Your File Download und Fast and Safe.

Tunefisch. · 01.08.2014, 14:42

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 01.08.2014
Suchlauf-Zeit: 15:20:34
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.08.01.02
Rootkit Datenbank: v2014.07.17.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Ralfi

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 328232
Verstrichene Zeit: 13 Min, 2 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 2
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{CE681A67-9477-CBE6-EB9D-FE534875F98D}, In Quarantäne, [8dd9af1287f4181e277896c9e919c739], 
PUP.Optional.SuperFish.A, HKU\S-1-5-21-1657400046-2498356473-2034691632-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com, In Quarantäne, [83e3bb0648333afcf73dd303f40e52ae], 

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 1
PUP.Optional.Adanak.A, C:\Users\Ralfi\AppData\Local\Temp\Adanak, In Quarantäne, [b8ae18a94f2c72c497899333ac569e62], 

Dateien: 35
PUP.Optional.AdPeak, C:\temp\InstallFilter64.msi, In Quarantäne, [c6a014ad5e1d75c14063ecb705fcd62a], 
PUP.Optional.AdPeak.A, C:\temp\t.msi, In Quarantäne, [a6c0efd285f6c76fef1ef5b1a064a060], 
PUP.Optional.RegCleanerPro, C:\Users\Ralfi\AppData\Local\Temp\RegClean2.exe, In Quarantäne, [b0b6625f374456e0005d8f850001837d], 
PUP.Optional.InstallCore, C:\Users\Ralfi\AppData\Local\Temp\installer_gta-sanandreas_English.exe, In Quarantäne, [4c1aecd52c4f8caaae215f46f90b9070], 
PUP.Optional.MultiPlug, C:\Users\Ralfi\AppData\Local\Temp\toolbar20405013.exe, In Quarantäne, [4b1b536ef883e254e4edd1d0db2634cc], 
PUP.Optional.RegCleanerPro, C:\Users\Ralfi\AppData\Local\Temp\toolbar20435936.exe, In Quarantäne, [69fdfbc688f347ef24396ba9679a7c84], 
PUP.Optional.MultiPlug, C:\Users\Ralfi\AppData\Local\Temp\toolbar20454754.exe, In Quarantäne, [e5810bb6413a95a114bdcdd4b64b2bd5], 
PUP.Optional.InstallCore, C:\Users\Ralfi\AppData\Local\Temp\ICReinstall_download-city-car-driving.exe, In Quarantäne, [5c0a952c24576cca1ab63173897bc63a], 
PUP.Optional.SkyTech.A, C:\Users\Ralfi\AppData\Local\Temp\16399293\16399293.zipDir\alilog.dll, In Quarantäne, [7ee8bb06106bfc3ac570cb67a25e946c], 
PUP.Optional.V9.A, C:\Users\Ralfi\AppData\Local\Temp\16399293\16399293.zipDir\qSE.exe, In Quarantäne, [491d962b3546e74f2bb82a1e3fc1d828], 
PUP.Optional.Skytech.A, C:\Users\Ralfi\AppData\Local\Temp\16399293\16399293.zipDir\UninstallManager.exe, In Quarantäne, [64026a571368e84e20fa810e69983dc3], 
PUP.Optional.IePluginService.A, C:\Users\Ralfi\AppData\Local\Temp\16399293\16399293.zipDir\tmp\SupTab_Setup302.exe, In Quarantäne, [f571e4dd7209ed493f821847f40d8a76], 
PUP.Optional.WpManager, C:\Users\Ralfi\AppData\Local\Temp\16399293\16399293.zipDir\tmp\wpm_v18.8.0.304.exe, In Quarantäne, [d59106bb15669f9756f193d7ad5403fd], 
PUP.Optional.SkyTech.A, C:\Users\Ralfi\AppData\Local\Temp\17254428\17254428.zipDir\alilog.dll, In Quarantäne, [c1a549785e1dff37260fcb6788785aa6], 
PUP.Optional.V9.A, C:\Users\Ralfi\AppData\Local\Temp\17254428\17254428.zipDir\qSE.exe, In Quarantäne, [8bdb7a472c4fad891fc4b296778914ec], 
PUP.Optional.Skytech.A, C:\Users\Ralfi\AppData\Local\Temp\17254428\17254428.zipDir\UninstallManager.exe, In Quarantäne, [2442d2ef2952b383be5ca8e71ee33cc4], 
PUP.Optional.IePluginService.A, C:\Users\Ralfi\AppData\Local\Temp\17254428\17254428.zipDir\tmp\SupTab_Setup302.exe, In Quarantäne, [72f43a872c4fb28468594a1550b1fb05], 
PUP.Optional.WpManager, C:\Users\Ralfi\AppData\Local\Temp\17254428\17254428.zipDir\tmp\wpm_v18.8.0.304.exe, In Quarantäne, [a0c61ca593e8f244a3a4a6c429d8f20e], 
PUP.Optional.SkyTech.A, C:\Users\Ralfi\AppData\Local\Temp\6571401\6571401.zipDir\alilog.dll, In Quarantäne, [9dc9f1d04239b2841124c270b14f24dc], 
PUP.Optional.V9.A, C:\Users\Ralfi\AppData\Local\Temp\6571401\6571401.zipDir\qSE.exe, In Quarantäne, [0e585a674d2e67cf459e0e3ac53bc937], 
