| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: BKA Trojaner Windows 7 Exploit.Drop.UR.2Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
20.08.2012, 20:56
| #2 |
| /// Helfer-Team  |  BKA Trojaner Windows 7 Exploit.Drop.UR.2 Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2851647
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
IE - HKCU\..\SearchScopes\{FE3508E7-A255-444F-AEAC-4EA8489C38EC}: "URL" = http://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
IE - HKCU\..\SearchScopes\{FE4ACC4B-E07B-4E3A-B850-C1736DF73080}: "URL" = http://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O4 - HKCU..\Run: [volhosicicdrnii] C:\ProgramData\volhosic.exe ()
O4 - HKCU..\RunOnce: [Flags] Reg Error: Invalid data type. File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1f1807e3-1500-11df-aad5-002622eb2cd3}\Shell - "" = AutoRun
O33 - MountPoints2\{1f1807e3-1500-11df-aad5-002622eb2cd3}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\{3b1270db-589e-11e0-bc6f-002622eb2cd3}\Shell - "" = AutoRun
O33 - MountPoints2\{3b1270db-589e-11e0-bc6f-002622eb2cd3}\Shell\AutoRun\command - "" = G:\Login.exe
O33 - MountPoints2\{4c4b2059-5f90-11e0-b7f6-002622eb2cd3}\Shell - "" = AutoRun
O33 - MountPoints2\{4c4b2059-5f90-11e0-b7f6-002622eb2cd3}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{e90515c1-5fe8-11df-9143-002622eb2cd3}\Shell - "" = AutoRun
O33 - MountPoints2\{e90515c1-5fe8-11df-9143-002622eb2cd3}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Login.exe
[2012.08.20 16:30:16 | 000,000,000 | ---D | C] -- C:\ProgramData\obzjadkkifioayh
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2012.08.20 16:30:16 | 000,000,051 | ---- | M] () -- C:\ProgramData\rxbebeizuspprrl
[2012.08.20 16:30:10 | 000,057,344 | ---- | M] () -- C:\ProgramData\volhosic.exe
[2012.08.20 16:30:10 | 000,057,344 | ---- | M] () -- C:\Users\Commander\0.8395653502523105.exe
[2012.07.05 20:10:08 | 000,000,051 | ---- | C] () -- C:\ProgramData\psxgpeskfkqdxon
@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_1VVTV9VTMVFBF1VJWVBH4P6XLVVVVVVVVVVVVVV
@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_1VPTV1VTMVFBFLVHKV6FYJ6VDVPMF7LBWK96HUTVVVVVVVVVVVVV
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________ |
| Themen zu BKA Trojaner Windows 7 Exploit.Drop.UR.2 |
| abgesicherte, administrator, aktion, anti-malware, autostart, bösartige, code, conduit, dateien, explorer, google earth, heute, index, logfile, malwarebytes, minute, plug-in, registrierung, runter, safer networking, sauber, service, speicher, troja, trojaner, version, verzeichnisse, windows, windows 7, wrapper |
Baum-Darstellung