Hallo!
Ich habe mir auf Grund eines anderen Problems vor mehreren Wochen das Programm "HitmanPro 3.7.7" runtergeladen. Seit dem macht es jede ca 20 h einen Sicherheitsscan. Gerade eben lief der wieder durch und hat diesmal was gefunden, nämlich 2 "Dinge" bei denen Riskware huintendran stand und 12 "Dinge" mit Adware.ClickPotato. Ist das Gefährlich und wenn ja wie bekomm ich das wieder weg?
Danke schon mal für die Antwort!
Noob

hi,

zeig mal das Logfile.

Müsste der hier sein:

Code: Alles auswählenAufklappen

ATTFilter

HitmanPro 3.7.7.203
www.hitmanpro.com

   Computer name . . . . : ***-PC
   Windows . . . . . . . : 6.1.1.7601.X64/8
   User name . . . . . . : ***-PC\***
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (Expired)

   Scan date . . . . . . : 2013-08-26 15:03:34
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 4m 6s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 97
   Traces  . . . . . . . : 374

   Objects scanned . . . : 1.162.379
   Files scanned . . . . : 10.943
   Remnants scanned  . . : 290.683 files / 860.753 keys

Malware _____________________________________________________________________

   C:\Program Files (x86)\LyricsPal\130.dll
      Size . . . . . . . : 145.920 bytes
      Age  . . . . . . . : 0.1 days (2013-08-26 12:50:06)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : 51BE8F7C1DB27A8E162AD50C81E47AE8E01D8ADE33A336C5AF229B716158ADB5
      Product  . . . . . : Lyrics-Pal
      Publisher  . . . . : Lyrics-Pal
      Copyright  . . . . : Copyright (c) 2013
      Gossip . . . . . . : (x86)
    > G Data . . . . . . : Gen:Variant.Adware.Graftor.108504
      Fuzzy  . . . . . . : 99.0
      Startup
         HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dc29db0f-529e-415e-9754-c4d493333108}\
      References
         HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{dc29db0f-529e-415e-9754-c4d493333108}\
         HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\b1d37378-70fb-44d4-aa8d-200f912820ff\

   C:\SysPart\Default\Program Files (x86)\LyricsPal\130.dll
      Size . . . . . . . : 145.920 bytes
      Age  . . . . . . . : 0.1 days (2013-08-26 12:50:06)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : 51BE8F7C1DB27A8E162AD50C81E47AE8E01D8ADE33A336C5AF229B716158ADB5
      Product  . . . . . : Lyrics-Pal
      Publisher  . . . . : Lyrics-Pal
      Copyright  . . . . : Copyright (c) 2013
    > G Data . . . . . . : Gen:Variant.Adware.Graftor.108504
      Fuzzy  . . . . . . : 105.0
      Forensic Cluster
         -2.9s C:\SysPart\Default\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5704840f0b3e82908309923567b498c3_75109218-4e06-43d7-9b1a-814dd81dac59
         -0.0s C:\SysPart\Default\Program Files (x86)\LyricsPal\00.crx
         -0.0s C:\SysPart\Default\Program Files (x86)\LyricsPal\00.xpi
          0.0s C:\SysPart\Default\Program Files (x86)\LyricsPal\130.crx
          0.0s C:\SysPart\Default\Program Files (x86)\LyricsPal\130.dll
          0.0s C:\SysPart\Default\Program Files (x86)\LyricsPal\130.xpi
         14.7s C:\SysPart\Default\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\b03b28dccff9b225f5153fa13a557666\4fb1bb4721b5a959f351deea759d5584\grouping\tmp.edb
         17.1s C:\SysPart\Default\Windows\System32\Tasks\Lyrics-Pal Update
         19.2s C:\SysPart\Default\Program Files (x86)\LyricsPal\130.dat
         19.4s C:\SysPart\Default\Users\***\AppData\Local\Temp\upr6F36.tmp
         20.9s C:\SysPart\Default\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CDG5XQOQ\updated[1].htm
         25.0s C:\SysPart\Default\Users\***\AppData\Local\Temp\upe8594.tmp
         26.1s C:\SysPart\Default\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\94XAELA4\130[1].xml
         29.9s C:\SysPart\Default\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Spotify.lnk


