Ich habe nun alle die von Ihnen angeordneten Scans durchgeführt und die Logdateien angefügt.
Bei MBAM habe ich übrigens noch "Scan for rootkits" aktiviert, falls das relevant ist. MBAM hat die Dateien jedoch in die Quarantäne verschoben. Soll ich die Dateien anschließend noch entfernen oder soll ich sie in der Quarantäne lassen?
Geändert hat sich nach den Scans/Bereinigungen nichts, d.h. Avast gibt immer noch beim Aufrufen von Websites abwechselnd dieselben zwei bereits beschriebenen Meldungen aus.
Beim wiederholten Scan mit AdwCleaner ist mir aufgefallen, dass immer noch eine schädliche Datei im Firefox-Profilordner gefunden wurde. Habe vorerst aber nichts unternommen. Die dazugehörige Logdatei habe ich ebenfalls angefügt. Die Logdatei vom 1. Scan ist "AdwCleaner[S0]", die vom 2. Scan ist "AdwCleaner[R1]". Logfiles MBAM.txt Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 01.05.2014
Scan Time: 14:34:40
Logfile: MBAM.txt
Administrator: Yes
Version: 2.00.1.1004
Malware Database: v2014.05.01.07
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
OS: Windows 8
CPU: x64
File System: NTFS
User: Lukas
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 257701
Time Elapsed: 9 min, 9 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 12
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}, Quarantined, [2dd3e7194bb5798790005201bf43c937],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{C292AD0A-C11F-479B-B8DB-743E72D283B0}, Quarantined, [2dd3e7194bb5798790005201bf43c937],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{C292AD0A-C11F-479B-B8DB-743E72D283B0}, Quarantined, [2dd3e7194bb5798790005201bf43c937],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\esrv.mysearchdialESrvc.1, Quarantined, [2dd3e7194bb5798790005201bf43c937],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\esrv.mysearchdialESrvc, Quarantined, [2dd3e7194bb5798790005201bf43c937],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.mysearchdialESrvc, Quarantined, [2dd3e7194bb5798790005201bf43c937],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.mysearchdialESrvc.1, Quarantined, [2dd3e7194bb5798790005201bf43c937],
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3378045386-2888020065-354968016-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\mysearchdial.com, Quarantined, [3bc5cd335ca4f40cb8e45e43c93aae52],
PUP.Optional.PriceGong.A, HKU\S-1-5-21-3378045386-2888020065-354968016-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, Quarantined, [42be8b75fd03fa0614a08afa748e4fb1],
PUP.Optional.Conduit.A, HKU\S-1-5-21-3378045386-2888020065-354968016-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CONDUIT\FF, Quarantined, [a15fa95751afdc243ce00a9cb053738d],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3378045386-2888020065-354968016-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [6997837d70909070422c0189be4420e0],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3378045386-2888020065-354968016-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [6799f10fa45c87796334841cd2313ac6],
Registry Values: 1
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3378045386-2888020065-354968016-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0X1R1U2Z1O1C1N0C1O2Y1T1M2U1R1E2P1V, Quarantined, [6799f10fa45c87796334841cd2313ac6]
Registry Data: 4
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztDyC0CyEtAtAyB0FzztA0AtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=217431662&ir=, Good: (hxxp://www.google.com), Bad: (hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztDyC0CyEtAtAyB0FzztA0AtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=217431662&ir=),Replaced,[de2215eb21df09f798628aab5fa56f91]
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|Tabs, hxxp://start.mysearchdial.com/?f=2&a=irmsd103&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztDyC0CyEtAtAyB0FzztA0AtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=217431662&ir=, Good: (www.google.com), Bad: (hxxp://start.mysearchdial.com/?f=2&a=irmsd103&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztDyC0CyEtAtAyB0FzztA0AtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=217431662&ir=),Replaced,[d82815eb6f91867a8427fb31749052ae]
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztDyC0CyEtAtAyB0FzztA0AtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=217431662&ir=, Good: (hxxp://www.google.com), Bad: (hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztDyC0CyEtAtAyB0FzztA0AtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=217431662&ir=),Replaced,[06fa7c84ef1118e8a555f243fd07cb35]
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3378045386-2888020065-354968016-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztDyC0CyEtAtAyB0FzztA0AtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=217431662&ir=, Good: (hxxp://www.google.com), Bad: (hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztDyC0CyEtAtAyB0FzztA0AtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=217431662&ir=),Replaced,[d030d12f956b1fe19a5fd85ddb290ef2]
Folders: 13
PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\MYSEARCHDIAL, Quarantined, [a8585ea29d632bd5630d73f3867cb14f],
PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\MYSEARCHDIAL\icons_2.2.8.1247, Quarantined, [a8585ea29d632bd5630d73f3867cb14f],
PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\MYSEARCHDIAL\UpdateProc, Quarantined, [a8585ea29d632bd5630d73f3867cb14f],
PUP.Optional.OpenCandy, C:\Users\Lukas\AppData\Roaming\OPENCANDY, Quarantined, [b05090707c84bb45106e491d5ca67d83],
PUP.Optional.OpenCandy, C:\Users\Lukas\AppData\Roaming\OPENCANDY\97837D88D1BC4FB4B3174CC79F76AF46, Quarantined, [b05090707c84bb45106e491d5ca67d83],
PUP.Optional.OpenCandy, C:\Users\Lukas\AppData\Roaming\OPENCANDY\C0718CC28AA14E7986CD0D912CE4CD9B, Quarantined, [b05090707c84bb45106e491d5ca67d83],
PUP.Optional.OpenCandy, C:\Users\Lukas\AppData\Roaming\OPENCANDY\EA339CDF853B41119199CF26217942FD, Quarantined, [b05090707c84bb45106e491d5ca67d83],
PUP.Optional.Conduit.A, C:\Users\Lukas\AppData\Local\Temp\CT3282698, Quarantined, [2dd3bb452ad62cd425d1184ebf43b947],
PUP.Optional.Conduit.A, C:\Users\Lukas\AppData\Local\Temp\CT3282698\xpi, Quarantined, [2dd3bb452ad62cd425d1184ebf43b947],
PUP.Optional.Conduit.A, C:\Users\Lukas\AppData\Local\Temp\CT3282698\xpi\defaults, Quarantined, [2dd3bb452ad62cd425d1184ebf43b947],
