Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Home Premium x64
Ran by Rudi (Administrator) on 20.09.2017 at 17:48:42,44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 84
Successfully deleted: C:\ProgramData\pc1data (Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\{034FDFE8-27D7-4943-9B21-B98B9CB146FB} (Empty Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\{0438DC80-9E09-4119-BC4D-6C86E5586651} (Empty Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\{0F8A34DC-4A8B-44E7-B7EF-631BE12CDEC7} (Empty Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\{12C52CCC-E87E-4A54-B1D3-9123C6416850} (Empty Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\{22CDE6C8-8F62-4C4C-93DB-78C3F393F480} (Empty Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\{23FC134B-1ACD-4878-9CA7-06BBD5D21B51} (Empty Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\{2846B882-0C65-4FED-908E-0FFDBBCA5B5E} (Empty Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\{2919DC2B-E0FD-4065-9012-6615B48C3425} (Empty Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\{2AAB1E71-4CEF-4544-99A0-06284543290B} (Empty Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\{2C54501D-D63A-4FD8-A713-424D6033FA10} (Empty Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\{2F73EFBA-A2D8-4417-814C-65C07F6AC923} (Empty Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\{36546064-8B8A-4375-9584-80E5C1944E6B} (Empty Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\{3803325C-C691-48DD-971B-81FE562ED737} (Empty Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\{42470E0F-B917-4A0A-B3D0-F2EA3CA55F6B} (Empty Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\{42B4BE17-8AF4-4408-B68D-CE3AD7A02C34} (Empty Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\{434596E4-B537-483B-8F27-A22A4838CC98} (Empty Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\{43890D96-840D-45D0-9063-A50DFB3C14E7} (Empty Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\{439C28F6-7641-42B9-9021-3CE1AE13E879} (Empty Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\{450F5E8A-ABCD-48FA-9BE8-1BAE77A879B3} (Empty Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\{4E969717-2096-4749-A6C4-16FFDC3F19A6} (Empty Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\{52BFEE37-115B-45C3-B61A-62741FFC7137} (Empty Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\{5305EBDB-6814-429B-BD30-86C68E56A075} (Empty Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\{579DC522-D085-4998-9457-3CBAEA8E2884} (Empty Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\{585E575F-E7F8-4E09-8560-56151CE4D760} (Empty Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\{5DD0F9E8-A83D-419F-B1B7-2F45C04E58C7} (Empty Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\{606805A1-86B0-41A5-90B9-775F3A690E90} (Empty Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\{672294EC-6FEB-4A93-97C1-C103D9603420} (Empty Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\{6754908E-CC15-4E62-B8CF-E68246AB0A88} (Empty Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\{6921E53E-0898-4B4C-A07F-F29C3607E500} (Empty Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\{6B070201-BFD2-40FD-B7ED-1637ADEA9C4A} (Empty Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\{6EEE6A8A-776F-4EDB-B96B-382F4E8E3D9F} (Empty Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\{7258F52A-C1F9-4672-AF5B-B26BF766D3D8} (Empty Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\{8750A028-5F5C-4847-939C-5913EBCF3E99} (Empty Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\{8EAB2585-0786-464C-9157-88AE6D34796A} (Empty Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\{930B3B9B-A57B-4162-9F1C-12EC7FAAE0BE} (Empty Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\{96B7A543-4D5E-4E26-A89D-73652A79EDFC} (Empty Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\{9796655F-EFD8-4EA2-8080-B5E58C67BB4B} (Empty Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\{B35265CB-0654-4C45-8811-86D20A392B40} (Empty Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\{B791B576-2C0B-4068-BC8C-34DDE1246DA6} (Empty Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\{BE2FB535-7F64-4CE2-B5C5-D24212E6B690} (Empty Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\{C1635CC3-3158-49EE-9574-7D69C2771953} (Empty Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\{C62911B6-2249-4E28-B35B-BD9C097F8B3A} (Empty Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\{C8E02B93-1613-47BD-965E-D0972D4506DB} (Empty Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\{C94D3025-2314-41CE-8989-BE04D9F3B24E} (Empty Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\{CE0EB4D7-D0BE-42DD-AABA-E45C966FA1D1} (Empty Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\{D0995299-7F6E-4F60-9367-F6A6E5581504} (Empty Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\{D146E770-6382-4A5F-97DB-3D8E9770661F} (Empty Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\{D5145900-15AC-4F97-B413-E569BF70F4EB} (Empty Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\{DC9A9976-A577-4324-8F00-6DEF082B0F88} (Empty Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\{E9FBF3D6-01A1-412B-B30E-2E662DC88F41} (Empty Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\{EAAF76D3-E4F0-4A06-A62C-1E453F2E91B3} (Empty Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\{ED68FA0C-EEBE-423A-AA74-CFC26BE7537C} (Empty Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\{EDB1A5A4-295E-4074-9395-4A4B09678660} (Empty Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\{F4214A6A-18B5-4963-80B2-8680D891BFC9} (Empty Folder)
