Alles erledigt.
Danke für eure spontane Unterstützung und für die hilfreichen Tipps.
Vieles hatte ich vorher schon beachtet, aber eben nicht alles.
Beiträge von Brusele
-
-
Heutte ist die Verdächtige Datei nicht mehr aufgetaucht.
Hab den Scan trotzdem gemacht. Hier die log-datei:Code
Alles anzeigenMalwarebytes Anti-Malware http://www.malwarebytes.org Suchlaufdatum: 08.08.2015 Suchlaufzeit: 21:20 Protokolldatei: MBM_log.txt Administrator: Ja Version: 2.1.8.1057 Malware-Datenbank: v2015.08.08.03 Rootkit-Datenbank: v2015.08.06.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: XXX Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 367946 Abgelaufene Zeit: 5 Min., 38 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 20 PUP.Optional.Delta.ShrtCln, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, , [6df635d122697fb71c0321aac141d62a], PUP.Optional.Delta.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, , [6df635d122697fb71c0321aac141d62a], PUP.Optional.Delta.ShrtCln, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, , [6df635d122697fb71c0321aac141d62a], PUP.Optional.Snapdo.T, HKU\S-1-5-21-1941950472-2983444295-1433630469-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER \SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, , [68fbb254dead49ed3d1c8f3f877bbf41], PUP.Optional.Snapdo.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6- BD8E-A21A348E59F5}, , [68fbb254dead49ed3d1c8f3f877bbf41], PUP.Optional.Babylon.A, HKU\S-1-5-21-1941950472-2983444295-1433630469-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER \SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, , [e67d26e0b5d6f83ef4755c37e51d38c8], PUP.Optional.OfferMosquito, HKU\S-1-5-21-1941950472-2983444295-1433630469-1000\SOFTWARE\MICROSOFT\WINDOWS \CURRENTVERSION\EXT\SETTINGS\{82B16A3D-F03E-4565-A532-666B219C9A53}, , [362d55b1008bd066dd30d3c5996947b9], PUP.Optional.SilentInstall.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{26B5A6D1-1F75- 3B59-5825-E4D4CAE3445D}, , [f56eb84e8704e74f86e2d4144ab615eb], PUP.Optional.BrowserDefender.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE \BrowserDefendert, , [a2c1eb1b9eed73c39b2b18fcb35013ed], PUP.Optional.OpenCandy.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE \OpenCandyHelperRunAsStandardUser, , [e57ee521f09b60d69ab465aebd46f010], PUP.Optional.OpenCandy.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE \OpenCandyHelperRunAsStandardUserFCB35C8B93504784BD44B4330A02137A, , [4e15e81e6625e353b39b2ce7a55e19e7], PUP.Optional.OpenCandy.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE \OpenCandyHelperRunOnce, , [461d18eeaddecb6b6ce2d241b053b44c], PUP.Optional.OpenCandy.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE \OpenCandyHelperRunOnceB0E5A3501A0B4E87AFD04B4D8E06102D, , [72f1b94df794ad893f0f090a10f3f10f], PUP.Optional.DataMangr.A, HKLM\SOFTWARE\WOW6432NODE\DataMngr, , [ca99d3332368c2744b1ec18ae1229868], PUP.Optional.DataMngr.A, HKU\S-1-5-21-1941950472-2983444295-1433630469-1000\SOFTWARE\DataMngr, , [6df648beec9f3402aaf710628c7844bc], PUP.Optional.DataMngr.A, HKU\S-1-5-21-1941950472-2983444295-1433630469-1000\SOFTWARE\DataMngr_Toolbar, , [1a49de28c1ca4ceaf3ad165cfe06a35d], PUP.Optional.SimpleNewTab.A, HKU\S-1-5-21-1941950472-2983444295-1433630469-1000\SOFTWARE\SimpleNewTab, , [2f34c83eeaa144f2c0a87ad49c673fc1], PUP.Optional.Babylon.A, HKU\S-1-5-21-1941950472-2983444295-1433630469-1000\SOFTWARE\BABSOLUTION\Updater, , [a7bcc3436b200036c5da6013b1531be5], PUP.Optional.Conduit.A, HKU\S-1-5-21-1941950472-2983444295-1433630469-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER \SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, , [a4bf957158331a1c05464864010340c0], PUP.Optional.BProtector.A, HKU\S-1-5-21-1941950472-2983444295-1433630469-1000\SOFTWARE\MICROSOFT\WINDOWS \CURRENTVERSION\EXT\bProtectSettings, , [3e259670ddae181e4e91eb8a8d778a76], Registrierungswerte: 7 PUP.Optional.SmartBar, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, , [f56e6d99c5c672c456688bb0cb381fe1] PUP.Optional.SmartBar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68- 0333ea26e113}, Smartbar, , [e47f1ee87b104beb506e8caf0ef557a9] PUP.BProtector, HKU\S-1-5-21-1941950472-2983444295-1433630469-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN| bProtector Start