Jump to content

deeprybka

Experts
  • Content Count

    1,338
  • Joined

  • Last visited

Posts posted by deeprybka



  1. That's it! abklatsch.gif
    Your logs look clean to me at the moment.
    We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


    My help is free for everybody, however...
    If I have helped you fix your PC, then please consider donating to continue the fight against malware: btn_donate_SM.gif
    Thank you!


    Clean Upcleanupm.PNG

    Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

    1. You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
    2. Download delfix.pngDelFix (by Xplode) and save it to your Desktop.
      • Close all running programs and start delfix.exe.
      • Make sure that all available options are checked.
      • Click on Run
      • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
    3. If there is still something left you can delete it manually.


    Closing security holes

    Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.

    Tips

    I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.


  2. Hi,

    I don't think that the issue is caused by active malware.

    Please do the following to remove some adware remnants:

    Open Chrome and click the customize and control button ("3 streaks” icon or wrench icon in older versions).

    Select settings. In the On Startup section, click on Set Pages and delete the entries. Click Ok to save the changes. Please reboot your pc and check if the entries are gone.


  3. 18 hours ago, DeeRid said:

    Was removing them myself my big problem

    I don't think so, but for analytical purposes they were interesting. Let's do a final check up to make sure that no other malicious files are present:

    Step 1

    herdprotect.png

    Please download HerdProtect by Reason Software (portable edition) and save the file to your desktop.
    Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

    • Right-click on herdprotect-logo-200x200.png icon and select RunAsAdmin.jpg Run as Administrator to install the scanner.
    • It will ask for the location - leave the default one (%ProgramFiles%) or select another, convenient one.
    • Agree to the terms, select Launch herdProtect and click Finish.
    • Click Scan. It may take a while, depending on your system and connection specs. Please be patient.
    • When it finishes click on Save Results.
    • A Notepad with a report should open.


    Please include the contens of that report in your next reply.
    This type of scan often produces false positives. In any case do not remove on your own any of its findings! Removal will be made after the careful analysis of the scan results.
    Upon completion of the cleaning you may remove HerdProtect if you wish so. To do it just delete its directory (chosen by you when installing the tool).


  4. Hi David,

    please do the following:

    Step 1

    frst.pngfrstfix.png

    Press the w8.png + R on your keyboard at the same time. Type notepad and click OK.

