MalwareByte RootKit Log: Code:
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
Database version:
main: v2016.10.15.07
rootkit: v2016.09.26.02
Windows 10 x64 NTFS
Internet Explorer 11.633.10586.0
eFKa :: DESKTOP-90KV42P [administrator]
15.10.2016 10:20:18
mbar-log-2016-10-15 (10-20-18).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 384654
Time elapsed: 6 minute(s), 46 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
MalwareByte AntiMalware Log: Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlaufdatum: 15.10.2016
Suchlaufzeit: 10:32
Protokolldatei: malwarebyte.txt
Administrator: Ja
Version: 2.2.1.1043
Malware-Datenbank: v2016.10.15.07
Rootkit-Datenbank: v2016.09.26.02
Lizenz: Testversion
Malware-Schutz: Aktiviert
Schutz vor bösartigen Websites: Aktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows 10
CPU: x64
Dateisystem: NTFS
Benutzer: eFKa
Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 378176
Abgelaufene Zeit: 5 Min., 21 Sek.
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(keine bösartigen Elemente erkannt)
Module: 0
(keine bösartigen Elemente erkannt)
Registrierungsschlüssel: 8
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, In Quarantäne, [99ea1d7caded6ec8abb4fdccfe04b54b],
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{3AEC0CDC-4F9D-45A8-B87C-6A775F162374}, Löschen bei Neustart, [bbc8d0c97e1c8ea864a9e5cf64a058a8],
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Yahoo! Powered locod, Löschen bei Neustart, [7f045a3f990138fe35d90aaa1ee66997],
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, In Quarantäne, [03806336bddd93a3aab5aa1f58aa5fa1],
PUP.Optional.InstallCore, HKU\S-1-5-21-1892207436-2482664703-3666009289-1001\SOFTWARE\csastats, In Quarantäne, [2b589009cfcb2412196191690bf8b848],
PUP.Optional.WinYahoo, HKU\S-1-5-21-1892207436-2482664703-3666009289-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BFREPORT, In Quarantäne, [6221adec5e3c76c0dd968c726a999d63],
PUP.Optional.ProductSetup, HKU\S-1-5-21-1892207436-2482664703-3666009289-1001\SOFTWARE\PRODUCTSETUP, In Quarantäne, [424180193169b482c0fc0fa124dfe11f],
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{69AA816A-392A-50EA-88AA-206A582AF3EA}, In Quarantäne, [1e651f7ad3c72b0b7cc9a5f8dd27c23e],
Registrierungswerte: 7
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, https://de.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dmontlsfs_16_39_rps_b2_rps¶m1=1¶m2=f[b3d067322773b185c7c9457758ac6799]D1%26b[b3d067322773b185c7c9457758ac6799]DIE%26cc[b3d067322773b185c7c9457758ac6799]Dde%26pa[b3d067322773b185c7c9457758ac6799]Dwincy%26cd[b3d067322773b185c7c9457758ac6799]D2XzuyEtN2Y1L1Qzu0DtDyDtDzyzyyB0EtB0CyC0FzztAzyyDtN0D0Tzu0StCyBtAtCtN1L2XzutAtFtByEtFtCyBtFyDtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StByDtDtB0D0F0CyEtGtBtCtAyBtG0EyDtAyEtGtBtDtAyCtGtDtCtAzzyE0ByByByC0AtC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtBzy0B0EyBzztDtGtAyDzytDtGyE0EtDtCtG0ByE0EtDtG0DzytByCyEzyyE0C0BtCyBtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDtAzyyC%26cr[b3d067322773b185c7c9457758ac6799]D1155720498%26a[b3d067322773b185c7c9457758ac6799]Dwbf_dmontlsfs_16_39%26os_ver[b3d067322773b185c7c9457758ac6799]D10.0%26os[b3d067322773b185c7c9457758ac6799]DWindowsIn QuarantäneB10In QuarantäneBEnterprise, %4, %5
