Hallo vielen Dank das du mir so toll hilfst.
Hier nun die beiden Log Datein:
nach dem ersten scan:
Code:
Alles auswählen Aufklappen ATTFilter
Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org
Database version: v2013.01.04.08
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Sefer :: SEFER-PC [administrator]
04.01.2013 22:25:18
mbar-log-2013-01-04 (22-25-18).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30176
Time elapsed: 16 minute(s), 16 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 20
HKLM\SOFTWARE\CLASSES\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Delete on reboot.
HKCU\SOFTWARE\CLASSES\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Delete on reboot.
HKCU\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Delete on reboot.
HKCU\SOFTWARE\CLASSES\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Delete on reboot.
HKCU\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}\InprocServer32 (PUP.LoadTubes) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\loadtbs-2.1 (PUP.LoadTubes) -> Delete on reboot.
HKCU\SOFTWARE\BPROTECTOR (PUP.BProtector) -> Delete on reboot.
HKCU\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Delete on reboot.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IBUpdaterService (PUP.InstallBrain) -> Delete on reboot.
Registry Values Detected: 5
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data: ;áÃzÊ;XA³0öm»�Áµ -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data: VShareTB -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data: -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data: -> Delete on reboot.
HKCU\SOFTWARE\BPROTECTOR|iexplore homepages (PUP.BProtector) -> Data: hxxp://www.qooqle.biz.tr/git.php^hxxp://go.microsoft.com/fwlink/?LinkId=69157^^ -> Delete on reboot.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 4
C:\ProgramData\bProtector (PUP.BProtector) -> Delete on reboot.
C:\Users\Sefer\AppData\Roaming\loadtbs (PUP.LoadTubes) -> Delete on reboot.
C:\Users\Sefer\AppData\Roaming\loadtbs\chrome@loadtubes.com (PUP.LoadTubes) -> Delete on reboot.
C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Delete on reboot.
Files Detected: 20
C:\Users\Sefer\AppData\Roaming\loadtbs\ytdl.exe (PUP.LoadTubes) -> Delete on reboot.
C:\Program Files\Mozilla Firefox\Plugins\npmieze.dll (PUP.LoadTubes) -> Delete on reboot.
C:\Users\Sefer\AppData\Local\funmoods.crx (PUP.Funmoods) -> Delete on reboot.
C:\ProgramData\bProtector\bProtect.settings (PUP.BProtector) -> Delete on reboot.
C:\Users\Sefer\AppData\Roaming\loadtbs\keyHash.txt (PUP.LoadTubes) -> Delete on reboot.
C:\Users\Sefer\AppData\Roaming\loadtbs\config.txt (PUP.LoadTubes) -> Delete on reboot.
C:\Users\Sefer\AppData\Roaming\loadtbs\domHash.txt (PUP.LoadTubes) -> Delete on reboot.
C:\Users\Sefer\AppData\Roaming\loadtbs\evHash.txt (PUP.LoadTubes) -> Delete on reboot.
C:\Users\Sefer\AppData\Roaming\loadtbs\ffmpeg.exe (PUP.LoadTubes) -> Delete on reboot.
C:\Users\Sefer\AppData\Roaming\loadtbs\license.txt (PUP.LoadTubes) -> Delete on reboot.
C:\Users\Sefer\AppData\Roaming\loadtbs\toolbar.dll (PUP.LoadTubes) -> Delete on reboot.
C:\Users\Sefer\AppData\Roaming\loadtbs\uninstall.exe (PUP.LoadTubes) -> Delete on reboot.
C:\Users\Sefer\AppData\Roaming\loadtbs\updateHash.txt (PUP.LoadTubes) -> Delete on reboot.
C:\Users\Sefer\AppData\Roaming\loadtbs\chrome@loadtubes.com\background.html (PUP.LoadTubes) -> Delete on reboot.
C:\Users\Sefer\AppData\Roaming\loadtbs\chrome@loadtubes.com\background.js (PUP.LoadTubes) -> Delete on reboot.
C:\Users\Sefer\AppData\Roaming\loadtbs\chrome@loadtubes.com\download.js (PUP.LoadTubes) -> Delete on reboot.
C:\Users\Sefer\AppData\Roaming\loadtbs\chrome@loadtubes.com\fire.js (PUP.LoadTubes) -> Delete on reboot.
C:\Users\Sefer\AppData\Roaming\loadtbs\chrome@loadtubes.com\manifest.json (PUP.LoadTubes) -> Delete on reboot.
C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Delete on reboot.
C:\Users\Sefer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Delete on reboot.
(end)
nach dem zweiten scan (ohne Funde)
Code:
Alles auswählen Aufklappen ATTFilter
Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org
Database version: v2013.01.04.09
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Sefer :: SEFER-PC [administrator]
04.01.2013 22:56:55
mbar-log-2013-01-04 (22-56-55).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30104
Time elapsed: 19 minute(s), 14 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Vielen vielen Dank in voraus. Kannst du jetzt schon sagen was für ein Schädling es war/ist?
Hybrid-Darstellung
