erleman2 | 05.02.2016 13:54 | Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlaufdatum: 05.02.2016
Suchlaufzeit: 09:31
Protokolldatei: mbam.txt
Administrator: Ja
Version: 2.2.0.1024
Malware-Datenbank: v2016.02.05.01
Rootkit-Datenbank: v2016.01.20.01
Lizenz: Testversion
Malware-Schutz: Aktiviert
Schutz vor bösartigen Websites: Aktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Admin
Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 383239
Abgelaufene Zeit: 11 Min., 11 Sek.
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(keine bösartigen Elemente erkannt)
Module: 0
(keine bösartigen Elemente erkannt)
Registrierungsschlüssel: 35
PUP.Optional.MySearchDial, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, In Quarantäne, [b263c19cff9a7bbbadd4514159a955ab],
PUP.Optional.FunFeedr, HKLM\SOFTWARE\CLASSES\SamsPluginFunFeedr.BHO.1, In Quarantäne, [cf46104d4653a393b6ce078f16ece818],
PUP.Optional.FunFeedr, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SamsPluginFunFeedr.BHO.1, In Quarantäne, [51c4a4b96e2b4aec8301a7ef79897b85],
PUP.Optional.FunFeedr, HKLM\SOFTWARE\CLASSES\WOW6432NODE\SamsPluginFunFeedr.BHO.1, In Quarantäne, [51c4a4b96e2b4aec8301a7ef79897b85],
PUP.Optional.MySearchDial, HKLM\SOFTWARE\CLASSES\mysearchdial.mysearchdialdskBnd, In Quarantäne, [b560e57876234fe76c143c5642c048b8],
PUP.Optional.MySearchDial, HKLM\SOFTWARE\CLASSES\mysearchdial.mysearchdialdskBnd.1, In Quarantäne, [d93c0a538d0cc4723d43a9e931d18b75],
PUP.Optional.MySearchDial, HKLM\SOFTWARE\WOW6432NODE\CLASSES\mysearchdial.mysearchdialdskBnd, In Quarantäne, [d93c0a538d0cc4723d43a9e931d18b75],
PUP.Optional.MySearchDial, HKLM\SOFTWARE\WOW6432NODE\CLASSES\mysearchdial.mysearchdialdskBnd.1, In Quarantäne, [d93c0a538d0cc4723d43a9e931d18b75],
PUP.Optional.MySearchDial, HKLM\SOFTWARE\CLASSES\WOW6432NODE\mysearchdial.mysearchdialdskBnd, In Quarantäne, [d93c0a538d0cc4723d43a9e931d18b75],
PUP.Optional.MySearchDial, HKLM\SOFTWARE\CLASSES\WOW6432NODE\mysearchdial.mysearchdialdskBnd.1, In Quarantäne, [d93c0a538d0cc4723d43a9e931d18b75],
PUP.Optional.DownloadProtect, HKLM\SOFTWARE\CLASSES\DPBHO.DownloadProtect, In Quarantäne, [ce4764f9b5e456e0d3e6c1cda95906fa],
PUP.Optional.DownloadProtect, HKLM\SOFTWARE\CLASSES\DPBHO.DownloadProtect.1, In Quarantäne, [f81d06574158d660a712701ebd45eb15],
PUP.Optional.DownloadProtect, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DPBHO.DownloadProtect, In Quarantäne, [f81d06574158d660a712701ebd45eb15],
PUP.Optional.DownloadProtect, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DPBHO.DownloadProtect.1, In Quarantäne, [f81d06574158d660a712701ebd45eb15],
PUP.Optional.DownloadProtect, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DPBHO.DownloadProtect, In Quarantäne, [f81d06574158d660a712701ebd45eb15],
PUP.Optional.DownloadProtect, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DPBHO.DownloadProtect.1, In Quarantäne, [f81d06574158d660a712701ebd45eb15],
PUP.Optional.MySearchDial, HKLM\SOFTWARE\CLASSES\esrv.mysearchdialESrvc, In Quarantäne, [2ce9ef6edebbae8899ea454d23df20e0],
PUP.Optional.MySearchDial, HKLM\SOFTWARE\CLASSES\esrv.mysearchdialESrvc.1, In Quarantäne, [0a0b0a53287170c67a09b9d96f93b848],
PUP.Optional.MySearchDial, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.mysearchdialESrvc, In Quarantäne, [0a0b0a53287170c67a09b9d96f93b848],
PUP.Optional.MySearchDial, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.mysearchdialESrvc.1, In Quarantäne, [0a0b0a53287170c67a09b9d96f93b848],
PUP.Optional.MySearchDial, HKLM\SOFTWARE\CLASSES\WOW6432NODE\esrv.mysearchdialESrvc, In Quarantäne, [0a0b0a53287170c67a09b9d96f93b848],
PUP.Optional.MySearchDial, HKLM\SOFTWARE\CLASSES\WOW6432NODE\esrv.mysearchdialESrvc.1, In Quarantäne, [0a0b0a53287170c67a09b9d96f93b848],
PUP.Optional.MySearchDial, HKLM\SOFTWARE\CLASSES\mysearchdial.mysearchdialHlpr, In Quarantäne, [71a4a0bde4b5a78f23618c0645bdf10f],
