Thema: avast Infektion blockiert, URL:Mal , nicht auffindbar, nicht löschbar

[REDACTED]

Habe eben noch Junkware Removal Tool (JRT) by Thisisu ausgeführt, hier der log, das Problem besteht weiterhin....

[essexboy]

Could you run this small fix and if the problem continues set Firefox to safe mode https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-using-safe-mode and let me know if that stops the alert

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

FF Extension: Hola Better Internet - C:\Users\Dietmar\AppData\Roaming\Mozilla\Firefox\Profiles\c61240hm.Test\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2014-07-15]
CMD: bitsadmin /reset /allusers
CMD: DEL %TEMP%\*.* /F /S /Q
CMD: RD /S /Q %TEMP%
REBOOT:

 
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

[REDACTED]

Ok, hier das neue log file

Problem still exist, I try now safe mode firefox

[REDACTED]

Im Firefox safe mode, keine Warnmeldung von avast, aber da ist doch das WebShield nicht aktiv?
In Firefox safe mode, no problems, but in safe mode, avast WebShield isn't aktive?
Bin zurück im normalen Firefox, Problem nicht gelöst
Now I'm back in normal Firefox mode, problem still exists
Ich habe ebenso testweise alle addons deaktiviert, Problem besteht weiterhin
I also tried deaktivate all addons in firfox, problem still exists

[essexboy]

OK we have a hidden Firefox extension, all I need to do is find it

======Zoek.exe======
 
Take action to disable your antivirus and antispyware programs, as they may conflict with Zoek.exe
>> Info on how to disable your security applications > http://www.bleepingcomputer.com/forums/topic114351.html
 
Download zoek.exe to your desktop

• If Internet Explorer, any other browser, or a security program issues a warning indicating the file is unsafe, please ignore, since it is a false warning.[/*]
  

Using Zoek.exe

• On the Desktop, double-click Zoek.exe to start the tool.

Windows Vista, 7 and 8 users right-click the file and select: Run as Administrator.
Give the program a few seconds to appear.

• Copy and paste the following script in the code box:
• Note: This script is written for usage on this system only, do not use it on any other computer even if the problems are similar.
  

Code: [Select]

FFdefaults;
emptyFFcache;
emptyalltemp;
autoclean;
emptyclsid;
standardsearch;
firefoxlook;


• Click the "Run script" button and wait patiently.
  
• When finished the logfile will be opened in notepad.
• If a reboot is needed the logfile will be opened after reboot.
• The zoek-results.log can also be found on your systemdrive.
  
• Please post the logfile for further review in your next comment.

[REDACTED]

Okay, hier nun das zoek log
problem still exist

[essexboy]

I can see no hidden extensions in firefox which is a mystery as the indicators are that the problem resides there

Can you totally uninstall Firefox and then re-install to see if it still occurs

[REDACTED]

Ich habe Firefox komplett deinstalliert, anschliessend neu installiert, Problem besteht weitwerhin ....
I've uninstalled Firefox complete, deleted Mozilla folder, reboot, installed Firefox new, Problem still exist....

[essexboy]

Hmm this is intriguing. 

I have now revisited all the logs and have found one anomaly which would explain it not being affected by uninstalling Firefox, however, it does not explain why the other browsers are not affected

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

DeleteKey:  HKEY_USERS\S-1-5-21-2555651197-1920752201-265641236-1000_Classes\Wow6432Node\CLSID\{130F8154-E804-4BD5-A07B-35BE69039715}
CMD: bitsadmin /reset /allusers
CMD: DEL %TEMP%\*.* /F /S /Q
CMD: RD /S /Q %TEMP%
REBOOT:

 
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

[REDACTED]

Hier das neue log
Here we go, the new log
omg...problem still exist

[essexboy]

FRST could not delete it so lets use combofix

1. Close any open browsers.
 
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 
 
3. Open notepad and copy/paste the text in the quotebox below into it:
 

RegLockDel::
[HKEY_USERS\S-1-5-21-2555651197-1920752201-265641236-1000_Classes\Wow6432Node\CLSID\{130F8154-E804-4BD5-A07B-35BE69039715}]

 
Save this as CFScript.txt, in the same location as ComboFix.exe
 
 
 
 
Refering to the picture above, drag CFScript into ComboFix.exe
 
When finished, it will produce a log for you at C:\ComboFix.txt which I will require in your next reply.

[REDACTED]

Ich hoffe, ich habe alles richtig gemacht, hier der ComboFix log
I hope, I did all correct, here is the ComboFix log
Not sure, if CFScript worked, problem still exist...

[essexboy]

No that did not take it out either lets use GMER

Download the GMER Rootkit Scanner. to your Desktop, it will be a randomly named .exe file .
 
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
 
Double-click the file you downloaded. The program will begin to run.
 

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!
 
If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

• Click NO
  
• In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  
• Now click the Scan button.

Once the scan is complete, you may receive another notice about rootkit activity.

• Click OK.
• GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt" 
  
• Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

[REDACTED]

So, nun bin ich wieder da, habe GMER heruntergeladen und ausgeführt, es kam keine Meldung über einen aktiven rootkit, so habe ich den scan gestartet. Es kam einige Male eine Fehlermeldung (Laufwerk), es war schwer, diese Meldung wegzubekommen, gefühlte 1000 Klicks auf "weiter".
Hier nun das logfile
So, now I'm back, I have downloaded and run GMER, there was no message about an active rootkit, so I have started the scan. It came alot times an error message (must have something to do with the Harddisk), it was hard to continue the scan,, felt like I made 1000 clicks on "next".
After scan was complete, I get no message about rootkit activity
Here now logfile and a picture about the error message
problem still exist

[essexboy]

Take a little while to check that out .. Back soon