| |
| |||||||
Log-Analyse und Auswertung: Nach Daemon Tools Lite installation eine Infektion, bin ich wieder clean?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
10.01.2015, 11:32
| #1 |
| |  Nach Daemon Tools Lite installation eine Infektion, bin ich wieder clean? Hallo, ich habe mir das kostenlose Tool "Daemon Tools Lite" installiert und vermute, dass die mitgebrachte Adware mein System infiziert hat. Auslösendes Ereignis war vom Avast Echtzeit Scanner Code:
ATTFilter *
* Avast Echtzeit-Schutz-Bericht
* Diese Berichtdatei wurde automatisch erstellt
*
* Start: Freitag, 9. Januar 2015 20:38:55
*
09.01.2015 21:11:29 C:\Program Files (x86)\XTab\BHOEnabler.exe [L] Win32:SupTab-D [Adw] (0)
Datei erfolgreich in Container verschoben...
09.01.2015 21:11:35 C:\Program Files (x86)\XTab\SupTab.dll [L] Win32:SupTab-G [Adw] (0)
Datei erfolgreich in Container verschoben...
*
* Schutz beendet: Freitag, 9. Januar 2015 21:16:07
* Laufzeit war 37 Minute(n), 37 Sekunde(n)
1. AdwCleaner Scan N°1 Code:
ATTFilter # AdwCleaner v4.107 - Bericht erstellt am 09/01/2015 um 21:14:21
# Aktualisiert 07/01/2015 von Xplode
# Database : 2015-01-03.1 [Live]
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : localhost - LOCALHOST-PC
# Gestartet von : C:\Users\localhost\Downloads\adwcleaner_4.107.exe
# Option : Suchen
***** [ Dienste ] *****
Dienst Gefunden : WindowsMangerProtect
Dienst Gefunden : IHProtect Service
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Users\localhost\AppData\Roaming\Mozilla\Firefox\Profiles\vthxdk8n.default\searchplugins\mystartsearch.xml
Datei Gefunden : C:\Users\localhost\AppData\Roaming\Mozilla\Firefox\Profiles\vthxdk8n.default\user.js
Ordner Gefunden : C:\ProgramData\IHProtectUpDate
Ordner Gefunden : C:\ProgramData\WindowsMangerProtect
Ordner Gefunden : C:\Users\localhost\AppData\Roaming\Mozilla\Firefox\Profiles\vthxdk8n.default\Extensions\faststartff@gmail.com
Ordner Gefunden : C:\Users\localhost\AppData\Roaming\mystartsearch
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Daten Gefunden : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command [(Default)] - "E:\Programme\Mozilla Firefox\firefox.exe" hxxp://www.mystartsearch.com/?type=sc&ts=1420834199&from=smt&uid=ST1000DM003-1CH162_Z1D91GZRXXXXZ1D91GZR
Daten Gefunden : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.mystartsearch.com/?type=sc&ts=1420834199&from=smt&uid=ST1000DM003-1CH162_Z1D91GZRXXXXZ1D91GZR
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : HKCU\Software\Mozilla\Extends
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : [x64] HKCU\Software\OCS
Schlüssel Gefunden : HKLM\SOFTWARE\14919ea49a8f3b4aa3cf1058d9a64cec
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\S
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mystartsearch uninstall
Schlüssel Gefunden : HKLM\SOFTWARE\mystartsearchSoftware
Schlüssel Gefunden : HKLM\SOFTWARE\SupDp
Schlüssel Gefunden : HKLM\SOFTWARE\supWindowsMangerProtect
Schlüssel Gefunden : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17496
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.mystartsearch.com/?type=hp&ts=1420834199&from=smt&uid=ST1000DM003-1CH162_Z1D91GZRXXXXZ1D91GZR
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.mystartsearch.com/?type=hp&ts=1420834199&from=smt&uid=ST1000DM003-1CH162_Z1D91GZRXXXXZ1D91GZR
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.mystartsearch.com/web/?type=ds&ts=1420834199&from=smt&uid=ST1000DM003-1CH162_Z1D91GZRXXXXZ1D91GZR&q={searchTerms}
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.mystartsearch.com/?type=hp&ts=1420834199&from=smt&uid=ST1000DM003-1CH162_Z1D91GZRXXXXZ1D91GZR
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.mystartsearch.com/?type=hp&ts=1420834199&from=smt&uid=ST1000DM003-1CH162_Z1D91GZRXXXXZ1D91GZR
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.mystartsearch.com/web/?type=ds&ts=1420834199&from=smt&uid=ST1000DM003-1CH162_Z1D91GZRXXXXZ1D91GZR&q={searchTerms}
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.mystartsearch.com/web/?type=ds&ts=1420834199&from=smt&uid=ST1000DM003-1CH162_Z1D91GZRXXXXZ1D91GZR&q={searchTerms}
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.mystartsearch.com/?type=hp&ts=1420834199&from=smt&uid=ST1000DM003-1CH162_Z1D91GZRXXXXZ1D91GZR
