Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 15.04.2014
Suchlauf-Zeit: 18:02:10
Logdatei: mbam.txt
Administrator: Ja
Version: 2.00.1.1004
Malware Datenbank: v2014.04.15.07
Rootkit Datenbank: v2014.03.27.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Chameleon: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Thomas
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 306114
Verstrichene Zeit: 39 Min, 25 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 3
PUP.Optional.HigherAurum.A, C:\Program Files (x86)\Higher Aurum\bin\utilHigherAurum.exe, 6884, Löschen bei Neustart, [f01014ecd42cfe02d6843f0f2bd616ea]
PUP.Optional.HigherAurum.A, C:\Program Files (x86)\Higher Aurum\updateHigherAurum.exe, 592, Löschen bei Neustart, [39c74eb2a858639d73e7ada116eb728e]
PUP.Optional.NetData.A, C:\Users\Thomas\AppData\Roaming\Windows Net Data\net.exe, 2412, Löschen bei Neustart, [dc24ff01ee12916fe320840b37cc49b7]
Module: 0
(No malicious items detected)
Registrierungsschlüssel: 9
PUP.Optional.HigherAurum.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util Higher Aurum, In Quarantäne, [f01014ecd42cfe02d6843f0f2bd616ea],
PUP.Optional.HigherAurum.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Higher Aurum, In Quarantäne, [39c74eb2a858639d73e7ada116eb728e],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, In Quarantäne, [ac548c7480809d634c6bdd6cb64c8e72],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, In Quarantäne, [ac548c7480809d634c6bdd6cb64c8e72],
PUP.Optional.NetData.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Windows Utils, In Quarantäne, [dc24ff01ee12916fe320840b37cc49b7],
PUP.Optional.Sambreel, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Higher Aurum, In Quarantäne, [d12f54ac16eae51b47b6f5a937cc26da],
Trojan.Agent, HKLM\SOFTWARE\WOW6432NODE\Higher Aurum, In Quarantäne, [22de31cf3fc137c9f77d582310f2af51],
PUP.Optional.HigherAurum.A, HKLM\SOFTWARE\WOW6432NODE\Higher Aurum, In Quarantäne, [3fc111ef40c0be42864e0a9ed42f4ab6],
PUP.Optional.HigherAurum.A, HKU\S-1-5-21-1739335617-45622530-1743251556-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Higher Aurum, In Quarantäne, [4eb22ed27b85d22ea62f3f6907fc4db3],
Registrierungswerte: 0
(No malicious items detected)
Registrierungsdaten: 0
(No malicious items detected)
Ordner: 8
PUP.Optional.NetData.A, C:\Users\Thomas\AppData\Roaming\Windows Net Data, Löschen bei Neustart, [dc24ff01ee12916fe320840b37cc49b7],
PUP.Optional.Sambreel, C:\Program Files (x86)\Higher Aurum, Löschen bei Neustart, [d12f54ac16eae51b47b6f5a937cc26da],
PUP.Optional.Sambreel, C:\Program Files (x86)\Higher Aurum\bin, Löschen bei Neustart, [d12f54ac16eae51b47b6f5a937cc26da],
PUP.Optional.Sambreel, C:\Program Files (x86)\Higher Aurum\bin\plugins, In Quarantäne, [d12f54ac16eae51b47b6f5a937cc26da],
PUP.Optional.OpenCandy, C:\Users\Thomas\AppData\Roaming\OpenCandy, In Quarantäne, [48b8a35d7a86bd438be58dcfd72b31cf],
PUP.Optional.OpenCandy, C:\Users\Thomas\AppData\Roaming\OpenCandy\C29261CB136948EEA83C3BB8260B9135, In Quarantäne, [48b8a35d7a86bd438be58dcfd72b31cf],
PUP.Optional.HigherAurum.A, C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gagdebbdflpnhgahjichmoigigfbbmon, In Quarantäne, [be426799d22ee61a1fc2bea10101d62a],
