Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.
Win8.1 hat 4 Viren:GenericPOP.x , TR/Dropper.MSIL.Gen,ADWARE.Gen7 und Artemis..
Hallo,
Mein Avira Antivirus fand 4 Viren auf meinen Win8.1 Pc am 17.06.2015,die Namen der Viren sind; GenericPOP.x , TR/Dropper.MSIL.Gen,ADWARE.Gen7, Artemis!4FBA8E1ECB31.Ich ging nach einer Anleitung im Internet und benutzte die Programme Adwcleaner, Junkware Removal Tool und Malwarebytes ,allerdings traute ich Mich nicht an den letzten Schritt ,wo man in Safe Mode die Viren finden sollte . Ich habe nicht begriffen wie man die Viren nun findet ..
Nun installierte ich noch auf eigene Faust Malwarebytes Anti-Rootkit
mit einigen Funden und seitdem ist Ruhe .Ich habe angst das Internet wieder anzuschalten ,aber sonst laeuft alles bestens mit wirklich minimaler Verlangsammung des Pc's ,es werden
keine viren mehr gefunden ,trotzdem sind sie wohl noch da .
ich habe alle logfiles,doch musste GMER ueberspringen, ansonsten ist alles da !
Die zwei Zip datein sind bei Angehaengte Datein ,ich weiss nicht wie man den Rest loescht.
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:50 on 23/06/2015 (Hikaru)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Additions Logfile:
Code:
ATTFilter
Additional
FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x64) Version:21-06-2015 01
Ran by Hikaru at 2015-06-23 19:58:01
Running from C:\Users\Hikaru\Downloads\trojaner board
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-239342230-206131414-3666733320-500 - Administrator - Disabled)
Gast (S-1-5-21-239342230-206131414-3666733320-501 - Limited - Disabled)
Hikaru (S-1-5-21-239342230-206131414-3666733320-1002 - Administrator - Enabled) => C:\Users\Hikaru
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.144 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.160 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{3B367DD2-6E0F-ADBE-4510-5DD3F3B9D92A}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.11.574 - Avira Operations GmbH & Co. KG)
BEACON (HKLM-x32\...\{259BF8E7-28DB-461F-8D7F-7B6E267D2502}_is1) (Version: 1.4.0509.0 - Lenovo Inc.)
CLIP STUDIO PAINT (HKLM-x32\...\{E4F184C1-E62E-44F0-B142-AB6197490834}) (Version: 1.3.8 - CELSYS)
Content (x32 Version: 1.00.0000 - Your Company Name) Hidden
Corel Painter 11 - ICA (x32 Version: 11.0 - Corel Corporation) Hidden
Corel Painter 11 - IPM (x32 Version: 011 - Corel Corporation) Hidden
Corel Painter 11 (HKLM-x32\...\_{5B51BB5F-4E7C-4275-A653-E98534E9C1D2}) (Version: - Corel Corporation)
Corel Painter 11 (x32 Version: 11.0 - Corel Corporation) Hidden
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1602 - CyberLink Corp.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Dependency Package Update (Version: 1.6.25.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.36.00 - Lenovo Inc.) Hidden
Die Sims 2 (HKLM-x32\...\{6E7DD182-9FC6-4651-0095-2E666CC6AF35}) (Version: - )
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.13.0621 - Lenovo)
FamilySafetyGuide (HKLM-x32\...\{9A268503-5AB0-479E-9690-929BDEC55C00}) (Version: 1.00.0711 - lenovo)
Hightail for Lenovo (HKLM\...\{2F10E937-F6D7-4174-8AB9-B299E8FC5CEC}) (Version: 2.4.97.2751 - Hightail, Inc.)
HP Deskjet 2540 series - Grundlegende Software für das Gerät (HKLM\...\{6D7FCC52-8DDA-441C-849A-4BB7C7E3BF2E}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP Deskjet 2540 series Hilfe (HKLM-x32\...\{B3E5B153-CC4B-40F2-9802-288B0AF2A966}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
IconHandler 32 bit (x32 Version: 2.0 - Corel Corporation) Hidden
IconHandler 64 bit (Version: 2.0 - Corel Corporation) Hidden
Langauge (x32 Version: 1.00.0000 - Your Company Name) Hidden
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.29 - Lenovo)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo)
Lenovo Browser Guard (HKLM-x32\...\LenovoBrowserGuard) (Version: 2.16.60.37 - ClientConnect LTD) <==== ATTENTION
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.25.00 - Lenovo Group Limited)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.19.0 - Lenovo)
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.7 - CEWE COLOR AG u Co. OHG)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.7408 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5723.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5723.52 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1901 - CyberLink Corp.)
Lenovo Rescue System (Version: 4.0.0.1901 - CyberLink Corp.) Hidden
Lenovo SHAREit (HKLM-x32\...\Lenovo SHAREit_is1) (Version: 1.0.11.0 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{1CA74803-5CB2-4C03-BDBE-061EDC81CC7F}) (Version: 2.8.004.00 - Lenovo Group Limited)
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 14.0.1029 - McAfee, Inc.)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Nitro Pro 9 (HKLM\...\{237990BC-415C-4CE8-B279-37892516D9F2}) (Version: 9.0.6.20 - Nitro)
PDF24 Creator 6.5.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7106 - Realtek Semiconductor Corp.)
