adnan.cemal | 11.02.2018 21:14 | Win 10: Pop up "There is a recommended update for this computer" behindert das Arbeiten am Laptop Hallo,
leider muss ich gestehen dass ich gleich gegen Regel 1 verstoßen habe. :headbang: Um mein Problem zu lösen habe ich bei euch einen Post gefunden und die drei Schritte ausgeführt. Nun würde ich gerne Wissen ob ich damit mein Problem gelöst habe. Ich habe folgende Schritte ausgeführt. Schritt 1: Installation Malwarebytes' Anti-Malware (MBAM) und Bereinigung Logfile nach Bereinigung (mbam.txt) Code:
Malwarebytes
www.malwarebytes.com
-Protokolldetails-
Scan-Datum: 11.02.18
Scan-Zeit: 19:30
Protokolldatei: 9303cb46-0f59-11e8-bca6-000000000000.json
Administrator: Ja
-Softwaredaten-
Version: 3.3.1.2183
Komponentenversion: 1.0.262
Version des Aktualisierungspakets: 1.0.3918
Lizenz: Testversion
-Systemdaten-
Betriebssystem: Windows 10 (Build 16299.192)
CPU: x64
Dateisystem: NTFS
Benutzer: *****S-WIN10-LA\***** *****
-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Ergebnis: Abgeschlossen
Gescannte Objekte: 309673
Erkannte Bedrohungen: 71
In die Quarantäne verschobene Bedrohungen: 71
Abgelaufene Zeit: 3 Min., 16 Sek.
-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung
-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)
Modul: 0
(keine bösartigen Elemente erkannt)
Registrierungsschlüssel: 18
PUP.Optional.WinBing, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Search Provided by Bing mifor, In Quarantäne, [1536], [336089],1.0.3918
PUP.Optional.WinBing, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{9792B3DF-E28B-4B37-93C7-DA5AEDC6DF02}, In Quarantäne, [1536], [336089],1.0.3918
PUP.Optional.WinBing, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{9792B3DF-E28B-4B37-93C7-DA5AEDC6DF02}, In Quarantäne, [1536], [336089],1.0.3918
PUP.Optional.WinYahoo.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Search Provided by Bing mifor, In Quarantäne, [483], [-1],0.0.0
PUP.Optional.WinYahoo.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9792B3DF-E28B-4B37-93C7-DA5AEDC6DF02}, In Quarantäne, [483], [-1],0.0.0
PUP.Optional.WinYahoo.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9792B3DF-E28B-4B37-93C7-DA5AEDC6DF02}, In Quarantäne, [483], [-1],0.0.0
PUP.Optional.WinYahoo.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{2ECE2309-38CF-CD21-7968-32B3D7B76CFB}, In Quarantäne, [483], [448853],1.0.3918
PUP.Optional.WinYahoo.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{09C96D32-D0D5-42C3-9957-D2004F58830D}, In Quarantäne, [483], [448853],1.0.3918
PUP.Optional.WinYahoo.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{09C96D32-D0D5-42C3-9957-D2004F58830D}, In Quarantäne, [483], [448853],1.0.3918
PUP.Optional.WinYahoo.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2ECE2309-38CF-CD21-7968-32B3D7B76CFB}, In Quarantäne, [483], [-1],0.0.0
PUP.Optional.WinYahoo.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09C96D32-D0D5-42C3-9957-D2004F58830D}, In Quarantäne, [483], [-1],0.0.0
PUP.Optional.WinYahoo.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{09C96D32-D0D5-42C3-9957-D2004F58830D}, In Quarantäne, [483], [-1],0.0.0
PUP.Optional.InstallCore, HKU\S-1-5-21-2031905045-4182035835-415290875-1001\SOFTWARE\PRODUCTSETUP, In Quarantäne, [2], [481004],1.0.3918
PUP.Optional.InstallCore, HKU\S-1-5-21-2031905045-4182035835-415290875-1001\SOFTWARE\csastats, In Quarantäne, [2], [260986],1.0.3918
