Nach Daemon Tools Lite installation eine Infektion, bin ich wieder clean?

haskeer · 10.01.2015, 11:32

Hallo, ich habe mir das kostenlose Tool "Daemon Tools Lite" installiert und vermute, dass die mitgebrachte Adware mein System infiziert hat.

Auslösendes Ereignis war vom Avast Echtzeit Scanner

Code:

ATTFilter

*
* Avast Echtzeit-Schutz-Bericht
* Diese Berichtdatei wurde automatisch erstellt
*
* Start: Freitag, 9. Januar 2015 20:38:55
*

09.01.2015 21:11:29	C:\Program Files (x86)\XTab\BHOEnabler.exe [L] Win32:SupTab-D [Adw] (0)
Datei erfolgreich in Container verschoben...
09.01.2015 21:11:35	C:\Program Files (x86)\XTab\SupTab.dll [L] Win32:SupTab-G [Adw] (0)
Datei erfolgreich in Container verschoben...

*
* Schutz beendet: Freitag, 9. Januar 2015 21:16:07
* Laufzeit war 37 Minute(n), 37 Sekunde(n)

Folgende Schritte habe ich zu bereinigung meines Systems bereits vorgenommen:

1. AdwCleaner Scan N°1

Code:

ATTFilter

# AdwCleaner v4.107 - Bericht erstellt am 09/01/2015 um 21:14:21
# Aktualisiert 07/01/2015 von Xplode
# Database : 2015-01-03.1 [Live]
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : localhost - LOCALHOST-PC
# Gestartet von : C:\Users\localhost\Downloads\adwcleaner_4.107.exe
# Option : Suchen

***** [ Dienste ] *****

Dienst Gefunden : WindowsMangerProtect
Dienst Gefunden : IHProtect Service

***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\Users\localhost\AppData\Roaming\Mozilla\Firefox\Profiles\vthxdk8n.default\searchplugins\mystartsearch.xml
Datei Gefunden : C:\Users\localhost\AppData\Roaming\Mozilla\Firefox\Profiles\vthxdk8n.default\user.js
Ordner Gefunden : C:\ProgramData\IHProtectUpDate
Ordner Gefunden : C:\ProgramData\WindowsMangerProtect
Ordner Gefunden : C:\Users\localhost\AppData\Roaming\Mozilla\Firefox\Profiles\vthxdk8n.default\Extensions\faststartff@gmail.com
Ordner Gefunden : C:\Users\localhost\AppData\Roaming\mystartsearch

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Daten Gefunden : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command [(Default)] - "E:\Programme\Mozilla Firefox\firefox.exe" hxxp://www.mystartsearch.com/?type=sc&ts=1420834199&from=smt&uid=ST1000DM003-1CH162_Z1D91GZRXXXXZ1D91GZR
Daten Gefunden : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.mystartsearch.com/?type=sc&ts=1420834199&from=smt&uid=ST1000DM003-1CH162_Z1D91GZRXXXXZ1D91GZR
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : HKCU\Software\Mozilla\Extends
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : [x64] HKCU\Software\OCS
Schlüssel Gefunden : HKLM\SOFTWARE\14919ea49a8f3b4aa3cf1058d9a64cec
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\S
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mystartsearch uninstall
Schlüssel Gefunden : HKLM\SOFTWARE\mystartsearchSoftware
Schlüssel Gefunden : HKLM\SOFTWARE\SupDp
Schlüssel Gefunden : HKLM\SOFTWARE\supWindowsMangerProtect
Schlüssel Gefunden : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496

Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.mystartsearch.com/?type=hp&ts=1420834199&from=smt&uid=ST1000DM003-1CH162_Z1D91GZRXXXXZ1D91GZR
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.mystartsearch.com/?type=hp&ts=1420834199&from=smt&uid=ST1000DM003-1CH162_Z1D91GZRXXXXZ1D91GZR
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.mystartsearch.com/web/?type=ds&ts=1420834199&from=smt&uid=ST1000DM003-1CH162_Z1D91GZRXXXXZ1D91GZR&q={searchTerms}
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.mystartsearch.com/?type=hp&ts=1420834199&from=smt&uid=ST1000DM003-1CH162_Z1D91GZRXXXXZ1D91GZR
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.mystartsearch.com/?type=hp&ts=1420834199&from=smt&uid=ST1000DM003-1CH162_Z1D91GZRXXXXZ1D91GZR
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.mystartsearch.com/web/?type=ds&ts=1420834199&from=smt&uid=ST1000DM003-1CH162_Z1D91GZRXXXXZ1D91GZR&q={searchTerms}
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.mystartsearch.com/web/?type=ds&ts=1420834199&from=smt&uid=ST1000DM003-1CH162_Z1D91GZRXXXXZ1D91GZR&q={searchTerms}
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.mystartsearch.com/?type=hp&ts=1420834199&from=smt&uid=ST1000DM003-1CH162_Z1D91GZRXXXXZ1D91GZR
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.mystartsearch.com/?type=hp&ts=1420834199&from=smt&uid=ST1000DM003-1CH162_Z1D91GZRXXXXZ1D91GZR
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.mystartsearch.com/web/?type=ds&ts=1420834199&from=smt&uid=ST1000DM003-1CH162_Z1D91GZRXXXXZ1D91GZR&q={searchTerms}

