solutiion7 | 27.09.2023 03:01 | Da ich nicht genug zeichen hatte, antworte ich nochmal darauf mit den anderen logfiles. Code:
Malwarebytes
www.malwarebytes.com
-Protokolldetails-
Scan-Datum: 26.09.23
Scan-Zeit: 23:20
Protokolldatei: 7ea22fce-5cb2-11ee-8e25-00d861a4137a.json
-Softwaredaten-
Version: 4.6.3.282
Komponentenversion: 1.0.2158
Version des Aktualisierungspakets: 1.0.75703
Lizenz: Testversion
-Systemdaten-
Betriebssystem: Windows 10 (Build 19045.3448)
CPU: x64
Dateisystem: NTFS
Benutzer: DESKTOP-22072OS\Caang
-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Scan gestartet von: Manuell
Ergebnis: Abgeschlossen
Gescannte Objekte: 279510
Erkannte Bedrohungen: 24
In die Quarantäne verschobene Bedrohungen: 24
Abgelaufene Zeit: 10 Min., 33 Sek.
-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung
-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)
Modul: 0
(keine bösartigen Elemente erkannt)
Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)
Registrierungswert: 0
(keine bösartigen Elemente erkannt)
Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)
Daten-Stream: 0
(keine bösartigen Elemente erkannt)
Ordner: 2
PUP.Optional.Trovi, C:\USERS\CAANG\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\Default\Sync Data\LevelDB, In Quarantäne, 2465, 1138508, , , , , ,
PUP.Optional.Trovi, C:\USERS\CAANG\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\Default\Sync Data\LevelDB, In Quarantäne, 2465, 1138508, , , , , ,
Datei: 22
Crypt.Trojan.Malicious.DDS, C:\USERS\CAANG\APPDATA\LOCAL\TEMP\OPENOFFICE-UPDATE-4114-1-DE.EXE, In Quarantäne, 1000002, 0, 1.0.75703, 8877BFBD2263874CCBFB5AE6, dds, 02490964, 861DE6B3CA06A482B98C04D3A76CB294, A9E27507699CFE94EDB7992D6D7EDB9ED0D7A3EB21164CE3B7280F5AA4340F39
Generic.Malware/Suspicious, C:\USERS\CAANG\DESKTOP\PLUGS\RC-20 RETRO COLOR V1.0.5 WINOSX\R2R\XLN_KEYGEN.EXE, In Quarantäne, 0, 392686, 1.0.75703, , shuriken, , 7FA1D4F943E7E3896E78A79D3F465B89, 9010ADA93277BC1A52D16FBDEB702DEE99340AAD03044946CF59BD6DEAC377DB
Malware.AI.2016575705, C:\USERS\CAANG\DESKTOP\PLUGS\RC-20 RETRO COLOR V1.0.5 WINOSX\R2R\XLN_KEYGEN.EXE, In Quarantäne, 1000000, 2016575705, 1.0.75703, E5186D86D456938C783280D9, dds, 02490964, 7FA1D4F943E7E3896E78A79D3F465B89, 9010ADA93277BC1A52D16FBDEB702DEE99340AAD03044946CF59BD6DEAC377DB
Generic.Malware.AI.DDS, C:\USERS\CAANG\DESKTOP\WIZARD\VINTAGEVERB.ZIP, In Quarantäne, 1000002, 0, 1.0.75703, 2307BFAB720B83600B0C9318, dds, 02490964, 99215858DB48EDE86CC13A70D91651D4, F2D9014499F772D5C607FA58A68ABF32FE7081CF9E95E4CAB29507438D0C381B
PUP.Optional.StartPage, C:\USERS\CAANG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Ersetzt, 328, 454813, 1.0.75703, , ame, , 6DA35527B23BD25049FA158DF7FBD0B2, 3A8E28D659736C93E5AD2C04D5B3F9B40D25F99CD149AC97D4D798FB2D1F9629
PUP.Optional.StartPage, C:\USERS\CAANG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Ersetzt, 328, 454813, 1.0.75703, , ame, , 6DA35527B23BD25049FA158DF7FBD0B2, 3A8E28D659736C93E5AD2C04D5B3F9B40D25F99CD149AC97D4D798FB2D1F9629
PUP.Optional.StartPage, C:\USERS\CAANG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Ersetzt, 328, 454813, 1.0.75703, , ame, , 6DA35527B23BD25049FA158DF7FBD0B2, 3A8E28D659736C93E5AD2C04D5B3F9B40D25F99CD149AC97D4D798FB2D1F9629
PUP.Optional.Trovi, C:\Users\Caang\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\000005.ldb, In Quarantäne, 2465, 1138508, , , , , 347399EAF08637C11BB06404D9AD9D26, 56E3360371F331AE4C1026D54735DA47EF5DB0B7E9A025E61441F608739D11DB
PUP.Optional.Trovi, C:\Users\Caang\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\000008.ldb, In Quarantäne, 2465, 1138508, , , , , 25B1E7E749C1400647AF04A47401454A, A03043B879AFD300AF869CDF6B32E6AF9B328C394CD966FC6F3B96D6F6EB404D
PUP.Optional.Trovi, C:\Users\Caang\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\000011.ldb, In Quarantäne, 2465, 1138508, , , , , 23928B78B37CF46A6F09887BAA240099, A65929FB7C11C3030B40CBF2710252CBED7FE452CA5253DA26FE2AA5B3EAB7A0
PUP.Optional.Trovi, C:\Users\Caang\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\000014.ldb, In Quarantäne, 2465, 1138508, , , , , 81602B7A6748DAD97077E912E166BE6F, 1BAD2E2096FA850F215AF4EEE2F8A8B276497ABBE0845893006B41DD083981F0
PUP.Optional.Trovi, C:\Users\Caang\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\000016.log, In Quarantäne, 2465, 1138508, , , , , 556F1AAA1D518EEF59177A8DCDBA7488, 5BAAB0D86886B440F4ABD696FCF95AFEB8B3E1F60C1B7B9995E1D5278AD89046
PUP.Optional.Trovi, C:\Users\Caang\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\000017.ldb, In Quarantäne, 2465, 1138508, , , , , 647BAAA40641D02639718E06F473F6C6, 8C2D1AE433C7C9E9FFA0AD948329358345C43BDC711EFFA6B13DF18D094CE02F
