| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Virus EXP/CVE-2012-1723.A.110Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
28.08.2012, 22:32
| #5 |
 |  Virus EXP/CVE-2012-1723.A.110 okay, habe jetzt den ersten Schritt befolgt und das Skipt per OTL (hoffentlich) gefixt Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0FBA617C-AE0B-4F5D-8B44-BF44C03451CA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FBA617C-AE0B-4F5D-8B44-BF44C03451CA}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: toolbar-ff@payback.de:1.1.1.88 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.
C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml moved successfully.
C:\Program Files\mozilla firefox\searchplugins\bing.xml moved successfully.
C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml moved successfully.
C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml moved successfully.
C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3814f939-f597-11e0-bd0d-e0cb4ea11b7a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3814f939-f597-11e0-bd0d-e0cb4ea11b7a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a3fdf849-2c45-11df-b683-e0cb4ea11b7a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a3fdf849-2c45-11df-b683-e0cb4ea11b7a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a3fdf849-2c45-11df-b683-e0cb4ea11b7a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a3fdf849-2c45-11df-b683-e0cb4ea11b7a}\ not found.
File E:\setup.exe /AUTORUN not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a3fdf849-2c45-11df-b683-e0cb4ea11b7a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a3fdf849-2c45-11df-b683-e0cb4ea11b7a}\ not found.
File E:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a3fdf849-2c45-11df-b683-e0cb4ea11b7a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a3fdf849-2c45-11df-b683-e0cb4ea11b7a}\ not found.
File E:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be54136c-d5d6-11e1-844d-e0cb4ea11b7a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be54136c-d5d6-11e1-844d-e0cb4ea11b7a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be54136c-d5d6-11e1-844d-e0cb4ea11b7a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be54136c-d5d6-11e1-844d-e0cb4ea11b7a}\ not found.
File E:\Startme.exe not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\ProgramData\FullRemove.exe moved successfully.
ADS C:\ProgramData\Temp:AB689DEA deleted successfully.
========== FILES ==========
C:\windows\tasks\CheckDriveBackgroundGuard.job moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\***\Desktop\virus\cmd.bat deleted successfully.
C:\Users\***\Desktop\virus\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: BB443B11-7D12-450c-9F85-2D32804655F9
User: Default
->Temporary Internet Files folder emptied: 33170 bytes
User: ***
->Temp folder emptied: 40302864 bytes
->Temporary Internet Files folder emptied: 313991759 bytes
->Java cache emptied: 1 bytes
->FireFox cache emptied: 62930487 bytes
->Flash cache emptied: 1209 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5071384 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 403.00 mb
OTL by OldTimer - Version 3.2.59.1 log created on 08282012_232052
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Beste Grüße hier noch einmal die Liste vom Eset Online Scanner: Code:
ATTFilter C:\Users\***\Downloads\nicht schule\cnet_Chapter_and_Verse_v1_4_4_1_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
G:\$RECYCLE.BIN\S-1-5-21-3416259098-2993723268-1515655599-1002\$RSEVSUZ\cnet_Chapter_and_Verse_v1_4_4_1_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
G:\$RECYCLE.BIN\S-1-5-21-3416259098-2993723268-1515655599-1002\$RSEVSUZ\PDFCreator-1_2_3_setup.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined
G:\***\Downloads\cnet_Chapter_and_Verse_v1_4_4_1_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
G:\***\Downloads\PDFCreator-1_2_3_setup.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined
G:\***-PC\Backup Set 2012-01-01 191644\Backup Files 2012-01-01 191644\Backup files 10.zip multiple threats deleted - quarantined
Habe zudem gelesen, dass das neue Java (Version 7) anscheinend eine große Sicherheitslücke hat. HAbe das Gefühl, dass diese auch bei mir genutzt wurde! Sollte ich das neue Java deaktivieren und wenn ja, wie mache ich das? Noch einmal vielen Dank für deine Hilfe!! sisco |
| Themen zu Virus EXP/CVE-2012-1723.A.110 |
| antivir, appdata, ausspähen, cache, deutsch, e-banking, einfach, eingefangen, einsatz, folge, google, hallo zusammen, java, löschen, online-banking, passwörter, problem, sauber, seite, seiten, verzeichnis, viren, virus, überhaupt, zukunft, zusammen |
Baum-Darstellung