nobiruhr | 10.06.2014 14:49 | Hallo schrauber,
wegen Sturm in NRW kommen meine Daten verspätet :-).
MBAN-File: Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 10.06.2014
Suchlauf-Zeit: 14:59:02
Logdatei: mbam.txt
Administrator: Ja
Version: 2.00.2.1012
Malware Datenbank: v2014.06.10.04
Rootkit Datenbank: v2014.06.02.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert
Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Norbert Haag
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 314601
Verstrichene Zeit: 16 Min, 50 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 1
Trojan.Downloader, C:\ProgramData\dlprotect.exe, 5528, Löschen bei Neustart, [d7f54e2895e666d07aebacdd38c9ab55]
Module: 0
(No malicious items detected)
Registrierungsschlüssel: 31
PUP.Optional.RavingReyven.A, HKU\S-1-5-21-2157886841-597143831-284766362-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{0F866026-A8BB-42A7-987F-2F92715A8147}, In Quarantäne, [19b37cfae794a78fce2f8eadc43e2ed2],
PUP.Optional.RavingReyven.A, HKU\S-1-5-21-2157886841-597143831-284766362-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{0F866026-A8BB-42A7-987F-2F92715A8147}, In Quarantäne, [19b37cfae794a78fce2f8eadc43e2ed2],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4B62762D-AA67-4312-A5BF-91BCB7A4720A}, In Quarantäne, [cefed2a4a4d7ac8a3bd1fb79f2101fe1],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\TypeLib\{105F25A9-C42F-48A6-998D-0494E8AE336A}, In Quarantäne, [8d3f4f27f48790a65fad1e56cf33ee12],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{506DD7C6-B05D-43CE-81FF-AA05E11DBDFD}, In Quarantäne, [8d3f4f27f48790a65fad1e56cf33ee12],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{6D3C9858-2674-46E1-9112-107340758481}, In Quarantäne, [8d3f4f27f48790a65fad1e56cf33ee12],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{79C9FA6C-352A-49BA-89BA-85077BC35DC3}, In Quarantäne, [8d3f4f27f48790a65fad1e56cf33ee12],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{909112FE-C4A2-4990-A499-E58867D55B15}, In Quarantäne, [8d3f4f27f48790a65fad1e56cf33ee12],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{9BEEB5A2-8B02-465A-904D-FE5A447F59EB}, In Quarantäne, [8d3f4f27f48790a65fad1e56cf33ee12],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B618C19D-A418-4586-80C6-09DBDA9C748E}, In Quarantäne, [8d3f4f27f48790a65fad1e56cf33ee12],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B68B00A0-95B9-4162-BA45-7A1113317DA9}, In Quarantäne, [8d3f4f27f48790a65fad1e56cf33ee12],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{BFE45A8B-650C-4E99-A3F4-CC6A2874893B}, In Quarantäne, [8d3f4f27f48790a65fad1e56cf33ee12],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E413D78F-283C-45F1-9992-8EF7D55A4933}, In Quarantäne, [8d3f4f27f48790a65fad1e56cf33ee12],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E7C2FDF1-1635-41B4-8207-C1684B6807D7}, In Quarantäne, [8d3f4f27f48790a65fad1e56cf33ee12],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F9F5A267-FA5A-4CA3-8BE5-4C1EEAD01011}, In Quarantäne, [8d3f4f27f48790a65fad1e56cf33ee12],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4B62762D-AA67-4312-A5BF-91BCB7A4720A}, In Quarantäne, [8d3f4f27f48790a65fad1e56cf33ee12],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{506DD7C6-B05D-43CE-81FF-AA05E11DBDFD}, In