Verdacht auf JS/Redirector.NDS Trojaner oder anderes

D8ywalker · 09.04.2019, 19:22

Hallo cosinus.

AdwCleaner[S00].txt

Code:

ATTFilter

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build:    04-04-2019
# Database: 2019-04-05.4 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    04-06-2019
# Duration: 00:01:04
# OS:       Windows 8.1
# Scanned:  27253
# Detected: 70


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.DownloadSponsor    C:\Users\XXX\AppData\Local\Temp\DMR
PUP.Optional.GreatDealz         C:\Program Files (x86)\GreatDealz
PUP.Optional.Legacy             C:\Users\XXX\AppData\Local\Temp\APNLogs
PUP.Optional.Legacy             C:\Users\XXX\AppData\Roaming\DESKTOPICONAMAZON
Rogue.ForcedExtension           C:\ProgramData\apn
Rogue.ForcedExtension           C:\Users\XXX\AppData\Local\Temp\apn

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Ask                HKLM\Software\Wow6432Node\AskPartnerNetwork
PUP.Optional.Ask                HKU\.DEFAULT\Software\AskPartnerNetwork
PUP.Optional.Ask                HKU\S-1-5-18\Software\AskPartnerNetwork
PUP.Optional.Conduit            HKLM\Software\Wow6432Node\Conduit
PUP.Optional.GetNow.A           HKLM\Software\Classes\Interface\{237FDFDB-3722-470E-8BA8-90196DABE967}
PUP.Optional.GetNow.A           HKLM\Software\Wow6432Node\\Classes\Interface\{237FDFDB-3722-470E-8BA8-90196DABE967}
PUP.Optional.HomeTab            HKCU\Software\HomeTab
PUP.Optional.Iminent            HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
PUP.Optional.Iminent            HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
PUP.Optional.Iminent            HKLM\Software\Wow6432Node\Iminent
PUP.Optional.Iminent            HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
PUP.Optional.Iminent            HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
PUP.Optional.Legacy             HKCU\Software\APN PIP
PUP.Optional.Legacy             HKCU\Software\Appscion
PUP.Optional.Legacy             HKCU\Software\Kromtech
PUP.Optional.Legacy             HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mystartsearch.com
PUP.Optional.Legacy             HKCU\Software\Microsoft\Internet Explorer\Main|Default_Page_URL
PUP.Optional.Legacy             HKCU\Software\Microsoft\Internet Explorer\Main|Start Page
PUP.Optional.Legacy             HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
PUP.Optional.Legacy             HKCU\Software\Mozilla\Extends
PUP.Optional.Legacy             HKCU\Software\SIMPLYTECH
PUP.Optional.Legacy             HKLM\Software\Classes\Installer\Features\ADE301FD73976694E8BFE55F3C38102F
PUP.Optional.Legacy             HKLM\Software\Classes\Installer\Products\ADE301FD73976694E8BFE55F3C38102F
PUP.Optional.Legacy             HKLM\Software\Classes\TypeLib\{F126C9FC-9299-40F2-BD42-C59023AD1E7F}
PUP.Optional.Legacy             HKLM\Software\Microsoft\Internet Explorer\Main|Default_Page_URL
PUP.Optional.Legacy             HKLM\Software\Microsoft\Internet Explorer\Main|Default_Search_URL
PUP.Optional.Legacy             HKLM\Software\Microsoft\Internet Explorer\Main|Search Page
PUP.Optional.Legacy             HKLM\Software\Microsoft\Internet Explorer\Main|Start Page
PUP.Optional.Legacy             HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\499E8534DA7E759419D2048CB780D3D5
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5DCE3C04E576AD15F972B67D0725120C
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\62255E52F19EC97429A42D59D49024FA
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\930D9472A978D7A4EB16BF4DECB173B7
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AEB93799E8B47D14CA356E4343D632A4
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE7C2A75DF08824E9CEFDE20F655BD9
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\ADE301FD73976694E8BFE55F3C38102F
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\AIM Toolbar
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\SpeedBit
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\TypeLib\{F126C9FC-9299-40F2-BD42-C59023AD1E7F}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Main|Default_Page_URL
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Main|Default_Search_URL
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Main|Search Page
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Main|Start Page
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{DF103EDA-7937-4966-8EFB-5EF5C38301F2}
PUP.Optional.Linkey.AppFlsh     HKCU\Software\Linkey
PUP.Optional.Linkey.AppFlsh     HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
PUP.Optional.Linkey.AppFlsh     HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
PUP.Optional.MyStartSearch.ShrtCln HKLM\Software\Wow6432Node\mystartsearchSoftware
PUP.Optional.SearchProtect.AppFlsh HKCU\Software\SearchProtectWS
PUP.Optional.TidyNetwork        HKCU\Software\TNT2
PUP.Optional.Vosteran           HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
PUP.Optional.Vosteran           HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
PUP.Optional.Wajam              HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
PUP.Optional.Wajam              HKCU\Software\WajIntEnhance
PUP.Optional.Wajam              HKLM\Software\Wow6432Node\WajIntEnhance
PUP.Optional.Wajam              HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance

***** [ Chromium (and derivatives) ] *****

PUP.Optional.GreatDealz         GreatDealz
PUP.Optional.GreatDealz         GreatDealz

***** [ Chromium URLs ] *****

PUP.Optional.Legacy             Websuche

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

AdwCleaner[C00].txt

Code:

ATTFilter

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build:    04-04-2019
# Database: 2019-04-05.4 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    04-06-2019
# Duration: 00:00:11
# OS:       Windows 8.1
# Cleaned:  69
# Failed:   1


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\Program Files (x86)\GreatDealz
Deleted       C:\ProgramData\apn
Deleted       C:\Users\XXX\AppData\Local\Temp\APNLogs
Deleted       C:\Users\XXX\AppData\Local\Temp\DMR
Deleted       C:\Users\XXX\AppData\Local\Temp\apn
Deleted       C:\Users\XXX\AppData\Roaming\DESKTOPICONAMAZON

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\APN PIP
Deleted       HKCU\Software\Appscion
Deleted       HKCU\Software\HomeTab
Deleted       HKCU\Software\Kromtech
Deleted       HKCU\Software\Linkey
Deleted       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mystartsearch.com
Deleted       HKCU\Software\Microsoft\Internet Explorer\Main|Default_Page_URL
Deleted       HKCU\Software\Microsoft\Internet Explorer\Main|Start Page
Deleted       HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
Deleted       HKCU\Software\Mozilla\Extends
Deleted       HKCU\Software\SIMPLYTECH
Deleted       HKCU\Software\SearchProtectWS
Deleted       HKCU\Software\TNT2
Deleted       HKCU\Software\WajIntEnhance
Deleted       HKLM\Software\Classes\Installer\Features\ADE301FD73976694E8BFE55F3C38102F
Deleted       HKLM\Software\Classes\Installer\Products\ADE301FD73976694E8BFE55F3C38102F
Deleted       HKLM\Software\Classes\Interface\{237FDFDB-3722-470E-8BA8-90196DABE967}
Deleted       HKLM\Software\Classes\TypeLib\{F126C9FC-9299-40F2-BD42-C59023AD1E7F}
Deleted       HKLM\Software\Microsoft\Internet Explorer\Main|Default_Page_URL
Deleted       HKLM\Software\Microsoft\Internet Explorer\Main|Default_Search_URL
Deleted       HKLM\Software\Microsoft\Internet Explorer\Main|Search Page
Deleted       HKLM\Software\Microsoft\Internet Explorer\Main|Start Page
Deleted       HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\499E8534DA7E759419D2048CB780D3D5
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5DCE3C04E576AD15F972B67D0725120C
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\62255E52F19EC97429A42D59D49024FA
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\930D9472A978D7A4EB16BF4DECB173B7
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AEB93799E8B47D14CA356E4343D632A4
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE7C2A75DF08824E9CEFDE20F655BD9
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\ADE301FD73976694E8BFE55F3C38102F
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon
Deleted       HKLM\Software\Wow6432Node\AIM Toolbar
Deleted       HKLM\Software\Wow6432Node\AskPartnerNetwork
Deleted       HKLM\Software\Wow6432Node\Conduit
Deleted       HKLM\Software\Wow6432Node\Iminent
Deleted       HKLM\Software\Wow6432Node\SpeedBit
Deleted       HKLM\Software\Wow6432Node\WajIntEnhance
Deleted       HKLM\Software\Wow6432Node\\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{237FDFDB-3722-470E-8BA8-90196DABE967}
Deleted       HKLM\Software\Wow6432Node\\Classes\TypeLib\{F126C9FC-9299-40F2-BD42-C59023AD1E7F}
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Main|Default_Page_URL
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Main|Default_Search_URL
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Main|Search Page
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Main|Start Page
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{DF103EDA-7937-4966-8EFB-5EF5C38301F2}
Deleted       HKLM\Software\Wow6432Node\mystartsearchSoftware
Deleted       HKU\.DEFAULT\Software\AskPartnerNetwork
Deleted       HKU\S-1-5-18\Software\AskPartnerNetwork