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.mystartsearch.com/?type=hp&ts=1420834199&from=smt&uid=ST1000DM003-1CH162_Z1D91GZRXXXXZ1D91GZR
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.mystartsearch.com/web/?type=ds&ts=1420834199&from=smt&uid=ST1000DM003-1CH162_Z1D91GZRXXXXZ1D91GZR&q={searchTerms}
-\\ Mozilla Firefox v33.0.2 (x86 de)
[vthxdk8n.default] - Zeile gefunden : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
[vthxdk8n.default] - Zeile gefunden : user_pref("browser.search.defaultenginename", "mystartsearch");
[vthxdk8n.default] - Zeile gefunden : user_pref("browser.search.searchengine.alias", "mystartsearch");
[vthxdk8n.default] - Zeile gefunden : user_pref("browser.search.searchengine.iconURL", "hxxp://www.mystartsearch.com/favicon.ico");
[vthxdk8n.default] - Zeile gefunden : user_pref("browser.search.searchengine.name", "mystartsearch");
[vthxdk8n.default] - Zeile gefunden : user_pref("browser.search.searchengine.url", "hxxp://www.mystartsearch.com/web/?type=ds&ts=1420834199&from=smt&uid=ST1000DM003-1CH162_Z1D91GZRXXXXZ1D91GZR&q={searchTerms}");
[vthxdk8n.default] - Zeile gefunden : user_pref("browser.search.selectedEngine", "mystartsearch");
[vthxdk8n.default] - Zeile gefunden : user_pref("browser.startup.homepage", "hxxp://www.mystartsearch.com/?type=hp&ts=1420834199&from=smt&uid=ST1000DM003-1CH162_Z1D91GZRXXXXZ1D91GZR");
[vthxdk8n.default] - Zeile gefunden : user_pref("extensions.quick_start.enable_search1", false);
[vthxdk8n.default] - Zeile gefunden : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
*************************
AdwCleaner[R0].txt - [6510 octets] - [09/01/2015 21:14:21]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6570 octets] ##########
Code:
ATTFilter # AdwCleaner v4.107 - Bericht erstellt am 09/01/2015 um 21:15:52
# Aktualisiert 07/01/2015 von Xplode
# Database : 2015-01-03.1 [Live]
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : localhost - LOCALHOST-PC
# Gestartet von : C:\Users\localhost\Downloads\adwcleaner_4.107.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : WindowsMangerProtect
Dienst Gelöscht : IHProtect Service
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\WindowsMangerProtect
Ordner Gelöscht : C:\ProgramData\IHProtectUpDate
Ordner Gelöscht : C:\Users\localhost\AppData\Roaming\mystartsearch
Ordner Gelöscht : C:\Users\localhost\AppData\Roaming\Mozilla\Firefox\Profiles\vthxdk8n.default\Extensions\faststartff@gmail.com
Datei Gelöscht : C:\Users\localhost\AppData\Roaming\Mozilla\Firefox\Profiles\vthxdk8n.default\user.js
Datei Gelöscht : C:\Users\localhost\AppData\Roaming\Mozilla\Firefox\Profiles\vthxdk8n.default\searchplugins\mystartsearch.xml
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\Users\localhost\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\localhost\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\localhost\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\localhost\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\localhost\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends
Schlüssel Gelöscht : HKLM\SOFTWARE\14919ea49a8f3b4aa3cf1058d9a64cec
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp
Schlüssel Gelöscht : HKLM\SOFTWARE\supWindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\mystartsearchSoftware
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mystartsearch uninstall
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17496
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Mozilla Firefox v33.0.2 (x86 de)
[vthxdk8n.default\prefs.js] - Zeile gelöscht : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
[vthxdk8n.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.defaultenginename", "mystartsearch");
[vthxdk8n.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.searchengine.alias", "mystartsearch");
[vthxdk8n.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.searchengine.iconURL", "hxxp://www.mystartsearch.com/favicon.ico");
[vthxdk8n.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.searchengine.name", "mystartsearch");
[vthxdk8n.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.searchengine.url", "hxxp://www.mystartsearch.com/web/?type=ds&ts=1420834199&from=smt&uid=ST1000DM003-1CH162_Z1D91GZRXXXXZ1D91GZR&q={searchTerms}");
[vthxdk8n.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.selectedEngine", "mystartsearch");
