Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Einige Viren/Maleware oder ähnliches lassen sich nicht entfernen

Einige Viren/Maleware oder ähnliches lassen sich nicht entfernen


Log-Analyse und Auswertung: Einige Viren/Maleware oder ähnliches lassen sich nicht entfernen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 18.08.2016, 14:34   #1
swissair
 
Einige Viren/Maleware oder ähnliches lassen sich nicht entfernen - Standard

Einige Viren/Maleware oder ähnliches lassen sich nicht entfernen


Im Abgesicherten Modus hat es geklapp
Code:
ATTFilter
# AdwCleaner v6.000 - Logfile created 18/08/2016 at 12:17:57
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-08-15.2 [Local]
# Operating System : Windows 10 Home  (X64)
# Username : Daniel - DANIEL
# Running from : C:\Users\Daniel\Desktop\adwcleaner_6.000.exe
# Mode: Clean
# Support : https://toolslib.net/forum



***** [ Services ] *****

[!] Service not deleted: UCGuard
[!] Service not deleted: KuaiZipDrive
[!] Service not deleted: KuaizipUpdateChecker
[!] Service not deleted: ziphost


***** [ Folders ] *****

[#] Folder deleted on reboot: C:\Users\Daniel\AppData\Roaming\GrabPro
[#] Folder deleted on reboot: C:\Users\Daniel\AppData\Roaming\ProgSense
[#] Folder deleted on reboot: C:\Users\Daniel\AppData\Roaming\Kuaizip
[#] Folder deleted on reboot: C:\Users\Daniel\AppData\Roaming\KuaiZip
[#] Folder deleted on reboot: C:\Users\Daniel\AppData\Roaming\Softlink
[#] Folder deleted on reboot: C:\Program Files\Caster
[#] Folder deleted on reboot: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Compress
[#] Folder deleted on reboot: C:\Program Files (x86)\orbitdownloader
[#] Folder deleted on reboot: C:\Program Files (x86)\WeatherChickn
[#] Folder deleted on reboot: C:\Program Files (x86)\DPower
[#] Folder deleted on reboot: C:\Users\Daniel\AppData\Local\app
[#] Folder deleted on reboot: C:\Program Files (x86)\host
[#] Folder deleted on reboot: C:\Program Files (x86)\DPower


***** [ Files ] *****

[#] File deleted: C:\Users\Daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\MaohaWiFi.lnk
[#] File deleted: C:\WINDOWS\SysNative\drivers\ucguard.sys
[#] File deleted: C:\WINDOWS\SysNative\drivers\KuaiZipDrive.sys
[-] File deleted: C:\END