PUP.Optional.HigherAurum.A, C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gagdebbdflpnhgahjichmoigigfbbmon\1.0.1_0, In Quarantäne, [be426799d22ee61a1fc2bea10101d62a],
Dateien: 29
PUP.Optional.HigherAurum.A, C:\Program Files (x86)\Higher Aurum\bin\utilHigherAurum.exe, Löschen bei Neustart, [f01014ecd42cfe02d6843f0f2bd616ea],
PUP.Optional.HigherAurum.A, C:\Program Files (x86)\Higher Aurum\updateHigherAurum.exe, Löschen bei Neustart, [39c74eb2a858639d73e7ada116eb728e],
PUP.Optional.RegCleanPro, C:\Users\Thomas\Downloads\rcpsetupapnnew_apnnew2_1049999_at.exe, In Quarantäne, [5ba56799a759966acabf969eb54b19e7],
PUP.Optional.BSDownloader, C:\Users\Thomas\Downloads\Brothersoft_downloader_For_Homeworld.exe, In Quarantäne, [f10f57a9758b6c94cf88f32be21eeb15],
PUP.Optional.Spigot.A, C:\Users\Thomas\Downloads\YTD43Setup.exe, In Quarantäne, [d8286f91f709738ddaa0879ff60a12ee],
PUP.Optional.HigherAurum.A, C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\qdfswtkx.default\extensions\{9cfd4b14-8f9d-43c1-9616-4ac755908334}.xpi, In Quarantäne, [996769979868df216d6916592cd6f907],
PUP.Optional.PCPerformer.A, C:\Windows\System32\roboot64.exe, In Quarantäne, [fc04817f768af0100b8361131ae805fb],
PUP.Optional.NetData.A, C:\Users\Thomas\AppData\Roaming\Windows Net Data\well.dat, In Quarantäne, [dc24ff01ee12916fe320840b37cc49b7],
PUP.Optional.NetData.A, C:\Users\Thomas\AppData\Roaming\Windows Net Data\id.dat, In Quarantäne, [dc24ff01ee12916fe320840b37cc49b7],
PUP.Optional.NetData.A, C:\Users\Thomas\AppData\Roaming\Windows Net Data\net.exe, Löschen bei Neustart, [dc24ff01ee12916fe320840b37cc49b7],
PUP.Optional.NetData.A, C:\Users\Thomas\AppData\Roaming\Windows Net Data\uninstaller.exe, In Quarantäne, [dc24ff01ee12916fe320840b37cc49b7],
PUP.Optional.Sambreel, C:\Program Files (x86)\Higher Aurum\HigherAurum.ico, In Quarantäne, [d12f54ac16eae51b47b6f5a937cc26da],
PUP.Optional.Sambreel, C:\Program Files (x86)\Higher Aurum\gagdebbdflpnhgahjichmoigigfbbmon.crx, In Quarantäne, [d12f54ac16eae51b47b6f5a937cc26da],
PUP.Optional.Sambreel, C:\Program Files (x86)\Higher Aurum\HigherAurumUninstall.exe, In Quarantäne, [d12f54ac16eae51b47b6f5a937cc26da],
PUP.Optional.Sambreel, C:\Program Files (x86)\Higher Aurum\sqlite3.exe, In Quarantäne, [d12f54ac16eae51b47b6f5a937cc26da],
PUP.Optional.Sambreel, C:\Program Files (x86)\Higher Aurum\updateHigherAurum.InstallState, In Quarantäne, [d12f54ac16eae51b47b6f5a937cc26da],
PUP.Optional.Sambreel, C:\Program Files (x86)\Higher Aurum\bin\sqlite3.dll, In Quarantäne, [d12f54ac16eae51b47b6f5a937cc26da],
PUP.Optional.Sambreel, C:\Program Files (x86)\Higher Aurum\bin\utilHigherAurum.InstallState, In Quarantäne, [d12f54ac16eae51b47b6f5a937cc26da],
PUP.Optional.Sambreel, C:\Program Files (x86)\Higher Aurum\bin\plugins\HigherAurum.Bromon.dll, In Quarantäne, [d12f54ac16eae51b47b6f5a937cc26da],
PUP.Optional.Sambreel, C:\Program Files (x86)\Higher Aurum\bin\plugins\HigherAurum.CompatibilityChecker.dll, In Quarantäne, [d12f54ac16eae51b47b6f5a937cc26da],
PUP.Optional.Sambreel, C:\Program Files (x86)\Higher Aurum\bin\plugins\HigherAurum.FFUpdate.dll, In Quarantäne, [d12f54ac16eae51b47b6f5a937cc26da],
