Werbungs Problem , Auswertung erbeten

Likemike90 · 27.09.2015, 20:44

Hallo,

ich trete mit einer dringlichen Bitte an euch, ein Familienangehöriger hat es wieder geschafft seinen Laptop zu verseuchen.

Problem:

Es öffneten sich immer wieder Werbefenster ( in allen Browsern : Mozilla, iexplorer, Chrome ) Ich habe bereits einige Programme durchlaufen lassen, und der Zustand hat sich bereits gebessert, allerdings läuft im Mozilla einige Seiten noch immer sehr langsam bis hin zum Absturz des Browsers, in Chrome usw. funktioniert allerdings soweit ich das beurteilen kann wieder alles normalen :

Adwcleaner, JRT und MBAM( Malwarebytes) hab ich bereits gestartet und diese wurden auch fündig, nachfolgend dazu die Logfilges :

ADW Cleaner

Zitat:

# AdwCleaner v5.009 - Bericht erstellt am 27/09/2015 um 21:21:08
# Aktualisiert am 27/09/2015 von Xplode
# Datenbank : 2015-09-27.1 [Server]
# Betriebssystem : Windows 10 Home (x64)
# Benutzername : Franz - OPA-PC
# Gestartet von : C:\Users\Franz\Downloads\adwcleaner_5.009 (1).exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum

***** [ Dienste ] *****

***** [ Ordner ] *****

***** [ Dateien ] *****

[-] Datei Gelöscht : C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_acklnhgjphbhhomkneonohbjnbmkclfb_0
[-] Datei Gelöscht : C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acklnhgjphbhhomkneonohbjnbmkclfb
[-] Datei Gelöscht : C:\Users\Franz\AppData\Roaming\Mozilla\Firefox\Profiles\ey73nlwp.default\searchplugins\default.xml

***** [ Verknüpfungen ] *****

***** [ Geplante Tasks ] *****

[-] Task Gelöscht : Adobe Flash Player Updater

***** [ Registrierungsdatenbank ] *****

***** [ Internetbrowser ] *****

[-] [C:\Users\Franz\AppData\Roaming\Mozilla\Firefox\Profiles\ey73nlwp.default\prefs.js] [Preference] Gelöscht : user_pref("browser.newtab.url", "hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHAcQc1oMUQEQDA1CcA4VVQsUGRgbeA4ATABCRwQXJAwIUQpERBNBNARaB0tXUUEeGGlxR1dMZlBOB0tZAw==");
[-] [C:\Users\Franz\AppData\Roaming\Mozilla\Firefox\Profiles\ey73nlwp.default\prefs.js] [Preference] Gelöscht : user_pref("browser.startup.homepage", "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggRcwpbVQlJQBgbIQkPTA1DRA0OeAEPWRRIElMSdF0NUQlCFFAFIk0FA18DB0VXfWFoKB8fHHJGLX5KAFs=");

*************************

:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Chrome Richtlinien gelöscht

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [1773 Bytes] ##########

JRT :

Zitat:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.3 (09.21.2015:1)
OS: Windows 10 Home x64
Ran by Franz on 27.09.2015 at 20:20:41,13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

Successfully deleted: [Service] {2381c708-437b-40af-a3fc-1f3bd1d5172d}Gw64 [Reboot required]
Successfully deleted: [Service] {eaa5c94d-f832-4066-99d2-177ee28f0634}Gw64 [Reboot required]

~~~ Tasks

Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Bidaily Synchronize Task[8da6]
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\TuneUpUtilities_Task_BkGndMaintenance
Successfully deleted: [Task] C:\WINDOWS\Tasks\Bidaily Synchronize Task[8da6].job

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_84CDBB9370B42B69F2DA889721ECC584
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_F698532DA1C4232F6884A6000B7F7AAF
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\TuneUp Undelete
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{f734cfd4-8a48-4098-be39-60e07e3cb01e}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f734cfd4-8a48-4098-be39-60e07e3cb01e}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{f734cfd4-8a48-4098-be39-60e07e3cb01e}

