| |
| |||||||
Log-Analyse und Auswertung: Windows XP: Deinstallation von SpeedUpMyComputer / FixMyRegistryWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
15.08.2014, 01:05
| #8 |
| |  Windows XP: Deinstallation von SpeedUpMyComputer / FixMyRegistry Hallo Mathias, ich habe den Schritt "Reste Entfernen" & 3 letzten Schritte durchgeführt. Komme wohl etwas spät mit meiner Antwort zurück -musste dringend 2 andere Themen abarbeiten. Sorry! Bemerkung: - habe FRST nochmals installiert, um ein FixLog-file zu erstellen, da DelFix das eigentl. FixLog glöscht hat. - DelFix habe ich nochmals laufen lassen, um das FRST zu löschen. ((das tönt ziemlich blöde, aber ich will diesen Thread für mich & Kollegen aufbewahren, um zu zeigen, wie viel Arbeite drinne stecken um MalWare zu entfernen)) Bemerkung Schritt 3: ich bin überaus dankbar für die Angaben bzgl. Anti-Viren-Progr. & zusätzl. Schutz & Performance, etc. Secunia-Online-SW werde ich auf den Win-XP installieren um zu schauen wie verwundbar der PC ist. Nächste Woche installiere ich Win 8.1 (Harddisk wird formatiert) und werde mir dann die empfohlenen Progr. installieren --> LETZTE FRAGE: genügt mir Avast! oder Microsoft Security Essentials oder muss ich mir eines der bekannten VirenProgr. kaufen, Norton etc.? ...und nun ein riesen Dankeschön! Ich werde spenden. Ich glaube, ihr wisst nicht, welch gross Hilfe ihr den Leuten seit! Unglaublich! Ich bin oft im Internet unterwegs, solche Boards sind sehr selten! Überall wird man nur abgezogen -- v.a. wenn man etwas Zusatzinformationen haben will -- bzgl. Free-Ware &Hilfe ist "File Pony" ne echte Alternative! Vielen DANK! Reste Entfernen FixLog, mit FRST (nochmals installiert, nachdem DelFix das vorherige FixLog-file gelöscht hatte) Zitat Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:14-08-2014 02
Ran by Administrator at 2014-08-15 00:40:28 Run:1
Running from C:\Documents and Settings\Administrator\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
C:\Documents and Settings\Administrator\Desktop\USB-Stick\registrybooster.exe
C:\Documents and Settings\Administrator\Desktop\USB-Stick\RegistryReviverSetup.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\sfa_inst.exe
C:\Documents and Settings\Administrator\My Documents\07_IT\DBX Opener outlook express\registrybooster.exe
C:\Documents and Settings\Administrator\My Documents\07_IT\DBX Opener outlook express\RegistryReviverSetup.exe
C:\Documents and Settings\Administrator\My Documents\07_IT\isobuste mir2\isobuster_all_lang.exe
C:\Documents and Settings\Administrator\My Documents\07_IT\isobuster\isobuster_all_lang.exe
C:\Documents and Settings\Administrator\My Documents\07_IT\WinZip\WinZip175.exe
C:\Documents and Settings\user1.DEBRECEN\My Documents\07_IT\dl-openfreely-base.exe
C:\Documents and Settings\user1.DEBRECEN\My Documents\07_IT\DBX opener - outlook express\registrybooster.exe
C:\Documents and Settings\user1.DEBRECEN\My Documents\07_IT\DBX opener - outlook express\RegistryReviverSetup.exe
C:\WINDOWS\Installer\91f6ea.msi
C:\WINDOWS\Installer\MSI4C.tmp-
C:\WINDOWS\Installer\MSI5A.tmp-
C:\WINDOWS\Installer\MSI75.tmp-
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
DeleteKey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\SmartTweak Software
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\FixMyRegistry.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644174452}
EmptyTemp:
end
*****************
"C:\Documents and Settings\Administrator\Desktop\USB-Stick\registrybooster.exe" => File/Directory not found.
"C:\Documents and Settings\Administrator\Desktop\USB-Stick\RegistryReviverSetup.exe" => File/Directory not found.
"C:\Documents and Settings\Administrator\Local Settings\Temp\sfa_inst.exe" => File/Directory not found.
"C:\Documents and Settings\Administrator\My Documents\07_IT\DBX Opener outlook express\registrybooster.exe" => File/Directory not found.