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version: - )
Studie zur Verbesserung von HP Deskjet 2540 series (HKLM\...\{E1949FF0-9835-41AC-81E4-E6D9CDCBE49E}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
21-06-2015 12:22:52 Geplanter Prüfpunkt
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {01A7284B-3E31-42E2-97A5-67AEEC918158} - \Emaenxsu No Task File <==== ATTENTION
Task: {07C46A96-D7B7-4CF2-BF1C-206E5575C72A} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {14741805-5D43-4A23-A500-70A1589D4184} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {190FFCA9-85C7-41E1-AC00-D0B049212C89} - \Winsta Update No Task File <==== ATTENTION
Task: {3B2DAE9D-6692-47F9-B0CB-267FD607CDAD} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2013-08-13] (Hewlett-Packard Co.)
Task: {43032A1F-1912-474D-B219-70ECF3E41D57} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {45DA55EA-769E-4134-B2E0-498F33E307BA} - System32\Tasks\OFFICE2013ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: {4CD8EF42-014C-431C-B40B-52AE61986C4E} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2014-05-21] ()
Task: {7850D162-919D-4A85-9C1F-7B9C54565ABB} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {78E05431-1107-4FDF-8081-960AED57E308} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {8B4FACFD-472C-46C5-AE39-2C9D6B3F1367} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2015-03-09] (Lenovo)
Task: {944EC7A6-A629-4835-9DF6-C1844F6CDD7E} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-03-09] ()
Task: {999E23E7-DD91-4BB1-A7A1-BEC45DB79596} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {9E46E803-4A0E-4C95-B336-3DFA9688CF43} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {A738AFB9-328A-459E-9D9B-59E4BD0E5AD7} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {A92E79B0-FE62-4F50-A80C-E3F722FFDDE0} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2015-06-11] (Lenovo)
Task: {C28480F3-F0FB-4DA8-B5B2-10D75ACB7FBE} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {C8786A9E-5F94-4D87-B17E-D85DBC65A838} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {CF1C55DF-98C9-4966-86DB-67519D498B3D} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {CFF6D8EF-56A6-44CC-AB7F-B17830FFDBF6} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {E1571395-D58C-49AB-A0DF-4649E024EC17} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-05-27] (Microsoft Corporation)
Task: {E866D120-2739-4966-834F-7DD037EBE9CB} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation)
Task: {F028ECE7-B884-477B-9363-A39D281322E9} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Time-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (Whitelisted) ==============
2014-09-25 00:36 - 2011-08-16 20:46 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
2014-09-25 00:51 - 2013-05-14 20:53 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-09-25 00:36 - 2011-08-16 20:46 - 00024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe
2014-04-02 04:47 - 2014-04-02 04:47 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-05-21 18:29 - 2014-05-21 18:29 - 00033536 _____ () C:\Program Files\Lenovo\iMController\AutoUpdate.exe
2014-09-25 00:36 - 2011-05-17 13:27 - 00028672 _____ () C:\Windows\jmesoft\hidhook.dll
2009-12-04 16:59 - 2009-12-04 16:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2009-12-04 17:04 - 2009-12-04 17:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Hikaru\OneDrive:ms-properties
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-239342230-206131414-3666733320-1002\Control Panel\Desktop\\Wallpaper -> E:\p-es lohnt sich\manga\my anime clip\woah!.jpg
HKU\S-1-5-21-239342230-206131414-3666733320-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> E:\p-es lohnt sich\manga\my anime clip\woah!.jpg
HKU\S-1-5-21-239342230-206131414-3666733320-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> E:\p-es lohnt sich\manga\my anime clip\woah!.jpg
HKU\S-1-5-21-239342230-206131414-3666733320-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Control Panel\Desktop\\Wallpaper -> E:\p-es lohnt sich\manga\my anime clip\woah!.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{05804A18-B410-462F-BFB6-5C779B59475F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{71113D8F-B56B-43BF-8824-037E61A53747}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{1E1D15FF-4D5B-4EF4-BBCF-EC71C0F86424}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{3557079B-C9EC-4511-87BC-D058F1A138B1}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{F2E8AB92-3E7D-444E-8323-07D2CD4E5F3C}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{0A1E8F1D-AD34-445E-BE66-18C60131318A}] => (Allow) C:\Program Files (x86)\lenovo\SHAREit\SHAREit.exe
FirewallRules: [{C6C61864-C1F7-4B26-A1B7-FB80D7C895E1}] => (Allow) C:\Program Files (x86)\lenovo\SHAREit\SHAREit.exe
FirewallRules: [{A414C907-CF5F-4532-9982-D8F0677E24D1}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe
FirewallRules: [{CEDC01ED-A510-4C04-B063-CA12B4C93B19}] => (Allow) LPort=5357
FirewallRules: [{EA9FFA53-1F69-4F3F-999B-47653B7FD586}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{62923A26-3354-4756-8D2A-116BDDFCD275}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{B8BE5CBC-1DB2-43D3-AA2F-6E3FC87F3447}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{8C71827F-0F8B-437A-9D01-A1ED3C17BB67}] => (Allow) C:\Users\Hikaru\AppData\Local\BoBrowser\Application\bobrowser.exe
FirewallRules: [{4F179252-BEA9-442B-A821-E035B478046A}] => (Allow) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/23/2015 07:56:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GWXUX.exe, Version: 6.3.9600.17813, Zeitstempel: 0x554a15f3
