Alexander\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe moved successfully.
Service Akamai stopped successfully!
Service Akamai deleted successfully!
c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{62405F7F-AA9E-48D1-B5A3-81E97DC29562}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62405F7F-AA9E-48D1-B5A3-81E97DC29562}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7335A2E9-0889-4C97-852A-2DD5527B7B74}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7335A2E9-0889-4C97-852A-2DD5527B7B74}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F66A6CF-C178-4B87-9E18-447FF81AF0CA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F66A6CF-C178-4B87-9E18-447FF81AF0CA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{972A7DD6-D21D-4AA3-99F1-B6907ADB10B5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{972A7DD6-D21D-4AA3-99F1-B6907ADB10B5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9F424BF0-E932-43D5-8B91-9BC7F7C542D5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F424BF0-E932-43D5-8B91-9BC7F7C542D5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D63F4B23-2084-4C0E-A541-B26AABDD955C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63F4B23-2084-4C0E-A541-B26AABDD955C}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC60E062-FF95-4F4D-9F63-53E8B30D4A5E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DC60E062-FF95-4F4D-9F63-53E8B30D4A5E}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "Scroogle (SSL)" removed from browser.search.selectedEngine
Prefs.js: false removed from browser.search.update
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "www.google.de" removed from browser.startup.homepage
Prefs.js: yyginstantplay@yoyogames.com:1.1.0.24 removed from extensions.enabledItems
Prefs.js: false removed from extensions.ybookmarks@yahoo.original.keyword.conflicts.warn
Prefs.js: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=" removed from keyword.URL
Prefs.js: "file:///C:\\Users\\ALEXAN~1\\AppData\\Local\\Temp\\proxtube.pac" removed from network.proxy.autoconfig_url
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1\ deleted successfully.
C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions\delicious@vjkarunapg.com\searchplugins folder moved successfully.
C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions\delicious@vjkarunapg.com\resource\modules folder moved successfully.
C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions\delicious@vjkarunapg.com\resource folder moved successfully.
C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions\delicious@vjkarunapg.com\defaults\preferences folder moved successfully.
C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions\delicious@vjkarunapg.com\defaults folder moved successfully.
C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions\delicious@vjkarunapg.com\components folder moved successfully.
C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions\delicious@vjkarunapg.com\chrome\skin folder moved successfully.
C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions\delicious@vjkarunapg.com\chrome\locale\en-US folder moved successfully.
C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions\delicious@vjkarunapg.com\chrome\locale folder moved successfully.
C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions\delicious@vjkarunapg.com\chrome\content folder moved successfully.
Folder move failed. C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions\delicious@vjkarunapg.com\chrome scheduled to be moved on reboot.
Folder move failed. C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions\delicious@vjkarunapg.com scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\avast5 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Badoo Desktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutorun deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59b68bf2-daef-11e1-94df-0019663167d0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59b68bf2-daef-11e1-94df-0019663167d0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59b68bf2-daef-11e1-94df-0019663167d0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59b68bf2-daef-11e1-94df-0019663167d0}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\LaunchU3.exe -a not found.
C:\Users\Alexander\AppData\Roaming\kock folder moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Installer\{d5b241b7-7bab-debf-fe39-4ba4cb791627}\U\800000cb.@ moved successfully.
C:\Windows\Installer\{d5b241b7-7bab-debf-fe39-4ba4cb791627}\U\80000000.@ moved successfully.
C:\Windows\Installer\{d5b241b7-7bab-debf-fe39-4ba4cb791627}\U\00000001.@ moved successfully.
C:\Users\Alexander\AppData\Roaming\msconfig.dat moved successfully.
C:\Windows\Installer\{d5b241b7-7bab-debf-fe39-4ba4cb791627}\@ moved successfully.
C:\Users\Alexander\AppData\Local\{d5b241b7-7bab-debf-fe39-4ba4cb791627}\@ moved successfully.
========== FILES ==========
File\Folder [2012.08.01 14:15:33 | 000,075,776 | ---- | M] () -- C:\Windows\cadkasdeinst01e.exe not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Alexander\Desktop\cmd.bat deleted successfully.
C:\Users\Alexander\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Alexander
->Temp folder emptied: 3059248933 bytes
->Temporary Internet Files folder emptied: 391268080 bytes
->Java cache emptied: 21743601 bytes
->FireFox cache emptied: 616308091 bytes
->Flash cache emptied: 237299 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 150445505 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 526050 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 755 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 20931796 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 641 bytes
RecycleBin emptied: 8275914502 bytes
Total Files Cleaned = 11.956,00 mb
OTL by OldTimer - Version 3.2.57.0 log created on 08142012_174115
Files\Folders moved on Reboot...
C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions\delicious@vjkarunapg.com\chrome folder moved successfully.
C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions\delicious@vjkarunapg.com folder moved successfully.
C:\Users\Alexander\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
File C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions\delicious@vjkarunapg.com\chrome not found!
File C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\cwp55av2.default\extensions\delicious@vjkarunapg.com not found!
File C:\Users\Alexander\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
Registry entries deleted on Reboot...
Was ist den jetzt passiert? Ist der Trojaner komplett entfernt? Was haben die Scripte noch bewirkt? Kann ich das System jetzt bedenkenlos so wie es ist weiterbenutzen? Mit freundlichem Gruss, Alexander Geändert von Allbande (14.08.2012 um 17:08 Uhr) Grund: Weitere Fragen |
|
| Themen zu GVU Trojaner Befall, Windows 7. Vermutlich nach Installation von infizierter Software |
| akamai, antivir, avast, avg, avira, bho, desktop, explorer, firefox, flash player, format, google, google earth, gvu trojaner, inline, installation, kaspersky, langs, locker, logfile, malware, mozilla, plug-in, realtek, registry, software, system, temp, trojaner, virus, windows |
Hybrid-Darstellung