PUP.Optional.Sambreel, C:\Program Files (x86)\Higher Aurum\bin\plugins\HigherAurum.GCUpdate.dll, In Quarantäne, [d12f54ac16eae51b47b6f5a937cc26da],
PUP.Optional.Sambreel, C:\Program Files (x86)\Higher Aurum\bin\plugins\HigherAurum.IEUpdate.dll, In Quarantäne, [d12f54ac16eae51b47b6f5a937cc26da],
PUP.Optional.OpenCandy, C:\Users\Thomas\AppData\Roaming\OpenCandy\C29261CB136948EEA83C3BB8260B9135\TuneUpUtilities2013-2200213_de-DE.exe, In Quarantäne, [48b8a35d7a86bd438be58dcfd72b31cf],
PUP.Optional.HigherAurum.A, C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gagdebbdflpnhgahjichmoigigfbbmon\1.0.1_0\background.js, In Quarantäne, [be426799d22ee61a1fc2bea10101d62a],
PUP.Optional.HigherAurum.A, C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gagdebbdflpnhgahjichmoigigfbbmon\1.0.1_0\content.js, In Quarantäne, [be426799d22ee61a1fc2bea10101d62a],
PUP.Optional.HigherAurum.A, C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gagdebbdflpnhgahjichmoigigfbbmon\1.0.1_0\icon.png, In Quarantäne, [be426799d22ee61a1fc2bea10101d62a],
PUP.Optional.HigherAurum.A, C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gagdebbdflpnhgahjichmoigigfbbmon\1.0.1_0\manifest.json, In Quarantäne, [be426799d22ee61a1fc2bea10101d62a],
PUP.Optional.Ask.A, C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\qdfswtkx.default\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=135&systemid=414&v=n9195-116&apn_dtid=BND414&apn_ptnrs=AGA&apn_uid=5184284281164501&o=APN10649&q=");), Ersetzt,[e51b808011ef8c74b5e07ed0f60e33cd]
Physische Sektoren: 0
(No malicious items detected)
(end) Code:
# AdwCleaner v3.023 - Bericht erstellt am 15/04/2014 um 18:16:41
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Thomas - THOMAS-PC
# Gestartet von : C:\Users\Thomas\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\ProgramData\Browser Manager
Ordner Gelöscht : C:\Program Files (x86)\GreenTree Applications
Ordner Gelöscht : C:\Users\Thomas\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\Thomas\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\qdfswtkx.default\Extensions\EFGLQA@78ETGYN-0W7FN789T87.COM
Ordner Gelöscht : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\qdfswtkx.default\Extensions\sparpilot@sparpilot.com
Ordner Gelöscht : C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmlgoencnlndpglbocajlimaikjohmab
Datei Gelöscht : C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
Datei Gelöscht : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\qdfswtkx.default\searchplugins\Ask.xml
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\torch
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\systweak
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16521
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v28.0 (de)
[ Datei : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\qdfswtkx.default\prefs.js ]
Zeile gelöscht : user_pref("browser.search.order.1", "Ask.com");
Zeile gelöscht : user_pref("extensions.enabledAddons", "amazon-icon%40giga.de:1.1,greenwebplayer%40greentube.com:1.2.0,%7BB08F8994-AC71-AB07-5E09-CB39FD50DF38%7D:5.0.0.12144,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:[...]