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17736, Zeitstempel: 0x550f4336
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000003d85e
ID des fehlerhaften Prozesses: 0xc34
Startzeit der fehlerhaften Anwendung: 0xGWXUX.exe0
Pfad der fehlerhaften Anwendung: GWXUX.exe1
Pfad des fehlerhaften Moduls: GWXUX.exe2
Berichtskennung: GWXUX.exe3
Vollständiger Name des fehlerhaften Pakets: GWXUX.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: GWXUX.exe5
Error: (06/22/2015 11:36:32 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:
Error: (06/22/2015 10:40:19 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:
Error: (06/22/2015 10:35:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GWXUX.exe, Version: 6.3.9600.17813, Zeitstempel: 0x554a15f3
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17736, Zeitstempel: 0x550f4336
Ausnahmecode: 0xc0000008
Fehleroffset: 0x00000000000ec180
ID des fehlerhaften Prozesses: 0x11b8
Startzeit der fehlerhaften Anwendung: 0xGWXUX.exe0
Pfad der fehlerhaften Anwendung: GWXUX.exe1
Pfad des fehlerhaften Moduls: GWXUX.exe2
Berichtskennung: GWXUX.exe3
Vollständiger Name des fehlerhaften Pakets: GWXUX.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: GWXUX.exe5
Error: (06/21/2015 11:56:35 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:
Error: (06/21/2015 03:42:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GWXUX.exe, Version: 6.3.9600.17813, Zeitstempel: 0x554a15f3
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17736, Zeitstempel: 0x550f4336
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000003d85e
ID des fehlerhaften Prozesses: 0x75c
Startzeit der fehlerhaften Anwendung: 0xGWXUX.exe0
Pfad der fehlerhaften Anwendung: GWXUX.exe1
Pfad des fehlerhaften Moduls: GWXUX.exe2
Berichtskennung: GWXUX.exe3
Vollständiger Name des fehlerhaften Pakets: GWXUX.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: GWXUX.exe5
Error: (06/20/2015 03:56:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm mbar.exe, Version 1.9.1.1004 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 12ec
Startzeit: 01d0ab6062545e16
Endzeit: 13311
Anwendungspfad: C:\Users\Hikaru\Desktop\mbar\mbar.exe
Berichts-ID: 1b75cf84-1754-11e5-8266-4437e6e88be4
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (06/19/2015 01:22:05 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary scfd_1_10_0_16.
System Error:
Das System kann die angegebene Datei nicht finden.
.
Error: (06/19/2015 00:43:35 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary scfd_1_10_0_16.
System Error:
Das System kann die angegebene Datei nicht finden.
.
Error: (06/18/2015 06:31:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary scfd_1_10_0_16.
System Error:
Das System kann die angegebene Datei nicht finden.
.
System errors:
=============
Error: (06/20/2015 04:46:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "mail update Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (06/20/2015 04:19:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "mail update Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (06/20/2015 04:01:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Email-Schutz" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/20/2015 04:01:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Cyberlink RichVideo64 Service(CRVS)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/20/2015 04:01:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Protexis Licensing V2" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/20/2015 04:01:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Lenovo System Agent Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/20/2015 04:01:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "JME Keyboard Driver" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/20/2015 04:01:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/20/2015 04:01:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/20/2015 04:01:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
Microsoft Office:
=========================
Error: (06/23/2015 07:56:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GWXUX.exe6.3.9600.17813554a15f3ntdll.dll6.3.9600.17736550f4336c0000005000000000003d85ec3401d0adddfa3639a0C:\WINDOWS\System32\GWX\GWXUX.exeC:\WINDOWS\SYSTEM32\ntdll.dll387b5ae4-19d1-11e5-8269-4437e6e88be4
Error: (06/22/2015 11:36:32 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:
Error: (06/22/2015 10:40:19 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:
Error: (06/22/2015 10:35:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GWXUX.exe6.3.9600.17813554a15f3ntdll.dll6.3.9600.17736550f4336c000000800000000000ec18011b801d0ad2af31351ccC:\WINDOWS\System32\GWX\GWXUX.exeC:\WINDOWS\SYSTEM32\ntdll.dll314ed7f8-191e-11e5-8269-4437e6e88be4
Error: (06/21/2015 11:56:35 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:
Error: (06/21/2015 03:42:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GWXUX.exe6.3.9600.17813554a15f3ntdll.dll6.3.9600.17736550f4336c0000005000000000003d85e75c01d0ac280ae166e3C:\WINDOWS\System32\GWX\GWXUX.exeC:\WINDOWS\SYSTEM32\ntdll.dll4bdeb74e-181b-11e5-8269-4437e6e88be4
Error: (06/20/2015 03:56:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbar.exe1.9.1.100412ec01d0ab6062545e1613311C:\Users\Hikaru\Desktop\mbar\mbar.exe1b75cf84-1754-11e5-8266-4437e6e88be4
Error: (06/19/2015 01:22:05 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary scfd_1_10_0_16.