"C:\Documents and Settings\Administrator\My Documents\07_IT\DBX Opener outlook express\RegistryReviverSetup.exe" => File/Directory not found.
"C:\Documents and Settings\Administrator\My Documents\07_IT\isobuste mir2\isobuster_all_lang.exe" => File/Directory not found.
"C:\Documents and Settings\Administrator\My Documents\07_IT\isobuster\isobuster_all_lang.exe" => File/Directory not found.
"C:\Documents and Settings\Administrator\My Documents\07_IT\WinZip\WinZip175.exe" => File/Directory not found.
"C:\Documents and Settings\user1.DEBRECEN\My Documents\07_IT\dl-openfreely-base.exe" => File/Directory not found.
"C:\Documents and Settings\user1.DEBRECEN\My Documents\07_IT\DBX opener - outlook express\registrybooster.exe" => File/Directory not found.
"C:\Documents and Settings\user1.DEBRECEN\My Documents\07_IT\DBX opener - outlook express\RegistryReviverSetup.exe" => File/Directory not found.
"C:\WINDOWS\Installer\91f6ea.msi" => File/Directory not found.
"C:\WINDOWS\Installer\MSI4C.tmp-" => File/Directory not found.
"C:\WINDOWS\Installer\MSI5A.tmp-" => File/Directory not found.
"C:\WINDOWS\Installer\MSI75.tmp-" => File/Directory not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A} => Key not found.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\SmartTweak Software => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\FixMyRegistry.exe => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644174452} => Key not found.
EmptyTemp: => Removed 56 MB temporary data.
The system needed a reboot.
==== End of Fixlog ====
Ursprüngliche DelFix-Log (weiter unten das zweite DelFix, steht viel weniger drinne) Zitat Code:
ATTFilter # DelFix v10.8 - Logfile created 14/08/2014 at 18:31:36
# Updated 29/07/2014 by Xplode
# Username : Administrator - DEBRECEN
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
~ Removing disinfection tools ...
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Documents and Settings\Administrator\Desktop\FRST-OlderVersion
Deleted : C:\Documents and Settings\Administrator\Desktop\Addition.txt
Deleted : C:\Documents and Settings\Administrator\Desktop\AdwCleaner[R0].txt
Deleted : C:\Documents and Settings\Administrator\Desktop\AdwCleaner[R1].txt
Deleted : C:\Documents and Settings\Administrator\Desktop\AdwCleaner[S0].txt
Deleted : C:\Documents and Settings\Administrator\Desktop\adwcleaner_3.304.exe
Deleted : C:\Documents and Settings\Administrator\Desktop\Defogger.exe
Deleted : C:\Documents and Settings\Administrator\Desktop\defogger_disable.log
Deleted : C:\Documents and Settings\Administrator\Desktop\defogger_enable.log
Deleted : C:\Documents and Settings\Administrator\Desktop\esetsmartinstaller_deu.exe
Deleted : C:\Documents and Settings\Administrator\Desktop\Fixlog.txt
Deleted : C:\Documents and Settings\Administrator\Desktop\FRST.exe
Deleted : C:\Documents and Settings\Administrator\Desktop\FRST.txt
Deleted : C:\Documents and Settings\Administrator\Desktop\log ESET.txt
Deleted : C:\Documents and Settings\Administrator\Desktop\SecurityCheck.exe
Deleted : C:\Documents and Settings\Administrator\Desktop\SystemLook.exe
Deleted : C:\Documents and Settings\Administrator\Desktop\SystemLook.txt
Deleted : HKLM\SOFTWARE\AdwCleaner
~ Creating registry backup ... OK
~ Cleaning system restore ...