[vthxdk8n.default\prefs.js] - Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://www.mystartsearch.com/?type=hp&ts=1420834199&from=smt&uid=ST1000DM003-1CH162_Z1D91GZRXXXXZ1D91GZR");
[vthxdk8n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[vthxdk8n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
*************************
AdwCleaner[R0].txt - [6686 octets] - [09/01/2015 21:14:21]
AdwCleaner[S0].txt - [5784 octets] - [09/01/2015 21:15:52]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5844 octets] ##########
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 09.01.2015 Scan Time: 21:27:43 Logfile: mb1log.txt Administrator: Yes Version: 2.00.4.1028 Malware Database: v2015.01.09.16 Rootkit Database: v2015.01.07.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: localhost Scan Type: Threat Scan Result: Completed Objects Scanned: 328353 Time Elapsed: 7 min, 13 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 1 PUP.Optional.IHProtect.A, HKLM\SOFTWARE\WOW6432NODE\IHProtect, Quarantined, [293bf4018afff83e284cd4948d7634cc], Registry Values: 1 PUP.Optional.FFToolbar.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|fftoolbar2014@etech.com, C:\Users\localhost\AppData\Roaming\Mozilla\Firefox\Profiles\vthxdk8n.default\extensions\fftoolbar2014@etech.com, Quarantined, [95cf4ca9e1a8d75fd13d1f49b44fa15f] Registry Data: 0 (No malicious items detected) Folders: 27 PUP.Optional.XTab.A, C:\Program Files (x86)\XTab, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\image, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\weather, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\en-US, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-419, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-ES, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-BE, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CA, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CH, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-FR, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-LU, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-CH, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-IT, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pl, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt-BR, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru-MO, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\tr-TR, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\vi-VI, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-CN, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-TW, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], Files: 78 PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ProtectService.exe, Quarantined, [194b7e77b9d0e45234c16d97da284ab6], PUP.Optional.Somoto, C:\Users\localhost\AppData\Local\Temp\bitool.dll, Quarantined, [cc98f40195f46bcb4e2b595048bafe02], PUP.Optional.Somoto, C:\Users\localhost\AppData\Local\Temp\nsp561.tmp, Quarantined, [76eef0051b6ecf677820906a5ea6ce32], PUP.Optional.SupTab.A, C:\Users\localhost\AppData\Local\Temp\~dl69D9\~dljyb\tmp\STab_Down.exe, Quarantined, [5b0904f1f396e353a1d6d39211efaa56], PUP.Optional.XTab.A, C:\Users\localhost\AppData\Local\Temp\~dl69D9\~dljyb\tmp\STab_v4.0.exe, Quarantined, [9fc5fcf9f792d95da74e61a38181827e], PUP.Optional.WindowsProtectManger.A, C:\Users\localhost\AppData\Local\Temp\~dl69D9\~dljyb\tmp\wpm_v20.0.0.1337.exe, Quarantined, [94d0906546435ed8abe0b70cef1258a8], PUP.Optional.OpenCandy, C:\Users\localhost\Downloads\DTLite4491-0356.exe, Quarantined, [68fcdf16fd8c82b400d8a70d45c04bb5], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\uninstall.exe, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\BrowerWatchCH.dll, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\BrowerWatchFF.dll, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\BrowserAction.dll, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\CmdShell.exe, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\conf, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\HPNotify.exe, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\IeWatchDog.dll, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcp110.dll, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcr110.dll, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\about.