PUP.Optional.Conduit.A, C:\Users\Lukas\AppData\Local\Temp\CT3282698\xpi\defaults\preferences, Quarantined, [2dd3bb452ad62cd425d1184ebf43b947],
PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE, Quarantined, [7f81bd433dc3d729d03aa8bf46bc15eb],
PUP.Optional.SimilarSites.A, C:\Users\Lukas\AppData\Roaming\SIMILARSITES, Quarantined, [619f8b7512ee5fa15b62caa4679ba35d],
Files: 72
PUP.Optional.Conduit, C:\Users\Lukas\AppData\Roaming\OpenCandy\97837D88D1BC4FB4B3174CC79F76AF46\StubInstaller_SweetTunesInt_v4.exe, Quarantined, [e7197f8155ab8c744f89db493cc4bc44],
PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Local\Temp\UpdateTask.exe.1127250, Quarantined, [a55b9a66d729768ae674f62f58a9ec14],
PUP.Optional.OptimizerPro.A, C:\Users\Lukas\AppData\Local\Temp\is1070216317\890211_stp.EXE, Quarantined, [986840c00cf4966aed1f4bd3c43dcc34],
PUP.Optional.WiseEnhance.A, C:\Users\Lukas\AppData\Local\Temp\is961225091\1197440_stp\setup_wiseenhance.exe, Quarantined, [639d8f71b54b57a9691ce249de26be42],
PUP.Optional.SimilarSites.A, C:\Users\Lukas\AppData\Local\Temp\is961225091\1197736_stp\SimilarBundleGenericDl.exe, Quarantined, [97698e728b7504fc093e70cd7987b44c],
PUP.Optional.FunMoods.A, C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\CHROME-EXTENSION_PFLPHAOOAPBGPEAKOHLGGBPIDPPPGDFF_0.LOCALSTORAGE, Quarantined, [c739649cfc0400005278842505fe02fe],
PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\mysearchdial\icons_2.2.8.1247\62.ico, Quarantined, [a8585ea29d632bd5630d73f3867cb14f],
PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\mysearchdial\icons_2.2.8.1247\80.ico, Quarantined, [a8585ea29d632bd5630d73f3867cb14f],
PUP.Optional.OpenCandy, C:\Users\Lukas\AppData\Roaming\OpenCandy\C0718CC28AA14E7986CD0D912CE4CD9B\Trial-14.0.1000.89_de-DE_1004726_AT-1.exe, Quarantined, [b05090707c84bb45106e491d5ca67d83],
PUP.Optional.OpenCandy, C:\Users\Lukas\AppData\Roaming\OpenCandy\EA339CDF853B41119199CF26217942FD\PokkiInstaller.exe, Quarantined, [b05090707c84bb45106e491d5ca67d83],
PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.aflt", "irmsd103");), Replaced,[14ec1ee2926e31cf80a973efa65e43bd]
PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");), Replaced,[01fff10fbc448f712702c89a64a0e11f]
PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzuzyyE0D0EzztDyC0CyEtAtAyB0FzztA0AtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA");), Replaced,[728e42be27d915eb65c40c5639cbde22]
PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.cntry", "AT");), Replaced,[d42ca45c9a66ae52b37664fe8b7924dc]
PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.cr", "217431662");), Replaced,[08f8fb054ab6699793964d150afaa759]
PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.dfltLng", "");), Replaced,[1fe139c7cd33619fb178b9a9b252867a]
PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.dfltSrch", true);), Replaced,[c0409b6503fd936d6dbc045ec93bb54b]
PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.dnsErr", true);), Replaced,[7e8206faad537987b673c49eba4a6f91]
PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,1828564131,3396905322,2787570089,1850357963,3855095921,1516386922,3836221436,2015489896,270173904,3729539987,424611005,965674394,609003582,2041931190,3874294282,2774755777,931959409,398575749,3999997753,1104451911,1233863968,4280856088,1554076246,1949401179,1770772786,3253391265,3778438159,1649478750,2848156272,2476712966,3103989719,475488147,1715867073,3594694113,3774606882,4036647035,1593922001,4110151693,2941033654,3206511613");), Replaced,[f10f20e0c93714ecf435a0c227dd02fe]
PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.excTlbr", false);), Replaced,[26da9e62d729ee12c267154d6f95f010]
PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.hdrMd5", "C9C768AAE16C6B76540AF974D2E4E7F9");), Replaced,[a55bad5320e052ae4fda2c36af55a65a]
PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.hmpg", true);), Replaced,[60a0a65ad12f2ed234f5600242c2bb45]
PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztDyC0CyEtAtAyB0FzztA0AtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=217431662&ir=");), Replaced,[04fc8977946cab55ff2a2d3540c432ce]
PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.id", "94DE806C4337F83A");), Replaced,[6b956d937f812fd19e8b1d4561a321df]
PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.instlDay", "16018");), Replaced,[29d748b8f20ee51b66c381e1729231cf]
PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.instlRef", "");), Replaced,[39c78b75837d0ff13bee80e25ea62fd1]
PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztDyC0CyEtAtAyB0FzztA0AtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=217431662&ir=");), Replaced,[6a9613edfd0369974edbdc86669e01ff]
PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.21.014:17:20");), Replaced,[6d93fd035fa1d22ee04976ecd430fa06]
PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=irmsd103&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztDyC0CyEtAtAyB0FzztA0AtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=217431662&ir=");), Replaced,[eb1508f87f8103fdd85177ebe420cf31]
PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"81\",\"lastVrsn\":\"81\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");), Replaced,[ee12b14f3fc1cc346fba055d10f47e82]
PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.prdct", "mysearchdial");), Replaced,[837d768ad42ca8581514adb5f70d8f71]
PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");), Replaced,[05fb26dadd23847cfe2bb2b0c73d916f]
PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.sg", "none");), Replaced,[a9571be5ec14eb150c1d66fced172bd5]
PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");), Replaced,[26da1ee27e8267993dec4220aa5af20e]
PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.tlbrId", "base");), Replaced,[ed135ea27d83c13f33f6db87897bcd33]
PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=irmsd103&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztDyC0CyEtAtAyB0FzztA0AtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=217431662&ir=&q=");), Replaced,[08f851af90706a9626030062798b57a9]
PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");), Replaced,[659b7a863ec2857b4edb4a1846bef907]
PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");), Replaced,[6c9447b9da26b64aaa7f6ef450b415eb]
PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial_i.hmpg", true);), Replaced,[da26bc441ee229d79f8adb8736ce8779]
PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial_i.newTab", false);), Replaced,[fa06ec1409f76a96a6832b378a7aa55b]
PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial_i.smplGrp", "none");), Replaced,[55ab966a639d14ecc8610062927223dd]
PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.014:17:20");), Replaced,[33cd39c7b14f59a7a08993cff21209f7]
PUP.Optional.Conduit.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js, Good: (), Bad: (user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3282698&CUI=UN24910470396943083&UM=2&SearchSource=3&q={searchTerms}");), Replaced,[38c8eb1552aeec14f6a1055d5ca835cb]
PUP.Optional.MySearch.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\user.js, Good: (), Bad: (user_pref("extensions.irmysearch.aflt", "irmsd103");), Replaced,[f907d030a45c3dc31a07075bf41024dc]
PUP.Optional.MySearch.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\user.js, Good: (), Bad: (user_pref("extensions.irmysearch.instlRef", "");), Replaced,[17e9a25e2dd39c64ac75461c27ddb24e]
PUP.Optional.MySearch.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\user.js, Good: (), Bad: (user_pref("extensions.irmysearch.cr", "217431662");), Replaced,[45bb847c7f8148b88a9773ef3cc856aa]
PUP.Optional.MySearch.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\user.js, Good: (), Bad: (user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzuzyyE0D0EzztDyC0CyEtAtAyB0FzztA0AtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA");), Replaced,[ef11a858f0108878c958fb67af55768a]
PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.hmpg", true);), Replaced,[fa06dc24936d38c824066cf6897b7d83]
PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztDyC0CyEtAtAyB0FzztA0AtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=217431662&ir=");), Replaced,[e31dbc444bb5ff0122088cd63acad12f]
PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.dfltSrch", true);), Replaced,[05fbe51b32ce14ec5ecc82e0f90b669a]
PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");), Replaced,[26da936d31cfce3241e9fb67b153f50b]
PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.dnsErr", true);), Replaced,[cf3139c72fd1f0105fcb1b47cf35669a]
PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial_i.newTab", false);), Replaced,[04fcf60a15eb56aa9496372b10f41be5]
PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=irmsd103&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztDyC0CyEtAtAyB0FzztA0AtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=217431662&ir=");), Replaced,[946cd828f0109f619c8eb8aa19eb53ad]
PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=irmsd103&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztDyC0CyEtAtAyB0FzztA0AtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=217431662&ir=&q=");), Replaced,[659b7e8232ce9f6173b7550dae56b749]
PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.id", "94DE806C4337F83A");), Replaced,[03fd28d858a8b050e54590d215ef34cc]
PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.instlDay", "16018");), Replaced,[d62ad12f659b23dd37f3273b44c0db25]
PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");), Replaced,[f01039c7c23edd2367c32b37986cb54b]
PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");), Replaced,[eb15dd2302fedd2383a7ec762ada43bd]
PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.014:17:20");), Replaced,[fa063fc1778934ccbc6ebfa3e321d42c]
PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");), Replaced,[e21e50b07b85ba46002a8ad80004b24e]
PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.prdct", "mysearchdial");), Replaced,[04fc14ec4cb459a7bf6b99c956ae4db3]
PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.aflt", "irmsd103");), Replaced,[c43ca55b9a66629e7baf0a5852b29868]
PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial_i.smplGrp", "none");), Replaced,[e61a7f81c9379a661c0ebda5976d639d]
PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.tlbrId", "base");), Replaced,[639dde226b95ec14002a243e4cb841bf]
PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.instlRef", "");), Replaced,[c63a0ef258a83bc5a68499c92fd5ec14]
PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.dfltLng", "");), Replaced,[7d8378880ef28a764dddf56df21239c7]
PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");), Replaced,[29d79e62fe02926e9793451d956fdc24]
PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.excTlbr", false);), Replaced,[de220ff1e71938c8909ab1b1f2125da3]
PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial_i.hmpg", true);), Replaced,[1ce4db256f91e21e4ae0c79b6c98857b]
PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.cr", "217431662");), Replaced,[01ff000009f7758b0b1fcb97ac5851af]
PUP.Optional.MySearchDial.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzuzyyE0D0EzztDyC0CyEtAtAyB0FzztA0AtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA");), Replaced,[ea167e82af5142bed4569fc39f65956b]
Physical Sectors: 0
(No malicious items detected)
(end) AdwCleaner[S0].txt Code:
# AdwCleaner v3.205 - Bericht erstellt am 01/05/2014 um 14:42:32
# Aktualisiert 28/04/2014 von Xplode
# Betriebssystem : Windows 8 (64 bits)
# Benutzername : Lukas - LUKAS-PC
# Gestartet von : C:\Users\Lukas\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\Optimizer Pro
Ordner Gelöscht : C:\Program Files (x86)\SoftwareUpdater
Ordner Gelöscht : C:\Windows\SysWOW64\AI_RecycleBin
Ordner Gelöscht : C:\Program Files\SoftwareUpdater
Ordner Gelöscht : C:\Users\Lukas\.android
Ordner Gelöscht : C:\Users\Lukas\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Lukas\AppData\Local\DownloadGuide
Ordner Gelöscht : C:\Users\Lukas\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Lukas\AppData\Local\Temp\Conduit
Ordner Gelöscht : C:\Users\Lukas\AppData\Local\Temp\WiseEnhance
Ordner Gelöscht : C:\Users\Lukas\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Lukas\AppData\LocalLow\PriceGong
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\sweettunes_search.xml
Datei Gelöscht : C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\user.js
Datei Gelöscht : C:\Windows\Tasks\MySearchDial.job
Datei Gelöscht : C:\Windows\System32\Tasks\MySearchDial
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\Classes\pokki
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}]