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML
[-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.CRX
[-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.HTM
[-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.HTML
[-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.MHT
[-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.SHTM
[-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.SHTML
[-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.WEBP
[-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.XHT
[-] Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.XHTML
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.001
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.002
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.003
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.004
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.005
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.006
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.007
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.008
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.009
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.01
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.010
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.011
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.012
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.013
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.014
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.015
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.016
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.017
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.018
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.019
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.02
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.020
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.021
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.022
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.023
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.024
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.025
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.026
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.027
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.028
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.029
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.03
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.030
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.031
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.032
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.033
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.034
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.035
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.036
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.037
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.038
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.039
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.04
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.040
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.041
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.042
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.043
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.044
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.045
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.046
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.047
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.048
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.049
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.05
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.050
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.051
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.052
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.053
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.054
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.055
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.056
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.057
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.058
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.059
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.06
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.060
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.061
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.062
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.063
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.064
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.065
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.066
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.067
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.068
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.069
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.07
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.070
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.071
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.072
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.073
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.074
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.075
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.076
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.077
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.078
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.079
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.08
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.080
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.081
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.082
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.083
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.084
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.085
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.086
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.087
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.088
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.089
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.09
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.090
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.091
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.092
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.093
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.094
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.095
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.096
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.097
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.098
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.099
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.7z
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.arj
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.bz2
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.cab
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.gz
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.gzip
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.jar
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.kz
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.lzh
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.mou
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.rar
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.rpm
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.tar
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.tbz
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.tgz
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.wim