***** [ Chromium (and derivatives) ] *****

Deleted       GreatDealz
Deleted       GreatDealz

***** [ Chromium URLs ] *****

Not Deleted   Websuche

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [7825 octets] - [06/04/2019 00:47:17]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

AdwCleaner[S01]

Code:

ATTFilter

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build:    04-04-2019
# Database: 2019-04-05.4 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    04-06-2019
# Duration: 00:02:02
# OS:       Windows 8.1
# Scanned:  27253
# Detected: 1


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

PUP.Optional.Legacy             Websuche

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.


AdwCleaner[S00].txt - [7825 octets] - [06/04/2019 00:47:17]
AdwCleaner[C00].txt - [6737 octets] - [06/04/2019 00:50:11]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########

AdwCleaner[C01]

Code:

ATTFilter

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build:    04-04-2019
# Database: 2019-04-05.4 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    04-06-2019
# Duration: 00:00:05
# OS:       Windows 8.1
# Cleaned:  1
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted       Websuche

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [7825 octets] - [06/04/2019 00:47:17]
AdwCleaner[C00].txt - [6737 octets] - [06/04/2019 00:50:11]
AdwCleaner[S01].txt - [1375 octets] - [06/04/2019 00:56:38]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

1. Logdatei von Malwarebytes:

Code:

ATTFilter

Malwarebytes
www.malwarebytes.com

-Protokolldetails-
Scan-Datum: 06.04.19
Scan-Zeit: 01:00
Protokolldatei: 9ffbd92e-57f6-11e9-9969-00ffa8751192.json

-Softwaredaten-
Version: 3.7.1.2839
Komponentenversion: 1.0.563
Version des Aktualisierungspakets: 1.0.10020
Lizenz: Testversion

-Systemdaten-
Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Lenovo-PC\XXX

-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Scan gestartet von: Manuell
Ergebnis: Abgeschlossen
Gescannte Objekte: 339853
Erkannte Bedrohungen: 24
In die Quarantäne verschobene Bedrohungen: 24
Abgelaufene Zeit: 28 Min., 5 Sek.

-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung

-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)

Modul: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 1
PUP.Optional.GreatDealz, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\lobonlhedgiilkfmbbbfhkaoefacipgj, In Quarantäne, [1990], [466866],1.0.10020

Registrierungswert: 4
PUP.Optional.QuickSearch, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|QUICK_SEARCHFF@GMAIL.COM, In Quarantäne, [1793], [242147],1.0.10020
PUP.Optional.SweetSearch, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|SWEETSEARCH@GMAIL.COM, In Quarantäne, [1806], [243783],1.0.10020
PUP.Optional.GreatDealz, HKU\S-1-5-21-965771038-3601179901-3098486832-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|LOBONLHEDGIILKFMBBBFHKAOEFACIPGJ, In Quarantäne, [1990], [466866],1.0.10020
PUP.Optional.GreatDealz, HKU\S-1-5-21-965771038-3601179901-3098486832-501\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|LOBONLHEDGIILKFMBBBFHKAOEFACIPGJ, In Quarantäne, [1990], [466866],1.0.10020

Registrierungsdaten: 4
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DEFAULTSCOPE, Ersetzt, [5355], [292819],1.0.10020
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DEFAULTSCOPE, Ersetzt, [5355], [292819],1.0.10020
PUP.Optional.MyStartSearch.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND|, Ersetzt, [1269], [291173],1.0.10020
PUP.Optional.MyStartSearch.ShrtCln, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND|, Ersetzt, [1269], [291173],1.0.10020

