wolleburg | 03.01.2015 10:53 | neuer mbam log Hallo,
sorry hoffe hier jetzt der richtige Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 03.01.2015
Suchlauf-Zeit: 10:04:46
Logdatei:
Administrator: Ja
Version: 2.00.4.1028
Malware Datenbank: v2015.01.03.04
Rootkit Datenbank: v2014.12.30.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Wolfgang
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 360519
Verstrichene Zeit: 12 Min, 18 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(Keine schädliche Elemente erkannt)
Module: 0
(Keine schädliche Elemente erkannt)
Registrierungsschlüssel: 6
PUP.Optional.Snapdo.T, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, In Quarantäne, [fd0305eec8c1a492da4c908c38cb37c9],
PUP.Optional.SmartSaver.A, HKLM\SOFTWARE\WOW6432NODE\SmartSaver+ 8, In Quarantäne, [39c7a3502a5f4fe7d3c0079956ad31cf],
PUP.Optional.Feven.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Freeven Pro 1.3, In Quarantäne, [8b75d320c4c5b87efc94483fa65d3ec2],
PUP.Optional.HQVid.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HQVid8.1b, In Quarantäne, [a65ab34012770432f80f791a33d00cf4],
PUP.Optional.MediaPlayerplus.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MediaPlayerplus, In Quarantäne, [a65aac4784050b2bd1847b1e7f84867a],
PUP.Optional.SmartSaver.A, HKU\S-1-5-21-3705881293-312456249-3159463879-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\SmartSaver+ 8, In Quarantäne, [c040936085041620b8d8158b56ad758b],
Registrierungswerte: 0
(Keine schädliche Elemente erkannt)
Registrierungsdaten: 5
PUP.Optional.SnapDo.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna0_cJnlu283shXY3vbMUhdB36aRtM_eoYYH-FKFw36EOweppvdxpiMHQuB-IrG5yQxK7oyK-5p8nZHRojdVdvxqZ4hOQrU2B8r5c1bIpwU8UcwpfD_HUW1pKZ5_JOD8rA,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna0_cJnlu283shXY3vbMUhdB36aRtM_eoYYH-FKFw36EOweppvdxpiMHQuB-IrG5yQxK7oyK-5p8nZHRojdVdvxqZ4hOQrU2B8r5c1bIpwU8UcwpfD_HUW1pKZ5_JOD8rA,,&q={searchTerms}),Ersetzt,[de22e90af990df575f7093e7996c47b9]
PUP.Optional.SnapDo.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna0_cJnlu283shXY3vbMUhdB36aRtM_eoYYH-FKFw36EOweppvdxpiMHQuB-IrG5yQxK7oyK-5p8nZHRojdVdvxqZ4hOQrU2B8r5c1bIpwU8UcwpfD_HUW1pKZ5_JOD8rA,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna0_cJnlu283shXY3vbMUhdB36aRtM_eoYYH-FKFw36EOweppvdxpiMHQuB-IrG5yQxK7oyK-5p8nZHRojdVdvxqZ4hOQrU2B8r5c1bIpwU8UcwpfD_HUW1pKZ5_JOD8rA,,&q={searchTerms}),Ersetzt,[d12fda196b1e9e9889474f2b03023fc1]
PUP.Optional.SnapDo.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna0_cJnlu283shXY3vbMUhdB36aRtM_eoYYH-FKFw36EOweppvdxpiMHQuB-IrG5yQxK7oyK-5p8nZHRojdVdvxqZ4hOQrU2B8r5c1bIpwU8UcwpfD_HUW1pKZ5_JOD8rA,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna0_cJnlu283shXY3vbMUhdB36aRtM_eoYYH-FKFw36EOweppvdxpiMHQuB-IrG5yQxK7oyK-5p8nZHRojdVdvxqZ4hOQrU2B8r5c1bIpwU8UcwpfD_HUW1pKZ5_JOD8rA,,&q={searchTerms}),Ersetzt,[6898a54edfaa94a2e9e9ed8dec197c84]
PUP.Optional.SnapDo.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna0_cJnlu283shXY3vbMUhdB36aRtM_eoYYH-FKFw36EOweppvdxpiMHQuB-IrG5yQxK7oyK-5p8nZHRojdVdvxqZ4hOQrU2B8r5c1bIpwU8UcwpfD_HUW1pKZ5_JOD8rA,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna0_cJnlu283shXY3vbMUhdB36aRtM_eoYYH-FKFw36EOweppvdxpiMHQuB-IrG5yQxK7oyK-5p8nZHRojdVdvxqZ4hOQrU2B8r5c1bIpwU8UcwpfD_HUW1pKZ5_JOD8rA,,&q={searchTerms}),Ersetzt,[8080f6fd335692a4369dec8e30d515eb]