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, https://de.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dmontlsfs_16_39_rps_b2_rps¶m1=1¶m2=f[99ea1d7caded6ec8abb4fdccfe04b54b]D4%26b[99ea1d7caded6ec8abb4fdccfe04b54b]DIE%26cc[99ea1d7caded6ec8abb4fdccfe04b54b]Dde%26pa[99ea1d7caded6ec8abb4fdccfe04b54b]Dwincy%26cd[99ea1d7caded6ec8abb4fdccfe04b54b]D2XzuyEtN2Y1L1Qzu0DtDyDtDzyzyyB0EtB0CyC0FzztAzyyDtN0D0Tzu0StCyBtAtCtN1L2XzutAtFtByEtFtCyBtFyDtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StByDtDtB0D0F0CyEtGtBtCtAyBtG0EyDtAyEtGtBtDtAyCtGtDtCtAzzyE0ByByByC0AtC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtBzy0B0EyBzztDtGtAyDzytDtGyE0EtDtCtG0ByE0EtDtG0DzytByCyEzyyE0C0BtCyBtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDtAzyyC%26cr[99ea1d7caded6ec8abb4fdccfe04b54b]D1155720498%26a[99ea1d7caded6ec8abb4fdccfe04b54b]Dwbf_dmontlsfs_16_39%26os_ver[99ea1d7caded6ec8abb4fdccfe04b54b]D10.0%26os[99ea1d7caded6ec8abb4fdccfe04b54b]DWindowsIn QuarantäneB10In QuarantäneBEnterprise&p={searchTerms}, %4, %5
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{3AEC0CDC-4F9D-45A8-B87C-6A775F162374}|Path, \Yahoo! Powered locod, Löschen bei Neustart, [bbc8d0c97e1c8ea864a9e5cf64a058a8]
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, https://de.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dmontlsfs_16_39_rps_b2_rps¶m1=1¶m2=f[8ff4eeabc2d82115d2be744832d2e51b]D1%26b[8ff4eeabc2d82115d2be744832d2e51b]DIE%26cc[8ff4eeabc2d82115d2be744832d2e51b]Dde%26pa[8ff4eeabc2d82115d2be744832d2e51b]Dwincy%26cd[8ff4eeabc2d82115d2be744832d2e51b]D2XzuyEtN2Y1L1Qzu0DtDyDtDzyzyyB0EtB0CyC0FzztAzyyDtN0D0Tzu0StCyBtAtCtN1L2XzutAtFtByEtFtCyBtFyDtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StByDtDtB0D0F0CyEtGtBtCtAyBtG0EyDtAyEtGtBtDtAyCtGtDtCtAzzyE0ByByByC0AtC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtBzy0B0EyBzztDtGtAyDzytDtGyE0EtDtCtG0ByE0EtDtG0DzytByCyEzyyE0C0BtCyBtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDtAzyyC%26cr[8ff4eeabc2d82115d2be744832d2e51b]D1155720498%26a[8ff4eeabc2d82115d2be744832d2e51b]Dwbf_dmontlsfs_16_39%26os_ver[8ff4eeabc2d82115d2be744832d2e51b]D10.0%26os[8ff4eeabc2d82115d2be744832d2e51b]DWindowsIn QuarantäneB10In QuarantäneBEnterprise, %4, %5
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, https://de.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dmontlsfs_16_39_rps_b2_rps¶m1=1¶m2=f[03806336bddd93a3aab5aa1f58aa5fa1]D4%26b[03806336bddd93a3aab5aa1f58aa5fa1]DIE%26cc[03806336bddd93a3aab5aa1f58aa5fa1]Dde%26pa[03806336bddd93a3aab5aa1f58aa5fa1]Dwincy%26cd[03806336bddd93a3aab5aa1f58aa5fa1]D2XzuyEtN2Y1L1Qzu0DtDyDtDzyzyyB0EtB0CyC0FzztAzyyDtN0D0Tzu0StCyBtAtCtN1L2XzutAtFtByEtFtCyBtFyDtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StByDtDtB0D0F0CyEtGtBtCtAyBtG0EyDtAyEtGtBtDtAyCtGtDtCtAzzyE0ByByByC0AtC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtBzy0B0EyBzztDtGtAyDzytDtGyE0EtDtCtG0ByE0EtDtG0DzytByCyEzyyE0C0BtCyBtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDtAzyyC%26cr[03806336bddd93a3aab5aa1f58aa5fa1]D1155720498%26a[03806336bddd93a3aab5aa1f58aa5fa1]Dwbf_dmontlsfs_16_39%26os_ver[03806336bddd93a3aab5aa1f58aa5fa1]D10.0%26os[03806336bddd93a3aab5aa1f58aa5fa1]DWindowsIn QuarantäneB10In QuarantäneBEnterprise&p={searchTerms}, %4, %5
