Code:
Alles auswählen Aufklappen ATTFilter
Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org
Database version:
main: v2018.02.14.13
rootkit: v2018.01.23.01
Windows 10 x64 NTFS
Internet Explorer 11.248.16299.0
Daniel :: DESKTOP-LR567U6 [administrator]
14.02.2018 16:31:03
mbar-log-2018-02-14 (16-31-03).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 200984
Time elapsed: 19 minute(s), 53 second(s)
Memory Processes Detected: 8
C:\Users\Daniel\AppData\Roaming\Mp3tagApp3\Mp3tagApp.exe (Adware.HPDefender) -> 7108 -> Delete on reboot. [b47107dec4f31620a47bc23cd42e6d93]
C:\Users\Daniel\AppData\Local\yc\Application\yc.exe (Trojan.AdLoad) -> 5912 -> Delete on reboot. [e4413aabc5f2191d8b22ccddef1304fc]
C:\Users\Daniel\AppData\Local\yc\Application\yc.exe (Trojan.AdLoad) -> 5888 -> Delete on reboot. [e4413aabc5f2191d8b22ccddef1304fc]
C:\Users\Daniel\AppData\Local\yc\Application\yc.exe (Trojan.AdLoad) -> 2288 -> Delete on reboot. [e4413aabc5f2191d8b22ccddef1304fc]
C:\Users\Daniel\AppData\Local\yc\Application\yc.exe (Trojan.AdLoad) -> 2468 -> Delete on reboot. [e4413aabc5f2191d8b22ccddef1304fc]
C:\Users\Daniel\AppData\Local\yc\Application\yc.exe (Trojan.AdLoad) -> 7260 -> Delete on reboot. [e4413aabc5f2191d8b22ccddef1304fc]
C:\Users\Daniel\AppData\Local\yc\Application\yc.exe (Trojan.AdLoad) -> 7448 -> Delete on reboot. [e4413aabc5f2191d8b22ccddef1304fc]
C:\Users\Daniel\AppData\Local\unityp\unityp.exe (Adware.Agent) -> 3116 -> Delete on reboot. [bd68e203b2053105c301174b7988eb15]
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 8
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SvcHost Service Host (Adware.LoadMoney) -> Delete on reboot. [93928e579225e4524408d4bb13eeea16]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SVCHOST.EXE (Adware.LoadMoney) -> Delete on reboot. [93928e579225e4524408d4bb13eeea16]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SVCHOST.EXE (Adware.LoadMoney) -> Delete on reboot. [93928e579225e4524408d4bb13eeea16]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Ea3Host (Trojan.Agent) -> Delete on reboot. [131213d2ded992a4b0d5432501002ed2]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{010A24D8-C6ED-4D3D-B174-C2720C3A5CFE} (Trojan.Agent.Generic) -> Delete on reboot. [210414d16c4bf640975fe0c6bc44a45c]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\unityp (Trojan.Agent.Generic) -> Delete on reboot. [5acb786dd4e388aebf88713513edbd43]
HKU\S-1-5-21-4169292032-197635965-3894034136-1001\SOFTWARE\Mp3tagApp (Adware.HPDefender) -> Delete on reboot. [50d573720fa8cc6a79edd145fc05956b]
HKU\S-1-5-21-4169292032-197635965-3894034136-1001\SOFTWARE\MICROSOFT\KometaInstaller (Adware.RuKometa) -> Delete on reboot. [3ee7be27813606303d7f96ae53aeee12]
Registry Values Detected: 6
HKU\S-1-5-21-4169292032-197635965-3894034136-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Mp3tagApp (Adware.HPDefender) -> Data: "C:\Users\Daniel\AppData\Roaming\Mp3tagApp3\Mp3tagApp.exe" -> Delete on reboot. [b47107dec4f31620a47bc23cd42e6d93]
HKU\S-1-5-21-4169292032-197635965-3894034136-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ycAutoLaunch_9ADC1FFD4B13821DF4C4AF6E1BC4130C (Trojan.AdLoad) -> Data: "C:\Users\Daniel\AppData\Local\yc\Application\yc.exe" /prefetch:5 -> Delete on reboot. [e4413aabc5f2191d8b22ccddef1304fc]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{010A24D8-C6ED-4D3D-B174-C2720C3A5CFE}|Path (Trojan.Agent.Generic) -> Data: \unityp -> Delete on reboot. [210414d16c4bf640975fe0c6bc44a45c]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SVCHOST SERVICE HOST|ImagePath (Trojan.FakeMS) -> Data: "C:\Windows\Microsoft\svchost.exe" -k LocalService -> Delete on reboot. [4adbcc19c4f35bdb56600b47ef11c040]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{5d193bf9-cca9-42b7-91a6-346642242231}|NameServer (Trojan.DNSChanger.ACMB2) -> Data: 82.163.143.19,82.163.142.19 -> Delete on reboot. [d4518d588c2bbe78b59a81fc4cb67090]
HKU\S-1-5-21-4169292032-197635965-3894034136-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|kyxbjsmntf (Adware.StartPage.Generic) -> Data: explorer "hxxp://granena.ru/?utm_source=uoua03n&utm_content=e739009bccd5f1e6d71a91bff5994529&utm_term=B33E4A2F4F7583F407A392B04D272DEF&utm_d=20180213" -> Delete on reboot. [9a8bd2135a5d3204338e31ae8c74d62a]