System Error:
Das System kann die angegebene Datei nicht finden.
Error: (06/19/2015 00:43:35 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary scfd_1_10_0_16.
System Error:
Das System kann die angegebene Datei nicht finden.
Error: (06/18/2015 06:31:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary scfd_1_10_0_16.
System Error:
Das System kann die angegebene Datei nicht finden.
CodeIntegrity Errors:
===================================
Date: 2015-06-17 23:29:26.855
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
Processor: AMD A10-7800 Radeon R7, 12 Compute Cores 4C+8G
Percentage of memory in use: 23%
Total physical RAM: 7093.19 MB
Available physical RAM: 5438.34 MB
Total Pagefile: 14517.19 MB
Available Pagefile: 12337.84 MB
Total Virtual: 131072 MB
Available Virtual: 131071.77 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:905.25 GB) (Free:859.29 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1746FBBD)
Partition: GPT Partition Type.
==================== End of log ============================
--- --- ---
--- --- ---
Code:
ATTFilter
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 18.06.2015
Suchlauf-Zeit: 01:24:00
Logdatei: malwarebytes7.txt
Administrator: Ja
Version: 2.01.6.1022
Malware Datenbank: v2015.03.09.05
Rootkit Datenbank: v2015.02.25.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Hikaru
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 343990
Verstrichene Zeit: 11 Min, 6 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(Keine schädliche Elemente gefunden)
Module: 0
(Keine schädliche Elemente gefunden)
Registrierungsschlüssel: 27
PUP.Optional.MBot.A, HKLM\SOFTWARE\WOW6432NODE\MYBESTOFFERSTODAY, In Quarantäne, [6e0b0d362862d6602fd39236ed162cd4],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\WajIntEnhance, In Quarantäne, [d8a171d20783c07600c6486406fdb54b],
PUP.Software.Updater, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}, In Quarantäne, [3d3c72d1cdbdc5714a5e58a40af9ec14],
PUP.Optional.BoBrowser.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\BoBrowser, In Quarantäne, [fa7f83c0e3a785b1761b7837a75c6e92],
PUP.Optional.CinemaPlus.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\CinemaPlus-3.2cV17.06, In Quarantäne, [2a4fd2716d1d83b35b7972451ae9ac54],
PUP.Optional.CinemaPlus.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\CinemaPlus-3.2cV17.06-nv, In Quarantäne, [bbbe31129bef4cea468e4473c340619f],
PUP.Optional.CinemaPlus.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\CinemaPlus-3.2cV17.06-nv-ie, In Quarantäne, [accd043f038773c324b08f28bf448f71],
PUP.Optional.HomeTab.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\HomeTab, In Quarantäne, [3742c47fd3b7b6806ed215c44eb5df21],
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\SearchProtectWS, In Quarantäne, [de9b2023682253e3bbd205a46f948b75],
PUP.Optional.TNT.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\TNT2, In Quarantäne, [0079af949cee3006c6a86f3c55ae4ab6],
PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\TutoTag, In Quarantäne, [4e2b5fe46d1d89ad626456d70500ad53],
PUP.Optional.Wajam.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\WajIEnhance, In Quarantäne, [a9d00142d9b169cda604902240c308f8],
PUP.Optional.Wajam.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\WajIntEnhance, In Quarantäne, [caafd66d800a0e28bb0c595308fbcf31],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [03763c07018965d14ceccc53768f44bc],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\30935, In Quarantäne, [3b3ede65286283b315a6fec473906f91],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\Cinema PlusV17.06, In Quarantäne, [cfaa2e156e1c36004a024a6dca39a060],
PUP.Optional.Qone8, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [bebb3d065a30f3432678c84e729326da],
PUP.Optional.Iminent.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IMBoosterARP, In Quarantäne, [5227331005851c1ac7aa4164956edd23],
PUP.Optional.Iminent.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IminentToolbar, In Quarantäne, [4831ae95296140f673ff9c09cb3814ec],
PUP.Optional.Linkey.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Linkey, In Quarantäne, [f287360d2b5f3006096a3e677f84ef11],