Successfully deleted: C:\Users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\xrow3d6a.default\searchplugins\myplaycity-search.xml (File)
Successfully deleted: C:\Users\Rudi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1ADYHXJJ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AK7SIVZ8 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AUAHPU41 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKV3WTOS (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HG6VY5FE (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IP0YQJON (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OL08JUJR (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P1H61NZZ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PGHS144Q (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Rudi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VVNCX002 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1ADYHXJJ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AK7SIVZ8 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AUAHPU41 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKV3WTOS (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HG6VY5FE (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IP0YQJON (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OL08JUJR (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P1H61NZZ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PGHS144Q (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VVNCX002 (Temporary Internet Files Folder)
Deleted the following from C:\Users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\xrow3d6a.default\prefs.js
user_pref(browser.search.selectedEngine, MyPlayCity Search);
user_pref(keyword.URL, hxxp://home.myplaycity.com/results.php?category=web&s=);
user_pref(browser.startup.homepage, hxxp://home.myplaycity.com/);
Registry: 12
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL (Registry Value)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL (Registry Value)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page (Registry Value)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page (Registry Value)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.09.2017 at 17:55:41,87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
# AdwCleaner 7.0.2.1 - Logfile created on Wed Sep 20 15:27:44 2017
# Updated on 2017/29/08 by Malwarebytes
# Database: 09-18-2017.1
# Running on Windows 7 Home Premium (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
PUP.Optional.Legacy, C:\Users\Default\Desktop\eBay.lnk
PUP.Optional.Legacy, C:\Users\Default User\Desktop\eBay.lnk
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cloudfront.net
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d1af033869koo7.cloudfront.net
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d31bfnnwekbny6.cloudfront.net
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\researchnow.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\survey-au.researchnow.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\survey-d.researchnow.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\surveymyopinion.researchnow.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ttdetect.staticimgfarm.com
PUP.Optional.Legacy, [Data] - HKCU\Software\Microsoft\Internet Explorer\Main | Default_Page_URL [https:\\safesearch.avira.com\#web\result?source=art&q=]
PUP.Optional.Legacy, [Data] - HKCU\Software\Microsoft\Internet Explorer\Main | Default_Page_URL [https:\\safesearch.avira.com\#web\result?source=art&q=]
PUP.Optional.Legacy, [Data] - HKCU\Software\Microsoft\Internet Explorer\Main | Default_Search_URL [https:\\safesearch.avira.com\#web\result?source=art&q=]
PUP.Optional.Legacy, [Data] - HKCU\Software\Microsoft\Internet Explorer\Main | Default_Search_URL [https:\\safesearch.avira.com\#web\result?source=art&q=]
PUP.Optional.Legacy, [Data] - HKCU\Software\Microsoft\Internet Explorer\Main | Start Page_TIMESTAMP [됭뉸ꥢNjs:\\safesearch.avira.com\#web\result?source=art&q=]
PUP.Optional.Legacy, [Data] - HKCU\Software\Microsoft\Internet Explorer\Main | Start Page_TIMESTAMP [됭뉸ꥢNjs:\\safesearch.avira.com\#web\result?source=art&q=]
PUP.Optional.Legacy, [Data] - HKCU\Software\Microsoft\Internet Explorer\Main | SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms\browserpolicy [됭뉸ꥢNjs:\\safesearch.avira.com\#web\result?source=art&q=]
PUP.Optional.Legacy, [Data] - HKCU\Software\Microsoft\Internet Explorer\Main | SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms\browserpolicy [됭뉸ꥢNjs:\\safesearch.avira.com\#web\result?source=art&q=]
PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Default_Search_URL [https:\\safesearch.avira.com\#web\result?source=art&q=]
PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Default_Search_URL [https:\\safesearch.avira.com\#web\result?source=art&q=]
PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Default_Page_URL [https:\\safesearch.avira.com\#web\result?source=art&q=]
PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Default_Page_URL [https:\\safesearch.avira.com\#web\result?source=art&q=]
PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Start Page [https:\\safesearch.avira.com\#web\result?source=art&q=]
PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Start Page [https:\\safesearch.avira.com\#web\result?source=art&q=]
PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Search Page [https:\\safesearch.avira.com\#web\result?source=art&q=]
PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Search Page [https:\\safesearch.avira.com\#web\result?source=art&q=]
PUP.Optional.Legacy, [Value] - HKCU\Software\Microsoft\Internet Explorer\SearchScopes | DoNotAskAgain
PUP.Optional.Legacy, [Value] - HKU\S-1-5-21-3229228620-787667599-3763351482-1001\Software\Microsoft\Internet Explorer\SearchScopes | DoNotAskAgain
PUP.Optional.Legacy, [Value] - HKU\S-1-5-21-3229228620-787667599-3763351482-1001\Software\Microsoft\Internet Explorer\SearchScopes | DoNotAskAgain
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
PUP.Optional.SofTonicAssistant, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\amcap.de.softonic.com
PUP.Optional.SofTonicAssistant, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\amcap.en.softonic.com
PUP.Optional.SofTonicAssistant, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries.
*************************
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ########## Code:
# AdwCleaner 7.0.2.1 - Logfile created on Wed Sep 20 15:31:35 2017
# Updated on 2017/29/08 by Malwarebytes
# Running on Windows 7 Home Premium (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support
***** [ Services ] *****
No malicious services deleted.
***** [ Folders ] *****
No malicious folders deleted.
***** [ Files ] *****
Deleted: C:\Users\Default\Desktop\eBay.lnk
Deleted: C:\Users\Default User\Desktop\eBay.lnk
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks deleted.
***** [ Registry ] *****
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d1af033869koo7.cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d31bfnnwekbny6.cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\researchnow.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\survey-au.researchnow.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\survey-d.researchnow.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\surveymyopinion.researchnow.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ttdetect.staticimgfarm.com
Deleted: [Data] - HKCU\Software\Microsoft\Internet Explorer\Main|Default_Page_URL [https:\\safesearch.avira.com\#web\result?source=art&q=]
Deleted: [Data] - HKCU\Software\Microsoft\Internet Explorer\Main|Default_Page_URL [https:\\safesearch.avira.com\#web\result?source=art&q=]
Deleted: [Data] - HKCU\Software\Microsoft\Internet Explorer\Main|Default_Search_URL [https:\\safesearch.avira.com\#web\result?source=art&q=]
Deleted: [Data] - HKCU\Software\Microsoft\Internet Explorer\Main|Default_Search_URL [https:\\safesearch.avira.com\#web\result?source=art&q=]
Deleted: [Data] - HKCU\Software\Microsoft\Internet Explorer\Main|Start Page_TIMESTAMP [됭뉸ꥢNjs:\\safesearch.avira.com\#web\result?source=art&q=]
Deleted: [Data] - HKCU\Software\Microsoft\Internet Explorer\Main|Start Page_TIMESTAMP [됭뉸ꥢNjs:\\safesearch.avira.com\#web\result?source=art&q=]
Deleted: [Data] - HKCU\Software\Microsoft\Internet Explorer\Main|SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms\browserpolicy [됭뉸ꥢNjs:\\safesearch.avira.com\#web\result?source=art&q=]
Deleted: [Data] - HKCU\Software\Microsoft\Internet Explorer\Main|SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms\browserpolicy [됭뉸ꥢNjs:\\safesearch.avira.com\#web\result?source=art&q=]
Deleted: [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL [https:\\safesearch.avira.com\#web\result?source=art&q=]
Deleted: [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL [https:\\safesearch.avira.com\#web\result?source=art&q=]
Deleted: [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Page_URL [https:\\safesearch.avira.com\#web\result?source=art&q=]
Deleted: [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Page_URL [https:\\safesearch.avira.com\#web\result?source=art&q=]
Deleted: [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page [https:\\safesearch.avira.com\#web\result?source=art&q=]
Deleted: [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page [https:\\safesearch.avira.com\#web\result?source=art&q=]
Deleted: [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page [https:\\safesearch.avira.com\#web\result?source=art&q=]
Deleted: [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page [https:\\safesearch.avira.com\#web\result?source=art&q=]
Deleted: [Value] - HKCU\Software\Microsoft\Internet Explorer\SearchScopes|DoNotAskAgain
Deleted: [Value] - HKU\S-1-5-21-3229228620-787667599-3763351482-1001\Software\Microsoft\Internet Explorer\SearchScopes|DoNotAskAgain
Deleted: [Value] - HKU\S-1-5-21-3229228620-787667599-3763351482-1001\Software\Microsoft\Internet Explorer\SearchScopes|DoNotAskAgain
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\amcap.de.softonic.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\amcap.en.softonic.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries deleted.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries deleted.