Quarantäne, [8d3f4f27f48790a65fad1e56cf33ee12],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6D3C9858-2674-46E1-9112-107340758481}, In Quarantäne, [8d3f4f27f48790a65fad1e56cf33ee12],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{79C9FA6C-352A-49BA-89BA-85077BC35DC3}, In Quarantäne, [8d3f4f27f48790a65fad1e56cf33ee12],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{909112FE-C4A2-4990-A499-E58867D55B15}, In Quarantäne, [8d3f4f27f48790a65fad1e56cf33ee12],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9BEEB5A2-8B02-465A-904D-FE5A447F59EB}, In Quarantäne, [8d3f4f27f48790a65fad1e56cf33ee12],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B618C19D-A418-4586-80C6-09DBDA9C748E}, In Quarantäne, [8d3f4f27f48790a65fad1e56cf33ee12],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B68B00A0-95B9-4162-BA45-7A1113317DA9}, In Quarantäne, [8d3f4f27f48790a65fad1e56cf33ee12],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{BFE45A8B-650C-4E99-A3F4-CC6A2874893B}, In Quarantäne, [8d3f4f27f48790a65fad1e56cf33ee12],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E413D78F-283C-45F1-9992-8EF7D55A4933}, In Quarantäne, [8d3f4f27f48790a65fad1e56cf33ee12],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E7C2FDF1-1635-41B4-8207-C1684B6807D7}, In Quarantäne, [8d3f4f27f48790a65fad1e56cf33ee12],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F9F5A267-FA5A-4CA3-8BE5-4C1EEAD01011}, In Quarantäne, [8d3f4f27f48790a65fad1e56cf33ee12],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TypeLib\{105F25A9-C42F-48A6-998D-0494E8AE336A}, In Quarantäne, [705c84f254270a2c1bf1aec67989e719],
PUP.Optional.HDPlus.A, HKLM\SOFTWARE\WOW6432NODE\PlusSHD-9.9, In Quarantäne, [0cc080f6de9d54e24809b0f4ee14cb35],
PUP.Optional.HDPlus.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PlusSHD-9.9, In Quarantäne, [19b3591ded8eae888fc4e6bebb47837d],
PUP.Optional.HDPlus.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PlusSHD-9.9, In Quarantäne, [c408f28496e562d46f4ea5ee738ff010],
Registrierungswerte: 1
Trojan.Downloader, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Download Protect, C:\ProgramData\dlprotect.exe, In Quarantäne, [d7f54e2895e666d07aebacdd38c9ab55]
Registrierungsdaten: 0
(No malicious items detected)
Ordner: 1
PUP.Optional.HDPlus.A, C:\Program Files (x86)\PlusSHD-9.9, In Quarantäne, [c408f28496e562d46f4ea5ee738ff010],
Dateien: 19
Trojan.Downloader, C:\ProgramData\dlprotect.exe, Löschen bei Neustart, [d7f54e2895e666d07aebacdd38c9ab55],
PUP.Optional.Breitschopp, C:\Users\Norbert Haag\Downloads\isoworkshop-Downloader.exe, In Quarantäne, [606c1c5af685f244978562f93acada26],
PUP.Optional.OpenCandy, C:\Users\Norbert Haag\Downloads\SetupImgBurn_2.5.8.0.exe, In Quarantäne, [ab21393d4e2d0e28e91a3f56d52f55ab],
PUP.Optional.HDPlus.A, C:\Program Files (x86)\PlusSHD-9.9\02f210d6-f6c3-429f-a3bf-a5f16f19c2e1-2.exe, In Quarantäne, [c408f28496e562d46f4ea5ee738ff010],
PUP.Optional.HDPlus.A, C:\Program Files (x86)\PlusSHD-9.9\02f210d6-f6c3-429f-a3bf-a5f16f19c2e1-3.exe, In Quarantäne, [c408f28496e562d46f4ea5ee738ff010],
PUP.Optional.HDPlus.A, C:\Program Files (x86)\PlusSHD-9.9\02f210d6-f6c3-429f-a3bf-a5f16f19c2e1-4.exe, In Quarantäne, [c408f28496e562d46f4ea5ee738ff010],
