| |
| |||||||
Log-Analyse und Auswertung: Mehrere Trojaner und Programme die nicht deinstallierbar sindWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
09.03.2017, 18:09
| #1 |
 |  Mehrere Trojaner und Programme die nicht deinstallierbar sind Hallo, ich hatte vorhin probiert legal meine Aktivierung von Windows wieder zu aktivieren. Da es unter normalen nicht klappte habe ich ein KMS Aktivator probiert, natürlich legal. Ich habe bei der Installation alles abgewählt, trotzdem ist nun lauter Zeug auf dem PC. Würde mich über jede Hilfe freuen. MalwareBytes hat einiges gefunden und gelöscht aber nicht alles. Code:
ATTFilter # AdwCleaner v6.044 - Logfile created 09/03/2017 at 17:54:42
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-03-09.1 [Local]
# Operating System : Windows 10 Pro (X64)
# Username : Waldemar - WALDI-PC
# Running from : D:\Downloads\adwcleaner_6.044.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support
***** [ Services ] *****
Service Found: 1a750e6d6536a7c4fc4214c17c769657
Service Found: 65e4a26e657dd4512eece1e1972269d3
Service Found: Lace514
Service Found: OtherSearch
***** [ Folders ] *****
Folder Found: C:\Users\Waldemar\AppData\Roaming\AppTrailers
Folder Found: C:\Users\Waldemar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppTrailers
Folder Found: C:\Program Files\¿ìѹ
***** [ Files ] *****
File Found: C:\WINDOWS\SysNative\drivers\65e4a26e657dd4512eece1e1972269d3.sys
File Found: C:\WINDOWS\SysNative\NetUtils2016.dll
File Found: C:\WINDOWS\SysNative\drivers\KuaiZipDrive.sys
File Found: C:\WINDOWS\SysNative\drivers\NetUtils2016.sys
File Found: C:\WINDOWS\SysNative\drivers\LACE_WPF_X64.SYS
File Found: C:\WINDOWS\SysNative\drivers\Lace_wpf_x64.sys
File Found: C:\END
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
Key Found: : \root\subscription\\ActiveScriptEventConsumer [ASEC]
***** [ Shortcuts ] *****
Shortcut infected: C:\Users\Waldemar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk ( hxxp://qtipr.com/ )
Shortcut infected: C:\Users\Waldemar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://qtipr.com/ )
Shortcut infected: C:\Users\Waldemar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk ( hxxp://qtipr.com/ )
Shortcut infected: C:\Users\Waldemar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Start Tor Browser.lnk ( hxxp://qtipr.com/ )
***** [ Scheduled Tasks ] *****
Task Found: YhtVPgD7Tn
***** [ Registry ] *****
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}
Key Found: HKU\S-1-5-21-3194967007-1620309685-884015564-1001\Software\WajIEnhance
Key Found: HKU\S-1-5-21-3194967007-1620309685-884015564-1001\Software\Interstatnogui
Key Found: HKU\S-1-5-21-3194967007-1620309685-884015564-1001\Software\AppDataLow\Software\AppTrailers
Key Found: HKCU\Software\WajIEnhance
Key Found: HKCU\Software\KuaiZip
Key Found: HKCU\Software\Interstatnogui
Key Found: HKCU\Software\AppDataLow\Software\AppTrailers
Key Found: HKLM\SOFTWARE\OtherSearch
Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OtherSearch
Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AppTrailers
Key Found: [x64] HKCU\Software\WajIEnhance
Key Found: [x64] HKCU\Software\KuaiZip
Key Found: [x64] HKCU\Software\Interstatnogui
Key Found: [x64] HKCU\Software\AppDataLow\Software\AppTrailers
Key Found: [x64] HKLM\SOFTWARE\HDWallpaper
Data Found: HKU\S-1-5-21-3194967007-1620309685-884015564-1001\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBHJwE4
Data Found: HKU\S-1-5-21-3194967007-1620309685-884015564-1001\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBHJwE4sVpJrnvY
Data Found: HKU\S-1-5-21-3194967007-1620309685-884015564-1001\Software\Microsoft\Internet Explorer\Main [Search Bar] - hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBHJwE4s
Data Found: HKU\S-1-5-21-3194967007-1620309685-884015564-1001\Software\Microsoft\Internet Explorer\Main [SearchAssistant] - hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBH
Data Found: HKU\S-1-5-21-3194967007-1620309685-884015564-1001\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] - hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaH
Data Found: HKU\S-1-5-21-3194967007-1620309685-884015564-1001\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBHJwE
Data Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBHJwE4sVpJrnvYEJqnDiOMymo6K87k1omCUXBp_TtzuHGBEHlF
