Windows 8.1 Avast meldet beim Systemstart eine Bedrohung. Was tun?

Waldi.S · 04.02.2015, 16:03

Hallo!
Ich habe seit gestern eine Meldung von Avast, das ich Malware auf dem Laptop habe. Ich habe mit dem Programm Malwarebytes Anti-Malware einiges entfernen können. Aber dennoch bekomme ich beim Systemstart die Nachrichten von Avast. Ich bitte um Hilfe wie ich wieder ein sauberes System bekomme.
Ach ja, leider hatte ich beim Scan mit GMER immer Probleme. Auch im Abgesichertem Modus. Und ich finde die Avast logs nicht.

Vielen Dank für die Hilfe schon im Vorraus!

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 03.02.2015
Scan Time: 17:41:54
Logfile: mbam-log1.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.03.06
Rootkit Database: v2015.02.03.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Waldi

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 373415
Time Elapsed: 4 min, 24 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 14
PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, Quarantined, [38da45d5eaa032044eb2fc061ae9d52b], 
PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, Quarantined, [38da45d5eaa032044eb2fc061ae9d52b], 
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, Quarantined, [060cdc3ed3b742f47956966b857e54ac], 
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, Quarantined, [060cdc3ed3b742f47956966b857e54ac], 
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [cd4568b29febde585c4e7d6e33d124dc], 
PUP.Optional.IHProtect.A, HKLM\SOFTWARE\WOW6432NODE\IHProtect, Quarantined, [a66c8e8cf298f1458bc42065bc4701ff], 
PUP.Optional.MBot.A, HKLM\SOFTWARE\WOW6432NODE\MYBESTOFFERSTODAY, Quarantined, [49c973a7d3b773c30383c1db7d8609f7], 
PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, Quarantined, [ea2853c797f3d660f5fefd02fe069d63], 
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\webssearchesSoftware, Quarantined, [9b7751c990fae94d7b4bf5c8f90a39c7], 
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [38dab8625436af8703a78f5c90748779], 
PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1146AC44-2F03-4431-B4FD-889BC837521F}{cae99edb}, Quarantined, [47cbe03a1b6f57dfed565650a45f53ad], 
PUP.Optional.IHProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IHProtect Service, Quarantined, [cd4587932268c86e8bc38ef7a85b0ff1], 
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WindowsMangerProtect, Quarantined, [977b5fbb7c0e1a1c10f82861dc277f81], 
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, Quarantined, [1af8cd4db6d456e09eb5abe519ea9070], 

Registry Values: 2
PUP.Optional.MBot.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|mbot_de_419, Quarantined, [d0420614c4c64aec562f980449babc44], 
PUP.Optional.FFToolbar.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|fftoolbar2014@etech.com, C:\Users\Waldi\AppData\Roaming\Mozilla\Firefox\Profiles\5ezp17i8.default\extensions\fftoolbar2014@etech.com, Quarantined, [df3367b3d6b4e94d9356a1e3af5408f8]