-\\ Mozilla Firefox v33.0.2 (x86 de)

[vthxdk8n.default] - Zeile gefunden : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
[vthxdk8n.default] - Zeile gefunden : user_pref("browser.search.defaultenginename", "mystartsearch");
[vthxdk8n.default] - Zeile gefunden : user_pref("browser.search.searchengine.alias", "mystartsearch");
[vthxdk8n.default] - Zeile gefunden : user_pref("browser.search.searchengine.iconURL", "hxxp://www.mystartsearch.com/favicon.ico");
[vthxdk8n.default] - Zeile gefunden : user_pref("browser.search.searchengine.name", "mystartsearch");
[vthxdk8n.default] - Zeile gefunden : user_pref("browser.search.searchengine.url", "hxxp://www.mystartsearch.com/web/?type=ds&ts=1420834199&from=smt&uid=ST1000DM003-1CH162_Z1D91GZRXXXXZ1D91GZR&q={searchTerms}");
[vthxdk8n.default] - Zeile gefunden : user_pref("browser.search.selectedEngine", "mystartsearch");
[vthxdk8n.default] - Zeile gefunden : user_pref("browser.startup.homepage", "hxxp://www.mystartsearch.com/?type=hp&ts=1420834199&from=smt&uid=ST1000DM003-1CH162_Z1D91GZRXXXXZ1D91GZR");
[vthxdk8n.default] - Zeile gefunden : user_pref("extensions.quick_start.enable_search1", false);
[vthxdk8n.default] - Zeile gefunden : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

*************************

AdwCleaner[R0].txt - [6510 octets] - [09/01/2015 21:14:21]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6570 octets] ##########

Code:

ATTFilter

# AdwCleaner v4.107 - Bericht erstellt am 09/01/2015 um 21:15:52
# Aktualisiert 07/01/2015 von Xplode
# Database : 2015-01-03.1 [Live]
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : localhost - LOCALHOST-PC
# Gestartet von : C:\Users\localhost\Downloads\adwcleaner_4.107.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : WindowsMangerProtect
Dienst Gelöscht : IHProtect Service

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\WindowsMangerProtect
Ordner Gelöscht : C:\ProgramData\IHProtectUpDate
Ordner Gelöscht : C:\Users\localhost\AppData\Roaming\mystartsearch
Ordner Gelöscht : C:\Users\localhost\AppData\Roaming\Mozilla\Firefox\Profiles\vthxdk8n.default\Extensions\faststartff@gmail.com
Datei Gelöscht : C:\Users\localhost\AppData\Roaming\Mozilla\Firefox\Profiles\vthxdk8n.default\user.js
Datei Gelöscht : C:\Users\localhost\AppData\Roaming\Mozilla\Firefox\Profiles\vthxdk8n.default\searchplugins\mystartsearch.xml

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\Users\localhost\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\localhost\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\localhost\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\localhost\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\localhost\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends
Schlüssel Gelöscht : HKLM\SOFTWARE\14919ea49a8f3b4aa3cf1058d9a64cec
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp
Schlüssel Gelöscht : HKLM\SOFTWARE\supWindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\mystartsearchSoftware
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mystartsearch uninstall

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v33.0.2 (x86 de)

[vthxdk8n.default\prefs.js] - Zeile gelöscht : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
[vthxdk8n.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.defaultenginename", "mystartsearch");
[vthxdk8n.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.searchengine.alias", "mystartsearch");
[vthxdk8n.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.searchengine.iconURL", "hxxp://www.mystartsearch.com/favicon.ico");
[vthxdk8n.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.searchengine.name", "mystartsearch");
[vthxdk8n.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.searchengine.url", "hxxp://www.mystartsearch.com/web/?type=ds&ts=1420834199&from=smt&uid=ST1000DM003-1CH162_Z1D91GZRXXXXZ1D91GZR&q={searchTerms}");
[vthxdk8n.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.selectedEngine", "mystartsearch");
[vthxdk8n.default\prefs.js] - Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://www.mystartsearch.com/?type=hp&ts=1420834199&from=smt&uid=ST1000DM003-1CH162_Z1D91GZRXXXXZ1D91GZR");
[vthxdk8n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[vthxdk8n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