PUP.Optional.WinYahoo, HKU\S-1-5-21-1892207436-2482664703-3666009289-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BFREPORT|filename, C:\Users\eFKa\AppData\Roaming\Bocacafap\synhelper.exe, In Quarantäne, [6221adec5e3c76c0dd968c726a999d63]
PUP.Optional.ProductSetup, HKU\S-1-5-21-1892207436-2482664703-3666009289-1001\SOFTWARE\PRODUCTSETUP|tb, 0G2O2W1R0C1R1H, In Quarantäne, [424180193169b482c0fc0fa124dfe11f]
Registrierungsdaten: 2
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, https://de.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dmontlsfs_16_39_rps_b2_rps¶m1=1¶m2=fSchlecht: (https://de.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dmontlsfs_16_39_rps_b2_rps¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtDyDtDzyzyyB0EtB0CyC0FzztAzyyDtN0D0Tzu0StCyBtAtCtN1L2XzutAtFtByEtFtCyBtFyDtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StByDtDtB0D0F0CyEtGtBtCtAyBtG0EyDtAyEtGtBtDtAyCtGtDtCtAzzyE0ByByByC0AtC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtBzy0B0EyBzztDtGtAyDzytDtGyE0EtDtCtG0ByE0EtDtG0DzytByCyEzyyE0C0BtCyBtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDtAzyyC%26cr%3D1155720498%26a%3Dwbf_dmontlsfs_16_39%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise),Ersetzt,[0c7738618b0f80b631031861a95bd42c]D1%26bSchlecht: (https://de.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dmontlsfs_16_39_rps_b2_rps¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtDyDtDzyzyyB0EtB0CyC0FzztAzyyDtN0D0Tzu0StCyBtAtCtN1L2XzutAtFtByEtFtCyBtFyDtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StByDtDtB0D0F0CyEtGtBtCtAyBtG0EyDtAyEtGtBtDtAyCtGtDtCtAzzyE0ByByByC0AtC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtBzy0B0EyBzztDtGtAyDzytDtGyE0EtDtCtG0ByE0EtDtG0DzytByCyEzyyE0C0BtCyBtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDtAzyyC%26cr%3D1155720498%26a%3Dwbf_dmontlsfs_16_39%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise),Ersetzt,[0c7738618b0f80b631031861a95bd42c]DIE%26ccSchlecht: (https://de.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dmontlsfs_16_39_rps_b2_rps¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtDyDtDzyzyyB0EtB0CyC0FzztAzyyDtN0D0Tzu0StCyBtAtCtN1L2XzutAtFtByEtFtCyBtFyDtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StByDtDtB0D0F0CyEtGtBtCtAyBtG0EyDtAyEtGtBtDtAyCtGtDtCtAzzyE0ByByByC0AtC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtBzy0B0EyBzztDtGtAyDzytDtGyE0EtDtCtG0ByE0EtDtG0DzytByCyEzyyE0C0BtCyBtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDtAzyyC%26cr%3D1155720498%26a%3Dwbf_dmontlsfs_16_39%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise),Ersetzt,[0c7738618b0f80b631031861a95bd42c]Dde%26paSchlecht: (https://de.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dmontlsfs_16_39_rps_b2_rps¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtDyDtDzyzyyB0EtB0CyC0FzztAzyyDtN0D0Tzu0StCyBtAtCtN1L2XzutAtFtByEtFtCyBtFyDtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StByDtDtB0D0F0CyEtGtBtCtAyBtG0EyDtAyEtGtBtDtAyCtGtDtCtAzzyE0ByByByC0AtC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtBzy0B0EyBzztDtGtAyDzytDtGyE0EtDtCtG0ByE0EtDtG0DzytByCyEzyyE0C0BtCyBtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDtAzyyC%26cr%3D1155720498%26a%3Dwbf_dmontlsfs_16_39%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise),Ersetzt,[0c7738618b0f80b631031861a95bd42c]Dwincy%26cdSchlecht: (https://de.