| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Search Protect - Conduit kann nicht deinstalliert werdenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
29.01.2014, 12:29
| #1 |
| /// the machine /// TB-Ausbilder    |  Search Protect - Conduit kann nicht deinstalliert werden Wenn Du nach nem Tag nachhakst, aber doch nit 2h nachdem Du die Logs gepostet hast  .Ich übersehe nie einen User oder Thread der von mir in Arbeit is, den Zusatz "the machine" hab ich nit aus Spass unter meinem Nick stehen  
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.01.2014, 19:20
| #2 |
 | Search Protect - Conduit kann nicht deinstalliert werden So habe alles von dem MBAM löschen lassen und den ADW Cleaner ausgeführt, hier schon mal der Log
__________________Code:
ATTFilter # AdwCleaner v3.018 - Bericht erstellt am 29/01/2014 um 18:43:57
# Updated 28/01/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : User - XXX
# Gestartet von : C:\Users\User\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Ordner Gelöscht : C:\windows\SysWOW64\Searchprotect
Ordner Gelöscht : C:\Users\User\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\User\AppData\Local\Searchprotect
Ordner Gelöscht : C:\Users\User\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\User\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uhwqlx47.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uhwqlx47.default\bprotector_prefs.js
Datei Gelöscht : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uhwqlx47.default\invalidprefs.js
Datei Gelöscht : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uhwqlx47.default\searchplugins\BrowserDefender.xml
Datei Gelöscht : C:\windows\System32\Tasks\BrowserDefendert
Datei Gelöscht : C:\windows\System32\Tasks\EPUpdater
Datei Gelöscht : C:\windows\System32\Tasks\Scheduled Update for Ask Toolbar
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Schlüssel Gelöscht : HKCU\Software\58ed78ab23de543
Schlüssel Gelöscht : HKLM\SOFTWARE\58ed78ab23de543
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\filescout
Schlüssel Gelöscht : HKCU\Software\Somoto
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\SearchProtect
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16428
-\\ Mozilla Firefox v26.0 (de)
[ Datei : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uhwqlx47.default\prefs.js ]
Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=2&UP=SP683BA533-8BC0-4305-81A0-029197A83C18");
Zeile gelöscht : user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");
Zeile gelöscht : user_pref("extensions.asktb.apn_dbr", "ff_13.0.1");
Zeile gelöscht : user_pref("extensions.asktb.cbid", "^ABT");
Zeile gelöscht : user_pref("extensions.asktb.clear-searches-on-exit", true);
Zeile gelöscht : user_pref("extensions.asktb.config-updated", false);
Zeile gelöscht : user_pref("extensions.asktb.crumb", "2012.07.19+08.05.36-toolbar019iad-DE-RG9ydG11bmQsR2VybWFueQ%3D%3D");
Zeile gelöscht : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://avira-int.ask.com/web?q={query}&qsrc={qsrc}&o={o}&l={l}&gct=bar&locale={locale}");
Zeile gelöscht : user_pref("extensions.asktb.domain", "avira-int.ask.com");
Zeile gelöscht : user_pref("extensions.asktb.domainName", "avira-int.ask.com");
Zeile gelöscht : user_pref("extensions.asktb.dtid", "^YYYYYY^YY^DE");
Zeile gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");
Zeile gelöscht : user_pref("extensions.asktb.fresh-install", false);
Zeile gelöscht : user_pref("extensions.asktb.guid", "b0747396-7f02-44e4-8732-d8fadced706f");
Zeile gelöscht : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \"WWW.google.com\", \"hxxps://websearch.ask.com\", [...]