Daten-Stream: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Datei: 15
PUP.Optional.MindSpark.Generic, C:\USERS\XXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_onlinemapfinder.dl.myway.com_0.localstorage, In Quarantäne, [1738], [443124],1.0.10020
PUP.Optional.MindSpark.Generic, C:\USERS\XXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_onlinemapfinder.dl.myway.com_0.localstorage-journal, In Quarantäne, [1738], [443124],1.0.10020
PUP.Optional.MindSpark.Generic, C:\USERS\XXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_smsfrombrowser.dl.myway.com_0.localstorage, In Quarantäne, [1738], [443124],1.0.10020
PUP.Optional.MindSpark.Generic, C:\USERS\XXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_smsfrombrowser.dl.myway.com_0.localstorage-journal, In Quarantäne, [1738], [443124],1.0.10020
PUP.Optional.MindSpark.Generic, C:\USERS\XXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_onlinemapfinder.dl.tb.ask.com_0.localstorage, In Quarantäne, [1738], [443123],1.0.10020
PUP.Optional.MindSpark.Generic, C:\USERS\XXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_onlinemapfinder.dl.tb.ask.com_0.localstorage-journal, In Quarantäne, [1738], [443123],1.0.10020
PUP.Optional.MindSpark.Generic, C:\USERS\XXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_smsfrombrowser.dl.tb.ask.com_0.localstorage, In Quarantäne, [1738], [443123],1.0.10020
PUP.Optional.MindSpark.Generic, C:\USERS\XXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_smsfrombrowser.dl.tb.ask.com_0.localstorage-journal, In Quarantäne, [1738], [443123],1.0.10020
PUP.Optional.MyStartSearch, C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S2B9ZJ20.DEFAULT-1422644049619\PREFS.JS, Ersetzt, [5372], [301487],1.0.10020
PUP.Optional.QuickStart, C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S2B9ZJ20.DEFAULT-1422644049619\PREFS.JS, Ersetzt, [1896], [301610],1.0.10020
PUP.Optional.DownloadGuide, C:\$RECYCLE.BIN\S-1-5-21-965771038-3601179901-3098486832-1001\$R0KJ0W9.EXE, In Quarantäne, [2687], [100902],1.0.10020
PUP.Optional.ASK, C:\$RECYCLE.BIN\S-1-5-21-965771038-3601179901-3098486832-1001\$R6UJ00F.EXE, In Quarantäne, [2], [383618],1.0.10020
PUP.Optional.ASK, C:\$RECYCLE.BIN\S-1-5-21-965771038-3601179901-3098486832-1001\$R65TJW1.EXE, In Quarantäne, [2], [383618],1.0.10020
PUP.Optional.DownloadGuide, C:\$RECYCLE.BIN\S-1-5-21-965771038-3601179901-3098486832-1001\$RIK8UMX.EXE, In Quarantäne, [2687], [100902],1.0.10020
Generic.Malware/Suspicious, C:\USERS\XXX\APPDATA\LOCAL\TEMP\DHLKUNDEN_439875450020573475048.ZIP, In Quarantäne, [0], [392686],1.0.10020

Physischer Sektor: 0
(keine bösartigen Elemente erkannt)

WMI: 0
(keine bösartigen Elemente erkannt)


(end)

2. Logdatei von Malwarebytes:

Code:

ATTFilter

Malwarebytes
www.malwarebytes.com

-Protokolldetails-
Scan-Datum: 09.04.19
Scan-Zeit: 07:51
Protokolldatei: 82c03700-5a8b-11e9-8aac-00ffa8751192.json

-Softwaredaten-
Version: 3.7.1.2839
Komponentenversion: 1.0.563
Version des Aktualisierungspakets: 1.0.10058
Lizenz: Testversion

-Systemdaten-
Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: System

-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Scan gestartet von: Zeitplaner
Ergebnis: Abgeschlossen
Gescannte Objekte: 325839
Erkannte Bedrohungen: 0
In die Quarantäne verschobene Bedrohungen: 0
Abgelaufene Zeit: 43 Min., 22 Sek.

-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung

-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)

Modul: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswert: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Daten-Stream: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Datei: 0
(keine bösartigen Elemente erkannt)

Physischer Sektor: 0
(keine bösartigen Elemente erkannt)

WMI: 0
(keine bösartigen Elemente erkannt)


(end)

Ich bedanke mich!

Verdacht auf JS/Redirector.NDS Trojaner oder anderes

Log-Analyse und Auswertung: Verdacht auf JS/Redirector.NDS Trojaner oder anderes

Verdacht auf JS/Redirector.NDS Trojaner oder anderes

Ähnliche Themen: Verdacht auf JS/Redirector.NDS Trojaner oder anderes