PUP.Optional.Vosteran.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Vosteran.com, In Quarantäne, [76039ba8a9e1ac8a41339c09f50ee020],
PUP.Optional.Wajam.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WajIntEnhance, In Quarantäne, [a2d7b48facde3204680da0056a99af51],
PUP.Optional.HomeTab.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\SIMPLYTECH\HomeTab, In Quarantäne, [5821053ec9c1092d2048cb26a0637b85],
PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\TUTORIALS\updatetutorialeshp, In Quarantäne, [c9b02a194b3fa492e80a703a19eae21e],
PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\TUTORIALS\updatetutorialshp, In Quarantäne, [a9d0a3a0d1b90234797a3c6eb84b40c0],
PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\TUTORIALS\updv, In Quarantäne, [2257c47ff595ba7c30c4723857ac8e72],
PUP.Optional.MBot.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\mbot_de_014010005_is1, In Quarantäne, [354454ef038792a49582454347bced13],
Registrierungswerte: 0
(Keine schädliche Elemente gefunden)
Registrierungsdaten: 11
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\GOOGLE CHROME\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://www.istartsurf.com/?type=sc&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH, Gut: (Chrome.exe), Schlecht: ("C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://www.istartsurf.com/?type=sc&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH),Ersetzt,[03767fc4bcce73c32995597ddd28d52b]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.istartsurf.com/web/?type=ds&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH&q={searchTerms}),Ersetzt,[81f81f242466aa8c9482f9dcca3b42be]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.istartsurf.com/?type=hp&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH),Ersetzt,[611856ede7a390a63dd9e0f59d6859a7]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.istartsurf.com/web/?type=ds&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH&q={searchTerms}),Ersetzt,[0475b88b2b5f20169a7c21b45fa6f808]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[56235be836545adc26749f425ca937c9]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\GOOGLE CHROME\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://www.istartsurf.com/?type=sc&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH, Gut: (Chrome.exe), Schlecht: ("C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://www.istartsurf.com/?type=sc&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH),Ersetzt,[8decf251ccbed660229c7462c44128d8]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.istartsurf.com/web/?type=ds&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH&q={searchTerms}),Ersetzt,[7cfd43008cfe79bdaf67a4313bca7987]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.istartsurf.com/?type=hp&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH),Ersetzt,[2554f350c6c491a561b52aab986df50b]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.istartsurf.com/web/?type=ds&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH&q={searchTerms}),Ersetzt,[90e9e2610684b87e0a0c548112f3619f]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[93e684bf0b7f3afc0c8ea0412cd9946c]
PUP.Optional.IStartSurf.A, HKU\S-1-5-21-239342230-206131414-3666733320-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.istartsurf.com/?type=hp&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1434572693&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH),Ersetzt,[8eebcf747218d264d53f914459acd32d]
Ordner: 7
PUP.Optional.GlobalUpdate.A, C:\Users\Hikaru\AppData\Local\Temp\comh.266757, In Quarantäne, [c1b87fc4fe8c6bcb5534acd633d05ea2],
PUP.Optional.MBot.A, C:\Users\Hikaru\AppData\Local\mbot_de_014010005, In Quarantäne, [631676cddeac2511b3632167e023867a],
PUP.Optional.MBot.A, C:\Users\Hikaru\AppData\Local\mbot_de_014010005\Download, In Quarantäne, [631676cddeac2511b3632167e023867a],
PUP.Optional.MBot.A, C:\Users\Hikaru\AppData\Local\mbot_de_014010005\mbot_de_014010005, In Quarantäne, [631676cddeac2511b3632167e023867a],
PUP.Optional.MBot.A, C:\Users\Hikaru\AppData\Local\mbot_de_014010005\mbot_de_014010005\1.10, In Quarantäne, [631676cddeac2511b3632167e023867a],