Deleted : RP #130 [System Checkpoint | 05/29/2014 21:20:42]
Deleted : RP #131 [Software Distribution Service 3.0 | 05/29/2014 22:11:42]
Deleted : RP #132 [Software Distribution Service 3.0 | 06/11/2014 20:07:54]
Deleted : RP #133 [Software Distribution Service 3.0 | 07/11/2014 19:00:16]
Deleted : RP #134 [System Checkpoint | 08/01/2014 04:48:51]
Deleted : RP #135 [Removed HP Performance Tuning Framework | 08/01/2014 13:53:01]
Deleted : RP #136 [Installed HP Performance Tuning Framework | 08/01/2014 13:53:07]
Deleted : RP #137 [Installed HP Performance Advisor | 08/01/2014 14:12:14]
Deleted : RP #138 [System Checkpoint | 08/03/2014 18:56:49]
Deleted : RP #139 [System Checkpoint | 08/05/2014 23:13:13]
Deleted : RP #140 [System Checkpoint | 08/07/2014 17:34:59]
Deleted : RP #141 [System Checkpoint | 08/08/2014 18:09:39]
Deleted : RP #142 [System Checkpoint | 08/09/2014 21:12:29]
Deleted : RP #143 [Removed ATI Catalyst Control Center | 08/10/2014 00:15:15]
Deleted : RP #144 [Free Driver Scout | 08/10/2014 03:02:34]
Deleted : RP #145 [Free Driver Scout | 08/10/2014 03:05:38]
Deleted : RP #146 [Removed Shopop | 08/10/2014 03:39:40]
Deleted : RP #147 [Removed Microsoft Silverlight | 08/10/2014 04:16:13]
Deleted : RP #148 [System Checkpoint | 08/11/2014 11:32:39]
Deleted : RP #149 [System Checkpoint | 08/12/2014 11:44:35]
Deleted : RP #150 [Removed Java(TM) 6 Update 13 | 08/14/2014 15:27:44]
Deleted : RP #151 [Removed Java(TM) 6 Update 13 | 08/14/2014 16:12:40]
Deleted : RP #152 [Installed Java 7 Update 67 | 08/14/2014 16:17:26]
New restore point created !
~ Resetting system settings ... OK
########## - EOF - ##########
Zitat Code:
ATTFilter # DelFix v10.8 - Logfile created 15/08/2014 at 01:06:37
# Updated 29/07/2014 by Xplode
# Username : Administrator - DEBRECEN
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
~ Removing disinfection tools ...
~ Creating registry backup ... OK
~ Cleaning system restore ...
Deleted : RP #130 [System Checkpoint | 08/14/2014 23:01:13]
Deleted : RP #131 [Software Distribution Service 3.0 | 08/14/2014 23:01:13]
Deleted : RP #132 [Software Distribution Service 3.0 | 08/14/2014 23:01:14]
Deleted : RP #133 [Software Distribution Service 3.0 | 08/14/2014 23:01:14]
Deleted : RP #134 [System Checkpoint | 08/14/2014 23:01:14]
Deleted : RP #135 [Removed HP Performance Tuning Framework | 08/14/2014 23:01:14]
Deleted : RP #136 [Installed HP Performance Tuning Framework | 08/14/2014 23:01:14]
Deleted : RP #137 [Installed HP Performance Advisor | 08/14/2014 23:01:14]
Deleted : RP #138 [System Checkpoint | 08/14/2014 23:01:14]
Deleted : RP #139 [System Checkpoint | 08/14/2014 23:01:14]
Deleted : RP #140 [System Checkpoint | 08/14/2014 23:01:14]
Deleted : RP #141 [System Checkpoint | 08/14/2014 23:01:14]
Deleted : RP #142 [System Checkpoint | 08/14/2014 23:01:14]
Deleted : RP #143 [Removed ATI Catalyst Control Center | 08/14/2014 23:01:14]
Deleted : RP #144 [Free Driver Scout | 08/14/2014 23:01:15]
Deleted : RP #145 [Free Driver Scout | 08/14/2014 23:01:15]
Deleted : RP #146 [Removed Shopop | 08/14/2014 23:01:15]
Deleted : RP #147 [Removed Microsoft Silverlight | 08/14/2014 23:01:15]
Deleted : RP #148 [System Checkpoint | 08/14/2014 23:01:15]
Deleted : RP #149 [System Checkpoint | 08/14/2014 23:01:15]
Deleted : RP #150 [Removed Java(TM) 6 Update 13 | 08/14/2014 23:01:15]
Deleted : RP #151 [Removed Java(TM) 6 Update 13 | 08/14/2014 23:01:15]
Deleted : RP #152 [Installed Java 7 Update 67 | 08/14/2014 23:01:15]
Deleted : RP #153 [End of disinfection | 08/14/2014 23:01:16]
Deleted : RP #154 [End of disinfection | 08/14/2014 23:01:19]
New restore point created !
~ Resetting system settings ... OK
########## - EOF - ##########
|
Baum-Darstellung