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, In Quarantäne, [57], [342423],1.0.3918
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, In Quarantäne, [57], [342423],1.0.3918
PUP.Optional.WinYahoo, HKU\S-1-5-21-2031905045-4182035835-415290875-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, In Quarantäne, [57], [342423],1.0.3918
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4F51A791-1FD1-7611-AE51-06917ED1D511}, In Quarantäne, [57], [302717],1.0.3918
Registrierungswert: 5
PUP.Optional.InstallCore, HKU\S-1-5-21-2031905045-4182035835-415290875-1001\SOFTWARE\PRODUCTSETUP|TB, In Quarantäne, [2], [481004],1.0.3918
PUP.Optional.WinYahoo, HKU\S-1-5-21-2031905045-4182035835-415290875-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, In Quarantäne, [57], [342423],1.0.3918
PUP.Optional.WinBing, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{9792B3DF-E28B-4B37-93C7-DA5AEDC6DF02}|PATH, In Quarantäne, [1536], [336082],1.0.3918
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, In Quarantäne, [57], [342409],1.0.3918
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, In Quarantäne, [57], [342409],1.0.3918
Registrierungsdaten: 2
PUP.Optional.WinYahoo, HKU\S-1-5-21-2031905045-4182035835-415290875-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Ersetzt, [57], [342415],1.0.3918
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Ersetzt, [57], [342425],1.0.3918
Daten-Stream: 0
(keine bösartigen Elemente erkannt)
Ordner: 4
PUP.Optional.WinYahoo.TskLnk, C:\PROGRAMDATA\{B68373E0-3CC1-F926-BA07-67642045ECAA}, In Quarantäne, [483], [453921],1.0.3918
PUP.Optional.WinYahoo.TskLnk, C:\USERS\***** *****\APPDATA\ROAMING\2ECE2309-38CF-CD21-7968-32B3D7B76CFB, In Quarantäne, [483], [448853],1.0.3918
PUP.Optional.WinYahoo, C:\Users\***** *****\AppData\Local\{9606A05A-B2AE-CCE2-DF36-E90AFB5E1592}\HowToRemove, In Quarantäne, [57], [302717],1.0.3918
PUP.Optional.WinYahoo, C:\USERS\***** *****\APPDATA\LOCAL\{9606A05A-B2AE-CCE2-DF36-E90AFB5E1592}, In Quarantäne, [57], [302717],1.0.3918
Datei: 42
PUP.Optional.WinYahoo, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\HOWTOREMOVE.HTML.LNK, In Quarantäne, [57], [254335],1.0.3918
PUP.Optional.WinBing, C:\WINDOWS\TASKS\Search Provided by Bing mifor.job, In Quarantäne, [1536], [336088],1.0.3918
PUP.Optional.WinBing, C:\WINDOWS\SYSTEM32\TASKS\Search Provided by Bing mifor, In Quarantäne, [1536], [336089],1.0.3918
PUP.Optional.WinYahoo.TskLnk, C:\PROGRAMDATA\{B68373E0-3CC1-F926-BA07-67642045ECAA}\cire.txt, In Quarantäne, [483], [453921],1.0.3918
PUP.Optional.WinYahoo.TskLnk, C:\ProgramData\{B68373E0-3CC1-F926-BA07-67642045ECAA}\aowLC, In Quarantäne, [483], [453921],1.0.3918
PUP.Optional.WinYahoo.TskLnk, C:\ProgramData\{B68373E0-3CC1-F926-BA07-67642045ECAA}\hdat1, In Quarantäne, [483], [453921],1.0.3918
PUP.Optional.WinYahoo.TskLnk, C:\ProgramData\{B68373E0-3CC1-F926-BA07-67642045ECAA}\hdat2, In Quarantäne, [483], [453921],1.0.3918
PUP.Optional.WinYahoo.TskLnk, C:\ProgramData\{B68373E0-3CC1-F926-BA07-67642045ECAA}\lJbzX, In Quarantäne, [483], [453921],1.0.3918
PUP.Optional.WinYahoo.TskLnk, C:\ProgramData\{B68373E0-3CC1-F926-BA07-67642045ECAA}\lonola, In Quarantäne, [483], [453921],1.0.3918
PUP.Optional.WinYahoo.TskLnk, C:\ProgramData\{B68373E0-3CC1-F926-BA07-67642045ECAA}\radiro, In Quarantäne, [483], [453921],1.0.3918
PUP.Optional.WinYahoo.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\Search Provided by Bing mifor, In Quarantäne, [483], [-1],0.0.0