PUP.Optional.Trovi, C:\Users\Caang\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\CURRENT, In Quarantäne, 2465, 1138508, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
PUP.Optional.Trovi, C:\Users\Caang\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOCK, In Quarantäne, 2465, 1138508, , , , , ,
PUP.Optional.Trovi, C:\Users\Caang\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG, In Quarantäne, 2465, 1138508, , , , , CD27D0F31D0CFCD23C4F87F8D8C3BBA4, 3727507E9C029F7A2BB68B9A3EC367A17DAF2DA16681AAFFD6F674FF40E988AE
PUP.Optional.Trovi, C:\Users\Caang\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old, In Quarantäne, 2465, 1138508, , , , , C2ADAD557DD57A1AAE368FB2ED50E193, 9258FB8D0DB9630FB93359FB065880E332528D2841A81A5BE312480383A62184
PUP.Optional.Trovi, C:\Users\Caang\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\MANIFEST-000001, In Quarantäne, 2465, 1138508, , , , , D377AD74D179E62507089469E0B800F7, A55C10D52AAFCC922A3A2A0FC84007A7EB358B304EE0C77C4B2F4B41213EB9BF
PUP.Optional.Trovi, C:\USERS\CAANG\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\Default\Secure Preferences, Ersetzt, 2465, 1138508, 1.0.75703, , ame, , CFAEDA970907604089A1474026AB88A8, B910DFC9C03A123E5259BD5F7DEC0B570C0F3386D954EC944EE5B7DD0CF8A876
PUP.Optional.Trovi, C:\USERS\CAANG\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\Default\Secure Preferences, Ersetzt, 2465, 1138508, 1.0.75703, , ame, , CFAEDA970907604089A1474026AB88A8, B910DFC9C03A123E5259BD5F7DEC0B570C0F3386D954EC944EE5B7DD0CF8A876
PUP.Optional.Trovi, C:\USERS\CAANG\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\Default\Web Data, Ersetzt, 2465, 1138508, 1.0.75703, , ame, , 0FBA4B905F6187002C5789642F8ABDEB, C8BD5B18E3B6D7C2D7875F6B7D059D4052FBD5C36552A2122A2AE7A5F2AEC343
PUP.Optional.Trovi, C:\USERS\CAANG\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\Default\Web Data, Ersetzt, 2465, 1138508, 1.0.75703, , ame, , 0FBA4B905F6187002C5789642F8ABDEB, C8BD5B18E3B6D7C2D7875F6B7D059D4052FBD5C36552A2122A2AE7A5F2AEC343
Physischer Sektor: 0
(keine bösartigen Elemente erkannt)
WMI: 0
(keine bösartigen Elemente erkannt)
(end) Code:
# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2023-07-19.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 09-26-2023
# Duration: 00:00:04
# OS: Windows 10 (Build 19045.3448)
# Cleaned: 36
# Failed: 0
***** [ Services ] *****
Deleted WCAssistantService
***** [ Folders ] *****
Deleted C:\Program Files (x86)\Browser Files
Deleted C:\Program Files (x86)\Lavasoft\Web Companion
Deleted C:\Program Files (x86)\UNINSTALL NEXUS
Deleted C:\ProgramData\Application Data\Lavasoft\Web Companion
Deleted C:\ProgramData\Lavasoft\Web Companion
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion
Deleted C:\Users\Caang\AppData\Local\Lavasoft\WEBCOMPANION.EXE_URL_MRPQ523XMEO0CM2M0N5VJ25Z3NZKGEP4
Deleted C:\Users\Caang\AppData\Local\Lavasoft\WEBCOMPANION.EXE_URL_SIQ0LWF3TZGXP2KHFKLLYBK3IDTBEHNG
Deleted C:\Users\Caang\AppData\Roaming\Lavasoft\Web Companion
Deleted C:\Users\Caang\AppData\Roaming\Tencent
Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Lavasoft\Web Companion
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
Deleted C:\Users\Caang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Deleted C:\Users\Caang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\Software\Lavasoft\Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|OpenOffice Updater
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Websuche.exe
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{412f6e16-069b-4fe2-b701-c4afc81a740b}|DisplayIcon
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{412f6e16-069b-4fe2-b701-c4afc81a740b}|DisplayName
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{412f6e16-069b-4fe2-b701-c4afc81a740b}|UninstallString
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\App Paths\Websuche.exe
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Websuche
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKU\.DEFAULT\Software\Mozilla\NativeMessagingHosts\com.webcompanion.native
Deleted HKU\S-1-5-18\SOFTWARE\Mozilla\NativeMessagingHosts\com.webcompanion.native
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
Deleted Web
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
Deleted My Firefox Search
Deleted My Firefox Search
Deleted Websuche
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [4847 octets] - [26/09/2023 22:56:24]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ########## |