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\Software\Conduit
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16537
-\\ Mozilla Firefox v28.0 (de)
[ Datei : C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js ]
Zeile gelöscht : user_pref("CT3282698.FF19Solved", "true");
Zeile gelöscht : user_pref("CT3282698.UserID", "UN24910470396943083");
Zeile gelöscht : user_pref("CT3282698.browser.search.defaultthis.engineName", "true");
Zeile gelöscht : user_pref("CT3282698.fullUserID", "UN24910470396943083.IN.20131006202210");
Zeile gelöscht : user_pref("CT3282698.installDate", "06/10/2013 20:22:12");
Zeile gelöscht : user_pref("CT3282698.installSessionId", "{AA4E5C44-1F9C-49C3-A48C-875B0858149E}");
Zeile gelöscht : user_pref("CT3282698.installSp", "TRUE");
Zeile gelöscht : user_pref("CT3282698.installerVersion", "1.7.101.1");
Zeile gelöscht : user_pref("CT3282698.keyword", "true");
Zeile gelöscht : user_pref("CT3282698.originalHomepage", "about:home");
Zeile gelöscht : user_pref("CT3282698.originalSearchAddressUrl", "");
Zeile gelöscht : user_pref("CT3282698.originalSearchEngine", "");
Zeile gelöscht : user_pref("CT3282698.originalSearchEngineName", "");
Zeile gelöscht : user_pref("CT3282698.searchRevert", "false");
Zeile gelöscht : user_pref("CT3282698.searchUserMode", "2");
Zeile gelöscht : user_pref("CT3282698.smartbar.homepage", "true");
Zeile gelöscht : user_pref("CT3282698.versionFromInstaller", "10.20.103.6");
Zeile gelöscht : user_pref("CT3282698.xpeMode", "0");
Zeile gelöscht : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Zeile gelöscht : user_pref("browser.search.defaultthis.engineName", "SweetTunes1 Customized Web Search");
Zeile gelöscht : user_pref("browser.search.order.1", "Mysearchdial");
Zeile gelöscht : user_pref("smartbar.addressBarOwnerCTID", "CT3282698");
Zeile gelöscht : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3282698&CUI=UN24910470396943083&UM=2&SearchSource=13");
Zeile gelöscht : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3282698&SearchSource=2&CUI=UN24910470396943083&UM=2&q=");
Zeile gelöscht : user_pref("smartbar.defaultSearchOwnerCTID", "CT3282698");
Zeile gelöscht : user_pref("smartbar.homePageOwnerCTID", "CT3282698");
Zeile gelöscht : user_pref("smartbar.machineId", "XTMK8GE5I5YCJAOPXDSH3ZW3XIGZCFVEWLEKMXDZNW3LCCLLA6H5YN3XRTM5IQ4JVHSLYPKOVNC4H+BICMXXUW");
Zeile gelöscht : user_pref("smartbar.pciMachineID", "PCI\\VEN_8086&DEV_153B&SUBSYS_E0001458&REV_04\\3&11583659&0&C8");
Zeile gelöscht : user_pref("smartbar.plainMachineId", "94:DE:80:6C:43:37BFEBFBFF000306C3");
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [5559 octets] - [01/05/2014 14:42:02]
AdwCleaner[S0].txt - [5422 octets] - [01/05/2014 14:42:32]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5482 octets] ########## AdwCleaner[R1].txt Code:
# AdwCleaner v3.205 - Bericht erstellt am 01/05/2014 um 15:07:12
# Aktualisiert 28/04/2014 von Xplode
# Betriebssystem : Windows 8 (64 bits)
# Benutzername : Lukas - LUKAS-PC
# Gestartet von : C:\Users\Lukas\Desktop\adwcleaner.exe
# Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16537
-\\ Mozilla Firefox v28.0 (de)
[ Datei : C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\prefs.js ]
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [5559 octets] - [01/05/2014 14:42:02]
AdwCleaner[R1].txt - [721 octets] - [01/05/2014 15:07:12]
AdwCleaner[S0].txt - [5570 octets] - [01/05/2014 14:42:34]
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [840 octets] ########## JRT.txt Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 8 x64
Ran by Lukas on 01.05.2014 at 14:59:33,15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1D01C76C-B534-4D77-B89B-6A571B9F69F0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{29F29746-ABE1-2A50-BA31-2A61476C383C}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\sitefinder"
~~~ FireFox
Emptied folder: C:\Users\Lukas\AppData\Roaming\mozilla\firefox\profiles\kpzno0li.default\minidumps [6 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.05.2014 at 15:02:21,46
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST.txt
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-05-2014
Ran by Lukas (administrator) on LUKAS-PC on 01-05-2014 15:05:55
Running from C:\Users\Lukas\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Program Files (x86)\GIGABYTE\EasyTune\SensorDetector.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(CMedia) C:\Program Files\ASUS Xonar DX Audio\Customapp\AsusAudioCenter.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\Lukas\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8290584 2013-08-01] (Logitech Inc.)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project)
HKLM\...\Run: [Cmaudio8788] => C:\Windows\Syswow64\cmicnfgp.dll [12935168 2012-11-20] (C-Media Corporation)
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-04-28] (AVAST Software)
HKLM-x32\...\RunOnce: [SensorDetector] - C:\Program Files (x86)\GIGABYTE\EasyTune\PreSensorDetector.exe [9728 2013-04-09] (GIGA-BYTE TECHNOLOGY CO., LTD.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3378045386-2888020065-354968016-1002\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)
HKU\S-1-5-21-3378045386-2888020065-354968016-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-3378045386-2888020065-354968016-1002\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3872080 2013-10-27] (Microsoft Corporation)
HKU\S-1-5-21-3378045386-2888020065-354968016-1002\...\MountPoints2: {1c47d8e4-4092-11e3-beee-94de806c4337} - "F:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-3378045386-2888020065-354968016-1002\...\MountPoints2: {39071620-2b9b-11e3-beab-94de806c4337} - "F:\SISetup.exe"
HKU\S-1-5-21-3378045386-2888020065-354968016-1002\...\MountPoints2: {516dfacf-34d4-11e3-bec2-94de806c4337} - "F:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-3378045386-2888020065-354968016-1002\...\MountPoints2: {57e9c178-8b47-11e3-bf86-94de806c4337} - "E:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-3378045386-2888020065-354968016-1002\...\MountPoints2: {ab0b9922-2ead-11e3-beb2-94de806c4337} - "F:\setup.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk
ShortcutTarget: GIGABYTE OC_GURU.lnk -> C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe (GIGABYTE Technology Co.,Ltd.)