PUP.Optional.MySearchDial, HKLM\SOFTWARE\CLASSES\mysearchdial.mysearchdialHlpr.1, In Quarantäne, [3bda1d40b8e1ff37661ec1d139c934cc],
PUP.Optional.MySearchDial, HKLM\SOFTWARE\WOW6432NODE\CLASSES\mysearchdial.mysearchdialHlpr, In Quarantäne, [3bda1d40b8e1ff37661ec1d139c934cc],
PUP.Optional.MySearchDial, HKLM\SOFTWARE\WOW6432NODE\CLASSES\mysearchdial.mysearchdialHlpr.1, In Quarantäne, [3bda1d40b8e1ff37661ec1d139c934cc],
PUP.Optional.MySearchDial, HKLM\SOFTWARE\CLASSES\WOW6432NODE\mysearchdial.mysearchdialHlpr, In Quarantäne, [3bda1d40b8e1ff37661ec1d139c934cc],
PUP.Optional.MySearchDial, HKLM\SOFTWARE\CLASSES\WOW6432NODE\mysearchdial.mysearchdialHlpr.1, In Quarantäne, [3bda1d40b8e1ff37661ec1d139c934cc],
PUP.Optional.FunFeedr, HKLM\SOFTWARE\CLASSES\SamsFunFeedr.Browser, In Quarantäne, [b263e37a801937ff099cba52a85c4db3],
PUP.Optional.FunFeedr, HKLM\SOFTWARE\CLASSES\SamsFunFeedr.Browser.1, In Quarantäne, [fd18194432675cda941129e3fe06e11f],
PUP.Optional.FunFeedr, HKLM\SOFTWARE\CLASSES\SamsPluginFunFeedr.BHO, In Quarantäne, [e134ef6e6435f93d8f17e7257d877090],
PUP.Optional.FunFeedr, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SamsFunFeedr.Browser, In Quarantäne, [39dc05580b8e6dc99c09db3111f3aa56],
PUP.Optional.FunFeedr, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SamsFunFeedr.Browser.1, In Quarantäne, [b263e479b0e994a2d2d37b912adab947],
PUP.Optional.FunFeedr, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SamsPluginFunFeedr.BHO, In Quarantäne, [04115c01e0b9d95da501eb21a55f926e],
PUP.Optional.Linkury, HKU\S-1-5-21-3879950140-988328597-1482151255-1001\SOFTWARE\SMARTBAR, In Quarantäne, [f4212f2e0693c86e87428d530bf842be],
Registrierungswerte: 1
PUP.Optional.Linkury, HKU\S-1-5-21-3879950140-988328597-1482151255-1001\SOFTWARE\SMARTBAR|publisher, YahooOC, In Quarantäne, [f4212f2e0693c86e87428d530bf842be]
Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)
Ordner: 1
Rogue.Multiple, C:\ProgramData\374311380, In Quarantäne, [cb4ae6771f7a8babe83e762acf33f010],
Dateien: 3
PUP.Optional.MultiPlug, C:\ProgramData\374311380\BITC369.tmp, In Quarantäne, [a075d18ca6f3e5517d732b8be819a35d],
Rogue.Link, C:\Users\Admin\Favorites\Online Security Test.url, In Quarantäne, [0510d18ce5b473c347c641e5a55e39c7],
Rogue.Multiple, C:\ProgramData\374311380\BITC369.tmp, In Quarantäne, [cb4ae6771f7a8babe83e762acf33f010],
Physische Sektoren: 0
(keine bösartigen Elemente erkannt)
(end) Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=c788c977e8d95243ae9023d102b7fd5e
# end=init
# utc_time=2016-02-05 08:57:55
# local_time=2016-02-05 09:57:55 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=37126
Update Finalize
Updated modules version: 0
Old modules - leave modules
Update Init
Update Download
Update Init
Update Download
Update Finalize
Updated modules version: 27985
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=c788c977e8d95243ae9023d102b7fd5e
# end=updated
# utc_time=2016-02-05 09:11:49
# local_time=2016-02-05 10:11:49 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=c788c977e8d95243ae9023d102b7fd5e
# engine=27985
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-02-05 12:02:34
# local_time=2016-02-05 01:02:34 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 15279260 75388350 0 0
# compatibility_mode_1='Sophos Anti-Virus'
# compatibility_mode=8450 16777213 100 99 11457 95148482 0 0
# scanned=737792
# found=19
# cleaned=0
# scan_time=10244
sh=8F18725F30CEEE19ECF630C1F875F93027BA22AA ft=0 fh=0000000000000000 vn="OSX/ChatZum.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ChatZum Toolbar\Chrome_softonic.zip.vir"
sh=31D0B125962639ACC9DF9F39782A3207099DD924 ft=1 fh=ca95fc211bc2fbc3 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.29.0\mysearchdialApp.dll.vir"
sh=6857BD88EA938B705EFC3FD46D5C91D2C1B3EDE9 ft=1 fh=a2f65d85debd6839 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.29.0\mysearchdialEng.dll.vir"
