Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Win8.1 hat 4 Viren:GenericPOP.x , TR/Dropper.MSIL.Gen,ADWARE.Gen7 und Artemis..

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Alt 23.06.2015, 20:49   #1
H4VPHKARU
 
Win8.1 hat 4 Viren:GenericPOP.x , TR/Dropper.MSIL.Gen,ADWARE.Gen7 und Artemis.. - Standard

Win8.1 hat 4 Viren:GenericPOP.x , TR/Dropper.MSIL.Gen,ADWARE.Gen7 und Artemis..



Hallo,
Mein Avira Antivirus fand 4 Viren auf meinen Win8.1 Pc am 17.06.2015,die Namen der Viren sind; GenericPOP.x , TR/Dropper.MSIL.Gen,ADWARE.Gen7, Artemis!4FBA8E1ECB31.Ich ging nach einer Anleitung im Internet und benutzte die Programme Adwcleaner, Junkware Removal Tool und Malwarebytes ,allerdings traute ich Mich nicht an den letzten Schritt ,wo man in Safe Mode die Viren finden sollte . Ich habe nicht begriffen wie man die Viren nun findet ..
Nun installierte ich noch auf eigene Faust Malwarebytes Anti-Rootkit
mit einigen Funden und seitdem ist Ruhe .Ich habe angst das Internet wieder anzuschalten ,aber sonst laeuft alles bestens mit wirklich minimaler Verlangsammung des Pc's ,es werden
keine viren mehr gefunden ,trotzdem sind sie wohl noch da .
ich habe alle logfiles,doch musste GMER ueberspringen, ansonsten ist alles da !

Die zwei Zip datein sind bei Angehaengte Datein ,ich weiss nicht wie man den Rest loescht.

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:50 on 23/06/2015 (Hikaru)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
FRST Additions Logfile:
Code:
ATTFilter
Additional
FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x64) Version:21-06-2015 01
Ran by Hikaru at 2015-06-23 19:58:01
Running from C:\Users\Hikaru\Downloads\trojaner board
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-239342230-206131414-3666733320-500 - Administrator - Disabled)
Gast (S-1-5-21-239342230-206131414-3666733320-501 - Limited - Disabled)
Hikaru (S-1-5-21-239342230-206131414-3666733320-1002 - Administrator - Enabled) => C:\Users\Hikaru

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.144 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.160 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{3B367DD2-6E0F-ADBE-4510-5DD3F3B9D92A}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.11.574 - Avira Operations GmbH & Co. KG)
BEACON (HKLM-x32\...\{259BF8E7-28DB-461F-8D7F-7B6E267D2502}_is1) (Version: 1.4.0509.0 - Lenovo Inc.)
CLIP STUDIO PAINT (HKLM-x32\...\{E4F184C1-E62E-44F0-B142-AB6197490834}) (Version: 1.3.8 - CELSYS)
Content (x32 Version: 1.00.0000 - Your Company Name) Hidden
Corel Painter 11 - ICA (x32 Version: 11.0 - Corel Corporation) Hidden
Corel Painter 11 - IPM (x32 Version: 011 - Corel Corporation) Hidden
Corel Painter 11 (HKLM-x32\...\_{5B51BB5F-4E7C-4275-A653-E98534E9C1D2}) (Version:  - Corel Corporation)
Corel Painter 11 (x32 Version: 11.0 - Corel Corporation) Hidden
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1602 - CyberLink Corp.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Dependency Package Update (Version: 1.6.25.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.36.00 - Lenovo Inc.) Hidden
Die Sims 2 (HKLM-x32\...\{6E7DD182-9FC6-4651-0095-2E666CC6AF35}) (Version:  - )
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.13.0621 - Lenovo)
FamilySafetyGuide (HKLM-x32\...\{9A268503-5AB0-479E-9690-929BDEC55C00}) (Version: 1.00.0711 - lenovo)
Hightail for Lenovo (HKLM\...\{2F10E937-F6D7-4174-8AB9-B299E8FC5CEC}) (Version: 2.4.97.2751 - Hightail, Inc.)
HP Deskjet 2540 series - Grundlegende Software für das Gerät (HKLM\...\{6D7FCC52-8DDA-441C-849A-4BB7C7E3BF2E}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP Deskjet 2540 series Hilfe (HKLM-x32\...\{B3E5B153-CC4B-40F2-9802-288B0AF2A966}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
IconHandler 32 bit (x32 Version: 2.0 - Corel Corporation) Hidden
IconHandler 64 bit (Version: 2.0 - Corel Corporation) Hidden
Langauge (x32 Version: 1.00.0000 - Your Company Name) Hidden
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.29 - Lenovo)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo)
Lenovo Browser Guard (HKLM-x32\...\LenovoBrowserGuard) (Version: 2.16.60.37 - ClientConnect LTD) <==== ATTENTION
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.25.00 - Lenovo Group Limited)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.19.0 - Lenovo)
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.7 - CEWE COLOR AG u Co. OHG)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.7408 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5723.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5723.52 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1901 - CyberLink Corp.)
Lenovo Rescue System (Version: 4.0.0.1901 - CyberLink Corp.) Hidden
Lenovo SHAREit (HKLM-x32\...\Lenovo SHAREit_is1) (Version: 1.0.11.0 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{1CA74803-5CB2-4C03-BDBE-061EDC81CC7F}) (Version: 2.8.004.00 - Lenovo Group Limited)
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 14.0.1029 - McAfee, Inc.)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Nitro Pro 9 (HKLM\...\{237990BC-415C-4CE8-B279-37892516D9F2}) (Version: 9.0.6.20 - Nitro)
PDF24 Creator 6.5.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7106 - Realtek Semiconductor Corp.)
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version:  - )
Studie zur Verbesserung von HP Deskjet 2540 series (HKLM\...\{E1949FF0-9835-41AC-81E4-E6D9CDCBE49E}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