PUP.Optional.MBot.A, C:\Program Files (x86)\mbot_de_014010005, In Quarantäne, [354454ef038792a49582454347bced13],
PUP.Optional.MBot.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MYBESTOFFERSTODAY, In Quarantäne, [5f1aa1a2088210268aec4643cd36728e],
Dateien: 44
PUP.Optional.MyStartSearch.A, C:\Users\Hikaru\AppData\Local\Temp\nscE27C.tmp, In Quarantäne, [fe7b1033e6a4f4420748b565d630fa06],
PUP.Optional.MyStartSearch.A, C:\Users\Hikaru\AppData\Local\Temp\nsp94CD.tmp, In Quarantäne, [97e245feb9d19d9973dc66b4778f01ff],
PUP.Optional.Somoto, C:\Users\Hikaru\AppData\Local\Temp\bitool.dll, In Quarantäne, [c7b20d360e7cf442b6699fad7e84e21e],
PUP.Optional.BoostSaves.A, C:\Users\Hikaru\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage, In Quarantäne, [86f36ad9e7a3dc5ae1a8239137cc7c84],
PUP.Optional.BoostSaves.A, C:\Users\Hikaru\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage-journal, In Quarantäne, [afcabb882c5e999db9d007ad37cca957],
PUP.Optional.Boost.A, C:\Users\Hikaru\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage, In Quarantäne, [4a2f350e800a52e4212c04ca689b2ed2],
PUP.Optional.Boost.A, C:\Users\Hikaru\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage-journal, In Quarantäne, [53262c172f5bc86eb09d319dca39bd43],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-1-6, In Quarantäne, [3b3e6ed5a9e10f275c15e8e6fd06e917],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-1-7, In Quarantäne, [a2d70a394b3f96a0145dc30bb053b44c],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-10_user, In Quarantäne, [5c1dd96a90fa61d575fcdfefc93a9d63],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-11, In Quarantäne, [5821093a404a93a3a0d18945f90ad62a],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-3, In Quarantäne, [fb7ea59e25659d99b0c1f7d738cba957],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-5, In Quarantäne, [bebb0e3553374fe7e78a05c95ea5738d],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-5_user, In Quarantäne, [fc7d1e258dfd2b0b135e0bc3818243bd],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-6, In Quarantäne, [df9a67dc9af06dc93041b21c897a4ab6],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-7, In Quarantäne, [9ddca69def9bd4620869cfff4fb48d73],
PUP.SoftwareUpdater.A, C:\Windows\System32\Tasks\AmiUpdXp, In Quarantäne, [0673e0636e1c42f41dec389bd72c16ea],
PUP.Software.Updater, C:\Windows\Tasks\AmiUpdXp.job, In Quarantäne, [bbbe340f612983b3c3e410ec41c2bb45],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-1-6.job, In Quarantäne, [0376073c3159b284de8f0d1e19eca858],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-1-7.job, In Quarantäne, [52277cc7e5a5ef471c512506eb1ab050],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-10_user.job, In Quarantäne, [73068eb594f6092dd7968aa1b4510cf4],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-11.job, In Quarantäne, [0178c380bdcdbc7abeafdf4ce421b34d],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-3.job, In Quarantäne, [a7d2b78c14762214422b56d5ec19b34d],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-5.job, In Quarantäne, [99e07dc65931d85ecba264c718ed22de],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-5_user.job, In Quarantäne, [b7c294aff09a73c3620b31fa13f2a858],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-6.job, In Quarantäne, [5a1fea598a00c1755d102b00c243d62a],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\63e3ee49-bd6e-4291-b320-aae5c7f5c377-7.job, In Quarantäne, [de9bcf74a9e17abcb0bdc16a03025aa6],
PUP.Optional.Vitruvian.A, C:\Users\Hikaru\AppData\Local\Temp\vitruvian-installer-hardwareprofile-v0001, In Quarantäne, [48316ed5404a0f270fe20c2758adda26],
PUP.Optional.Vitruvian.A, C:\Users\Hikaru\AppData\Local\Temp\vitruvian-installer-install-v0003, In Quarantäne, [01784ef54c3efa3cbc35181bbb4ade22],
PUP.Optional.Vitruvian.A, C:\Users\Hikaru\AppData\Local\Temp\vitruvian-installer-processes-v0002, In Quarantäne, [6c0dde655139e45202efd85b58ad5ca4],
PUP.Optional.Vitruvian.A, C:\Users\Hikaru\AppData\Local\Temp\vitruvian-installer-scheduledtasks-v0001, In Quarantäne, [611882c1305a8da9628f00334cb9cd33],