~~~ Files

Successfully deleted: [File] C:\Users\Franz\AppData\Roaming\appdataFr25.bin

~~~ Folders

Successfully deleted: [Folder] C:\Users\Franz\Appdata\Local\com
Successfully deleted: [Folder] C:\WINDOWS\SysWOW64\amd64
Successfully deleted: [Folder] C:\WINDOWS\SysWOW64\x86
Successfully deleted: [Folder] C:\Users\Franz\Appdata\Local\14398
Successfully deleted: [Folder] C:\Users\Franz\Appdata\Local\15968
Successfully deleted: [Folder] C:\Users\Franz\Appdata\Local\27061
Successfully deleted: [Folder] C:\Users\Franz\Appdata\Local\5113

~~~ FireFox

Successfully deleted the following from C:\Users\Franz\AppData\Roaming\mozilla\firefox\profiles\ey73nlwp.default\prefs.js

user_pref(browser.search.searchengine.alias, oursurfing);
user_pref(browser.search.searchengine.desc, this is my first firefox searchEngine);
user_pref(browser.search.searchengine.iconURL, hxxp://www.oursurfing.com/favicon.ico);
user_pref(browser.search.searchengine.name, oursurfing);
user_pref(browser.search.searchengine.ptid, dig2);
user_pref(browser.search.searchengine.uid, WDCXWD7500BPVT-22HXZT3_WD-WXM1EC1FUVYAFUVYA);
user_pref(browser.search.searchengine.url, hxxp://www.oursurfing.com/web/?type=ds&ts=1437896635&z=d242ebacd6895eb9aa7686bgcz9cdmab3t6q3qecfc&from=dig2&uid=WDCXWD7500BPVT-22
Emptied folder: C:\Users\Franz\AppData\Roaming\mozilla\firefox\profiles\ey73nlwp.default\minidumps [2 files]

~~~ Chrome

[C:\Users\Franz\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Franz\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Franz\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Franz\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.09.2015 at 20:24:52,69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

und zuguter letzt auch Malwarebytes (mbam )

Zitat:

Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlaufdatum: 27.09.2015
Suchlaufzeit: 20:31
Protokolldatei: mbam.txt
Administrator: Ja

Version: 2.1.8.1057
Malware-Datenbank: v2015.09.27.04
Rootkit-Datenbank: v2015.09.22.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 10
CPU: x64
Dateisystem: NTFS
Benutzer: Franz

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 501709
Abgelaufene Zeit: 29 Min., 14 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 12
PUP.Optional.GemGrab, HKU\S-1-5-21-159860915-932780104-1365787373-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{F734CFD4-8A48-4098-BE39-60E07E3CB01E}, In Quarantäne, [d010a98b0f7c02346e623baf31d120e0],
PUP.Optional.GemGrab, HKU\S-1-5-21-159860915-932780104-1365787373-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{F734CFD4-8A48-4098-BE39-60E07E3CB01E}, In Quarantäne, [d010a98b0f7c02346e623baf31d120e0],
PUP.Optional.Cinema, HKLM\SOFTWARE\WOW6432NODE\CinemaP-1.9cV16.03-nv-ie, In Quarantäne, [2bb572c25f2c181ea99bd9b9f0147789],
PUP.Optional.GemGrab, HKLM\SOFTWARE\WOW6432NODE\GemGrab, In Quarantäne, [b62aa78dc4c7eb4b0508643ef21213ed],
PUP.Optional.HighStairs, HKLM\SOFTWARE\WOW6432NODE\HighStairs, In Quarantäne, [b42cd163018aaf878c65950fcb391ee2],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1146AC44-2F03-4431-B4FD-889BC837521F}{cae99edb}, In Quarantäne, [10d0b18308832e08bfffd2df33d125db],
