Hallo Matthias,
danke für die schnelle Antwort. Habe JRT und Zoek laufen lassen, Avira geht jetzt wieder und hat direkt mal " TR/Agent.1284608.7 " in zoek.exe gefunden. ist das normal oder habe ich jetzt noch ein Problem?

Hier die Logs:
JRT

Code: Alles auswählenAufklappen

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 8.1 x64
Ran by Arne on 26.02.2014 at 21:13:37,84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apntbmon



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.02.2014 at 21:17:11,54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

zoek

Code: Alles auswählenAufklappen

ATTFilter

Zoek.exe v5.0.0.0 Updated 15-February-2014
Tool run by Arne on 26.02.2014 at 21:18:39,26.
Microsoft Windows 8.1 6.3.9600  x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Arne\Desktop\zoek.exe [Scan all users] [Script inserted] 

==== System Restore Info ======================

26.02.2014 21:19:43 Zoek.exe System Restore Point Created Succesfully.

==== Creating Sample__2124.zip ======================
 
Process C:\ProgramData\dlprotect.exe killed
Copied file C:\ProgramData\dlprotect.exe to sample\dlprotect.exe
sample\dlprotect.exe renamed to 405086033107E126371536FB5E558B50

C:\Users\Public\Desktop\sample__2124.zip created successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3618723849-957968867-3517943685-1002\Software\Microsoft\Internet Explorer\SearchScopes\{4455EFFD-ECB5-4DAA-8F7F-A15BD268FB38} deleted successfully
HKEY_USERS\S-1-5-21-3618723849-957968867-3517943685-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} deleted successfully
HKEY_USERS\S-1-5-21-3618723849-957968867-3517943685-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{41564952-412D-5637-00A7-7A786E7484D7} deleted successfully
HKEY_USERS\S-1-5-21-3618723849-957968867-3517943685-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{41564952-412D-5637-00A7-7A786E7484D7} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{11111111-1111-1111-1111-110511251148} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511251148} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-00A7-7A786E7484D7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{41564952-412D-5637-00A7-7A786E7484D7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{41564952-412D-5637-00A7-7A786E7484D7} deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\APNMCP deleted successfully

==== FireFox Fix ======================

Deleted from C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\g6879v7n.default\prefs.js:

Added to C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\g6879v7n.default\prefs.js:

Deleted from C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}\prefs.js:

Added to C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\g6879v7n.default

user.js not found
---- FireFox user.js and prefs.js backups ---- 

prefs__2125_.backup

ProfilePath: C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}

user.js not found
---- FireFox user.js and prefs.js backups ---- 


==== Deleting Files \ Folders ======================

C:\ProgramData\Acer PicEvermore deleted
C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted
C:\PROGRA~2\AskPartnerNetwork deleted
C:\ProgramData\AskPartnerNetwork deleted
C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\g6879v7n.default\foxydeal.sqlite deleted
C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}\extensions\staged deleted
C:\ProgramData\dlprotect.exe deleted
C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\g6879v7n.default\extensions\d3339536-cdf9-444a-b529-160714835cb8@52bed7c4-5816-4cf8-b479-2c341232cd59.com deleted
"C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}\extensions\toolbar_AVIRA-V7@apn.ask.com.xpi" deleted

==== Firefox Extensions ======================

ProfilePath: C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\g6879v7n.default
- ProxTube - Gesperrte YouTube Videos entsperren - %ProfilePath%\extensions\ich@maltegoetz.de
- Adblock Plus Pop-up Addon - %ProfilePath%\extensions\adblockpopups@jessehakanen.net.xpi
- Turn Off the Lights - %ProfilePath%\extensions\stefanvandamme@stefanvd.net.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

ProfilePath: C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}
- ResultsAlpha - %ProfilePath%\extensions\{f727685b-ed90-4adc-8eec-8234574a91e6}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\g6879v7n.default
2557FBC582910A71CDEB0F22886D118D	- C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll -	Shockwave Flash


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
aaaaacalgebmfelllfiaoknifldpngjh - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx[]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://acer13.msn.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://acer13.msn.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

Nothing found to reset

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VIS deleted successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Arne\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Arne\AppData\Local\Mozilla\Firefox\Profiles\g6879v7n.default\Cache emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=297 folders=75 34584903 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\Arne\AppData\Local\Temp  will be emptied at reboot
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\Arne\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 26.02.2014 at 21:29:20,66 ======================
         

Servus,

Zitat:

Zitat von mondyoshi

Avira geht jetzt wieder und hat direkt mal " TR/Agent.1284608.7 " in zoek.exe gefunden. ist das normal oder habe ich jetzt noch ein Problem?

das ist ein Fehlalarm von Avira, kannst du ignorieren, Zoek.exe ist ja eines unserer Bereinigungstools.




Wir spüren die letzten Reste auf, damit wir sie später entfernen können:





Schritt 1
Kontrollscan mit FRST
Führe wie zuvor beschrieben einen Scan mit FRST aus.
Setze dazu eine Haken bei Addition.txt rechts unten und klicke auf Scan.
Es werden wieder zwei Logdateien erzeugt. Poste mir diese.





Schritt 2
Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)

• Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
• Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
  
  
  

  Code: Alles auswählenAufklappen

  ATTFilter

  :regfind
  Plus-HD
  ResultsAlpha
  VIS
           

• Klicke nun auf den Button Look, um den Scan zu starten.
• Der Suchlauf kann einige Zeit dauern.
• Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
• Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.

Gibt es noch Probleme mit Malware? Wenn ja, welche?
Wie läuft der Rechner derzeit?





Bitte poste mit deiner nächsten Antwort

• die beiden Logdateien von FRST,
• die Logdatei von SystemLook,
• die Beantwortung der gestellten Fragen.