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dmontlsfs_16_39_rps_b2_rps¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtDyDtDzyzyyB0EtB0CyC0FzztAzyyDtN0D0Tzu0StCyBtAtCtN1L2XzutAtFtByEtFtCyBtFyDtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StByDtDtB0D0F0CyEtGtBtCtAyBtG0EyDtAyEtGtBtDtAyCtGtDtCtAzzyE0ByByByC0AtC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtBzy0B0EyBzztDtGtAyDzytDtGyE0EtDtCtG0ByE0EtDtG0DzytByCyEzyyE0C0BtCyBtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDtAzyyC%26cr%3D1155720498%26a%3Dwbf_dmontlsfs_16_39%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise),Ersetzt,[0c7738618b0f80b631031861a95bd42c]D2XzuyEtN2Y1L1Qzu0DtDyDtDzyzyyB0EtB0CyC0FzztAzyyDtN0D0Tzu0StCyBtAtCtN1L2XzutAtFtByEtFtCyBtFyDtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StByDtDtB0D0F0CyEtGtBtCtAyBtG0EyDtAyEtGtBtDtAyCtGtDtCtAzzyE0ByByByC0AtC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtBzy0B0EyBzztDtGtAyDzytDtGyE0EtDtCtG0ByE0EtDtG0DzytByCyEzyyE0C0BtCyBtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDtAzyyC%26crSchlecht: (https://de.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dmontlsfs_16_39_rps_b2_rps¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtDyDtDzyzyyB0EtB0CyC0FzztAzyyDtN0D0Tzu0StCyBtAtCtN1L2XzutAtFtByEtFtCyBtFyDtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StByDtDtB0D0F0CyEtGtBtCtAyBtG0EyDtAyEtGtBtDtAyCtGtDtCtAzzyE0ByByByC0AtC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtBzy0B0EyBzztDtGtAyDzytDtGyE0EtDtCtG0ByE0EtDtG0DzytByCyEzyyE0C0BtCyBtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDtAzyyC%26cr%3D1155720498%26a%3Dwbf_dmontlsfs_16_39%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise),Ersetzt,[0c7738618b0f80b631031861a95bd42c]D1155720498%26aSchlecht: (https://de.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dmontlsfs_16_39_rps_b2_rps¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtDyDtDzyzyyB0EtB0CyC0FzztAzyyDtN0D0Tzu0StCyBtAtCtN1L2XzutAtFtByEtFtCyBtFyDtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StByDtDtB0D0F0CyEtGtBtCtAyBtG0EyDtAyEtGtBtDtAyCtGtDtCtAzzyE0ByByByC0AtC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtBzy0B0EyBzztDtGtAyDzytDtGyE0EtDtCtG0ByE0EtDtG0DzytByCyEzyyE0C0BtCyBtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDtAzyyC%26cr%3D1155720498%26a%3Dwbf_dmontlsfs_16_39%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise),Ersetzt,[0c7738618b0f80b631031861a95bd42c]Dwbf_dmontlsfs_16_39%26os_verSchlecht: (https://de.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dmontlsfs_16_39_rps_b2_rps¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtDyDtDzyzyyB0EtB0CyC0FzztAzyyDtN0D0Tzu0StCyBtAtCtN1L2XzutAtFtByEtFtCyBtFyDtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StByDtDtB0D0F0CyEtGtBtCtAyBtG0EyDtAyEtGtBtDtAyCtGtDtCtAzzyE0ByByByC0AtC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtBzy0B0EyBzztDtGtAyDzytDtGyE0EtDtCtG0ByE0EtDtG0DzytByCyEzyyE0C0BtCyBtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDtAzyyC%26cr%3D1155720498%26a%3Dwbf_dmontlsfs_16_39%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise),Ersetzt,[0c7738618b0f80b631031861a95bd42c]D10.0%26osSchlecht: (https://de.