PUP.Optional.Cinema, HKU\S-1-5-18\SOFTWARE\CinemaP-1.9cV16.03-nv-ie, In Quarantäne, [5e82b28294f7b185f249c9c9e123a957],
PUP.Optional.Cinema, HKU\S-1-5-21-159860915-932780104-1365787373-1002\SOFTWARE\CinemaP-1.9cV16.03-nv-ie, In Quarantäne, [5f81ca6ab7d44cea0e2d771b0df7718f],
PUP.Optional.InstallCore, HKU\S-1-5-21-159860915-932780104-1365787373-1002\SOFTWARE\ICSW1.14, In Quarantäne, [ba263ef6602b1e18b7117d2a4fb5c63a],
PUP.Optional.WinYahoo, HKU\S-1-5-21-159860915-932780104-1365787373-1002\SOFTWARE\wincy, In Quarantäne, [b52b1e16b1da88aedc1896a0897a18e8],
PUP.Optional.WikiBrowser, HKU\S-1-5-21-159860915-932780104-1365787373-1002\SOFTWARE\INSTALLPATH\STATUS, In Quarantäne, [60802212cebda393889715b8f014d927],
PUP.Optional.WikiBrowser, HKU\S-1-5-21-159860915-932780104-1365787373-1002_Classes\WikiBroHTM.QYYQKXVDRDRPTMLAZI36ZTLRXU, In Quarantäne, [15cb55dff7940135da443499c73dea16],

Registrierungswerte: 1
PUP.Optional.WikiBrowser, HKU\S-1-5-21-159860915-932780104-1365787373-1002\SOFTWARE\INSTALLPATH\STATUS|WikiBrowser, Y, In Quarantäne, [60802212cebda393889715b8f014d927]

Registrierungsdaten: 1
Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{b417d343-4109-44b9-904e-881bbaf69021}|NameServer, 82.163.143.172,82.163.142.174, Gut: (), Schlecht: (82.163.143.172,82.163.142.174),Ersetzt,[2cb4d65e92f9cb6b6220b9c5d43121df]

Ordner: 10
PUP.Optional.OffersWizard, C:\Program Files (x86)\Common Files\Config, In Quarantäne, [528ea193a8e3ea4cf8f7872c4aba9e62],
PUP.Optional.PlusHD, C:\Program Files (x86)\HD-V1.9, In Quarantäne, [b52b9b99aae1ad89db41be69f90a7789],
PUP.Optional.GemGrab, C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdgkapbcioidohpahpfnflgbonpbehap\1.0.5689.21382_0, In Quarantäne, [20c0de562f5c7eb88d59358034d1f10f],
PUP.Optional.GemGrab, C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdgkapbcioidohpahpfnflgbonpbehap, In Quarantäne, [20c0de562f5c7eb88d59358034d1f10f],
PUP.Optional.HighStairs, C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkojbhjbdohknknfpdkiadbelmklobai\1.0.5743.37294_0, In Quarantäne, [ad3335ff0e7dd85e59b62591996c9e62],
PUP.Optional.HighStairs, C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkojbhjbdohknknfpdkiadbelmklobai, In Quarantäne, [ad3335ff0e7dd85e59b62591996c9e62],
PUP.Optional.GemGrab, C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdgkapbcioidohpahpfnflgbonpbehap\1.0.5689.21382_0, In Quarantäne, [687877bda4e7a59126c0268fe1247e82],
PUP.Optional.GemGrab, C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdgkapbcioidohpahpfnflgbonpbehap, In Quarantäne, [687877bda4e7a59126c0268fe1247e82],
PUP.Optional.HighStairs, C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkojbhjbdohknknfpdkiadbelmklobai\1.0.5743.37294_0, In Quarantäne, [736d84b0fd8e1e186ba47b3b9570a65a],
PUP.Optional.HighStairs, C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkojbhjbdohknknfpdkiadbelmklobai, In Quarantäne, [736d84b0fd8e1e186ba47b3b9570a65a],

Dateien: 55