PUP.Optional.WinYahoo.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\{2ECE2309-38CF-CD21-7968-32B3D7B76CFB}, In Quarantäne, [483], [448853],1.0.3918
PUP.Optional.WinYahoo.TskLnk, C:\USERS\***** *****\APPDATA\ROAMING\2ECE2309-38CF-CD21-7968-32B3D7B76CFB\ProductUpdt.exe, In Quarantäne, [483], [448853],1.0.3918
PUP.Optional.WinYahoo.TskLnk, C:\Users\***** *****\AppData\Roaming\2ECE2309-38CF-CD21-7968-32B3D7B76CFB\info.dat, In Quarantäne, [483], [448853],1.0.3918
PUP.Optional.WinYahoo.TskLnk, C:\Users\***** *****\AppData\Roaming\2ECE2309-38CF-CD21-7968-32B3D7B76CFB\STTL.DAT, In Quarantäne, [483], [448853],1.0.3918
PUP.Optional.WinYahoo.TskLnk, C:\Users\***** *****\AppData\Roaming\2ECE2309-38CF-CD21-7968-32B3D7B76CFB\TTL.DAT, In Quarantäne, [483], [448853],1.0.3918
PUP.Optional.WinYahoo.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\{2ECE2309-38CF-CD21-7968-32B3D7B76CFB}, In Quarantäne, [483], [-1],0.0.0
PUP.Optional.WinYahoo, C:\USERS\***** *****\APPDATA\LOCAL\{9606A05A-B2AE-CCE2-DF36-E90AFB5E1592}\HOWTOREMOVE\HOWTOREMOVE.HTML, In Quarantäne, [57], [302717],1.0.3918
PUP.Optional.WinYahoo, C:\Users\***** *****\AppData\Local\{9606A05A-B2AE-CCE2-DF36-E90AFB5E1592}\HowToRemove\chromium-min.jpg, In Quarantäne, [57], [302717],1.0.3918
PUP.Optional.WinYahoo, C:\Users\***** *****\AppData\Local\{9606A05A-B2AE-CCE2-DF36-E90AFB5E1592}\HowToRemove\control panel-min-min.JPG, In Quarantäne, [57], [302717],1.0.3918
PUP.Optional.WinYahoo, C:\Users\***** *****\AppData\Local\{9606A05A-B2AE-CCE2-DF36-E90AFB5E1592}\HowToRemove\down.png, In Quarantäne, [57], [302717],1.0.3918
PUP.Optional.WinYahoo, C:\Users\***** *****\AppData\Local\{9606A05A-B2AE-CCE2-DF36-E90AFB5E1592}\HowToRemove\ff menu.JPG, In Quarantäne, [57], [302717],1.0.3918
PUP.Optional.WinYahoo, C:\Users\***** *****\AppData\Local\{9606A05A-B2AE-CCE2-DF36-E90AFB5E1592}\HowToRemove\ff search engine-min.png, In Quarantäne, [57], [302717],1.0.3918
PUP.Optional.WinYahoo, C:\Users\***** *****\AppData\Local\{9606A05A-B2AE-CCE2-DF36-E90AFB5E1592}\HowToRemove\hp-min ff.png, In Quarantäne, [57], [302717],1.0.3918
PUP.Optional.WinYahoo, C:\Users\***** *****\AppData\Local\{9606A05A-B2AE-CCE2-DF36-E90AFB5E1592}\HowToRemove\hp-min ie.png, In Quarantäne, [57], [302717],1.0.3918
PUP.Optional.WinYahoo, C:\Users\***** *****\AppData\Local\{9606A05A-B2AE-CCE2-DF36-E90AFB5E1592}\HowToRemove\search engine.gif, In Quarantäne, [57], [302717],1.0.3918
PUP.Optional.WinYahoo, C:\Users\***** *****\AppData\Local\{9606A05A-B2AE-CCE2-DF36-E90AFB5E1592}\HowToRemove\setup pages.gif, In Quarantäne, [57], [302717],1.0.3918
PUP.Optional.WinYahoo, C:\Users\***** *****\AppData\Local\{9606A05A-B2AE-CCE2-DF36-E90AFB5E1592}\HowToRemove\sp-min.png, In Quarantäne, [57], [302717],1.0.3918
PUP.Optional.WinYahoo, C:\Users\***** *****\AppData\Local\{9606A05A-B2AE-CCE2-DF36-E90AFB5E1592}\HowToRemove\start-min.jpg, In Quarantäne, [57], [302717],1.0.3918
PUP.Optional.WinYahoo, C:\Users\***** *****\AppData\Local\{9606A05A-B2AE-CCE2-DF36-E90AFB5E1592}\HowToRemove\up.png, In Quarantäne, [57], [302717],1.0.3918
PUP.Optional.WinYahoo, C:\Users\***** *****\AppData\Local\{9606A05A-B2AE-CCE2-DF36-E90AFB5E1592}\codasoti.dat, In Quarantäne, [57], [302717],1.0.3918
PUP.Optional.WinYahoo, C:\Users\***** *****\AppData\Local\{9606A05A-B2AE-CCE2-DF36-E90AFB5E1592}\direnef, In Quarantäne, [57], [302717],1.0.3918
PUP.Optional.WinYahoo, C:\Users\***** *****\AppData\Local\{9606A05A-B2AE-CCE2-DF36-E90AFB5E1592}\fedasa, In Quarantäne, [57], [302717],1.0.3918
