Win8.1 hat 4 Viren:GenericPOP.x , TR/Dropper.MSIL.Gen,ADWARE.Gen7 und Artemis..

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:50 on 23/06/2015 (Hikaru)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         

Additional
FRST Logfile:

	
Code: 

Alles auswählenAufklappen 
ATTFilter

  
	
scan result of Farbar Recovery Scan Tool (x64) Version:21-06-2015 01
Ran by Hikaru at 2015-06-23 19:58:01
Running from C:\Users\Hikaru\Downloads\trojaner board
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-239342230-206131414-3666733320-500 - Administrator - Disabled)
Gast (S-1-5-21-239342230-206131414-3666733320-501 - Limited - Disabled)
Hikaru (S-1-5-21-239342230-206131414-3666733320-1002 - Administrator - Enabled) => C:\Users\Hikaru

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.144 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.160 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{3B367DD2-6E0F-ADBE-4510-5DD3F3B9D92A}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.11.574 - Avira Operations GmbH & Co. KG)
BEACON (HKLM-x32\...\{259BF8E7-28DB-461F-8D7F-7B6E267D2502}_is1) (Version: 1.4.0509.0 - Lenovo Inc.)
CLIP STUDIO PAINT (HKLM-x32\...\{E4F184C1-E62E-44F0-B142-AB6197490834}) (Version: 1.3.8 - CELSYS)
Content (x32 Version: 1.00.0000 - Your Company Name) Hidden
Corel Painter 11 - ICA (x32 Version: 11.0 - Corel Corporation) Hidden
Corel Painter 11 - IPM (x32 Version: 011 - Corel Corporation) Hidden
Corel Painter 11 (HKLM-x32\...\_{5B51BB5F-4E7C-4275-A653-E98534E9C1D2}) (Version:  - Corel Corporation)
Corel Painter 11 (x32 Version: 11.0 - Corel Corporation) Hidden
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1602 - CyberLink Corp.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Dependency Package Update (Version: 1.6.25.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.36.00 - Lenovo Inc.) Hidden
Die Sims 2 (HKLM-x32\...\{6E7DD182-9FC6-4651-0095-2E666CC6AF35}) (Version:  - )
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.13.0621 - Lenovo)
FamilySafetyGuide (HKLM-x32\...\{9A268503-5AB0-479E-9690-929BDEC55C00}) (Version: 1.00.0711 - lenovo)
Hightail for Lenovo (HKLM\...\{2F10E937-F6D7-4174-8AB9-B299E8FC5CEC}) (Version: 2.4.97.2751 - Hightail, Inc.)
HP Deskjet 2540 series - Grundlegende Software für das Gerät (HKLM\...\{6D7FCC52-8DDA-441C-849A-4BB7C7E3BF2E}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP Deskjet 2540 series Hilfe (HKLM-x32\...\{B3E5B153-CC4B-40F2-9802-288B0AF2A966}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
IconHandler 32 bit (x32 Version: 2.0 - Corel Corporation) Hidden
IconHandler 64 bit (Version: 2.0 - Corel Corporation) Hidden
Langauge (x32 Version: 1.00.0000 - Your Company Name) Hidden
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.29 - Lenovo)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo)
Lenovo Browser Guard (HKLM-x32\...\LenovoBrowserGuard) (Version: 2.16.60.37 - ClientConnect LTD) <==== ATTENTION
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.25.00 - Lenovo Group Limited)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.19.0 - Lenovo)
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.7 - CEWE COLOR AG u Co. OHG)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.7408 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5723.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5723.52 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1901 - CyberLink Corp.)
Lenovo Rescue System (Version: 4.0.0.1901 - CyberLink Corp.) Hidden
Lenovo SHAREit (HKLM-x32\...\Lenovo SHAREit_is1) (Version: 1.0.11.0 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{1CA74803-5CB2-4C03-BDBE-061EDC81CC7F}) (Version: 2.8.004.00 - Lenovo Group Limited)
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 14.0.1029 - McAfee, Inc.)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Nitro Pro 9 (HKLM\...\{237990BC-415C-4CE8-B279-37892516D9F2}) (Version: 9.0.6.20 - Nitro)
PDF24 Creator 6.5.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7106 - Realtek Semiconductor Corp.)
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version:  - )
Studie zur Verbesserung von HP Deskjet 2540 series (HKLM\...\{E1949FF0-9835-41AC-81E4-E6D9CDCBE49E}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