Zeile gelöscht : user_pref("keyword.URL", "hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=135&systemid=414&v=n9195-116&apn_dtid=BND414&apn_ptnrs=AGA&apn_uid=5184284281164501&o=APN10649&q=");
-\\ Google Chrome v34.0.1847.116
[ Datei : C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [3671 octets] - [15/04/2014 18:15:08]
AdwCleaner[S0].txt - [3316 octets] - [15/04/2014 18:16:41]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3376 octets] ########## Junkware Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Thomas on 15.04.2014 at 18:22:21,79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\datamngr"
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
Successfully deleted: [Empty Folder] C:\Users\Thomas\appdata\local\{15A407F0-F531-4822-876F-1C24164147A4}
Successfully deleted: [Empty Folder] C:\Users\Thomas\appdata\local\{36D45A35-BEFA-4E6F-8628-0D0F14D6720C}
Successfully deleted: [Empty Folder] C:\Users\Thomas\appdata\local\{E09E0E1A-0F87-430A-BAAD-48FC685A30CD}
~~~ FireFox
Emptied folder: C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\qdfswtkx.default\minidumps [441 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.04.2014 at 22:36:53,44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ und frisches FRST Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 15.04.2014
Suchlauf-Zeit: 18:02:10
Logdatei: mbam.txt
Administrator: Ja
Version: 2.00.1.1004
Malware Datenbank: v2014.04.15.07
Rootkit Datenbank: v2014.03.27.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Chameleon: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Thomas
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 306114
Verstrichene Zeit: 39 Min, 25 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 3
PUP.Optional.HigherAurum.A, C:\Program Files (x86)\Higher Aurum\bin\utilHigherAurum.exe, 6884, Löschen bei Neustart, [f01014ecd42cfe02d6843f0f2bd616ea]
PUP.Optional.HigherAurum.A, C:\Program Files (x86)\Higher Aurum\updateHigherAurum.exe, 592, Löschen bei Neustart, [39c74eb2a858639d73e7ada116eb728e]
PUP.Optional.NetData.A, C:\Users\Thomas\AppData\Roaming\Windows Net Data\net.exe, 2412, Löschen bei Neustart, [dc24ff01ee12916fe320840b37cc49b7]
Module: 0
(No malicious items detected)
Registrierungsschlüssel: 9
PUP.Optional.HigherAurum.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util Higher Aurum, In Quarantäne, [f01014ecd42cfe02d6843f0f2bd616ea],
PUP.Optional.HigherAurum.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Higher Aurum, In Quarantäne, [39c74eb2a858639d73e7ada116eb728e],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, In Quarantäne, [ac548c7480809d634c6bdd6cb64c8e72],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, In Quarantäne, [ac548c7480809d634c6bdd6cb64c8e72],
PUP.Optional.NetData.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Windows Utils, In Quarantäne, [dc24ff01ee12916fe320840b37cc49b7],
PUP.Optional.Sambreel, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Higher Aurum, In Quarantäne, [d12f54ac16eae51b47b6f5a937cc26da],