Startup: C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Lukas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
Startup: C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk
ShortcutTarget: Samsung Magician.lnk -> C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe (Samsung Electronics.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD6C4362857BCCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKLM-x32 - {1D01C76C-B534-4D77-B89B-6A571B9F69F0 URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztDyC0CyEtAtAyB0FzztA0AtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=217431662&ir=
SearchScopes: HKLM-x32 - {627BAF9A-17A5-07C4-D7D1-272FBEF1CBDD} URL =
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No File
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21
FireFox:
========
FF ProfilePath: C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 - C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @raidcall.en/RCplugin - C:\Users\Lukas\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Website Discovery Pro - C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\Extensions\discoverypro@discoverypro.com [2014-04-29]
FF Extension: WOT - C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-27]
FF Extension: anonymoX - C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\Extensions\client@anonymox.net.xpi [2014-05-01]
FF Extension: Ghostery - C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\Extensions\firefox@ghostery.com.xpi [2014-04-28]
FF Extension: Session Manager - C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2014-03-26]
FF Extension: Adblock Plus - C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\kpzno0li.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-02]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-09-09]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-09-09]
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
==================== Services (Whitelisted) =================
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-28] (AVAST Software)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-04-11] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2012-10-08] ()
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP5\RpcAgentSrv.exe [71832 2008-08-29] (SiSoftware)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21584 2013-02-19] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-04-28] ()
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-28] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-28] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-28] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-04-28] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-04-28] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-04-28] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-04-28] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [129536 2013-07-05] (Advanced Micro Devices)
R3 cmudaxp; C:\Windows\system32\drivers\cmudaxp.sys [2734080 2013-04-11] (C-Media Inc)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-10-06] (DT Soft Ltd)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d63x64.sys [468752 2013-02-26] (Intel Corporation)
S3 GPCIDrv; C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [14376 2010-02-04] ()
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-01] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-12-24] (Marvell Semiconductor, Inc.)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP5\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2013-09-27] ()
R3 tap0901t; C:\Windows\system32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [21072 2013-03-27] ()
S3 USBTINSP; C:\Windows\System32\drivers\tinspusb.sys [142848 2010-03-29] (Texas Instruments)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-01 15:05 - 2014-05-01 15:05 - 00018322 _____ () C:\Users\Lukas\Desktop\FRST.txt
2014-05-01 14:49 - 2014-05-01 14:49 - 00000000 ____D () C:\Windows\ERUNT
2014-05-01 14:47 - 2014-05-01 14:47 - 01016261 _____ (Thisisu) C:\Users\Lukas\Desktop\JRT.exe
2014-05-01 14:42 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-01 14:41 - 2014-05-01 14:42 - 00000000 ____D () C:\AdwCleaner
2014-05-01 14:40 - 2014-05-01 14:40 - 01310621 _____ () C:\Users\Lukas\Desktop\adwcleaner.exe
2014-05-01 03:16 - 2014-05-01 14:59 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-01 03:16 - 2014-05-01 03:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-01 03:16 - 2014-05-01 03:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-01 03:16 - 2014-05-01 03:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-01 03:16 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-01 03:16 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-01 03:16 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-01 03:14 - 2014-05-01 03:14 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Lukas\Desktop\mbam-setup-2.0.1.1004.exe
2014-05-01 02:57 - 2014-05-01 02:57 - 00380416 _____ () C:\Users\Lukas\Desktop\Gmer-19357.exe
2014-05-01 02:54 - 2014-05-01 15:05 - 00000000 ____D () C:\FRST
2014-05-01 02:54 - 2014-05-01 14:32 - 00000000 ____D () C:\Users\Lukas\Desktop\Trojaner-Board
2014-05-01 02:54 - 2014-05-01 02:54 - 02061824 _____ (Farbar) C:\Users\Lukas\Desktop\FRST64.exe
2014-05-01 02:52 - 2014-05-01 02:52 - 00000168 _____ () C:\Users\Lukas\defogger_reenable
2014-05-01 02:37 - 2014-05-01 02:37 - 00050477 _____ () C:\Users\Lukas\Desktop\Defogger.exe
2014-04-30 20:19 - 2014-04-30 20:19 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\raidcall
2014-04-30 20:17 - 2014-04-30 20:22 - 00000000 ____D () C:\Program Files (x86)\RaidCall
2014-04-30 20:17 - 2014-04-30 20:17 - 00001031 _____ () C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\RaidCall.lnk
2014-04-30 20:17 - 2014-04-30 20:17 - 00001007 _____ () C:\Users\Lukas\Desktop\RaidCall.lnk
2014-04-30 20:17 - 2014-04-30 20:17 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\rcru
2014-04-30 20:17 - 2014-04-30 20:17 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RaidCall
2014-04-30 20:17 - 2014-04-30 20:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RaidCall