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\about_bk.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\btn.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\btn_apply.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\close.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\conf.xml, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\conf_back.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\input_bk.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\logo.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\main.xml, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\radio_1.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\radio_2.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\rigth_arrow.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\settings.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\data.html, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\indexIE.html, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\indexIE8.html, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\main.css, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\ver.txt, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\arrow.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\default_add_logo.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\default_add_logo_hover.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\default_logo.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\googlelogo.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\googlelogo2.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\google_trends.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon128.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon16.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon48.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\loading.gif, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\logo32.ico, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\weather\0.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\common.js, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\ga.js, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\ie8.js, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\jquery-1.11.0.min.js, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\jquery.autocomplete.js, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\js.js, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\library.js, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit-ie8.js, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit.js, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit2.0.js, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\en-US\messages.json, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-419\messages.json, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-ES\messages.json, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-BE\messages.json, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CA\messages.json, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CH\messages.json, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-FR\messages.json, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-LU\messages.json, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-CH\messages.json, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-IT\messages.json, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pl\messages.json, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt\messages.json, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt-BR\messages.json, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru\messages.json, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru-MO\messages.json, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\tr-TR\messages.json, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\vi-VI\messages.json, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-CN\messages.json, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-TW\messages.json, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], Physical Sectors: 0 (No malicious items detected) (end) 3. AdwCleaner Scan N°2 Code:
ATTFilter # AdwCleaner v4.107 - Bericht erstellt am 09/01/2015 um 21:40:27
# Aktualisiert 07/01/2015 von Xplode
# Database : 2015-01-03.1 [Live]
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : localhost - LOCALHOST-PC