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dmontlsfs_16_39_rps_b2_rps¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtDyDtDzyzyyB0EtB0CyC0FzztAzyyDtN0D0Tzu0StCyBtAtCtN1L2XzutAtFtByEtFtCyBtFyDtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StByDtDtB0D0F0CyEtGtBtCtAyBtG0EyDtAyEtGtBtDtAyCtGtDtCtAzzyE0ByByByC0AtC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtBzy0B0EyBzztDtGtAyDzytDtGyE0EtDtCtG0ByE0EtDtG0DzytByCyEzyyE0C0BtCyBtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDtAzyyC%26cr%3D1155720498%26a%3Dwbf_dmontlsfs_16_39%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise),Ersetzt,[0c7738618b0f80b631031861a95bd42c]DWindowsGut: (www.google.com)B10Gut: (www.google.com)BEnterprise, %4, %5
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, https://de.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dmontlsfs_16_39_rps_b2_rps¶m1=1¶m2=fSchlecht: (https://de.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dmontlsfs_16_39_rps_b2_rps¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtDyDtDzyzyyB0EtB0CyC0FzztAzyyDtN0D0Tzu0StCyBtAtCtN1L2XzutAtFtByEtFtCyBtFyDtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StByDtDtB0D0F0CyEtGtBtCtAyBtG0EyDtAyEtGtBtDtAyCtGtDtCtAzzyE0ByByByC0AtC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtBzy0B0EyBzztDtGtAyDzytDtGyE0EtDtCtG0ByE0EtDtG0DzytByCyEzyyE0C0BtCyBtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDtAzyyC%26cr%3D1155720498%26a%3Dwbf_dmontlsfs_16_39%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise),Ersetzt,[4e350d8c7723c37320149edb09fb8d73]D1%26bSchlecht: (https://de.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dmontlsfs_16_39_rps_b2_rps¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtDyDtDzyzyyB0EtB0CyC0FzztAzyyDtN0D0Tzu0StCyBtAtCtN1L2XzutAtFtByEtFtCyBtFyDtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StByDtDtB0D0F0CyEtGtBtCtAyBtG0EyDtAyEtGtBtDtAyCtGtDtCtAzzyE0ByByByC0AtC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtBzy0B0EyBzztDtGtAyDzytDtGyE0EtDtCtG0ByE0EtDtG0DzytByCyEzyyE0C0BtCyBtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDtAzyyC%26cr%3D1155720498%26a%3Dwbf_dmontlsfs_16_39%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise),Ersetzt,[4e350d8c7723c37320149edb09fb8d73]DIE%26ccSchlecht: (https://de.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dmontlsfs_16_39_rps_b2_rps¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtDyDtDzyzyyB0EtB0CyC0FzztAzyyDtN0D0Tzu0StCyBtAtCtN1L2XzutAtFtByEtFtCyBtFyDtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StByDtDtB0D0F0CyEtGtBtCtAyBtG0EyDtAyEtGtBtDtAyCtGtDtCtAzzyE0ByByByC0AtC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtBzy0B0EyBzztDtGtAyDzytDtGyE0EtDtCtG0ByE0EtDtG0DzytByCyEzyyE0C0BtCyBtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDtAzyyC%26cr%3D1155720498%26a%3Dwbf_dmontlsfs_16_39%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise),Ersetzt,[4e350d8c7723c37320149edb09fb8d73]Dde%26paSchlecht: (https://de.