*************************

AdwCleaner[R0].txt - [6686 octets] - [09/01/2015 21:14:21]
AdwCleaner[S0].txt - [5784 octets] - [09/01/2015 21:15:52]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5844 octets] ##########

2. Malwarebytes Anti-Malware Scan N°1

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 09.01.2015
Scan Time: 21:27:43
Logfile: mb1log.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.09.16
Rootkit Database: v2015.01.07.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: localhost

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 328353
Time Elapsed: 7 min, 13 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.IHProtect.A, HKLM\SOFTWARE\WOW6432NODE\IHProtect, Quarantined, [293bf4018afff83e284cd4948d7634cc], 

Registry Values: 1
PUP.Optional.FFToolbar.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|fftoolbar2014@etech.com, C:\Users\localhost\AppData\Roaming\Mozilla\Firefox\Profiles\vthxdk8n.default\extensions\fftoolbar2014@etech.com, Quarantined, [95cf4ca9e1a8d75fd13d1f49b44fa15f]

Registry Data: 0
(No malicious items detected)

Folders: 27
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\image, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\weather, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\en-US, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-419, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-ES, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-BE, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CA, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CH, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-FR, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-LU, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-CH, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-IT, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pl, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt-BR, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru-MO, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\tr-TR, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\vi-VI, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-CN, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-TW, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 

Files: 78
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ProtectService.exe, Quarantined, [194b7e77b9d0e45234c16d97da284ab6], 
PUP.Optional.Somoto, C:\Users\localhost\AppData\Local\Temp\bitool.dll, Quarantined, [cc98f40195f46bcb4e2b595048bafe02], 
PUP.Optional.Somoto, C:\Users\localhost\AppData\Local\Temp\nsp561.tmp, Quarantined, [76eef0051b6ecf677820906a5ea6ce32], 
PUP.Optional.SupTab.A, C:\Users\localhost\AppData\Local\Temp\~dl69D9\~dljyb\tmp\STab_Down.exe, Quarantined, [5b0904f1f396e353a1d6d39211efaa56], 
PUP.Optional.XTab.A, C:\Users\localhost\AppData\Local\Temp\~dl69D9\~dljyb\tmp\STab_v4.0.exe, Quarantined, [9fc5fcf9f792d95da74e61a38181827e], 
PUP.Optional.WindowsProtectManger.A, C:\Users\localhost\AppData\Local\Temp\~dl69D9\~dljyb\tmp\wpm_v20.0.0.1337.exe, Quarantined, [94d0906546435ed8abe0b70cef1258a8], 
PUP.Optional.OpenCandy, C:\Users\localhost\Downloads\DTLite4491-0356.exe, Quarantined, [68fcdf16fd8c82b400d8a70d45c04bb5], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\uninstall.exe, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\BrowerWatchCH.dll, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\BrowerWatchFF.dll, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\BrowserAction.dll, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\CmdShell.exe, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\conf, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\HPNotify.exe, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\IeWatchDog.dll, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcp110.dll, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcr110.dll, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\about.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\about_bk.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\btn.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\btn_apply.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\close.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\conf.xml, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\conf_back.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\input_bk.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\logo.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\main.xml, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\radio_1.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\radio_2.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\rigth_arrow.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\settings.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\data.html, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\indexIE.html, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\indexIE8.html, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\main.css, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\ver.txt, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\arrow.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\default_add_logo.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\default_add_logo_hover.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\default_logo.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\googlelogo.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\googlelogo2.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\google_trends.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon128.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon16.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon48.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\loading.gif, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\logo32.ico, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\weather\0.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\common.js, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\ga.js, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\ie8.js, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\jquery-1.11.0.min.js, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\jquery.autocomplete.js, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\js.js, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\library.js, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit-ie8.js, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit.js, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit2.0.js, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\en-US\messages.json, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-419\messages.json, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-ES\messages.json, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-BE\messages.json, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CA\messages.json, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CH\messages.json, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-FR\messages.json, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-LU\messages.json, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-CH\messages.json, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-IT\messages.json, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pl\messages.json, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt\messages.json, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt-BR\messages.json, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru\messages.json, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru-MO\messages.json, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\tr-TR\messages.json, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\vi-VI\messages.json, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-CN\messages.json, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-TW\messages.json, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 

Physical Sectors: 0
(No malicious items detected)


(end)

Dann habe ich beim benutzen des Browsers gemerkt, dass noch Adware da ist.