21-06-2015 12:22:52 Geplanter Prüfpunkt

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01A7284B-3E31-42E2-97A5-67AEEC918158} - \Emaenxsu No Task File <==== ATTENTION
Task: {07C46A96-D7B7-4CF2-BF1C-206E5575C72A} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {14741805-5D43-4A23-A500-70A1589D4184} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {190FFCA9-85C7-41E1-AC00-D0B049212C89} - \Winsta Update No Task File <==== ATTENTION
Task: {3B2DAE9D-6692-47F9-B0CB-267FD607CDAD} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2013-08-13] (Hewlett-Packard Co.)
Task: {43032A1F-1912-474D-B219-70ECF3E41D57} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {45DA55EA-769E-4134-B2E0-498F33E307BA} - System32\Tasks\OFFICE2013ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: {4CD8EF42-014C-431C-B40B-52AE61986C4E} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2014-05-21] ()
Task: {7850D162-919D-4A85-9C1F-7B9C54565ABB} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {78E05431-1107-4FDF-8081-960AED57E308} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {8B4FACFD-472C-46C5-AE39-2C9D6B3F1367} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2015-03-09] (Lenovo)
Task: {944EC7A6-A629-4835-9DF6-C1844F6CDD7E} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-03-09] ()
Task: {999E23E7-DD91-4BB1-A7A1-BEC45DB79596} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {9E46E803-4A0E-4C95-B336-3DFA9688CF43} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {A738AFB9-328A-459E-9D9B-59E4BD0E5AD7} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {A92E79B0-FE62-4F50-A80C-E3F722FFDDE0} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2015-06-11] (Lenovo)
Task: {C28480F3-F0FB-4DA8-B5B2-10D75ACB7FBE} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {C8786A9E-5F94-4D87-B17E-D85DBC65A838} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {CF1C55DF-98C9-4966-86DB-67519D498B3D} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {CFF6D8EF-56A6-44CC-AB7F-B17830FFDBF6} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {E1571395-D58C-49AB-A0DF-4649E024EC17} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-05-27] (Microsoft Corporation)
Task: {E866D120-2739-4966-834F-7DD037EBE9CB} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation)
Task: {F028ECE7-B884-477B-9363-A39D281322E9} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Time-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2014-09-25 00:36 - 2011-08-16 20:46 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
2014-09-25 00:51 - 2013-05-14 20:53 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-09-25 00:36 - 2011-08-16 20:46 - 00024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe
2014-04-02 04:47 - 2014-04-02 04:47 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-05-21 18:29 - 2014-05-21 18:29 - 00033536 _____ () C:\Program Files\Lenovo\iMController\AutoUpdate.exe
2014-09-25 00:36 - 2011-05-17 13:27 - 00028672 _____ () C:\Windows\jmesoft\hidhook.dll
2009-12-04 16:59 - 2009-12-04 16:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2009-12-04 17:04 - 2009-12-04 17:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Hikaru\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-239342230-206131414-3666733320-1002\Control Panel\Desktop\\Wallpaper -> E:\p-es lohnt sich\manga\my anime clip\woah!.jpg
HKU\S-1-5-21-239342230-206131414-3666733320-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> E:\p-es lohnt sich\manga\my anime clip\woah!.jpg
HKU\S-1-5-21-239342230-206131414-3666733320-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> E:\p-es lohnt sich\manga\my anime clip\woah!.jpg
HKU\S-1-5-21-239342230-206131414-3666733320-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Control Panel\Desktop\\Wallpaper -> E:\p-es lohnt sich\manga\my anime clip\woah!.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{05804A18-B410-462F-BFB6-5C779B59475F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{71113D8F-B56B-43BF-8824-037E61A53747}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{1E1D15FF-4D5B-4EF4-BBCF-EC71C0F86424}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{3557079B-C9EC-4511-87BC-D058F1A138B1}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{F2E8AB92-3E7D-444E-8323-07D2CD4E5F3C}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{0A1E8F1D-AD34-445E-BE66-18C60131318A}] => (Allow) C:\Program Files (x86)\lenovo\SHAREit\SHAREit.exe
FirewallRules: [{C6C61864-C1F7-4B26-A1B7-FB80D7C895E1}] => (Allow) C:\Program Files (x86)\lenovo\SHAREit\SHAREit.exe
FirewallRules: [{A414C907-CF5F-4532-9982-D8F0677E24D1}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe
FirewallRules: [{CEDC01ED-A510-4C04-B063-CA12B4C93B19}] => (Allow) LPort=5357
FirewallRules: [{EA9FFA53-1F69-4F3F-999B-47653B7FD586}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{62923A26-3354-4756-8D2A-116BDDFCD275}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{B8BE5CBC-1DB2-43D3-AA2F-6E3FC87F3447}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{8C71827F-0F8B-437A-9D01-A1ED3C17BB67}] => (Allow) C:\Users\Hikaru\AppData\Local\BoBrowser\Application\bobrowser.exe
FirewallRules: [{4F179252-BEA9-442B-A821-E035B478046A}] => (Allow) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/23/2015 07:56:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GWXUX.exe, Version: 6.3.9600.17813, Zeitstempel: 0x554a15f3
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17736, Zeitstempel: 0x550f4336
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000003d85e
ID des fehlerhaften Prozesses: 0xc34
Startzeit der fehlerhaften Anwendung: 0xGWXUX.exe0
Pfad der fehlerhaften Anwendung: GWXUX.exe1
Pfad des fehlerhaften Moduls: GWXUX.exe2
Berichtskennung: GWXUX.exe3
Vollständiger Name des fehlerhaften Pakets: GWXUX.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: GWXUX.exe5

Error: (06/22/2015 11:36:32 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 

Error: (06/22/2015 10:40:19 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 

Error: (06/22/2015 10:35:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GWXUX.exe, Version: 6.3.9600.17813, Zeitstempel: 0x554a15f3
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17736, Zeitstempel: 0x550f4336
Ausnahmecode: 0xc0000008
Fehleroffset: 0x00000000000ec180
ID des fehlerhaften Prozesses: 0x11b8
Startzeit der fehlerhaften Anwendung: 0xGWXUX.exe0
Pfad der fehlerhaften Anwendung: GWXUX.exe1
Pfad des fehlerhaften Moduls: GWXUX.exe2
Berichtskennung: GWXUX.exe3
Vollständiger Name des fehlerhaften Pakets: GWXUX.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: GWXUX.exe5

Error: (06/21/2015 11:56:35 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 

Error: (06/21/2015 03:42:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GWXUX.exe, Version: 6.3.9600.17813, Zeitstempel: 0x554a15f3
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17736, Zeitstempel: 0x550f4336
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000003d85e
ID des fehlerhaften Prozesses: 0x75c
Startzeit der fehlerhaften Anwendung: 0xGWXUX.exe0
Pfad der fehlerhaften Anwendung: GWXUX.exe1
Pfad des fehlerhaften Moduls: GWXUX.exe2
Berichtskennung: GWXUX.exe3
Vollständiger Name des fehlerhaften Pakets: GWXUX.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: GWXUX.exe5

Error: (06/20/2015 03:56:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm mbar.exe, Version 1.9.1.1004 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 12ec

Startzeit: 01d0ab6062545e16

Endzeit: 13311

Anwendungspfad: C:\Users\Hikaru\Desktop\mbar\mbar.exe

Berichts-ID: 1b75cf84-1754-11e5-8266-4437e6e88be4

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (06/19/2015 01:22:05 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary scfd_1_10_0_16.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (06/19/2015 00:43:35 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary scfd_1_10_0_16.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (06/18/2015 06:31:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary scfd_1_10_0_16.

System Error:
Das System kann die angegebene Datei nicht finden.
.


System errors:
=============
Error: (06/20/2015 04:46:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "mail update Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (06/20/2015 04:19:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "mail update Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (06/20/2015 04:01:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Email-Schutz" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/20/2015 04:01:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Cyberlink RichVideo64 Service(CRVS)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/20/2015 04:01:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Protexis Licensing V2" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/20/2015 04:01:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Lenovo System Agent Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/20/2015 04:01:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "JME Keyboard Driver" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/20/2015 04:01:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/20/2015 04:01:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/20/2015 04:01:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office:
=========================
Error: (06/23/2015 07:56:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GWXUX.exe6.3.9600.17813554a15f3ntdll.dll6.3.9600.17736550f4336c0000005000000000003d85ec3401d0adddfa3639a0C:\WINDOWS\System32\GWX\GWXUX.exeC:\WINDOWS\SYSTEM32\ntdll.dll387b5ae4-19d1-11e5-8269-4437e6e88be4

Error: (06/22/2015 11:36:32 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 

Error: (06/22/2015 10:40:19 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 

Error: (06/22/2015 10:35:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GWXUX.exe6.3.9600.17813554a15f3ntdll.dll6.3.9600.17736550f4336c000000800000000000ec18011b801d0ad2af31351ccC:\WINDOWS\System32\GWX\GWXUX.exeC:\WINDOWS\SYSTEM32\ntdll.dll314ed7f8-191e-11e5-8269-4437e6e88be4

Error: (06/21/2015 11:56:35 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 

Error: (06/21/2015 03:42:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GWXUX.exe6.3.9600.17813554a15f3ntdll.dll6.3.9600.17736550f4336c0000005000000000003d85e75c01d0ac280ae166e3C:\WINDOWS\System32\GWX\GWXUX.exeC:\WINDOWS\SYSTEM32\ntdll.dll4bdeb74e-181b-11e5-8269-4437e6e88be4

Error: (06/20/2015 03:56:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbar.exe1.9.1.100412ec01d0ab6062545e1613311C:\Users\Hikaru\Desktop\mbar\mbar.exe1b75cf84-1754-11e5-8266-4437e6e88be4

Error: (06/19/2015 01:22:05 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary scfd_1_10_0_16.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (06/19/2015 00:43:35 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary scfd_1_10_0_16.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (06/18/2015 06:31:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary scfd_1_10_0_16.