21-06-2015 12:22:52 Geplanter Prüfpunkt

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01A7284B-3E31-42E2-97A5-67AEEC918158} - \Emaenxsu No Task File <==== ATTENTION
Task: {07C46A96-D7B7-4CF2-BF1C-206E5575C72A} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {14741805-5D43-4A23-A500-70A1589D4184} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {190FFCA9-85C7-41E1-AC00-D0B049212C89} - \Winsta Update No Task File <==== ATTENTION
Task: {3B2DAE9D-6692-47F9-B0CB-267FD607CDAD} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2013-08-13] (Hewlett-Packard Co.)
Task: {43032A1F-1912-474D-B219-70ECF3E41D57} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {45DA55EA-769E-4134-B2E0-498F33E307BA} - System32\Tasks\OFFICE2013ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: {4CD8EF42-014C-431C-B40B-52AE61986C4E} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2014-05-21] ()
Task: {7850D162-919D-4A85-9C1F-7B9C54565ABB} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {78E05431-1107-4FDF-8081-960AED57E308} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {8B4FACFD-472C-46C5-AE39-2C9D6B3F1367} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2015-03-09] (Lenovo)
Task: {944EC7A6-A629-4835-9DF6-C1844F6CDD7E} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-03-09] ()
Task: {999E23E7-DD91-4BB1-A7A1-BEC45DB79596} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {9E46E803-4A0E-4C95-B336-3DFA9688CF43} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {A738AFB9-328A-459E-9D9B-59E4BD0E5AD7} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {A92E79B0-FE62-4F50-A80C-E3F722FFDDE0} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2015-06-11] (Lenovo)
Task: {C28480F3-F0FB-4DA8-B5B2-10D75ACB7FBE} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {C8786A9E-5F94-4D87-B17E-D85DBC65A838} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {CF1C55DF-98C9-4966-86DB-67519D498B3D} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {CFF6D8EF-56A6-44CC-AB7F-B17830FFDBF6} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {E1571395-D58C-49AB-A0DF-4649E024EC17} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-05-27] (Microsoft Corporation)
Task: {E866D120-2739-4966-834F-7DD037EBE9CB} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation)
Task: {F028ECE7-B884-477B-9363-A39D281322E9} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Time-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2014-09-25 00:36 - 2011-08-16 20:46 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
2014-09-25 00:51 - 2013-05-14 20:53 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-09-25 00:36 - 2011-08-16 20:46 - 00024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe
2014-04-02 04:47 - 2014-04-02 04:47 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-05-21 18:29 - 2014-05-21 18:29 - 00033536 _____ () C:\Program Files\Lenovo\iMController\AutoUpdate.exe
2014-09-25 00:36 - 2011-05-17 13:27 - 00028672 _____ () C:\Windows\jmesoft\hidhook.dll
2009-12-04 16:59 - 2009-12-04 16:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2009-12-04 17:04 - 2009-12-04 17:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Hikaru\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-239342230-206131414-3666733320-1002\Control Panel\Desktop\\Wallpaper -> E:\p-es lohnt sich\manga\my anime clip\woah!.jpg
HKU\S-1-5-21-239342230-206131414-3666733320-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> E:\p-es lohnt sich\manga\my anime clip\woah!.jpg
HKU\S-1-5-21-239342230-206131414-3666733320-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> E:\p-es lohnt sich\manga\my anime clip\woah!.jpg
HKU\S-1-5-21-239342230-206131414-3666733320-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Control Panel\Desktop\\Wallpaper -> E:\p-es lohnt sich\manga\my anime clip\woah!.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{05804A18-B410-462F-BFB6-5C779B59475F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{71113D8F-B56B-43BF-8824-037E61A53747}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{1E1D15FF-4D5B-4EF4-BBCF-EC71C0F86424}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{3557079B-C9EC-4511-87BC-D058F1A138B1}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{F2E8AB92-3E7D-444E-8323-07D2CD4E5F3C}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{0A1E8F1D-AD34-445E-BE66-18C60131318A}] => (Allow) C:\Program Files (x86)\lenovo\SHAREit\SHAREit.exe
FirewallRules: [{C6C61864-C1F7-4B26-A1B7-FB80D7C895E1}] => (Allow) C:\Program Files (x86)\lenovo\SHAREit\SHAREit.exe
FirewallRules: [{A414C907-CF5F-4532-9982-D8F0677E24D1}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe
FirewallRules: [{CEDC01ED-A510-4C04-B063-CA12B4C93B19}] => (Allow) LPort=5357
FirewallRules: [{EA9FFA53-1F69-4F3F-999B-47653B7FD586}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{62923A26-3354-4756-8D2A-116BDDFCD275}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{B8BE5CBC-1DB2-43D3-AA2F-6E3FC87F3447}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{8C71827F-0F8B-437A-9D01-A1ED3C17BB67}] => (Allow) C:\Users\Hikaru\AppData\Local\BoBrowser\Application\bobrowser.exe
FirewallRules: [{4F179252-BEA9-442B-A821-E035B478046A}] => (Allow) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/23/2015 07:56:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GWXUX.exe, Version: 6.3.9600.17813, Zeitstempel: 0x554a15f3
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17736, Zeitstempel: 0x550f4336
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000003d85e
ID des fehlerhaften Prozesses: 0xc34
Startzeit der fehlerhaften Anwendung: 0xGWXUX.exe0
Pfad der fehlerhaften Anwendung: GWXUX.exe1
Pfad des fehlerhaften Moduls: GWXUX.exe2
Berichtskennung: GWXUX.exe3
Vollständiger Name des fehlerhaften Pakets: GWXUX.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: GWXUX.exe5

Error: (06/22/2015 11:36:32 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 

Error: (06/22/2015 10:40:19 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 

Error: (06/22/2015 10:35:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GWXUX.exe, Version: 6.3.9600.17813, Zeitstempel: 0x554a15f3
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17736, Zeitstempel: 0x550f4336
Ausnahmecode: 0xc0000008
Fehleroffset: 0x00000000000ec180
ID des fehlerhaften Prozesses: 0x11b8
Startzeit der fehlerhaften Anwendung: 0xGWXUX.exe0
Pfad der fehlerhaften Anwendung: GWXUX.exe1
Pfad des fehlerhaften Moduls: GWXUX.exe2
Berichtskennung: GWXUX.exe3
Vollständiger Name des fehlerhaften Pakets: GWXUX.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: GWXUX.exe5

Error: (06/21/2015 11:56:35 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 

Error: (06/21/2015 03:42:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GWXUX.exe, Version: 6.3.9600.17813, Zeitstempel: 0x554a15f3
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17736, Zeitstempel: 0x550f4336
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000003d85e
ID des fehlerhaften Prozesses: 0x75c
Startzeit der fehlerhaften Anwendung: 0xGWXUX.exe0
Pfad der fehlerhaften Anwendung: GWXUX.exe1
Pfad des fehlerhaften Moduls: GWXUX.exe2
Berichtskennung: GWXUX.exe3
Vollständiger Name des fehlerhaften Pakets: GWXUX.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: GWXUX.exe5

Error: (06/20/2015 03:56:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm mbar.exe, Version 1.9.1.1004 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 12ec

Startzeit: 01d0ab6062545e16

Endzeit: 13311

Anwendungspfad: C:\Users\Hikaru\Desktop\mbar\mbar.exe

Berichts-ID: 1b75cf84-1754-11e5-8266-4437e6e88be4

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (06/19/2015 01:22:05 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary scfd_1_10_0_16.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (06/19/2015 00:43:35 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary scfd_1_10_0_16.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (06/18/2015 06:31:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary scfd_1_10_0_16.

System Error:
Das System kann die angegebene Datei nicht finden.
.


System errors:
=============
Error: (06/20/2015 04:46:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "mail update Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (06/20/2015 04:19:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "mail update Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (06/20/2015 04:01:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Email-Schutz" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/20/2015 04:01:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Cyberlink RichVideo64 Service(CRVS)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/20/2015 04:01:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Protexis Licensing V2" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/20/2015 04:01:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Lenovo System Agent Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/20/2015 04:01:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "JME Keyboard Driver" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/20/2015 04:01:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/20/2015 04:01:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/20/2015 04:01:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office:
=========================
Error: (06/23/2015 07:56:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GWXUX.exe6.3.9600.17813554a15f3ntdll.dll6.3.9600.17736550f4336c0000005000000000003d85ec3401d0adddfa3639a0C:\WINDOWS\System32\GWX\GWXUX.exeC:\WINDOWS\SYSTEM32\ntdll.dll387b5ae4-19d1-11e5-8269-4437e6e88be4

Error: (06/22/2015 11:36:32 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 

Error: (06/22/2015 10:40:19 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 

Error: (06/22/2015 10:35:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GWXUX.exe6.3.9600.17813554a15f3ntdll.dll6.3.9600.17736550f4336c000000800000000000ec18011b801d0ad2af31351ccC:\WINDOWS\System32\GWX\GWXUX.exeC:\WINDOWS\SYSTEM32\ntdll.dll314ed7f8-191e-11e5-8269-4437e6e88be4

Error: (06/21/2015 11:56:35 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 

Error: (06/21/2015 03:42:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GWXUX.exe6.3.9600.17813554a15f3ntdll.dll6.3.9600.17736550f4336c0000005000000000003d85e75c01d0ac280ae166e3C:\WINDOWS\System32\GWX\GWXUX.exeC:\WINDOWS\SYSTEM32\ntdll.dll4bdeb74e-181b-11e5-8269-4437e6e88be4

Error: (06/20/2015 03:56:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbar.exe1.9.1.100412ec01d0ab6062545e1613311C:\Users\Hikaru\Desktop\mbar\mbar.exe1b75cf84-1754-11e5-8266-4437e6e88be4

Error: (06/19/2015 01:22:05 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary scfd_1_10_0_16.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (06/19/2015 00:43:35 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary scfd_1_10_0_16.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (06/18/2015 06:31:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary scfd_1_10_0_16.