# Gestartet von : C:\Users\localhost\Downloads\adwcleaner_4.107.exe
# Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Mozilla Firefox v33.0.2 (x86 de)
[vthxdk8n.default] - Zeile gefunden : user_pref("browser.search.selectedEngine", "webssearches");
*************************
AdwCleaner[R0].txt - [6686 octets] - [09/01/2015 21:14:21]
AdwCleaner[R1].txt - [814 octets] - [09/01/2015 21:40:27]
AdwCleaner[S0].txt - [5948 octets] - [09/01/2015 21:15:52]
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [933 octets] ##########
Code:
ATTFilter # AdwCleaner v4.107 - Bericht erstellt am 09/01/2015 um 21:42:03
# Aktualisiert 07/01/2015 von Xplode
# Database : 2015-01-03.1 [Live]
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : localhost - LOCALHOST-PC
# Gestartet von : C:\Users\localhost\Downloads\adwcleaner_4.107.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Mozilla Firefox v33.0.2 (x86 de)
[vthxdk8n.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.selectedEngine", "webssearches");
*************************
AdwCleaner[R0].txt - [6686 octets] - [09/01/2015 21:14:21]
AdwCleaner[R1].txt - [1012 octets] - [09/01/2015 21:40:27]
AdwCleaner[S0].txt - [5948 octets] - [09/01/2015 21:15:52]
AdwCleaner[S1].txt - [944 octets] - [09/01/2015 21:42:03]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1003 octets] ##########
4. Avast Antivirus Free - Complete Scan Hier finde ich den log leider nicht. Aber ich habe ein Bild des Ergebnisses. Das Löschen schlug fehl.  5. Avast Antivirus Boot Scan Als das Löschen fehl schlug führte ich einen Boot Scan durch. Diesen musste ich nach dem Fund aber abbrechen, da der Scan keine Tastatureingabe annahm. Code:
ATTFilter 01/09/2015 23:18
Prüfung aller lokalen Laufwerke
Datei C:\Users\localhost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C0QWP0B0\BiTool[1].dll ist infiziert von Win32:Somoto-J [PUP]
----------------------------------------
Anderer Ansatz: Sophos Boot Antivirus auf anderem System erstellt und ausgeführt Code:
ATTFilter SWEEP virus detection utility
Version 5.09.0 [Linux/Intel]
Virus data version 5.09, December 2014
Includes detection for 8264368 viruses, Trojans and worms
Copyright (c) 1989-2014 Sophos Limited. All rights reserved.
System time 23:48:56, System date 09 January 2015
Command line qualifiers are: -remove -p=/tmp/sweep-remove-log.txt -all --no-follow-symlinks -bs -mbr -dn -exclude
IDE directory is: /usr/local/sav
Using IDE file cride-en.ide
Using IDE file zbot-jez.ide
Using IDE file age-ajzb.ide
Using IDE file vb-hub.ide
Using IDE file age-ajzk.ide
Using IDE file age-ajzm.ide
Using IDE file age-ajzo.ide
Using IDE file age-ajzr.ide
Using IDE file mdro-ghx.ide
Using IDE file docdl-bp.ide
Using IDE file zbot-jfb.ide
Using IDE file age-akak.ide
Using IDE file fondu-cd.ide
Using IDE file wonto-kg.ide
Using IDE file vb-huc.ide
Using IDE file zbot-jdx.ide
Using IDE file age-akar.ide
Using IDE file mdro-giu.ide
Using IDE file weels-jn.ide
Using IDE file rarma-ac.ide
Using IDE file vb-hun.ide
Using IDE file fondu-cf.ide
Using IDE file age-akbh.ide
Using IDE file age-ajwl.ide
Using IDE file age-akbn.ide
Using IDE file auto-arj.ide
Using IDE file age-akbu.ide
Using IDE file wonto-kq.ide
Using IDE file age-akcb.ide
Using IDE file spyeye-k.ide
Using IDE file msil-ats.ide
Using IDE file zbot-jel.ide
Using IDE file msil-atz.ide
Using IDE file vb-hus.ide
Using IDE file msil-auf.ide
Using IDE file msil-awo.ide
Using IDE file vb-hve.ide
Using IDE file age-akce.ide
Using IDE file rovnix-i.ide
Using IDE file wonto-kv.ide
Using IDE file javab-uy.ide
Using IDE file msil-avd.ide
Using IDE file emote-ac.ide
Using IDE file weels-jt.ide
Using IDE file yakes-aw.ide
Using IDE file docdl-bu.ide
Using IDE file dndown-b.ide
Using IDE file msil-axa.ide
Using IDE file age-akdd.ide
Using IDE file banlo-yv.ide
Using IDE file age-akdo.ide
Using IDE file rtfex-bm.ide
Using IDE file vb-any.ide
Using IDE file auto-arp.ide
Using IDE file wintri-w.ide
Using IDE file age-akea.ide
Using IDE file banlo-yy.ide
Using IDE file msili-dz.ide
Using IDE file docdl-bx.ide
Using IDE file bank-ggg.ide
Using IDE file heofuv-a.ide
Using IDE file fonten-a.ide
Using IDE file msil-avi.ide
Using IDE file banke-ev.ide
Using IDE file vbzbot-y.ide
Using IDE file vawtra-s.ide
Using IDE file wonto-lh.ide
Using IDE file dwnl-mas.ide