sh=7ABB587B2A0D80E1EC4B2F1E8BB0E2C194FBB4A0 ft=1 fh=9074270edfd38722 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.29.0\mysearchdialsrv.exe.vir"
sh=3407FB00757C71D9CB28AEC2EC7855FF5D3A6609 ft=1 fh=67364266c19decdd vn="Variante von Win32/Toolbar.Montiera.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.29.0\mysearchdialTlbr.dll.vir"
sh=89DC63472DE94DF3F12DBAE15B7EBE6C04263369 ft=1 fh=7fb9e45e0079471d vn="Variante von Win32/Toolbar.Escort.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.29.0\bh\mysearchdial.dll.vir"
sh=BCEFBD04756715EBDBEFA3B7BE1D65630FD73762 ft=1 fh=d5a95eca340fe7c0 vn="Win32/Adware.Snoozer.T Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\ext_funfeedr\ext_funfeedr.dll.vir"
sh=59C1E9B83B4EB4B420B2D418856315F8D8A8652A ft=1 fh=650aa88efcc46763 vn="Variante von Win32/Adware.Snoozer.T Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\Genius\Genius.exe.vir"
sh=728F299C01F8834969B0FD4CED0894063173C05C ft=1 fh=35afce938006f9ba vn="Variante von Win32/Adware.Snoozer.T Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\Intermediate\Intermediate.exe.vir"
sh=9CB7A0E15F13B4B5CC021154640D256B99457A4D ft=1 fh=7dd4f986f00f6a08 vn="Variante von Win32/Adware.Snoozer.T Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\Intermediate\userid.dll.vir"
sh=873D8887C0EB8FCAA2B99B7CF6F25542D9429FCA ft=1 fh=6072c673fca6e9c4 vn="Variante von Win32/AdWare.SpeedingUpMyPC.N Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\OpenCandy\0FFB1619228C4FD78EEC156AAEF62C9B\OptimizerPro.exe.vir"
sh=22EA12E23878248FEBC79C3B7FD1FA8B91F03725 ft=1 fh=fe2b149769bf0004 vn="Variante von Win32/Toolbar.Babylon.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\OpenCandy\7F8CADC499B7447E8BD77AAA7BE925F0\SearchGolTB.exe.vir"
sh=2B9306B52BB9FDDE632ABBEDC2F539A3A25BBE71 ft=1 fh=0762efd511f24141 vn="Variante von Win32/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\OpenCandy\F23E1178720C4F34856C1A37A2005A4B\Installer.exe.vir"
sh=B3DB562A3D7CFEC90CD365793C39BBE643EF7A38 ft=1 fh=483b24c9ac37b3a8 vn="Variante von Win32/UniBlue.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\RHEng\A6964DAAD2EC422097EBF00EE240C485\pcmechanicpmDE_p1v1.exe.vir"
sh=9434866971DD357600C9F2B1E31B7893C3A070F0 ft=1 fh=4f14aeb246e47811 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Admin\Desktop\Textprogramme\PDFCreator-1_7_1_setup.exe"
sh=BED2EC1E73BADF22D995B270429E18DFEEE35BC1 ft=1 fh=0428f3eb9fc0f9d1 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Admin\Desktop\Videoprogramme\ashampoo_movie_shrink_and_burn_3_3.03_sm.exe"
sh=AB879ADEF143C98A2B9A0EE8E3E82B1B883146A2 ft=0 fh=0000000000000000 vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Admin\Downloads\wz175-64gev.msi"
sh=A710A1E7CAC48A0C2B716BF13002CAAC0DC4E886 ft=0 fh=0000000000000000 vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Admin\Downloads\wz180de-upg-std-64.msi"
sh=99494F1A58D941E623698D5ED4E3D3CB73D6FD88 ft=1 fh=f97cef5fd46b6798 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\WINDOWS\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll" Bemerkung: Ich musste auch "Proxy-Server" anklicken, da das Programm sonst nicht weitergemacht hätte. Der Scan dauerte mehrere Stunden. Code:
Results of screen317's Security Check version 1.009
x64 (UAC is enabled)
Internet Explorer 11 ``````````````Antivirus/Firewall Check:``````````````
Windows Defender
Sophos Anti-Virus
WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 71
Java version 32-bit out of Date! ````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Sophos Sophos Anti-Virus SavService.exe
Sophos Sophos Anti-Virus SAVAdminService.exe
Sophos Sophos Anti-Virus Web Control swc_service.exe
Sophos Sophos Anti-Virus Web Intelligence swi_filter.exe
Sophos Sophos Anti-Virus Web Intelligence swi_service.exe
Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check`````````````````
Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` |