Suspicious files ____________________________________________________________

   C:\Users\***\Desktop\ComboFix.exe
      Size . . . . . . . : 5.087.643 bytes
      Age  . . . . . . . : 46.8 days (2013-07-10 20:40:44)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 6748E61A6234D5CDBB82C782963595FF99CCBFAAAB0D1386D5CBC264BFC27AD5
      Product  . . . . . : ComboFix
      Publisher  . . . . : Swearware
      Description  . . . : ComboFix NSIS Installer
      Version  . . . . . : 13.07.09.01
      Copyright  . . . . : sUBs
      Fuzzy  . . . . . . : 23.0
         The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
      References
         HKU\S-1-5-21-1311006177-775220444-537829284-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\Klemens\Desktop\ComboFix.exe

   C:\Windows\system32\drivers\AVIPBB.sys
      Size . . . . . . . : 129.216 bytes
      Age  . . . . . . . : 206.7 days (2013-01-31 21:24:09)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : 22AA33B1276C2B0FB36F22371FA43BFB8987CED0E81947D6DCC5F134B28E64B6
      Product  . . . . . : Avira Professional Security
      Publisher  . . . . : Avira Operations GmbH & Co. KG
      Description  . . . : Avira Driver for Security Enhancement
      Version  . . . . . : 13.05.01.04
      Copyright  . . . . : Copyright © 2000 - 2013 Avira Operations GmbH & Co. KG. All rights reserved.
      Fuzzy  . . . . . . : 42.0
         The file is hidden from Windows API. This is typical for malware.
         The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.

   C:\Windows\system32\drivers\AVKMGR.sys
      Size . . . . . . . : 27.800 bytes
      Age  . . . . . . . : 206.7 days (2013-01-31 21:24:09)
      Entropy  . . . . . : 6.4
      SHA-256  . . . . . : F9C76B8F100F7CF2A95F451445A4BAEB83BC43C5CF4126175CAE065E0E2A2EEB
      Product  . . . . . : Avira Professional Security
      Publisher  . . . . : Avira Operations GmbH & Co. KG
      Description  . . . : Avira Manager Driver
      Version  . . . . . : 13.04.00.03
      Copyright  . . . . : Copyright © 2000 - 2013 Avira Operations GmbH & Co. KG. All rights reserved.
      Fuzzy  . . . . . . : 42.0
         The file is hidden from Windows API. This is typical for malware.
         The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.

   C:\Windows\system32\drivers\cfwids.sys
      Size . . . . . . . : 65.264 bytes
      Age  . . . . . . . : 681.1 days (2011-10-15 12:16:16)
      Entropy  . . . . . : 6.1
      SHA-256  . . . . . : 096F50891302F84E2543F32F2D5A51E0183A12900B920A2DD8976459B4B2C051
      Needs elevation  . : Yes
      Product  . . . . . : SYSCORE
      Publisher  . . . . : McAfee, Inc.
      Description  . . . : McAfee Personal Firewall IDS Plugin
      Version  . . . . . : SYSCORE.14.4.0.478
      Copyright  . . . . : Copyright© 1995-2011 McAfee, Inc. All Rights Reserved.
      Fuzzy  . . . . . . : 22.0
         The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.

   C:\Windows\system32\drivers\mfeapfk.sys
      Size . . . . . . . : 160.280 bytes
      Age  . . . . . . . : 681.1 days (2011-10-15 12:16:16)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : C7728392FADE8AE792458224C40E9AED4789F9DA4233C34E0A0B303DE33ABE86
      Product  . . . . . : SYSCORE
      Publisher  . . . . : McAfee, Inc.
      Description  . . . : Access Protection Filter Driver
      Version  . . . . . : SYSCORE.14.4.0.478
      Copyright  . . . . : Copyright© 1995-2011 McAfee, Inc. All Rights Reserved.
      Fuzzy  . . . . . . : 22.0
         The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.

