Hallo Schrauber,
tut mir leid, dass Du auf meine Antwort solange warten musstest. Ich war fuer 2 1/2 Wochen im Urlaub und hatte dort kein Internet. Ich habe heute die drei Programme installiert und ausgefuehrt. Die log files findest Du im Anhang.
Gruss und Danke.
MBAM Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlaufdatum: 13.08.2015
Suchlaufzeit: 00:03
Protokolldatei: mbam.txt
Administrator: Ja
Version: 2.1.8.1057
Malware-Datenbank: v2015.08.12.05
Rootkit-Datenbank: v2015.08.06.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: GL
Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 410251
Abgelaufene Zeit: 42 Min., 30 Sek.
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 1
PUP.Optional.DNSBlock.A, C:\Windows\System32\DnsBlockUpdateSvc.exe, 2604, Löschen bei Neustart, [8a6bdf2898f356e0e9eb0d0b31d2b54b]
Module: 0
(keine bösartigen Elemente erkannt)
Registrierungsschlüssel: 27
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}, In Quarantäne, [15e02fd8810ad85e4e264550b64c1de3],
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{E7BF74EE-9106-4113-B216-2F980BA29141}, In Quarantäne, [926316f1d3b87fb732812613bf41e41c],
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F2DB3739-77FB-41EB-9ED3-ABF34DF2DBF7}, In Quarantäne, [926316f1d3b87fb732812613bf41e41c],
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F2DB3739-77FB-41EB-9ED3-ABF34DF2DBF7}, In Quarantäne, [926316f1d3b87fb732812613bf41e41c],
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{F2DB3739-77FB-41EB-9ED3-ABF34DF2DBF7}, In Quarantäne, [926316f1d3b87fb732812613bf41e41c],
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{E7BF74EE-9106-4113-B216-2F980BA29141}, In Quarantäne, [926316f1d3b87fb732812613bf41e41c],
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{E7BF74EE-9106-4113-B216-2F980BA29141}, In Quarantäne, [926316f1d3b87fb732812613bf41e41c],
PUP.Optional.DNSBlock.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DnsBlockUpdateSvc, In Quarantäne, [8a6bdf2898f356e0e9eb0d0b31d2b54b],
PUP.Optional.IHProtect.A, HKLM\SOFTWARE\WOW6432NODE\IHProtect, In Quarantäne, [847141c6f09b39fdcbc4b17b2ad9db25],
PUP.Optional.MyStartSearch.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\mystartsearchSoftware, In Quarantäne, [73821dea3d4ed75f5627d1620df601ff],
PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, In Quarantäne, [f8fd4eb9f9922d09fa9a0c83fa0a3ac6],
PUP.Optional.MiuiTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPDP, In Quarantäne, [a352d433dab153e3f85e01acc63e12ee],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, In Quarantäne, [f6ff9e69cfbcf244d47a0b3407fcb14f],
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, In Quarantäne, [b63f34d39deeb77fec3eb87e09fa0000],
PUP.Optional.MyStartSearch.ShrtCln, HKU\S-1-5-21-3814383470-46288487-2583337629-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, In Quarantäne, [af4675921b7081b5030dbb5e5ba8f808],
PUP.Optional.MyStartSearch.ShrtCln, HKU\S-1-5-21-3814383470-46288487-2583337629-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}, In Quarantäne, [6095f512f9920b2b8e8277a21ee519e7],
PUP.Optional.MyStartSearch.ShrtCln, HKU\S-1-5-21-3814383470-46288487-2583337629-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [5e97fd0ab7d48da9570c5946a4601fe1],
PUP.Optional.MyStartSearch.ShrtCln, HKU\S-1-5-21-3814383470-46288487-2583337629-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}, In Quarantäne, [2cc9cc3b95f63006e9277c9dbf442dd3],
PUP.Optional.MyStartSearch.ShrtCln, HKU\S-1-5-21-3814383470-46288487-2583337629-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E733165D-CBCF-4FDA-883E-ADEF965B476C}, In Quarantäne, [bc39f1166c1fcc6aa66ac2570af9718f],
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\CLASSES\CLSID\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}, In Quarantäne, [61947d8a444784b2e400e86d94713bc5],
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\CLASSES\DPBHO.DownloadProtect.1, In Quarantäne, [61947d8a444784b2e400e86d94713bc5],