*************************
::Tracing keys deleted
::Winsock settings cleared
::Prefetch files deleted
::Proxy settings cleared
::IE policies deleted
::Chrome policies deleted
::Additional Actions: 0
*************************
C:/AdwCleaner/AdwCleaner[S0].txt - [5838 B] - [2017/9/20 15:27:44]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ########## Code:
Malwarebytes
www.malwarebytes.com
-Protokolldetails-
Scan-Datum: 01.01.11
Scan-Zeit: 06:34
Protokolldatei: cdbf8de4-1568-11e0-8aee-68a3c4d1c179.json
Administrator: Ja
-Softwaredaten-
Version: 3.2.2.2018
Komponentenversion: 1.0.186
Version des Aktualisierungspakets: 1.0.2630
Lizenz: Kostenlos
-Systemdaten-
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Rudi-HP\Rudi
-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Ergebnis: Abgeschlossen
Gescannte Objekte: 311301
Erkannte Bedrohungen: 7
In die Quarantäne verschobene Bedrohungen: 0
(keine bösartigen Elemente erkannt)
Abgelaufene Zeit: 23 Min., 20 Sek.
-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung
-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)
Modul: 0
(keine bösartigen Elemente erkannt)
Registrierungsschlüssel: 3
PUP.Optional.ASK, HKU\S-1-5-21-3229228620-787667599-3763351482-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2FA28606-DE77-4029-AF96-B231E3B8F827}, Keine Aktion durch Benutzer, [510], [184157],1.0.2630
PUP.Optional.ASK, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2FA28606-DE77-4029-AF96-B231E3B8F827}, Keine Aktion durch Benutzer, [510], [184157],1.0.2630
PUP.Optional.ASK, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2fa28606-de77-4029-af96-b231e3b8f827}, Keine Aktion durch Benutzer, [510], [184157],1.0.2630
Registrierungswert: 4
Trojan.Agent.WNL, HKU\S-1-5-21-3229228620-787667599-3763351482-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|JICC7N9BYXBTRVW, Keine Aktion durch Benutzer, [5449], [224148],1.0.2630
PUP.Optional.ASK, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2fa28606-de77-4029-af96-b231e3b8f827}|URL, Keine Aktion durch Benutzer, [510], [184157],1.0.2630
PUP.Optional.ASK, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2fa28606-de77-4029-af96-b231e3b8f827}|URL, Keine Aktion durch Benutzer, [510], [184157],1.0.2630
PUP.Optional.ASK, HKU\S-1-5-21-3229228620-787667599-3763351482-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2fa28606-de77-4029-af96-b231e3b8f827}|URL, Keine Aktion durch Benutzer, [510], [184156],1.0.2630
Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)
Daten-Stream: 0
(keine bösartigen Elemente erkannt)
Ordner: 0
(keine bösartigen Elemente erkannt)
Datei: 0
(keine bösartigen Elemente erkannt)
Physischer Sektor: 0
(keine bösartigen Elemente erkannt)
(end) Hallo Cosinus,
hatte da noch was gefunden, was ich vorher gemacht habe,
hoffe das es dir keine zusätzliche arbeit jetzt macht.
Gruß rudi
Hallo Cosinus,
wann darf ich Adobe Acrobat installieren?
Komme mit der Arbeit nicht weiter.
Gruß Rudi |