PUP.Optional.Skytech.A, C:\Users\Ralfi\AppData\Local\Temp\6571401\6571401.zipDir\UninstallManager.exe, In Quarantäne, [72f4863b2b5021153fdb7b14de2332ce], 
PUP.Optional.IePluginService.A, C:\Users\Ralfi\AppData\Local\Temp\6571401\6571401.zipDir\tmp\SupTab_Setup302.exe, In Quarantäne, [24421ca5e89385b17150c59ac140867a], 
PUP.Optional.WpManager, C:\Users\Ralfi\AppData\Local\Temp\6571401\6571401.zipDir\tmp\wpm_v18.8.0.273.exe, In Quarantäne, [8ed85f62bebd6cca20276ffbc43d43bd], 
PUP.Optional.SkyTech.A, C:\Users\Ralfi\AppData\Local\Temp\27191972\27191972.zipDir\alilog.dll, In Quarantäne, [a3c3cff26b10e254f0452111837d659b], 
PUP.Optional.V9.A, C:\Users\Ralfi\AppData\Local\Temp\27191972\27191972.zipDir\qSE.exe, In Quarantäne, [df87932ef982c96dba2967e114ec2ad6], 
PUP.Optional.Skytech.A, C:\Users\Ralfi\AppData\Local\Temp\27191972\27191972.zipDir\UninstallManager.exe, In Quarantäne, [cc9a328f9be09e980f0b94fb8879e917], 
PUP.Optional.IePluginService.A, C:\Users\Ralfi\AppData\Local\Temp\27191972\27191972.zipDir\tmp\SupTab_Setup302.exe, In Quarantäne, [71f53d84ccaf2016c6fbc49bf20fac54], 
PUP.Optional.WpManager, C:\Users\Ralfi\AppData\Local\Temp\27191972\27191972.zipDir\tmp\wpm_v18.8.0.304.exe, In Quarantäne, [a8be1da4accf092d1e297cee6d942ed2], 
PUP.Optional.BetterDeals.A, C:\Users\Ralfi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.betterdeals00.betterdeals.co_0.localstorage, In Quarantäne, [77ef1fa2e29957df189c6d6f9969f50b], 
PUP.Optional.BetterDeals.A, C:\Users\Ralfi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.betterdeals00.betterdeals.co_0.localstorage-journal, In Quarantäne, [085ee2dfd8a365d16d47e6f6ba48e11f], 
PUP.Optional.Superfish.A, C:\Users\Ralfi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Löschen bei Neustart, [81e5932e91ea6acc5c934a976f932cd4], 
PUP.Optional.Superfish.A, C:\Users\Ralfi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Löschen bei Neustart, [91d59f220e6d62d42ac5627fd62cf50b], 
PUP.Optional.Adanak.A, C:\Users\Ralfi\AppData\Local\Temp\Adanak\7za.exe, In Quarantäne, [b8ae18a94f2c72c497899333ac569e62], 
PUP.Optional.Babylon.A, C:\Users\Ralfi\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: (   "homepage": "hxxp://search.babylon.com/?affID=113480&tt=bandext_3312_4&babsrc=HP_ss&mntrId=341c704c00000000000000ff6cb80bd8",), Ersetzt,[620410b14932aa8c0e08cf1eef151ae6]
PUP.Optional.HelperBar.A, C:\Users\Ralfi\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: (      "startup_urls": [ "hxxp://www.google.com/", "hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=5dcb2ce2-d62c-8a2c-991a-d2d3523f08f4&searchtype=hp&fr=linkury-tb&installDate={installDate}&type=hp1000", "hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=5dcb2ce2-d62c-8a2c-991a-d2d3523f08f4&searchtype=hp&fr=linkury-tb&installDate=09/01/2014&type=hp1000", "hxxp://www.sweet-page.com/?type=hp&ts=1399647427&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1BUNSAF401702D", "hxxp://www.sweet-page.com/?type=hppp&ts=1399676034&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1BUNSAF401702D", "hxxp://www.sweet-page.com/?type=hppp&ts=1399704410&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1BUNSAF401702D", "hxxp://www.sweet-page.com/?type=hppp&ts=1399708660&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1BUNSAF401702D", "hxxp://www.sweet-page.com/?type=hppp&ts=1399721255&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1BUNSAF401702D", "hxxp://www.sweet-page.com/?type=hp&ts=1400380906&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1BUNSAF401702D", "hxxp://www.sweet-page.com/?type=hp&ts=1400609547&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1BUNSAF401702D", "hxxp://www.sweet-page.com/?type=hp&ts=1401467900&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1BUNSAF401702D" ],), Ersetzt,[bbabf7cafc7f270fd97f98555ea62cd4]

