Code
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 02.04.2014
Suchlauf-Zeit: 14:04:47
Logdatei: Malware- logfile.txt
Administrator: Ja
Version: 2.00.0.1000
Malware Datenbank: v2014.04.02.03
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: trf37bg
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 269668
Verstrichene Zeit: 28 Min, 32 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Shuriken: Aktiviert
PUP: Warnen
PUM: Aktiviert
Prozesse: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registrierungsschlüssel: 17
PUP.Optional.QuickShare.A, HKLM\SOFTWARE\CLASSES\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, , [a0ebb2735724fe38738b102e639fbd43],
PUP.Optional.QuickShare.A, HKLM\SOFTWARE\CLASSES\IESmartBar.BHO, , [a0ebb2735724fe38738b102e639fbd43],
PUP.Optional.QuickShare.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, , [a0ebb2735724fe38738b102e639fbd43],
PUP.Optional.QuickShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\IESmartBar.BHO, , [a0ebb2735724fe38738b102e639fbd43],
PUP.Optional.QuickShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, , [a0ebb2735724fe38738b102e639fbd43],
PUP.Optional.Datamngr.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{f34c9277-6577-4dff-b2d7-7d58092f272f}, , [d3b8968fea914aec3e5267ab45bd1ae6],
PUP.Optional.FaceMoods.A, HKLM\SOFTWARE\CLASSES\facemoods.facemoodsHlpr, , [9af134f1aad1340291da035948ba1fe1],
PUP.Optional.FaceMoods.A, HKLM\SOFTWARE\CLASSES\facemoods.facemoodsHlpr.1, , [2d5e9e8759220432a6c52636e121827e],
PUP.Optional.FaceMoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\facemoods.facemoodsHlpr, , [c6c5e73ebcbf4ee8c7a46bf1729003fd],
PUP.Optional.FaceMoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\facemoods.facemoodsHlpr.1, , [5635be67304bcb6be2892a32ea187a86],
PUP.Optional.FaceMoods.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\ihflimipbcaljfnojhhknppphnnciiif, , [cebdf035df9c85b1b4b86eee7b87af51],
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM, , [e9a26db86a11a2948a49c7bab84bf10f],
PUP.Optional.BundleInstaller.A, HKLM\SOFTWARE\WOW6432NODE\VITTALIA\AxtanInstaller, , [c4c7d64f2d4e67cf2108a1c7e121847c],
PUP.Optional.PriceGong.A, HKU\S-1-5-21-3567274454-316981910-2159157710-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, , [d3b8b66f146761d583622c386e944fb1],
PUP.Optional.AlexaTB.A, HKU\S-1-5-21-3567274454-316981910-2159157710-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DISTROMATIC\Toolbars, , [32594dd884f766d0c6bb61266b98e020],
PUP.Optional.SnapDo.A, HKU\S-1-5-21-3567274454-316981910-2159157710-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR, , [8a01c164532869cdc3ca6802cf339e62],
PUP.Optional.SweetIM.A, HKU\S-1-5-21-3567274454-316981910-2159157710-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM, , [4744fd288deef93d61716c15f80b669a],
Registrierungswerte: 3