PUP.Optional.Nova, C:\Program Files (x86)\69dc8177-a574-4dff-8461-b3267b078dcf\40882d6a-0c6a-479b-917d-dd9bf7ea5963.dll, In Quarantäne, [d40ce74d5239ec4a0747823d768b9769],
PUP.Optional.Nova, C:\Program Files (x86)\Acer\9d5b5dfe-1daf-4852-b6fd-0ba80aa7ac4f.dll, In Quarantäne, [568ac074741793a352fcac13b94828d8],
PUP.Optional.InstallCore, C:\Users\Franz\AppData\Local\Temp\ICReinstall_setup.exe, In Quarantäne, [8957ea4a79120333162a8364c73ae51b],
PUP.Optional.Yontoo.Gen, C:\Users\Franz\AppData\Local\Temp\{5FF3B0A1-FD72-4BB1-8132-B79815959BF5}.xpi, In Quarantäne, [a83880b4e6a5d95d5764248744bd24dc],
PUP.Optional.Yontoo, C:\Users\Franz\AppData\Local\Temp\{0248F0E0-F7B8-4F17-AE94-A41F6EC2CE9F}.dll, In Quarantäne, [07d9da5abfccd5614fed47a0d22fb947],
PUP.Optional.Yontoo, C:\Users\Franz\AppData\Local\Temp\{25748C8C-65DE-4803-AE24-D8C65D218A42}.dll, In Quarantäne, [c7191024c8c3f64043f9569152af15eb],
PUP.Optional.Yontoo, C:\Users\Franz\AppData\Local\Temp\{322B74D3-9EB4-4F20-B507-9E42AD52602F}.dll, In Quarantäne, [26ba21137813de58eb510ed9d9287b85],
PUP.Optional.Yontoo, C:\Users\Franz\AppData\Local\Temp\{37C7C862-D002-44E8-A89B-35C845583084}.dll, In Quarantäne, [a23eff3557345ed88cb0757226db52ae],
PUP.Optional.Yontoo, C:\Users\Franz\AppData\Local\Temp\{3BB1AA84-D721-44C7-AAC8-F8FC5B6F4DEF}.dll, In Quarantäne, [726eca6abfcc2c0afe3e9d4a4fb260a0],
PUP.Optional.Yontoo, C:\Users\Franz\AppData\Local\Temp\{3F7103FB-29BD-4A7D-ACB2-615A8E92FE06}.dll, In Quarantäne, [2eb2ff35deaded49b389d6119b66c43c],
PUP.Optional.Yontoo.Gen, C:\Users\Franz\AppData\Local\Temp\{3FC6BFF9-6095-4B19-9722-136470D50DC2}.xpi, In Quarantäne, [6e7262d28b00ad896c4f5556c83938c8],
PUP.Optional.Yontoo, C:\Users\Franz\AppData\Local\Temp\{45373999-1EC4-42BE-92F3-E1B06E8DC303}.dll, In Quarantäne, [9f418ea62d5edd59c577f3f461a0a060],
PUP.Optional.Yontoo, C:\Users\Franz\AppData\Local\Temp\{5B4D18C1-C248-429A-A733-F2C2632A8CD9}.dll, In Quarantäne, [746ce64e5e2d22141329b334b54c9d63],
PUP.Optional.Yontoo, C:\Users\Franz\AppData\Local\Temp\{6B095B93-DD5D-4F2C-AF6F-B0B7626EE41F}.dll, In Quarantäne, [b22e300489021d1995a726c1d031b050],
PUP.Optional.Yontoo, C:\Users\Franz\AppData\Local\Temp\{6BCACA37-9623-4FAB-9A71-102738538B54}.dll, In Quarantäne, [c41c38fcd1ba3afcb58757902cd5718f],
PUP.Optional.Yontoo, C:\Users\Franz\AppData\Local\Temp\{8CA0F9B5-8EA5-46A5-ACC6-F4C2F91F12C5}.dll, In Quarantäne, [ae325fd5810afa3c60dcbe29629f19e7],
PUP.Optional.Yontoo, C:\Users\Franz\AppData\Local\Temp\{9484EB41-8147-4635-8663-7CE649808213}.dll, In Quarantäne, [29b7161e7813d95dec50e007fa07cb35],
PUP.Optional.Yontoo.Gen, C:\Users\Franz\AppData\Local\Temp\{9B44A354-C12B-473E-B615-2327B5229B40}.xpi, In Quarantäne, [eaf656de2665f73ffbc0c1eac63bc040],
PUP.Optional.Yontoo, C:\Users\Franz\AppData\Local\Temp\{9E4BB099-5813-4E56-84D1-CB9764124AB7}.dll, In Quarantäne, [f9e7a88ca1ea2d091d1ff9ee6a9710f0],
PUP.Optional.Yontoo, C:\Users\Franz\AppData\Local\Temp\{A8EF8180-188E-4A20-BC84-50F4737F4E8F}.dll, In Quarantäne, [d10fd95b34575fd766d616d1c938728e],
PUP.Optional.Yontoo.Gen, C:\Users\Franz\AppData\Local\Temp\{B85FCE88-A7B5-47BD-A743-248AD3038DF8}.xpi, In Quarantäne, [8c54cf6544475cda74473972fc05ea16],
