Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
ADWARE/BProtector.E

ADWARE/BProtector.E


Plagegeister aller Art und deren Bekämpfung: ADWARE/BProtector.E

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 08.12.2013, 19:15   #1
Eumelinchen
 
ADWARE/BProtector.E - Standard

ADWARE/BProtector.E


Code:
ATTFilter
SystemLook 30.07.11 by jpshortstuff
Log created at 19:11 on 08/12/2013 by Jasskas
Administrator - Elevation successful

========== filefind ==========

Searching for "*MyEmoticons*"
C:\Nero Autobackup\20131025_232350_Local Autobackup\C\Users\Jasskas\Downloads\myemoticons(1).exe	------- 592304 bytes	[22:10 25/10/2013]	[22:10 25/10/2013] 1603B443E65F235D100D661CFE6C3E90
C:\Nero Autobackup\20131025_232350_Local Autobackup\C\Users\Jasskas\Downloads\myemoticons.exe	------- 592304 bytes	[22:10 25/10/2013]	[22:10 25/10/2013] 1603B443E65F235D100D661CFE6C3E90
C:\Nero Autobackup\20131101_212147_Local Autobackup\C\Users\Jasskas\Downloads\myemoticons(1).exe	--a---- 592304 bytes	[08:32 27/10/2013]	[08:32 27/10/2013] 1603B443E65F235D100D661CFE6C3E90
C:\Nero Autobackup\20131101_212147_Local Autobackup\C\Users\Jasskas\Downloads\myemoticons.exe	--a---- 592304 bytes	[08:32 27/10/2013]	[08:32 27/10/2013] 1603B443E65F235D100D661CFE6C3E90
C:\Nero Autobackup\20131108_232147_Local Autobackup\C\Users\Jasskas\Downloads\myemoticons(1).exe	--a---- 592304 bytes	[08:32 27/10/2013]	[08:32 27/10/2013] 1603B443E65F235D100D661CFE6C3E90
C:\Nero Autobackup\20131108_232147_Local Autobackup\C\Users\Jasskas\Downloads\myemoticons.exe	--a---- 592304 bytes	[08:32 27/10/2013]	[08:32 27/10/2013] 1603B443E65F235D100D661CFE6C3E90
C:\Nero Autobackup\20131115_212149_Local Autobackup\C\Users\Jasskas\Downloads\myemoticons(1).exe	--a---- 592304 bytes	[08:32 27/10/2013]	[08:32 27/10/2013] 1603B443E65F235D100D661CFE6C3E90
C:\Nero Autobackup\20131115_212149_Local Autobackup\C\Users\Jasskas\Downloads\myemoticons.exe	--a---- 592304 bytes	[08:32 27/10/2013]	[08:32 27/10/2013] 1603B443E65F235D100D661CFE6C3E90
C:\Nero Autobackup\20131122_232147_Local Autobackup\C\Users\Jasskas\Downloads\myemoticons(1).exe	--a---- 592304 bytes	[08:32 27/10/2013]	[08:32 27/10/2013] 1603B443E65F235D100D661CFE6C3E90
C:\Nero Autobackup\20131122_232147_Local Autobackup\C\Users\Jasskas\Downloads\myemoticons.exe	--a---- 592304 bytes	[08:32 27/10/2013]	[08:32 27/10/2013] 1603B443E65F235D100D661CFE6C3E90
C:\Nero Autobackup\20131129_212150_Local Autobackup\C\Users\Jasskas\Downloads\myemoticons(1).exe	--a---- 592304 bytes	[08:32 27/10/2013]	[08:32 27/10/2013] 1603B443E65F235D100D661CFE6C3E90
C:\Nero Autobackup\20131129_212150_Local Autobackup\C\Users\Jasskas\Downloads\myemoticons.exe	--a---- 592304 bytes	[08:32 27/10/2013]	[08:32 27/10/2013] 1603B443E65F235D100D661CFE6C3E90
C:\Nero Autobackup\20131206_232147_Local Autobackup\C\Users\Jasskas\Downloads\myemoticons(1).exe	--a---- 592304 bytes	[08:32 27/10/2013]	[08:32 27/10/2013] 1603B443E65F235D100D661CFE6C3E90
C:\Nero Autobackup\20131206_232147_Local Autobackup\C\Users\Jasskas\Downloads\myemoticons.exe	--a---- 592304 bytes	[08:32 27/10/2013]	[08:32 27/10/2013] 1603B443E65F235D100D661CFE6C3E90