Registry Data: 12
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1421254567&from=cvs4&uid=SAMSUNGXSSDX830XSeries_S0WJNYAC202391, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1421254567&from=cvs4&uid=SAMSUNGXSSDX830XSeries_S0WJNYAC202391),Replaced,[2ee45ebcb7d3b6809ab442646c99f30d]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://istart.webssearches.com/web/?type=ds&ts=1421254567&from=cvs4&uid=SAMSUNGXSSDX830XSeries_S0WJNYAC202391&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://istart.webssearches.com/web/?type=ds&ts=1421254567&from=cvs4&uid=SAMSUNGXSSDX830XSeries_S0WJNYAC202391&q={searchTerms}),Replaced,[49c93edc800aab8b9db41690f213718f]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://istart.webssearches.com/?type=hp&ts=1421254567&from=cvs4&uid=SAMSUNGXSSDX830XSeries_S0WJNYAC202391, Good: (www.google.com), Bad: (hxxp://istart.webssearches.com/?type=hp&ts=1421254567&from=cvs4&uid=SAMSUNGXSSDX830XSeries_S0WJNYAC202391),Replaced,[52c0af6be9a1d264430d2482cb3ace32]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1421254567&from=cvs4&uid=SAMSUNGXSSDX830XSeries_S0WJNYAC202391, Good: (www.google.com), Bad: (hxxp://istart.webssearches.com/?type=hp&ts=1421254567&from=cvs4&uid=SAMSUNGXSSDX830XSeries_S0WJNYAC202391),Replaced,[50c225f595f5d6600151287eb35245bb]
PUP.Optional.WebsSearches, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://istart.webssearches.com/web/?type=ds&ts=1421254567&from=cvs4&uid=SAMSUNGXSSDX830XSeries_S0WJNYAC202391&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://istart.webssearches.com/web/?type=ds&ts=1421254567&from=cvs4&uid=SAMSUNGXSSDX830XSeries_S0WJNYAC202391&q={searchTerms}),Replaced,[3cd6d545266447efb416297af11420e0]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[1af8100a256593a326091d93c73e6f91]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1421254567&from=cvs4&uid=SAMSUNGXSSDX830XSeries_S0WJNYAC202391, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1421254567&from=cvs4&uid=SAMSUNGXSSDX830XSeries_S0WJNYAC202391),Replaced,[da386fab4446af87410d376f2cd9ab55]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://istart.webssearches.com/web/?type=ds&ts=1421254567&from=cvs4&uid=SAMSUNGXSSDX830XSeries_S0WJNYAC202391&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://istart.webssearches.com/web/?type=ds&ts=1421254567&from=cvs4&uid=SAMSUNGXSSDX830XSeries_S0WJNYAC202391&q={searchTerms}),Replaced,[6ca6aa7097f368ced37ea30304017789]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://istart.webssearches.com/?type=hp&ts=1421254567&from=cvs4&uid=SAMSUNGXSSDX830XSeries_S0WJNYAC202391, Good: (www.google.com), Bad: (hxxp://istart.webssearches.com/?type=hp&ts=1421254567&from=cvs4&uid=SAMSUNGXSSDX830XSeries_S0WJNYAC202391),Replaced,[a66c9e7c93f7b87e212fb0f65ca95aa6]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1421254567&from=cvs4&uid=SAMSUNGXSSDX830XSeries_S0WJNYAC202391, Good: (www.google.com), Bad: (hxxp://istart.webssearches.com/?type=hp&ts=1421254567&from=cvs4&uid=SAMSUNGXSSDX830XSeries_S0WJNYAC202391),Replaced,[6ea428f294f67db969e97d29030225db]
PUP.Optional.WebsSearches, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://istart.webssearches.com/web/?type=ds&ts=1421254567&from=cvs4&uid=SAMSUNGXSSDX830XSeries_S0WJNYAC202391&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://istart.webssearches.com/web/?type=ds&ts=1421254567&from=cvs4&uid=SAMSUNGXSSDX830XSeries_S0WJNYAC202391&q={searchTerms}),Replaced,[d63c60ba27639f97903abee51beaa15f]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[38daea30a1e9f145f639624e24e134cc]

Folders: 8
PUP.Optional.WebsSearches.A, C:\Users\Waldi\AppData\Roaming\webssearches, Quarantined, [f919e03a82087bbb8531222e22e18080], 
PUP.Optional.WebsSearches.A, C:\Users\Waldi\AppData\Roaming\webssearches\images, Quarantined, [f919e03a82087bbb8531222e22e18080], 
PUP.Optional.WebsSearches.A, C:\Users\Waldi\AppData\Roaming\webssearches\images\code, Quarantined, [f919e03a82087bbb8531222e22e18080], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, Quarantined, [cf43ea301278cf67690b48195ea5ad53], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, Quarantined, [cf43ea301278cf67690b48195ea5ad53], 
PUP.Optional.ZombieInvasion.A, C:\Users\Waldi\AppData\Local\ZombieInvasion, Quarantined, [a36f32e8e6a4a78f4c866804af54f20e], 
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate, Quarantined, [a270bf5b8efc4de98a96a5d9ea19669a], 
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update, Quarantined, [a270bf5b8efc4de98a96a5d9ea19669a], 