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM|simapp_id, {F63866FC-FA87-11E0-B0E6-FA0FA89A030A}, , [e9a26db86a11a2948a49c7bab84bf10f]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-3567274454-316981910-2159157710-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR|publisher, SnapdoSoftonicYB, , [8a01c164532869cdc3ca6802cf339e62]
PUP.Optional.SweetIM.A, HKU\S-1-5-21-3567274454-316981910-2159157710-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM|simapp_id, {F63866FC-FA87-11E0-B0E6-FA0FA89A030A}, , [4744fd288deef93d61716c15f80b669a]
Registrierungsdaten: 8
Refog.Keylogger, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Userinit, c:\windows\system32\userinit.exe,C:\Windows\SysWOW64\MPK\mpk.exe, Gut: (Userinit.exe), Schlecht: (c:\windows\system32\userinit.exe,C:\Windows\SysWOW64\MPK\mpk.exe),,[ec9fa97cdf9cb97db56eb35bb1537e82]
PUP.Optional.FaceMoods.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, http://start.facemoods.com/?a=ppcb&s={searchTerms}&f=4, Gut: (www.google.com), Schlecht: (http://start.facemoods.com/?a=ppcb&s={searchTerms}&f=4),,[701b05204a31f93d97edd33e986c8b75]
PUP.Optional.SnapDo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fRrvugmxlJOT40l3ePPj8-059HVvGjtksvRS5aNdwvQREAWYh-OuKtUlKekcKQh1MNxgn25iUUskbqh1fl8HjPB7atE9L5JQGpVclfAPa-C-PSxB8rJ3i8k68bzjoupw_3HV0N0jzRl3xrFhHxNnfaXl3bCnFDIQY6rNIF0y6gWlo0b_tigy7sxWQrqF8xU,&q={searchTerms}, Gut: (www.google.com), Schlecht: (http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fRrvugmxlJOT40l3ePPj8-059HVvGjtksvRS5aNdwvQREAWYh-OuKtUlKekcKQh1MNxgn25iUUskbqh1fl8HjPB7atE9L5JQGpVclfAPa-C-PSxB8rJ3i8k68bzjoupw_3HV0N0jzRl3xrFhHxNnfaXl3bCnFDIQY6rNIF0y6gWlo0b_tigy7sxWQrqF8xU,&q={searchTerms}),,[95f6f134b0cb70c6387bd13515efe51b]
PUP.Optional.Snapdo, HKU\S-1-5-21-3567274454-316981910-2159157710-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fRrvugmxlJOT40l3ePPj8-059HVvGjtksvRS5aNdwvQREAWYh-OuKtUlKekcKQh1MNxgn25iUUskbqh1fl8HjPB7atE9L5JQGpVclfAPa-C-PSxB8rJ3i8k68bzjoupw_3HV0N0jzRl3xrFhHxNnfaXl3bCnFDIQY6rNIF0y6gWlo0b_tigy7sxWQrqF8xI,&q={searchTerms}, Gut: (http://www.google.com), Schlecht: (http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fRrvugmxlJOT40l3ePPj8-059HVvGjtksvRS5aNdwvQREAWYh-OuKtUlKekcKQh1MNxgn25iUUskbqh1fl8HjPB7atE9L5JQGpVclfAPa-C-PSxB8rJ3i8k68bzjoupw_3HV0N0jzRl3xrFhHxNnfaXl3bCnFDIQY6rNIF0y6gWlo0b_tigy7sxWQrqF8xI,&q={searchTerms}),,[a1eaa67f1d5ef442dc40bc54996b33cd]
PUP.Optional.Snapdo, HKU\S-1-5-21-3567274454-316981910-2159157710-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fRrvugmxlJOT40l3ePPj8-059HVvGjtksvRS5aNdwvQREAWYh-OuKtUlKekcKQh1MNxgn25iUUskbqh1fl8HjPB7atE9L5JQGpVclfAPa-C-PSxB8rJ3i8k68bzjoupw_3HV0N0jzRl3xrFhHxNnfaXl3bCnFDIQY6rNIF0y6gWlo0b_tigy7sxWQrqF8xI,&q={searchTerms}, Gut: (http://www.google.com), Schlecht: (http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fRrvugmxlJOT40l3ePPj8-059HVvGjtksvRS5aNdwvQREAWYh-OuKtUlKekcKQh1MNxgn25iUUskbqh1fl8HjPB7atE9L5JQGpVclfAPa-C-PSxB8rJ3i8k68bzjoupw_3HV0N0jzRl3xrFhHxNnfaXl3bCnFDIQY6rNIF0y6gWlo0b_tigy7sxWQrqF8xI,&q={searchTerms}),,[3655b3723d3e66d028f3dc34c044be42]