System Error:
Das System kann die angegebene Datei nicht finden.


CodeIntegrity Errors:
===================================
  Date: 2015-06-17 23:29:26.855
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe that did not meet the Microsoft signing level requirements.


==================== Memory info =========================== 

Processor: AMD A10-7800 Radeon R7, 12 Compute Cores 4C+8G 
Percentage of memory in use: 23%
Total physical RAM: 7093.19 MB
Available physical RAM: 5438.34 MB
Total Pagefile: 14517.19 MB
Available Pagefile: 12337.84 MB
Total Virtual: 131072 MB
Available Virtual: 131071.77 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:905.25 GB) (Free:859.29 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1746FBBD)

Partition: GPT Partition Type.

==================== End of log ============================
         
 
--- --- ---

--- --- ---


 
Code: 

Alles auswählenAufklappen 
ATTFilter
 
 
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 18.06.2015
Suchlauf-Zeit: 01:24:00
Logdatei: malwarebytes7.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.03.09.05
Rootkit Datenbank: v2015.02.25.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Hikaru

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 343990
Verstrichene Zeit: 11 Min, 6 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 27
PUP.Optional.MBot.A, HKLM\SOFTWARE\WOW6432NODE\MYBESTOFFERSTODAY, In Quarantäne, [6e0b0d362862d6602fd39236ed162cd4], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\WajIntEnhance, In Quarantäne, [d8a171d20783c07600c6486406fdb54b], 
PUP.Software.Updater, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}, In Quarantäne, [3d3c72d1cdbdc5714a5e58a40af9ec14], 
PUP.Optional.BoBrowser.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\BoBrowser, In Quarantäne, [fa7f83c0e3a785b1761b7837a75c6e92], 
PUP.Optional.CinemaPlus.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\CinemaPlus-3.2cV17.06, In Quarantäne, [2a4fd2716d1d83b35b7972451ae9ac54], 
PUP.Optional.CinemaPlus.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\CinemaPlus-3.2cV17.06-nv, In Quarantäne, [bbbe31129bef4cea468e4473c340619f], 
PUP.Optional.CinemaPlus.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\CinemaPlus-3.2cV17.06-nv-ie, In Quarantäne, [accd043f038773c324b08f28bf448f71], 
PUP.Optional.HomeTab.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\HomeTab, In Quarantäne, [3742c47fd3b7b6806ed215c44eb5df21], 
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\SearchProtectWS, In Quarantäne, [de9b2023682253e3bbd205a46f948b75], 
PUP.Optional.TNT.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\TNT2, In Quarantäne, [0079af949cee3006c6a86f3c55ae4ab6], 
PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\TutoTag, In Quarantäne, [4e2b5fe46d1d89ad626456d70500ad53], 
PUP.Optional.Wajam.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\WajIEnhance, In Quarantäne, [a9d00142d9b169cda604902240c308f8], 
PUP.Optional.Wajam.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\WajIntEnhance, In Quarantäne, [caafd66d800a0e28bb0c595308fbcf31], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [03763c07018965d14ceccc53768f44bc], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\30935, In Quarantäne, [3b3ede65286283b315a6fec473906f91], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\Cinema PlusV17.06, In Quarantäne, [cfaa2e156e1c36004a024a6dca39a060], 
PUP.Optional.Qone8, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [bebb3d065a30f3432678c84e729326da], 
PUP.Optional.Iminent.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IMBoosterARP, In Quarantäne, [5227331005851c1ac7aa4164956edd23], 
PUP.Optional.Iminent.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IminentToolbar, In Quarantäne, [4831ae95296140f673ff9c09cb3814ec], 
PUP.Optional.Linkey.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Linkey, In Quarantäne, [f287360d2b5f3006096a3e677f84ef11], 
PUP.Optional.Vosteran.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Vosteran.com, In Quarantäne, [76039ba8a9e1ac8a41339c09f50ee020], 
PUP.Optional.Wajam.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WajIntEnhance, In Quarantäne, [a2d7b48facde3204680da0056a99af51], 
PUP.Optional.HomeTab.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\SIMPLYTECH\HomeTab, In Quarantäne, [5821053ec9c1092d2048cb26a0637b85], 
PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\TUTORIALS\updatetutorialeshp, In Quarantäne, [c9b02a194b3fa492e80a703a19eae21e], 
PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\TUTORIALS\updatetutorialshp, In Quarantäne, [a9d0a3a0d1b90234797a3c6eb84b40c0], 
PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\TUTORIALS\updv, In Quarantäne, [2257c47ff595ba7c30c4723857ac8e72], 
PUP.Optional.MBot.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\mbot_de_014010005_is1, In Quarantäne, [354454ef038792a49582454347bced13], 

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 11
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\GOOGLE CHROME\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://www.istartsurf.com/?type=sc&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH, Gut: (Chrome.exe), Schlecht: ("C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://www.istartsurf.com/?type=sc&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH),Ersetzt,[03767fc4bcce73c32995597ddd28d52b]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.istartsurf.com/web/?type=ds&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH&q={searchTerms}),Ersetzt,[81f81f242466aa8c9482f9dcca3b42be]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.istartsurf.com/?type=hp&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH),Ersetzt,[611856ede7a390a63dd9e0f59d6859a7]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.istartsurf.com/web/?type=ds&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH&q={searchTerms}),Ersetzt,[0475b88b2b5f20169a7c21b45fa6f808]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[56235be836545adc26749f425ca937c9]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\GOOGLE CHROME\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://www.istartsurf.com/?type=sc&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH, Gut: (Chrome.exe), Schlecht: ("C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://www.istartsurf.com/?type=sc&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH),Ersetzt,[8decf251ccbed660229c7462c44128d8]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.istartsurf.com/web/?type=ds&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH&q={searchTerms}),Ersetzt,[7cfd43008cfe79bdaf67a4313bca7987]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.istartsurf.com/?type=hp&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH),Ersetzt,[2554f350c6c491a561b52aab986df50b]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.istartsurf.com/web/?type=ds&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH&q={searchTerms}),Ersetzt,[90e9e2610684b87e0a0c548112f3619f]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[93e684bf0b7f3afc0c8ea0412cd9946c]
PUP.Optional.IStartSurf.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.istartsurf.com/?type=hp&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH),Ersetzt,[8eebcf747218d264d53f914459acd32d]

Ordner: 7
PUP.Optional.GlobalUpdate.A, C:\Users\Hikaru\AppData\Local\Temp\comh.266757, In Quarantäne, [c1b87fc4fe8c6bcb5534acd633d05ea2], 
PUP.Optional.MBot.A, C:\Users\Hikaru\AppData\Local\mbot_de_014010005, In Quarantäne, [631676cddeac2511b3632167e023867a], 
PUP.Optional.MBot.A, C:\Users\Hikaru\AppData\Local\mbot_de_014010005\Download, In Quarantäne, [631676cddeac2511b3632167e023867a], 
PUP.Optional.MBot.A, C:\Users\Hikaru\AppData\Local\mbot_de_014010005\mbot_de_014010005, In Quarantäne, [631676cddeac2511b3632167e023867a], 
PUP.Optional.MBot.A, C:\Users\Hikaru\AppData\Local\mbot_de_014010005\mbot_de_014010005\1.10, In Quarantäne, [631676cddeac2511b3632167e023867a], 
PUP.Optional.MBot.A, C:\Program Files (x86)\mbot_de_014010005, In Quarantäne, [354454ef038792a49582454347bced13], 
PUP.Optional.MBot.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MYBESTOFFERSTODAY, In Quarantäne, [5f1aa1a2088210268aec4643cd36728e], 