Using IDE file html-ad.ide
Using IDE file age-akfm.ide
Using IDE file rans-aoa.ide
Using IDE file msil-ayk.ide
Using IDE file mbrloc-b.ide
Using IDE file fondu-ch.ide
Using IDE file banlo-zb.ide
Using IDE file bank-ggk.ide
Using IDE file msil-awb.ide
Using IDE file zbot-jgf.ide
Using IDE file age-akgh.ide
Using IDE file vb-huq.ide
Using IDE file docdl-by.ide
Using IDE file msil-atx.ide
Using IDE file rans-aob.ide
Using IDE file age-akgj.ide
Using IDE file age-akgo.ide
Using IDE file farei-di.ide
Using IDE file age-akdz.ide
Using IDE file age-akgr.ide
Using IDE file zbot-jgg.ide
Using IDE file age-akhc.ide
Using IDE file fondu-ci.ide
Using IDE file atraps-h.ide
Using IDE file weelso-r.ide
Using IDE file msil-awr.ide
Using IDE file msil-ayv.ide
Using IDE file zbot-jgm.ide
Using IDE file proch-ab.ide
Using IDE file age-akim.ide
Using IDE file msil-azf.ide
Using IDE file tracu-by.ide
Using IDE file java-wd.ide
Using IDE file emote-af.ide
Using IDE file limita-s.ide
Using IDE file dwnl-mav.ide
Using IDE file age-akjj.ide
Using IDE file age-akjl.ide
Using IDE file rans-aod.ide
Using IDE file miner-ab.ide
Using IDE file msil-aya.ide
Using IDE file auto-arw.ide
Using IDE file omdork-c.ide
Using IDE file weels-jw.ide
Using IDE file dnsau-ac.ide
Using IDE file fondu-cj.ide
Using IDE file rans-any.ide
Using IDE file bank-ggp.ide
Using IDE file msil-azy.ide
Using IDE file age-akfc.ide
Using IDE file alure-ao.ide
Using IDE file fondu-ck.ide
Using IDE file jsage-eh.ide
Using IDE file keliho-v.ide
Using IDE file emote-am.ide
Using IDE file mdro-gjk.ide
Using IDE file msil-bae.ide
Using IDE file auto-arz.ide
Using IDE file java-we.ide
Using IDE file msil-bag.ide
Using IDE file age-akfn.ide
Using IDE file zbot-jhc.ide
Using IDE file msil-bai.ide
Using IDE file auto-arg.ide
Using IDE file vb-hxi.ide
Using IDE file rans-aoe.ide
Using IDE file vawtra-z.ide
Using IDE file dinih-bc.ide
Using IDE file vb-hxf.ide
Using IDE file necur-ct.ide
Using IDE file vbage-ad.ide
Using IDE file inje-bhg.ide
Using IDE file zbot-jhg.ide
Using IDE file age-aklf.ide
Using IDE file upatr-ha.ide
Using IDE file auto-asd.ide
Using IDE file auto-ase.ide
Using IDE file jsage-ej.ide
Using IDE file age-akic.ide
Using IDE file zbot-jho.ide
Using IDE file limitl-h.ide
Using IDE file docdl-cg.ide
Using IDE file inje-bhk.ide
Using IDE file rans-aoi.ide
Using IDE file dapat-bb.ide
Using IDE file msil-bbg.ide
Using IDE file vb-hxq.ide
Using IDE file zbot-jht.ide
Using IDE file bank-ggu.ide
Using IDE file backd-kl.ide
Using IDE file msil-bbq.ide
Using IDE file fondu-cl.ide
Using IDE file jsage-el.ide
Using IDE file msil-bbw.ide
Using IDE file age-akmn.ide
Using IDE file age-aknb.ide
Using IDE file mdro-gkd.ide
Using IDE file weels-kd.ide
Using IDE file keylo-qj.ide
Using IDE file rembat-a.ide
Using IDE file emote-as.ide
Using IDE file msil-bch.ide
Using IDE file wonto-lv.ide
Using IDE file msil-bci.ide
Using IDE file dwnl-mbm.ide
Using IDE file foxhie-c.ide
Using IDE file rovnix-j.ide
Using IDE file msil-bcp.ide
Using IDE file vb-hyb.ide
Using IDE file msil-lq.ide
Using IDE file docdl-ck.ide
Using IDE file dwnl-mbr.ide
Using IDE file bank-ggv.ide
Using IDE file wonto-lx.ide
Using IDE file delf-fvf.ide
Using IDE file age-akko.ide
Using IDE file age-akow.ide
Using IDE file hwpexp-a.ide
Using IDE file zegos-de.ide
Using IDE file dridex-c.ide
Using IDE file fondu-co.ide
Using IDE file rans-aon.ide
Using IDE file cutwa-bn.ide
Using IDE file wonto-mb.ide
Using IDE file age-akpq.ide
Using IDE file vb-hyh.ide
Using IDE file wonto-md.ide
Using IDE file graft-ai.ide
Using IDE file yakes-ba.ide
Using IDE file mdro-gjt.ide
Using IDE file bunitu-x.ide
Using IDE file zbot-jih.ide
Using IDE file auto-asm.ide
Using IDE file staser-d.ide
Using IDE file zbot-jhs.ide
Using IDE file cidox-ak.ide
Using IDE file bondat-i.ide
Using IDE file simda-cj.ide
Using IDE file mdro-gkn.ide
Using IDE file swfex-eu.ide
Using IDE file buzus-ik.ide
Using IDE file msil-bfb.ide
Using IDE file age-akmy.ide
Using IDE file dwnl-mck.ide
Using IDE file msil-bfd.ide
Using IDE file age-akng.ide
Using IDE file age-aksg.ide
Using IDE file age-aksk.ide
Using IDE file derusb-o.ide
Using IDE file msil-bfe.ide
Using IDE file graft-aj.ide
Using IDE file urelas-x.ide
Using IDE file tinba-k.ide
Using IDE file wonto-mf.ide
Using IDE file mfckry-b.ide