PUP.Optional.Snapdo, HKU\S-1-5-21-3567274454-316981910-2159157710-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fRrvugmxlJOT40l3ePPj8-059HVvGjtksvRS5aNdwvQREAWYh-OuKtUlKekcKQh1MNxgn25iUUskbqh1fl8HjPB7atE9L5JQGpVclfAPa-C-PSxB8rJ3i8k68bzjoupw_3HV0N0jzRl3xrFhHxNnfaXl3bCnFDIQY6rNIF0y6gWlo0b_tigy7sxWQrqF8xI,&q={searchTerms}, Gut: (http://www.google.com), Schlecht: (http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fRrvugmxlJOT40l3ePPj8-059HVvGjtksvRS5aNdwvQREAWYh-OuKtUlKekcKQh1MNxgn25iUUskbqh1fl8HjPB7atE9L5JQGpVclfAPa-C-PSxB8rJ3i8k68bzjoupw_3HV0N0jzRl3xrFhHxNnfaXl3bCnFDIQY6rNIF0y6gWlo0b_tigy7sxWQrqF8xI,&q={searchTerms}),,[e8a3a2834f2ca69069b68e82ab593cc4]
PUP.Optional.Snapdo, HKU\S-1-5-21-3567274454-316981910-2159157710-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fRrvugmxlJOT40l3ePPj8-059HVvGjtksvRS5aNdwvQREAWYh-OuKtUlKekcKQh1MNxgn25iUUskbqh1fl8HjPB7atE9L5JQGpVclfAPa-C-PSxB8rJ3i8k68bzjoupw_3HV0N0jzRl3xrFhHxNnfaXl3bCnFDIQY6rNIF0y6gWlo0b_tigy7sxWQrqF8xI,&q={searchTerms}, Gut: (http://www.google.com), Schlecht: (http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fRrvugmxlJOT40l3ePPj8-059HVvGjtksvRS5aNdwvQREAWYh-OuKtUlKekcKQh1MNxgn25iUUskbqh1fl8HjPB7atE9L5JQGpVclfAPa-C-PSxB8rJ3i8k68bzjoupw_3HV0N0jzRl3xrFhHxNnfaXl3bCnFDIQY6rNIF0y6gWlo0b_tigy7sxWQrqF8xI,&q={searchTerms}),,[90fb5dc8f08bb680819d27e9ce36dc24]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-3567274454-316981910-2159157710-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fRrvugmxlJOT40l3ePPj8-059HVvGjtksvRS5aNdwvQREAWYh-OuKtUlKekcKQh1MNxgn25iUUskbqh1fl8HjPB7atE9L5JQGpVclfAPa-C-PSxB8rJ3i8k68bzjoupw_3HV0N0jzRl3xrFhHxNnfaXl3bCnFDIQY6rNIF0y6gWlo0b_tigy7sxWQrqF8xI,&q={searchTerms}, Gut: (www.google.com), Schlecht: (http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fRrvugmxlJOT40l3ePPj8-059HVvGjtksvRS5aNdwvQREAWYh-OuKtUlKekcKQh1MNxgn25iUUskbqh1fl8HjPB7atE9L5JQGpVclfAPa-C-PSxB8rJ3i8k68bzjoupw_3HV0N0jzRl3xrFhHxNnfaXl3bCnFDIQY6rNIF0y6gWlo0b_tigy7sxWQrqF8xI,&q={searchTerms}),,[6b20ad786417f0466f45a4626e969769]
Ordner: 5
PUP.Optional.OpenCandy, C:\Users\trf37bg\AppData\Roaming\OpenCandy, , [b4d7c75e74079a9c4ecc440ef50d8b75],
PUP.Optional.OpenCandy, C:\Users\trf37bg\AppData\Roaming\OpenCandy\6E259BE777B34AB78BD34BF1CA293030, , [b4d7c75e74079a9c4ecc440ef50d8b75],
PUP.Optional.OpenCandy, C:\Users\trf37bg\AppData\Roaming\OpenCandy\D5F4098397544EA0B7051B8FC2325DD8, , [b4d7c75e74079a9c4ecc440ef50d8b75],
PUP.Optional.NextLive.A, C:\Users\trf37bg\AppData\Roaming\newnext.me, , [e0ab28fd3249d066bc17c98a3fc314ec],
PUP.Optional.NextLive.A, C:\Users\trf37bg\AppData\Roaming\newnext.me\cache, , [e0ab28fd3249d066bc17c98a3fc314ec],
Dateien: 23
PUP.Optional.NextLive.A, C:\Users\trf37bg\AppData\Roaming\newnext.me\trzB663.tmp, , [d5b64ed785f6e74f85100844b1509c64],
PUP.Optional.Conduit.A, C:\Users\trf37bg\AppData\Roaming\OpenCandy\D5F4098397544EA0B7051B8FC2325DD8\mconduitinstaller.exe, , [f9926db8017a1026ddbfaf6f25db08f8],