Dateien: 44
PUP.Optional.MyStartSearch.A, C:\Users\Hikaru\AppData\Local\Temp\nscE27C.tmp, In Quarantäne, [fe7b1033e6a4f4420748b565d630fa06], 
PUP.Optional.MyStartSearch.A, C:\Users\Hikaru\AppData\Local\Temp\nsp94CD.tmp, In Quarantäne, [97e245feb9d19d9973dc66b4778f01ff], 
PUP.Optional.Somoto, C:\Users\Hikaru\AppData\Local\Temp\bitool.dll, In Quarantäne, [c7b20d360e7cf442b6699fad7e84e21e], 
PUP.Optional.BoostSaves.A, C:\Users\Hikaru\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage, In Quarantäne, [86f36ad9e7a3dc5ae1a8239137cc7c84], 
PUP.Optional.BoostSaves.A, C:\Users\Hikaru\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage-journal, In Quarantäne, [afcabb882c5e999db9d007ad37cca957], 
PUP.Optional.Boost.A, C:\Users\Hikaru\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage, In Quarantäne, [4a2f350e800a52e4212c04ca689b2ed2], 
PUP.Optional.Boost.A, C:\Users\Hikaru\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage-journal, In Quarantäne, [53262c172f5bc86eb09d319dca39bd43], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-1-6, In Quarantäne, [3b3e6ed5a9e10f275c15e8e6fd06e917], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-1-7, In Quarantäne, [a2d70a394b3f96a0145dc30bb053b44c], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-10_user, In Quarantäne, [5c1dd96a90fa61d575fcdfefc93a9d63], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-11, In Quarantäne, [5821093a404a93a3a0d18945f90ad62a], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-3, In Quarantäne, [fb7ea59e25659d99b0c1f7d738cba957], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-5, In Quarantäne, [bebb0e3553374fe7e78a05c95ea5738d], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-5_user, In Quarantäne, [fc7d1e258dfd2b0b135e0bc3818243bd], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-6, In Quarantäne, [df9a67dc9af06dc93041b21c897a4ab6], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-7, In Quarantäne, [9ddca69def9bd4620869cfff4fb48d73], 
PUP.SoftwareUpdater.A, C:\Windows\System32\Tasks\AmiUpdXp, In Quarantäne, [0673e0636e1c42f41dec389bd72c16ea], 
PUP.Software.Updater, C:\Windows\Tasks\AmiUpdXp.job, In Quarantäne, [bbbe340f612983b3c3e410ec41c2bb45], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-1-6.job, In Quarantäne, [0376073c3159b284de8f0d1e19eca858], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-1-7.job, In Quarantäne, [52277cc7e5a5ef471c512506eb1ab050], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-10_user.job, In Quarantäne, [73068eb594f6092dd7968aa1b4510cf4], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-11.job, In Quarantäne, [0178c380bdcdbc7abeafdf4ce421b34d], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-3.job, In Quarantäne, [a7d2b78c14762214422b56d5ec19b34d], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-5.job, In Quarantäne, [99e07dc65931d85ecba264c718ed22de], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-5_user.job, In Quarantäne, [b7c294aff09a73c3620b31fa13f2a858], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-6.job, In Quarantäne, [5a1fea598a00c1755d102b00c243d62a], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-7.job, In Quarantäne, [de9bcf74a9e17abcb0bdc16a03025aa6], 
PUP.Optional.Vitruvian.A, C:\Users\Hikaru\AppData\Local\Temp\vitruvian-installer-hardwareprofile-v0001, In Quarantäne, [48316ed5404a0f270fe20c2758adda26], 
PUP.Optional.Vitruvian.A, C:\Users\Hikaru\AppData\Local\Temp\vitruvian-installer-install-v0003, In Quarantäne, [01784ef54c3efa3cbc35181bbb4ade22], 
PUP.Optional.Vitruvian.A, C:\Users\Hikaru\AppData\Local\Temp\vitruvian-installer-processes-v0002, In Quarantäne, [6c0dde655139e45202efd85b58ad5ca4], 
PUP.Optional.Vitruvian.A, C:\Users\Hikaru\AppData\Local\Temp\vitruvian-installer-scheduledtasks-v0001, In Quarantäne, [611882c1305a8da9628f00334cb9cd33], 
PUP.Optional.Vitruvian.A, C:\Users\Hikaru\AppData\Local\Temp\vitruvian-installer-softwareregkeys-v0002, In Quarantäne, [68115be8f39779bd37ba3ff4ad58e31d], 
PUP.Optional.GlobalUpdate.A, C:\Users\Hikaru\AppData\Local\Temp\comh.266757\globalupdateBroker.exe, In Quarantäne, [c1b87fc4fe8c6bcb5534acd633d05ea2], 
PUP.Optional.GlobalUpdate.A, C:\Users\Hikaru\AppData\Local\Temp\comh.266757\globalupdateHelper.msi, In Quarantäne, [c1b87fc4fe8c6bcb5534acd633d05ea2], 
PUP.Optional.GlobalUpdate.A, C:\Users\Hikaru\AppData\Local\Temp\comh.266757\globalupdateOnDemand.exe, In Quarantäne, [c1b87fc4fe8c6bcb5534acd633d05ea2], 
PUP.Optional.GlobalUpdate.A, C:\Users\Hikaru\AppData\Local\Temp\comh.266757\goopdate.dll, In Quarantäne, [c1b87fc4fe8c6bcb5534acd633d05ea2], 
PUP.Optional.MBot.A, C:\Users\Hikaru\AppData\Local\mbot_de_014010005\upgmsd_de_005010005.cyl, In Quarantäne, [631676cddeac2511b3632167e023867a], 
PUP.Optional.MBot.A, C:\Users\Hikaru\AppData\Local\mbot_de_014010005\upmbot_de_014010005.cyl, In Quarantäne, [631676cddeac2511b3632167e023867a], 
PUP.Optional.MBot.A, C:\Users\Hikaru\AppData\Local\mbot_de_014010005\user_profil.cyp, In Quarantäne, [631676cddeac2511b3632167e023867a], 
PUP.Optional.MBot.A, C:\Users\Hikaru\AppData\Local\mbot_de_014010005\mbot_de_014010005\1.10\cnf.cyl, In Quarantäne, [631676cddeac2511b3632167e023867a], 
PUP.Optional.MBot.A, C:\Users\Hikaru\AppData\Local\mbot_de_014010005\mbot_de_014010005\1.10\eorezo.cyl, In Quarantäne, [631676cddeac2511b3632167e023867a], 
PUP.Optional.MBot.A, C:\Program Files (x86)\mbot_de_014010005\unins000.dat, In Quarantäne, [354454ef038792a49582454347bced13], 
PUP.Optional.MBot.A, C:\Program Files (x86)\mbot_de_014010005\unins000.exe, In Quarantäne, [354454ef038792a49582454347bced13], 
PUP.Optional.MBot.A, C:\Program Files (x86)\mbot_de_014010005\unins000.msg, In Quarantäne, [354454ef038792a49582454347bced13], 