PUP.Optional.Vitruvian.A, C:\Users\Hikaru\AppData\Local\Temp\vitruvian-installer-softwareregkeys-v0002, In Quarantäne, [68115be8f39779bd37ba3ff4ad58e31d],
PUP.Optional.GlobalUpdate.A, C:\Users\Hikaru\AppData\Local\Temp\comh.266757\globalupdateBroker.exe, In Quarantäne, [c1b87fc4fe8c6bcb5534acd633d05ea2],
PUP.Optional.GlobalUpdate.A, C:\Users\Hikaru\AppData\Local\Temp\comh.266757\globalupdateHelper.msi, In Quarantäne, [c1b87fc4fe8c6bcb5534acd633d05ea2],
PUP.Optional.GlobalUpdate.A, C:\Users\Hikaru\AppData\Local\Temp\comh.266757\globalupdateOnDemand.exe, In Quarantäne, [c1b87fc4fe8c6bcb5534acd633d05ea2],
PUP.Optional.GlobalUpdate.A, C:\Users\Hikaru\AppData\Local\Temp\comh.266757\goopdate.dll, In Quarantäne, [c1b87fc4fe8c6bcb5534acd633d05ea2],
PUP.Optional.MBot.A, C:\Users\Hikaru\AppData\Local\mbot_de_014010005\upgmsd_de_005010005.cyl, In Quarantäne, [631676cddeac2511b3632167e023867a],
PUP.Optional.MBot.A, C:\Users\Hikaru\AppData\Local\mbot_de_014010005\upmbot_de_014010005.cyl, In Quarantäne, [631676cddeac2511b3632167e023867a],
PUP.Optional.MBot.A, C:\Users\Hikaru\AppData\Local\mbot_de_014010005\user_profil.cyp, In Quarantäne, [631676cddeac2511b3632167e023867a],
PUP.Optional.MBot.A, C:\Users\Hikaru\AppData\Local\mbot_de_014010005\mbot_de_014010005\1.10\cnf.cyl, In Quarantäne, [631676cddeac2511b3632167e023867a],
PUP.Optional.MBot.A, C:\Users\Hikaru\AppData\Local\mbot_de_014010005\mbot_de_014010005\1.10\eorezo.cyl, In Quarantäne, [631676cddeac2511b3632167e023867a],
PUP.Optional.MBot.A, C:\Program Files (x86)\mbot_de_014010005\unins000.dat, In Quarantäne, [354454ef038792a49582454347bced13],
PUP.Optional.MBot.A, C:\Program Files (x86)\mbot_de_014010005\unins000.exe, In Quarantäne, [354454ef038792a49582454347bced13],
PUP.Optional.MBot.A, C:\Program Files (x86)\mbot_de_014010005\unins000.msg, In Quarantäne, [354454ef038792a49582454347bced13],
Physische Sektoren: 0
(Keine schädliche Elemente gefunden)
(end)
Code:
ATTFilter
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 20.06.2015
Suchlauf-Zeit: 16:34:21
Logdatei: malwarebytes2.txt
Administrator: Ja
Version: 2.01.6.1022
Malware Datenbank: v2015.06.20.02
Rootkit Datenbank: v2015.06.15.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Hikaru
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 345863
Verstrichene Zeit: 9 Min, 30 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 1
PUP.Optional.MultiPlug.Gen, C:\Users\Hikaru\AppData\Roaming\3BDD7C98-1434566357-11E4-8357-1C2C465E1100\knsfF8D0.tmp, 1780, Löschen bei Neustart, [569cb20aee9c280e2a0c117812f346ba]
Module: 0
(Keine schädliche Elemente gefunden)
Registrierungsschlüssel: 9
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{B0660298-91AA-421F-BF0D-BFF6BB8BF3AE}, In Quarantäne, [b2408636f892ef470b67f0c15aa9d030],
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{EAC7DE5C-9520-435D-91AA-4A02E4773CEA}, In Quarantäne, [b2408636f892ef470b67f0c15aa9d030],
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EAC7DE5C-9520-435D-91AA-4A02E4773CEA}, In Quarantäne, [b2408636f892ef470b67f0c15aa9d030],
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{EAC7DE5C-9520-435D-91AA-4A02E4773CEA}, In Quarantäne, [b2408636f892ef470b67f0c15aa9d030],
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{B0660298-91AA-421F-BF0D-BFF6BB8BF3AE}, In Quarantäne, [b2408636f892ef470b67f0c15aa9d030],
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{B0660298-91AA-421F-BF0D-BFF6BB8BF3AE}, In Quarantäne, [b2408636f892ef470b67f0c15aa9d030],
PUP.Optional.MultiPlug.Gen, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\levukyhy, In Quarantäne, [569cb20aee9c280e2a0c117812f346ba],
PUP.Optional.SuperClick.A, HKLM\SOFTWARE\WOW6432NODE\SuperClick_1.10.0.16, In Quarantäne, [bc3615a74743db5be273444bf015d32d],
PUP.Optional.PCSpeedUp.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PCSUUCDRV, In Quarantäne, [1ed46854a8e277bf12cee6acfe0749b7],
Registrierungswerte: 1
PUP.Optional.MultiPlug.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\levukyhy|ImagePath, C:\Users\Hikaru\AppData\Roaming\3BDD7C98-1434566357-11E4-8357-1C2C465E1100\knsfF8D0.tmp, In Quarantäne, [15dd9d1f305a77bf96261176709555ab]
Registrierungsdaten: 2
