Istartpageing.com Virus auf Rechner

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 11.12.2015
Suchlaufzeit: 10:08
Protokolldatei: mbam.txt
Administrator: Ja

Version: 2.2.0.1024
Malware-Datenbank: v2015.12.11.02
Rootkit-Datenbank: v2015.12.07.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Anni Blask

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 420532
Abgelaufene Zeit: 41 Min., 13 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 2
PUP.Optional.DNSBlock.BrwsrFlsh, C:\Windows\System32\DnsBlockUpdateSvc.exe, 1772, Löschen bei Neustart, [c20ca2017615df57a0c890ebcf346b95]
PUP.Optional.WindowsMangerProtect, C:\ProgramData\Tmp0x0x\ProtectWindowsManager.exe, 1388, Löschen bei Neustart, [5c72faa9d0bb5cdaa89ec8f516edfd03]

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 8
PUP.Optional.DNSBlock.BrwsrFlsh, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DnsBlockUpdateSvc, In Quarantäne, [c20ca2017615df57a0c890ebcf346b95], 
PUP.Optional.DownloadProtect, HKLM\SOFTWARE\CLASSES\APPID\DPBHO.DLL, In Quarantäne, [a628ffa412799e985c6f7a86c93b4ab6], 
PUP.Optional.DownloadProtect, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\DPBHO.DLL, In Quarantäne, [547a673cb8d33ff7884318e849bb8779], 
PUP.Optional.IStartPageing.ChrPRST, HKLM\SOFTWARE\WOW6432NODE\istartpageingSoftware, In Quarantäne, [e1edb3f043481125d2d17b83bb4851af], 
PUP.Optional.DownloadProtect, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\DPBHO.DLL, In Quarantäne, [f3db0a998b005bdb408b837dcc38fb05], 
PUP.Optional.WindowsMangerProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WindowsMangerProtect, In Quarantäne, [5c72faa9d0bb5cdaa89ec8f516edfd03], 
PUP.Optional.WindowsMangerProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, In Quarantäne, [def09e05eaa1e650063fdbe2dc271ee2], 
PUP.Optional.DeskCut, HKU\S-1-5-21-2899336889-42798528-283681265-1001\SOFTWARE\MOZILLA\EXTENDS, In Quarantäne, [ece2edb6ee9dce68186c256853b08d73], 

Registrierungswerte: 3
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|yahooprotected@gmail.com, C:\Users\Anni Blask\AppData\Roaming\Mozilla\Firefox\Profiles\GtLqFdaV.default\extensions\yahooprotected@gmail.com, In Quarantäne, [05c9396aa4e77fb7e972842157ab37c9]
PUP.Optional.DownloadProtectExtension, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{E2AF99E5-4405-4CC9-924E-D3D25A8BB003}, C:\Windows\Installer\{AC4A2B91-3FAB-48BE-868F-8476850C0D37}\{E2AF99E5-4405-4CC9-924E-D3D25A8BB003}.xpi, In Quarantäne, [d0fe445f6f1c979f18a6d5b91fe44eb2]
PUP.Optional.DeskCut, HKU\S-1-5-21-2899336889-42798528-283681265-1001\SOFTWARE\MOZILLA\EXTENDS|appid, deskCutv2@gmail.com, In Quarantäne, [ece2edb6ee9dce68186c256853b08d73]

Registrierungsdaten: 2
PUP.Optional.IStartPageing.ShrtCln, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://www.istartpageing.com/?type=sc&ts=1449779020&z=a04112a83d12a51bf5f9b6cg9z9zbt0m1mbt3e0gab&from=cvs2&uid=ST500LT012-1DG142_S3PKDV6H, Gut: (firefox.exe), Schlecht: ("C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://www.istartpageing.com/?type=sc&ts=1449779020&z=a04112a83d12a51bf5f9b6cg9z9zbt0m1mbt3e0gab&from=cvs2&uid=ST500LT012-1DG142_S3PKDV6H),Ersetzt,[ae201c879dee79bdb09fafc516ee50b0]
PUP.Optional.IStartPageing.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://www.istartpageing.com/?type=sc&ts=1449779020&z=a04112a83d12a51bf5f9b6cg9z9zbt0m1mbt3e0gab&from=cvs2&uid=ST500LT012-1DG142_S3PKDV6H, Gut: (firefox.exe), Schlecht: ("C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://www.istartpageing.com/?type=sc&ts=1449779020&z=a04112a83d12a51bf5f9b6cg9z9zbt0m1mbt3e0gab&from=cvs2&uid=ST500LT012-1DG142_S3PKDV6H),Ersetzt,[626c059ecfbcd0668ac5aacaae56a35d]

Ordner: 8
PUP.Optional.DownloadProtect, C:\Windows\Installer\{4E3E9653-4270-4EAB-8958-671A896A0E2E}, In Quarantäne, [b519287b6b205ed85d4d107e798a40c0], 
PUP.Optional.Elex, C:\Program Files (x86)\SFK, In Quarantäne, [a12d901387048aac01ef5a6ff60db44c], 
PUP.Optional.DNSBlock.BrwsrFlsh, C:\Users\Anni Blask\AppData\Local\DnsBlock, In Quarantäne, [c30b485b800b51e5c1ed591bfd050000], 
PUP.Optional.WindowsProtectManager, C:\ProgramData\Tmp0x0x, Löschen bei Neustart, [4b836d3679122214ff99257e1ae8966a], 
PUP.Optional.WindowsProtectManager, C:\ProgramData\Tmp0x0x\log, In Quarantäne, [4b836d3679122214ff99257e1ae8966a], 
PUP.Optional.WindowsProtectManager, C:\ProgramData\Tmp0x0x\update, In Quarantäne, [4b836d3679122214ff99257e1ae8966a], 
PUP.Optional.DownloadProtect, C:\Program Files (x86)\{73074610-4705-4D26-8D7C-0AD8F55DD8F3}, In Quarantäne, [7955970c573476c0b5003573fc08f010], 
PUP.Optional.DownloadProtect, C:\Program Files\{58B851E6-CEAA-4F5B-BA9F-70209A69D641}, In Quarantäne, [c509d0d3098278bef1c4b1f7808405fb], 