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\CLASSES\DPBHO.DownloadProtect, In Quarantäne, [61947d8a444784b2e400e86d94713bc5],
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DPBHO.DownloadProtect, In Quarantäne, [61947d8a444784b2e400e86d94713bc5],
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DPBHO.DownloadProtect, In Quarantäne, [61947d8a444784b2e400e86d94713bc5],
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}, In Quarantäne, [61947d8a444784b2e400e86d94713bc5],
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}, In Quarantäne, [61947d8a444784b2e400e86d94713bc5],
PUP.Optional.DownloadProtect.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}, In Quarantäne, [61947d8a444784b2e400e86d94713bc5],
Registrierungswerte: 11
PUP.Optional.DownloadProtectExtension.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{E8957759-C0CA-467D-B4D4-6032B2B3399D}, C:\Windows\Installer\{7269E923-0431-405C-A2E0-82FE311D565A}\{E8957759-C0CA-467D-B4D4-6032B2B3399D}.xpi, In Quarantäne, [de17cd3a414a5bdb6460b8603bc89f61]
PUP.Optional.MiuiTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPDP|dir, C:\Program Files (x86)\MiuiTab, In Quarantäne, [a352d433dab153e3f85e01acc63e12ee]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, cvs2, In Quarantäne, [f6ff9e69cfbcf244d47a0b3407fcb14f]
PUP.Optional.MyStartSearch.ShrtCln, HKU\S-1-5-21-3814383470-46288487-2583337629-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cvs2&utm_campaign=install_ie&utm_content=ds&from=cvs2&uid=TOSHIBAXMQ01ABF050_93Q9C0CLTXX93Q9C0CLT&ts=1435616620&type=default&q={searchTerms}, In Quarantäne, [af4675921b7081b5030dbb5e5ba8f808]
PUP.Optional.MyStartSearch.ShrtCln, HKU\S-1-5-21-3814383470-46288487-2583337629-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|URL, hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cvs2&utm_campaign=install_ie&utm_content=ds&from=cvs2&uid=TOSHIBAXMQ01ABF050_93Q9C0CLTXX93Q9C0CLT&ts=1435616620&type=default&q={searchTerms}, In Quarantäne, [6095f512f9920b2b8e8277a21ee519e7]
PUP.Optional.MyStartSearch.ShrtCln, HKU\S-1-5-21-3814383470-46288487-2583337629-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|FaviconURL, hxxp://www.mystartsearch.com//favicon.ico, In Quarantäne, [c62f9b6c028945f155bbe0395ba810f0]
PUP.Optional.MyStartSearch.ShrtCln, HKU\S-1-5-21-3814383470-46288487-2583337629-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|DisplayName, mystartsearch, In Quarantäne, [5e97fd0ab7d48da9570c5946a4601fe1]
PUP.Optional.MyStartSearch.ShrtCln, HKU\S-1-5-21-3814383470-46288487-2583337629-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cvs2&utm_campaign=install_ie&utm_content=ds&from=cvs2&uid=TOSHIBAXMQ01ABF050_93Q9C0CLTXX93Q9C0CLT&ts=1435616620&type=default&q={searchTerms}, In Quarantäne, [42b3ae598efd36004bc5a673b84bf010]
PUP.Optional.MyStartSearch.ShrtCln, HKU\S-1-5-21-3814383470-46288487-2583337629-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|TopResultURL, hxxp://www.mystartsearch.com/web/?type=ds&ts=1435616592&z=2936a8db9ea6f2eaa000413gbzdcfw8q5gaq1wfb9q&from=cvs2&uid=TOSHIBAXMQ01ABF050_93Q9C0CLTXX93Q9C0CLT&q={searchTerms}, In Quarantäne, [0fe6c14622693afc8b85ef2a90738d73]
PUP.Optional.MyStartSearch.ShrtCln, HKU\S-1-5-21-3814383470-46288487-2583337629-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}|URL, hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cvs2&utm_campaign=install_ie&utm_content=ds&from=cvs2&uid=TOSHIBAXMQ01ABF050_93Q9C0CLTXX93Q9C0CLT&ts=1435616620&type=default&q={searchTerms}, In Quarantäne, [2cc9cc3b95f63006e9277c9dbf442dd3]
PUP.Optional.MyStartSearch.ShrtCln, HKU\S-1-5-21-3814383470-46288487-2583337629-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E733165D-CBCF-4FDA-883E-ADEF965B476C}|URL, hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cvs2&utm_campaign=install_ie&utm_content=ds&from=cvs2&uid=TOSHIBAXMQ01ABF050_93Q9C0CLTXX93Q9C0CLT&ts=1435616620&type=default&q={searchTerms}, In Quarantäne, [bc39f1166c1fcc6aa66ac2570af9718f]
Registrierungsdaten: 1