Using IDE file msil-lw.ide
Using IDE file msil-bcx.ide
Using IDE file zbot-jis.ide
Using IDE file age-aktg.ide
Using IDE file age-aktl.ide
Using IDE file age-akub.ide
Using IDE file age-akuf.ide
Using IDE file rans-aoy.ide
Using IDE file sefni-cm.ide
Using IDE file rans-apa.ide
Using IDE file msil-bfq.ide
Using IDE file miner-ad.ide
Using IDE file age-akva.ide
Using IDE file hollin-a.ide
Using IDE file sefni-cn.ide
Using IDE file yakes-bb.ide
Using IDE file age-akpm.ide
Using IDE file zbot-jiy.ide
Using IDE file vawtr-ah.ide
Using IDE file age-akvr.ide
Using IDE file rans-aop.ide
Using IDE file bred-aos.ide
Using IDE file age-akqt.ide
Using IDE file docdl-cx.ide
Using IDE file dyreza-v.ide
Using IDE file upatr-hf.ide
Using IDE file delf-fvc.ide
Using IDE file age-akwa.ide
Using IDE file age-akru.ide
Using IDE file farei-dk.ide
Using IDE file blada-b.ide
Using IDE file pws-chh.ide
Using IDE file atraps-k.ide
Using IDE file age-akwc.ide
Using IDE file msil-bfz.ide
Using IDE file rans-apd.ide
Using IDE file age-akwe.ide
Using IDE file inje-big.ide
Using IDE file age-aksj.ide
Using IDE file banlo-zl.ide
Using IDE file age-akwm.ide
Using IDE file bladab-h.ide
Using IDE file cidox-al.ide
Using IDE file weels-kz.ide
Using IDE file rans-ape.ide
Using IDE file docdl-dc.ide
Using IDE file banlo-zm.ide
Using IDE file banlo-zn.ide
Using IDE file rans-apf.ide
Using IDE file age-akxn.ide
Using IDE file vawtra-a.ide
Using IDE file age-akxx.ide
Using IDE file limita-t.ide
Using IDE file fondu-cs.ide
Using IDE file bckd-rsq.ide
Using IDE file papra-aq.ide
Using IDE file kovter-j.ide
Using IDE file zusy-w.ide
Using IDE file auto-asw.ide
Using IDE file puves-b.ide
Using IDE file kuluo-ct.ide
Using IDE file bckd-rsr.ide
Using IDE file vb-hyu.ide
Using IDE file age-akvl.ide
Using IDE file javab-vi.ide
Using IDE file msil-bft.ide
Using IDE file inje-bii.ide
Using IDE file dwnl-mcs.ide
Using IDE file msil-bgq.ide
Using IDE file silly-lx.ide
Using IDE file age-akvw.ide
Using IDE file zbot-jja.ide
Using IDE file msil-bgu.ide
Using IDE file zbot-sz.ide
Using IDE file miure-aa.ide
Using IDE file dwnl-mcu.ide
Using IDE file dwnl-mcv.ide
Using IDE file vawtr-ai.ide
Using IDE file age-akyq.ide
Using IDE file revet-ed.ide
Using IDE file vbs-el.ide
Using IDE file inje-bij.ide
Using IDE file msili-ek.ide
Using IDE file msil-bgw.ide
Using IDE file weels-lf.ide
Using IDE file weels-lg.ide
Using IDE file age-akzi.ide
Using IDE file age-akxh.ide
Using IDE file age-akxi.ide
Using IDE file vbzbo-ae.ide
Using IDE file age-akxv.ide
Using IDE file age-akzj.ide
Using IDE file fondu-cv.ide
Using IDE file wonto-mi.ide
Using IDE file javab-vj.ide
Using IDE file mdro-gkk.ide
Using IDE file mdro-gkv.ide
Using IDE file age-akzo.ide
Using IDE file zbot-jiu.ide
Using IDE file rans-apb.ide
Using IDE file zbot-jjt.ide
Using IDE file vbinj-kf.ide
Using IDE file auto-asn.ide
Using IDE file rans-api.ide
Using IDE file delf-fvm.ide
Using IDE file age-akun.ide
Using IDE file age-akuz.ide
Using IDE file msil-bgx.ide
Using IDE file msil-bgy.ide
Using IDE file age-akzp.ide
Using IDE file msil-bgz.ide
Using IDE file age-akzq.ide
Using IDE file age-akzr.ide
Using IDE file delf-fvn.ide
Using IDE file neurev-n.ide
Using IDE file bank-ghj.ide
Using IDE file msil-bgt.ide
Using IDE file msil-bhc.ide
Using IDE file kovter-k.ide
Using IDE file wonto-mm.ide
Using IDE file vb-hzf.ide
Using IDE file age-alaj.ide
Using IDE file hkmai-bz.ide
Using IDE file msil-bhf.ide
Using IDE file dridex-j.ide
Using IDE file banc-cap.ide
Using IDE file rans-apj.ide
Using IDE file qbot-ci.ide
Using IDE file fondu-cz.ide
Using IDE file inje-bil.ide
Using IDE file zbot-jjx.ide
Using IDE file age-alaw.ide
Using IDE file sefni-cp.ide
Using IDE file docdl-dg.ide
Using IDE file feret-l.ide
Using IDE file msil-bhv.ide
Using IDE file inje-bip.ide
Using IDE file boaxx-aj.ide
Using IDE file fondu-db.ide
Using IDE file zbot-jjy.ide
Using IDE file banlo-zs.ide
Using IDE file bank-ghl.ide
Using IDE file vb-hzm.ide
Using IDE file fondu-dc.ide
Using IDE file bckd-rss.ide
Using IDE file msil-bia.ide
Using IDE file vb-hzs.ide
Using IDE file zbot-jjz.ide
Using IDE file msil-bif.ide
Using IDE file limita-y.ide
Quick Sweeping
1 master boot record swept.
3 boot sectors swept.
374302 files swept in 57 minutes and 6 seconds.
No viruses were discovered.
End of Sweep.