PUP.Optional.Yontoo, C:\Users\Franz\AppData\Local\Temp\{BF128548-3133-49CF-A034-07300FF4FC5D}.dll, In Quarantäne, [14cc2410dfac86b040fc24c3c73a50b0],
PUP.Optional.Yontoo, C:\Users\Franz\AppData\Local\Temp\{CEB66ABA-4DAC-496F-BAA8-656C4EF04EE9}.dll, In Quarantäne, [b42c260e7d0ee650db61e9fe0001b54b],
PUP.Optional.Yontoo, C:\Users\Franz\AppData\Local\Temp\{E1677003-CE5F-4622-AB53-3C8A582178C0}.dll, In Quarantäne, [578989aba9e21422b18b31b6a65b41bf],
PUP.Optional.Yontoo, C:\Users\Franz\AppData\Local\Temp\{EEF64B6C-E4A4-4698-B61E-7E3770348AA7}.dll, In Quarantäne, [db056ec6bfcc63d39ca0499ed13056aa],
PUP.Optional.Yontoo, C:\Users\Franz\AppData\Local\Temp\{F368E69C-888C-4BDB-82FC-A8024B000D93}.dll, In Quarantäne, [f7e9122215767fb72e0e7374fb069769],
PUP.Optional.Yontoo.Gen, C:\Users\Franz\AppData\Local\Temp\{FA83BDE2-1F50-4BD7-974A-EEFE37A5659C}.xpi, In Quarantäne, [8b551e161378f046407b4f5ce51c57a9],
PUP.Optional.Yontoo, C:\Users\Franz\AppData\Local\Temp\{FFF42357-97E9-4D63-BDB1-D03D30B4F77F}.dll, In Quarantäne, [707000347e0d57dfe05cfceb36cb54ac],
PUP.Optional.InstallCore, C:\Users\Franz\Downloads\SkypeSetup (2).exe, In Quarantäne, [3ca49b997417dd59a682a71756aba65a],
PUP.Optional.Yontoo, C:\Users\Franz\AppData\Roaming\Mozilla\Firefox\Profiles\ey73nlwp.default\extensions\{7e83bc4a-0052-4fdc-bf05-62480c2239cd}.xpi, In Quarantäne, [22be7eb6d6b5a88ee99a60d5d92ad62a],
PUP.Optional.OffersWizard, C:\Program Files (x86)\Common Files\Config\ver.xml, In Quarantäne, [528ea193a8e3ea4cf8f7872c4aba9e62],
PUP.Optional.OffersWizard, C:\Program Files (x86)\Common Files\Config\data.xml, In Quarantäne, [528ea193a8e3ea4cf8f7872c4aba9e62],
PUP.Optional.PlusHD, C:\Program Files (x86)\HD-V1.9\1293297481.mxaddon, In Quarantäne, [b52b9b99aae1ad89db41be69f90a7789],
PUP.Optional.PlusHD, C:\Program Files (x86)\HD-V1.9\674ef8b6-79fa-43ea-aad0-f0b622c8e6c3.crx, In Quarantäne, [b52b9b99aae1ad89db41be69f90a7789],
PUP.Optional.PlusHD, C:\Program Files (x86)\HD-V1.9\674ef8b6-79fa-43ea-aad0-f0b622c8e6c3.xpi, In Quarantäne, [b52b9b99aae1ad89db41be69f90a7789],
PUP.Optional.PlusHD, C:\Program Files (x86)\HD-V1.9\674ef8b6-79fa-43ea-aad0-f0b622c8e6c3_.xpi, In Quarantäne, [b52b9b99aae1ad89db41be69f90a7789],
PUP.Optional.PlusHD, C:\Program Files (x86)\HD-V1.9\background.html, In Quarantäne, [b52b9b99aae1ad89db41be69f90a7789],
PUP.Optional.PlusHD, C:\Program Files (x86)\HD-V1.9\d37ec241-265e-433f-968b-3286ca299d23.crx, In Quarantäne, [b52b9b99aae1ad89db41be69f90a7789],
PUP.Optional.PlusHD, C:\Program Files (x86)\HD-V1.9\da25ff31-81b7-4225-8aa1-9237e9f519bf.crx, In Quarantäne, [b52b9b99aae1ad89db41be69f90a7789],
PUP.Optional.GemGrab, C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdgkapbcioidohpahpfnflgbonpbehap\1.0.5689.21382_0\manifest.json, In Quarantäne, [20c0de562f5c7eb88d59358034d1f10f],
PUP.Optional.GemGrab, C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdgkapbcioidohpahpfnflgbonpbehap\1.0.5689.21382_0\background.js, In Quarantäne, [20c0de562f5c7eb88d59358034d1f10f],