    • Copy the entire content of the codebox below and paste into the notepad document:
      CloseProcesses:
      HKLM\...\Run: [garnett] => "C:\Program Files (x86)\pecs\procurator.exe"
      C:\Program Files (x86)\pecs
      C:\Program Files (x86)\colorado\
      HKLM-x32\...\Run: [treasure] => "C:\Program Files (x86)\pecs\procurator.exe"
      HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [] => 0
      HKU\S-1-5-21-814913500-3249027553-3533128871-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
      HKU\S-1-5-21-814913500-3249027553-3533128871-1000\...\Run: [duelling] => "C:\Program Files (x86)\pecs\procurator.exe"
      HKU\S-1-5-21-814913500-3249027553-3533128871-1000\...\Run: [rankle] => "C:\Program Files (x86)\pecs\procurator.exe"
      HKU\S-1-5-21-814913500-3249027553-3533128871-1000\...\Run: [textured] => "C:\Program Files (x86)\colorado\textured.exe"
      HKU\S-1-5-21-814913500-3249027553-3533128871-1000\...\Run: [vitale] => "C:\Program Files (x86)\pecs\procurator.exe"
      HKU\S-1-5-21-814913500-3249027553-3533128871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SpybotPostWindows10UpgradeReInstall] => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
      HKU\S-1-5-21-814913500-3249027553-3533128871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [duelling] => "C:\Program Files (x86)\pecs\procurator.exe"
      HKU\S-1-5-21-814913500-3249027553-3533128871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [rankle] => "C:\Program Files (x86)\pecs\procurator.exe"
      HKU\S-1-5-21-814913500-3249027553-3533128871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [textured] => "C:\Program Files (x86)\colorado\textured.exe"
      HKU\S-1-5-21-814913500-3249027553-3533128871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [vitale] => "C:\Program Files (x86)\pecs\procurator.exe"
      HKU\S-1-5-18\...\Run: [] => 0
      Startup: C:\Users\David Ridley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\widder.lnk [2016-10-20]
      BootExecute: autocheck autochk * sdnclean64.exe
      GroupPolicyScripts: Restriction
      GroupPolicyScripts\User: Restriction
      ManualProxies:
      HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction
      HKU\S-1-5-21-814913500-3249027553-3533128871-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction
      HKU\S-1-5-21-814913500-3249027553-3533128871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction
      SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
      SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
      SearchScopes: HKU\S-1-5-21-814913500-3249027553-3533128871-1000 -> DefaultScope {698F6A2D-C3E7-484B-8D05-CDA7FA68AE79} URL =
      SearchScopes: HKU\S-1-5-21-814913500-3249027553-3533128871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {698F6A2D-C3E7-484B-8D05-CDA7FA68AE79} URL =
      Toolbar: HKU\S-1-5-21-814913500-3249027553-3533128871-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
      Toolbar: HKU\S-1-5-21-814913500-3249027553-3533128871-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
      CHR StartupUrls: Default ->
      Task: {066CA2FD-2EEE-4567-A924-254F4360C182} - \{3B6B6946-268B-4AC2-A53F-34A3AD06FC7F} -> No File
      Task: {18B370CC-9F98-4110-BCB4-EFCE1044ABB4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File
      Task: {1D1B914A-B70A-4E7B-AF2B-AEF2D3A85150} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File
      Task: {2079B8DE-E268-4495-BC7E-46EFCE19D7C3} - \PDVDServ12 Task -> No File
      Task: {38CEB8BA-C652-4BBE-B9D8-68B7B07D0ECF} - \Hybrid -> No File
      Task: {4739AB92-8A29-41F6-9D20-DA05ED7393E9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File
      Task: {4A25F926-6845-4106-95EA-058CC24EAB37} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File
      Task: {5264A9B3-EF97-4C70-B882-89AC966D6249} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File
      Task: {610CB0AD-1785-45A6-A0E6-99B7BBD92312} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File
      Task: {6AF3FA41-5668-40D2-A3C4-139C1DBB02BD} - \{2B718C9E-6D7F-43FF-BFE0-151467B356CE} -> No File
      Task: {6D33EB5A-97B9-43DE-9D18-58D596B609CF} - \GoogleUpdateTaskMachineUA -> No File
      Task: {79FDB2BF-30D7-4D12-BD6A-7EDAD466045C} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File
      Task: {7F6A29EA-D5D7-46BD-80FE-EF92751C9514} - \Adobe Acrobat Update Task -> No File
      Task: {81C7A793-69A0-4F82-9F53-60C4C969B8F4} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File
      Task: {82EFB4BA-1671-4566-8FD3-ED4F69632B90} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File
      Task: {99414DB9-0F1E-4C40-A4E5-74E0B24F9E89} - \GoogleUpdateTaskMachineCore -> No File
      Task: {9FFBB102-ABA9-4A76-B917-BFE5371D620D} - \OneDrive Standalone Update Task -> No File
      Task: {A83BEC46-1879-42A7-B8A1-8078B502A71B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File
      Task: {ACF6FB99-40EE-4999-9B00-631B71984061} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File
      Task: {BB7901AA-970C-4491-813D-18026E59F0E9} - \Adobe Flash Player Updater -> No File
      Task: {F8647838-96CA-4502-B91D-4FD9EF931CE5} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File
      CMD: dir "%ProgramFiles%"
      CMD: dir "%ProgramFiles(x86)%"
      CMD: dir "%ProgramData%"
      CMD: dir "%Appdata%"
      CMD: dir "%LocalAppdata%"
      EmptyTemp:
      
    • Click File, Save As and type fixlist.txt as the File Name.


    Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

    • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
      (XP users click run after receipt of Windows Security Warning - Open File).
    • Press the Fix button just once and wait.
    • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    • When finished FRST will generate a log on the Desktop, called Fixlog.txt.


    Please post it to your reply.

     

     

     

     


  5. We make sure that the problem isn't caused by Malware.

    Step 1

    Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.

    • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
    • Start installer.pngwith administartor privileges.
    • Select the option Yes, I accept the Terms of Use and click on Start.
    • Choose the following settings:



    settings.png

    • Click on Start. The virus signature database will begin to download. This may take some time.
    • When completed the Online Scan will begin automatically.
      Note:This scan might take a long time! Please be patient.
    • When completed, click on Finish.
    • A log filelog.pngis created at logpath.png
      Copy and paste the content of this log file in your next reply.



    esetlog.png

    Note: Do not forget to re-enable your antivirus application after running the above scan!
    eset.gif

     


  6. Hi & :welcome:
    My name is Jürgen and I will be assisting you with your Malware related problems. medieval.gif

    Before we move on, please read the following points carefully. :excl:

    • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
    • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
    • Perform everything in the correct order. Sometimes one step requires the previous one.
    • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
    • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
    • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
    • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
    • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.


    P2P/Piracy Warning:

    • If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
    • Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
    • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

    Step 1

    v21logo.PNG

    Please download and install Malwarebytes Anti-Malware.

    • Please open Malwarebytes Anti-Malware and update the database.
    • Click "Settings" [1] and go to "Detection and Protection"[2]
    • Make sure "Scan for Rootkits" is checked.
    • Click on Dashboard [3], then click on Scan Now[4] to start the scan.
      :exclame:If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
      m21p.png
    • Click on "Remove Selected" [5].
    • Then click "Save Results"[6] and select
      m21p4.png


    • Return to our forum. Paste your log into your next reply and then click Finish[7].


    mbamv21.gif

     


  7. Hi & :welcome:

    My name is Jürgen and I will be assisting you with your Malware related problems. medieval.gif

    Before we move on, please read the following points carefully. :excl:

    • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
    • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
    • Perform everything in the correct order. Sometimes one step requires the previous one.
    • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
    • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
    • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
    • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
    • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
    P2P/Piracy Warning:
    • If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
    • Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
    • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now and read the policy on Piracy.
    Step 1

    Please run a FRST scan. This will help us diagnose your problem.

    frst.pngfrstscan.png

    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    (If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)

    • Start FRST with administator privileges.
    • Make sure the option Addition.txt is checked and press the Scan button.
    • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    • Please copy and paste these logs in your next reply.

  8. OK. :)

    But we're not done yet. Please go ahead and run MBAM and ESET:

    Step 1

    v21logo.PNG

    Scan with Malwarebytes Anti-Malware.

    • Please open Malwarebytes Anti-Malware and update the database.
    • Click "Settings" [1] and go to "Detection and Protection" [2]
    • Make sure "Scan for Rootkits" is checked.
    • Click on Dashboard [3], then click on Scan Now [4] to start the scan.

      :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:

      m21p.png

    • Click on "Remove Selected" [5].
    • Then click "Save Results" [6] and select

      m21p4.png

    • Return to our forum. Paste your log into your next reply and then click Finish [7].
    mbamv21.gif

    Step 2

    Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.

    • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
    • Start installer.pngwith administartor privileges.
    • Select the option Yes, I accept the Terms of Use and click on Start.
    • Choose the following settings:
    settings.png
    • Click on Start. The virus signature database will begin to download. This may take some time.
    • When completed the Online Scan will begin automatically.

      Note: This scan might take a long time! Please be patient.

    • When completed, click on Finish.
    • A log filelog.pngis created at logpath.png

      Copy and paste the content of this log file in your next reply.

    esetlog.png

    Note: Do not forget to re-enable your antivirus application after running the above scan!

    eset.gif


  9. Hi,

    Step 1

    frst.pngfrstfix.png

    Press the w8.png + R on your keyboard at the same time. Type notepad and click OK.

    • Copy the entire content of the codebox below and paste into the notepad document:

      CloseProcesses:C:\WINDOWS\system32\N1Service64.dll cmd: netsh winsock reset AlternateDataStreams: C:\ProgramData\Temp:56E2E879HKLM-x32\...\Run: [] => [X]Task: {063048D0-DEA2-423B-941B-FAD4767E99EB} - \SPBIW_UpdateTask_Time_3334363038373330372d2a55456c2d5a34575b413234 -> No File Task: {082A0DDB-D96E-4B84-9C8B-7E9E3AB5CD71} - \Adobe Flash Player Updater -> No File Task: {0D4F3C7A-39C4-4104-8425-785826EB9B10} - \PhraseProfessor Auto Updater 1.10.0.22 Core -> No File Task: {18EC5D67-59D5-423D-800F-858D030CC291} - \PhraseProfessor Auto Updater 1.10.0.22 Pending Update -> No File Task: {1DF97EDE-765C-430D-AFE5-C8FB693C54AE} - \Microsoft OneDrive Auto Update Task-S-1-5-21-2444418471-309531542-3407867716-1001 -> No File Task: {23D61382-9314-478E-A3DD-F292E93BBCD5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File Task: {29EA6BD1-C841-494E-8B22-F64B77686168} - \Optimize Start Menu Cache Files-S-1-5-21-2444418471-309531542-3407867716-500 -> No File Task: {40D27100-911A-4768-BAD3-2B5F2608C670} - \Launch HTC Sync Loader -> No File Task: {43BE01ED-7A43-4043-B861-58CEDB1BB47C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File Task: {497B1032-FCE3-4473-AB41-E5256517CE7E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File Task: {5C8671F6-5D3B-4BEE-9370-8121A1AEA31B} - \{E9430C13-12E9-4EB9-AD7C-43AC41CB426C} -> No File Task: {68DCE6E6-F422-4A4D-9B9F-B3398C22C59D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File Task: {70E68620-137B-459A-8E0E-2B7731453777} - \ShopperProJSUpd -> No File Task: {813F116E-E4CD-4855-AC97-D9C6585B8062} - \Synaptics TouchPad Enhancements -> No File Task: {81EBE69B-6972-4D45-B7D7-B9E49312E330} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File Task: {8B3B6F6C-744E-4532-81DC-CF2B71F87736} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File Task: {92E36439-4325-4FD1-8CB7-54223596BB20} - \{A3503584-2DFA-4F0D-909D-B4F49C590301} -> No File Task: {9A8FA3D8-9A72-4E87-AADD-A05DC4B8691B} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File Task: {A0DB3846-1223-4110-BAA3-430882F22E38} - \AdobeAAMUpdater-1.0-MicrosoftAccount-neleuska@hotmail.com -> No File Task: {A3EF42AE-CEEA-488E-87C1-084569DA76F6} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File Task: {ACF0E57E-4B6C-4EAC-8B56-C3D32014AD02} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File Task: {E6CFD5EC-8717-4C88-93B0-00FC3C7CB8E1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File Task: {FCD5EC32-8CFC-4B1D-91B1-D2D72D6DF076} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No FileBHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No FileToolbar: HKU\S-1-5-21-2444418471-309531542-3407867716-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File2015-10-30 09:54 - 2015-10-30 09:54 - 00002400 _____ C:\WINDOWS\system32\N1ServiceOff.ini2015-10-30 09:53 - 2015-10-31 14:36 - 00000000 ____D C:\WINDOWS\NMsvc2015-10-30 09:53 - 2015-10-30 09:53 - 00000000 ____D C:\WINDOWS\msservice
    • Click File, Save As and type fixlist.txt as the File Name.
    Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
    • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

      (XP users click run after receipt of Windows Security Warning - Open File).

    • Press the Fix button just once and wait.
    • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
    Please post it to your reply.

    Step 2

    Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.

    • Double click on AdwCleaner.exe to run the tool.

      Vista/Windows 7/8 users right-click and select "Run As Administrator"

    • Click on the Scan button.
    • After the scan has finished, click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).

      Copy and paste the contents of that logfile in your next reply.

    Step 3

    frst.pngfrstscan.png

    Start FRST with administator privileges.

    • Make sure the following option is checked: addition.png
    • Press the Scan button.
    • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.

      Please attach the logs in your next reply.


  10. Hi & :welcome:

    My name is Jürgen and I will be assisting you with your Malware related problems. medieval.gif

    Before we move on, please read the following points carefully. :excl:

    • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
    • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
    • Perform everything in the correct order. Sometimes one step requires the previous one.
    • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
    • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
    • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
    • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
    • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
    P2P/Piracy Warning:
    • If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
    • Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
    • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now and read the policy on Piracy.
    Step 1

    Please run a FRST scan. This will help us diagnose your problem.

    frst.pngfrstscan.png

    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    (If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)

    • Start FRST with administator privileges.
    • Make sure the option Addition.txt is checked and press the Scan button.
    • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    • Please copy and paste these logs in your next reply.

  11. Hi & :welcome:

    My name is Jürgen and I will be assisting you with your Malware related problems. medieval.gif

    Before we move on, please read the following points carefully. :excl:

    • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
    • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
    • Perform everything in the correct order. Sometimes one step requires the previous one.
    • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
    • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
    • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
    • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
    • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
    P2P/Piracy Warning:
    • If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
    • Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
    • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now and read the policy on Piracy.
    Step 1

    Please run a FRST scan. This will help us diagnose your problem.

    frst.pngfrstscan.png

    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    (If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)

    • Start FRST with administator privileges.
    • Make sure the option Addition.txt is checked and press the Scan button.
    • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    • Please copy and paste these logs in your next reply.

  12. This looks good indeed. The stuff that ESET has found is already in quarantine or just some remnants, but no more active malware. :)
     
    cleandeeprybka.gif
     
     
    That's it! abklatsch.gif
    Your logs look clean to me at the moment. :thumbup2:
    We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


    My help is free for everybody, however...
    If I have helped you fix your PC, then please consider donating to continue the fight against malware: btn_donate_SM.gif
    Thank you!


    Clean Upcleanupm.PNG

    Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

    • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
    • Download delfix.pngDelFix (by Xplode) and save it to your Desktop.
      • Close all running programs and start delfix.exe.
      • Make sure that all available options are checked.
      • Click on Run
      • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
    • If there is still something left you can delete it manually.

    Closing security holes

    Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.


    I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.


  13. You are welcome! But, we're not done yet. :)

    Step 1

    Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.

    • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
    • Start installer.pngwith administartor privileges.
    • Select the option Yes, I accept the Terms of Use and click on Start.
    • Choose the following settings:
    settings.png
    • Click on Start. The virus signature database will begin to download. This may take some time.
    • When completed the Online Scan will begin automatically.

      Note: This scan might take a long time! Please be patient.

    • When completed, click on Finish.
    • A log filelog.pngis created at logpath.png

      Copy and paste the content of this log file in your next reply.

    esetlog.png

    Note: Do not forget to re-enable your antivirus application after running the above scan!

    eset.gif


  14. I've already scanned with the first two before...

    I know. :)

    But I wanted the logs.

    Step 1

    frst.pngfrstfix.png

    Press the w8.png + R on your keyboard at the same time. Type notepad and click OK.

    • Copy the entire content of the codebox below and paste into the notepad document:

      CloseProcesses:HKLM-x32\...\Run: [] => [X]HKU\S-1-5-21-2166905351-2847742161-3976409908-1004\...\Run: [lvznaumnbi] => explorer SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO-x32: Ïîèñê@Mail.Ru -> {8E8F97CD-60B5-456F-A201-73065652D099} -> C:\Users\Taylor\AppData\Local\Mail.Ru\Sputnik\IESearchPlugin.dll => No FileCHR HomePage: Profile 1 -> mail.ru/cnt/11956636CHR DefaultSearchURL: Profile 1 -> hxxp://go.mail.ru/search?q={searchTerms}&fr=xtn10CHR DefaultSearchKeyword: Profile 1 -> mail.ruCHR DefaultSuggestURL: Profile 1 -> hxxp://suggests.go.mail.ru/chrome?q={searchTerms}2015-10-24 00:38 - 2015-10-24 06:31 - 00000000 ____D C:\ProgramData\ContentDefender2015-10-24 00:36 - 2015-10-24 00:36 - 00000000 ____D C:\Users\Taylor\AppData\Local\Поиcк в Интeрнете2015-10-24 00:35 - 2015-10-24 06:31 - 00000000 ____D C:\Users\Taylor\AppData\Local\SystemDirInternetURL: C:\Users\Taylor\Favorites\Mail.Ru Агент - используй для общения!.url -> hxxp://agent.mail.ruInternetURL: C:\Users\Taylor\Favorites\Mail.Ru.url -> hxxp://www.mail.ruAlternateDataStreams: C:\ProgramData\Temp:373E1720Task: {0941C44D-F322-4D82-BC0A-2F976EB0F0BB} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File Task: {0F268AF8-AE4B-4B8E-9A9C-FB6B7BB95F1D} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File Task: {7DF993EF-57D9-48B7-B286-7552E6E6786B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File Task: {9BB1D8EF-D719-4D66-921C-00AFB7D4B14B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File Task: {A06E792A-2AC2-4E61-8C0B-8FA27E7BBE9F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File Task: {B803785F-DB5A-42F0-A975-ADC6DF41521D} - \Norton WSC Integration -> No File Task: {C0F44158-F6C7-4487-B0AD-D80C9840C504} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File Task: {C2E0BA5D-3958-468A-AE19-6D1C44A79ACC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File Task: {DFEA0DE9-50DB-448A-87A2-BFACDC482243} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File Task: {ED80BCE0-9D74-4175-B6D2-F0244E484FBB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File Task: {FC97D79E-3A94-4FB4-8A70-42317DFEF897} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File Task: {FFE2234E-BFB5-43CF-B091-5B2CBD0671F4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File EmptyTemp:
    • Click File, Save As and type fixlist.txt as the File Name.
    Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
    • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

      (XP users click run after receipt of Windows Security Warning - Open File).