Heute morgen habe ich dann den Bootscan nochmal ausgeführt nachdem Sophos nichts gefunden hat. Win32:Somoto-J und Wind32:Somoto-R wurden erfolgreich in Quarantäne verschoben. Code:
ATTFilter 01/10/2015 08:12
Prüfung aller lokalen Laufwerke
Datei C:\Users\localhost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C0QWP0B0\BiTool[1].dll ist infiziert von Win32:Somoto-J [PUP], In Container verschoben
Datei C:\Users\localhost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QBODEA7G\setup[1].exe ist infiziert von Win32:Somoto-R [PUP], In Container verschoben
Datei C:\Users\localhost\Downloads\Sculptris-Alpha6-Windows.zip|>Sculptris Alpha 6.exe Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\ProgramData\Package Cache\943AF34AE1A51C1285046AC828104E7ACB381F63\packages\dotNetFramework\NDP451-KB2858728-x86-x64-AllOS-DEU.exe Fehler 42110 {Die Datei ist eine Archivbombe.}
Datei C:\Windows\SoftwareDistribution\Download\5618ce1d4deba09cfb6cb626c97e7eb7\BITC767.tmp|>2 Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei C:\Windows\SoftwareDistribution\Download\b658c97998a866ba531cb3f65306185c\BIT9170.tmp|>.\.\.\NDP45-KB2750147.msp|>mscordbi_dll_amd64 Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei C:\Windows\SoftwareDistribution\Download\b658c97998a866ba531cb3f65306185c\BIT9170.tmp|>.\.\.\NDP45-KB2750147.msp Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei E:\LOCALHOST-PC\Backup Set 2014-11-04 145122\Backup Files 2014-11-16 190000\Backup files 7.zip|>C\Users\localhost\Downloads\eclipse-jee-luna-SR1-win32-x86_64.zip|>eclipse\plugins\org.eclipse.jface.text_3.9.1.v20140827-1810.jar Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei E:\LOCALHOST-PC\Backup Set 2014-11-04 145122\Backup Files 2014-11-23 190001\Backup files 16.zip|>C\Users\localhost\Downloads\Sculptris-Alpha6-Windows.zip|>Sculptris Alpha 6.exe Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei E:\LOCALHOST-PC\Backup Set 2014-12-14 190001\Backup Files 2014-12-14 190001\Backup files 28.zip|>C\Users\localhost\Downloads\eclipse-jee-luna-SR1-win32-x86_64.zip|>eclipse\plugins\org.eclipse.jface.text_3.9.1.v20140827-1810.jar Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei E:\LOCALHOST-PC\Backup Set 2014-12-14 190001\Backup Files 2014-12-14 190001\Backup files 30.zip|>C\Users\localhost\Downloads\Sculptris-Alpha6-Windows.zip|>Sculptris Alpha 6.exe Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei E:\Programme\Steam\SteamApps\common\Counter-Strike Source\cstrike\cache\tbody.vtf.bz20000|>{bzip} Fehler 42130 {BZIP2-Archiv ist beschädigt.}
Anzahl durchsuchter Ordner: 72098
Anzahl der geprüften Dateien: 2612729
Anzahl infizierter Dateien: 2
Code:
ATTFilter # AdwCleaner v4.107 - Bericht erstellt am 10/01/2015 um 08:09:09
# Aktualisiert 07/01/2015 von Xplode
# Database : 2014-12-21.4 [Local]
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : localhost - LOCALHOST-PC
# Gestartet von : C:\Users\localhost\Downloads\adwcleaner_4.107.exe
# Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Mozilla Firefox v33.0.2 (x86 de)
*************************
AdwCleaner[R0].txt - [6686 octets] - [09/01/2015 21:14:21]
AdwCleaner[R1].txt - [1012 octets] - [09/01/2015 21:40:27]
AdwCleaner[R2].txt - [776 octets] - [10/01/2015 08:09:09]
AdwCleaner[S0].txt - [5948 octets] - [09/01/2015 21:15:52]
AdwCleaner[S1].txt - [1083 octets] - [09/01/2015 21:42:03]
########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [955 octets] ##########
Code:
ATTFilter # AdwCleaner v4.107 - Bericht erstellt am 10/01/2015 um 08:10:38
# Aktualisiert 07/01/2015 von Xplode
# Database : 2014-12-21.4 [Local]
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : localhost - LOCALHOST-PC
# Gestartet von : C:\Users\localhost\Downloads\adwcleaner_4.107.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Mozilla Firefox v33.0.2 (x86 de)
*************************
AdwCleaner[R0].txt - [6686 octets] - [09/01/2015 21:14:21]
AdwCleaner[R1].txt - [1012 octets] - [09/01/2015 21:40:27]
AdwCleaner[R2].txt - [1034 octets] - [10/01/2015 08:09:09]
AdwCleaner[S0].txt - [5948 octets] - [09/01/2015 21:15:52]
AdwCleaner[S1].txt - [1083 octets] - [09/01/2015 21:42:03]
AdwCleaner[S2].txt - [957 octets] - [10/01/2015 08:10:38]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1016 octets] ##########
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 09.01.2015 Scan Time: 21:44:45 Logfile: mb2log.txt Administrator: Yes Version: 2.00.4.1028 Malware Database: v2015.01.09.16 Rootkit Database: v2015.01.07.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: localhost Scan Type: Threat Scan Result: Completed Objects Scanned: 328354 Time Elapsed: 27 min, 0 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Ich habe gerade händisch nachgeschaut. Sie sind noch da. Grüße haskeer Geändert von haskeer (10.01.2015 um 11:37 Uhr) Grund: AdwCleaner "Option: Löschen" Logs hinzugefügt. |
| Themen zu Nach Daemon Tools Lite installation eine Infektion, bin ich wieder clean? |
| adware, antivirus, askbar, avast, browser, detected, explorer, fehler, firefox, iexplore.exe, infiziert, install.exe, installation, internet explorer, launch, log, löschen, malwarebytes, microsoft, mozilla, ordner, programme, scan, software, suche, system, temp, windows |
Baum-Darstellung