3. AdwCleaner Scan N°2

Code:

ATTFilter

# AdwCleaner v4.107 - Bericht erstellt am 09/01/2015 um 21:40:27
# Aktualisiert 07/01/2015 von Xplode
# Database : 2015-01-03.1 [Live]
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : localhost - LOCALHOST-PC
# Gestartet von : C:\Users\localhost\Downloads\adwcleaner_4.107.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v33.0.2 (x86 de)

[vthxdk8n.default] - Zeile gefunden : user_pref("browser.search.selectedEngine", "webssearches");

*************************

AdwCleaner[R0].txt - [6686 octets] - [09/01/2015 21:14:21]
AdwCleaner[R1].txt - [814 octets] - [09/01/2015 21:40:27]
AdwCleaner[S0].txt - [5948 octets] - [09/01/2015 21:15:52]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [933 octets] ##########

Code:

ATTFilter

# AdwCleaner v4.107 - Bericht erstellt am 09/01/2015 um 21:42:03
# Aktualisiert 07/01/2015 von Xplode
# Database : 2015-01-03.1 [Live]
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : localhost - LOCALHOST-PC
# Gestartet von : C:\Users\localhost\Downloads\adwcleaner_4.107.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v33.0.2 (x86 de)

[vthxdk8n.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.selectedEngine", "webssearches");

*************************

AdwCleaner[R0].txt - [6686 octets] - [09/01/2015 21:14:21]
AdwCleaner[R1].txt - [1012 octets] - [09/01/2015 21:40:27]
AdwCleaner[S0].txt - [5948 octets] - [09/01/2015 21:15:52]
AdwCleaner[S1].txt - [944 octets] - [09/01/2015 21:42:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1003 octets] ##########

Nun habe ich einen vollständigen Scan mit Avast Antivirus durchgeführt

4. Avast Antivirus Free - Complete Scan
Hier finde ich den log leider nicht. Aber ich habe ein Bild des Ergebnisses. Das Löschen schlug fehl.

5. Avast Antivirus Boot Scan
Als das Löschen fehl schlug führte ich einen Boot Scan durch. Diesen musste ich nach dem Fund aber abbrechen, da der Scan keine Tastatureingabe annahm.

Code:

ATTFilter

01/09/2015 23:18
Prüfung aller lokalen Laufwerke

Datei C:\Users\localhost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C0QWP0B0\BiTool[1].dll ist infiziert von Win32:Somoto-J [PUP]
----------------------------------------

6. SBAV - Sophos Boot Antivirus
Anderer Ansatz: Sophos Boot Antivirus auf anderem System erstellt und ausgeführt

Code:

ATTFilter

SWEEP virus detection utility
Version 5.09.0 [Linux/Intel]
Virus data version 5.09, December 2014
Includes detection for 8264368 viruses, Trojans and worms
Copyright (c) 1989-2014 Sophos Limited. All rights reserved.

System time 23:48:56, System date 09 January 2015
Command line qualifiers are: -remove -p=/tmp/sweep-remove-log.txt -all --no-follow-symlinks -bs -mbr -dn -exclude