Dateien: 13
PUP.Optional.DNSBlock.BrwsrFlsh, C:\Windows\System32\DnsBlockUpdateSvc.exe, Löschen bei Neustart, [c20ca2017615df57a0c890ebcf346b95], 
PUP.Optional.DNSBlocker.BrwsrFlsh, C:\Windows\System32\dns.block, In Quarantäne, [705e861dd5b69d99303cb0cb7e85e21e], 
PUP.Optional.DNSBlocker.BrwsrFlsh, C:\Windows\SysWOW64\dns.block, In Quarantäne, [e9e5cfd4e3a887af9ad2700b946fa25e], 
PUP.Optional.DownloadProtect, C:\Windows\Installer\{4E3E9653-4270-4EAB-8958-671A896A0E2E}\cfnhnjhplcnhglmcfjnkdfkplljiifmeorx, In Quarantäne, [b519287b6b205ed85d4d107e798a40c0], 
PUP.Optional.DownloadProtect, C:\Windows\Installer\{4E3E9653-4270-4EAB-8958-671A896A0E2E}\xfnhnjhplcnhglmcfjnkdfkplljiifmeoml, In Quarantäne, [b519287b6b205ed85d4d107e798a40c0], 
PUP.Optional.Elex, C:\Program Files (x86)\SFK\SFK.ini, In Quarantäne, [a12d901387048aac01ef5a6ff60db44c], 
PUP.Optional.WindowsMangerProtect, C:\ProgramData\Tmp0x0x\ProtectWindowsManager.exe, Löschen bei Neustart, [5c72faa9d0bb5cdaa89ec8f516edfd03], 
PUP.Optional.WindowsProtectManager, C:\ProgramData\Tmp0x0x\log\ProtectWindowsManager_2015-12-10[21-25-03-890].log, In Quarantäne, [4b836d3679122214ff99257e1ae8966a], 
PUP.Optional.WindowsProtectManager, C:\ProgramData\Tmp0x0x\update\conf, In Quarantäne, [4b836d3679122214ff99257e1ae8966a], 
PUP.Optional.DownloadProtect, C:\Program Files (x86)\{73074610-4705-4D26-8D7C-0AD8F55DD8F3}\config.json, In Quarantäne, [7955970c573476c0b5003573fc08f010], 
PUP.Optional.DownloadProtect, C:\Program Files (x86)\{73074610-4705-4D26-8D7C-0AD8F55DD8F3}\def.bin, In Quarantäne, [7955970c573476c0b5003573fc08f010], 
PUP.Optional.DownloadProtect, C:\Program Files\{58B851E6-CEAA-4F5B-BA9F-70209A69D641}\config.json, In Quarantäne, [c509d0d3098278bef1c4b1f7808405fb], 
PUP.Optional.DownloadProtect, C:\Program Files\{58B851E6-CEAA-4F5B-BA9F-70209A69D641}\def.bin, In Quarantäne, [c509d0d3098278bef1c4b1f7808405fb], 

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
         

# AdwCleaner v5.024 - Bericht erstellt am 11/12/2015 um 11:10:45
# Aktualisiert am 07/12/2015 von Xplode
# Datenbank : 2015-12-07.3 [Server]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : Anni Blask - ANNI
# Gestartet von : C:\Users\Anni Blask\Downloads\AdwCleaner_5.024.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum

***** [ Dienste ] *****


***** [ Ordner ] *****

[-] Ordner Gelöscht : C:\Windows\Installer\{AC4A2B91-3FAB-48BE-868F-8476850C0D37}

***** [ Dateien ] *****


***** [ DLLs ] *****


***** [ Verknüpfungen ] *****


***** [ Aufgabenplanung ] *****


***** [ Registrierungsdatenbank ] *****

[-] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}]
[-] Schlüssel Gelöscht : HKCU\Software\OCS
[-] Schlüssel Gelöscht : HKCU\Software\SpeedMon

***** [ Internetbrowser ] *****


*************************

:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1040 Bytes] ##########
         

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 8.1 x64 
Ran by Anni Blask (Administrator) on 11.12.2015 at 11:15:25,97
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0 




Registry: 0 





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.12.2015 at 11:18:19,33
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

Shortcut Cleaner 1.3.9 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
 hxxp://www.bleepingcomputer.com/download/shortcut-cleaner/

Windows Version: Windows 8.1 
Program started at: 12/11/2015 11:19:40 AM.

Scanning for registry hijacks:

 * No issues found in the Registry.

Searching for Hijacked Shortcuts:

Searching C:\Users\Anni Blask\AppData\Roaming\Microsoft\Windows\Start Menu\

Searching C:\ProgramData\Microsoft\Windows\Start Menu\

Searching C:\Users\Anni Blask\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

Searching C:\Users\Public\Desktop\

Searching C:\Users\Anni Blask\Desktop\

Searching C:\Users\Public\Desktop\


0 bad shortcuts found.

Program finished at: 12/11/2015 11:19:41 AM
Execution time: 0 hours(s), 0 minute(s), and 0 seconds(s)