Zeile gelöscht : user_pref("extensions.asktb.if", "first");
Zeile gelöscht : user_pref("extensions.asktb.l", "dis");
Zeile gelöscht : user_pref("extensions.asktb.last-config-req", "1346248086173");
Zeile gelöscht : user_pref("extensions.asktb.last-search-timestamp", "1344091915280");
Zeile gelöscht : user_pref("extensions.asktb.locale", "de_DE");
Zeile gelöscht : user_pref("extensions.asktb.localePref", true);
Zeile gelöscht : user_pref("extensions.asktb.location", "Dortmund,Germany");
Zeile gelöscht : user_pref("extensions.asktb.notification-shown", true);
Zeile gelöscht : user_pref("extensions.asktb.o", "APN10395");
Zeile gelöscht : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Zeile gelöscht : user_pref("extensions.asktb.qsrc", "2871");
Zeile gelöscht : user_pref("extensions.asktb.r", "2");
Zeile gelöscht : user_pref("extensions.asktb.sa", "YES");
Zeile gelöscht : user_pref("extensions.asktb.saguid", "B01BD60F-0D00-4A0A-AC5A-40F1C73139E0");
Zeile gelöscht : user_pref("extensions.asktb.search-suggestions-enabled", true);
Zeile gelöscht : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Zeile gelöscht : user_pref("extensions.asktb.socialmini-native-on", true);
Zeile gelöscht : user_pref("extensions.asktb.themeid", "");
Zeile gelöscht : user_pref("extensions.asktb.timeinstalled", "19.07.2012 17:06:47");
Zeile gelöscht : user_pref("extensions.asktb.to", "");
Zeile gelöscht : user_pref("extensions.asktb.v", "3.15.4.100015");
Zeile gelöscht : user_pref("extensions.asktb.version", "5.15.4.23930");
*************************
AdwCleaner[R0].txt - [9784 octets] - [29/01/2014 18:39:27]
AdwCleaner[S0].txt - [9151 octets] - [29/01/2014 18:43:57]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9211 octets] ##########
Hier nun der Log vom Junkware Remove Tool Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by User on 29.01.2014 at 18:54:06,53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-554711917-2863548098-4266043090-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BC33DCF5-09F6-4060-88D2-035042D6192E}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\User\appdata\local\webplayer"
~~~ FireFox
Emptied folder: C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\uhwqlx47.default\minidumps [48 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.01.2014 at 19:02:55,65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-01-2014 01
Ran by User (administrator) on XXX on 29-01-2014 19:05:45
Running from C:\Users\User\Downloads\Trojaner Board
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
( ) C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(Toshiba Europe GmbH) C:\Program Files\Toshiba\Registration\ToshibaReminder.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\Toshiba\FlashCards\Hotkey\TCrdKBB.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Microsoft Corporation) C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
(Dropbox, Inc.) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVM Berlin) C:\Users\User\AppData\Local\Apps\2.0\CYN3ZPHY.T37\4J0RP2L5.DLH\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe
() C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ReModem.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Thisisu) C:\Users\User\Desktop\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-25] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [896032 2010-03-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [ThpSrv] - C:\windows\system32\thpsrv /logon
HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1519016 2010-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-07-22] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-07-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050072 2010-05-11] (Toshiba Europe GmbH)
HKLM\...\Run: [Toshiba Registration] - C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [136136 2010-04-19] (Toshiba Europe GmbH)
HKLM-x32\...\Run: [NBAgent] - C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe [1086760 2010-03-09] (Nero AG)
HKLM-x32\...\Run: [SVPWUTIL] - C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2010-02-22] (TOSHIBA)
HKLM-x32\...\Run: [HWSetup] - C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2009-12-25] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ITSecMng] - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TRCMan] - C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe [714104 2010-06-02] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TWebCamera] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-05-01] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IndexSearch] - C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-08] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] - C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-08] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] - C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] - C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] - C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] - C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2010-10-28] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2014-01-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [DLSService] - "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
HKCU\...\Run: [AVMUSBFernanschluss] - C:\Users\User\AppData\Local\Apps\2.0\CYN3ZPHY.T37\4J0RP2L5.DLH\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\AVMAutoStart.exe [139264 2013-01-10] (AVM Berlin)
HKCU\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKCU\...\Run: [SkyDrive] - C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-08-18] (Microsoft Corporation)
HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\User\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [Autodesk Sync] - C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
HKU\Default\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => File Not Found
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {02D554C9-5BAC-4088-B940-D8CF85D0F79B} URL =
SearchScopes: HKCU - {1695F057-E9E5-4E67-BBE9-5011183B6D99} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
SearchScopes: HKCU - {BA55DABC-4256-4A3B-A8B1-030ECDB2AE7E} URL =
SearchScopes: HKCU - {BF9D5AAF-D3A8-4171-944F-6199F1997E09} URL = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll No File
BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uhwqlx47.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @dymo.com/DymoLabelFramework - C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uhwqlx47.default\searchplugins\conduit-search-1.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Easy YouTube Video Downloader - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uhwqlx47.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2013-06-15]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2014-01-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2014-01-14] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2014-01-14] (Avira Operations GmbH & Co. KG)
R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [32368 2012-10-09] (Sanford, L.P.)