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dmontlsfs_16_39_rps_b2_rps¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtDyDtDzyzyyB0EtB0CyC0FzztAzyyDtN0D0Tzu0StCyBtAtCtN1L2XzutAtFtByEtFtCyBtFyDtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StByDtDtB0D0F0CyEtGtBtCtAyBtG0EyDtAyEtGtBtDtAyCtGtDtCtAzzyE0ByByByC0AtC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtBzy0B0EyBzztDtGtAyDzytDtGyE0EtDtCtG0ByE0EtDtG0DzytByCyEzyyE0C0BtCyBtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDtAzyyC%26cr%3D1155720498%26a%3Dwbf_dmontlsfs_16_39%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise),Ersetzt,[4e350d8c7723c37320149edb09fb8d73]Dwincy%26cdSchlecht: (https://de.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dmontlsfs_16_39_rps_b2_rps¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtDyDtDzyzyyB0EtB0CyC0FzztAzyyDtN0D0Tzu0StCyBtAtCtN1L2XzutAtFtByEtFtCyBtFyDtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StByDtDtB0D0F0CyEtGtBtCtAyBtG0EyDtAyEtGtBtDtAyCtGtDtCtAzzyE0ByByByC0AtC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtBzy0B0EyBzztDtGtAyDzytDtGyE0EtDtCtG0ByE0EtDtG0DzytByCyEzyyE0C0BtCyBtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDtAzyyC%26cr%3D1155720498%26a%3Dwbf_dmontlsfs_16_39%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise),Ersetzt,[4e350d8c7723c37320149edb09fb8d73]D2XzuyEtN2Y1L1Qzu0DtDyDtDzyzyyB0EtB0CyC0FzztAzyyDtN0D0Tzu0StCyBtAtCtN1L2XzutAtFtByEtFtCyBtFyDtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StByDtDtB0D0F0CyEtGtBtCtAyBtG0EyDtAyEtGtBtDtAyCtGtDtCtAzzyE0ByByByC0AtC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtBzy0B0EyBzztDtGtAyDzytDtGyE0EtDtCtG0ByE0EtDtG0DzytByCyEzyyE0C0BtCyBtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDtAzyyC%26crSchlecht: (https://de.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dmontlsfs_16_39_rps_b2_rps¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtDyDtDzyzyyB0EtB0CyC0FzztAzyyDtN0D0Tzu0StCyBtAtCtN1L2XzutAtFtByEtFtCyBtFyDtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StByDtDtB0D0F0CyEtGtBtCtAyBtG0EyDtAyEtGtBtDtAyCtGtDtCtAzzyE0ByByByC0AtC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtBzy0B0EyBzztDtGtAyDzytDtGyE0EtDtCtG0ByE0EtDtG0DzytByCyEzyyE0C0BtCyBtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDtAzyyC%26cr%3D1155720498%26a%3Dwbf_dmontlsfs_16_39%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise),Ersetzt,[4e350d8c7723c37320149edb09fb8d73]D1155720498%26aSchlecht: (https://de.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dmontlsfs_16_39_rps_b2_rps¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtDyDtDzyzyyB0EtB0CyC0FzztAzyyDtN0D0Tzu0StCyBtAtCtN1L2XzutAtFtByEtFtCyBtFyDtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StByDtDtB0D0F0CyEtGtBtCtAyBtG0EyDtAyEtGtBtDtAyCtGtDtCtAzzyE0ByByByC0AtC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtBzy0B0EyBzztDtGtAyDzytDtGyE0EtDtCtG0ByE0EtDtG0DzytByCyEzyyE0C0BtCyBtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDtAzyyC%26cr%3D1155720498%26a%3Dwbf_dmontlsfs_16_39%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise),Ersetzt,[4e350d8c7723c37320149edb09fb8d73]Dwbf_dmontlsfs_16_39%26os_verSchlecht: (https://de.