Trojan.Agent, HKLM\SOFTWARE\WOW6432NODE\Higher Aurum, In Quarantäne, [22de31cf3fc137c9f77d582310f2af51],
PUP.Optional.HigherAurum.A, HKLM\SOFTWARE\WOW6432NODE\Higher Aurum, In Quarantäne, [3fc111ef40c0be42864e0a9ed42f4ab6],
PUP.Optional.HigherAurum.A, HKU\S-1-5-21-1739335617-45622530-1743251556-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Higher Aurum, In Quarantäne, [4eb22ed27b85d22ea62f3f6907fc4db3],
Registrierungswerte: 0
(No malicious items detected)
Registrierungsdaten: 0
(No malicious items detected)
Ordner: 8
PUP.Optional.NetData.A, C:\Users\Thomas\AppData\Roaming\Windows Net Data, Löschen bei Neustart, [dc24ff01ee12916fe320840b37cc49b7],
PUP.Optional.Sambreel, C:\Program Files (x86)\Higher Aurum, Löschen bei Neustart, [d12f54ac16eae51b47b6f5a937cc26da],
PUP.Optional.Sambreel, C:\Program Files (x86)\Higher Aurum\bin, Löschen bei Neustart, [d12f54ac16eae51b47b6f5a937cc26da],
PUP.Optional.Sambreel, C:\Program Files (x86)\Higher Aurum\bin\plugins, In Quarantäne, [d12f54ac16eae51b47b6f5a937cc26da],
PUP.Optional.OpenCandy, C:\Users\Thomas\AppData\Roaming\OpenCandy, In Quarantäne, [48b8a35d7a86bd438be58dcfd72b31cf],
PUP.Optional.OpenCandy, C:\Users\Thomas\AppData\Roaming\OpenCandy\C29261CB136948EEA83C3BB8260B9135, In Quarantäne, [48b8a35d7a86bd438be58dcfd72b31cf],
PUP.Optional.HigherAurum.A, C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gagdebbdflpnhgahjichmoigigfbbmon, In Quarantäne, [be426799d22ee61a1fc2bea10101d62a],
PUP.Optional.HigherAurum.A, C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gagdebbdflpnhgahjichmoigigfbbmon\1.0.1_0, In Quarantäne, [be426799d22ee61a1fc2bea10101d62a],
Dateien: 29
PUP.Optional.HigherAurum.A, C:\Program Files (x86)\Higher Aurum\bin\utilHigherAurum.exe, Löschen bei Neustart, [f01014ecd42cfe02d6843f0f2bd616ea],
PUP.Optional.HigherAurum.A, C:\Program Files (x86)\Higher Aurum\updateHigherAurum.exe, Löschen bei Neustart, [39c74eb2a858639d73e7ada116eb728e],
PUP.Optional.RegCleanPro, C:\Users\Thomas\Downloads\rcpsetupapnnew_apnnew2_1049999_at.exe, In Quarantäne, [5ba56799a759966acabf969eb54b19e7],
PUP.Optional.BSDownloader, C:\Users\Thomas\Downloads\Brothersoft_downloader_For_Homeworld.exe, In Quarantäne, [f10f57a9758b6c94cf88f32be21eeb15],
PUP.Optional.Spigot.A, C:\Users\Thomas\Downloads\YTD43Setup.exe, In Quarantäne, [d8286f91f709738ddaa0879ff60a12ee],
PUP.Optional.HigherAurum.A, C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\qdfswtkx.default\extensions\{9cfd4b14-8f9d-43c1-9616-4ac755908334}.xpi, In Quarantäne, [996769979868df216d6916592cd6f907],
PUP.Optional.PCPerformer.A, C:\Windows\System32\roboot64.exe, In Quarantäne, [fc04817f768af0100b8361131ae805fb],
PUP.Optional.NetData.A, C:\Users\Thomas\AppData\Roaming\Windows Net Data\well.dat, In Quarantäne, [dc24ff01ee12916fe320840b37cc49b7],
PUP.Optional.NetData.A, C:\Users\Thomas\AppData\Roaming\Windows Net Data\id.dat, In Quarantäne, [dc24ff01ee12916fe320840b37cc49b7],
PUP.Optional.NetData.A, C:\Users\Thomas\AppData\Roaming\Windows Net Data\net.exe, Löschen bei Neustart, [dc24ff01ee12916fe320840b37cc49b7],