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
         
 
 
Code: 

Alles auswählenAufklappen 
ATTFilter
 
 
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 20.06.2015
Suchlauf-Zeit: 16:34:21
Logdatei: malwarebytes2.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.06.20.02
Rootkit Datenbank: v2015.06.15.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Hikaru

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 345863
Verstrichene Zeit: 9 Min, 30 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 1
PUP.Optional.MultiPlug.Gen, C:\Users\Hikaru\AppData\Roaming\3BDD7C98-1434566357-11E4-8357-1C2C465E1100\knsfF8D0.tmp, 1780, Löschen bei Neustart, [569cb20aee9c280e2a0c117812f346ba]

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 9
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{B0660298-91AA-421F-BF0D-BFF6BB8BF3AE}, In Quarantäne, [b2408636f892ef470b67f0c15aa9d030], 
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{EAC7DE5C-9520-435D-91AA-4A02E4773CEA}, In Quarantäne, [b2408636f892ef470b67f0c15aa9d030], 
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EAC7DE5C-9520-435D-91AA-4A02E4773CEA}, In Quarantäne, [b2408636f892ef470b67f0c15aa9d030], 
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{EAC7DE5C-9520-435D-91AA-4A02E4773CEA}, In Quarantäne, [b2408636f892ef470b67f0c15aa9d030], 
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{B0660298-91AA-421F-BF0D-BFF6BB8BF3AE}, In Quarantäne, [b2408636f892ef470b67f0c15aa9d030], 
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{B0660298-91AA-421F-BF0D-BFF6BB8BF3AE}, In Quarantäne, [b2408636f892ef470b67f0c15aa9d030], 
PUP.Optional.MultiPlug.Gen, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\levukyhy, In Quarantäne, [569cb20aee9c280e2a0c117812f346ba], 
PUP.Optional.SuperClick.A, HKLM\SOFTWARE\WOW6432NODE\SuperClick_1.10.0.16, In Quarantäne, [bc3615a74743db5be273444bf015d32d], 
PUP.Optional.PCSpeedUp.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PCSUUCDRV, In Quarantäne, [1ed46854a8e277bf12cee6acfe0749b7], 

Registrierungswerte: 1
PUP.Optional.MultiPlug.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\levukyhy|ImagePath, C:\Users\Hikaru\AppData\Roaming\3BDD7C98-1434566357-11E4-8357-1C2C465E1100\knsfF8D0.tmp, In Quarantäne, [15dd9d1f305a77bf96261176709555ab]

Registrierungsdaten: 2
PUP.Optional.OurSurfing.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.oursurfing.com/?type=sc&ts=1434566156&z=62208703c51793706665884g7z8cfz8w4q8qegawbw&from=amt&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.oursurfing.com/?type=sc&ts=1434566156&z=62208703c51793706665884g7z8cfz8w4q8qegawbw&from=amt&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH),Ersetzt,[539f4c70444679bdc376ea61fb0be11f]
PUP.Optional.OurSurfing.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.oursurfing.com/?type=sc&ts=1434566156&z=62208703c51793706665884g7z8cfz8w4q8qegawbw&from=amt&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.oursurfing.com/?type=sc&ts=1434566156&z=62208703c51793706665884g7z8cfz8w4q8qegawbw&from=amt&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH),Ersetzt,[1ed4a517e1a9f5413ffae96255b15ba5]

Ordner: 5
PUP.Optional.MultiPlug.Gen, C:\Users\Hikaru\AppData\Roaming\3BDD7C98-1434566357-11E4-8357-1C2C465E1100, Löschen bei Neustart, [569cb20aee9c280e2a0c117812f346ba], 
PUP.Optional.Amonetize.A, C:\ProgramData\Emaenxsu\1.0.1.0, In Quarantäne, [52a04c703e4ca88e77d5820ef21338c8], 
PUP.Optional.Amonetize.A, C:\ProgramData\Emaenxsu, In Quarantäne, [52a04c703e4ca88e77d5820ef21338c8], 
PUP.Optional.PullUpdate.A, C:\ProgramData\hUYXYdNI\dat, In Quarantäne, [c42e328a55358ea832a56621a5617e82], 
PUP.Optional.PullUpdate.A, C:\ProgramData\hUYXYdNI, In Quarantäne, [c42e328a55358ea832a56621a5617e82], 

Dateien: 17
PUP.Optional.PullUpdate.A, C:\ProgramData\hUYXYdNI\dat\OoZhholiwT.exe, In Quarantäne, [3cb6f7c5fe8c0b2b21a15b2ae5216f91], 
PUP.Optional.AnyProtect, C:\Users\Hikaru\AppData\Local\Temp\nsmAB0D.tmp, In Quarantäne, [d41e9329751559ddf37b0564d033ce32], 
PUP.Optional.AnyProtect, C:\Users\Hikaru\AppData\Local\Temp\nspA54.tmp, In Quarantäne, [fff3a6162a6083b3214dd495ec17a55b], 
PUP.Optional.IStartSurf.A, C:\Users\Hikaru\AppData\Local\Temp\nswFA3A.tmp, In Quarantäne, [c32f13a9781220164b873152d333e31d], 
PUP.Optional.Clara.A, C:\Users\Hikaru\AppData\Local\Temp\CR_B2D82.tmp\setup.exe, In Quarantäne, [ca288636682287afc6a27b0a80860cf4], 
PUP.Optional.MultiPlug.Gen, C:\Users\Hikaru\AppData\Roaming\3BDD7C98-1434566357-11E4-8357-1C2C465E1100\knsfF8D0.tmp, Löschen bei Neustart, [569cb20aee9c280e2a0c117812f346ba], 
PUP.Optional.MultiPlug.Gen, C:\Users\Hikaru\AppData\Roaming\3BDD7C98-1434566357-11E4-8357-1C2C465E1100\rnsoC31F.exe, In Quarantäne, [569cb20aee9c280e2a0c117812f346ba], 
PUP.Optional.MultiPlug.Gen, C:\Users\Hikaru\AppData\Roaming\3BDD7C98-1434566357-11E4-8357-1C2C465E1100\Uninstall.exe, In Quarantäne, [569cb20aee9c280e2a0c117812f346ba], 
PUP.Optional.MultiPlug.Gen, C:\Users\Hikaru\AppData\Roaming\3BDD7C98-1434566357-11E4-8357-1C2C465E1100\vnsv9FB1.tmp, In Quarantäne, [569cb20aee9c280e2a0c117812f346ba], 
PUP.Optional.Amonetize.A, C:\ProgramData\Emaenxsu\1.0.1.0\kugnoaah.exe.config, In Quarantäne, [52a04c703e4ca88e77d5820ef21338c8], 
PUP.Optional.Amonetize.A, C:\ProgramData\Emaenxsu\1.0.1.0\sqlite3.dll, In Quarantäne, [52a04c703e4ca88e77d5820ef21338c8], 
PUP.Optional.Amonetize.A, C:\ProgramData\Emaenxsu\dat.dat, In Quarantäne, [52a04c703e4ca88e77d5820ef21338c8], 
PUP.Optional.PullUpdate.A, C:\ProgramData\hUYXYdNI\dat\OoZhholiwT.exe.config, In Quarantäne, [c42e328a55358ea832a56621a5617e82], 
PUP.Optional.PullUpdate.A, C:\ProgramData\hUYXYdNI\dat\REaCcB.exe.config, In Quarantäne, [c42e328a55358ea832a56621a5617e82], 
PUP.Optional.PullUpdate.A, C:\ProgramData\hUYXYdNI\info.dat, In Quarantäne, [c42e328a55358ea832a56621a5617e82], 
PUP.Optional.PullUpdate.A, C:\ProgramData\hUYXYdNI\wPDBXOj.dat, In Quarantäne, [c42e328a55358ea832a56621a5617e82], 
PUP.Optional.PullUpdate.A, C:\ProgramData\hUYXYdNI\wPDBXOj.exe.config, In Quarantäne, [c42e328a55358ea832a56621a5617e82], 