C:\Nero Autobackup\20131207_232149_Local Autobackup\C\Users\Jasskas\Downloads\myemoticons(1).exe	--a---- 592304 bytes	[08:32 27/10/2013]	[08:32 27/10/2013] 1603B443E65F235D100D661CFE6C3E90
C:\Nero Autobackup\20131207_232149_Local Autobackup\C\Users\Jasskas\Downloads\myemoticons.exe	--a---- 592304 bytes	[08:32 27/10/2013]	[08:32 27/10/2013] 1603B443E65F235D100D661CFE6C3E90
C:\Nero Autobackup\20131208_104821_Local Autobackup\C\Users\Jasskas\Downloads\myemoticons(1).exe	--a---- 592304 bytes	[08:32 27/10/2013]	[08:32 27/10/2013] 1603B443E65F235D100D661CFE6C3E90
C:\Nero Autobackup\20131208_104821_Local Autobackup\C\Users\Jasskas\Downloads\myemoticons.exe	--a---- 592304 bytes	[08:32 27/10/2013]	[08:32 27/10/2013] 1603B443E65F235D100D661CFE6C3E90
C:\Nero Autobackup\20131208_112147_Local Autobackup\C\Users\Jasskas\Downloads\myemoticons(1).exe	--a---- 592304 bytes	[08:32 27/10/2013]	[08:32 27/10/2013] 1603B443E65F235D100D661CFE6C3E90
C:\Nero Autobackup\20131208_112147_Local Autobackup\C\Users\Jasskas\Downloads\myemoticons.exe	--a---- 592304 bytes	[08:32 27/10/2013]	[08:32 27/10/2013] 1603B443E65F235D100D661CFE6C3E90
C:\Nero Autobackup\20131208_132148_Local Autobackup\C\Users\Jasskas\Downloads\myemoticons(1).exe	--a---- 592304 bytes	[08:32 27/10/2013]	[08:32 27/10/2013] 1603B443E65F235D100D661CFE6C3E90
C:\Nero Autobackup\20131208_132148_Local Autobackup\C\Users\Jasskas\Downloads\myemoticons.exe	--a---- 592304 bytes	[08:32 27/10/2013]	[08:32 27/10/2013] 1603B443E65F235D100D661CFE6C3E90
C:\Nero Autobackup\20131208_174326_Local Autobackup\C\Users\Jasskas\Downloads\myemoticons(1).exe	--a---- 592304 bytes	[08:32 27/10/2013]	[08:32 27/10/2013] 1603B443E65F235D100D661CFE6C3E90
C:\Nero Autobackup\20131208_174326_Local Autobackup\C\Users\Jasskas\Downloads\myemoticons.exe	--a---- 592304 bytes	[08:32 27/10/2013]	[08:32 27/10/2013] 1603B443E65F235D100D661CFE6C3E90
C:\Users\Jasskas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyEmoticons\MyEmoticons.lnk	--a---- 1881 bytes	[20:29 16/04/2013]	[20:29 16/04/2013] D904D4A5C5B266D813FFF70D199F21E0
C:\Users\Jasskas\AppData\Roaming\MyEmoticons\myemoticons-1.6.1.dll	--a---- 214896 bytes	[06:58 28/02/2013]	[06:58 28/02/2013] E6A33D8B7E4286416AB0D6588F8A7FF9
C:\Users\Jasskas\AppData\Roaming\MyEmoticons\myemoticons.ico	--a---- 97869 bytes	[10:47 05/02/2013]	[10:47 05/02/2013] A030834B42C7B05D67BC1F82B646052E
C:\Users\Jasskas\AppData\Roaming\MyEmoticons\MyEmoticons.url	--a---- 136 bytes	[20:28 16/04/2013]	[20:29 16/04/2013] 9F4EC05B4F9EFCC5FD8AE20B8D6B1826
C:\Users\Jasskas\AppData\Roaming\MyEmoticons\myemoticons@myemoticons.com.xpi	--a---- 28704 bytes	[06:58 28/02/2013]	[06:58 28/02/2013] DFBBFC06188A48CA48D1BA9C6DE3F0BF
C:\Users\Jasskas\AppData\Roaming\MyEmoticons\myemoticons@myemoticons.com-1.6.1\content\myemoticons.jar	--a---- 12077 bytes	[20:29 16/04/2013]	[20:29 16/04/2013] 6BC9880C19A046C26C806930705248FF
C:\Users\Jasskas\Downloads\myemoticons(1).exe	--a---- 592304 bytes	[20:28 16/04/2013]	[20:28 16/04/2013] 1603B443E65F235D100D661CFE6C3E90
C:\Users\Jasskas\Downloads\myemoticons.exe	--a---- 592304 bytes	[20:27 16/04/2013]	[20:27 16/04/2013] 1603B443E65F235D100D661CFE6C3E90