2014-04-28 00:29 - 2014-04-28 00:29 - 00002054 _____ () C:\Users\Lukas\Desktop\JDownloader 2.lnk
2014-04-28 00:29 - 2014-04-28 00:29 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2014-04-28 00:28 - 2014-04-29 18:19 - 00000000 ____D () C:\Users\Lukas\AppData\Local\JDownloader v2.0
2014-04-28 00:08 - 2014-03-31 23:18 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-28 00:08 - 2014-03-31 23:18 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-28 00:06 - 2014-02-04 01:56 - 00332632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-28 00:06 - 2014-02-04 01:56 - 00278872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-28 00:06 - 2014-01-31 05:55 - 00209712 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-04-28 00:06 - 2014-01-31 02:48 - 00564736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-04-28 00:06 - 2014-01-31 02:48 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2014-04-28 00:06 - 2014-01-31 02:48 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2014-04-28 00:06 - 2014-01-31 02:48 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-28 00:06 - 2014-01-31 02:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-04-28 00:06 - 2014-01-31 02:06 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2014-04-28 00:06 - 2014-01-31 02:06 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-28 00:06 - 2014-01-27 05:42 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-04-28 00:06 - 2014-01-27 05:39 - 01939288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-28 00:06 - 2014-01-27 02:52 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-04-28 00:06 - 2014-01-27 02:31 - 19752448 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-04-28 00:06 - 2014-01-27 01:17 - 00386722 _____ () C:\Windows\system32\ApnDatabase.xml
2014-04-28 00:06 - 2014-01-16 01:42 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2014-04-28 00:06 - 2014-01-11 08:48 - 05979648 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-04-28 00:06 - 2014-01-11 07:06 - 05092352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-04-28 00:06 - 2014-01-03 01:35 - 00365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-04-28 00:06 - 2014-01-03 01:32 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-04-28 00:05 - 2014-03-07 02:48 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-28 00:05 - 2014-03-07 02:48 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-28 00:05 - 2014-03-07 02:47 - 14357504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-28 00:05 - 2014-03-07 02:47 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-28 00:05 - 2014-03-07 02:47 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-28 00:05 - 2014-03-07 02:47 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-28 00:05 - 2014-03-07 02:47 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-04-28 00:05 - 2014-03-07 02:47 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-28 00:05 - 2014-03-07 02:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-28 00:05 - 2014-03-07 02:08 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-28 00:05 - 2014-03-07 02:08 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-28 00:05 - 2014-03-07 02:08 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-28 00:05 - 2014-03-07 02:08 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-28 00:05 - 2014-03-07 02:08 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-28 00:05 - 2014-03-07 02:08 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-28 00:05 - 2014-03-07 02:08 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-04-28 00:05 - 2014-03-07 02:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-28 00:05 - 2014-03-07 02:08 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-28 00:05 - 2014-03-07 02:08 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-28 00:05 - 2014-02-06 01:41 - 01257984 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-28 00:05 - 2014-02-06 01:41 - 00978432 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-04-28 00:05 - 2014-02-06 01:26 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-04-28 00:05 - 2014-02-06 01:19 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-28 00:05 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-04-28 00:05 - 2013-05-16 00:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-04-28 00:05 - 2013-05-14 15:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-28 00:05 - 2013-05-14 11:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-28 00:05 - 2013-02-21 12:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-04-28 00:05 - 2013-02-21 12:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-28 00:05 - 2013-02-21 12:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-28 00:05 - 2013-02-21 12:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-28 00:05 - 2013-02-21 12:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-28 00:05 - 2013-02-21 12:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-28 00:05 - 2013-02-19 11:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-04-28 00:05 - 2012-11-08 06:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-28 00:05 - 2012-11-08 06:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-28 00:05 - 2012-07-26 05:06 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-28 00:04 - 2014-04-28 00:04 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-28 00:04 - 2014-04-28 00:04 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-04-28 00:04 - 2014-04-28 00:04 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-04-28 00:02 - 2014-04-28 00:02 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\ARecEngine
2014-04-07 23:58 - 2014-04-07 23:58 - 00000741 _____ () C:\Users\Lukas\Desktop\Don't Starve.lnk
2014-04-07 21:32 - 2014-04-07 21:32 - 00000000 ____D () C:\Users\Lukas\Documents\Klei
2014-04-05 23:22 - 2014-04-05 23:22 - 00000000 ____D () C:\ProgramData\Steam
2014-04-05 23:18 - 2014-04-05 23:18 - 00001395 _____ () C:\Users\Public\Desktop\The Walking Dead - Survival Instinct.lnk
2014-04-05 23:18 - 2014-04-05 23:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision
2014-04-05 23:13 - 2014-04-05 23:13 - 00000000 ____D () C:\Program Files (x86)\Activision
2014-04-05 16:37 - 2014-04-05 16:37 - 00359752 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-04 22:41 - 2014-04-04 22:41 - 00000000 ____D () C:\ProgramData\LumaEmu_SteamCloud
2014-04-04 22:40 - 2014-04-04 22:40 - 00000000 ___SH () C:\Users\Lukas\AppData\Local\LumaEmu
2014-04-04 22:40 - 2014-04-04 22:40 - 00000000 ____D () C:\Users\Lukas\Documents\BIS Core Engine
2014-04-04 22:00 - 2014-04-04 23:06 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\Tunngle
2014-04-04 22:00 - 2014-04-04 23:06 - 00000000 ____D () C:\ProgramData\Tunngle
2014-04-04 22:00 - 2014-04-04 22:00 - 00000991 _____ () C:\Users\Public\Desktop\Tunngle beta.lnk
2014-04-04 22:00 - 2014-04-04 22:00 - 00000000 ____D () C:\Users\Public\Documents\Tunngle
2014-04-04 22:00 - 2014-04-04 22:00 - 00000000 ____D () C:\Users\Lukas\Documents\Tunngle
2014-04-04 22:00 - 2014-04-04 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle
2014-04-04 22:00 - 2014-04-04 22:00 - 00000000 ____D () C:\Program Files (x86)\Tunngle
2014-04-04 22:00 - 2009-09-16 07:02 - 00031232 _____ (Tunngle.net) C:\Windows\system32\Drivers\tap0901t.sys
2014-04-04 21:19 - 2014-04-04 21:20 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-04-04 20:15 - 2014-04-04 22:40 - 00000000 ____D () C:\Users\Lukas\AppData\Local\DayZ
2014-04-04 20:15 - 2014-04-04 20:15 - 00000000 ____D () C:\Users\Lukas\Documents\DayZ
2014-04-04 20:08 - 2014-04-04 20:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-04-04 20:08 - 2014-04-04 20:08 - 00000000 ____D () C:\Program Files\7-Zip
2014-04-04 19:50 - 2014-04-05 20:13 - 00000000 ____D () C:\Users\Lukas\Desktop\DayZ
2014-04-04 01:57 - 2014-02-08 06:34 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-04-04 01:57 - 2013-10-25 09:34 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-04-04 01:57 - 2013-10-25 00:34 - 00248240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-04-04 01:56 - 2014-02-06 01:41 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-04-04 01:56 - 2014-02-06 01:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-04-04 01:56 - 2014-01-31 02:48 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-04-04 01:56 - 2014-01-31 02:06 - 01628160 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-04-04 01:54 - 2014-04-04 01:54 - 00000000 ____D () C:\Users\Lukas\Desktop\ChemWord
==================== One Month Modified Files and Folders =======
2014-05-01 15:06 - 2014-05-01 15:05 - 00018322 _____ () C:\Users\Lukas\Desktop\FRST.txt
2014-05-01 15:05 - 2014-05-01 02:54 - 00000000 ____D () C:\FRST
2014-05-01 15:03 - 2012-07-26 12:27 - 00752930 _____ () C:\Windows\system32\perfh007.dat
2014-05-01 15:03 - 2012-07-26 12:27 - 00156156 _____ () C:\Windows\system32\perfc007.dat
2014-05-01 15:03 - 2012-07-26 09:28 - 01748838 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-01 15:02 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-05-01 14:59 - 2014-05-01 03:16 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-01 14:59 - 2013-11-24 19:07 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\Dropbox
2014-05-01 14:59 - 2013-09-28 00:19 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-05-01 14:59 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-01 14:49 - 2014-05-01 14:49 - 00000000 ____D () C:\Windows\ERUNT
2014-05-01 14:47 - 2014-05-01 14:47 - 01016261 _____ (Thisisu) C:\Users\Lukas\Desktop\JRT.exe
2014-05-01 14:44 - 2013-09-09 00:30 - 00178230 _____ () C:\Windows\PFRO.log
2014-05-01 14:43 - 2013-09-09 18:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-01 14:42 - 2014-05-01 14:41 - 00000000 ____D () C:\AdwCleaner
2014-05-01 14:42 - 2013-09-09 01:00 - 00000000 ____D () C:\Users\Lukas
2014-05-01 14:40 - 2014-05-01 14:40 - 01310621 _____ () C:\Users\Lukas\Desktop\adwcleaner.exe
2014-05-01 14:35 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-05-01 14:32 - 2014-05-01 02:54 - 00000000 ____D () C:\Users\Lukas\Desktop\Trojaner-Board
2014-05-01 14:13 - 2013-10-08 23:50 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\Skype
2014-05-01 05:03 - 2013-09-12 00:44 - 00000000 ____D () C:\Users\Lukas\AppData\Local\PMB Files
2014-05-01 05:03 - 2013-09-12 00:44 - 00000000 ____D () C:\ProgramData\PMB Files
2014-05-01 04:48 - 2014-03-20 03:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-05-01 03:16 - 2014-05-01 03:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-01 03:16 - 2014-05-01 03:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-01 03:16 - 2014-05-01 03:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-01 03:14 - 2014-05-01 03:14 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Lukas\Desktop\mbam-setup-2.0.1.1004.exe
2014-05-01 03:12 - 2012-07-26 07:26 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-05-01 02:57 - 2014-05-01 02:57 - 00380416 _____ () C:\Users\Lukas\Desktop\Gmer-19357.exe
2014-05-01 02:54 - 2014-05-01 02:54 - 02061824 _____ (Farbar) C:\Users\Lukas\Desktop\FRST64.exe
2014-05-01 02:52 - 2014-05-01 02:52 - 00000168 _____ () C:\Users\Lukas\defogger_reenable
2014-05-01 02:37 - 2014-05-01 02:37 - 00050477 _____ () C:\Users\Lukas\Desktop\Defogger.exe
2014-05-01 00:55 - 2013-11-09 16:14 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\vlc
2014-04-30 20:22 - 2014-04-30 20:17 - 00000000 ____D () C:\Program Files (x86)\RaidCall
2014-04-30 20:22 - 2013-10-08 17:11 - 00000000 ____D () C:\Users\Lukas\AppData\Local\Last.fm
2014-04-30 20:19 - 2014-04-30 20:19 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\raidcall
2014-04-30 20:17 - 2014-04-30 20:17 - 00001031 _____ () C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\RaidCall.lnk
2014-04-30 20:17 - 2014-04-30 20:17 - 00001007 _____ () C:\Users\Lukas\Desktop\RaidCall.lnk
2014-04-30 20:17 - 2014-04-30 20:17 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\rcru
2014-04-30 20:17 - 2014-04-30 20:17 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RaidCall
2014-04-30 20:17 - 2014-04-30 20:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RaidCall