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.z
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.zip
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount.ape
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount.bin
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount.ccd
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount.cue
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount.flac
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount.iso
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount.isz
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount.mdf
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount.mds
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount.nrg
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount.vcd
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount.wv
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount_FileAsso.Origin
[-] Key deleted: HKLM\SOFTWARE\Classes\KuaiZip_FileAsso.Origin
[-] Key deleted: HKLM\SOFTWARE\Classes\QZipShell.ContextMenuExt
[-] Key deleted: HKLM\SOFTWARE\Classes\QZipShell.ContextMenuExt.1
[-] Key deleted: HKLM\SOFTWARE\Classes\QZipShell.DragDropMenu
[-] Key deleted: HKLM\SOFTWARE\Classes\QZipShell.DragDropMenu.1
[-] Key deleted: HKLM\SOFTWARE\Classes\QZipShell.KYDropHandler
[-] Key deleted: HKLM\SOFTWARE\Classes\QZipShell.KYDropHandler.1
[-] Key deleted: HKLM\SOFTWARE\Classes\QZipShell.KzShlobj
[-] Key deleted: HKLM\SOFTWARE\Classes\QZipShell.KzShlobj.1
[-] Key deleted: HKLM\SOFTWARE\Classes\QZipShell.PropertyExt
[-] Key deleted: HKLM\SOFTWARE\Classes\QZipShell.PropertyExt.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ZipTool_FileAsso.Origin
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\CLSID\{2FB831EA-DA68-4A66-8E31-A2D976A6296C}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\CLSID\{3DCCD550-7586-40D2-A51D-D2F98EC06B3C}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\CLSID\{6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\CLSID\{AAA0C5B8-933F-4200-93AD-B143D7FFF9F2}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\CLSID\{C9487131-EF4C-40D9-BA70-E85356CAF67E}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\CLSID\{7B286609-DA97-47E1-AC6B-33B8B4732C95}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\CLSID\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{9CC34070-3A38-4C7A-89CB-EF8177EF07A1}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{000123B4-9B42-4900-B3F7-F4B073EFC214}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3F1D494B-0CEF-4468-96C9-386E2E4DEC90}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{7854F00C-DC77-477E-A10E-603F48442D3B}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{A0880527-DC28-4EBB-BA27-D22102F22A9F}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{BCDDE143-FAE3-4C57-B22B-C4E8678CFDC0}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{86C4C3BA-4EA4-4CF8-98B9-6B07B477B835}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000123B4-9B42-4900-B3F7-F4B073EFC214}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C55BBCD6-41AD-48AD-9953-3609C48EACC7}]
[-] Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C55BBCD6-41AD-48AD-9953-3609C48EACC7}]
[-] Key deleted: HKU\.DEFAULT\Software\OCS
[-] Key deleted: HKU\.DEFAULT\Software\KuaiZip
[-] Key deleted: HKU\S-1-5-21-251479876-2616908072-677848422-1002\Software\IM
[-] Key deleted: HKU\S-1-5-21-251479876-2616908072-677848422-1002\Software\OCS
[-] Key deleted: HKU\S-1-5-21-251479876-2616908072-677848422-1002\Software\Orbit
[-] Key deleted: HKU\S-1-5-21-251479876-2616908072-677848422-1002\Software\ProgSense
[-] Key deleted: HKU\S-1-5-21-251479876-2616908072-677848422-1002\Software\csastats
[-] Key deleted: HKU\S-1-5-21-251479876-2616908072-677848422-1002\Software\INSTALLPATH\STATUS
[-] Key deleted: HKU\S-1-5-21-251479876-2616908072-677848422-1002\Software\UCBrowser
[-] Key deleted: HKU\S-1-5-21-251479876-2616908072-677848422-1002\Software\UCBrowserPID
[-] Key deleted: HKU\S-1-5-21-251479876-2616908072-677848422-1002\Software\AutoTime
[-] Key deleted: HKU\S-1-5-21-251479876-2616908072-677848422-1002\Software\KuaiZip
[-] Key deleted: HKU\S-1-5-21-251479876-2616908072-677848422-1002\Software\SNDA
[-] Key deleted: HKU\S-1-5-21-251479876-2616908072-677848422-1002\Software\KuaiZipSFX
[-] Key deleted: HKU\S-1-5-21-251479876-2616908072-677848422-1002\Software\ZipTool
[-] Key deleted: HKU\S-1-5-21-251479876-2616908072-677848422-1002\Software\Maoha
[#] Key deleted on reboot: HKU\S-1-5-18\Software\OCS
[#] Key deleted on reboot: HKU\S-1-5-18\Software\KuaiZip
[#] Key deleted on reboot: HKCU\Software\IM
[#] Key deleted on reboot: HKCU\Software\OCS
[#] Key deleted on reboot: HKCU\Software\Orbit
[#] Key deleted on reboot: HKCU\Software\ProgSense
[#] Key deleted on reboot: HKCU\Software\csastats
[#] Key deleted on reboot: HKCU\Software\INSTALLPATH\STATUS
[#] Key deleted on reboot: HKCU\Software\UCBrowser
[#] Key deleted on reboot: HKCU\Software\UCBrowserPID
[#] Key deleted on reboot: HKCU\Software\AutoTime
[#] Key deleted on reboot: HKCU\Software\KuaiZip
[#] Key deleted on reboot: HKCU\Software\SNDA
[#] Key deleted on reboot: HKCU\Software\KuaiZipSFX
[#] Key deleted on reboot: HKCU\Software\ZipTool
[#] Key deleted on reboot: HKCU\Software\Maoha
[-] Key deleted: HKLM\SOFTWARE\Orbit
[-] Key deleted: HKLM\SOFTWARE\{E6276374-DE18-4AA5-A365-9016A2F98A2D}
[-] Key deleted: HKLM\SOFTWARE\UCBrowser
[-] Key deleted: HKLM\SOFTWARE\UCBrowserPID
[-] Key deleted: HKLM\SOFTWARE\ZipTool
[-] Key deleted: HKLM\SOFTWARE\Maoha
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\bestpriceninja.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\foxi69.tlscdn.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\piroga.space
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pstatic.bestpriceninja.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\terraclicks.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\tlscdn.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.terraclicks.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\bestpriceninja.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\foxi69.tlscdn.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\piroga.space
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pstatic.bestpriceninja.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\terraclicks.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\tlscdn.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.terraclicks.com
[-] Value deleted: HKU\S-1-5-21-251479876-2616908072-677848422-1002\Software\Microsoft\Windows\CurrentVersion\Run [QGuan10in1]
[#] Value deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [QGuan10in1]
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Download by Orbit
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Grab video by Orbit
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\MenuExt\Do&wnload selected by Orbit
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\MenuExt\Down&load all by Orbit
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\jZipShell.DLL
[-] Key deleted: HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\UCBrowser.exe
[-] Value deleted: HKLM\SOFTWARE\RegisteredApplications [UCBrowser]
[-] Key deleted: HKLM\SOFTWARE\Microsoft\MediaPlayer\ShimInclusionList\UCBrowser.exe
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [kuaizipupdatesvc]
[-] Key deleted: HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\JZipShlExt
[-] Key deleted: HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\JZipShlExt
[-] Key deleted: HKLM\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\KuaiZipShlExt
[-] Key deleted: HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\KuaiZipShlExt
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\QZipShell.DLL