System Error:
Das System kann die angegebene Datei nicht finden.


CodeIntegrity Errors:
===================================
  Date: 2015-06-17 23:29:26.855
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe that did not meet the Microsoft signing level requirements.


==================== Memory info =========================== 

Processor: AMD A10-7800 Radeon R7, 12 Compute Cores 4C+8G 
Percentage of memory in use: 23%
Total physical RAM: 7093.19 MB
Available physical RAM: 5438.34 MB
Total Pagefile: 14517.19 MB
Available Pagefile: 12337.84 MB
Total Virtual: 131072 MB
Available Virtual: 131071.77 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:905.25 GB) (Free:859.29 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1746FBBD)

Partition: GPT Partition Type.

==================== End of log ============================
         
--- --- --- --- --- ---
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 18.06.2015
Suchlauf-Zeit: 01:24:00
Logdatei: malwarebytes7.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.03.09.05
Rootkit Datenbank: v2015.02.25.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Hikaru

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 343990
Verstrichene Zeit: 11 Min, 6 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 27
PUP.Optional.MBot.A, HKLM\SOFTWARE\WOW6432NODE\MYBESTOFFERSTODAY, In Quarantäne, [6e0b0d362862d6602fd39236ed162cd4], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\WajIntEnhance, In Quarantäne, [d8a171d20783c07600c6486406fdb54b], 
PUP.Software.Updater, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}, In Quarantäne, [3d3c72d1cdbdc5714a5e58a40af9ec14], 
PUP.Optional.BoBrowser.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\BoBrowser, In Quarantäne, [fa7f83c0e3a785b1761b7837a75c6e92], 
PUP.Optional.CinemaPlus.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\CinemaPlus-3.2cV17.06, In Quarantäne, [2a4fd2716d1d83b35b7972451ae9ac54], 
PUP.Optional.CinemaPlus.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\CinemaPlus-3.2cV17.06-nv, In Quarantäne, [bbbe31129bef4cea468e4473c340619f], 
PUP.Optional.CinemaPlus.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\CinemaPlus-3.2cV17.06-nv-ie, In Quarantäne, [accd043f038773c324b08f28bf448f71], 
PUP.Optional.HomeTab.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\HomeTab, In Quarantäne, [3742c47fd3b7b6806ed215c44eb5df21], 
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\SearchProtectWS, In Quarantäne, [de9b2023682253e3bbd205a46f948b75], 
PUP.Optional.TNT.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\TNT2, In Quarantäne, [0079af949cee3006c6a86f3c55ae4ab6], 
PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\TutoTag, In Quarantäne, [4e2b5fe46d1d89ad626456d70500ad53], 
PUP.Optional.Wajam.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\WajIEnhance, In Quarantäne, [a9d00142d9b169cda604902240c308f8], 
PUP.Optional.Wajam.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\WajIntEnhance, In Quarantäne, [caafd66d800a0e28bb0c595308fbcf31], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [03763c07018965d14ceccc53768f44bc], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\30935, In Quarantäne, [3b3ede65286283b315a6fec473906f91], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\Cinema PlusV17.06, In Quarantäne, [cfaa2e156e1c36004a024a6dca39a060], 
PUP.Optional.Qone8, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [bebb3d065a30f3432678c84e729326da], 
PUP.Optional.Iminent.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IMBoosterARP, In Quarantäne, [5227331005851c1ac7aa4164956edd23], 
PUP.Optional.Iminent.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IminentToolbar, In Quarantäne, [4831ae95296140f673ff9c09cb3814ec], 
PUP.Optional.Linkey.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Linkey, In Quarantäne, [f287360d2b5f3006096a3e677f84ef11], 
PUP.Optional.Vosteran.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Vosteran.com, In Quarantäne, [76039ba8a9e1ac8a41339c09f50ee020], 
PUP.Optional.Wajam.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WajIntEnhance, In Quarantäne, [a2d7b48facde3204680da0056a99af51], 
PUP.Optional.HomeTab.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\SIMPLYTECH\HomeTab, In Quarantäne, [5821053ec9c1092d2048cb26a0637b85], 
PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\TUTORIALS\updatetutorialeshp, In Quarantäne, [c9b02a194b3fa492e80a703a19eae21e], 
PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\TUTORIALS\updatetutorialshp, In Quarantäne, [a9d0a3a0d1b90234797a3c6eb84b40c0], 
PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\TUTORIALS\updv, In Quarantäne, [2257c47ff595ba7c30c4723857ac8e72], 
PUP.Optional.MBot.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\mbot_de_014010005_is1, In Quarantäne, [354454ef038792a49582454347bced13], 

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 11
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\GOOGLE CHROME\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://www.istartsurf.com/?type=sc&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH, Gut: (Chrome.exe), Schlecht: ("C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://www.istartsurf.com/?type=sc&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH),Ersetzt,[03767fc4bcce73c32995597ddd28d52b]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.istartsurf.com/web/?type=ds&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH&q={searchTerms}),Ersetzt,[81f81f242466aa8c9482f9dcca3b42be]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.istartsurf.com/?type=hp&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH),Ersetzt,[611856ede7a390a63dd9e0f59d6859a7]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.istartsurf.com/web/?type=ds&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH&q={searchTerms}),Ersetzt,[0475b88b2b5f20169a7c21b45fa6f808]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[56235be836545adc26749f425ca937c9]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\GOOGLE CHROME\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://www.istartsurf.com/?type=sc&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH, Gut: (Chrome.exe), Schlecht: ("C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://www.istartsurf.com/?type=sc&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH),Ersetzt,[8decf251ccbed660229c7462c44128d8]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.istartsurf.com/web/?type=ds&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH&q={searchTerms}),Ersetzt,[7cfd43008cfe79bdaf67a4313bca7987]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.istartsurf.com/?type=hp&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH),Ersetzt,[2554f350c6c491a561b52aab986df50b]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.istartsurf.com/web/?type=ds&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH&q={searchTerms}),Ersetzt,[90e9e2610684b87e0a0c548112f3619f]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[93e684bf0b7f3afc0c8ea0412cd9946c]
PUP.Optional.IStartSurf.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.istartsurf.com/?type=hp&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH),Ersetzt,[8eebcf747218d264d53f914459acd32d]

Ordner: 7
PUP.Optional.GlobalUpdate.A, C:\Users\Hikaru\AppData\Local\Temp\comh.266757, In Quarantäne, [c1b87fc4fe8c6bcb5534acd633d05ea2], 
PUP.Optional.MBot.A, C:\Users\Hikaru\AppData\Local\mbot_de_014010005, In Quarantäne, [631676cddeac2511b3632167e023867a], 
PUP.Optional.MBot.A, C:\Users\Hikaru\AppData\Local\mbot_de_014010005\Download, In Quarantäne, [631676cddeac2511b3632167e023867a], 
PUP.Optional.MBot.A, C:\Users\Hikaru\AppData\Local\mbot_de_014010005\mbot_de_014010005, In Quarantäne, [631676cddeac2511b3632167e023867a], 
PUP.Optional.MBot.A, C:\Users\Hikaru\AppData\Local\mbot_de_014010005\mbot_de_014010005\1.10, In Quarantäne, [631676cddeac2511b3632167e023867a], 
PUP.Optional.MBot.A, C:\Program Files (x86)\mbot_de_014010005, In Quarantäne, [354454ef038792a49582454347bced13], 
PUP.Optional.MBot.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MYBESTOFFERSTODAY, In Quarantäne, [5f1aa1a2088210268aec4643cd36728e], 