Physische Sektoren: 0
(No malicious items detected)


(end)

Alles klare mache ich.

Fix2:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-07-2014 02
Ran by Ralfi at 2014-08-01 15:44:48 Run:2
Running from C:\Users\Ralfi\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Task: {4D8BC769-341B-4C86-8D7A-29114D11CBB7} - System32\Tasks\YourFile DownloaderInstaller Starter => C:\Users\Ralfi\AppData\Local\Temp\install20450981.exe [2014-07-30] (hxxp://yourfiledownloader.net) <==== ATTENTION
Task: {7A834270-F4A4-4922-BBF2-013022CE6D0D} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {8C3C8FA8-3E14-4A65-8167-74D6ED47B5A5} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {A2A42D7B-092B-4209-B33A-4B10417085C0} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files (x86)\YourFileDownloader Updater\YourFileUpdater.exe <==== ATTENTION
Task: {B9CE560E-0066-460E-B483-F1398CC19150} - System32\Tasks\AppCloudUpdater => C:\Users\Ralfi\AppData\Roaming\APPCLO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {CF3B707A-6679-468A-B7F4-6C5B871451AF} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\AppCloudUpdater.job => C:\Users\Ralfi\AppData\Roaming\APPCLO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
C:\Program Files (x86)\AnyProtectEx\
C:\Windows\Tasks\AppCloudUpdater.job => C:\Users\Ralfi\AppData\Roaming\APPCLO~1\
C:\Program Files (x86)\YourFileDownloader Updater\
C:\Users\Ralfi\AppData\Local\Temp\install20450981.exe
*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4D8BC769-341B-4C86-8D7A-29114D11CBB7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D8BC769-341B-4C86-8D7A-29114D11CBB7}" => Key deleted successfully.
C:\Windows\System32\Tasks\YourFile DownloaderInstaller Starter => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YourFile DownloaderInstaller Starter" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A834270-F4A4-4922-BBF2-013022CE6D0D}" => Key not found.
C:\Windows\System32\Tasks\APSnotifierPP3 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C3C8FA8-3E14-4A65-8167-74D6ED47B5A5}" => Key not found.
C:\Windows\System32\Tasks\APSnotifierPP2 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP2" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2A42D7B-092B-4209-B33A-4B10417085C0}" => Key not found.
C:\Windows\System32\Tasks\YourFile DownloaderUpdate not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YourFile DownloaderUpdate" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9CE560E-0066-460E-B483-F1398CC19150}" => Key not found.
C:\Windows\System32\Tasks\AppCloudUpdater not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AppCloudUpdater" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF3B707A-6679-468A-B7F4-6C5B871451AF}" => Key not found.
C:\Windows\System32\Tasks\APSnotifierPP1 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1" => Key not found.
C:\WINDOWS\Tasks\AppCloudUpdater.job not found.
C:\Windows\Tasks\APSnotifierPP1.job not found.
C:\Windows\Tasks\APSnotifierPP2.job not found.
C:\Windows\Tasks\APSnotifierPP3.job not found.
"C:\Program Files (x86)\AnyProtectEx" => File/Directory not found.
"C:\Windows\Tasks\AppCloudUpdater.job => C:\Users\Ralfi\AppData\Roaming\APPCLO~1" => File/Directory not found.
"C:\Program Files (x86)\YourFileDownloader Updater" => File/Directory not found.
C:\Users\Ralfi\AppData\Local\Temp\install20450981.exe => Moved successfully.

==== End of Fixlog ====

Your File Download und Fast and Safe.

Plagegeister aller Art und deren Bekämpfung: Your File Download und Fast and Safe.

Your File Download und Fast and Safe.

Ähnliche Themen: Your File Download und Fast and Safe.