========== folderfind ==========

Searching for "*MyEmoticons*"
C:\ProgramData\IncrediMail\Data\Default Identity\EmoticonCenter\MyEmoticons	d------	[17:09 11/03/2013]
C:\Users\All Users\IncrediMail\Data\Default Identity\EmoticonCenter\MyEmoticons	d------	[17:09 11/03/2013]
C:\Users\Jasskas\AppData\Local\IM\Identities\{18178290-1BD3-41C2-86FB-EF595E480DE1}\EmoticonCenter\MyEmoticons	d------	[21:34 04/12/2011]
C:\Users\Jasskas\AppData\Roaming\MyEmoticons	d------	[20:28 16/04/2013]
C:\Users\Jasskas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyEmoticons	d------	[20:29 16/04/2013]
C:\Users\Jasskas\AppData\Roaming\MyEmoticons\myemoticons@myemoticons.com-1.6.1	d------	[20:29 16/04/2013]

========== regfind ==========

Searching for "MyEmoticons"
[HKEY_CURRENT_USER\Software\IncrediMail\Identities\{18178290-1BD3-41C2-86FB-EF595E480DE1}\EmoticonCenter\MyEmoticons]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyEmoticons]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyEmoticons]
"DisplayName"="MyEmoticons"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyEmoticons]
"UninstallString"="C:\Users\Jasskas\AppData\Roaming\MyEmoticons\uninst.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyEmoticons]
"URLInfoAbout"="hxxp://www.myemoticons.com"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyEmoticons]
"DisplayIcon"="C:\Users\Jasskas\AppData\Roaming\MyEmoticons\myemoticons.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7970495D-2F98-45F4-B093-87E76C7B8B60}]
@="IMyEmoticons"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E6CAE78A-607F-4A09-BD7E-0826A32B975B}\1.0]
@="MyEmoticons 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E6CAE78A-607F-4A09-BD7E-0826A32B975B}\1.0\0\win32]
@="C:\Users\Jasskas\AppData\Roaming\MyEmoticons\myemoticons-1.6.1.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E6CAE78A-607F-4A09-BD7E-0826A32B975B}\1.0\HELPDIR]
@="C:\Users\Jasskas\AppData\Roaming\MyEmoticons"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DCC39ACE-709B-44EA-B062-5F6BE2774644}]
@="MyEmoticons Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DCC39ACE-709B-44EA-B062-5F6BE2774644}\InprocServer32]
@="C:\Users\Jasskas\AppData\Roaming\MyEmoticons\myemoticons-1.6.1.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7970495D-2F98-45F4-B093-87E76C7B8B60}]
@="IMyEmoticons"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{E6CAE78A-607F-4A09-BD7E-0826A32B975B}\1.0]
@="MyEmoticons 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{E6CAE78A-607F-4A09-BD7E-0826A32B975B}\1.0\0\win32]
@="C:\Users\Jasskas\AppData\Roaming\MyEmoticons\myemoticons-1.6.1.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{E6CAE78A-607F-4A09-BD7E-0826A32B975B}\1.0\HELPDIR]