Dateien: 44
PUP.Optional.MyStartSearch.A, C:\Users\Hikaru\AppData\Local\Temp\nscE27C.tmp, In Quarantäne, [fe7b1033e6a4f4420748b565d630fa06], 
PUP.Optional.MyStartSearch.A, C:\Users\Hikaru\AppData\Local\Temp\nsp94CD.tmp, In Quarantäne, [97e245feb9d19d9973dc66b4778f01ff], 
PUP.Optional.Somoto, C:\Users\Hikaru\AppData\Local\Temp\bitool.dll, In Quarantäne, [c7b20d360e7cf442b6699fad7e84e21e], 
PUP.Optional.BoostSaves.A, C:\Users\Hikaru\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage, In Quarantäne, [86f36ad9e7a3dc5ae1a8239137cc7c84], 
PUP.Optional.BoostSaves.A, C:\Users\Hikaru\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage-journal, In Quarantäne, [afcabb882c5e999db9d007ad37cca957], 
PUP.Optional.Boost.A, C:\Users\Hikaru\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage, In Quarantäne, [4a2f350e800a52e4212c04ca689b2ed2], 
PUP.Optional.Boost.A, C:\Users\Hikaru\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage-journal, In Quarantäne, [53262c172f5bc86eb09d319dca39bd43], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-1-6, In Quarantäne, [3b3e6ed5a9e10f275c15e8e6fd06e917], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-1-7, In Quarantäne, [a2d70a394b3f96a0145dc30bb053b44c], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-10_user, In Quarantäne, [5c1dd96a90fa61d575fcdfefc93a9d63], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-11, In Quarantäne, [5821093a404a93a3a0d18945f90ad62a], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-3, In Quarantäne, [fb7ea59e25659d99b0c1f7d738cba957], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-5, In Quarantäne, [bebb0e3553374fe7e78a05c95ea5738d], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-5_user, In Quarantäne, [fc7d1e258dfd2b0b135e0bc3818243bd], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-6, In Quarantäne, [df9a67dc9af06dc93041b21c897a4ab6], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-7, In Quarantäne, [9ddca69def9bd4620869cfff4fb48d73], 
PUP.SoftwareUpdater.A, C:\Windows\System32\Tasks\AmiUpdXp, In Quarantäne, [0673e0636e1c42f41dec389bd72c16ea], 
PUP.Software.Updater, C:\Windows\Tasks\AmiUpdXp.job, In Quarantäne, [bbbe340f612983b3c3e410ec41c2bb45], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-1-6.job, In Quarantäne, [0376073c3159b284de8f0d1e19eca858], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-1-7.job, In Quarantäne, [52277cc7e5a5ef471c512506eb1ab050], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-10_user.job, In Quarantäne, [73068eb594f6092dd7968aa1b4510cf4], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-11.job, In Quarantäne, [0178c380bdcdbc7abeafdf4ce421b34d], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-3.job, In Quarantäne, [a7d2b78c14762214422b56d5ec19b34d], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-5.job, In Quarantäne, [99e07dc65931d85ecba264c718ed22de], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-5_user.job, In Quarantäne, [b7c294aff09a73c3620b31fa13f2a858], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-6.job, In Quarantäne, [5a1fea598a00c1755d102b00c243d62a], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-7.job, In Quarantäne, [de9bcf74a9e17abcb0bdc16a03025aa6], 
PUP.Optional.Vitruvian.A, C:\Users\Hikaru\AppData\Local\Temp\vitruvian-installer-hardwareprofile-v0001, In Quarantäne, [48316ed5404a0f270fe20c2758adda26], 
PUP.Optional.Vitruvian.A, C:\Users\Hikaru\AppData\Local\Temp\vitruvian-installer-install-v0003, In Quarantäne, [01784ef54c3efa3cbc35181bbb4ade22], 
PUP.Optional.Vitruvian.A, C:\Users\Hikaru\AppData\Local\Temp\vitruvian-installer-processes-v0002, In Quarantäne, [6c0dde655139e45202efd85b58ad5ca4], 
PUP.Optional.Vitruvian.A, C:\Users\Hikaru\AppData\Local\Temp\vitruvian-installer-scheduledtasks-v0001, In Quarantäne, [611882c1305a8da9628f00334cb9cd33], 
PUP.Optional.Vitruvian.A, C:\Users\Hikaru\AppData\Local\Temp\vitruvian-installer-softwareregkeys-v0002, In Quarantäne, [68115be8f39779bd37ba3ff4ad58e31d], 
PUP.Optional.GlobalUpdate.A, C:\Users\Hikaru\AppData\Local\Temp\comh.266757\globalupdateBroker.exe, In Quarantäne, [c1b87fc4fe8c6bcb5534acd633d05ea2], 
PUP.Optional.GlobalUpdate.A, C:\Users\Hikaru\AppData\Local\Temp\comh.266757\globalupdateHelper.msi, In Quarantäne, [c1b87fc4fe8c6bcb5534acd633d05ea2], 
PUP.Optional.GlobalUpdate.A, C:\Users\Hikaru\AppData\Local\Temp\comh.266757\globalupdateOnDemand.exe, In Quarantäne, [c1b87fc4fe8c6bcb5534acd633d05ea2], 
PUP.Optional.GlobalUpdate.A, C:\Users\Hikaru\AppData\Local\Temp\comh.266757\goopdate.dll, In Quarantäne, [c1b87fc4fe8c6bcb5534acd633d05ea2], 
PUP.Optional.MBot.A, C:\Users\Hikaru\AppData\Local\mbot_de_014010005\upgmsd_de_005010005.cyl, In Quarantäne, [631676cddeac2511b3632167e023867a], 
PUP.Optional.MBot.A, C:\Users\Hikaru\AppData\Local\mbot_de_014010005\upmbot_de_014010005.cyl, In Quarantäne, [631676cddeac2511b3632167e023867a], 
PUP.Optional.MBot.A, C:\Users\Hikaru\AppData\Local\mbot_de_014010005\user_profil.cyp, In Quarantäne, [631676cddeac2511b3632167e023867a], 
PUP.Optional.MBot.A, C:\Users\Hikaru\AppData\Local\mbot_de_014010005\mbot_de_014010005\1.10\cnf.cyl, In Quarantäne, [631676cddeac2511b3632167e023867a], 
PUP.Optional.MBot.A, C:\Users\Hikaru\AppData\Local\mbot_de_014010005\mbot_de_014010005\1.10\eorezo.cyl, In Quarantäne, [631676cddeac2511b3632167e023867a], 
PUP.Optional.MBot.A, C:\Program Files (x86)\mbot_de_014010005\unins000.dat, In Quarantäne, [354454ef038792a49582454347bced13], 
PUP.Optional.MBot.A, C:\Program Files (x86)\mbot_de_014010005\unins000.exe, In Quarantäne, [354454ef038792a49582454347bced13], 
PUP.Optional.MBot.A, C:\Program Files (x86)\mbot_de_014010005\unins000.msg, In Quarantäne, [354454ef038792a49582454347bced13], 

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
         
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 20.06.2015
Suchlauf-Zeit: 16:34:21
Logdatei: malwarebytes2.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.06.20.02
Rootkit Datenbank: v2015.06.15.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Hikaru

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 345863
Verstrichene Zeit: 9 Min, 30 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 1
PUP.Optional.MultiPlug.Gen, C:\Users\Hikaru\AppData\Roaming\3BDD7C98-1434566357-11E4-8357-1C2C465E1100\knsfF8D0.tmp, 1780, Löschen bei Neustart, [569cb20aee9c280e2a0c117812f346ba]

