| |
| |||||||
Log-Analyse und Auswertung: Pop-Up öffnet sich unerlaubt und grün unterstrichene Wörter ganz PlötzlichWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
22.01.2014, 15:18
| #6 |
 |  Pop-Up öffnet sich unerlaubt und grün unterstrichene Wörter ganz Plötzlich Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-01-2014 Ran by Peter at 2014-01-22 09:41:47 Run:1 Running from C:\Users\Peter\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** start BHO: YoutubeAdblocker - {02D9537E-7F66-66EE-68C9-738D676CBCC5} - C:\Program Files (x86)\YoutubeAdblocker\G2mamRqY.x64.dll No File BHO: No Name - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - No File BHO: No Name - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - No File BHO: No Name - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - No File Task: {910401AD-2F70-424E-9792-952899EF6DEB} - \Scheduled Update for Ask Toolbar No Task File Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02D9537E-7F66-66EE-68C9-738D676CBCC5}" /f Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YoutubeAdblocker.YoutubeAdblocker" /f Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YoutubeAdblocker.YoutubeAdblocker.1.0" /f Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}" /f Reg: reg delete "HKEY_USERS\Gast\Software\AppDataLow\Software\AskToolbar" /f end ***************** HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02D9537E-7F66-66EE-68C9-738D676CBCC5} => Key deleted successfully. HKCR\CLSID\{02D9537E-7F66-66EE-68C9-738D676CBCC5} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} => Key deleted successfully. HKCR\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF} => Key deleted successfully. HKCR\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} => Key deleted successfully. HKCR\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{910401AD-2F70-424E-9792-952899EF6DEB} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{910401AD-2F70-424E-9792-952899EF6DEB} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar => Key deleted successfully. ========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02D9537E-7F66-66EE-68C9-738D676CBCC5}" /f ========= FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden. ========= End of Reg: ========= ========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YoutubeAdblocker.YoutubeAdblocker" /f ========= Der Vorgang wurde erfolgreich beendet. ========= End of Reg: ========= ========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YoutubeAdblocker.YoutubeAdblocker.1.0" /f ========= Der Vorgang wurde erfolgreich beendet. ========= End of Reg: ========= ========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}" /f ========= Der Vorgang wurde erfolgreich beendet. ========= End of Reg: ========= ========= reg delete "HKEY_USERS\Gast\Software\AppDataLow\Software\AskToolbar" /f ========= FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden. ========= End of Reg: ========= ==== End of Fixlog ==== Code:
ATTFilter HitmanPro 3.7.8.208
www.hitmanpro.com
Computer name . . . . : PETER-PC
Windows . . . . . . . : 6.1.1.7601.X64/2
User name . . . . . . : Peter-PC\Peter
UAC . . . . . . . . . : Enabled
License . . . . . . . : Trial (30 days left)
Scan date . . . . . . : 2014-01-22 09:46:38
Scan mode . . . . . . : Normal
Scan duration . . . . : 6m 1s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 0
Traces . . . . . . . : 77
Objects scanned . . . : 1.640.580
Files scanned . . . . : 52.664
Remnants scanned . . : 555.935 files / 1.031.981 keys
Potential Unwanted Programs _________________________________________________
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E\ (AskBar) -> Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6\ (AskBar) -> Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7\ (AskBar) -> Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852\ (AskBar) -> Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0\ (AskBar) -> Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA\ (AskBar) -> Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96\ (AskBar) -> Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8\ (AskBar) -> Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01\ (AskBar) -> Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59\ (AskBar) -> Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED\ (AskBar) -> Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472\ (AskBar) -> Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296\ (AskBar) -> Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888\ (AskBar) -> Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC\ (AskBar) -> Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA\ (AskBar) -> Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E\ (AskBar) -> Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF\ (AskBar) -> Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E\ (AskBar) -> Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF\ (AskBar) -> Deleted
HKU\S-1-5-21-1083743635-3313662654-2860645747-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}\ (AskBar) -> Deleted
Cookies _____________________________________________________________________
C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\i52l196o.default\cookies.sqlite:ad.360yield.com
C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\i52l196o.default\cookies.sqlite:ad.ad-srv.net
C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\i52l196o.default\cookies.sqlite:ad.yieldmanager.com
C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\i52l196o.default\cookies.sqlite:ad.zanox.com
C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\i52l196o.default\cookies.sqlite:ads.auto-motor-und-sport.de
C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\i52l196o.default\cookies.sqlite:adtech.de
C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\i52l196o.default\cookies.sqlite:adviva.net
C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\i52l196o.default\cookies.sqlite:atdmt.com
C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\i52l196o.default\cookies.sqlite:bs.serving-sys.com
C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\i52l196o.default\cookies.sqlite:doubleclick.net
C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\i52l196o.default\cookies.sqlite:eas.apm.emediate.eu
C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\i52l196o.default\cookies.sqlite:invitemedia.com
C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\i52l196o.default\cookies.sqlite:revsci.net
C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\i52l196o.default\cookies.sqlite:serving-sys.com
C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\i52l196o.default\cookies.sqlite:smartadserver.com
C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\i52l196o.default\cookies.sqlite:specificclick.net
C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\i52l196o.default\cookies.sqlite:track.adform.net
C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\i52l196o.default\cookies.sqlite:track.effiliation.com
C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\i52l196o.default\cookies.sqlite:ww251.smartadserver.com
C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\i52l196o.default\cookies.sqlite:www.etracker.de
C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\i52l196o.default\cookies.sqlite:www.googleadservices.com
C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.123-template.com
C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.ad-srv.net
C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.adc-serv.net
C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.dyntracker.de
C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.movad.net
C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.zanox.com
C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.escinteractive.com
C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Cookies:de.sitestat.com
C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Cookies:eas.apm.emediate.eu
C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Cookies:eas4.emediate.eu
C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Cookies:h.atdmt.com
C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Cookies:oms.122.2o7.net
C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.effiliation.com
C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Cookies:tradedoubler.com
C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Cookies:ww251.smartadserver.com
C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com
C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\ert3vsfr.default-1382093065992\cookies.sqlite:xiti.com
|
| Themen zu Pop-Up öffnet sich unerlaubt und grün unterstrichene Wörter ganz Plötzlich |
| 100%, browser, computer, erscheint, google, grün unterstrichen, kleines, link, nachricht, nicht mehr, plötzlich, pup.optional.chipxonio, pup.optional.opencandy, pup.optional.softonic.a, seiten, weiteres, wenig, wenig ahnung, werbung, öffnet |
Baum-Darstellung