| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Hartnäckiger Browser Hijacker: "Do Searches"Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
09.11.2013, 13:55
| #5 |
| |  Hartnäckiger Browser Hijacker: "Do Searches" Und weiter gehts  JRT: Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 8 Pro x64
Ran by Simon on 09.11.2013 at 13:29:54,94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\qtrax
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3142468645-2756943370-3747926132-1001\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BBBCB21C-79B7-4A2D-95CB-E11F2535FAF3}
~~~ Files
Successfully deleted: [File] "C:\Users\Simon\appdata\locallow\microsoft\silverlight\outofbrowser\index\portal.qtrax.com"
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\Simon\appdata\local\{02583138-22FE-4D61-A0AF-54498249746F}
Successfully deleted: [Empty Folder] C:\Users\Simon\appdata\local\{B13DDD2A-FD0C-49BE-9229-4A1B337D4B0D}
Successfully deleted: [Empty Folder] C:\Users\Simon\appdata\local\{CBF412AD-31B4-4246-B122-11FFDEBE23F3}
Successfully deleted: [Empty Folder] C:\Users\Simon\appdata\local\{EC25F6BF-93AF-4093-953C-B3212D50DA55}
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.11.2013 at 13:33:12,63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ZOEK: Code:
ATTFilter
Zoek.exe Version 4.0.0.5 Updated 09-November-2013
Tool run by Simon on 09.11.2013 at 13:34:59,24.
Microsoft Windows 8 Pro 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Simon\AppData\Local\Temp\Rar$EX02.438\zoek.exe [Script inserted]
==== System Restore Info ======================
09.11.2013 13:35:48 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\4v8s2jkq.default\prefs.js:
user_pref("browser.startup.homepage", "google.de");
Added to C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\4v8s2jkq.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome.PCHI4MZG7UCYLPKI6U5SI3RPFY\shell\open\command]
@="C:\\Users\\Simon\\AppData\\Local\\Google\\Chrome\\Application\\chrome.exe"
==== Deleting Files \ Folders ======================
C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\LocalLow\Toolbar4 deleted
C:\WINDOWS\silentOnce.tmp deleted
C:\WINDOWS\SysWow64\searchplugins deleted
C:\WINDOWS\SysWow64\Extensions deleted
==== Firefox Extensions ======================
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\4v8s2jkq.default
4BF70B35B943BD73BD6E13EB7C1BA4B3 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll - Shockwave Flash
66640A55AEFF3819C94E0A8D40D7E0AD - C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1202122.dll - Shockwave for Director / Shockwave for Director
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
"Start Page"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
"Start Page"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
{595EC4B6-80BA-456F-9B6C-F350CE2BD89D} Unknown Url="Not_Found"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3142468645-2756943370-3747926132-1001\Software\Microsoft\Internet Explorer\SearchScopes\{595EC4B6-80BA-456F-9B6C-F350CE2BD89D} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Empty IE Cache ======================
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Simon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Simon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\Simon\AppData\Local\Mozilla\Firefox\Profiles\4v8s2jkq.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\Users\Simon\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 09.11.2013 at 13:50:13,94 ======================
|
| Themen zu Hartnäckiger Browser Hijacker: "Do Searches" |
| browser, browser hijacker, computer, do searches, download, ebenfalls, entfernt, folge, folgende, gesucht, guten, hartnäckiger, heute, hijack, hijacker, ideen, interne, internet, laptop, malwarebytes, problem, programm, programme, versuche, viren, virus, windows, wirklich |
Baum-Darstellung