2014-04-29 18:19 - 2014-04-28 00:28 - 00000000 ____D () C:\Users\Lukas\AppData\Local\JDownloader v2.0
2014-04-28 19:43 - 2013-09-09 18:26 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-28 03:23 - 2013-09-09 00:41 - 01909601 _____ () C:\Windows\WindowsUpdate.log
2014-04-28 01:31 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-04-28 01:20 - 2013-09-09 01:05 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3378045386-2888020065-354968016-1002
2014-04-28 00:29 - 2014-04-28 00:29 - 00002054 _____ () C:\Users\Lukas\Desktop\JDownloader 2.lnk
2014-04-28 00:29 - 2014-04-28 00:29 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2014-04-28 00:27 - 2013-11-09 15:18 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-04-28 00:09 - 2013-09-09 01:00 - 00000000 ___RD () C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-28 00:09 - 2013-09-09 01:00 - 00000000 ___RD () C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-28 00:07 - 2013-09-12 17:27 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-28 00:07 - 2013-09-09 15:35 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-28 00:07 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData
2014-04-28 00:07 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore
2014-04-28 00:06 - 2013-09-09 15:35 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-28 00:04 - 2014-04-28 00:04 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-28 00:04 - 2014-04-28 00:04 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-04-28 00:04 - 2014-04-28 00:04 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-04-28 00:04 - 2014-02-12 22:55 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-04-28 00:04 - 2013-11-09 15:09 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-04-28 00:04 - 2013-09-09 04:15 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-04-28 00:04 - 2013-09-09 04:15 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-04-28 00:04 - 2013-09-09 04:15 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-04-28 00:04 - 2013-09-09 04:15 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-04-28 00:04 - 2013-09-09 04:15 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-04-28 00:04 - 2013-09-09 04:15 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-04-28 00:02 - 2014-04-28 00:02 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\ARecEngine
2014-04-28 00:02 - 2013-10-28 18:12 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-04-28 00:02 - 2013-10-28 18:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-04-28 00:02 - 2013-10-28 18:12 - 00000000 ____D () C:\Program Files\WinRAR
2014-04-07 23:58 - 2014-04-07 23:58 - 00000741 _____ () C:\Users\Lukas\Desktop\Don't Starve.lnk
2014-04-07 21:32 - 2014-04-07 21:32 - 00000000 ____D () C:\Users\Lukas\Documents\Klei
2014-04-05 23:22 - 2014-04-05 23:22 - 00000000 ____D () C:\ProgramData\Steam
2014-04-05 23:19 - 2013-12-14 00:51 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-04-05 23:18 - 2014-04-05 23:18 - 00001395 _____ () C:\Users\Public\Desktop\The Walking Dead - Survival Instinct.lnk
2014-04-05 23:18 - 2014-04-05 23:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision
2014-04-05 23:13 - 2014-04-05 23:13 - 00000000 ____D () C:\Program Files (x86)\Activision
2014-04-05 20:13 - 2014-04-04 19:50 - 00000000 ____D () C:\Users\Lukas\Desktop\DayZ
2014-04-05 16:37 - 2014-04-05 16:37 - 00359752 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-04 23:06 - 2014-04-04 22:00 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\Tunngle
2014-04-04 23:06 - 2014-04-04 22:00 - 00000000 ____D () C:\ProgramData\Tunngle
2014-04-04 22:41 - 2014-04-04 22:41 - 00000000 ____D () C:\ProgramData\LumaEmu_SteamCloud
2014-04-04 22:40 - 2014-04-04 22:40 - 00000000 ___SH () C:\Users\Lukas\AppData\Local\LumaEmu
2014-04-04 22:40 - 2014-04-04 22:40 - 00000000 ____D () C:\Users\Lukas\Documents\BIS Core Engine
2014-04-04 22:40 - 2014-04-04 20:15 - 00000000 ____D () C:\Users\Lukas\AppData\Local\DayZ
2014-04-04 22:00 - 2014-04-04 22:00 - 00000991 _____ () C:\Users\Public\Desktop\Tunngle beta.lnk
2014-04-04 22:00 - 2014-04-04 22:00 - 00000000 ____D () C:\Users\Public\Documents\Tunngle
2014-04-04 22:00 - 2014-04-04 22:00 - 00000000 ____D () C:\Users\Lukas\Documents\Tunngle
2014-04-04 22:00 - 2014-04-04 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle
2014-04-04 22:00 - 2014-04-04 22:00 - 00000000 ____D () C:\Program Files (x86)\Tunngle
2014-04-04 21:20 - 2014-04-04 21:19 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-04-04 20:15 - 2014-04-04 20:15 - 00000000 ____D () C:\Users\Lukas\Documents\DayZ
2014-04-04 20:08 - 2014-04-04 20:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-04-04 20:08 - 2014-04-04 20:08 - 00000000 ____D () C:\Program Files\7-Zip
2014-04-04 15:17 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-04-04 15:17 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-04-04 15:17 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-04-04 15:17 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-04-04 15:11 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-04-04 01:58 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-04-04 01:54 - 2014-04-04 01:54 - 00000000 ____D () C:\Users\Lukas\Desktop\ChemWord
2014-04-03 09:51 - 2014-05-01 03:16 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-05-01 03:16 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-05-01 03:16 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
Some content of TEMP:
====================
C:\Users\Lukas\AppData\Local\Temp\65116uninstall.exe
C:\Users\Lukas\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\Lukas\AppData\Local\Temp\icqsetup.exe
C:\Users\Lukas\AppData\Local\Temp\JDSetup130431112882647168.exe
C:\Users\Lukas\AppData\Local\Temp\proxy_vole7668527934204194340.dll
C:\Users\Lukas\AppData\Local\Temp\Quarantine.exe
C:\Users\Lukas\AppData\Local\Temp\revwlsetup.exe
C:\Users\Lukas\AppData\Local\Temp\Sqlite3.dll
C:\Users\Lukas\AppData\Local\Temp\xmlUpdater.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-28 01:20
==================== End Of Log ============================ --- --- ---
--- --- ---
--- --- ---
--- --- --- |