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dmontlsfs_16_39_rps_b2_rps¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtDyDtDzyzyyB0EtB0CyC0FzztAzyyDtN0D0Tzu0StCyBtAtCtN1L2XzutAtFtByEtFtCyBtFyDtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StByDtDtB0D0F0CyEtGtBtCtAyBtG0EyDtAyEtGtBtDtAyCtGtDtCtAzzyE0ByByByC0AtC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtBzy0B0EyBzztDtGtAyDzytDtGyE0EtDtCtG0ByE0EtDtG0DzytByCyEzyyE0C0BtCyBtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDtAzyyC%26cr%3D1155720498%26a%3Dwbf_dmontlsfs_16_39%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise),Ersetzt,[4e350d8c7723c37320149edb09fb8d73]D10.0%26osSchlecht: (https://de.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dmontlsfs_16_39_rps_b2_rps¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtDyDtDzyzyyB0EtB0CyC0FzztAzyyDtN0D0Tzu0StCyBtAtCtN1L2XzutAtFtByEtFtCyBtFyDtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StByDtDtB0D0F0CyEtGtBtCtAyBtG0EyDtAyEtGtBtDtAyCtGtDtCtAzzyE0ByByByC0AtC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtBzy0B0EyBzztDtGtAyDzytDtGyE0EtDtCtG0ByE0EtDtG0DzytByCyEzyyE0C0BtCyBtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDtAzyyC%26cr%3D1155720498%26a%3Dwbf_dmontlsfs_16_39%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise),Ersetzt,[4e350d8c7723c37320149edb09fb8d73]DWindowsGut: (www.google.com)B10Gut: (www.google.com)BEnterprise, %4, %5
Ordner: 2
PUP.Optional.WinYahoo, C:\Users\eFKa\AppData\Local\{DD3FEB63-F997-87DB-940F-A233B0675EAB}\HowToRemove, In Quarantäne, [1e651f7ad3c72b0b7cc9a5f8dd27c23e],
PUP.Optional.WinYahoo, C:\Users\eFKa\AppData\Local\{DD3FEB63-F997-87DB-940F-A233B0675EAB}, In Quarantäne, [1e651f7ad3c72b0b7cc9a5f8dd27c23e],
Dateien: 27
PUP.Optional.WinYahoo, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk, In Quarantäne, [03806d2c01994fe7beece3fdaa59a55b],
PUP.Optional.WinYahoo, C:\Windows\Tasks\Yahoo! Powered locod.job, In Quarantäne, [0c77e6b3e2b80d29a16bcde7aa5a01ff],
PUP.Optional.WinYahoo, C:\Windows\System32\Tasks\Yahoo! Powered locod, In Quarantäne, [e59eeeabd1c9b284b45b981ce024867a],
PUP.Optional.WinYahoo, C:\Users\eFKa\AppData\Local\{DD3FEB63-F997-87DB-940F-A233B0675EAB}\HowToRemove\HowToRemove.html, In Quarantäne, [1e651f7ad3c72b0b7cc9a5f8dd27c23e],
PUP.Optional.WinYahoo, C:\Users\eFKa\AppData\Local\{DD3FEB63-F997-87DB-940F-A233B0675EAB}\HowToRemove\chromium-min.jpg, In Quarantäne, [1e651f7ad3c72b0b7cc9a5f8dd27c23e],
PUP.Optional.WinYahoo, C:\Users\eFKa\AppData\Local\{DD3FEB63-F997-87DB-940F-A233B0675EAB}\HowToRemove\control panel-min-min.JPG, In Quarantäne, [1e651f7ad3c72b0b7cc9a5f8dd27c23e],
PUP.Optional.WinYahoo, C:\Users\eFKa\AppData\Local\{DD3FEB63-F997-87DB-940F-A233B0675EAB}\HowToRemove\down.png, In Quarantäne, [1e651f7ad3c72b0b7cc9a5f8dd27c23e],
PUP.Optional.WinYahoo, C:\Users\eFKa\AppData\Local\{DD3FEB63-F997-87DB-940F-A233B0675EAB}\HowToRemove\ff menu.JPG, In Quarantäne, [1e651f7ad3c72b0b7cc9a5f8dd27c23e],
PUP.Optional.WinYahoo, C:\Users\eFKa\AppData\Local\{DD3FEB63-F997-87DB-940F-A233B0675EAB}\HowToRemove\ff search engine-min.png, In Quarantäne, [1e651f7ad3c72b0b7cc9a5f8dd27c23e],
PUP.Optional.WinYahoo, C:\Users\eFKa\AppData\Local\{DD3FEB63-F997-87DB-940F-A233B0675EAB}\HowToRemove\hp-min ff.png, In Quarantäne, [1e651f7ad3c72b0b7cc9a5f8dd27c23e],