   C:\Windows\system32\drivers\mfeavfk.sys
      Size . . . . . . . : 229.528 bytes
      Age  . . . . . . . : 681.1 days (2011-10-15 12:16:16)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : 986EBE286B34AC6E39F70E069AD6D1069538C23B0F2D47771C5A8FB8B1C5B5BB
      Product  . . . . . : SYSCORE
      Publisher  . . . . : McAfee, Inc.
      Description  . . . : Anti-Virus File System Filter Driver
      Version  . . . . . : SYSCORE.14.4.0.478
      Copyright  . . . . : Copyright© 1995-2011 McAfee, Inc. All Rights Reserved.
      Fuzzy  . . . . . . : 22.0
         The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.

   C:\Windows\system32\drivers\mfeclnk.sys
      Size . . . . . . . : 10.248 bytes
      Age  . . . . . . . : 359.6 days (2012-09-01 00:37:57)
      Entropy  . . . . . : 6.7
      SHA-256  . . . . . : E7A513683AC0CAA950DF126B4D87FBD4FCD766B67AFCEC4EC9E4FB7198DA3116
      Product  . . . . . : SYSCORE
      Publisher  . . . . : McAfee, Inc.
      Description  . . . : McAfee Driver Cleaning Driver
      Version  . . . . . : SYSCORE.14.4.0.478
      Copyright  . . . . : Copyright© 1995-2011 McAfee, Inc. All Rights Reserved.
      Fuzzy  . . . . . . : 22.0
         The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.

   C:\Windows\system32\drivers\mfefirek.sys
      Size . . . . . . . : 481.768 bytes
      Age  . . . . . . . : 681.1 days (2011-10-15 12:16:16)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : C3CBFD0FABA4E165C2485A21D61A2B7E39083E6DBFB62423DAF1C2CDB1817164
      Product  . . . . . : SYSCORE
      Publisher  . . . . : McAfee, Inc.
      Description  . . . : McAfee Core Firewall Engine Driver
      Version  . . . . . : SYSCORE.14.4.0.478
      Copyright  . . . . : Copyright© 1995-2011 McAfee, Inc. All Rights Reserved.
      Fuzzy  . . . . . . : 22.0
         The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.

   C:\Windows\system32\drivers\mfehidk.sys
      Size . . . . . . . : 771.096 bytes
      Age  . . . . . . . : 204.8 days (2013-02-02 19:07:44)
      Entropy  . . . . . : 6.1
      SHA-256  . . . . . : D736EBCA40097A135AC1463E73457FDB7C5BC5D1620583865F70E2B94795B316
      Product  . . . . . : SYSCORE
      Publisher  . . . . : McAfee, Inc.
      Description  . . . : McAfee Link Driver
      Version  . . . . . : SYSCORE.15.1.0.594
      Copyright  . . . . : Copyright© 1995-2012 McAfee, Inc. All Rights Reserved.
      Fuzzy  . . . . . . : 22.0
         The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.

   C:\Windows\system32\drivers\mfenlfk.sys
      Size . . . . . . . : 75.808 bytes
      Age  . . . . . . . : 681.1 days (2011-10-15 12:16:16)
      Entropy  . . . . . : 6.1
      SHA-256  . . . . . : 505EE789B4BC47721B6224B48C0FFA9B2BB002FAC8E451F2612428430596A2C9
      Product  . . . . . : SYSCORE
      Publisher  . . . . : McAfee, Inc.
      Description  . . . : McAfee NDIS Light Filter Driver
      Version  . . . . . : SYSCORE.14.4.0.478
      Copyright  . . . . : Copyright© 1995-2011 McAfee, Inc. All Rights Reserved.
      Fuzzy  . . . . . . : 22.0
         The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.

