hey,
hier das malwarebytes-log: Code:
Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org
Datenbank Version: v2014.01.21.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
*** :: ***-PC [Administrator]
Schutz: Aktiviert
21.01.2014 18:56:02
mbam-log-2014-01-21 (18-56-02).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 422218
Laufzeit: 1 Stunde(n), 2 Minute(n), 11 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)
(Ende) das AdwCleaner-log: Code:
# AdwCleaner v3.017 - Bericht erstellt am 21/01/2014 um 20:14:15
# Aktualisiert 12/01/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : *** - ***-PC
# Gestartet von : C:\Users\***\Downloads\adwcleaner.exe
# Option : L鰏chen
***** [ Dienste ] *****
[#] Dienst Gel鰏cht : Partner Service
***** [ Dateien / Ordner ] *****
Ordner Gel鰏cht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gel鰏cht : C:\ProgramData\Partner
Ordner Gel鰏cht : C:\Program Files (x86)\Conduit
Ordner Gel鰏cht : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gel鰏cht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gel鰏cht : C:\Users\***\AppData\Local\Linkury
Ordner Gel鰏cht : C:\Users\***\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gel鰏cht : C:\Users\Gast\AppData\LocalLow\Conduit
Ordner Gel鰏cht : C:\Users\Gast\AppData\LocalLow\DVDVideoSoftTB
Ordner Gel鰏cht : C:\Users\Gast\AppData\LocalLow\PriceGong
Ordner Gel鰏cht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ndobjko8.default\Conduit
Ordner Gel鰏cht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ndobjko8.default\ICQToolbarData
Ordner Gel鰏cht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ndobjko8.default\CT2269050
Ordner Gel鰏cht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ndobjko8.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Datei Gel鰏cht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ndobjko8.default\searchplugins\Conduit.xml
Datei Gel鰏cht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ndobjko8.default\searchplugins\Linkury Smartbar Search.xml
Datei Gel鰏cht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ndobjko8.default\searchplugins\u-search.xml
***** [ Verkn黳fungen ] *****
***** [ Registrierungsdatenbank ] *****
Schl黶sel Gel鰏cht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Wert Gel鰏cht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Schl黶sel Gel鰏cht : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
Schl黶sel Gel鰏cht : HKLM\SOFTWARE\Classes\kt_bho.KettleBho
Schl黶sel Gel鰏cht : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
Schl黶sel Gel鰏cht : HKLM\SOFTWARE\Classes\LinkurySmartBar.BHO
Schl黶sel Gel鰏cht : HKLM\SOFTWARE\Classes\LinkurySmartBar.DockingPanel
Schl黶sel Gel鰏cht : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkuryMenuForm
Schl黶sel Gel鰏cht : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkurySmartBar
Schl黶sel Gel鰏cht : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkurySmartBarBandObject
Schl黶sel Gel鰏cht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schl黶sel Gel鰏cht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schl黶sel Gel鰏cht : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Schl黶sel Gel鰏cht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASUS_Screensaver
Schl黶sel Gel鰏cht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schl黶sel Gel鰏cht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schl黶sel Gel鰏cht : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}
Schl黶sel Gel鰏cht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schl黶sel Gel鰏cht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schl黶sel Gel鰏cht : HKLM\SOFTWARE\Classes\CLSID\{63E471BB-23F1-3A92-8D43-4079E7B7FA8E}
Schl黶sel Gel鰏cht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schl黶sel Gel鰏cht : HKLM\SOFTWARE\Classes\CLSID\{B397BC55-576C-39E6-BF64-9E2A96317447}
Schl黶sel Gel鰏cht : HKLM\SOFTWARE\Classes\CLSID\{B973AB12-952F-31C4-A321-E8FA6FE4421E}
Schl黶sel Gel鰏cht : HKLM\SOFTWARE\Classes\CLSID\{EC5983DF-8DE2-31B5-989F-850F265E7F3C}
Schl黶sel Gel鰏cht : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Schl黶sel Gel鰏cht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schl黶sel Gel鰏cht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schl黶sel Gel鰏cht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schl黶sel Gel鰏cht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schl黶sel Gel鰏cht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schl黶sel Gel鰏cht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schl黶sel Gel鰏cht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gel鰏cht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schl黶sel Gel鰏cht : [x64] HKLM\SOFTWARE\Classes\CLSID\{63E471BB-23F1-3A92-8D43-4079E7B7FA8E}
Schl黶sel Gel鰏cht : [x64] HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schl黶sel Gel鰏cht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schl黶sel Gel鰏cht : [x64] HKLM\SOFTWARE\Classes\CLSID\{B397BC55-576C-39E6-BF64-9E2A96317447}
Schl黶sel Gel鰏cht : [x64] HKLM\SOFTWARE\Classes\CLSID\{B973AB12-952F-31C4-A321-E8FA6FE4421E}
Schl黶sel Gel鰏cht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EC5983DF-8DE2-31B5-989F-850F265E7F3C}
Schl黶sel Gel鰏cht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Wert Gel鰏cht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schl黶sel Gel鰏cht : HKCU\Software\ICQ\ICQToolbar
Schl黶sel Gel鰏cht : HKCU\Software\YahooPartnerToolbar
Schl黶sel Gel鰏cht : HKCU\Software\AppDataLow\Software\Conduit
Schl黶sel Gel鰏cht : HKLM\Software\Conduit
Schl黶sel Gel鰏cht : HKLM\Software\ICQ\ICQToolbar
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16428
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
-\\ Mozilla Firefox v26.0 (de)
[ Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ndobjko8.default\prefs.js ]
Zeile gel鰏cht : user_pref("CT2269050..clientLogIsEnabled", false);
Zeile gel鰏cht : user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Zeile gel鰏cht : user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Zeile gel鰏cht : user_pref("CT2269050.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Zeile gel鰏cht : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Zeile gel鰏cht : user_pref("CT2269050.BrowserCompStateIsOpen_129681780741097243", true);
Zeile gel鰏cht : user_pref("CT2269050.BrowserCompStateIsOpen_129853623028165512", true);
Zeile gel鰏cht : user_pref("CT2269050.BrowserCompStateIsOpen_129881141106886992", true);
Zeile gel鰏cht : user_pref("CT2269050.CTID", "CT2269050");
Zeile gel鰏cht : user_pref("CT2269050.CurrentServerDate", "29-10-2012");
Zeile gel鰏cht : user_pref("CT2269050.DialogsAlignMode", "LTR");
Zeile gel鰏cht : user_pref("CT2269050.DialogsGetterLastCheckTime", "Mon Oct 29 2012 16:53:44 GMT+0100");
Zeile gel鰏cht : user_pref("CT2269050.DownloadReferralCookieData", "");
Zeile gel鰏cht : user_pref("CT2269050.EMailNotifierPollDate", "Sat Mar 17 2012 20:25:25 GMT+0100");
Zeile gel鰏cht : user_pref("CT2269050.FirstServerDate", "23-10-2010");
Zeile gel鰏cht : user_pref("CT2269050.FirstTime", true);
Zeile gel鰏cht : user_pref("CT2269050.FirstTimeFF3", true);
Zeile gel鰏cht : user_pref("CT2269050.FirstTimeSettingsDone", true);
Zeile gel鰏cht : user_pref("CT2269050.FixPageNotFoundErrors", true);
Zeile gel鰏cht : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Zeile gel鰏cht : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Zeile gel鰏cht : user_pref("CT2269050.HasUserGlobalKeys", true);
Zeile gel鰏cht : user_pref("CT2269050.Initialize", true);
Zeile gel鰏cht : user_pref("CT2269050.InitializeCommonPrefs", true);
Zeile gel鰏cht : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);
Zeile gel鰏cht : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Zeile gel鰏cht : user_pref("CT2269050.InstalledDate", "Sat Oct 23 2010 17:36:03 GMT+0200");
Zeile gel鰏cht : user_pref("CT2269050.InvalidateCache", false);
Zeile gel鰏cht : user_pref("CT2269050.IsGrouping", false);
Zeile gel鰏cht : user_pref("CT2269050.IsMulticommunity", false);
Zeile gel鰏cht : user_pref("CT2269050.IsOpenThankYouPage", false);
Zeile gel鰏cht : user_pref("CT2269050.IsOpenUninstallPage", false);
Zeile gel鰏cht : user_pref("CT2269050.LanguagePackLastCheckTime", "Sun Oct 28 2012 19:30:37 GMT+0100");
Zeile gel鰏cht : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Zeile gel鰏cht : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Zeile gel鰏cht : user_pref("CT2269050.LastLogin_2.7.2.0", "Sat Mar 17 2012 20:25:26 GMT+0100");
Zeile gel鰏cht : user_pref("CT2269050.LastLogin_3.13.0.6", "Thu Jun 28 2012 10:12:37 GMT+0200");
Zeile gel鰏cht : user_pref("CT2269050.LastLogin_3.14.1.0", "Tue Aug 21 2012 14:09:36 GMT+0200");
Zeile gel鰏cht : user_pref("CT2269050.LastLogin_3.15.1.0", "Mon Oct 29 2012 16:53:44 GMT+0100");
Zeile gel鰏cht : user_pref("CT2269050.LatestVersion", "3.15.1.0");
Zeile gel鰏cht : user_pref("CT2269050.Locale", "en");
Zeile gel鰏cht : user_pref("CT2269050.LoginCache", 4);
Zeile gel鰏cht : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Zeile gel鰏cht : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Zeile gel鰏cht : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Zeile gel鰏cht : user_pref("CT2269050.MyStuffEnabledAtInstallation", true);
Zeile gel鰏cht : user_pref("CT2269050.RadioIsPodcast", false);
Zeile gel鰏cht : user_pref("CT2269050.RadioLastCheckTime", "Sat Mar 17 2012 20:25:26 GMT+0100");
Zeile gel鰏cht : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Zeile gel鰏cht : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Zeile gel鰏cht : user_pref("CT2269050.RadioMediaID", "12473383");
Zeile gel鰏cht : user_pref("CT2269050.RadioMediaType", "Media Player");
Zeile gel鰏cht : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Zeile gel鰏cht : user_pref("CT2269050.RadioShrinked", "shrinked");
Zeile gel鰏cht : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Zeile gel鰏cht : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Zeile gel鰏cht : user_pref("CT2269050.SavedHomepage", "hxxp://www.zeit.de/");
Zeile gel鰏cht : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2269050&octid=EB_ORIGINAL_CTID&SearchSource=1");
Zeile gel鰏cht : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Zeile gel鰏cht : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=");
Zeile gel鰏cht : user_pref("CT2269050.SearchInNewTabEnabled", true);
Zeile gel鰏cht : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Zeile gel鰏cht : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Sun Oct 28 2012 19:30:30 GMT+0100");
Zeile gel鰏cht : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Zeile gel鰏cht : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
Zeile gel鰏cht : user_pref("CT2269050.SearchProtectorToolbarDisabled", true);
Zeile gel鰏cht : user_pref("CT2269050.ServiceMapLastCheckTime", "Sun Oct 28 2012 19:30:31 GMT+0100");
Zeile gel鰏cht : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Zeile gel鰏cht : user_pref("CT2269050.SettingsLastCheckTime", "Mon Oct 29 2012 16:53:38 GMT+0100");
Zeile gel鰏cht : user_pref("CT2269050.SettingsLastUpdate", "1351258177");
Zeile gel鰏cht : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Zeile gel鰏cht : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Sun Mar 11 2012 23:52:36 GMT+0100");
Zeile gel鰏cht : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1312887586");
Zeile gel鰏cht : user_pref("CT2269050.ToolbarDisabled", true);
Zeile gel鰏cht : user_pref("CT2269050.ToolbarShrinkedFromSetup", false);
Zeile gel鰏cht : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2269050");
Zeile gel鰏cht : user_pref("CT2269050.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Zeile gel鰏cht : user_pref("CT2269050.UserID", "UN49534117713116911");
Zeile gel鰏cht : user_pref("CT2269050.ValidationData_Search", 0);
Zeile gel鰏cht : user_pref("CT2269050.ValidationData_Toolbar", 2);
Zeile gel鰏cht : user_pref("CT2269050.WeatherNetwork", "");
Zeile gel鰏cht : user_pref("CT2269050.WeatherPollDate", "Sat Mar 17 2012 20:25:27 GMT+0100");
Zeile gel鰏cht : user_pref("CT2269050.WeatherUnit", "C");
Zeile gel鰏cht : user_pref("CT2269050.alertChannelId", "666138");
Zeile gel鰏cht : user_pref("CT2269050.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D474549484C5952594B335E5356432C45333438334A414C546660576364676F6A5E4B766B6E5B445D4B4C504A6259646C787A2[...]
Zeile gel鰏cht : user_pref("CT2269050.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C4748402C574C4F3C253E2C2E2B2F433A454E59505B57676A66426D62455E69543D56444643465B525D66716C216E6B587D73675[...]
Zeile gel鰏cht : user_pref("CT2269050.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462B554A4D4B4749594D33535D4F432C45333439344A414C565B5E6C656E706C7164736D4D786D705D465F4D4E534D645B66705[...]
Zeile gel鰏cht : user_pref("CT2269050.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F564654524C474A595A4851505E51523964595C49324B393C3B3E5047525D6C6A6B6F786D68506A6F7171742256227679664F6[...]
Zeile gel鰏cht : user_pref("CT2269050.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C4343534E2D585B3C253E2C302E34433A45515862695E675A416C6164513A5341454348584F5A666D7B7C7174726E702174745B2[...]
Zeile gel鰏cht : user_pref("CT2269050.backendstorage./9b+7e06cg5el8:", "6E6D6D69727474756E78");
Zeile gel鰏cht : user_pref("CT2269050.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A7473736F787A7A7B747E242F4B49474F42357D5D5C3D");
Zeile gel鰏cht : user_pref("CT2269050.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E41295547484D515A4E5A59325D5255422B443237303749404B585E685E706E6E6674626E696B4D786D705D465F4D524B51645B66732[...]
Zeile gel鰏cht : user_pref("CT2269050.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473E454745482F5A4F523F2841302D2F33463D48566265685C6B675F6D70604873686B58415A4946484B5F56616F7C217D74747[...]
Zeile gel鰏cht : user_pref("CT2269050.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D3229344356554E472E594E51325E4F412A4335373231483F4A59655F5F626C5B717369756975744D786D70517E6B60496252505451675[...]
Zeile gel鰏cht : user_pref("CT2269050.backendstorage./9b+7e31;cj773ai\"mbe", "247E61393F236B256F6F707A2A212C6E414F444D327A3443433F4D552E594E513E3540236055505853565049324B787B4E455033707361553E57484B5A515C6E6D717D6D217[...]
Zeile gel鰏cht : user_pref("CT2269050.backendstorage./9b+7e31;cj7;chgjd$nn", "247E61393F236B25717277732A212C6E414F444D327A3443474F54535650305A5A3F364124615651595457514A334C2B2B4F465134717462563F584A4A5B525D406C6D76624[...]
Zeile gel鰏cht : user_pref("CT2269050.backendstorage./9b+7e31;cj7fk;kg#oqq;igi+vkn", "247E61393F236B25737471722A212C6E414F444D327A344352574757532F5B5D5D475553553762575A473E492C58545E6A4F385143534A553864656E5A435C4B5E5[...]
Zeile gel鰏cht : user_pref("CT2269050.backendstorage./9b+7e31;cjc<=fbj#mm", "247E61393F236B257576737A2A212C6E414F444D327A344F4849524E562F59593E3540236055505853565049324B2A2A4E4550335F5B6571563F584A5A515C3F6B6C75614A63[...]
Zeile gel鰏cht : user_pref("CT2269050.backendstorage./9b+7e31;cjc<=fbj#ncf", "247E61393F236B25757677712A212C6E414F444D327A344F4849524E562F5A4F523F364124504C56624730493B4B424D305C5D66523B5443564D586A696D79697C6C6049296[...]
Zeile gel鰏cht : user_pref("CT2269050.backendstorage./9b+7e31;cjh6gjfj>$nn", "247E61393F236B25717370752A212C6E414F444D327A345442535652564A305A5A3F364124615651595457514A334C2B2B4F46513460616A563F58475A515C696D746049686[...]
Zeile gel鰏cht : user_pref("CT2269050.backendstorage./9b+7e31;cjhb>f!lad", "247E61393F236B2573737929202B6D404E434C317933534D49512C574C4F3C333E214D49535F442D4631483F4A2D595A634F385140534A5562666D5942615C6C7A79604962697[...]
Zeile gel鰏cht : user_pref("CT2269050.backendstorage./9b+7e31;cjhfib\"<hbb&pp", "247E61393F236B256F7671772A212C6E414F444D327A345452554E2E48544E4E325C5C4138432652535C48314A3B3A4D444F5C6067533C5B566674735A435C636E442722[...]
Zeile gel鰏cht : user_pref("CT2269050.backendstorage./9b+7e31;cji>k3?a#mm", "247E61393F236B257377287E2A6C3F4D424B3078325348553D494B2D57573C333E215E534E5651544E47304928284C434E315D5E67533C5544574E59666A715D466560437120[...]
Zeile gel鰏cht : user_pref("CT2269050.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352C37474B59574B4A4858584E5E3762573A535E49324B3A3D3F3B504752626C625D75786D766A7C517C7174614A63525557526[...]
Zeile gel鰏cht : user_pref("CT2269050.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A522B55553A233C2B2F282941384354515E5D56615F56685C426D6265523B544346494A59505B6C697A7E21702370765925797[...]
Zeile gel鰏cht : user_pref("CT2269050.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D49564A50592E594E314A55402942322E332F473E495B5D595A6A5E58707262674974696C59425B4B474B51605762747C2473737[...]
Zeile gel鰏cht : user_pref("CT2269050.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B364953545259585A5A50524E36615659462F4838353D3C4D444F626C6D6B72716A77614D786D705D465F4F4C5451645B66797[...]
Zeile gel鰏cht : user_pref("CT2269050.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A312833474745445159575B504B504B4D5E545553533A655A5D4A334C3C3B3A3951485367756363677575676B65527D7275624B645453515[...]
Zeile gel鰏cht : user_pref("CT2269050.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E782332293449565540472E594E513E274030323533453C475C5558636A656E625E6C616B7068734B766B6E5B445D4D4F524F6259647927252[...]
Zeile gel鰏cht : user_pref("CT2269050.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4F44504C4754585C5048345F5457442D46373135344B424D636B5D5F5F73696B4A756A6D5A435C4D474B4961586379226F742[...]
Zeile gel鰏cht : user_pref("CT2269050.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A30273249485545442C574C4F3C253E2F2A2D2D433A455C67555B5E3F6A5F624F3851423D403F564D586F7A68786C717154207477644D66575[...]
Zeile gel鰏cht : user_pref("CT2269050.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354D462C574C4F3C253E2F2B2B31433A455D6356575C5C5A416C6164513A5344404045584F5A7273717A786D2256227679664F6[...]
Zeile gel鰏cht : user_pref("CT2269050.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352C37502E4F4747315C5154412A4334313738483F4A635F5A6A645E625A4772676A5740594A474D4D5E55607971246E7778257[...]
Zeile gel鰏cht : user_pref("CT2269050.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B36505459574C554F515B345F5457442D46373637384B424D676B706E606F61666B63664D786D705D465F504F5050645B66212[...]
Zeile gel鰏cht : user_pref("CT2269050.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A35504F5346482F5A4F523F28413233342F463D48635C5D66626A436E6366533C55464748425A515C77707773202371215925797[...]
Zeile gel鰏cht : user_pref("CT2269050.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3652504C5249555256525C35605558452E47383B38364C434E6A706F5F65635D736F677578684C65706B54207477644D66575[...]
Zeile gel鰏cht : user_pref("CT2269050.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2A554A2D46513C253E302B332C433A45626756516259655F5F436E63465F6A553E5749444C445C535E7B21747C7821745A267[...]
Zeile gel鰏cht : user_pref("CT2269050.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A52404548564F58315C5154412A4335342F37483F4A68646B645D5E626462616D6971726B6C786A517C7174614A6355544F566[...]
Zeile gel鰏cht : user_pref("CT2269050.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
Zeile gel鰏cht : user_pref("CT2269050.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352C37565949484E4F51525C4E4C55535B54605A5A3E695E614E37503B3D41544B567575656D7367796D6D7C55217578654E675[...]
Zeile gel鰏cht : user_pref("CT2269050.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E3128335351565551575A4F584C5E335E5356432C4534383649404B6B59566C686B46716669563F58474B485C535E7E6C6956227679664F6[...]
Zeile gel鰏cht : user_pref("CT2269050.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C484A2C574C2F48533E27403233433A45665B68505C5E406B6E4F38514343544B56776C79616D6F517C71547873634C6557566[...]
Zeile gel鰏cht : user_pref("CT2269050.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215642542D584D503D263F2D2E2E2E443B4635645E6669595C6062686F5C7363716F696467764F7A6F725F48614F50504F665D6[...]
Zeile gel鰏cht : user_pref("CT2269050.backendstorage./9b-0?3g>d", "6A3A3E3C6E7343717A46777345207D4A4D4E254D247B542A52542456252A2E5A592D5B33");
Zeile gel鰏cht : user_pref("CT2269050.backendstorage./9b-0?3g@6:5;", "");
Zeile gel鰏cht : user_pref("CT2269050.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Zeile gel鰏cht : user_pref("CT2269050.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332A354448584C3A232E333E58604F6456604F6852645858635E604E376B7167617059");
Zeile gel鰏cht : user_pref("CT2269050.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Zeile gel鰏cht : user_pref("CT2269050.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484778213F3E484F4E4D4648502B564B4E2E5959595F4C564F3764535750");
Zeile gel鰏cht : user_pref("CT2269050.backendstorage./9b5ba==9cjag", "666E696A427373447A4278737B747A49797B22514F");
Zeile gel鰏cht : user_pref("CT2269050.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6D69727474756F7873797A");
Zeile gel鰏cht : user_pref("CT2269050.backendstorage./9b9643g3/9e", "6A");
Zeile gel鰏cht : user_pref("CT2269050.backendstorage./9b<:222h64<", "393F352F3E");
Zeile gel鰏cht : user_pref("CT2269050.backendstorage./9b=+03eh8h8j?:", "4443");
Zeile gel鰏cht : user_pref("CT2269050.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
Zeile gel鰏cht : user_pref("CT2269050.backendstorage./9b?b0d:8aj62<h", "6D");
Zeile gel鰏cht : user_pref("CT2269050.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Zeile gel鰏cht : user_pref("CT2269050.backendstorage.autocompletepro_enable", "31");
Zeile gel鰏cht : user_pref("CT2269050.backendstorage.autocompletepro_enable_auto", "31");
Zeile gel鰏cht : user_pref("CT2269050.backendstorage.facebook_mode", "32");
Zeile gel鰏cht : user_pref("CT2269050.backendstorage.shoppingapp.gk.exipres", "536174204F637420303620323031322031363A31393A333920474D542B30323030");
Zeile gel鰏cht : user_pref("CT2269050.backendstorage.shoppingapp.gk.geolocation", "6765726D616E79");
Zeile gel鰏cht : user_pref("CT2269050.backendstorage.youtubelang", "4445");
Zeile gel鰏cht : user_pref("CT2269050.clientLogIsEnabled", true);
Zeile gel鰏cht : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Zeile gel鰏cht : user_pref("CT2269050.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Zeile gel鰏cht : user_pref("CT2269050.homepageProtectorEnableByLogin", true);
Zeile gel鰏cht : user_pref("CT2269050.initDone", true);
Zeile gel鰏cht : user_pref("CT2269050.myStuffEnabled", true);
Zeile gel鰏cht : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Zeile gel鰏cht : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Zeile gel鰏cht : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Zeile gel鰏cht : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Zeile gel鰏cht : user_pref("CT2269050.revertSettingsEnabled", true);
Zeile gel鰏cht : user_pref("CT2269050.searchProtectorDialogDelayInSec", 10);
Zeile gel鰏cht : user_pref("CT2269050.searchProtectorEnableByLogin", true);
Zeile gel鰏cht : user_pref("CT2269050.testingCtid", "");
Zeile gel鰏cht : user_pref("CT2269050.toolbarAppMetaDataLastCheckTime", "Sun Oct 28 2012 19:30:37 GMT+0100");
Zeile gel鰏cht : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Zeile gel鰏cht : user_pref("CT2269050.usagesFlag", 2);
Zeile gel鰏cht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050", "\"8b21bd5c4b32b0c462ab74e200c6202c3\"");
Zeile gel鰏cht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", "\"1343640511\"");
Zeile gel鰏cht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0d648794549cd1:0\"");
Zeile gel鰏cht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14.1.0", "\"0e0a4327275cd1:0\"");
Zeile gel鰏cht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15.1.0", "\"0343677cfb1cd1:0\"");
Zeile gel鰏cht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050", "\"f1c77625c0e9bd1c80a2fd6901845fa9\"");
Zeile gel鰏cht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"d630d038c26171fa9996ef117f58da7e\"");
Zeile gel鰏cht : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_ext_msg_key_9709af49", "356x332");
Zeile gel鰏cht : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://storage.conduit.com/MarketPlace/07/dd/07caac71-eac9-4963-9fa6-f6c1cc836ddd//6dcc2d0e-330c-437f-b369-9d668308f7f8.html", "780x625");
Zeile gel鰏cht : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://storage.conduit.com/MarketPlace/07/dd/07caac71-eac9-4963-9fa6-f6c1cc836ddd/Gadgets/9b2c0b7d-47bd-440b-a22f-35bf33416229.html", "800x708");
Zeile gel鰏cht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q=");
Zeile gel鰏cht : user_pref("CommunityToolbar.ToolbarsList", "CT2269050");
Zeile gel鰏cht : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
Zeile gel鰏cht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sun Jan 02 2011 15:32:30 GMT+0100");
Zeile gel鰏cht : user_pref("CommunityToolbar.globalUserId", "0a5752a3-25a7-47b0-9be6-f62bf5298125");
Zeile gel鰏cht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050");
Zeile gel鰏cht : user_pref("icqtoolbar.engineVerified", false);
Zeile gel鰏cht : user_pref("icqtoolbar.installTime", "1270835806");
Zeile gel鰏cht : user_pref("icqtoolbar.itbsitescount", 0);
Zeile gel鰏cht : user_pref("icqtoolbar.newtab_state", "1");
Zeile gel鰏cht : user_pref("icqtoolbar.previousFFVersion", "3.6.3");
Zeile gel鰏cht : user_pref("icqtoolbar.skip_default_search", "no");
Zeile gel鰏cht : user_pref("icqtoolbar.uninstStatSent", true);
Zeile gel鰏cht : user_pref("icqtoolbar.uniqueID", "127082409612708240791270835806914");
[ Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\f58x2nr8.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [30354 octets] - [21/01/2014 20:02:21]
AdwCleaner[S0].txt - [29003 octets] - [21/01/2014 20:14:15]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [29064 octets] ########## Das Jrt-log: Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by *** on 21.01.2014 at 20:24:01,59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\caphyon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\linkurysmartbar.bandobjectattribute
~~~ Files
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{02E92DE2-9189-41DB-BA2E-65411CDBE0D3}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{1D35248E-0409-4D6D-A48F-D5796E933A04}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{22BA95EC-AC91-495F-8C7A-08B093A11675}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{2F67E914-133D-4870-B0F8-72689EE4A7F3}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{3EA095DD-22A3-457E-BE25-C995C6A85B56}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{4021AC6B-4D51-4BE1-A9B0-CBEE198C4F96}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{47C2D15F-EE9D-4AD2-8454-1154D32162E3}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{49AF342C-28A9-498F-BA77-DB5BE836A3B3}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{4B510390-BF5B-4AC9-AF9D-9DFC0DA592BC}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{53CB7AE7-6B7D-4F51-806B-E7FDC1A0F009}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{5A4C0F84-3FA9-45F6-9B1E-9537A7EF33FC}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{679120E0-48C4-4621-A56E-23FDBC4F34A3}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{85DCF30A-6109-4A31-AC2B-0E3C832383C4}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{867187CA-DC97-4B1C-95A0-041385A4AF51}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{8C6405A0-AF45-4D16-825C-8FF31F05D0AD}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{A1AF2612-F384-460F-80FB-B1AB242DA835}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{A45CD188-FF51-4052-9BA0-0929EE560753}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{AA675263-F5F2-43B4-80F8-C11D0380B16D}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{BE8D7AE8-798E-4098-8AB7-8FB49E9218C7}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{C43CF9E0-1EB5-4639-AAC3-E93CC83BADC1}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{CCF54896-1A55-49DE-9A0B-9BA107913C1A}
~~~ FireFox
Successfully deleted the following from C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ndobjko8.default\prefs.js
user_pref("CT2269050.backendstorage./9b+7e.:2z527", "247E707571777278333228702A7B797B7B7E30273224262A442B564B4E3B243D2F2D2F2F33433A45373838615D61406A644F38514341424545574E594B
Emptied folder: C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ndobjko8.default\minidumps [151 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.01.2014 at 20:35:29,70
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Und hier die neue FRST.txt:
[CODE]
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-01-2014
Ran by *** (administrator) on ***-PC on 22-01-2014 16:05:24
Running from C:\Users\***\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Spotify Ltd) C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [617856 2009-07-30] (ELAN Microelectronic Corp.)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4297136 2012-10-30] (AVAST Software)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-02] (Spotify Ltd)
HKU\Gast\...\Run: [swg] - "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\Gast\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {639D887A-5670-4F03-8F96-9ECC43968AFC} URL = hxxp://u-search.net/?a=1&e=1&q={searchTerms}
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {639D887A-5670-4F03-8F96-9ECC43968AFC} URL = hxxp://u-search.net/?a=1&e=1&q={searchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ndobjko8.default
FF Homepage: google.de
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Users\***\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeploytk.dll (Sun Microsystems, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ndobjko8.default\Extensions\ich@maltegoetz.de [2013-12-12]
FF Extension: YouTube Unblocker - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ndobjko8.default\Extensions\youtubeunblocker@unblocker.yt [2014-01-18]
FF Extension: Web Download Shield Plus - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ndobjko8.default\Extensions\{72a730ea-1b40-45bd-a962-1c8a97c0df2f}.xpi [2013-11-20]
FF Extension: {8e1377f4-41ba-4e94-8599-9343adbacdc9} - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ndobjko8.default\Extensions\{8e1377f4-41ba-4e94-8599-9343adbacdc9}.xpi [2013-11-12]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ndobjko8.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-21]
FF Extension: Adblock Plus - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ndobjko8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-10-29]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! WebRep - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-10-28]
==================== Services (Whitelisted) =================
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808 2012-10-30] (AVAST Software)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 ADSMService; C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe [x]
==================== Drivers (Whitelisted) ====================
R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-10-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [71600 2012-10-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-10-15] (AVAST Software)
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [984144 2012-10-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [370288 2012-10-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-10-30] (AVAST Software)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
U3 tmlwf;
U3 tmwfp;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-21 20:36 - 2014-01-22 16:05 - 00011549 _____ C:\Users\***\Downloads\FRST.txt
2014-01-21 20:36 - 2014-01-21 20:36 - 00000000 ____D C:\Users\***\Downloads\FRST-OlderVersion
2014-01-21 20:35 - 2014-01-21 20:35 - 00003426 _____ C:\Users\***\Desktop\JRT.txt
2014-01-21 20:23 - 2014-01-21 20:23 - 00000000 ____D C:\Windows\ERUNT
2014-01-21 20:19 - 2014-01-21 20:20 - 01037068 _____ (Thisisu) C:\Users\***\Desktop\JRT.exe
2014-01-21 20:01 - 2014-01-21 20:14 - 00000000 ____D C:\AdwCleaner
2014-01-21 19:59 - 2014-01-21 20:35 - 00000000 ____D C:\Users\***\Desktop\neue log files
2014-01-21 19:23 - 2014-01-21 19:23 - 01236282 _____ C:\Users\***\Downloads\adwcleaner.exe
2014-01-21 18:50 - 2014-01-21 18:50 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\***\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-20 19:12 - 2014-01-20 19:12 - 00022640 _____ C:\Users\***\Desktop\combofix.txt
2014-01-20 19:06 - 2014-01-20 19:06 - 00022639 _____ C:\ComboFix.txt
2014-01-20 17:27 - 2014-01-20 19:06 - 00000000 ____D C:\Qoobox
2014-01-20 17:27 - 2014-01-20 18:12 - 00000000 ____D C:\Windows\erdnt
2014-01-20 17:27 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-20 17:27 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-20 17:27 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-20 17:27 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-20 17:27 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-20 17:27 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-20 17:27 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-20 17:27 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-20 17:20 - 2014-01-20 17:20 - 05167985 ____R (Swearware) C:\Users\***\Downloads\ComboFix.exe
2014-01-19 14:50 - 2014-01-19 14:50 - 00025731 _____ C:\Users\***\Desktop\Addition.txt
2014-01-19 14:44 - 2014-01-19 14:44 - 00025731 _____ C:\Users\***\Downloads\Addition.txt
2014-01-19 14:43 - 2014-01-19 14:44 - 00018841 _____ C:\Users\***\Desktop\FRST.txt
2014-01-19 14:41 - 2014-01-21 20:36 - 00000000 ____D C:\FRST
2014-01-19 14:38 - 2014-01-21 20:36 - 02077184 _____ (Farbar) C:\Users\***\Downloads\FRST64.exe
2014-01-15 23:34 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 23:34 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 23:34 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 23:34 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 23:34 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 23:34 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 23:34 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 23:34 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 23:34 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-15 14:20 - 2014-01-15 14:20 - 00000094 ____H C:\Users\***\Downloads\.~lock.Teamaufteilung_12.01.2014.docx#
2014-01-14 12:26 - 2014-01-14 12:26 - 00915368 _____ (Oracle Corporation) C:\Users\***\Downloads\jxpiinstall.exe
2014-01-09 20:46 - 2014-01-09 20:46 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2014-01-09 20:46 - 2014-01-09 20:46 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2014-01-09 20:45 - 2014-01-09 20:46 - 13079688 _____ (Microsoft Corporation) C:\Users\***\Downloads\Silverlight_x64.exe
==================== One Month Modified Files and Folders =======
2014-01-22 16:05 - 2014-01-21 20:36 - 00011549 _____ C:\Users\***\Downloads\FRST.txt
2014-01-22 15:09 - 2012-10-29 17:25 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-22 10:07 - 2010-03-08 15:31 - 01809917 _____ C:\Windows\WindowsUpdate.log
2014-01-21 20:36 - 2014-01-21 20:36 - 00000000 ____D C:\Users\***\Downloads\FRST-OlderVersion
2014-01-21 20:36 - 2014-01-19 14:41 - 00000000 ____D C:\FRST
2014-01-21 20:36 - 2014-01-19 14:38 - 02077184 _____ (Farbar) C:\Users\***\Downloads\FRST64.exe
2014-01-21 20:35 - 2014-01-21 20:35 - 00003426 _____ C:\Users\***\Desktop\JRT.txt
2014-01-21 20:35 - 2014-01-21 19:59 - 00000000 ____D C:\Users\***\Desktop\neue log files
2014-01-21 20:24 - 2009-07-14 05:45 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-21 20:24 - 2009-07-14 05:45 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-21 20:23 - 2014-01-21 20:23 - 00000000 ____D C:\Windows\ERUNT
2014-01-21 20:20 - 2014-01-21 20:19 - 01037068 _____ (Thisisu) C:\Users\***\Desktop\JRT.exe
2014-01-21 20:16 - 2013-09-22 16:36 - 00001792 _____ C:\Windows\setupact.log
2014-01-21 20:16 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-21 20:14 - 2014-01-21 20:01 - 00000000 ____D C:\AdwCleaner
2014-01-21 20:14 - 2010-04-09 18:56 - 00000000 ____D C:\ProgramData\ICQ
2014-01-21 19:23 - 2014-01-21 19:23 - 01236282 _____ C:\Users\***\Downloads\adwcleaner.exe
2014-01-21 18:54 - 2012-10-30 16:55 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-21 18:54 - 2012-10-30 16:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-21 18:50 - 2014-01-21 18:50 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\***\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-20 19:13 - 2009-08-04 10:51 - 00654400 _____ C:\Windows\system32\perfh007.dat
2014-01-20 19:13 - 2009-08-04 10:51 - 00130240 _____ C:\Windows\system32\perfc007.dat
2014-01-20 19:13 - 2009-07-14 06:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-20 19:12 - 2014-01-20 19:12 - 00022640 _____ C:\Users\***\Desktop\combofix.txt
2014-01-20 19:06 - 2014-01-20 19:06 - 00022639 _____ C:\ComboFix.txt
2014-01-20 19:06 - 2014-01-20 17:27 - 00000000 ____D C:\Qoobox
2014-01-20 19:06 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2014-01-20 18:12 - 2014-01-20 17:27 - 00000000 ____D C:\Windows\erdnt
2014-01-20 18:09 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2014-01-20 18:07 - 2013-09-22 16:35 - 00006324 _____ C:\Windows\PFRO.log
2014-01-20 18:07 - 2009-07-14 03:34 - 85983232 _____ C:\Windows\system32\config\SOFTWARE.bak
2014-01-20 18:07 - 2009-07-14 03:34 - 16252928 _____ C:\Windows\system32\config\SYSTEM.bak
2014-01-20 18:07 - 2009-07-14 03:34 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak
2014-01-20 18:07 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2014-01-20 18:07 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2014-01-20 18:05 - 2010-04-09 14:51 - 00000000 ____D C:\Users\***
2014-01-20 17:20 - 2014-01-20 17:20 - 05167985 ____R (Swearware) C:\Users\***\Downloads\ComboFix.exe
2014-01-19 14:50 - 2014-01-19 14:50 - 00025731 _____ C:\Users\***\Desktop\Addition.txt
2014-01-19 14:44 - 2014-01-19 14:44 - 00025731 _____ C:\Users\***\Downloads\Addition.txt
2014-01-19 14:44 - 2014-01-19 14:43 - 00018841 _____ C:\Users\***\Desktop\FRST.txt
2014-01-17 12:32 - 2013-09-22 16:36 - 00473136 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-17 12:15 - 2013-07-14 12:10 - 00000000 ____D C:\Windows\system32\MRT
2014-01-17 12:12 - 2012-10-25 11:17 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 14:20 - 2014-01-15 14:20 - 00000094 ____H C:\Users\***\Downloads\.~lock.Teamaufteilung_12.01.2014.docx#
2014-01-14 12:26 - 2014-01-14 12:26 - 00915368 _____ (Oracle Corporation) C:\Users\***\Downloads\jxpiinstall.exe
2014-01-10 03:02 - 2010-03-08 15:39 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-09 20:46 - 2014-01-09 20:46 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2014-01-09 20:46 - 2014-01-09 20:46 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2014-01-09 20:46 - 2014-01-09 20:45 - 13079688 _____ (Microsoft Corporation) C:\Users\***\Downloads\Silverlight_x64.exe
2014-01-06 19:55 - 2010-04-25 15:12 - 00000000 ____D C:\Users\Gast\AppData\Local\Mozilla
Some content of TEMP:
====================
C:\Users\***\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-19 14:08
==================== End Of Log ============================ --- --- ---
Dazu ist zu sagen, dass nachdem der FRST-Scan länger als eine Nacht und einen Tag dauerte, ich ihn neu gestartet habe und er dann nach ca. 10min fertig war.
Lg und nocheinmal Danke, dass du die Mühen auf dich nimmst! :dankeschoen: |