R2 mitsijm2013; C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe [339776 2012-01-31] ( )
R2 mitsijm2014; C:\Program Files\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe [952608 2013-01-25] (Autodesk, Inc.)
R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [204296 2012-04-12] (Nitro PDF Software)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-05-11] (Toshiba Europe GmbH)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG)
R3 avmaudio; C:\Windows\System32\DRIVERS\avmaudio.sys [116480 2013-01-10] (AVM Berlin)
R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [116480 2012-12-21] (AVM Berlin)
S1 SSHDRV76; C:\windows\SysWOW64\drivers\SSHDRV76.sys [53760 2013-05-30] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-29 19:02 - 2014-01-29 19:02 - 00001293 _____ C:\Users\User\Desktop\JRT.txt
2014-01-29 18:53 - 2014-01-29 18:53 - 01037068 _____ (Thisisu) C:\Users\User\Desktop\JRT.exe
2014-01-29 18:53 - 2014-01-29 18:53 - 00000000 ____D C:\windows\ERUNT
2014-01-29 18:39 - 2014-01-29 18:44 - 00000000 ____D C:\AdwCleaner
2014-01-29 18:19 - 2014-01-29 18:19 - 01166132 _____ C:\Users\User\Desktop\adwcleaner.exe
2014-01-28 16:11 - 2014-01-29 17:24 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
2014-01-26 21:41 - 2014-01-26 21:41 - 00000000 ____D C:\Users\User\AppData\Roaming\Malwarebytes
2014-01-26 21:40 - 2014-01-26 21:40 - 00001120 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-26 21:40 - 2014-01-26 21:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-26 21:40 - 2014-01-26 21:40 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-26 21:40 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-01-26 19:09 - 2014-01-26 19:09 - 00000000 ____D C:\Users\User\Documents\Any Video Converter
2014-01-26 19:08 - 2014-01-26 19:08 - 00000000 ____D C:\Users\User\AppData\Roaming\AnvSoft
2014-01-26 19:08 - 2014-01-26 19:08 - 00000000 ____D C:\Program Files (x86)\AnvSoft
2014-01-26 19:06 - 2014-01-26 19:07 - 37146216 _____ (Any-Video-Converter.com ) C:\Users\User\Downloads\avc-free.exe
2014-01-26 13:23 - 2014-01-29 19:05 - 00000000 ____D C:\FRST
2014-01-26 13:22 - 2014-01-29 19:05 - 00000000 ____D C:\Users\User\Downloads\Trojaner Board
2014-01-24 22:19 - 2014-01-24 22:22 - 00000000 ____D C:\Users\User\Downloads\VWL
2014-01-24 21:30 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-24 21:30 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-01-24 21:30 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-01-24 21:30 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-01-24 21:29 - 2014-01-24 21:30 - 00005327 _____ C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-21 21:54 - 2014-01-21 21:54 - 00000000 ___SD C:\Users\User\Documents\Meine Datenquellen
2014-01-19 17:17 - 2014-01-19 17:18 - 00000000 ____D C:\ProgramData\TuneUp Software
2014-01-19 17:17 - 2014-01-19 17:17 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-01-19 17:17 - 2014-01-19 17:17 - 00000000 ____D C:\Users\User\AppData\Roaming\TuneUp Software
2014-01-19 10:18 - 2014-01-19 10:18 - 00000000 ____D C:\Users\User\Downloads\FOM
2014-01-15 16:15 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2014-01-15 16:15 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2014-01-15 16:15 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2014-01-15 16:15 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2014-01-15 16:15 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2014-01-15 16:15 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2014-01-15 16:15 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2014-01-15 16:15 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2014-01-15 16:15 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-01-07 23:35 - 2014-01-07 23:35 - 00002050 _____ C:\Users\Public\Desktop\Autodesk ReCap.lnk
2014-01-07 23:35 - 2014-01-07 23:35 - 00000000 ____D C:\ProgramData\FARO
2014-01-07 23:30 - 2014-01-07 23:30 - 00001236 _____ C:\Users\Public\Desktop\Autodesk Vault Basic 2014.lnk
2014-01-07 22:49 - 2014-01-07 22:49 - 00002238 _____ C:\Users\Public\Desktop\Autodesk Inventor Professional 2014.lnk
2014-01-07 22:08 - 2014-01-07 22:08 - 00002014 _____ C:\Users\Public\Desktop\Autodesk 360.lnk
2014-01-07 22:02 - 2014-01-07 22:02 - 00002146 _____ C:\Users\Public\Desktop\DWG TrueView 2014.lnk
2014-01-07 22:00 - 2014-01-07 22:00 - 00000000 ____D C:\Program Files (x86)\DWG TrueView 2014
2014-01-07 21:25 - 2014-01-07 21:26 - 00000000 ____D C:\Users\User\AppData\Local\Akamai
2014-01-07 21:11 - 2014-01-08 19:20 - 00000000 ____D C:\Users\User\Downloads\Autodesk Inventor 2014
==================== One Month Modified Files and Folders =======
2014-01-29 19:05 - 2014-01-26 13:23 - 00000000 ____D C:\FRST
2014-01-29 19:05 - 2014-01-26 13:22 - 00000000 ____D C:\Users\User\Downloads\Trojaner Board
2014-01-29 19:02 - 2014-01-29 19:02 - 00001293 _____ C:\Users\User\Desktop\JRT.txt
2014-01-29 18:56 - 2009-07-14 05:45 - 00016080 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-29 18:56 - 2009-07-14 05:45 - 00016080 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-29 18:53 - 2014-01-29 18:53 - 01037068 _____ (Thisisu) C:\Users\User\Desktop\JRT.exe
2014-01-29 18:53 - 2014-01-29 18:53 - 00000000 ____D C:\windows\ERUNT
2014-01-29 18:49 - 2012-08-27 21:00 - 00000000 ___RD C:\Users\User\Dropbox
2014-01-29 18:49 - 2012-08-27 20:57 - 00000000 ____D C:\Users\User\AppData\Roaming\Dropbox
2014-01-29 18:48 - 2013-06-28 18:14 - 00000000 ___RD C:\Users\User\SkyDrive
2014-01-29 18:45 - 2012-07-12 11:38 - 02003122 _____ C:\windows\WindowsUpdate.log
2014-01-29 18:45 - 2009-07-14 05:51 - 00081100 _____ C:\windows\setupact.log
2014-01-29 18:44 - 2014-01-29 18:39 - 00000000 ____D C:\AdwCleaner
2014-01-29 18:33 - 2012-07-12 11:35 - 00520066 _____ C:\windows\PFRO.log
2014-01-29 18:19 - 2014-01-29 18:19 - 01166132 _____ C:\Users\User\Desktop\adwcleaner.exe
2014-01-29 17:24 - 2014-01-28 16:11 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
2014-01-28 16:11 - 2012-07-13 17:53 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-01-28 16:11 - 2012-07-13 17:53 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-28 16:11 - 2012-07-13 17:48 - 00000000 ____D C:\Users\User\AppData\Local\Adobe
2014-01-28 16:11 - 2010-09-20 20:11 - 00000000 ____D C:\ProgramData\McAfee
2014-01-27 22:19 - 2012-07-13 16:15 - 00000000 ____D C:\Users\User\Documents\Outlook-Dateien
2014-01-27 22:05 - 2012-07-13 18:25 - 00000000 ____D C:\Users\User\AppData\Local\Deployment
2014-01-27 18:48 - 2009-07-14 18:58 - 00699666 _____ C:\windows\system32\perfh007.dat
2014-01-27 18:48 - 2009-07-14 18:58 - 00149774 _____ C:\windows\system32\perfc007.dat
2014-01-27 18:48 - 2009-07-14 06:13 - 01620612 _____ C:\windows\system32\PerfStringBackup.INI
2014-01-26 21:41 - 2014-01-26 21:41 - 00000000 ____D C:\Users\User\AppData\Roaming\Malwarebytes
2014-01-26 21:40 - 2014-01-26 21:40 - 00001120 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-26 21:40 - 2014-01-26 21:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-26 21:40 - 2014-01-26 21:40 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-26 19:09 - 2014-01-26 19:09 - 00000000 ____D C:\Users\User\Documents\Any Video Converter
2014-01-26 19:08 - 2014-01-26 19:08 - 00000000 ____D C:\Users\User\AppData\Roaming\AnvSoft
2014-01-26 19:08 - 2014-01-26 19:08 - 00000000 ____D C:\Program Files (x86)\AnvSoft
2014-01-26 19:07 - 2014-01-26 19:06 - 37146216 _____ (Any-Video-Converter.com ) C:\Users\User\Downloads\avc-free.exe
2014-01-26 17:17 - 2013-01-13 21:03 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apache Friends
2014-01-24 22:22 - 2014-01-24 22:19 - 00000000 ____D C:\Users\User\Downloads\VWL
2014-01-24 21:30 - 2014-01-24 21:29 - 00005327 _____ C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-24 21:30 - 2013-10-18 19:24 - 00000000 ____D C:\ProgramData\Oracle
2014-01-24 21:30 - 2010-09-20 19:44 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-24 21:24 - 2012-07-12 12:55 - 00000000 ____D C:\Users\User\AppData\Roaming\Toshiba
2014-01-23 18:39 - 2012-07-13 14:45 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-23 18:39 - 2009-07-14 03:34 - 00000478 _____ C:\windows\win.ini
2014-01-23 18:38 - 2012-09-12 16:49 - 00000039 _____ C:\windows\vbaddin.ini
2014-01-21 21:54 - 2014-01-21 21:54 - 00000000 ___SD C:\Users\User\Documents\Meine Datenquellen
2014-01-21 19:00 - 2012-07-14 15:24 - 00000000 ____D C:\Users\User\AppData\Roaming\Nitro PDF
2014-01-19 17:48 - 2013-04-16 18:14 - 00000000 ____D C:\Program Files (x86)\UltraMixer
2014-01-19 17:18 - 2014-01-19 17:17 - 00000000 ____D C:\ProgramData\TuneUp Software
2014-01-19 17:17 - 2014-01-19 17:17 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-01-19 17:17 - 2014-01-19 17:17 - 00000000 ____D C:\Users\User\AppData\Roaming\TuneUp Software
2014-01-19 14:43 - 2012-08-03 14:43 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2014-01-19 10:18 - 2014-01-19 10:18 - 00000000 ____D C:\Users\User\Downloads\FOM
2014-01-19 09:40 - 2010-09-20 20:02 - 00000000 ___RD C:\Program Files (x86)\Skype
2014-01-19 09:40 - 2010-09-20 20:02 - 00000000 ____D C:\ProgramData\Skype
2014-01-15 20:55 - 2009-07-14 05:45 - 00559968 _____ C:\windows\system32\FNTCACHE.DAT
2014-01-15 20:49 - 2013-08-18 21:02 - 00000000 ____D C:\windows\system32\MRT
2014-01-15 20:46 - 2012-07-17 13:45 - 86054176 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-01-15 18:19 - 2013-11-13 15:53 - 00000000 ____D C:\Users\User\AppData\Roaming\vlc
2014-01-15 17:58 - 2013-05-15 17:32 - 00000000 ____D C:\Users\User\AppData\Roaming\dvdcss
2014-01-11 12:39 - 2012-07-30 17:29 - 00000000 ____D C:\Users\User\AppData\Roaming\Autodesk
2014-01-08 22:49 - 2012-07-29 09:41 - 01594892 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2014-01-08 22:33 - 2012-07-31 20:55 - 00000000 ____D C:\Users\User\AppData\Local\Autodesk,_Inc
2014-01-08 19:20 - 2014-01-07 21:11 - 00000000 ____D C:\Users\User\Downloads\Autodesk Inventor 2014
2014-01-08 05:18 - 2012-07-12 12:55 - 00179512 _____ C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-07 23:35 - 2014-01-07 23:35 - 00002050 _____ C:\Users\Public\Desktop\Autodesk ReCap.lnk
2014-01-07 23:35 - 2014-01-07 23:35 - 00000000 ____D C:\ProgramData\FARO
2014-01-07 23:35 - 2012-07-31 14:39 - 00000000 ____D C:\Program Files\Autodesk
2014-01-07 23:35 - 2012-07-30 17:29 - 00000000 ____D C:\ProgramData\Autodesk
2014-01-07 23:30 - 2014-01-07 23:30 - 00001236 _____ C:\Users\Public\Desktop\Autodesk Vault Basic 2014.lnk
2014-01-07 23:30 - 2012-07-31 14:51 - 00000000 ____D C:\Users\User\Documents\Inventor
2014-01-07 23:30 - 2012-07-31 14:42 - 00000000 ____D C:\Users\Public\Documents\Autodesk
2014-01-07 22:53 - 2012-07-31 14:39 - 00000000 ____D C:\Users\User\AppData\Local\Autodesk
2014-01-07 22:49 - 2014-01-07 22:49 - 00002238 _____ C:\Users\Public\Desktop\Autodesk Inventor Professional 2014.lnk
2014-01-07 22:47 - 2012-10-26 20:12 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
2014-01-07 22:08 - 2014-01-07 22:08 - 00002014 _____ C:\Users\Public\Desktop\Autodesk 360.lnk
2014-01-07 22:02 - 2014-01-07 22:02 - 00002146 _____ C:\Users\Public\Desktop\DWG TrueView 2014.lnk
2014-01-07 22:00 - 2014-01-07 22:00 - 00000000 ____D C:\Program Files (x86)\DWG TrueView 2014
2014-01-07 21:47 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2014-01-07 21:26 - 2014-01-07 21:25 - 00000000 ____D C:\Users\User\AppData\Local\Akamai
2014-01-07 21:25 - 2012-07-31 14:12 - 00000000 ____D C:\Autodesk
2014-01-07 20:47 - 2012-08-27 21:00 - 00001031 _____ C:\Users\User\Desktop\Dropbox.lnk
2014-01-07 20:47 - 2012-08-27 20:58 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-07 20:47 - 2012-07-12 12:49 - 00000000 ___RD C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\avgnt.exe
C:\Users\User\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-04 20:59
==================== End Of Log ============================
--- --- --- --- --- --- Hoffe das nun alles entfernt ist und ich den Mist nun los bin. Wenn Du mir zum Schluß noch einen Tip geben würdest, wie ich mich gegen den ganze Trojaner Kram besser schützen könnte, wäre ich Dir noch dankbar.  |
|
| Themen zu Search Protect - Conduit kann nicht deinstalliert werden |
| 64 bit, deinstalliere, deinstallieren, glaube, hoffe, liebe, problem, pup.bprotector, pup.optional.babylon.a, pup.optional.bprotector.a, pup.optional.conduit.a, pup.optional.datamngr.a, pup.optional.delta.a, pup.optional.filescout.a, pup.optional.filesfrog.a, pup.optional.opencandy, pup.optional.searchprotect.a, pup.optional.somoto.a, search, systemsteuerung, troja, trojaner, windows 7, würde |
Hybrid-Darstellung