PUP.Optional.HDPlus.A, C:\Program Files (x86)\PlusSHD-9.9\02f210d6-f6c3-429f-a3bf-a5f16f19c2e1-5.exe, In Quarantäne, [c408f28496e562d46f4ea5ee738ff010],
PUP.Optional.HDPlus.A, C:\Program Files (x86)\PlusSHD-9.9\1293297481.mxaddon, In Quarantäne, [c408f28496e562d46f4ea5ee738ff010],
PUP.Optional.HDPlus.A, C:\Program Files (x86)\PlusSHD-9.9\360-52916.crx, In Quarantäne, [c408f28496e562d46f4ea5ee738ff010],
PUP.Optional.HDPlus.A, C:\Program Files (x86)\PlusSHD-9.9\52916.crx, In Quarantäne, [c408f28496e562d46f4ea5ee738ff010],
PUP.Optional.HDPlus.A, C:\Program Files (x86)\PlusSHD-9.9\52916.xpi, In Quarantäne, [c408f28496e562d46f4ea5ee738ff010],
PUP.Optional.HDPlus.A, C:\Program Files (x86)\PlusSHD-9.9\background.html, In Quarantäne, [c408f28496e562d46f4ea5ee738ff010],
PUP.Optional.HDPlus.A, C:\Program Files (x86)\PlusSHD-9.9\PlusSHD-9.9-bg.exe, In Quarantäne, [c408f28496e562d46f4ea5ee738ff010],
PUP.Optional.HDPlus.A, C:\Program Files (x86)\PlusSHD-9.9\PlusSHD-9.9-bho.dll, In Quarantäne, [c408f28496e562d46f4ea5ee738ff010],
PUP.Optional.HDPlus.A, C:\Program Files (x86)\PlusSHD-9.9\PlusSHD-9.9-bho64.dll, In Quarantäne, [c408f28496e562d46f4ea5ee738ff010],
PUP.Optional.HDPlus.A, C:\Program Files (x86)\PlusSHD-9.9\PlusSHD-9.9-codedownloader.exe, In Quarantäne, [c408f28496e562d46f4ea5ee738ff010],
PUP.Optional.HDPlus.A, C:\Program Files (x86)\PlusSHD-9.9\PlusSHD-9.9.ico, In Quarantäne, [c408f28496e562d46f4ea5ee738ff010],
PUP.Optional.HDPlus.A, C:\Program Files (x86)\PlusSHD-9.9\Uninstall.exe, In Quarantäne, [c408f28496e562d46f4ea5ee738ff010],
PUP.Optional.HDPlus.A, C:\Program Files (x86)\PlusSHD-9.9\utils.exe, In Quarantäne, [c408f28496e562d46f4ea5ee738ff010],
Physische Sektoren: 0
(No malicious items detected)
(end) Hier die ADWCleaner Log-Datei:
AdwCleaner Logfile: Code:
# AdwCleaner v3.212 - Bericht erstellt am 10/06/2014 um 15:29:21
# Aktualisiert 05/06/2014 von Xplode
# Betriebssystem : Windows 8.1 Pro with Media Center (64 bits)
# Benutzername : Norbert Haag - NORBERTHAAG-HP
# Gestartet von : C:\Users\Norbert Haag\Downloads\adwcleaner_3.212.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\Norbert Haag\Documents\Updater
Datei Gelöscht : C:\Users\Norbert Haag\AppData\Roaming\Mozilla\Firefox\Profiles\vq1suljs.default-1400139493461\user.js
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17037
-\\ Mozilla Firefox v29.0.1 (de)
[ Datei : C:\Users\Norbert Haag\AppData\Roaming\Mozilla\Firefox\Profiles\vq1suljs.default-1400139493461\prefs.js ]
*************************
AdwCleaner[R0].txt - [14192 octets] - [26/05/2014 19:09:36]
AdwCleaner[R1].txt - [14312 octets] - [26/05/2014 19:23:23]
AdwCleaner[R2].txt - [1368 octets] - [10/06/2014 15:27:46]
AdwCleaner[S0].txt - [338 octets] - [26/05/2014 19:10:30]
AdwCleaner[S1].txt - [12267 octets] - [26/05/2014 19:24:58]
AdwCleaner[S2].txt - [1289 octets] - [10/06/2014 15:29:21]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1349 octets] ########## --- --- ---
[/CODE]
Hier die JRT Datei: Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 Pro with Media Center x64
Ran by Norbert Haag on 10.06.2014 at 15:35:06,13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2157886841-597143831-284766362-1002\Software\sweetim
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10.06.2014 at 15:40:13,28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST-log folgt. |