PUP.Optional.WinYahoo, C:\Users\eFKa\AppData\Local\{DD3FEB63-F997-87DB-940F-A233B0675EAB}\HowToRemove\hp-min ie.png, In Quarantäne, [1e651f7ad3c72b0b7cc9a5f8dd27c23e],
PUP.Optional.WinYahoo, C:\Users\eFKa\AppData\Local\{DD3FEB63-F997-87DB-940F-A233B0675EAB}\HowToRemove\search engine.gif, In Quarantäne, [1e651f7ad3c72b0b7cc9a5f8dd27c23e],
PUP.Optional.WinYahoo, C:\Users\eFKa\AppData\Local\{DD3FEB63-F997-87DB-940F-A233B0675EAB}\HowToRemove\setup pages.gif, In Quarantäne, [1e651f7ad3c72b0b7cc9a5f8dd27c23e],
PUP.Optional.WinYahoo, C:\Users\eFKa\AppData\Local\{DD3FEB63-F997-87DB-940F-A233B0675EAB}\HowToRemove\sp-min.png, In Quarantäne, [1e651f7ad3c72b0b7cc9a5f8dd27c23e],
PUP.Optional.WinYahoo, C:\Users\eFKa\AppData\Local\{DD3FEB63-F997-87DB-940F-A233B0675EAB}\HowToRemove\start-min.jpg, In Quarantäne, [1e651f7ad3c72b0b7cc9a5f8dd27c23e],
PUP.Optional.WinYahoo, C:\Users\eFKa\AppData\Local\{DD3FEB63-F997-87DB-940F-A233B0675EAB}\HowToRemove\up.png, In Quarantäne, [1e651f7ad3c72b0b7cc9a5f8dd27c23e],
PUP.Optional.WinYahoo, C:\Users\eFKa\AppData\Local\{DD3FEB63-F997-87DB-940F-A233B0675EAB}\bapi_ff.dat, In Quarantäne, [1e651f7ad3c72b0b7cc9a5f8dd27c23e],
PUP.Optional.WinYahoo, C:\Users\eFKa\AppData\Local\{DD3FEB63-F997-87DB-940F-A233B0675EAB}\bapi_ie.dat, In Quarantäne, [1e651f7ad3c72b0b7cc9a5f8dd27c23e],
PUP.Optional.WinYahoo, C:\Users\eFKa\AppData\Local\{DD3FEB63-F997-87DB-940F-A233B0675EAB}\cilo, In Quarantäne, [1e651f7ad3c72b0b7cc9a5f8dd27c23e],
PUP.Optional.WinYahoo, C:\Users\eFKa\AppData\Local\{DD3FEB63-F997-87DB-940F-A233B0675EAB}\install.log, In Quarantäne, [1e651f7ad3c72b0b7cc9a5f8dd27c23e],
PUP.Optional.WinYahoo, C:\Users\eFKa\AppData\Local\{DD3FEB63-F997-87DB-940F-A233B0675EAB}\meci, In Quarantäne, [1e651f7ad3c72b0b7cc9a5f8dd27c23e],
PUP.Optional.WinYahoo, C:\Users\eFKa\AppData\Local\{DD3FEB63-F997-87DB-940F-A233B0675EAB}\nari.cfg, In Quarantäne, [1e651f7ad3c72b0b7cc9a5f8dd27c23e],
PUP.Optional.WinYahoo, C:\Users\eFKa\AppData\Local\{DD3FEB63-F997-87DB-940F-A233B0675EAB}\nati, In Quarantäne, [1e651f7ad3c72b0b7cc9a5f8dd27c23e],
PUP.Optional.WinYahoo, C:\Users\eFKa\AppData\Local\{DD3FEB63-F997-87DB-940F-A233B0675EAB}\ralo.dat, In Quarantäne, [1e651f7ad3c72b0b7cc9a5f8dd27c23e],
PUP.Optional.WinYahoo, C:\Users\eFKa\AppData\Local\{DD3FEB63-F997-87DB-940F-A233B0675EAB}\Sqlite3.dll, In Quarantäne, [1e651f7ad3c72b0b7cc9a5f8dd27c23e],
PUP.Optional.WinYahoo, C:\Users\eFKa\AppData\Local\{DD3FEB63-F997-87DB-940F-A233B0675EAB}\uninst.dat, In Quarantäne, [1e651f7ad3c72b0b7cc9a5f8dd27c23e],
PUP.Optional.WinYahoo, C:\Users\eFKa\AppData\Local\{DD3FEB63-F997-87DB-940F-A233B0675EAB}\uninst.exe, In Quarantäne, [1e651f7ad3c72b0b7cc9a5f8dd27c23e],
Physische Sektoren: 0
(keine bösartigen Elemente erkannt)
(end)
JRT Log: Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 10 Enterprise x64
Ran by eFKa (Administrator) on 15.10.2016 at 10:42:45,78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 0
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.10.2016 at 10:45:43,35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Falls noch mehr benötigt wird, stelle ich das schnellst möglich zur verfügung. |