Files: 26
PUP.Optional.WebsSearches.A, C:\Users\Waldi\AppData\Roaming\webssearches\MessageBox.xml, Quarantined, [f919e03a82087bbb8531222e22e18080], 
PUP.Optional.WebsSearches.A, C:\Users\Waldi\AppData\Roaming\webssearches\uninstallDlg2.xml, Quarantined, [f919e03a82087bbb8531222e22e18080], 
PUP.Optional.WebsSearches.A, C:\Users\Waldi\AppData\Roaming\webssearches\images\bg.png, Quarantined, [f919e03a82087bbb8531222e22e18080], 
PUP.Optional.WebsSearches.A, C:\Users\Waldi\AppData\Roaming\webssearches\images\bg1.png, Quarantined, [f919e03a82087bbb8531222e22e18080], 
PUP.Optional.WebsSearches.A, C:\Users\Waldi\AppData\Roaming\webssearches\images\bk_shadow.png, Quarantined, [f919e03a82087bbb8531222e22e18080], 
PUP.Optional.WebsSearches.A, C:\Users\Waldi\AppData\Roaming\webssearches\images\button.png, Quarantined, [f919e03a82087bbb8531222e22e18080], 
PUP.Optional.WebsSearches.A, C:\Users\Waldi\AppData\Roaming\webssearches\images\button1.png, Quarantined, [f919e03a82087bbb8531222e22e18080], 
PUP.Optional.WebsSearches.A, C:\Users\Waldi\AppData\Roaming\webssearches\images\checkbox.png, Quarantined, [f919e03a82087bbb8531222e22e18080], 
PUP.Optional.WebsSearches.A, C:\Users\Waldi\AppData\Roaming\webssearches\images\checkbox_select.png, Quarantined, [f919e03a82087bbb8531222e22e18080], 
PUP.Optional.WebsSearches.A, C:\Users\Waldi\AppData\Roaming\webssearches\images\checked.png, Quarantined, [f919e03a82087bbb8531222e22e18080], 
PUP.Optional.WebsSearches.A, C:\Users\Waldi\AppData\Roaming\webssearches\images\close.png, Quarantined, [f919e03a82087bbb8531222e22e18080], 
PUP.Optional.WebsSearches.A, C:\Users\Waldi\AppData\Roaming\webssearches\images\loading_bg.png, Quarantined, [f919e03a82087bbb8531222e22e18080], 
PUP.Optional.WebsSearches.A, C:\Users\Waldi\AppData\Roaming\webssearches\images\loading_light.png, Quarantined, [f919e03a82087bbb8531222e22e18080], 
PUP.Optional.WebsSearches.A, C:\Users\Waldi\AppData\Roaming\webssearches\images\min.png, Quarantined, [f919e03a82087bbb8531222e22e18080], 
PUP.Optional.WebsSearches.A, C:\Users\Waldi\AppData\Roaming\webssearches\images\scrollbar.bmp, Quarantined, [f919e03a82087bbb8531222e22e18080], 
PUP.Optional.WebsSearches.A, C:\Users\Waldi\AppData\Roaming\webssearches\images\Thumbs.db, Quarantined, [f919e03a82087bbb8531222e22e18080], 
PUP.Optional.WebsSearches.A, C:\Users\Waldi\AppData\Roaming\webssearches\images\unchecked.png, Quarantined, [f919e03a82087bbb8531222e22e18080], 
PUP.Optional.WebsSearches.A, C:\Users\Waldi\AppData\Roaming\webssearches\images\code\code1.jpg, Quarantined, [f919e03a82087bbb8531222e22e18080], 
PUP.Optional.WebsSearches.A, C:\Users\Waldi\AppData\Roaming\webssearches\images\code\code2.jpg, Quarantined, [f919e03a82087bbb8531222e22e18080], 
PUP.Optional.WebsSearches.A, C:\Users\Waldi\AppData\Roaming\webssearches\images\code\code3.jpg, Quarantined, [f919e03a82087bbb8531222e22e18080], 
PUP.Optional.WebsSearches.A, C:\Users\Waldi\AppData\Roaming\webssearches\images\code\code4.jpg, Quarantined, [f919e03a82087bbb8531222e22e18080], 
PUP.Optional.WebsSearches.A, C:\Users\Waldi\AppData\Roaming\webssearches\images\code\code5.jpg, Quarantined, [f919e03a82087bbb8531222e22e18080], 
PUP.Optional.WebsSearches.A, C:\Users\Waldi\AppData\Roaming\webssearches\images\code\code6.jpg, Quarantined, [f919e03a82087bbb8531222e22e18080], 
PUP.Optional.WebsSearches.A, C:\Users\Waldi\AppData\Roaming\webssearches\images\code\Thumbs.db, Quarantined, [f919e03a82087bbb8531222e22e18080], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\conf, Quarantined, [cf43ea301278cf67690b48195ea5ad53], 
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update\conf, Quarantined, [a270bf5b8efc4de98a96a5d9ea19669a], 

Physical Sectors: 0
(No malicious items detected)


(end)

Windows 8.1 Avast meldet beim Systemstart eine Bedrohung. Was tun?

Log-Analyse und Auswertung: Windows 8.1 Avast meldet beim Systemstart eine Bedrohung. Was tun?

Windows 8.1 Avast meldet beim Systemstart eine Bedrohung. Was tun?

Ähnliche Themen: Windows 8.1 Avast meldet beim Systemstart eine Bedrohung. Was tun?