PUP.Optional.Softonic.A, C:\Users\trf37bg\Downloads\SoftonicDownloader_fuer_7-zip.exe, , [06856eb70d6e52e425ef8e8a0cf59a66],
PUP.Optional.Softonic.A, C:\Users\trf37bg\Downloads\SoftonicDownloader_fuer_desk-timer.exe, , [3c4ff2331c5f94a263b1b662f110659b],
PUP.Optional.Softonic.A, C:\Users\trf37bg\Downloads\SoftonicDownloader_fuer_desktop-icalendar-lite.exe, , [f19a9f86f2892c0ae13360b81de4fd03],
PUP.OfferBundler.ST, C:\Users\trf37bg\Downloads\SoftonicDownloader_fuer_free-youtube-download.exe, , [513ade4796e5c274aafb5b277c84d828],
PUP.Optional.Bandoo, C:\Users\trf37bg\Downloads\iLividSetup (1).exe, , [2b60aa7b384340f6565f7c856899e31d],
PUP.Optional.Bandoo, C:\Users\trf37bg\Downloads\iLividSetup-r701-n-bc.exe, , [2566d550c2b9e254971eb64b8d7449b7],
PUP.Optional.Bandoo, C:\Users\trf37bg\Downloads\iLividSetup.exe, , [4447e73e0d6e67cff1c4b051738e4fb1],
PUP.Optional.Vittalia, C:\Users\trf37bg\Downloads\installer_sony_dcr-trv740e_usb_driver_Deutsch.exe, , [e0ab5ec7f289b6806612a35e7190629e],
PUP.Optional.OpenCandy, C:\Users\trf37bg\Downloads\FreemakeVideo4121ConverterSetup.exe, , [583347defd7e1d19dcd47095ee138b75],
PUP.Optional.OpenCandy, C:\Users\trf37bg\Downloads\FreemakeVideoConverter_4.1.2.1.exe, , [6f1cf2337dfe2c0a496774919b6642be],
PUP.Optional.Somoto.A, C:\Users\trf37bg\Downloads\SerialNumber_downloader_by_SerialNumber.exe, , [65262bfa463560d611f7cc6ce02054ac],
PUP.Optional.RegCleanerPro, C:\Users\trf37bg\Downloads\rcpsetup_2005.exe, , [1d6e042134479a9cef00a55d6f928e72],
PUP.Optional.RegCleanerPro, C:\Users\trf37bg\Downloads\rcpsetup_dcomnew_util_728_dcomnew_util_728.exe, , [8ffc0c193c3f2c0a6887c33fc0410af6],
PUP.Optional.Vittalia, C:\Users\trf37bg\Dropbox\installer_sony_dcr-trv740e_usb_driver_Deutsch.exe, , [6c1f9f86c0bbd363b9bf7e8304fd2bd5],
PUP.Optional.NextLive.A, C:\Users\trf37bg\AppData\Local\genienext\nengine.dll, , [90fb2afb7efd69cdd8bd1b317e837888],
PUP.Optional.WebSearch.A, C:\Users\trf37bg\AppData\Roaming\Mozilla\Firefox\Profiles\yplx5fir.default\searchplugins\Web Search.xml, , [0289bc69d8a3ba7c5107bea2ab57ad53],
PUP.Optional.PCPerformer.A, C:\Windows\System32\roboot64.exe, , [dbb0c5605625e05675e5046011f15da3],
PUP.Optional.OpenCandy, C:\Users\trf37bg\AppData\Roaming\OpenCandy\6E259BE777B34AB78BD34BF1CA293030\Trial-14.0.1000.89_de-DE_1004726_AT-1.exe, , [b4d7c75e74079a9c4ecc440ef50d8b75],
PUP.Optional.NextLive.A, C:\Users\trf37bg\AppData\Roaming\newnext.me\nengine.cookie, , [e0ab28fd3249d066bc17c98a3fc314ec],
PUP.Optional.NextLive.A, C:\Users\trf37bg\AppData\Roaming\newnext.me\cache\spark.bin, , [e0ab28fd3249d066bc17c98a3fc314ec],
PUP.Optional.SnapDo.A, C:\Users\trf37bg\AppData\Roaming\Mozilla\Firefox\Profiles\yplx5fir.default\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fRrvugmxlJOT40l3ePPj8-059HVvGjtksvRS5aNdwvQREAWYh-OuKtUlKekcKQh1MNxgn25iUUskbqh1fl8HjPB7atE9L5JQGpVclfAPa-C-PSxB8rJ3i8k68bzjoupw_3HV0N0jzRl3xrFhHxNnfaXl3bCnFDIQY6rNIF0y6gWlo0b_tigy7sxWQrqF8xI,&q=");), ,[cebd04216318fd39e2c34ceedb2957a9]
Physische Sektoren: 0
(No malicious items detected)
(end)
Alles anzeigen