IDE directory is: /usr/local/sav

Using IDE file cride-en.ide
Using IDE file zbot-jez.ide
Using IDE file age-ajzb.ide
Using IDE file vb-hub.ide
Using IDE file age-ajzk.ide
Using IDE file age-ajzm.ide
Using IDE file age-ajzo.ide
Using IDE file age-ajzr.ide
Using IDE file mdro-ghx.ide
Using IDE file docdl-bp.ide
Using IDE file zbot-jfb.ide
Using IDE file age-akak.ide
Using IDE file fondu-cd.ide
Using IDE file wonto-kg.ide
Using IDE file vb-huc.ide
Using IDE file zbot-jdx.ide
Using IDE file age-akar.ide
Using IDE file mdro-giu.ide
Using IDE file weels-jn.ide
Using IDE file rarma-ac.ide
Using IDE file vb-hun.ide
Using IDE file fondu-cf.ide
Using IDE file age-akbh.ide
Using IDE file age-ajwl.ide
Using IDE file age-akbn.ide
Using IDE file auto-arj.ide
Using IDE file age-akbu.ide
Using IDE file wonto-kq.ide
Using IDE file age-akcb.ide
Using IDE file spyeye-k.ide
Using IDE file msil-ats.ide
Using IDE file zbot-jel.ide
Using IDE file msil-atz.ide
Using IDE file vb-hus.ide
Using IDE file msil-auf.ide
Using IDE file msil-awo.ide
Using IDE file vb-hve.ide
Using IDE file age-akce.ide
Using IDE file rovnix-i.ide
Using IDE file wonto-kv.ide
Using IDE file javab-uy.ide
Using IDE file msil-avd.ide
Using IDE file emote-ac.ide
Using IDE file weels-jt.ide
Using IDE file yakes-aw.ide
Using IDE file docdl-bu.ide
Using IDE file dndown-b.ide
Using IDE file msil-axa.ide
Using IDE file age-akdd.ide
Using IDE file banlo-yv.ide
Using IDE file age-akdo.ide
Using IDE file rtfex-bm.ide
Using IDE file vb-any.ide
Using IDE file auto-arp.ide
Using IDE file wintri-w.ide
Using IDE file age-akea.ide
Using IDE file banlo-yy.ide
Using IDE file msili-dz.ide
Using IDE file docdl-bx.ide
Using IDE file bank-ggg.ide
Using IDE file heofuv-a.ide
Using IDE file fonten-a.ide
Using IDE file msil-avi.ide
Using IDE file banke-ev.ide
Using IDE file vbzbot-y.ide
Using IDE file vawtra-s.ide
Using IDE file wonto-lh.ide
Using IDE file dwnl-mas.ide
Using IDE file html-ad.ide
Using IDE file age-akfm.ide
Using IDE file rans-aoa.ide
Using IDE file msil-ayk.ide
Using IDE file mbrloc-b.ide
Using IDE file fondu-ch.ide
Using IDE file banlo-zb.ide
Using IDE file bank-ggk.ide
Using IDE file msil-awb.ide
Using IDE file zbot-jgf.ide
Using IDE file age-akgh.ide
Using IDE file vb-huq.ide
Using IDE file docdl-by.ide
Using IDE file msil-atx.ide
Using IDE file rans-aob.ide
Using IDE file age-akgj.ide
Using IDE file age-akgo.ide
Using IDE file farei-di.ide
Using IDE file age-akdz.ide
Using IDE file age-akgr.ide
Using IDE file zbot-jgg.ide
Using IDE file age-akhc.ide
Using IDE file fondu-ci.ide
Using IDE file atraps-h.ide
Using IDE file weelso-r.ide
Using IDE file msil-awr.ide
Using IDE file msil-ayv.ide
Using IDE file zbot-jgm.ide
Using IDE file proch-ab.ide
Using IDE file age-akim.ide
Using IDE file msil-azf.ide
Using IDE file tracu-by.ide
Using IDE file java-wd.ide
Using IDE file emote-af.ide
Using IDE file limita-s.ide
Using IDE file dwnl-mav.ide
Using IDE file age-akjj.ide
Using IDE file age-akjl.ide
Using IDE file rans-aod.ide
Using IDE file miner-ab.ide
Using IDE file msil-aya.ide
Using IDE file auto-arw.ide
Using IDE file omdork-c.ide
Using IDE file weels-jw.ide
Using IDE file dnsau-ac.ide
Using IDE file fondu-cj.ide
Using IDE file rans-any.ide
Using IDE file bank-ggp.ide
Using IDE file msil-azy.ide
Using IDE file age-akfc.ide
Using IDE file alure-ao.ide
Using IDE file fondu-ck.ide
Using IDE file jsage-eh.ide
Using IDE file keliho-v.ide
Using IDE file emote-am.ide
Using IDE file mdro-gjk.ide