PUP.Optional.SnapDo.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna0_cJnlu283shXY3vbMUhdB36aRtM_eoYYH-FKFw36EOweppvdxpiMHQuB-IrG5yQxK7oyK-5p8nZHRojdVdvxqZ4hOQrU2B8r5c1bIpwU8UcwpfD_HUW1pKZ5_JOD8rA,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna0_cJnlu283shXY3vbMUhdB36aRtM_eoYYH-FKFw36EOweppvdxpiMHQuB-IrG5yQxK7oyK-5p8nZHRojdVdvxqZ4hOQrU2B8r5c1bIpwU8UcwpfD_HUW1pKZ5_JOD8rA,,&q={searchTerms}),Ersetzt,[5da35d9642474ee88c42e79349bc4db3]
Ordner: 8
Trojan.PWS, C:\directory\CyberGate, In Quarantäne, [0ef26a89880174c288d860c6de25e719],
Trojan.PWS, C:\directory\CyberGate\install, In Quarantäne, [0ef26a89880174c288d860c6de25e719],
PUP.Optional.CrossRider.A, C:\Users\Wolfgang\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klhlfdbffplhpkpalkmacjejfbdeefaj, In Quarantäne, [4cb411e27613fc3af68db08315eeb24e],
PUP.Optional.CrossRider.A, C:\Users\Wolfgang\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd, In Quarantäne, [be42688b3f4a10261d68b47fb84b48b8],
PUP.Optional.CrossRider.A, C:\Users\Wolfgang\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_deghekbbihbapplmbffglehkdhkeibbm_0, In Quarantäne, [dd2319da1673c47231817cb7b64d3fc1],
PUP.Optional.CrossRider.A, C:\Users\Wolfgang\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\deghekbbihbapplmbffglehkdhkeibbm, In Quarantäne, [da265b981e6b72c4d3ec76bd778c6f91],
PUP.Optional.NewPlayer.A, C:\Users\Wolfgang\AppData\Local\com\NewPlayer.exe_Url_o4dtzvfairwgx2aefcjiiv2m5z1q0lha, In Quarantäne, [a858bc372762ad8936f1025f38cb4ab6],
PUP.Optional.NewPlayer.A, C:\Users\Wolfgang\AppData\Local\com\NewPlayer.exe_Url_o4dtzvfairwgx2aefcjiiv2m5z1q0lha\2.1.1.4, In Quarantäne, [a858bc372762ad8936f1025f38cb4ab6],
Dateien: 24
PUP.Optional.SkyTech.A, C:\Users\Wolfgang\AppData\Local\Temp\2312531\2312531.zipDir\alilog.dll, In Quarantäne, [f10f7c774148ba7c768740b5e31e44bc],
PUP.Optional.V9.A, C:\Users\Wolfgang\AppData\Local\Temp\2312531\2312531.zipDir\qSE.exe, In Quarantäne, [d82836bd3d4c96a055c80c3d33cd9c64],
PUP.Optional.Skytech.A, C:\Users\Wolfgang\AppData\Local\Temp\2312531\2312531.zipDir\UninstallManager.exe, In Quarantäne, [d12f5e953c4dde582523d6d0cd3453ad],
PUP.Optional.WpManager, C:\Users\Wolfgang\AppData\Local\Temp\2312531\2312531.zipDir\tmp\wpm_v18.8.0.304.exe, In Quarantäne, [619f05ee9aef270f47d30d74f50cf907],
PUP.Optional.SmartBar, C:\Windows\Installer\194b251e.msi, In Quarantäne, [d030ba39e4a5b0866118203d8d73f20e],
PUP.Optional.SnapDo.A, C:\Windows\Installer\476a047.msi, In Quarantäne, [b44c39baeb9e6ec847fa158f907112ee],
Trojan.Agent.Gen, C:\Users\Wolfgang\AppData\Roaming\Wolfgang-wchelper.dll, In Quarantäne, [51af06ed177251e54795f4a6e51fdf21],
PUP.Optional.NewHub.A, C:\Users\Wolfgang\AppData\Local\nwhb-v9.4.15.crx, In Quarantäne, [926e10e3880106300a31e5f8be46d12f],
PUP.Optional.CrossRider.A, C:\Users\Wolfgang\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\000107.ldb, In Quarantäne, [be42688b3f4a10261d68b47fb84b48b8],