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
         
 
AdwCleaner Logfile:
 
Code: 

Alles auswählenAufklappen 
ATTFilter
 
 
# AdwCleaner v4.206 - Bericht erstellt 19/06/2015 um 14:48:28
# Aktualisiert 01/06/2015 von Xplode
# Datenbank : 2015-05-31.5 [Lokal]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : Hikaru - HIKARU-UKE
# Gestarted von : C:\Users\Hikaru\Downloads\adwcleaner_4.206.exe
# Option : Suchlauf

***** [ Dienste ] *****

Dienst Gefunden : 0014681434673201mcinstcleanup

***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\claraInstaller.txt
Datei Gefunden : C:\Users\Hikaru\AppData\Local\Temp\Uninstall.exe
Datei Gefunden : C:\Users\Hikaru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk
Ordner Gefunden : C:\DesktopSearch
Ordner Gefunden : C:\Program Files (x86)\Amazon\ABB
Ordner Gefunden : C:\Program Files (x86)\LenovoBrowserGuard
Ordner Gefunden : C:\Program Files (x86)\MyPCBU
Ordner Gefunden : C:\ProgramData\MailUpdate
Ordner Gefunden : C:\Users\Hikaru\AppData\Local\LenovoBrowserGuard
Ordner Gefunden : C:\Users\Hikaru\AppData\Roaming\AnyProtectEx
Ordner Gefunden : C:\Users\Hikaru\AppData\Roaming\MailUpdate
Ordner Gefunden : C:\Users\Hikaru\SupTab

***** [ Geplante Tasks ] *****

Task Gefunden : Run_Bobby_Browser
Task Gefunden : WinKit
Task Gefunden : amiupdaterExd
Task Gefunden : amiupdaterExi

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Daten Gefunden : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.oursurfing.com/?type=sc&ts=1434566156&z=62208703c51793706665884g7z8cfz8w4q8qegawbw&from=amt&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH
Schlüssel Gefunden : HKCU\Software\AnyProtect
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartWeb
Schlüssel Gefunden : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Schlüssel Gefunden : HKCU\Software\Classes\Directory\shell\pokki
Schlüssel Gefunden : HKCU\Software\Classes\Drive\shell\pokki
Schlüssel Gefunden : HKCU\Software\Classes\lnkfile\shell\pokki
Schlüssel Gefunden : HKCU\Software\Classes\pokki
Schlüssel Gefunden : HKCU\Software\Crossbrowse
Schlüssel Gefunden : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\istartsurf.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mystartsearch.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.mystartsearch.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_04bb6df446330549a2cb8d67fbd1a745025b7bd1
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_3dc0e1fa754e445f813f28d62945a52a0bd61e67
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_ae6fb69cb32e90696231047775a0c6f978b07da9
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_Start_Menu
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_Start_Menu
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Schlüssel Gefunden : HKCU\Software\Pokki
Schlüssel Gefunden : HKCU\Software\simplytech
Schlüssel Gefunden : HKCU\Software\YorkNewCin
Schlüssel Gefunden : [x64] HKCU\Software\AnyProtect
Schlüssel Gefunden : [x64] HKCU\Software\Crossbrowse
Schlüssel Gefunden : [x64] HKCU\Software\InstalledBrowserExtensions
Schlüssel Gefunden : [x64] HKCU\Software\Pokki
Schlüssel Gefunden : [x64] HKCU\Software\simplytech
Schlüssel Gefunden : [x64] HKCU\Software\YorkNewCin
Schlüssel Gefunden : HKLM\SOFTWARE\Clara
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CRSBRWSHTML
Schlüssel Gefunden : HKLM\SOFTWARE\Clients\StartMenuInternet\Crossbrowse
Schlüssel Gefunden : HKLM\SOFTWARE\Crossbrowse
Schlüssel Gefunden : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gefunden : HKLM\SOFTWARE\LenovoBrowserGuard
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Mediaplayer\Shiminclusionlist\crossbrowse.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\crossbrowse.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7D7D6742-5B49-4454-9E9B-748E731E741A}_is1
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LenovoBrowserGuard
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Schlüssel Gefunden : HKLM\SOFTWARE\SpeedBit
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Wert Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [DesktopSearch]
Wert Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
Wert Gefunden : HKLM\SOFTWARE\Classes\.htm\OpenWithProgids [CRSBRWSHTML]
Wert Gefunden : HKLM\SOFTWARE\Classes\.html\OpenWithProgids [CRSBRWSHTML]
Wert Gefunden : HKLM\SOFTWARE\RegisteredApplications [Crossbrowse]

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17840

Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.oursurfing.com/web/?type=dspp&ts=1434566190&z=32bcc1b7c366af09ca67085gfzbc1zdwcqcqfg5b5t&from=amt&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH&q={searchTerms}

-\\ Google Chrome v43.0.2357.124

[C:\Users\Hikaru\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://www.oursurfing.com/web/?type=dspp&ts=1434566190&z=32bcc1b7c366af09ca67085gfzbc1zdwcqcqfg5b5t&from=amt&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH&q={searchTerms}
[C:\Users\Hikaru\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://www.mystartsearch.com/web/?type=ds&ts=1434566816&z=8b97c00d9112e167a535dfag6zcc1zfwbq0qebag3z&from=cmi&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH&q={searchTerms}
[C:\Users\Hikaru\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://www.mystartsearch.com/web/?type=ds&ts=1434568576&z=fba18cf542c87940cb20379g6zdc8z9w3q7b0w1m4c&from=cmi&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH&q={searchTerms}
[C:\Users\Hikaru\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gefunden [Homepage] : hxxp://www.istartsurf.com/?type=hp&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH
[C:\Users\Hikaru\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gefunden [Startup_URLs] : 93A55B492FEB7464388C2C261637300566D6E725DBADCA3B754E284982CCE7E6"},"software_reporter":{"prompt_reason":"7938A6963AC8F761A3F63E0665B547EDF681916AF182CCCCC47C50AE360F2C89","prompt_seed":"B2EFCB0A98218F63BFB170E434B95A75FCE4852979F10D3CC157C8E93DDDD3CA","prompt_version":"E751FD164EC0A9FC981339425CC9E66BFD39F86F8BD53F7EDE1D3A7A5D5E9708"},"sync":{"remaining_rollback_tries":"86F27B85CB90EEB25001882FC235F735D5AA5453F9EF07115E1DD73993429D32"}},"super_mac":"BD73C878C87EBD394B95322CC69F8F85C696D0377BB4B374B19DA4BA3E02B9AF"},"session":{"restore_on_startup":4,"startup_urls":["hxxp://www.istartsurf.com/?type=hp&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH

*************************

AdwCleaner[R0].txt - [7369 Bytes] - [19/06/2015 14:48:28]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [7428 Bytes] ##########
         
 
--- --- ---


AdwCleaner Logfile:
 
Code: 

Alles auswählenAufklappen 
ATTFilter
 
 
# AdwCleaner v4.206 - Bericht erstellt 19/06/2015 um 14:55:00
# Aktualisiert 01/06/2015 von Xplode
# Datenbank : 2015-05-31.5 [Lokal]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : Hikaru - HIKARU-UKE
# Gestarted von : C:\Users\Hikaru\Downloads\adwcleaner_4.206.exe
# Option : Löschen

***** [ Dienste ] *****

[x] Nicht Gelöscht : 0014681434673201mcinstcleanup

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\DesktopSearch
Ordner Gelöscht : C:\ProgramData\MailUpdate
Ordner Gelöscht : C:\Program Files (x86)\Amazon\ABB
[x] Nicht Gelöscht : C:\Program Files (x86)\LenovoBrowserGuard
Ordner Gelöscht : C:\Program Files (x86)\MyPCBU
Ordner Gelöscht : C:\Users\Hikaru\SupTab
[x] Nicht Gelöscht : C:\Users\Hikaru\AppData\Local\LenovoBrowserGuard
Ordner Gelöscht : C:\Users\Hikaru\AppData\Roaming\AnyProtectEx
Ordner Gelöscht : C:\Users\Hikaru\AppData\Roaming\MailUpdate
Datei Gelöscht : C:\claraInstaller.txt
Datei Gelöscht : C:\Users\Hikaru\AppData\Local\Temp\Uninstall.exe
Datei Gelöscht : C:\Users\Hikaru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk

***** [ Geplante Tasks ] *****

Task Gelöscht : Run_Bobby_Browser
Task Gelöscht : WinKit
Task Gelöscht : amiupdaterExd
Task Gelöscht : amiupdaterExi

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Classes\pokki
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
Schlüssel Gelöscht : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Schlüssel Gelöscht : HKCU\Software\Classes\Directory\shell\pokki
Schlüssel Gelöscht : HKCU\Software\Classes\Drive\shell\pokki
Schlüssel Gelöscht : HKCU\Software\Classes\lnkfile\shell\pokki
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Mediaplayer\Shiminclusionlist\crossbrowse.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CRSBRWSHTML
Schlüssel Gelöscht : HKLM\SOFTWARE\Clients\StartMenuInternet\Crossbrowse
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\crossbrowse.exe
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [DesktopSearch]
Wert Gelöscht : HKLM\SOFTWARE\Classes\.htm\OpenWithProgids [CRSBRWSHTML]
Wert Gelöscht : HKLM\SOFTWARE\Classes\.html\OpenWithProgids [CRSBRWSHTML]
Wert Gelöscht : HKLM\SOFTWARE\RegisteredApplications [Crossbrowse]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_04bb6df446330549a2cb8d67fbd1a745025b7bd1
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_3dc0e1fa754e445f813f28d62945a52a0bd61e67
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_ae6fb69cb32e90696231047775a0c6f978b07da9
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_Start_Menu
[x] Nicht Gelöscht : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [Default]
Schlüssel Gelöscht : HKCU\Software\AnyProtect
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\Pokki
Schlüssel Gelöscht : HKCU\Software\simplytech
Schlüssel Gelöscht : HKCU\Software\Crossbrowse
Schlüssel Gelöscht : HKCU\Software\YorkNewCin
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartWeb
Schlüssel Gelöscht : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : HKLM\SOFTWARE\Clara
[x] Nicht Gelöscht : HKLM\SOFTWARE\LenovoBrowserGuard
Schlüssel Gelöscht : HKLM\SOFTWARE\Crossbrowse
Schlüssel Gelöscht : HKLM\SOFTWARE\SpeedBit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
[x] Nicht Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LenovoBrowserGuard
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7D7D6742-5B49-4454-9E9B-748E731E741A}_is1
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\istartsurf.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mystartsearch.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.mystartsearch.com

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17840

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]

-\\ Google Chrome v43.0.2357.124

[C:\Users\Hikaru\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.oursurfing.com/web/?type=dspp&ts=1434566190&z=32bcc1b7c366af09ca67085gfzbc1zdwcqcqfg5b5t&from=amt&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH&q={searchTerms}
[C:\Users\Hikaru\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.mystartsearch.com/web/?type=ds&ts=1434566816&z=8b97c00d9112e167a535dfag6zcc1zfwbq0qebag3z&from=cmi&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH&q={searchTerms}
[C:\Users\Hikaru\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.mystartsearch.com/web/?type=ds&ts=1434568576&z=fba18cf542c87940cb20379g6zdc8z9w3q7b0w1m4c&from=cmi&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH&q={searchTerms}
[C:\Users\Hikaru\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Homepage] : hxxp://www.istartsurf.com/?type=hp&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH
[C:\Users\Hikaru\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Startup_URLs] : 93A55B492FEB7464388C2C261637300566D6E725DBADCA3B754E284982CCE7E6"},"software_reporter":{"prompt_reason":"7938A6963AC8F761A3F63E0665B547EDF681916AF182CCCCC47C50AE360F2C89","prompt_seed":"B2EFCB0A98218F63BFB170E434B95A75FCE4852979F10D3CC157C8E93DDDD3CA","prompt_version":"E751FD164EC0A9FC981339425CC9E66BFD39F86F8BD53F7EDE1D3A7A5D5E9708"},"sync":{"remaining_rollback_tries":"86F27B85CB90EEB25001882FC235F735D5AA5453F9EF07115E1DD73993429D32"}},"super_mac":"BD73C878C87EBD394B95322CC69F8F85C696D0377BB4B374B19DA4BA3E02B9AF"},"session":{"restore_on_startup":4,"startup_urls":["hxxp://www.istartsurf.com/?type=hp&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH

*************************

AdwCleaner[R0].txt - [7535 Bytes] - [19/06/2015 14:48:28]
AdwCleaner[S0].txt - [6673 Bytes] - [19/06/2015 14:55:00]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6732  Bytes] ##########
         
 
--- --- ---
         

# AdwCleaner v4.206 - Bericht erstellt 20/06/2015 um 15:56:42
# Aktualisiert 01/06/2015 von Xplode
# Datenbank : 2015-05-31.5 [Lokal]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : Hikaru - HIKARU-UKE
# Gestarted von : C:\Users\Hikaru\Downloads\adwcleaner_4.206.exe
# Option : Suchlauf

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\Users\Hikaru\AppData\Local\Temp\Uninstall.exe
Ordner Gefunden : C:\Program Files (x86)\AnyProtectEx
Ordner Gefunden : C:\Program Files (x86)\LenovoBrowserGuard
Ordner Gefunden : C:\Users\Hikaru\AppData\Local\LenovoBrowserGuard
Ordner Gefunden : C:\Users\Hikaru\AppData\Roaming\AnyProtectEx