***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared
:: Proxy settings cleared
:: IE policies deleted
:: Chrome policies deleted

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [430 Bytes] - [02/08/2016 16:10:05]
C:\AdwCleaner\AdwCleaner[C2].txt - [430 Bytes] - [02/08/2016 16:35:35]
C:\AdwCleaner\AdwCleaner[C3].txt - [384 Bytes] - [05/08/2016 15:28:52]
C:\AdwCleaner\AdwCleaner[C4].txt - [20701 Bytes] - [18/08/2016 12:17:57]
C:\AdwCleaner\AdwCleaner[S1].txt - [6329 Bytes] - [05/06/2016 12:32:05]
C:\AdwCleaner\AdwCleaner[S2].txt - [18442 Bytes] - [02/08/2016 00:33:00]
C:\AdwCleaner\AdwCleaner[S3].txt - [18588 Bytes] - [02/08/2016 16:29:56]
C:\AdwCleaner\AdwCleaner[S4].txt - [23323 Bytes] - [05/08/2016 15:25:22]
C:\AdwCleaner\AdwCleaner[S5].txt - [403 Bytes] - [12/08/2016 17:10:14]
C:\AdwCleaner\AdwCleaner[S6].txt - [16865 Bytes] - [13/08/2016 13:49:23]
C:\AdwCleaner\AdwCleaner[S7].txt - [17214 Bytes] - [15/08/2016 21:37:09]
C:\AdwCleaner\AdwCleaner[S8].txt - [19761 Bytes] - [18/08/2016 12:04:08]

########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt - [21364 Bytes] ##########
ESET hat einiges gefunden. Nachdem der Scan fertig war, klickte ich einfach uf weiter und beenden, etwas anderes hat es gar nicht gegeben. Soll ich ihn nochmals laufen lassen?
Anti Rootkit werde ich gleich ausführen.

Noch eine kleine andere Frage. Ich weiss nicht ob es irgend einen Zusammenhang hat. Aber neuerdings funktioniert die Windows 10 Suche nur noch ab und zu. Wenn ich etwas eingebe sucht er und sucht aber kommt zu keinem Ergebnis. Und wenn ich beim Computer auf Ausschalten drücke fährt er nicht herunter sondern meldet sich nur ab. Beides kommt seit der Infektion vor. Weisst du da zufälligerweise auch gleich eine Lösung?

Rootkit hat nichts mehr gefunden
Hier das Protokoll

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2016.08.18.02
  rootkit: v2016.08.15.01

Windows 10 x64 NTFS
Internet Explorer 11.0.10240.17071
Daniel :: DANIEL [administrator]

18.08.2016 12:51:51
mbar-log-2016-08-18 (12-51-51).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 427203
Time elapsed: 2 hour(s), 38 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Alt 18.08.2016, 15:15   #2
Aneri
/// Malwareteam
 
Einige Viren/Maleware oder ähnliches lassen sich nicht entfernen - Standard

Einige Viren/Maleware oder ähnliches lassen sich nicht entfernen


Hi,

ESET löscht nicht automatisch. Solange der Schalter fürs löschen nichtgesetzt ist macht er nichts außer dem scannen.Falls das ESET Logfile nicht auftaucht , lass es noch einmal laufen, und setze den Haken bei löschen.

Schau bitte nochmal nach dem Logfile, es muss da sein.

Zitat:
Noch eine kleine andere Frage. Ich weiss nicht ob es irgend einen Zusammenhang hat. Aber neuerdings funktioniert die Windows 10 Suche nur noch ab und zu. Wenn ich etwas eingebe sucht er und sucht aber kommt zu keinem Ergebnis. Und wenn ich beim Computer auf Ausschalten drücke fährt er nicht herunter sondern meldet sich nur ab. Beides kommt seit der Infektion vor. Weisst du da zufälligerweise auch gleich eine Lösung?
Das können wir und im Anschluss anschauen oder du fragst dazu in unserer Windows Ecke nach Rat.
__________________

__________________
Alt 24.08.2016, 11:57   #3
Aneri
/// Malwareteam
 
Einige Viren/Maleware oder ähnliches lassen sich nicht entfernen - Standard

Einige Viren/Maleware oder ähnliches lassen sich nicht entfernen


Zitat:
Zitat von swissair Beitrag anzeigen
Noch eine kleine andere Frage. Ich weiss nicht ob es irgend einen Zusammenhang hat. Aber neuerdings funktioniert die Windows 10 Suche nur noch ab und zu. Wenn ich etwas eingebe sucht er und sucht aber kommt zu keinem Ergebnis. Und wenn ich beim Computer auf Ausschalten drücke fährt er nicht herunter sondern meldet sich nur ab. Beides kommt seit der Infektion vor. Weisst du da zufälligerweise auch gleich eine Lösung?
Das hier habe ich überlesen tut mir leid
Frag dazu mal im Windows Forum nach. Ich hab da auf die schnelle keine Lösung.
__________________
__________________
Antwort