PUP.Optional.CrossRider.A, C:\Users\Wolfgang\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\000137.log, In Quarantäne, [be42688b3f4a10261d68b47fb84b48b8],
PUP.Optional.CrossRider.A, C:\Users\Wolfgang\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\CURRENT, In Quarantäne, [be42688b3f4a10261d68b47fb84b48b8],
PUP.Optional.CrossRider.A, C:\Users\Wolfgang\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\LOCK, In Quarantäne, [be42688b3f4a10261d68b47fb84b48b8],
PUP.Optional.CrossRider.A, C:\Users\Wolfgang\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\LOG, In Quarantäne, [be42688b3f4a10261d68b47fb84b48b8],
PUP.Optional.CrossRider.A, C:\Users\Wolfgang\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\LOG.old, In Quarantäne, [be42688b3f4a10261d68b47fb84b48b8],
PUP.Optional.CrossRider.A, C:\Users\Wolfgang\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\MANIFEST-000135, In Quarantäne, [be42688b3f4a10261d68b47fb84b48b8],
PUP.Optional.CrossRider.A, C:\Users\Wolfgang\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\deghekbbihbapplmbffglehkdhkeibbm\000155.ldb, In Quarantäne, [da265b981e6b72c4d3ec76bd778c6f91],
PUP.Optional.CrossRider.A, C:\Users\Wolfgang\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\deghekbbihbapplmbffglehkdhkeibbm\000172.ldb, In Quarantäne, [da265b981e6b72c4d3ec76bd778c6f91],
PUP.Optional.CrossRider.A, C:\Users\Wolfgang\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\deghekbbihbapplmbffglehkdhkeibbm\000173.log, In Quarantäne, [da265b981e6b72c4d3ec76bd778c6f91],
PUP.Optional.CrossRider.A, C:\Users\Wolfgang\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\deghekbbihbapplmbffglehkdhkeibbm\CURRENT, In Quarantäne, [da265b981e6b72c4d3ec76bd778c6f91],
PUP.Optional.CrossRider.A, C:\Users\Wolfgang\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\deghekbbihbapplmbffglehkdhkeibbm\LOCK, In Quarantäne, [da265b981e6b72c4d3ec76bd778c6f91],
PUP.Optional.CrossRider.A, C:\Users\Wolfgang\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\deghekbbihbapplmbffglehkdhkeibbm\LOG, In Quarantäne, [da265b981e6b72c4d3ec76bd778c6f91],
PUP.Optional.CrossRider.A, C:\Users\Wolfgang\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\deghekbbihbapplmbffglehkdhkeibbm\LOG.old, In Quarantäne, [da265b981e6b72c4d3ec76bd778c6f91],
PUP.Optional.CrossRider.A, C:\Users\Wolfgang\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\deghekbbihbapplmbffglehkdhkeibbm\MANIFEST-000171, In Quarantäne, [da265b981e6b72c4d3ec76bd778c6f91],
PUP.Optional.NewPlayer.A, C:\Users\Wolfgang\AppData\Local\com\NewPlayer.exe_Url_o4dtzvfairwgx2aefcjiiv2m5z1q0lha\2.1.1.4\user.config, In Quarantäne, [a858bc372762ad8936f1025f38cb4ab6],
Physische Sektoren: 0
(Keine schädliche Elemente erkannt)
(end) Hallo,
hier jetzt der Log aus Schritt 3 Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 8.1 x64
Ran by Wolfgang on 03.01.2015 at 10:35:11,11
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util rightsurf
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Wolfgang\appdata\local\tempdir"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.01.2015 at 10:42:12,33
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |