| |
| |||||||
Log-Analyse und Auswertung: Win 7: AVAST-Rootkitfund nach VPN-DeinstallationWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
06.11.2013, 15:25
| #7 |
| |  Win 7: AVAST-Rootkitfund nach VPN-Deinstallation JRT hab ich durchgeführt. Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Jens Lappy on 06.11.2013 at 15:02:57,11
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
Failed to stop: [Service] hshld
Successfully stopped: [Service] hsstrayservice
Successfully deleted: [Service] hsstrayservice
Successfully stopped: [Service] hsswd
Successfully deleted: [Service] hsswd
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\anchorfree
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\hotspotshield
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\hotspot shield"
Successfully deleted: [Folder] "C:\Users\Jens Lappy\AppData\Roaming\hotspot shield"
Successfully deleted: [Folder] "C:\Users\Jens Lappy\appdata\local\thinstall"
Successfully deleted: [Folder] "C:\Users\Jens Lappy\appdata\locallow\boost_interprocess"
Successfully deleted: [Folder] "C:\Program Files (x86)\hotspot shield"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\Jens Lappy\appdata\local\{137B1D5A-CD14-4AD9-8FC6-FD463C03F467}
Successfully deleted: [Empty Folder] C:\Users\Jens Lappy\appdata\local\{533FD511-36F0-4247-B053-51E7977A44E4}
Successfully deleted: [Empty Folder] C:\Users\Jens Lappy\appdata\local\{9A2824CC-A976-49B2-92ED-23092D7A1388}
Successfully deleted: [Empty Folder] C:\Users\Jens Lappy\appdata\local\{9A5A4365-CADE-4124-B8E7-3ADF907BB9C1}
Successfully deleted: [Empty Folder] C:\Users\Jens Lappy\appdata\local\{E5B67C63-5901-42B0-B0C4-427E9CBE95D6}
~~~ FireFox
Successfully deleted the following from C:\Users\Jens Lappy\AppData\Roaming\mozilla\firefox\profiles\nxsm5l80.default\prefs.js
user_pref("extensions.trackmenot.msnUrl", "hxxp://search.live.com/video/results.aspx?q=|&form=MGDGTL&mkt=de-de");
Emptied folder: C:\Users\Jens Lappy\AppData\Roaming\mozilla\firefox\profiles\nxsm5l80.default\minidumps [165 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.11.2013 at 15:12:12,74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST führe ich dann erst aus wenn alles gelöscht ist. Hier der ADW-Log: Code:
ATTFilter # AdwCleaner v3.011 - Bericht erstellt am 06/11/2013 um 15:12:57
# Updated 03/11/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Jens Lappy - JENSLAPPY-PC
# Gestartet von : C:\Users\Jens Lappy\Desktop\adwcleaner.exe
# Option : Suchen
***** [ Dienste ] *****
Dienst Gefunden : hshld
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Users\Jens Lappy\AppData\Roaming\Mozilla\Firefox\Profiles\nxsm5l80.default\foxydeal.sqlite
Ordner Gefunden C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hotspot shield
Ordner Gefunden C:\Users\Jens Lappy\AppData\Roaming\Mozilla\Firefox\Profiles\nxsm5l80.default\ICQToolbarData
Ordner Gefunden C:\Windows\SysWOW64\hotspot shield
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hotspotshield
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16720
-\\ Mozilla Firefox v25.0 (de)
[ Datei : C:\Users\Jens Lappy\AppData\Roaming\Mozilla\Firefox\Profiles\6yrx1ug9.default\prefs.js ]
[ Datei : C:\Users\Jens Lappy\AppData\Roaming\Mozilla\Firefox\Profiles\lu0m1jb1.default\prefs.js ]
[ Datei : C:\Users\Jens Lappy\AppData\Roaming\Mozilla\Firefox\Profiles\nxsm5l80.default\prefs.js ]
Zeile gefunden : user_pref("extensions.enabledAddons", "de-DE%40dictionaries.addons.mozilla.org:2.0.2,DivXWebPlayer%40divx.com:2.0.2.039,%7B1A2D0EC4-75F5-4c91-89C4-3656F6E44B68%7D:0.4.6,%7B455D905A-D37C-4643-A9E2-F6FE[...]
*************************
AdwCleaner[R0].txt - [5882 octets] - [25/08/2013 14:59:26]
AdwCleaner[R1].txt - [2790 octets] - [06/11/2013 14:59:59]
AdwCleaner[R2].txt - [2133 octets] - [06/11/2013 15:12:57]
AdwCleaner[S0].txt - [5941 octets] - [25/08/2013 15:04:00]
########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [2253 octets] ##########
|
| Themen zu Win 7: AVAST-Rootkitfund nach VPN-Deinstallation |
| 4d36e972-e325-11ce-bfc1-08002be10318, adblock, adobe, antivirus, avast, bonjour, browser, defender, device driver, entfernen, error, farbar, farbar recovery scan tool, firefox, flash player, frage, home, homepage, hotspot, launch, malware, mozilla, photoshop, plug-in, popup, preferences, realtek, registry, rundll, scan, software, spotify web helper, svchost.exe, system, tracker, vista |
Baum-Darstellung