PUP.Optional.NetData.A, C:\Users\Thomas\AppData\Roaming\Windows Net Data\uninstaller.exe, In Quarantäne, [dc24ff01ee12916fe320840b37cc49b7],
PUP.Optional.Sambreel, C:\Program Files (x86)\Higher Aurum\HigherAurum.ico, In Quarantäne, [d12f54ac16eae51b47b6f5a937cc26da],
PUP.Optional.Sambreel, C:\Program Files (x86)\Higher Aurum\gagdebbdflpnhgahjichmoigigfbbmon.crx, In Quarantäne, [d12f54ac16eae51b47b6f5a937cc26da],
PUP.Optional.Sambreel, C:\Program Files (x86)\Higher Aurum\HigherAurumUninstall.exe, In Quarantäne, [d12f54ac16eae51b47b6f5a937cc26da],
PUP.Optional.Sambreel, C:\Program Files (x86)\Higher Aurum\sqlite3.exe, In Quarantäne, [d12f54ac16eae51b47b6f5a937cc26da],
PUP.Optional.Sambreel, C:\Program Files (x86)\Higher Aurum\updateHigherAurum.InstallState, In Quarantäne, [d12f54ac16eae51b47b6f5a937cc26da],
PUP.Optional.Sambreel, C:\Program Files (x86)\Higher Aurum\bin\sqlite3.dll, In Quarantäne, [d12f54ac16eae51b47b6f5a937cc26da],
PUP.Optional.Sambreel, C:\Program Files (x86)\Higher Aurum\bin\utilHigherAurum.InstallState, In Quarantäne, [d12f54ac16eae51b47b6f5a937cc26da],
PUP.Optional.Sambreel, C:\Program Files (x86)\Higher Aurum\bin\plugins\HigherAurum.Bromon.dll, In Quarantäne, [d12f54ac16eae51b47b6f5a937cc26da],
PUP.Optional.Sambreel, C:\Program Files (x86)\Higher Aurum\bin\plugins\HigherAurum.CompatibilityChecker.dll, In Quarantäne, [d12f54ac16eae51b47b6f5a937cc26da],
PUP.Optional.Sambreel, C:\Program Files (x86)\Higher Aurum\bin\plugins\HigherAurum.FFUpdate.dll, In Quarantäne, [d12f54ac16eae51b47b6f5a937cc26da],
PUP.Optional.Sambreel, C:\Program Files (x86)\Higher Aurum\bin\plugins\HigherAurum.GCUpdate.dll, In Quarantäne, [d12f54ac16eae51b47b6f5a937cc26da],
PUP.Optional.Sambreel, C:\Program Files (x86)\Higher Aurum\bin\plugins\HigherAurum.IEUpdate.dll, In Quarantäne, [d12f54ac16eae51b47b6f5a937cc26da],
PUP.Optional.OpenCandy, C:\Users\Thomas\AppData\Roaming\OpenCandy\C29261CB136948EEA83C3BB8260B9135\TuneUpUtilities2013-2200213_de-DE.exe, In Quarantäne, [48b8a35d7a86bd438be58dcfd72b31cf],
PUP.Optional.HigherAurum.A, C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gagdebbdflpnhgahjichmoigigfbbmon\1.0.1_0\background.js, In Quarantäne, [be426799d22ee61a1fc2bea10101d62a],
PUP.Optional.HigherAurum.A, C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gagdebbdflpnhgahjichmoigigfbbmon\1.0.1_0\content.js, In Quarantäne, [be426799d22ee61a1fc2bea10101d62a],
PUP.Optional.HigherAurum.A, C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gagdebbdflpnhgahjichmoigigfbbmon\1.0.1_0\icon.png, In Quarantäne, [be426799d22ee61a1fc2bea10101d62a],
PUP.Optional.HigherAurum.A, C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gagdebbdflpnhgahjichmoigigfbbmon\1.0.1_0\manifest.json, In Quarantäne, [be426799d22ee61a1fc2bea10101d62a],
PUP.Optional.Ask.A, C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\qdfswtkx.default\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=135&systemid=414&v=n9195-116&apn_dtid=BND414&apn_ptnrs=AGA&apn_uid=5184284281164501&o=APN10649&q=");), Ersetzt,[e51b808011ef8c74b5e07ed0f60e33cd]
Physische Sektoren: 0
(No malicious items detected)
(end) |