Data Found: HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBHJwE4sVpJrnvYEJqnDiOMymo6K87k1omCUXBp_TtzuHGBEHlF0
Data Found: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBHJwE4sVpJrnvYEJqnDiOMymo6K87k1omCUXBp_TtzuHGBEHlF0WHU-pxXY
Data Found: HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar] - hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBHJwE4sVpJrnvYEJqnDiOMymo6K87k1omCUXBp_TtzuHGBEHlF0W
Data Found: HKCU\Software\Microsoft\Internet Explorer\Main [SearchAssistant] - hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBHJwE4sVpJrnvYEJqnDiOMymo6K87k1omCUXBp_TtzuHGBE
Data Found: HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] - hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBHJwE4sVpJrnvYEJqnDiOMymo6K87k1omCUXBp_Ttz
Data Found: HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBHJwE4sVpJrnvYEJqnDiOMymo6K87k1omCUXBp_TtzuHGBEHlF
Data Found: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBHJwE4sVpJrnvYEJqnDiOMymo6K87k1omCUXBp_TtzuHGBEHl
Data Found: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBHJwE4sVpJrnvYEJqnDiOMymo6K87k1omCUXBp_TtzuHGBEHlF0WHU-px
Data Found: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar] - hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBHJwE4sVpJrnvYEJqnDiOMymo6K87k1omCUXBp_TtzuHGBEHlF
Data Found: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [SearchAssistant] - hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBHJwE4sVpJrnvYEJqnDiOMymo6K87k1omCUXBp_TtzuHG
Data Found: [x64] HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] - hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBHJwE4sVpJrnvYEJqnDiOMymo6K87k1omCUXBp_T
Data Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBHJwE4sVpJrnvYEJqnDiOMymo6K87k1omCUXBp_TtzuHGBEH
Value Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cmptch.com
Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\coupontime.co
Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\static.cmptch.com
Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\static.coupontime00.coupontime.co
Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\utop.it
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cmptch.com
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\coupontime.co
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\static.cmptch.com
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\static.coupontime00.coupontime.co
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\utop.it
Value Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [AppTrailers]
Key Found: HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9
***** [ Web browsers ] *****
Firefox pref Found: [C:\Users\Waldemar\AppData\Roaming\Mozilla\Firefox\Profiles\e5v54rmq.default\prefs.js] - "browser.newtab.url" - "C:\\ProgramData\\Singdaxs\\ff.NT"
Firefox pref Found: [C:\Users\Waldemar\AppData\Roaming\Mozilla\Firefox\Profiles\e5v54rmq.default\prefs.js] - "browser.search.defaultenginename" - "trotux"
Firefox pref Found: [C:\Users\Waldemar\AppData\Roaming\Mozilla\Firefox\Profiles\e5v54rmq.default\prefs.js] - "browser.search.searchengine.hp" - "hxxp://www.trotux.com/?z=4ef8938f045979c839f27c8gczeb0t3ebmeq2z2wdt&from=am
Firefox pref Found: [C:\Users\Waldemar\AppData\Roaming\Mozilla\Firefox\Profiles\e5v54rmq.default\prefs.js] - "browser.search.searchengine.sp" - "hxxp://www.trotux.com/search/?from=amz&q={searchTerms}&type=sp&uid=SAMSUNGX
Firefox pref Found: [C:\Users\Waldemar\AppData\Roaming\Mozilla\Firefox\Profiles\e5v54rmq.default\prefs.js] - "browser.search.searchengine.url" - "hxxp://www.trotux.com/search/?from=amz&q={searchTerms}&type=sp&uid=SAMSUNG
Firefox pref Found: [C:\Users\Waldemar\AppData\Roaming\Mozilla\Firefox\Profiles\e5v54rmq.default\prefs.js] - "browser.search.selectedEngine" - "trotux"
Firefox pref Found: [C:\Users\Waldemar\AppData\Roaming\Mozilla\Firefox\Profiles\e5v54rmq.default\prefs.js] - "browser.startup.homepage" - "C:\\ProgramData\\Singdaxs\\ff.HP"
No malicious Chromium based browser items found.
*************************
Geändert von sill (09.03.2017 um 18:17 Uhr) |
| Themen zu Mehrere Trojaner und Programme die nicht deinstallierbar sind |
| aktiviere, aktivierung, askbar, chromium, freue, gefunde, gelöscht, hilfe, installation, launch, lauter, legal, mehrere, mehrere trojaner, natürlich, nicht, normale, normalen, probiert, programme, troja, trojaner, unter, windows |
Baum-Darstellung