Using IDE file msil-bae.ide
Using IDE file auto-arz.ide
Using IDE file java-we.ide
Using IDE file msil-bag.ide
Using IDE file age-akfn.ide
Using IDE file zbot-jhc.ide
Using IDE file msil-bai.ide
Using IDE file auto-arg.ide
Using IDE file vb-hxi.ide
Using IDE file rans-aoe.ide
Using IDE file vawtra-z.ide
Using IDE file dinih-bc.ide
Using IDE file vb-hxf.ide
Using IDE file necur-ct.ide
Using IDE file vbage-ad.ide
Using IDE file inje-bhg.ide
Using IDE file zbot-jhg.ide
Using IDE file age-aklf.ide
Using IDE file upatr-ha.ide
Using IDE file auto-asd.ide
Using IDE file auto-ase.ide
Using IDE file jsage-ej.ide
Using IDE file age-akic.ide
Using IDE file zbot-jho.ide
Using IDE file limitl-h.ide
Using IDE file docdl-cg.ide
Using IDE file inje-bhk.ide
Using IDE file rans-aoi.ide
Using IDE file dapat-bb.ide
Using IDE file msil-bbg.ide
Using IDE file vb-hxq.ide
Using IDE file zbot-jht.ide
Using IDE file bank-ggu.ide
Using IDE file backd-kl.ide
Using IDE file msil-bbq.ide
Using IDE file fondu-cl.ide
Using IDE file jsage-el.ide
Using IDE file msil-bbw.ide
Using IDE file age-akmn.ide
Using IDE file age-aknb.ide
Using IDE file mdro-gkd.ide
Using IDE file weels-kd.ide
Using IDE file keylo-qj.ide
Using IDE file rembat-a.ide
Using IDE file emote-as.ide
Using IDE file msil-bch.ide
Using IDE file wonto-lv.ide
Using IDE file msil-bci.ide
Using IDE file dwnl-mbm.ide
Using IDE file foxhie-c.ide
Using IDE file rovnix-j.ide
Using IDE file msil-bcp.ide
Using IDE file vb-hyb.ide
Using IDE file msil-lq.ide
Using IDE file docdl-ck.ide
Using IDE file dwnl-mbr.ide
Using IDE file bank-ggv.ide
Using IDE file wonto-lx.ide
Using IDE file delf-fvf.ide
Using IDE file age-akko.ide
Using IDE file age-akow.ide
Using IDE file hwpexp-a.ide
Using IDE file zegos-de.ide
Using IDE file dridex-c.ide
Using IDE file fondu-co.ide
Using IDE file rans-aon.ide
Using IDE file cutwa-bn.ide
Using IDE file wonto-mb.ide
Using IDE file age-akpq.ide
Using IDE file vb-hyh.ide
Using IDE file wonto-md.ide
Using IDE file graft-ai.ide
Using IDE file yakes-ba.ide
Using IDE file mdro-gjt.ide
Using IDE file bunitu-x.ide
Using IDE file zbot-jih.ide
Using IDE file auto-asm.ide
Using IDE file staser-d.ide
Using IDE file zbot-jhs.ide
Using IDE file cidox-ak.ide
Using IDE file bondat-i.ide
Using IDE file simda-cj.ide
Using IDE file mdro-gkn.ide
Using IDE file swfex-eu.ide
Using IDE file buzus-ik.ide
Using IDE file msil-bfb.ide
Using IDE file age-akmy.ide
Using IDE file dwnl-mck.ide
Using IDE file msil-bfd.ide
Using IDE file age-akng.ide
Using IDE file age-aksg.ide
Using IDE file age-aksk.ide
Using IDE file derusb-o.ide
Using IDE file msil-bfe.ide
Using IDE file graft-aj.ide
Using IDE file urelas-x.ide
Using IDE file tinba-k.ide
Using IDE file wonto-mf.ide
Using IDE file mfckry-b.ide
Using IDE file msil-lw.ide
Using IDE file msil-bcx.ide
Using IDE file zbot-jis.ide
Using IDE file age-aktg.ide
Using IDE file age-aktl.ide
Using IDE file age-akub.ide
Using IDE file age-akuf.ide
Using IDE file rans-aoy.ide
Using IDE file sefni-cm.ide
Using IDE file rans-apa.ide
Using IDE file msil-bfq.ide
Using IDE file miner-ad.ide
Using IDE file age-akva.ide
Using IDE file hollin-a.ide
Using IDE file sefni-cn.ide
Using IDE file yakes-bb.ide
Using IDE file age-akpm.ide
Using IDE file zbot-jiy.ide
Using IDE file vawtr-ah.ide
Using IDE file age-akvr.ide
Using IDE file rans-aop.ide
Using IDE file bred-aos.ide
Using IDE file age-akqt.ide
Using IDE file docdl-cx.ide
Using IDE file dyreza-v.ide