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 9
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{B0660298-91AA-421F-BF0D-BFF6BB8BF3AE}, In Quarantäne, [b2408636f892ef470b67f0c15aa9d030], 
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{EAC7DE5C-9520-435D-91AA-4A02E4773CEA}, In Quarantäne, [b2408636f892ef470b67f0c15aa9d030], 
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EAC7DE5C-9520-435D-91AA-4A02E4773CEA}, In Quarantäne, [b2408636f892ef470b67f0c15aa9d030], 
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{EAC7DE5C-9520-435D-91AA-4A02E4773CEA}, In Quarantäne, [b2408636f892ef470b67f0c15aa9d030], 
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{B0660298-91AA-421F-BF0D-BFF6BB8BF3AE}, In Quarantäne, [b2408636f892ef470b67f0c15aa9d030], 
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{B0660298-91AA-421F-BF0D-BFF6BB8BF3AE}, In Quarantäne, [b2408636f892ef470b67f0c15aa9d030], 
PUP.Optional.MultiPlug.Gen, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\levukyhy, In Quarantäne, [569cb20aee9c280e2a0c117812f346ba], 
PUP.Optional.SuperClick.A, HKLM\SOFTWARE\WOW6432NODE\SuperClick_1.10.0.16, In Quarantäne, [bc3615a74743db5be273444bf015d32d], 
PUP.Optional.PCSpeedUp.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PCSUUCDRV, In Quarantäne, [1ed46854a8e277bf12cee6acfe0749b7], 

Registrierungswerte: 1
PUP.Optional.MultiPlug.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\levukyhy|ImagePath, C:\Users\Hikaru\AppData\Roaming\3BDD7C98-1434566357-11E4-8357-1C2C465E1100\knsfF8D0.tmp, In Quarantäne, [15dd9d1f305a77bf96261176709555ab]

Registrierungsdaten: 2
PUP.Optional.OurSurfing.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.oursurfing.com/?type=sc&ts=1434566156&z=62208703c51793706665884g7z8cfz8w4q8qegawbw&from=amt&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.oursurfing.com/?type=sc&ts=1434566156&z=62208703c51793706665884g7z8cfz8w4q8qegawbw&from=amt&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH),Ersetzt,[539f4c70444679bdc376ea61fb0be11f]
PUP.Optional.OurSurfing.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.oursurfing.com/?type=sc&ts=1434566156&z=62208703c51793706665884g7z8cfz8w4q8qegawbw&from=amt&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.oursurfing.com/?type=sc&ts=1434566156&z=62208703c51793706665884g7z8cfz8w4q8qegawbw&from=amt&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH),Ersetzt,[1ed4a517e1a9f5413ffae96255b15ba5]

Ordner: 5
PUP.Optional.MultiPlug.Gen, C:\Users\Hikaru\AppData\Roaming\3BDD7C98-1434566357-11E4-8357-1C2C465E1100, Löschen bei Neustart, [569cb20aee9c280e2a0c117812f346ba], 
PUP.Optional.Amonetize.A, C:\ProgramData\Emaenxsu\1.0.1.0, In Quarantäne, [52a04c703e4ca88e77d5820ef21338c8], 
PUP.Optional.Amonetize.A, C:\ProgramData\Emaenxsu, In Quarantäne, [52a04c703e4ca88e77d5820ef21338c8], 
PUP.Optional.PullUpdate.A, C:\ProgramData\hUYXYdNI\dat, In Quarantäne, [c42e328a55358ea832a56621a5617e82], 
PUP.Optional.PullUpdate.A, C:\ProgramData\hUYXYdNI, In Quarantäne, [c42e328a55358ea832a56621a5617e82], 

Dateien: 17
PUP.Optional.PullUpdate.A, C:\ProgramData\hUYXYdNI\dat\OoZhholiwT.exe, In Quarantäne, [3cb6f7c5fe8c0b2b21a15b2ae5216f91], 
PUP.Optional.AnyProtect, C:\Users\Hikaru\AppData\Local\Temp\nsmAB0D.tmp, In Quarantäne, [d41e9329751559ddf37b0564d033ce32], 
PUP.Optional.AnyProtect, C:\Users\Hikaru\AppData\Local\Temp\nspA54.tmp, In Quarantäne, [fff3a6162a6083b3214dd495ec17a55b], 
PUP.Optional.IStartSurf.A, C:\Users\Hikaru\AppData\Local\Temp\nswFA3A.tmp, In Quarantäne, [c32f13a9781220164b873152d333e31d], 
PUP.Optional.Clara.A, C:\Users\Hikaru\AppData\Local\Temp\CR_B2D82.tmp\setup.exe, In Quarantäne, [ca288636682287afc6a27b0a80860cf4], 
PUP.Optional.MultiPlug.Gen, C:\Users\Hikaru\AppData\Roaming\3BDD7C98-1434566357-11E4-8357-1C2C465E1100\knsfF8D0.tmp, Löschen bei Neustart, [569cb20aee9c280e2a0c117812f346ba], 
PUP.Optional.MultiPlug.Gen, C:\Users\Hikaru\AppData\Roaming\3BDD7C98-1434566357-11E4-8357-1C2C465E1100\rnsoC31F.exe, In Quarantäne, [569cb20aee9c280e2a0c117812f346ba], 
PUP.Optional.MultiPlug.Gen, C:\Users\Hikaru\AppData\Roaming\3BDD7C98-1434566357-11E4-8357-1C2C465E1100\Uninstall.exe, In Quarantäne, [569cb20aee9c280e2a0c117812f346ba], 
PUP.Optional.MultiPlug.Gen, C:\Users\Hikaru\AppData\Roaming\3BDD7C98-1434566357-11E4-8357-1C2C465E1100\vnsv9FB1.tmp, In Quarantäne, [569cb20aee9c280e2a0c117812f346ba], 
PUP.Optional.Amonetize.A, C:\ProgramData\Emaenxsu\1.0.1.0\kugnoaah.exe.config, In Quarantäne, [52a04c703e4ca88e77d5820ef21338c8], 
PUP.Optional.Amonetize.A, C:\ProgramData\Emaenxsu\1.0.1.0\sqlite3.dll, In Quarantäne, [52a04c703e4ca88e77d5820ef21338c8], 
PUP.Optional.Amonetize.A, C:\ProgramData\Emaenxsu\dat.dat, In Quarantäne, [52a04c703e4ca88e77d5820ef21338c8], 
PUP.Optional.PullUpdate.A, C:\ProgramData\hUYXYdNI\dat\OoZhholiwT.exe.config, In Quarantäne, [c42e328a55358ea832a56621a5617e82], 
PUP.Optional.PullUpdate.A, C:\ProgramData\hUYXYdNI\dat\REaCcB.exe.config, In Quarantäne, [c42e328a55358ea832a56621a5617e82], 
PUP.Optional.PullUpdate.A, C:\ProgramData\hUYXYdNI\info.dat, In Quarantäne, [c42e328a55358ea832a56621a5617e82], 
PUP.Optional.PullUpdate.A, C:\ProgramData\hUYXYdNI\wPDBXOj.dat, In Quarantäne, [c42e328a55358ea832a56621a5617e82], 
PUP.Optional.PullUpdate.A, C:\ProgramData\hUYXYdNI\wPDBXOj.exe.config, In Quarantäne, [c42e328a55358ea832a56621a5617e82], 

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
         
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v4.206 - Bericht erstellt 19/06/2015 um 14:48:28
# Aktualisiert 01/06/2015 von Xplode
# Datenbank : 2015-05-31.5 [Lokal]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : Hikaru - HIKARU-UKE
# Gestarted von : C:\Users\Hikaru\Downloads\adwcleaner_4.206.exe
# Option : Suchlauf

***** [ Dienste ] *****

Dienst Gefunden : 0014681434673201mcinstcleanup

***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\claraInstaller.txt
Datei Gefunden : C:\Users\Hikaru\AppData\Local\Temp\Uninstall.exe
Datei Gefunden : C:\Users\Hikaru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk
Ordner Gefunden : C:\DesktopSearch
Ordner Gefunden : C:\Program Files (x86)\Amazon\ABB
Ordner Gefunden : C:\Program Files (x86)\LenovoBrowserGuard
Ordner Gefunden : C:\Program Files (x86)\MyPCBU
Ordner Gefunden : C:\ProgramData\MailUpdate
Ordner Gefunden : C:\Users\Hikaru\AppData\Local\LenovoBrowserGuard
Ordner Gefunden : C:\Users\Hikaru\AppData\Roaming\AnyProtectEx
Ordner Gefunden : C:\Users\Hikaru\AppData\Roaming\MailUpdate
Ordner Gefunden : C:\Users\Hikaru\SupTab

***** [ Geplante Tasks ] *****

Task Gefunden : Run_Bobby_Browser
Task Gefunden : WinKit
Task Gefunden : amiupdaterExd
Task Gefunden : amiupdaterExi

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Daten Gefunden : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.oursurfing.com/?type=sc&ts=1434566156&z=62208703c51793706665884g7z8cfz8w4q8qegawbw&from=amt&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH
Schlüssel Gefunden : HKCU\Software\AnyProtect
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartWeb
Schlüssel Gefunden : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Schlüssel Gefunden : HKCU\Software\Classes\Directory\shell\pokki
Schlüssel Gefunden : HKCU\Software\Classes\Drive\shell\pokki
Schlüssel Gefunden : HKCU\Software\Classes\lnkfile\shell\pokki
Schlüssel Gefunden : HKCU\Software\Classes\pokki
Schlüssel Gefunden : HKCU\Software\Crossbrowse
Schlüssel Gefunden : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\istartsurf.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mystartsearch.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.mystartsearch.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_04bb6df446330549a2cb8d67fbd1a745025b7bd1
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_3dc0e1fa754e445f813f28d62945a52a0bd61e67
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_ae6fb69cb32e90696231047775a0c6f978b07da9
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_Start_Menu
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_Start_Menu
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Schlüssel Gefunden : HKCU\Software\Pokki
Schlüssel Gefunden : HKCU\Software\simplytech
Schlüssel Gefunden : HKCU\Software\YorkNewCin
Schlüssel Gefunden : [x64] HKCU\Software\AnyProtect
Schlüssel Gefunden : [x64] HKCU\Software\Crossbrowse
Schlüssel Gefunden : [x64] HKCU\Software\InstalledBrowserExtensions
Schlüssel Gefunden : [x64] HKCU\Software\Pokki
Schlüssel Gefunden : [x64] HKCU\Software\simplytech
Schlüssel Gefunden : [x64] HKCU\Software\YorkNewCin
Schlüssel Gefunden : HKLM\SOFTWARE\Clara
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CRSBRWSHTML
Schlüssel Gefunden : HKLM\SOFTWARE\Clients\StartMenuInternet\Crossbrowse
Schlüssel Gefunden : HKLM\SOFTWARE\Crossbrowse
Schlüssel Gefunden : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gefunden : HKLM\SOFTWARE\LenovoBrowserGuard
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Mediaplayer\Shiminclusionlist\crossbrowse.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\crossbrowse.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7D7D6742-5B49-4454-9E9B-748E731E741A}_is1
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LenovoBrowserGuard
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Schlüssel Gefunden : HKLM\SOFTWARE\SpeedBit
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Wert Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [DesktopSearch]
Wert Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
Wert Gefunden : HKLM\SOFTWARE\Classes\.htm\OpenWithProgids [CRSBRWSHTML]
Wert Gefunden : HKLM\SOFTWARE\Classes\.html\OpenWithProgids [CRSBRWSHTML]
Wert Gefunden : HKLM\SOFTWARE\RegisteredApplications [Crossbrowse]

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17840

Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.oursurfing.com/web/?type=dspp&ts=1434566190&z=32bcc1b7c366af09ca67085gfzbc1zdwcqcqfg5b5t&from=amt&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH&q={searchTerms}

-\\ Google Chrome v43.0.2357.124

[C:\Users\Hikaru\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://www.oursurfing.com/web/?type=dspp&ts=1434566190&z=32bcc1b7c366af09ca67085gfzbc1zdwcqcqfg5b5t&from=amt&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH&q={searchTerms}
[C:\Users\Hikaru\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://www.mystartsearch.com/web/?type=ds&ts=1434566816&z=8b97c00d9112e167a535dfag6zcc1zfwbq0qebag3z&from=cmi&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH&q={searchTerms}
[C:\Users\Hikaru\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://www.mystartsearch.com/web/?type=ds&ts=1434568576&z=fba18cf542c87940cb20379g6zdc8z9w3q7b0w1m4c&from=cmi&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH&q={searchTerms}
[C:\Users\Hikaru\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gefunden [Homepage] : hxxp://www.istartsurf.com/?type=hp&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH
[C:\Users\Hikaru\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gefunden [Startup_URLs] : 93A55B492FEB7464388C2C261637300566D6E725DBADCA3B754E284982CCE7E6"},"software_reporter":{"prompt_reason":"7938A6963AC8F761A3F63E0665B547EDF681916AF182CCCCC47C50AE360F2C89","prompt_seed":"B2EFCB0A98218F63BFB170E434B95A75FCE4852979F10D3CC157C8E93DDDD3CA","prompt_version":"E751FD164EC0A9FC981339425CC9E66BFD39F86F8BD53F7EDE1D3A7A5D5E9708"},"sync":{"remaining_rollback_tries":"86F27B85CB90EEB25001882FC235F735D5AA5453F9EF07115E1DD73993429D32"}},"super_mac":"BD73C878C87EBD394B95322CC69F8F85C696D0377BB4B374B19DA4BA3E02B9AF"},"session":{"restore_on_startup":4,"startup_urls":["hxxp://www.istartsurf.com/?type=hp&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH

*************************

AdwCleaner[R0].txt - [7369 Bytes] - [19/06/2015 14:48:28]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [7428 Bytes] ##########
         
--- --- --- AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v4.206 - Bericht erstellt 19/06/2015 um 14:55:00
# Aktualisiert 01/06/2015 von Xplode
# Datenbank : 2015-05-31.5 [Lokal]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : Hikaru - HIKARU-UKE
# Gestarted von : C:\Users\Hikaru\Downloads\adwcleaner_4.206.exe
# Option : Löschen

***** [ Dienste ] *****

[x] Nicht Gelöscht : 0014681434673201mcinstcleanup

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\DesktopSearch
Ordner Gelöscht : C:\ProgramData\MailUpdate
Ordner Gelöscht : C:\Program Files (x86)\Amazon\ABB
[x] Nicht Gelöscht : C:\Program Files (x86)\LenovoBrowserGuard
Ordner Gelöscht : C:\Program Files (x86)\MyPCBU
Ordner Gelöscht : C:\Users\Hikaru\SupTab
[x] Nicht Gelöscht : C:\Users\Hikaru\AppData\Local\LenovoBrowserGuard
Ordner Gelöscht : C:\Users\Hikaru\AppData\Roaming\AnyProtectEx
Ordner Gelöscht : C:\Users\Hikaru\AppData\Roaming\MailUpdate
Datei Gelöscht : C:\claraInstaller.txt
Datei Gelöscht : C:\Users\Hikaru\AppData\Local\Temp\Uninstall.exe
Datei Gelöscht : C:\Users\Hikaru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk

***** [ Geplante Tasks ] *****

Task Gelöscht : Run_Bobby_Browser
Task Gelöscht : WinKit
Task Gelöscht : amiupdaterExd
Task Gelöscht : amiupdaterExi

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Classes\pokki
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
Schlüssel Gelöscht : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Schlüssel Gelöscht : HKCU\Software\Classes\Directory\shell\pokki
Schlüssel Gelöscht : HKCU\Software\Classes\Drive\shell\pokki
Schlüssel Gelöscht : HKCU\Software\Classes\lnkfile\shell\pokki
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Mediaplayer\Shiminclusionlist\crossbrowse.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CRSBRWSHTML
Schlüssel Gelöscht : HKLM\SOFTWARE\Clients\StartMenuInternet\Crossbrowse
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\crossbrowse.exe
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [DesktopSearch]
Wert Gelöscht : HKLM\SOFTWARE\Classes\.htm\OpenWithProgids [CRSBRWSHTML]
Wert Gelöscht : HKLM\SOFTWARE\Classes\.html\OpenWithProgids [CRSBRWSHTML]
Wert Gelöscht : HKLM\SOFTWARE\RegisteredApplications [Crossbrowse]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_04bb6df446330549a2cb8d67fbd1a745025b7bd1
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_3dc0e1fa754e445f813f28d62945a52a0bd61e67
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_ae6fb69cb32e90696231047775a0c6f978b07da9
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_Start_Menu
[x] Nicht Gelöscht : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [Default]
Schlüssel Gelöscht : HKCU\Software\AnyProtect
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\Pokki
Schlüssel Gelöscht : HKCU\Software\simplytech
Schlüssel Gelöscht : HKCU\Software\Crossbrowse
Schlüssel Gelöscht : HKCU\Software\YorkNewCin
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartWeb
Schlüssel Gelöscht : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : HKLM\SOFTWARE\Clara
[x] Nicht Gelöscht : HKLM\SOFTWARE\LenovoBrowserGuard
Schlüssel Gelöscht : HKLM\SOFTWARE\Crossbrowse
Schlüssel Gelöscht : HKLM\SOFTWARE\SpeedBit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
[x] Nicht Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LenovoBrowserGuard
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7D7D6742-5B49-4454-9E9B-748E731E741A}_is1
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\istartsurf.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mystartsearch.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.mystartsearch.com

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17840

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]

-\\ Google Chrome v43.0.2357.124

[C:\Users\Hikaru\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.oursurfing.com/web/?type=dspp&ts=1434566190&z=32bcc1b7c366af09ca67085gfzbc1zdwcqcqfg5b5t&from=amt&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH&q={searchTerms}
[C:\Users\Hikaru\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.mystartsearch.com/web/?type=ds&ts=1434566816&z=8b97c00d9112e167a535dfag6zcc1zfwbq0qebag3z&from=cmi&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH&q={searchTerms}
[C:\Users\Hikaru\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.mystartsearch.com/web/?type=ds&ts=1434568576&z=fba18cf542c87940cb20379g6zdc8z9w3q7b0w1m4c&from=cmi&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH&q={searchTerms}
[C:\Users\Hikaru\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Homepage] : hxxp://www.istartsurf.com/?type=hp&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH
[C:\Users\Hikaru\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Startup_URLs] : 93A55B492FEB7464388C2C261637300566D6E725DBADCA3B754E284982CCE7E6"},"software_reporter":{"prompt_reason":"7938A6963AC8F761A3F63E0665B547EDF681916AF182CCCCC47C50AE360F2C89","prompt_seed":"B2EFCB0A98218F63BFB170E434B95A75FCE4852979F10D3CC157C8E93DDDD3CA","prompt_version":"E751FD164EC0A9FC981339425CC9E66BFD39F86F8BD53F7EDE1D3A7A5D5E9708"},"sync":{"remaining_rollback_tries":"86F27B85CB90EEB25001882FC235F735D5AA5453F9EF07115E1DD73993429D32"}},"super_mac":"BD73C878C87EBD394B95322CC69F8F85C696D0377BB4B374B19DA4BA3E02B9AF"},"session":{"restore_on_startup":4,"startup_urls":["hxxp://www.istartsurf.com/?type=hp&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH

*************************

AdwCleaner[R0].txt - [7535 Bytes] - [19/06/2015 14:48:28]
AdwCleaner[S0].txt - [6673 Bytes] - [19/06/2015 14:55:00]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6732  Bytes] ##########
         
--- --- ---
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v4.206 - Bericht erstellt 20/06/2015 um 15:56:42
# Aktualisiert 01/06/2015 von Xplode
# Datenbank : 2015-05-31.5 [Lokal]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : Hikaru - HIKARU-UKE
# Gestarted von : C:\Users\Hikaru\Downloads\adwcleaner_4.206.exe
# Option : Suchlauf

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\Users\Hikaru\AppData\Local\Temp\Uninstall.exe
Ordner Gefunden : C:\Program Files (x86)\AnyProtectEx
Ordner Gefunden : C:\Program Files (x86)\LenovoBrowserGuard
Ordner Gefunden : C:\Users\Hikaru\AppData\Local\LenovoBrowserGuard
Ordner Gefunden : C:\Users\Hikaru\AppData\Roaming\AnyProtectEx

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Daten Gefunden : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.oursurfing.com/?type=sc&ts=1434566156&z=62208703c51793706665884g7z8cfz8w4q8qegawbw&from=amt&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH
Schlüssel Gefunden : HKLM\SOFTWARE\LenovoBrowserGuard
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LenovoBrowserGuard

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Google Chrome v43.0.2357.124


*************************

AdwCleaner[R0].txt - [7535 Bytes] - [19/06/2015 14:48:28]
AdwCleaner[R1].txt - [1474 Bytes] - [20/06/2015 15:56:42]
AdwCleaner[S0].txt - [6816 Bytes] - [19/06/2015 14:55:00]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1592 Bytes] ##########
         
--- --- ---


AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v4.206 - Bericht erstellt 20/06/2015 um 15:58:23
# Aktualisiert 01/06/2015 von Xplode
# Datenbank : 2015-05-31.5 [Lokal]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : Hikaru - HIKARU-UKE
# Gestarted von : C:\Users\Hikaru\Downloads\adwcleaner_4.206.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\AnyProtectEx
[x] Nicht Gelöscht : C:\Program Files (x86)\LenovoBrowserGuard
[x] Nicht Gelöscht : C:\Users\Hikaru\AppData\Local\LenovoBrowserGuard
Ordner Gelöscht : C:\Users\Hikaru\AppData\Roaming\AnyProtectEx
Datei Gelöscht : C:\Users\Hikaru\AppData\Local\Temp\Uninstall.exe

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

[x] Nicht Gelöscht : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [Default]
[x] Nicht Gelöscht : HKLM\SOFTWARE\LenovoBrowserGuard
[x] Nicht Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LenovoBrowserGuard

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Google Chrome v43.0.2357.124


*************************

AdwCleaner[R0].txt - [7535 Bytes] - [19/06/2015 14:48:28]
AdwCleaner[R1].txt - [1671 Bytes] - [20/06/2015 15:56:42]
AdwCleaner[S0].txt - [6816 Bytes] - [19/06/2015 14:55:00]
AdwCleaner[S1].txt - [1400 Bytes] - [20/06/2015 15:58:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1459  Bytes] ##########
         
--- --- ---

[/CODE]

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 7.0.1 (06.17.2015:2)
OS: Windows 8.1 x64
Ran by Hikaru on 18.06.2015 at 13:55:44,34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Failed to stop: [Service] scfd_1_10_0_16
Successfully stopped: [Service] scsvc_1.10.0.16
Successfully deleted: [Service] scsvc_1.10.0.16
Failed to stop: [Service] scfd_1_10_0_16 [Adware.Vitruvian]



~~~ Tasks

Successfully deleted: [Task] C:\WINDOWS\system32\tasks\APSnotifierPP1
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\APSnotifierPP2
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\APSnotifierPP3
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Convertor
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Crossbrowse
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\SuperClick Auto Updater 1.10.0.16 Core
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\SuperClick Auto Updater 1.10.0.16 Pending Update
Successfully deleted: [Task] C:\WINDOWS\tasks\APSnotifierPP1.job
Successfully deleted: [Task] C:\WINDOWS\tasks\APSnotifierPP2.job
Successfully deleted: [Task] C:\WINDOWS\tasks\APSnotifierPP3.job
Successfully deleted: [Task] C:\WINDOWS\tasks\Crossbrowse.job



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_592333F42A0D1CD48BDC7C5A423F80B7
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_9053764826F483F018422F1AA87409D2
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\APN PIP
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AskPartnerNetwork
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{16C56A97-C4BD-433D-9355-D9B3814853D9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\scfd_1_10_0_16 [Adware.Vitruvian]



~~~ Files

Successfully deleted: [File] C:\Users\Hikaru\appdata\local\nseA54A.tmp
Successfully deleted: [File] C:\Users\Hikaru\AppData\Roaming\microsoft\internet explorer\quick launch\crossbrowse.lnk
Successfully deleted: [File] C:\Users\Hikaru\AppData\Roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\pc app store.lnk
Successfully deleted: [File] C:\users\public\desktop\crossbrowse.lnk
Successfully deleted: [File] C:\WINDOWS\system32\drivers\scfd_1_10_0_16.sys [Adware.Vitruvian]
Successfully disinfected: [Shortcut] C:\Users\Hikaru\AppData\Roaming\microsoft\internet explorer\quick launch\Launch Internet Explorer Browser.lnk
Successfully disinfected: [Shortcut] C:\Users\Hikaru\AppData\Roaming\microsoft\internet explorer\quick launch\User Pinned\TaskBar\Internet Explorer.lnk
Successfully disinfected: [Shortcut] C:\Users\Hikaru\AppData\Roaming\microsoft\windows\start menu\Programs\Internet Explorer.lnk



~~~ Folders

Successfully deleted: [Folder] C:\Program Files (x86)\app_setup
Successfully deleted: [Folder] C:\Program Files (x86)\crossbrowse
Successfully deleted: [Folder] C:\Program Files (x86)\SuperClick_1.10.0.16
Successfully deleted: [Folder] C:\ProgramData\desktopsearch
Successfully deleted: [Folder] C:\ProgramData\microsoft\windows\start menu\programs\crossbrowse
Successfully deleted: [Folder] C:\ProgramData\pokki
Successfully deleted: [Folder] C:\Users\Hikaru\appdata\local\crossbrowse
Successfully deleted: [Folder] C:\Users\Hikaru\appdata\local\desktopsearch
Successfully deleted: [Folder] C:\Users\Hikaru\appdata\local\pokki
Successfully deleted: [Folder] C:\Users\Hikaru\appdata\locallow\smartweb
Successfully deleted: [Folder] C:\Users\Hikaru\AppData\Roaming\microsoft\windows\start menu\programs\anyprotect pc backup
Successfully deleted: [Folder] C:\Users\Hikaru\appdata\local\16516



~~~ Chrome


[C:\Users\Hikaru\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Hikaru\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Hikaru\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Hikaru\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.06.2015 at 13:58:43,97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
JRT Logfile:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 7.0.1 (06.17.2015:2)
OS: Windows 8.1 x64
Ran by Hikaru on 20.06.2015 at 16:00:44,54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Chrome


[C:\Users\Hikaru\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Hikaru\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Hikaru\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Hikaru\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.06.2015 at 16:02:48,29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
--- --- ---


Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.06.20.02
  rootkit: v2015.06.15.01

Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.17842
Hikaru :: HIKARU-UKE [administrator]

20.06.2015 16:06:56
mbar-log-2015-06-20 (16-06-56).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 346308
Time elapsed: 11 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Hikaru\AppData\Local\Temp\is-E6PLG.tmp\package_optimizerpro_installer_multilang.exe (Adware.EoRezo) -> Delete on reboot. [9e547a42107aff371c71bbb7808235cb]
C:\Users\Hikaru\AppData\Local\Temp\is-E6PLG.tmp\11.exe (Adware.EoRezo) -> Delete on reboot. [42b0a913bfcb78be9cf1b7bbd72b38c8]

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         

Geändert von H4VPHKARU (23.06.2015 um 21:10 Uhr)

 

Themen zu Win8.1 hat 4 Viren:GenericPOP.x , TR/Dropper.MSIL.Gen,ADWARE.Gen7 und Artemis..
adware.gen7, angst, anime, anleitung, antivirus, artemis!, askbar, avira, benutzte, beste, bobrowser, faust, feedback, funde, genericpop.x, gmer, install.exe, installier, installierte, interne, internet, launch, leitung, logfiles, malwarebytes, namen, onedrive, programme, removal, schritt, seitdem, tool, tr/dropper.msil.gen, viren, win, wirklich




Ähnliche Themen: Win8.1 hat 4 Viren:GenericPOP.x , TR/Dropper.MSIL.Gen,ADWARE.Gen7 und Artemis..


  1. Windows 7 nach Datei download Virenbefall (ADWARE/SuperFish.342192 und ADWARE/CrossRider.Gen7)
    Log-Analyse und Auswertung - 23.07.2015 (36)
  2. Viren (APPL/RedCap (Cloud), SPR/Agent.dkb, TR/Drop.Rotbrow.K.1, ADWARE/InstallCore.Gen7 und zweimal ADWARE/BHO.Bprotector.1.4).
    Plagegeister aller Art und deren Bekämpfung - 10.05.2015 (7)
  3. Windows 7: TR/Crypt.XPACK.Gen7, ADWARE/Adware.Gen7
    Plagegeister aller Art und deren Bekämpfung - 23.03.2015 (9)
  4. [Win8.1] TR/Dropper.MSIL.Gen wurde gefunden
    Log-Analyse und Auswertung - 11.02.2015 (11)
  5. Win7 64Bit ADWARE/Adware.Gen7 , 'TR/Rogue.230400.8
    Log-Analyse und Auswertung - 31.01.2015 (24)
  6. ADWARE/Adware.gen7 + vllt noch andere Sachen auf dem PC/ CD-Laufwerk geht nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 30.01.2015 (3)
  7. Adware.Gen7 - Adware/Cherished.oia - Adware/InstallCore.Gen9 - TR/Trash.Gen bei Antivir gefunden
    Plagegeister aller Art und deren Bekämpfung - 03.12.2014 (13)
  8. Win7/Avira meldet ADWARE/Adware.Gen7
    Log-Analyse und Auswertung - 24.11.2014 (8)
  9. TR/Dropper.MSIL.Gen gefunden
    Plagegeister aller Art und deren Bekämpfung - 25.06.2014 (12)
  10. TR/Dropper.MSIL.GEN
    Log-Analyse und Auswertung - 31.05.2014 (5)
  11. Trojaner gefunden TR/Dldr.Agent.314440 und verschiedene Adwares ADWARE/EoRezo.AF, ADWARE/Adware.Gen7, ADWARE/AgentCV.A.2919
    Log-Analyse und Auswertung - 02.05.2014 (19)
  12. Adware:MSIL/Yontoo
    Plagegeister aller Art und deren Bekämpfung - 10.01.2014 (25)
  13. Der Virus ADWARE/Adware.Gen7 taucht immer wieder auf!
    Plagegeister aller Art und deren Bekämpfung - 27.12.2013 (3)
  14. ADWARE/Adware.Gen7 .....Problem
    Log-Analyse und Auswertung - 07.10.2013 (8)
  15. Trojaner seit gestern TR/Dropper.Gen + ADWARE/INstallCore.Gen7 wie entfernen?
    Plagegeister aller Art und deren Bekämpfung - 30.08.2013 (10)
  16. ADWARE/Adware.Gen7 gefunden Was soll ich machen?
    Plagegeister aller Art und deren Bekämpfung - 02.06.2013 (20)
  17. ADWARE/Adware.Gen7 Datei einfach löschen?
    Log-Analyse und Auswertung - 15.05.2013 (9)

Zum Thema Win8.1 hat 4 Viren:GenericPOP.x , TR/Dropper.MSIL.Gen,ADWARE.Gen7 und Artemis.. - Hallo, Mein Avira Antivirus fand 4 Viren auf meinen Win8.1 Pc am 17.06.2015,die Namen der Viren sind; GenericPOP.x , TR/Dropper.MSIL.Gen,ADWARE.Gen7, Artemis!4FBA8E1ECB31.Ich ging nach einer Anleitung im Internet und benutzte die - Win8.1 hat 4 Viren:GenericPOP.x , TR/Dropper.MSIL.Gen,ADWARE.Gen7 und Artemis.....
Archiv
Du betrachtest: Win8.1 hat 4 Viren:GenericPOP.x , TR/Dropper.MSIL.Gen,ADWARE.Gen7 und Artemis.. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.