Registry Data Items Detected: 2
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{4aff446d-0f62-4339-8fad-d1f65ce667d5}|NameServer (Trojan.DNSChanger) -> Bad: (35.177.46.238,46.101.28.31,82.202.226.203) Good: () -> Replace on reboot. [52d3994c3681b97d26b1848e6d932dd3]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{b9457a8b-1009-45f4-b0c0-7767fe936e5a}|NameServer (Trojan.DNSChanger) -> Bad: (35.177.46.238,46.101.28.31,82.202.226.203) Good: () -> Replace on reboot. [f332ebfafeb961d59c3b20f2a35dcd33]
Folders Detected: 0
(No malicious items detected)
Files Detected: 19
C:\Users\Daniel\AppData\Roaming\Mp3tagApp3\Mp3tagApp.exe (Adware.HPDefender) -> Delete on reboot. [b47107dec4f31620a47bc23cd42e6d93]
C:\Users\Daniel\AppData\Local\yc\Application\yc.exe (Trojan.AdLoad) -> Delete on reboot. [e4413aabc5f2191d8b22ccddef1304fc]
C:\Users\Daniel\AppData\Local\unityp\unityp.exe (Adware.Agent) -> Delete on reboot. [bd68e203b2053105c301174b7988eb15]
C:\Windows\Microsoft\svchost.exe (Adware.LoadMoney) -> Delete on reboot. [93928e579225e4524408d4bb13eeea16]
C:\Program Files (x86)\Grand Theft Auto V\steam_api64.dll (RiskWare.GameHack) -> Delete on reboot. [27fef7ee5f5851e58f4457b02ad623dd]
C:\Users\Daniel\AppData\Local\Temp\1r89Z7hxt8Gj.exe (Adware.LoadMoney) -> Delete on reboot. [e540796c0cabda5cb131e01e2bd7a060]
C:\Users\Daniel\AppData\Local\Temp\3947.tmp.exe (Adware.LoadMoney) -> Delete on reboot. [63c2eef7e3d470c6f7f274894eb408f8]
C:\Users\Daniel\AppData\Local\Temp\3KO2bhi9qsvu.exe (Adware.DNSUnlocker.Generic) -> Delete on reboot. [1d08b035b700b2847622d5d111f0b14f]
C:\Users\Daniel\AppData\Local\Temp\6res2Jtr0MJu.exe (Adware.LoadMoney) -> Delete on reboot. [80a5a045edcaac8aebf7d9255da5ca36]
C:\Users\Daniel\AppData\Local\Temp\aLV7gplkYdpn.exe (Adware.LoadMoney) -> Delete on reboot. [7aab40a55b5c12245b87639b8e7456aa]
C:\Users\Daniel\AppData\Local\Temp\R05hO1fARySd.exe (Adware.LoadMoney) -> Delete on reboot. [2afb667fa90e59ddc220bf3f4fb3d927]
C:\Users\Daniel\AppData\Local\Temp\rPM2o1Q6zhiI.exe (Adware.LoadMoney) -> Delete on reboot. [70b574715d5ab77fb72b3bc38d75b848]
C:\Users\Daniel\AppData\Local\Temp\iS8V03vyIs07.exe (Adware.DNSUnlocker.Generic) -> Delete on reboot. [8a9be6ff4c6ba4925147b1f5fa070cf4]
C:\Users\Daniel\Downloads\steam_key_54c-d7d___.exe (Adware.LoadMoney) -> Delete on reboot. [85a041a4aa0d58dec1216896e81a6c94]
C:\Users\Daniel\Desktop\gta2\www.GameModding.net\Uninstall 14862-hd-water-v4-final-gtasa.exe (RiskWare.GameHack) -> Delete on reboot. [ef36b62f0daa5ed8ebcf8f0825dc43bd]
C:\Windows\System32\Tasks\unityp (Trojan.Agent.Generic) -> Delete on reboot. [9095f5f04f6806308b672c79ab55669a]
C:\Windows\System32\Ea3Host.exe (Trojan.Agent) -> Delete on reboot. [131213d2ded992a4b0d5432501002ed2]
C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\m921f7rm.default\prefs.js (Adware.MailRu.BatBitRst) -> Bad: (user_pref("browser.startup.homepage", "https://inline.go.mail.ru/homepage?inline_comp=hp&inline_hp_cnt=11956636");) Good: (user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/) -> Replace on reboot. [ff26578e9c1b989eb42d7e7823df36ca]
C:\Users\Daniel\Desktop\Искать в Интернете.url (Adware.MailRu.BatBitRst) -> Delete on reboot. [ef36cd18387fa78f3c79ebb5b74ae51b]
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
Alles auswählen Aufklappen ATTFilter
Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org
Database version:
main: v2018.02.14.13
rootkit: v2018.01.23.01
Windows 10 x64 NTFS
Internet Explorer 11.248.16299.0
Daniel :: DESKTOP-LR567U6 [administrator]
14.02.2018 17:02:25
mbar-log-2018-02-14 (17-02-25).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 200109
Time elapsed: 19 minute(s), 40 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\m921f7rm.default\prefs.js (Adware.MailRu.BatBitRst) -> Bad: (user_pref("browser.startup.homepage", "https://inline.go.mail.ru/homepage?inline_comp=hp&inline_hp_cnt=11956636");) Good: (user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/) -> Replace on reboot. [170e8164e6d177bff8e9748216ec57a9]
Physical Sectors Detected: 0
(No malicious items detected)
(end)
15.02.2018, 21:44
Hybrid-Darstellung