Using IDE file upatr-hf.ide
Using IDE file delf-fvc.ide
Using IDE file age-akwa.ide
Using IDE file age-akru.ide
Using IDE file farei-dk.ide
Using IDE file blada-b.ide
Using IDE file pws-chh.ide
Using IDE file atraps-k.ide
Using IDE file age-akwc.ide
Using IDE file msil-bfz.ide
Using IDE file rans-apd.ide
Using IDE file age-akwe.ide
Using IDE file inje-big.ide
Using IDE file age-aksj.ide
Using IDE file banlo-zl.ide
Using IDE file age-akwm.ide
Using IDE file bladab-h.ide
Using IDE file cidox-al.ide
Using IDE file weels-kz.ide
Using IDE file rans-ape.ide
Using IDE file docdl-dc.ide
Using IDE file banlo-zm.ide
Using IDE file banlo-zn.ide
Using IDE file rans-apf.ide
Using IDE file age-akxn.ide
Using IDE file vawtra-a.ide
Using IDE file age-akxx.ide
Using IDE file limita-t.ide
Using IDE file fondu-cs.ide
Using IDE file bckd-rsq.ide
Using IDE file papra-aq.ide
Using IDE file kovter-j.ide
Using IDE file zusy-w.ide
Using IDE file auto-asw.ide
Using IDE file puves-b.ide
Using IDE file kuluo-ct.ide
Using IDE file bckd-rsr.ide
Using IDE file vb-hyu.ide
Using IDE file age-akvl.ide
Using IDE file javab-vi.ide
Using IDE file msil-bft.ide
Using IDE file inje-bii.ide
Using IDE file dwnl-mcs.ide
Using IDE file msil-bgq.ide
Using IDE file silly-lx.ide
Using IDE file age-akvw.ide
Using IDE file zbot-jja.ide
Using IDE file msil-bgu.ide
Using IDE file zbot-sz.ide
Using IDE file miure-aa.ide
Using IDE file dwnl-mcu.ide
Using IDE file dwnl-mcv.ide
Using IDE file vawtr-ai.ide
Using IDE file age-akyq.ide
Using IDE file revet-ed.ide
Using IDE file vbs-el.ide
Using IDE file inje-bij.ide
Using IDE file msili-ek.ide
Using IDE file msil-bgw.ide
Using IDE file weels-lf.ide
Using IDE file weels-lg.ide
Using IDE file age-akzi.ide
Using IDE file age-akxh.ide
Using IDE file age-akxi.ide
Using IDE file vbzbo-ae.ide
Using IDE file age-akxv.ide
Using IDE file age-akzj.ide
Using IDE file fondu-cv.ide
Using IDE file wonto-mi.ide
Using IDE file javab-vj.ide
Using IDE file mdro-gkk.ide
Using IDE file mdro-gkv.ide
Using IDE file age-akzo.ide
Using IDE file zbot-jiu.ide
Using IDE file rans-apb.ide
Using IDE file zbot-jjt.ide
Using IDE file vbinj-kf.ide
Using IDE file auto-asn.ide
Using IDE file rans-api.ide
Using IDE file delf-fvm.ide
Using IDE file age-akun.ide
Using IDE file age-akuz.ide
Using IDE file msil-bgx.ide
Using IDE file msil-bgy.ide
Using IDE file age-akzp.ide
Using IDE file msil-bgz.ide
Using IDE file age-akzq.ide
Using IDE file age-akzr.ide
Using IDE file delf-fvn.ide
Using IDE file neurev-n.ide
Using IDE file bank-ghj.ide
Using IDE file msil-bgt.ide
Using IDE file msil-bhc.ide
Using IDE file kovter-k.ide
Using IDE file wonto-mm.ide
Using IDE file vb-hzf.ide
Using IDE file age-alaj.ide
Using IDE file hkmai-bz.ide
Using IDE file msil-bhf.ide
Using IDE file dridex-j.ide
Using IDE file banc-cap.ide
Using IDE file rans-apj.ide
Using IDE file qbot-ci.ide
Using IDE file fondu-cz.ide
Using IDE file inje-bil.ide
Using IDE file zbot-jjx.ide
Using IDE file age-alaw.ide
Using IDE file sefni-cp.ide
Using IDE file docdl-dg.ide
Using IDE file feret-l.ide
Using IDE file msil-bhv.ide
Using IDE file inje-bip.ide
Using IDE file boaxx-aj.ide
Using IDE file fondu-db.ide
Using IDE file zbot-jjy.ide
Using IDE file banlo-zs.ide
Using IDE file bank-ghl.ide
Using IDE file vb-hzm.ide
Using IDE file fondu-dc.ide
Using IDE file bckd-rss.ide
Using IDE file msil-bia.ide
Using IDE file vb-hzs.ide
Using IDE file zbot-jjz.ide
Using IDE file msil-bif.ide
Using IDE file limita-y.ide