PUP.Optional.WinYahoo, C:\Users\***** *****\AppData\Local\{9606A05A-B2AE-CCE2-DF36-E90AFB5E1592}\forica.dat, In Quarantäne, [57], [302717],1.0.3918
PUP.Optional.WinYahoo, C:\Users\***** *****\AppData\Local\{9606A05A-B2AE-CCE2-DF36-E90AFB5E1592}\install.log, In Quarantäne, [57], [302717],1.0.3918
PUP.Optional.WinYahoo, C:\Users\***** *****\AppData\Local\{9606A05A-B2AE-CCE2-DF36-E90AFB5E1592}\lesadar, In Quarantäne, [57], [302717],1.0.3918
PUP.Optional.WinYahoo, C:\Users\***** *****\AppData\Local\{9606A05A-B2AE-CCE2-DF36-E90AFB5E1592}\ronaletot.dat, In Quarantäne, [57], [302717],1.0.3918
PUP.Optional.WinYahoo, C:\Users\***** *****\AppData\Local\{9606A05A-B2AE-CCE2-DF36-E90AFB5E1592}\siralano, In Quarantäne, [57], [302717],1.0.3918
PUP.Optional.WinYahoo, C:\Users\***** *****\AppData\Local\{9606A05A-B2AE-CCE2-DF36-E90AFB5E1592}\Sqlite3.dll, In Quarantäne, [57], [302717],1.0.3918
PUP.Optional.WinYahoo, C:\Users\***** *****\AppData\Local\{9606A05A-B2AE-CCE2-DF36-E90AFB5E1592}\uninst.dat, In Quarantäne, [57], [302717],1.0.3918
PUP.Optional.WinYahoo, C:\Users\***** *****\AppData\Local\{9606A05A-B2AE-CCE2-DF36-E90AFB5E1592}\uninst.exe, In Quarantäne, [57], [302717],1.0.3918
PUP.Optional.WinYahoo, C:\Users\***** *****\AppData\Local\{9606A05A-B2AE-CCE2-DF36-E90AFB5E1592}\uninstp.dat, In Quarantäne, [57], [302717],1.0.3918
Physischer Sektor: 0
(keine bösartigen Elemente erkannt)
(end) Schritt 2: Installation AdwCleaner und Bereinigung Logfile nach Bereinigung und Neustart (AdwCleaner[C0].txt) Code:
# AdwCleaner 7.0.8.0 - Logfile created on Sun Feb 11 19:07:16 2018
# Updated on 2018/08/02 by Malwarebytes
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support
***** [ Services ] *****
No malicious services deleted.
***** [ Folders ] *****
No malicious folders deleted.
***** [ Files ] *****
No malicious files deleted.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks deleted.
***** [ Registry ] *****
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\salsa-und-tango.de
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.salsa-und-tango.de
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\salsa-und-tango.de
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.salsa-und-tango.de
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\bytefence.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\de.bytefence.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\bytefence.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\de.bytefence.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\bytefence.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\de.bytefence.com
Deleted: [Key] - HKU\.DEFAULT\Software\ByteFence
Deleted: [Key] - HKU\S-1-5-18\Software\ByteFence
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|ByteFence.exe
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
Deleted: [Value] - HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files\ByteFence\Uninstall.exe
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries deleted.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries deleted.
*************************
::Tracing keys deleted
::Winsock settings cleared
::Prefetch files deleted
::Proxy settings cleared
::IE policies deleted
::Chrome policies deleted
::Additional Actions: 0
*************************
C:/AdwCleaner/AdwCleaner[S0].txt - [3508 B] - [2018/2/11 19:6:34]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ########## |