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Daten Gefunden : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.oursurfing.com/?type=sc&ts=1434566156&z=62208703c51793706665884g7z8cfz8w4q8qegawbw&from=amt&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH
Schlüssel Gefunden : HKLM\SOFTWARE\LenovoBrowserGuard
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LenovoBrowserGuard

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Google Chrome v43.0.2357.124


*************************

AdwCleaner[R0].txt - [7535 Bytes] - [19/06/2015 14:48:28]
AdwCleaner[R1].txt - [1474 Bytes] - [20/06/2015 15:56:42]
AdwCleaner[S0].txt - [6816 Bytes] - [19/06/2015 14:55:00]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1592 Bytes] ##########
         

# AdwCleaner v4.206 - Bericht erstellt 20/06/2015 um 15:58:23
# Aktualisiert 01/06/2015 von Xplode
# Datenbank : 2015-05-31.5 [Lokal]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : Hikaru - HIKARU-UKE
# Gestarted von : C:\Users\Hikaru\Downloads\adwcleaner_4.206.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\AnyProtectEx
[x] Nicht Gelöscht : C:\Program Files (x86)\LenovoBrowserGuard
[x] Nicht Gelöscht : C:\Users\Hikaru\AppData\Local\LenovoBrowserGuard
Ordner Gelöscht : C:\Users\Hikaru\AppData\Roaming\AnyProtectEx
Datei Gelöscht : C:\Users\Hikaru\AppData\Local\Temp\Uninstall.exe

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

[x] Nicht Gelöscht : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [Default]
[x] Nicht Gelöscht : HKLM\SOFTWARE\LenovoBrowserGuard
[x] Nicht Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LenovoBrowserGuard

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Google Chrome v43.0.2357.124


*************************

AdwCleaner[R0].txt - [7535 Bytes] - [19/06/2015 14:48:28]
AdwCleaner[R1].txt - [1671 Bytes] - [20/06/2015 15:56:42]
AdwCleaner[S0].txt - [6816 Bytes] - [19/06/2015 14:55:00]
AdwCleaner[S1].txt - [1400 Bytes] - [20/06/2015 15:58:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1459  Bytes] ##########
         

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 7.0.1 (06.17.2015:2)
OS: Windows 8.1 x64
Ran by Hikaru on 18.06.2015 at 13:55:44,34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Failed to stop: [Service] scfd_1_10_0_16
Successfully stopped: [Service] scsvc_1.10.0.16
Successfully deleted: [Service] scsvc_1.10.0.16
Failed to stop: [Service] scfd_1_10_0_16 [Adware.Vitruvian]



~~~ Tasks

Successfully deleted: [Task] C:\WINDOWS\system32\tasks\APSnotifierPP1
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\APSnotifierPP2
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\APSnotifierPP3
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Convertor
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Crossbrowse
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\SuperClick Auto Updater 1.10.0.16 Core
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\SuperClick Auto Updater 1.10.0.16 Pending Update
Successfully deleted: [Task] C:\WINDOWS\tasks\APSnotifierPP1.job
Successfully deleted: [Task] C:\WINDOWS\tasks\APSnotifierPP2.job
Successfully deleted: [Task] C:\WINDOWS\tasks\APSnotifierPP3.job
Successfully deleted: [Task] C:\WINDOWS\tasks\Crossbrowse.job



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_592333F42A0D1CD48BDC7C5A423F80B7
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_9053764826F483F018422F1AA87409D2
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\APN PIP
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AskPartnerNetwork
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{16C56A97-C4BD-433D-9355-D9B3814853D9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\scfd_1_10_0_16 [Adware.Vitruvian]



~~~ Files

Successfully deleted: [File] C:\Users\Hikaru\appdata\local\nseA54A.tmp
Successfully deleted: [File] C:\Users\Hikaru\AppData\Roaming\microsoft\internet explorer\quick launch\crossbrowse.lnk
Successfully deleted: [File] C:\Users\Hikaru\AppData\Roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\pc app store.lnk
Successfully deleted: [File] C:\users\public\desktop\crossbrowse.lnk
Successfully deleted: [File] C:\WINDOWS\system32\drivers\scfd_1_10_0_16.sys [Adware.Vitruvian]
Successfully disinfected: [Shortcut] C:\Users\Hikaru\AppData\Roaming\microsoft\internet explorer\quick launch\Launch Internet Explorer Browser.lnk
Successfully disinfected: [Shortcut] C:\Users\Hikaru\AppData\Roaming\microsoft\internet explorer\quick launch\User Pinned\TaskBar\Internet Explorer.lnk
Successfully disinfected: [Shortcut] C:\Users\Hikaru\AppData\Roaming\microsoft\windows\start menu\Programs\Internet Explorer.lnk



~~~ Folders

Successfully deleted: [Folder] C:\Program Files (x86)\app_setup
Successfully deleted: [Folder] C:\Program Files (x86)\crossbrowse
Successfully deleted: [Folder] C:\Program Files (x86)\SuperClick_1.10.0.16
Successfully deleted: [Folder] C:\ProgramData\desktopsearch
Successfully deleted: [Folder] C:\ProgramData\microsoft\windows\start menu\programs\crossbrowse
Successfully deleted: [Folder] C:\ProgramData\pokki
Successfully deleted: [Folder] C:\Users\Hikaru\appdata\local\crossbrowse
Successfully deleted: [Folder] C:\Users\Hikaru\appdata\local\desktopsearch
Successfully deleted: [Folder] C:\Users\Hikaru\appdata\local\pokki
Successfully deleted: [Folder] C:\Users\Hikaru\appdata\locallow\smartweb
Successfully deleted: [Folder] C:\Users\Hikaru\AppData\Roaming\microsoft\windows\start menu\programs\anyprotect pc backup
Successfully deleted: [Folder] C:\Users\Hikaru\appdata\local\16516



~~~ Chrome


[C:\Users\Hikaru\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Hikaru\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Hikaru\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Hikaru\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.06.2015 at 13:58:43,97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 7.0.1 (06.17.2015:2)
OS: Windows 8.1 x64
Ran by Hikaru on 20.06.2015 at 16:00:44,54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Chrome


[C:\Users\Hikaru\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Hikaru\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Hikaru\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Hikaru\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.06.2015 at 16:02:48,29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.06.20.02
  rootkit: v2015.06.15.01

Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.17842
Hikaru :: HIKARU-UKE [administrator]

20.06.2015 16:06:56
mbar-log-2015-06-20 (16-06-56).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 346308
Time elapsed: 11 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Hikaru\AppData\Local\Temp\is-E6PLG.tmp\package_optimizerpro_installer_multilang.exe (Adware.EoRezo) -> Delete on reboot. [9e547a42107aff371c71bbb7808235cb]
C:\Users\Hikaru\AppData\Local\Temp\is-E6PLG.tmp\11.exe (Adware.EoRezo) -> Delete on reboot. [42b0a913bfcb78be9cf1b7bbd72b38c8]

Physical Sectors Detected: 0
(No malicious items detected)

(end)