Quick Sweeping


1 master boot record swept.
3 boot sectors swept.
374302 files swept in 57 minutes and 6 seconds.
No viruses were discovered.
End of Sweep.

7. Avast Antivirus Boot Scan N°2
Heute morgen habe ich dann den Bootscan nochmal ausgeführt nachdem Sophos nichts gefunden hat. Win32:Somoto-J und Wind32:Somoto-R wurden erfolgreich in Quarantäne verschoben.

Code:

ATTFilter

01/10/2015 08:12
Prüfung aller lokalen Laufwerke

Datei C:\Users\localhost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C0QWP0B0\BiTool[1].dll ist infiziert von Win32:Somoto-J [PUP], In Container verschoben
Datei C:\Users\localhost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QBODEA7G\setup[1].exe ist infiziert von Win32:Somoto-R [PUP], In Container verschoben
Datei C:\Users\localhost\Downloads\Sculptris-Alpha6-Windows.zip|>Sculptris Alpha 6.exe Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\ProgramData\Package Cache\943AF34AE1A51C1285046AC828104E7ACB381F63\packages\dotNetFramework\NDP451-KB2858728-x86-x64-AllOS-DEU.exe Fehler 42110 {Die Datei ist eine Archivbombe.}
Datei C:\Windows\SoftwareDistribution\Download\5618ce1d4deba09cfb6cb626c97e7eb7\BITC767.tmp|>2 Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei C:\Windows\SoftwareDistribution\Download\b658c97998a866ba531cb3f65306185c\BIT9170.tmp|>.\.\.\NDP45-KB2750147.msp|>mscordbi_dll_amd64 Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei C:\Windows\SoftwareDistribution\Download\b658c97998a866ba531cb3f65306185c\BIT9170.tmp|>.\.\.\NDP45-KB2750147.msp Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei E:\LOCALHOST-PC\Backup Set 2014-11-04 145122\Backup Files 2014-11-16 190000\Backup files 7.zip|>C\Users\localhost\Downloads\eclipse-jee-luna-SR1-win32-x86_64.zip|>eclipse\plugins\org.eclipse.jface.text_3.9.1.v20140827-1810.jar Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei E:\LOCALHOST-PC\Backup Set 2014-11-04 145122\Backup Files 2014-11-23 190001\Backup files 16.zip|>C\Users\localhost\Downloads\Sculptris-Alpha6-Windows.zip|>Sculptris Alpha 6.exe Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei E:\LOCALHOST-PC\Backup Set 2014-12-14 190001\Backup Files 2014-12-14 190001\Backup files 28.zip|>C\Users\localhost\Downloads\eclipse-jee-luna-SR1-win32-x86_64.zip|>eclipse\plugins\org.eclipse.jface.text_3.9.1.v20140827-1810.jar Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei E:\LOCALHOST-PC\Backup Set 2014-12-14 190001\Backup Files 2014-12-14 190001\Backup files 30.zip|>C\Users\localhost\Downloads\Sculptris-Alpha6-Windows.zip|>Sculptris Alpha 6.exe Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei E:\Programme\Steam\SteamApps\common\Counter-Strike Source\cstrike\cache\tbody.vtf.bz20000|>{bzip} Fehler 42130 {BZIP2-Archiv ist beschädigt.}
Anzahl durchsuchter Ordner: 72098
Anzahl der geprüften Dateien: 2612729
Anzahl infizierter Dateien: 2

Ich habe noch ein paar weitere Scans mit AdwCleaner und Malwarebytes Anti-Malware durchgeführt, jedoch wurde nichts gefunden.

Code:

ATTFilter

# AdwCleaner v4.107 - Bericht erstellt am 10/01/2015 um 08:09:09
# Aktualisiert 07/01/2015 von Xplode
# Database : 2014-12-21.4 [Local]
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : localhost - LOCALHOST-PC
# Gestartet von : C:\Users\localhost\Downloads\adwcleaner_4.107.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v33.0.2 (x86 de)


*************************

AdwCleaner[R0].txt - [6686 octets] - [09/01/2015 21:14:21]
AdwCleaner[R1].txt - [1012 octets] - [09/01/2015 21:40:27]
AdwCleaner[R2].txt - [776 octets] - [10/01/2015 08:09:09]
AdwCleaner[S0].txt - [5948 octets] - [09/01/2015 21:15:52]
AdwCleaner[S1].txt - [1083 octets] - [09/01/2015 21:42:03]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [955 octets] ##########

Code:

ATTFilter

# AdwCleaner v4.107 - Bericht erstellt am 10/01/2015 um 08:10:38
# Aktualisiert 07/01/2015 von Xplode
# Database : 2014-12-21.4 [Local]
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : localhost - LOCALHOST-PC
# Gestartet von : C:\Users\localhost\Downloads\adwcleaner_4.107.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v33.0.2 (x86 de)


*************************

AdwCleaner[R0].txt - [6686 octets] - [09/01/2015 21:14:21]
AdwCleaner[R1].txt - [1012 octets] - [09/01/2015 21:40:27]
AdwCleaner[R2].txt - [1034 octets] - [10/01/2015 08:09:09]
AdwCleaner[S0].txt - [5948 octets] - [09/01/2015 21:15:52]
AdwCleaner[S1].txt - [1083 octets] - [09/01/2015 21:42:03]
AdwCleaner[S2].txt - [957 octets] - [10/01/2015 08:10:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1016 octets] ##########

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 09.01.2015
Scan Time: 21:44:45
Logfile: mb2log.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.09.16
Rootkit Database: v2015.01.07.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: localhost

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 328354
Time Elapsed: 27 min, 0 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Meine verbleibende Sorge liegt bei den 12 dll's. Avast war unfähig diese zu löschen. Und ich konnte nicht erkennen, dass diese durch den Bootscan entfernt wurden.
Ich habe gerade händisch nachgeschaut. Sie sind noch da.

Grüße

haskeer

Nach Daemon Tools Lite installation eine Infektion, bin ich wieder clean?

Log-Analyse und Auswertung: Nach Daemon Tools Lite installation eine Infektion, bin ich wieder clean?

Nach Daemon Tools Lite installation eine Infektion, bin ich wieder clean?

Ähnliche Themen: Nach Daemon Tools Lite installation eine Infektion, bin ich wieder clean?