PUP.Optional.MyStartSearch.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.mystartsearch.com/?type=hp&ts=1435616592&z=2936a8db9ea6f2eaa000413gbzdcfw8q5gaq1wfb9q&from=cvs2&uid=TOSHIBAXMQ01ABF050_93Q9C0CLTXX93Q9C0CLT, Gut: (www.google.com), Schlecht: (hxxp://www.mystartsearch.com/?type=hp&ts=1435616592&z=2936a8db9ea6f2eaa000413gbzdcfw8q5gaq1wfb9q&from=cvs2&uid=TOSHIBAXMQ01ABF050_93Q9C0CLTXX93Q9C0CLT),Ersetzt,[e80d18efe5a63ff7a0d2d17395706c94]
Ordner: 2
PUP.Optional.DownloadProtect.A, C:\Windows\Installer\{BE179CF4-89A9-43AB-B511-60AFB21068D1}, In Quarantäne, [e312ca3d1279989e963bf226f2113fc1],
PUP.Optional.DnsBlock.A, C:\Users\GL\AppData\Local\DnsBlock, In Quarantäne, [f7fee621c6c567cf747b45cfc04334cc],
Dateien: 7
PUP.Optional.DownloadProtect.A, C:\Program Files\{DD47DEAB-B1AD-4AF0-97D5-92824B3CAFC8}\{E73F46BD-E9BE-4A61-91E5-BE426E3D784F}.bin, In Quarantäne, [f7feb84f5b30f3432d861029b050fe02],
PUP.Optional.DownloadProtect.A, C:\Program Files (x86)\{9AA17902-5DD0-4F96-B8B2-1372A19D9A8C}\{CD12BE9E-BC1A-42D4-86E3-27882FB82363}.bin, In Quarantäne, [926316f1d3b87fb732812613bf41e41c],
PUP.Optional.DownloadProtect.A, C:\Windows\Installer\{BE179CF4-89A9-43AB-B511-60AFB21068D1}\cmompeehdoinnbekgpcehhohhloeaplbcrx, In Quarantäne, [e312ca3d1279989e963bf226f2113fc1],
PUP.Optional.DownloadProtect.A, C:\Windows\Installer\{BE179CF4-89A9-43AB-B511-60AFB21068D1}\xmompeehdoinnbekgpcehhohhloeaplbcml, In Quarantäne, [e312ca3d1279989e963bf226f2113fc1],
PUP.Optional.DNSBlock.A, C:\Windows\System32\DnsBlockUpdateSvc.exe, Löschen bei Neustart, [8a6bdf2898f356e0e9eb0d0b31d2b54b],
PUP.Optional.DownloadProtect.A, C:\Program Files\{D9802EFD-95D2-4EA9-A92C-E851DD9B6105}\{CEAB4A8C-6E60-42D8-A4B1-523DA23D48FD}.bin, In Quarantäne, [61947d8a444784b2e400e86d94713bc5],
PUP.Optional.DownloadProtect.A, C:\Program Files (x86)\{18A851BB-E84B-4D2D-8C52-16ADF1649E4C}\{B5353152-493E-4CD1-AAD5-81025237E454}.bin, In Quarantäne, [61947d8a444784b2e400e86d94713bc5],
Physische Sektoren: 0
(keine bösartigen Elemente erkannt)
(end) ADW Cleaner Code:
# AdwCleaner v4.208 - Logfile created 13/08/2015 at 01:12:40
# Updated 09/07/2015 by Xplode
# Database : 2015-08-12.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : GL - GL-PC
# Running from : C:\Users\GL\Downloads\AdwCleaner_4.208.exe
# Option : Cleaning
***** [ Services ] *****
***** [ Files / Folders ] *****
File Deleted : C:\Windows\SysWOW64\dns.block
File Deleted : C:\Windows\System32\dns.block
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7D3C47ED-E0BE-4940-9DDA-A7A097AEBD88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{38122A36-83B2-46B8-B39A-EC72A4614A07}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{38122A36-83B2-46B8-B39A-EC72A4614A07}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Value Deleted : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1]
Key Deleted : HKCU\Software\OCS
Data Deleted : HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings [ProxySettingsPerUser] - 0
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17909
-\\ Google Chrome v43.0.2357.134
*************************
AdwCleaner[R0].txt - [4828 bytes] - [24/11/2014 00:34:40]
AdwCleaner[R1].txt - [4888 bytes] - [24/11/2014 00:37:22]
AdwCleaner[R2].txt - [1757 bytes] - [13/08/2015 01:09:08]
AdwCleaner[S0].txt - [4674 bytes] - [24/11/2014 00:39:07]
AdwCleaner[S1].txt - [1661 bytes] - [13/08/2015 01:12:40]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1720 bytes] ########## JRT.txt Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.6 (08.10.2015:1)
OS: Windows 7 Professional x64
Ran by GL on 13.08.2015 at 1:39:14,78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
~~~ Files
~~~ Folders
Successfully deleted: [Folder] C:\ProgramData\google
~~~ Chrome
[C:\Users\GL\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
[C:\Users\GL\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
[C:\Users\GL\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
[C:\Users\GL\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.08.2015 at 1:42:51,11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |