Hallo
Anscheindend hat es mich erwischt Avast meldet bei der Startzeitprüfung Reveton-AF befall
Anbei von FRST
kann mal jemand sich das anschauen
Ein Experte ist informiert.
Schönen Abend,
Asyn
Anbei
noch eine liste von alten Programmen, wo anscheinend noch reste sind
die weck können
Grüß
Martin
Nothing apparent but lets check
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/IDToolbyNathan.png
Scan with IDTool
Please download IDTool by Nathan and save the file to the desktop.
It will come as a zipped file, so you will need to unzip it. You may do it by right-clicking on it and choosing Extract All. Extract it to your desktop.
[*]Enter the IDTool directory, right-click on
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/IDToolbyNathan.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[*]IDTool needs Micorsoft .NET Framework environment to work properly, so if prompted to download & install it please agree
[*]Wait patiently until the tool will collect necessary data
[*]Once the main console is loaded, please press Rescan Computer and Generate a New Report.
[*]When prompted at the main bar that Rescan is completed, press Generate Text Friendly Report for Forums.
[*]Copy the entire content of the frame that appears. You may want to save it to a text file for your convenience
Please include that contents in your next reply.
THEN
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint: HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {50DCC84D-EF55-47C6-8901-8D24C43E38B7} - No File Toolbar: HKU\S-1-5-21-2268818682-1966986791-595924431-1001 -> No Name - {3E1201F4-1707-409F-BB45-A5F192381DA0} - No File Toolbar: HKU\S-1-5-21-2268818682-1966986791-595924431-1018 -> No Name - {3E1201F4-1707-409F-BB45-A5F192381DA0} - No File 2015-05-08 21:26 - 2015-05-08 21:26 - 00000000 _____ () C:\Windows\SysWOW64\FAP6D3.tmp 2015-05-08 21:26 - 2015-05-08 21:26 - 00000000 _____ () C:\Windows\SysWOW64\FAP1D51.tmp 2015-05-08 21:14 - 2015-05-08 21:14 - 00000000 _____ () C:\Windows\SysWOW64\FAP5251.tmp 2015-05-08 21:14 - 2015-05-08 21:14 - 00000000 _____ () C:\Windows\SysWOW64\FAP51F2.tmp 2015-05-08 21:05 - 2015-05-08 21:05 - 00000000 _____ () C:\Windows\SysWOW64\FAPE51A.tmp 2015-05-08 21:02 - 2015-05-08 21:02 - 00000000 _____ () C:\Windows\SysWOW64\FAP7748.tmp CustomCLSID: HKU\S-1-5-21-2268818682-1966986791-595924431-1001_Classes\CLSID\{ca586c80-7c84-4b88-8537-726724df6929}\InprocServer32 -> C:\Program Files (x86)\Git\git-cheetah\git_shell_ext64.dll No File ATTENTION: System Restore is disabled AlternateDataStreams: C:\Windows:F57EA43A6F9EE5E8 Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
Hallo
Kann das Programm starten,verschwindet aber sofort wieder IDTool
Im Taskmanager no IDTool
Erhalten Sie nach dem Ausführen dieser Bildschirm?
Do you get this screen after running ?
ganz kurz, dann wieder weck
OK weiter mit FRST-Fix. Wo meldet Avast Reveton? Ich sehe keine Anzeichen für alle verschlüsselten Dateien
OK continue with the FRST fix. Where is Avast reporting Reveton ? As I can see no sign of any encrypted files
FRST-Fix erledigt
Poste bitte die Log-Datei von deinem FRST-Fix.
That looks like a false positive
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint: C:\Users\kaddy\AppData\Local\IconCache.db EmptyTemp: CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
Hallo
Habe window neu gemacht, habe aber die anderen Parttition stehen gelassen und das Windows hatte ich als Iso auf Computer
kann jemand die log nochmal anschauen
Noch keine Spur von reveton
Still no sign of reveton