Themen zu Einige Viren/Maleware oder ähnliches lassen sich nicht entfernen
appdata, avira, c:\windows, cache, code, config, datei, defender, entfernen, files, install.exe, kuaizip, mac, maleware, malware, meldet, microsoft, programm, quarantäne, roaming, temp, test, tr/crypt.xpack.gen, tr/dropper.gen, trojan, uninstall.exe, virus, windows


« Msupdate und RarSFX0, Trojaner? | PC Cleaner Plus entfernen - Malwarebyte und AdwCleaner geben Bedrohungen gefunden aus »


Ähnliche Themen: Einige Viren/Maleware oder ähnliches lassen sich nicht entfernen


  1. Proxy server Problem: Einige Seiten lassen sich nicht öffnen
    Netzwerk und Hardware - 09.01.2015 (1)
  2. Einige Dateien und Programme lassen sich nicht öffnen, weil Side-by-Side Konfiguration ungültig ist.
    Alles rund um Windows - 24.11.2014 (5)
  3. Viren und Antispyware Programme lassen sich nicht mehr starten bzw. installieren
    Log-Analyse und Auswertung - 19.11.2014 (34)
  4. Windows 8.1: Nach Vieren befall lassen sich einige Programme nicht Installieren/öffnen
    Alles rund um Windows - 12.09.2014 (22)
  5. Windows 7: Virenscanner meldet Viren die sich nicht entfernen lassen
    Log-Analyse und Auswertung - 02.04.2014 (7)
  6. Einige Internetseiten lassen sich nicht öffnen und werden weiss angezeigt
    Plagegeister aller Art und deren Bekämpfung - 30.03.2013 (1)
  7. Suche Live-USB-Virenscanner oder ähnliches mit speicherbarer Viren-Definition
    Antiviren-, Firewall- und andere Schutzprogramme - 30.06.2012 (10)
  8. Viren lassen sich nicht entfernen oder werden nicht gefunden
    Plagegeister aller Art und deren Bekämpfung - 20.06.2011 (14)
  9. Nach einer Malware attacke lassen sich einige Programme nicht mehr updaten
    Plagegeister aller Art und deren Bekämpfung - 04.01.2011 (49)
  10. Einige Internetseiten lassen sich nicht öffnen (web.de,msn.de...)
    Log-Analyse und Auswertung - 31.05.2010 (2)
  11. Irgendwo viren oder ähnliches
    Log-Analyse und Auswertung - 02.08.2009 (0)
  12. Viren, die sich nicht finden lassen (wollen) ...
    Plagegeister aller Art und deren Bekämpfung - 16.05.2009 (5)
  13. nicht mal HiJack, oder Combo lassen sich starten
    Mülltonne - 22.11.2008 (0)
  14. Einige Internetseiten lassen sich nicht öffnen
    Plagegeister aller Art und deren Bekämpfung - 21.08.2008 (2)
  15. Hilfe hab 3 Viren oder ähnliches
    Log-Analyse und Auswertung - 24.02.2008 (12)
  16. Foren lassen sich nicht öffnen, Anti Viren Progs nicht installieren..
    Plagegeister aller Art und deren Bekämpfung - 02.07.2006 (1)
  17. Problem- Antivir findet viren, die sich nicht löschen lassen!
    Log-Analyse und Auswertung - 16.06.2005 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Einige Viren/Maleware oder ähnliches lassen sich nicht entfernen - Im Abgesicherten Modus hat es geklapp Code: Alles auswählen Aufklappen ATTFilter # AdwCleaner v6.000 - Logfile created 18/08/2016 at 12:17:57 # Updated on 12/08/2016 by ToolsLib # Database : 2016-08-15.2 - Einige Viren/Maleware oder ähnliches lassen sich nicht entfernen...
Archiv
Du betrachtest: Einige Viren/Maleware oder ähnliches lassen sich nicht entfernen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20