@="C:\Users\Jasskas\AppData\Roaming\MyEmoticons"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Default Identity\EmoticonCenter\MyEmoticons\QuickBar\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Default Identity\EmoticonCenter\MyEmoticons\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AEE38AFC8FA67634F86968B5A6CA2F8F]
"4F8EDFE0D1960BC44B1CB06DB39070FF"="C:\ProgramData\IncrediMail\Data\Default Identity\EmoticonCenter\MyEmoticons\QuickBar\Order.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\oopofgccipckckifenoicncegojimpmf]
"path"="C:\Users\Jasskas\AppData\Roaming\MyEmoticons\oopofgccipckckifenoicncegojimpmf.crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IncrediMail\Default Identity\EmoticonCenter\MyEmoticons]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{DCC39ACE-709B-44EA-B062-5F6BE2774644}]
@="MyEmoticons"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Firefox\Extensions]
"myemoticons@myemoticons.com"="C:\Users\Jasskas\AppData\Roaming\MyEmoticons\myemoticons@myemoticons.com-1.6.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DCC39ACE-709B-44EA-B062-5F6BE2774644}]
@="MyEmoticons Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DCC39ACE-709B-44EA-B062-5F6BE2774644}\InprocServer32]
@="C:\Users\Jasskas\AppData\Roaming\MyEmoticons\myemoticons-1.6.1.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{7970495D-2F98-45F4-B093-87E76C7B8B60}]
@="IMyEmoticons"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{E6CAE78A-607F-4A09-BD7E-0826A32B975B}\1.0]
@="MyEmoticons 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{E6CAE78A-607F-4A09-BD7E-0826A32B975B}\1.0\0\win32]
@="C:\Users\Jasskas\AppData\Roaming\MyEmoticons\myemoticons-1.6.1.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{E6CAE78A-607F-4A09-BD7E-0826A32B975B}\1.0\HELPDIR]
@="C:\Users\Jasskas\AppData\Roaming\MyEmoticons"
[HKEY_USERS\S-1-5-21-990396829-1976191800-715236640-1000\Software\IncrediMail\Identities\{18178290-1BD3-41C2-86FB-EF595E480DE1}\EmoticonCenter\MyEmoticons]
[HKEY_USERS\S-1-5-21-990396829-1976191800-715236640-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyEmoticons]
[HKEY_USERS\S-1-5-21-990396829-1976191800-715236640-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyEmoticons]
"DisplayName"="MyEmoticons"
[HKEY_USERS\S-1-5-21-990396829-1976191800-715236640-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyEmoticons]
"UninstallString"="C:\Users\Jasskas\AppData\Roaming\MyEmoticons\uninst.exe"
[HKEY_USERS\S-1-5-21-990396829-1976191800-715236640-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyEmoticons]
"URLInfoAbout"="hxxp://www.myemoticons.com"
[HKEY_USERS\S-1-5-21-990396829-1976191800-715236640-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyEmoticons]
"DisplayIcon"="C:\Users\Jasskas\AppData\Roaming\MyEmoticons\myemoticons.ico"