   C:\Windows\system32\drivers\mferkdet.sys
      Size . . . . . . . : 100.912 bytes
      Age  . . . . . . . : 681.1 days (2011-10-15 12:16:16)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : E16D442E51D37F4024FA4B1573167BA3C13A5F22FEC86B32021F7A2C8A749C71
      Product  . . . . . : SYSCORE
      Publisher  . . . . : McAfee, Inc.
      Description  . . . : McAfee Code Analysis Driver
      Version  . . . . . : SYSCORE.14.4.0.478
      Copyright  . . . . : Copyright© 1995-2011 McAfee, Inc. All Rights Reserved.
      Fuzzy  . . . . . . : 22.0
         The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.

   C:\Windows\system32\drivers\mfewfpk.sys
      Size . . . . . . . : 339.776 bytes
      Age  . . . . . . . : 204.8 days (2013-02-02 19:07:39)
      Entropy  . . . . . : 4.9
      SHA-256  . . . . . : B7ED3FB5FAA70F6C4298AA480CF3494BEF09FB07E87594C376BA60D9E082327A
      Product  . . . . . : SYSCORE
      Publisher  . . . . : McAfee, Inc.
      Description  . . . : Anti-Virus Mini-Firewall Driver
      Version  . . . . . : SYSCORE.15.1.0.594
      Copyright  . . . . : Copyright© 1995-2012 McAfee, Inc. All Rights Reserved.
      Fuzzy  . . . . . . : 22.0
         The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.

   C:\Windows\system32\mfevtps.exe
      Size . . . . . . . : 161.168 bytes
      Age  . . . . . . . : 359.6 days (2012-09-01 00:37:55)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : 17D23D0BCC3BB9C29ACB0163E4C9B2C550085A215A6688F1D98E204A37DDC0F0
      Needs elevation  . : Yes
      Product  . . . . . : SYSCORE
      Publisher  . . . . : McAfee, Inc.
      Description  . . . : McAfee Process Validation Service
      Version  . . . . . : SYSCORE.14.4.0.478
      Copyright  . . . . : Copyright© 1995-2011 McAfee, Inc. All Rights Reserved.
      Fuzzy  . . . . . . : 22.0
         The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.


Malware remnants ____________________________________________________________

   HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}\ (Adware.ClickPotato)
   HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}\ (Adware.ClickPotato)
   HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}\ (Adware.ClickPotato)
   HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho.1\ (Adware.ClickPotato)
   HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho\ (Adware.ClickPotato)
   HKLM\SOFTWARE\Classes\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}\ (Adware.ClickPotato)
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}\ (Adware.ClickPotato)
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}\ (Adware.ClickPotato)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}\ (Adware.ClickPotato)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}\ (Adware.ClickPotato)
   HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}\ (Adware.ClickPotato)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}\ (Adware.ClickPotato)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep\ (Adware.ClickPotato)

Potential Unwanted Programs _________________________________________________

   HKU\S-1-5-21-1311006177-775220444-537829284-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro)
   HKU\S-1-5-21-1311006177-775220444-537829284-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{98889811-442D-49DD-99D7-DC866BE87DBC} (Claro)

Cookies _____________________________________________________________________

   C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\9R7QLOEB.txt
   C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\DQBT8Y6N.txt
   C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\INDZNNF0.txt
   C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\MR9KTKON.txt
   C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\NWPLVFNF.txt
   C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\PBBJ4ZAA.txt
   C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\S7RZIBGN.txt
   C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\TAN298VS.txt
         

Joah, hast wieder Adware installiert.

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

• Starte jetzt FRST.
• Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
• Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
• Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Soll ich Farbar's Recovery Scan Tool jetzt so machen wie es iin der Anleitung steht, oder einfach nur runterladen, auf den Desktop ziehen und starten?

genau

Auf ne Oder-Frage kann man nich mit "genau" antworten Also was jetzt?

Desktop