Page, http://www1.delta-search.com/?babsrc=HP_ss&mntrId=360850465D8E2FFF&affID=119820&tsp=4945, , [521185815c2f0036ffa30e64758ffa06] PUP.BProtector, HKU\S-1-5-21-1941950472-2983444295-1433630469-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER \SEARCHSCOPES|bProtectorDefaultScope, {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, , [d68da363f8935adcc6dd49299d6707f9] PUP.Optional.Conduit.A, HKU\S-1-5-21-1941950472-2983444295-1433630469-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER \SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, http://www.bing.com/search?pc=COSP&ptag=D032315- A510D0E105D5B4CC49CF&form=CONBDF&conlogo=CT3330941&q={searchTerms}, , [a4bf957158331a1c05464864010340c0] PUP.Optional.Delta.ShrtCln, HKU\S-1-5-21-1941950472-2983444295-1433630469-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}|URL, http://www1.delta-search.com/?q={searchTerms} &babsrc=SP_ss&mntrId=360850465D8E2FFF&affID=119820&tsp=4945, , [c99a798d2b60fb3b1a944c4eb3514bb5] PUP.Optional.Babylon.A, HKU\S-1-5-21-1941950472-2983444295-1433630469-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER \SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}|FaviconURL, search.babylon.com/favicon.ico, , [baa966a00487ac8a701c958354afc63a] Registrierungsdaten: 7 PUP.Optional.HelperBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=16db3f04-de5b-4283-9ff4- ee87c1227848&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}, Gut: (http://www.google.com), Schlecht: (http://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=16db3f04-de5b-4283-9ff4- ee87c1227848&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}),,[72f15babc8c3c96dc044cd7646bfb24e] PUP.Optional.HelperBar.A, HKU\S-1-5-21-1941950472-2983444295-1433630469-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER \MAIN|Search Page, http://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=16db3f04-de5b-4283-9ff4- ee87c1227848&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}, Gut: (http://www.google.com), Schlecht: (http://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=16db3f04-de5b-4283-9ff4- ee87c1227848&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}),,[cf94887e018ac373fc0a9da64fb622de] PUP.Optional.HelperBar.A, HKU\S-1-5-21-1941950472-2983444295-1433630469-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER \MAIN|Search Bar, http://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=16db3f04-de5b-4283-9ff4- ee87c1227848&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}, Gut: (http://www.google.com), Schlecht: (http://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=16db3f04-de5b-4283-9ff4- ee87c1227848&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}),,[6af92ed8d0bb38fec6403e05d134827e] PUP.Optional.StartPage, HKU\S-1-5-21-1941950472-2983444295-1433630469-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER \MAIN|bProtector Start Page, http://www1.delta-search.com/? babsrc=HP_ss&mntrId=360850465D8E2FFF&affID=119820&tsp=4945, Gut: (http://www.google.com), Schlecht: (http://www1.delta- search.com/?babsrc=HP_ss&mntrId=360850465D8E2FFF&affID=119820&tsp=4945),,[6300ba4c93f8d3639f82fb515fa652ae] PUP.Optional.HelperBar.A, HKU\S-1-5-21-1941950472-2983444295-1433630469-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER \SEARCH|Default_Search_URL, http://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=16db3f04-de5b-4283-9ff4- ee87c1227848&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}, Gut: (http://www.google.com), Schlecht: (http://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=16db3f04-de5b-4283-9ff4- ee87c1227848&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}),,[df84c442f7944de98484e45fdb2a09f7] PUP.Optional.HelperBar.A, HKU\S-1-5-21-1941950472-2983444295-1433630469-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER \SEARCH|SearchAssistant, http://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=16db3f04-de5b-4283-9ff4- ee87c1227848&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}, Gut: (http://www.google.com), Schlecht: (http://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=16db3f04-de5b-4283-9ff4- ee87c1227848&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}),,[e083c83e0586082e7d8baf9445c0ae52] PUP.Optional.HelperBar.A, HKU\S-1-5-21-1941950472-2983444295-1433630469-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER \SEARCHURL|Default, http://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=16db3f04-de5b-4283-9ff4- ee87c1227848&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}, Gut: (http://www.google.com), Schlecht: (http://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=16db3f04-de5b-4283-9ff4- ee87c1227848&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}),,[d093db2b09827bbb18edba894abbc33d] Ordner: 8 PUP.Optional.OpenCandy, C:\Users\xxx\AppData\Roaming\OpenCandy, , [c79c62a46f1cb87ec47a20c0808225db], PUP.Optional.OpenCandy, C:\Users\xxx\AppData\Roaming\OpenCandy\19B317909BED40BF815FF0E4ACF11DAF, , [c79c62a46f1cb87ec47a20c0808225db], PUP.Optional.OpenCandy, C:\Users\xxx\AppData\Roaming\OpenCandy\3E58658906234096A8E05929AC7D4D6B, , [c79c62a46f1cb87ec47a20c0808225db], PUP.Optional.SimpleNewTab.A, C:\Users\xxx\AppData\Local\simple_new_tab, , [a6bd4abc4942280e5c5243a8768cae52], PUP.Optional.SimpleNewTab.A, C:\Users\xxx\AppData\Local\simple_new_tab\htmls, , [a6bd4abc4942280e5c5243a8768cae52], PUP.Optional.SaveByClick.A, C:\ProgramData\SaveByclick, , [fb68c244cac187afd943df11fd05758b], PUP.Optional.SaveByClick.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaveByclick, , [9bc8c3435c2fd660e85052a2a55d10f0], PUP.Optional.SaveByClick.A, C:\Users\xxx\AppData\LocalLow\SaveByclick, , [c49f22e49fec053192a76a8a788a7b85], Dateien: 19 PUP.Optional.SilentInstall.A, C:\ProgramData\SaveByclick\uninstall.exe, , [f56eb84e8704e74f86e2d4144ab615eb], PUP.Optional.HTTOGROUP.A, C:\Users\xxx\AppData\Roaming\DataMgr\DataMgr.exe, , [df8445c18902171f46243e4219ec7789], PUP.Optional.BrowserDefender.A, C:\Windows\System32\Tasks\BrowserDefendert, , [73f00204d4b783b366ae9cabf80bb848], PUP.Optional.OpenCandy, C:\Users\xxx\AppData\Roaming\OpenCandy\19B317909BED40BF815FF0E4ACF11DAF\2534.ico, , [c79c62a46f1cb87ec47a20c0808225db], PUP.Optional.OpenCandy, C:\Users\xxx\AppData\Roaming\OpenCandy\19B317909BED40BF815FF0E4ACF11DAF\EBB77268-338F- 4C6A-8590-AD88FED26F4A, , [c79c62a46f1cb87ec47a20c0808225db], PUP.Optional.OpenCandy, C:\Users\xxx\AppData\Roaming\OpenCandy\19B317909BED40BF815FF0E4ACF11DAF \Linkury_ALL_p2v3.exe, , [c79c62a46f1cb87ec47a20c0808225db], PUP.Optional.OpenCandy, C:\Users\xxx\AppData\Roaming\OpenCandy\19B317909BED40BF815FF0E4ACF11DAF \OCBrowserHelper_1.0.3.85.dll, , [c79c62a46f1cb87ec47a20c0808225db], PUP.Optional.OpenCandy, C:\Users\xxx\AppData\Roaming\OpenCandy\3E58658906234096A8E05929AC7D4D6B\5145.ico, , [c79c62a46f1cb87ec47a20c0808225db], PUP.Optional.OpenCandy, C:\Users\xxx\AppData\Roaming\OpenCandy\3E58658906234096A8E05929AC7D4D6B\EBB77268-338F- 4C6A-8590-AD88FED26F4A, , [c79c62a46f1cb87ec47a20c0808225db], PUP.Optional.OpenCandy, C:\Users\xxx\AppData\Roaming\OpenCandy\3E58658906234096A8E05929AC7D4D6B\findr.xml, , [c79c62a46f1cb87ec47a20c0808225db], PUP.Optional.OpenCandy, C:\Users\xxx\AppData\Roaming\OpenCandy\3E58658906234096A8E05929AC7D4D6B \OCBrowserHelper_1.0.5.112.dll, , [c79c62a46f1cb87ec47a20c0808225db], PUP.Optional.SimpleNewTab.A, C:\Users\xxx\AppData\Local\simple_new_tab\simple_new_tab.dll, , [a6bd4abc4942280e5c5243a8768cae52], PUP.Optional.SimpleNewTab.A, C:\Users\xxx\AppData\Local\simple_new_tab\htmls\index.html, , [a6bd4abc4942280e5c5243a8768cae52], PUP.Optional.SaveByClick.A, C:\ProgramData\SaveByclick\50defa36474d0.tlb, , [fb68c244cac187afd943df11fd05758b], PUP.Optional.SaveByClick.A, C:\ProgramData\SaveByclick\jhfmpbmgmhandldmepnpbeiinmmkldod.crx, , [fb68c244cac187afd943df11fd05758b], PUP.Optional.SaveByClick.A, C:\ProgramData\SaveByclick\settings.ini, , [fb68c244cac187afd943df11fd05758b], PUP.Optional.SaveByClick.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaveByclick\SaveByclick.lnk, , [9bc8c3435c2fd660e85052a2a55d10f0], PUP.Optional.SaveByClick.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaveByclick\Uninstall.lnk, , [9bc8c3435c2fd660e85052a2a55d10f0], PUP.Optional.SaveByClick.A, C:\Users\xxx\AppData\LocalLow\SaveByclick\SaveByclick.dat, , [c49f22e49fec053192a76a8a788a7b85], Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end)Edit 2002Andreas
Text in Klammercode gesetzt. -
Bei seit gestern wird bei jedem Neustart von Firefox die Datei "firefox_gen_inst_wrp.exe" von meinem Norton Vierenschutz gelöscht, weil sie nicht sicher ist. Bedrohungsname: WS.Reputation.1
Ist die Datei von Firefox und ist sie sicher?