-= EOF =-

Antwort

Themen zu ADWARE/BProtector.E
adware.installbrain, hotspot, minidump, newtab, plug-in, pup.bprotector, pup.optional.advancedsystemprotector.a, pup.optional.babsolution.a, pup.optional.babylon.a, pup.optional.babylontoolbar.a, pup.optional.bprotector.a, pup.optional.conduit.a, pup.optional.crx.a, pup.optional.datamngr.a, pup.optional.dealply, pup.optional.dealply.a, pup.optional.delta, pup.optional.delta.a, pup.optional.filescout.a, pup.optional.iminent.a, pup.optional.installcore.a, pup.optional.installmonetizer, pup.optional.opencandy, pup.optional.opencandy.a, pup.optional.optchrome.a, pup.optional.performersoft.a, pup.optional.regcleanerpro.a, pup.optional.softonic, pup.optional.sweetim.a, vuupc


« Virus/Trojaner während des Surfens eingefangen / Chrome-Meldung | Java lässt sich nicht neu/deinstallieren [registry?] »


Ähnliche Themen: ADWARE/BProtector.E


  1. Viren (APPL/RedCap (Cloud), SPR/Agent.dkb, TR/Drop.Rotbrow.K.1, ADWARE/InstallCore.Gen7 und zweimal ADWARE/BHO.Bprotector.1.4).
    Plagegeister aller Art und deren Bekämpfung - 10.05.2015 (7)
  2. ADWARE/MultiPlug.aob, ADWARE/BProtector.C und Co. entfernen
    Log-Analyse und Auswertung - 26.09.2014 (11)
  3. adware/bprotector.E
    Plagegeister aller Art und deren Bekämpfung - 22.01.2014 (26)
  4. Adware/BProtector.E
    Plagegeister aller Art und deren Bekämpfung - 24.12.2013 (8)
  5. ADWARE/BHO.Bprotector.1.4
    Plagegeister aller Art und deren Bekämpfung - 17.12.2013 (15)
  6. Und wieder Adware/BProtector.E
    Plagegeister aller Art und deren Bekämpfung - 10.12.2013 (15)
  7. BitGuard / Adware/Bprotector.E
    Plagegeister aller Art und deren Bekämpfung - 09.12.2013 (12)
  8. Windows 7 - ADWARE/BPROTECTOR.E
    Plagegeister aller Art und deren Bekämpfung - 06.12.2013 (7)
  9. Und nochmal ADWARE/BProtector.E
    Plagegeister aller Art und deren Bekämpfung - 06.12.2013 (8)
  10. ADWARE/BProtector.E bei mir
    Plagegeister aller Art und deren Bekämpfung - 06.12.2013 (5)
  11. Adware/BProtector.E gefunden
    Log-Analyse und Auswertung - 05.12.2013 (5)
  12. Adware/BProtector.E
    Plagegeister aller Art und deren Bekämpfung - 05.12.2013 (6)
  13. ADWARE/BProtector.E
    Log-Analyse und Auswertung - 03.12.2013 (13)
  14. ADWARE/BProtector.E gefunden!
    Log-Analyse und Auswertung - 03.12.2013 (1)
  15. Adware.BProtector gefunden
    Plagegeister aller Art und deren Bekämpfung - 01.10.2013 (13)
  16. Virus: Adware.BHO.Bprotector.1.2
    Plagegeister aller Art und deren Bekämpfung - 13.09.2013 (1)
  17. Gen:Variant.Adware.BHO.Bprotector.1 (B)
    Plagegeister aller Art und deren Bekämpfung - 28.07.2013 (19)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema ADWARE/BProtector.E - Code: Alles auswählen Aufklappen ATTFilter SystemLook 30.07.11 by jpshortstuff Log created at 19:11 on 08/12/2013 by Jasskas Administrator - Elevation successful ========== filefind ========== Searching for "*MyEmoticons*" C:\Nero Autobackup\20131025_232350_Local Autobackup\C\Users\Jasskas\Downloads\myemoticons(1).exe - ADWARE/BProtector.E...
Archiv
Du betrachtest: ADWARE/BProtector.E auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19