PUP.Optional.GemGrab, C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdgkapbcioidohpahpfnflgbonpbehap\1.0.5689.21382_0\content.js, In Quarantäne, [20c0de562f5c7eb88d59358034d1f10f],
PUP.Optional.GemGrab, C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdgkapbcioidohpahpfnflgbonpbehap\1.0.5689.21382_0\icon.png, In Quarantäne, [20c0de562f5c7eb88d59358034d1f10f],
PUP.Optional.HighStairs, C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkojbhjbdohknknfpdkiadbelmklobai\1.0.5743.37294_0\manifest.json, In Quarantäne, [ad3335ff0e7dd85e59b62591996c9e62],
PUP.Optional.HighStairs, C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkojbhjbdohknknfpdkiadbelmklobai\1.0.5743.37294_0\background.js, In Quarantäne, [ad3335ff0e7dd85e59b62591996c9e62],
PUP.Optional.HighStairs, C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkojbhjbdohknknfpdkiadbelmklobai\1.0.5743.37294_0\content.js, In Quarantäne, [ad3335ff0e7dd85e59b62591996c9e62],
PUP.Optional.HighStairs, C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkojbhjbdohknknfpdkiadbelmklobai\1.0.5743.37294_0\icon.png, In Quarantäne, [ad3335ff0e7dd85e59b62591996c9e62],
PUP.Optional.GemGrab, C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdgkapbcioidohpahpfnflgbonpbehap\1.0.5689.21382_0\manifest.json, In Quarantäne, [687877bda4e7a59126c0268fe1247e82],
PUP.Optional.GemGrab, C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdgkapbcioidohpahpfnflgbonpbehap\1.0.5689.21382_0\background.js, In Quarantäne, [687877bda4e7a59126c0268fe1247e82],
PUP.Optional.GemGrab, C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdgkapbcioidohpahpfnflgbonpbehap\1.0.5689.21382_0\content.js, In Quarantäne, [687877bda4e7a59126c0268fe1247e82],
PUP.Optional.GemGrab, C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdgkapbcioidohpahpfnflgbonpbehap\1.0.5689.21382_0\icon.png, In Quarantäne, [687877bda4e7a59126c0268fe1247e82],
PUP.Optional.HighStairs, C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkojbhjbdohknknfpdkiadbelmklobai\1.0.5743.37294_0\manifest.json, In Quarantäne, [736d84b0fd8e1e186ba47b3b9570a65a],
PUP.Optional.HighStairs, C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkojbhjbdohknknfpdkiadbelmklobai\1.0.5743.37294_0\background.js, In Quarantäne, [736d84b0fd8e1e186ba47b3b9570a65a],
PUP.Optional.HighStairs, C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkojbhjbdohknknfpdkiadbelmklobai\1.0.5743.37294_0\content.js, In Quarantäne, [736d84b0fd8e1e186ba47b3b9570a65a],
PUP.Optional.HighStairs, C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkojbhjbdohknknfpdkiadbelmklobai\1.0.5743.37294_0\icon.png, In Quarantäne, [736d84b0fd8e1e186ba47b3b9570a65a],

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)

(end)

Ich danke euch jetzt schon mal für eure Hilfe, und wäre euch auch dankbar um die Information bzw. den Tipp, woher die Schadhafte Software stammt ?

Mit aller höflichsten Gruss
Michael

Werbungs Problem , Auswertung erbeten

Log-Analyse und Auswertung: Werbungs Problem , Auswertung erbeten

Werbungs Problem , Auswertung erbeten

Ähnliche Themen: Werbungs Problem , Auswertung erbeten