PUP.Optional.OurSurfing.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.oursurfing.com/?type=sc&ts=1434566156&z=62208703c51793706665884g7z8cfz8w4q8qegawbw&from=amt&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.oursurfing.com/?type=sc&ts=1434566156&z=62208703c51793706665884g7z8cfz8w4q8qegawbw&from=amt&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH),Ersetzt,[539f4c70444679bdc376ea61fb0be11f]
PUP.Optional.OurSurfing.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.oursurfing.com/?type=sc&ts=1434566156&z=62208703c51793706665884g7z8cfz8w4q8qegawbw&from=amt&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.oursurfing.com/?type=sc&ts=1434566156&z=62208703c51793706665884g7z8cfz8w4q8qegawbw&from=amt&uid=WDCXWD10EZEX-08M2NA0_WD-WCC3FCRE97SHE97SH),Ersetzt,[1ed4a517e1a9f5413ffae96255b15ba5]
Ordner: 5
PUP.Optional.MultiPlug.Gen, C:\Users\Hikaru\AppData\Roaming\3BDD7C98-1434566357-11E4-8357-1C2C465E1100, Löschen bei Neustart, [569cb20aee9c280e2a0c117812f346ba],
PUP.Optional.Amonetize.A, C:\ProgramData\Emaenxsu\1.0.1.0, In Quarantäne, [52a04c703e4ca88e77d5820ef21338c8],
PUP.Optional.Amonetize.A, C:\ProgramData\Emaenxsu, In Quarantäne, [52a04c703e4ca88e77d5820ef21338c8],
PUP.Optional.PullUpdate.A, C:\ProgramData\hUYXYdNI\dat, In Quarantäne, [c42e328a55358ea832a56621a5617e82],
PUP.Optional.PullUpdate.A, C:\ProgramData\hUYXYdNI, In Quarantäne, [c42e328a55358ea832a56621a5617e82],
Dateien: 17
PUP.Optional.PullUpdate.A, C:\ProgramData\hUYXYdNI\dat\OoZhholiwT.exe, In Quarantäne, [3cb6f7c5fe8c0b2b21a15b2ae5216f91],
PUP.Optional.AnyProtect, C:\Users\Hikaru\AppData\Local\Temp\nsmAB0D.tmp, In Quarantäne, [d41e9329751559ddf37b0564d033ce32],
PUP.Optional.AnyProtect, C:\Users\Hikaru\AppData\Local\Temp\nspA54.tmp, In Quarantäne, [fff3a6162a6083b3214dd495ec17a55b],
PUP.Optional.IStartSurf.A, C:\Users\Hikaru\AppData\Local\Temp\nswFA3A.tmp, In Quarantäne, [c32f13a9781220164b873152d333e31d],
PUP.Optional.Clara.A, C:\Users\Hikaru\AppData\Local\Temp\CR_B2D82.tmp\setup.exe, In Quarantäne, [ca288636682287afc6a27b0a80860cf4],
PUP.Optional.MultiPlug.Gen, C:\Users\Hikaru\AppData\Roaming\3BDD7C98-1434566357-11E4-8357-1C2C465E1100\knsfF8D0.tmp, Löschen bei Neustart, [569cb20aee9c280e2a0c117812f346ba],
PUP.Optional.MultiPlug.Gen, C:\Users\Hikaru\AppData\Roaming\3BDD7C98-1434566357-11E4-8357-1C2C465E1100\rnsoC31F.exe, In Quarantäne, [569cb20aee9c280e2a0c117812f346ba],
PUP.Optional.MultiPlug.Gen, C:\Users\Hikaru\AppData\Roaming\3BDD7C98-1434566357-11E4-8357-1C2C465E1100\Uninstall.exe, In Quarantäne, [569cb20aee9c280e2a0c117812f346ba],
PUP.Optional.MultiPlug.Gen, C:\Users\Hikaru\AppData\Roaming\3BDD7C98-1434566357-11E4-8357-1C2C465E1100\vnsv9FB1.tmp, In Quarantäne, [569cb20aee9c280e2a0c117812f346ba],
PUP.Optional.Amonetize.A, C:\ProgramData\Emaenxsu\1.0.1.0\kugnoaah.exe.config, In Quarantäne, [52a04c703e4ca88e77d5820ef21338c8],
PUP.Optional.Amonetize.A, C:\ProgramData\Emaenxsu\1.0.1.0\sqlite3.dll, In Quarantäne, [52a04c703e4ca88e77d5820ef21338c8],
PUP.Optional.Amonetize.A, C:\ProgramData\Emaenxsu\dat.dat, In Quarantäne, [52a04c703e4ca88e77d5820ef21338c8],
PUP.Optional.PullUpdate.A, C:\ProgramData\hUYXYdNI\dat\OoZhholiwT.exe.config, In Quarantäne, [c42e328a55358ea832a56621a5617e82],
PUP.Optional.PullUpdate.A, C:\ProgramData\hUYXYdNI\dat\REaCcB.exe.config, In Quarantäne, [c42e328a55358ea832a56621a5617e82],
PUP.Optional.PullUpdate.A, C:\ProgramData\hUYXYdNI\info.dat, In Quarantäne, [c42e328a55358ea832a56621a5617e82],
PUP.Optional.PullUpdate.A, C:\ProgramData\hUYXYdNI\wPDBXOj.dat, In Quarantäne, [c42e328a55358ea832a56621a5617e82],
PUP.Optional.PullUpdate.A, C:\ProgramData\hUYXYdNI\wPDBXOj.exe.config, In Quarantäne, [c42e328a55358ea832a56621a5617e82],
Physische Sektoren: 0
(Keine schädliche Elemente gefunden)
(end)
Zum Thema Win8.1 hat 4 Viren:GenericPOP.x , TR/Dropper.MSIL.Gen,ADWARE.Gen7 und Artemis.. - Hallo,
Mein Avira Antivirus fand 4 Viren auf meinen Win8.1 Pc am 17.06.2015,die Namen der Viren sind; GenericPOP.x , TR/Dropper.MSIL.Gen,ADWARE.Gen7, Artemis!4FBA8E1ECB31.Ich ging nach einer Anleitung im Internet und benutzte die - Win8.1 hat 4 Viren:GenericPOP.x , TR/Dropper.MSIL.Gen,ADWARE.Gen7 und Artemis.....