    • Press the Fix button just once and wait.
    • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
    Please post it to your reply.

  15. Step 1

    v21logo.PNG

    Scan with Malwarebytes Anti-Malware.

    • Please open Malwarebytes Anti-Malware and update the database.
    • Click "Settings" [1] and go to "Detection and Protection" [2]
    • Make sure "Scan for Rootkits" is checked.
    • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
      :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
      m21p.png
    • Click on "Remove Selected" [5].
    • Then click "Save Results" [6] and select
      m21p4.png
    • Return to our forum. Paste your log into your next reply and then click Finish [7].

    mbamv21.gif

    Step 2

    Scan with adwcleaner.png AdwCleaner (by Xplode).

    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8 users right-click and select "Run As Administrator"
    • Click on the Scan button.
    • After the scan has finished, click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
      Copy and paste the contents of that logfile in your next reply.

    Step 3

    frst.pngfrstscan.png

    Start FRST with administator privileges.

    • Make sure the following option is checked: sh.PNG
    • Press the Scan button.
    • When finished, FRST will produce two logs (FRST.txt and Shortcut.txt) in the same directory the tool was run from.
      Please copy and paste the content of Shortcut.txt in your next reply.

  16. Hi & :welcome:

    My name is Jürgen and I will be assisting you with your Malware related problems. medieval.gif

    Before we move on, please read the following points carefully. :excl:

    • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
    • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
    • Perform everything in the correct order. Sometimes one step requires the previous one.
    • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
    • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
    • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
    • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
    • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
    P2P/Piracy Warning:
    • If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
    • Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
    • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now and read the policy on Piracy.
    Step 1

    Please run a FRST scan. This will help us diagnose your problem.

    frst.pngfrstscan.png

    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    (If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)

    • Start FRST with administator privileges.
    • Make sure the option Addition.txt is checked and press the Scan button.
    • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    • Please copy and paste these logs in your next reply.

  17. OK,
    dann sind wir fertig.
    Bitte noch den neuesten IE installieren. http://www.microsoft.com/de-de/download/Internet-Explorer-11-for-Windows-7-details.aspx?id=40901
     
    Anschließend DelFix ausführen:
     
    Alle Logs gepostet? Dann lade Dir bitte delfix.pngDelFix herunter.

    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.

    Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.
     
    Habe ich Dir geholfen Dein Computer-Problem zu lösen und Du möchtest mich im Kampf gegen Malware mit einer Spende (Währungen werden umgerechnet) unterstützen, dann sage ich DANKE!
    btn_donate_SM.gif

    schild.png
    Absicherung:
    Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

    Browser
    Java
    Flash-Player
    PDF-Reader

    Sicherheitslücken (z.B. hier) in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
    Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

    Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

    Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.

    Meine Kauf-Empfehlung:

    ESS.png
    ESET Smart Security

    Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware scannen.

    Optional:
    noscript.pngNoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
    malwarebytes_anti_exploit.pngMalwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


    Lade Software von einem sauberen Portal wie microbanner.gif.
    Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
    Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .


    Abschließend noch ein paar grundsätzliche Bemerkungen:
    Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
    Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.


  18. Naja, auf der von Dir genannten Seite, wimmelt es ja auch vor Werbebannern etc. :). Auch dafür ist der Web-Schutz ja da. Das heißt ja nicht zwangsläufig, dass der PC infiziert ist.

    Ich empfehle Add-Ons wie das hier.

     

    Bitte die angehängte Datei fixlist.txt auch in dieses Verzeichnis (C:\Software org\virensoft) runterladen, FRST starten und auf "Entfernen" drücken.

    fixlist.txt

     

     

    Es wird eine fixlog.txt erstellt. Diese bitte wieder anhängen.

    Anschließend wieder FRST starten, Haken setzen bei Addition und auf "Untersuchen" klicken. FRST.txt und Addition.txt wieder anhängen.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.