Danke schrauber, für die Hilfe!
mbam Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 01.04.2015
Suchlauf-Zeit: 22:05:07
Logdatei: mbam.txt
Administrator: Ja
Version: 2.01.4.1018
Malware Datenbank: v2015.04.01.09
Rootkit Datenbank: v2015.03.31.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Aline
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 390889
Verstrichene Zeit: 5 Min, 54 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(Keine schädliche Elemente gefunden)
Module: 0
(Keine schädliche Elemente gefunden)
Registrierungsschlüssel: 4
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-3950301424-1890279349-3554157190-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, In Quarantäne, [145920473852b1851885c768f0138f71],
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, In Quarantäne, [145920473852b1851885c768f0138f71],
PUP.Optional.ConduitSearchProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CltMngSvc, In Quarantäne, [a7c627403456e6508111b567669f3dc3],
PUP.Optional.ConduitSearch.A, HKU\S-1-5-21-3950301424-1890279349-3554157190-1003\SOFTWARE\Conduit_Search_Protect, In Quarantäne, [c1ac98cf870352e41cdea919a65d619f],
Registrierungswerte: 3
PUP.Optional.Conduit.A, HKU\S-1-5-21-3950301424-1890279349-3554157190-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|URL, hxxp://search.conduit.com/Results.aspx?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP27964FF6-342B-4F69-8116-AFFA72916455&q={searchTerms}&SSPV=, In Quarantäne, [630ae3840a802e08439e7e38f40f8c74]
PUP.Optional.Conduit.A, HKU\S-1-5-21-3950301424-1890279349-3554157190-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|SuggestionsURL_JSON, hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}, In Quarantäne, [204d0c5b1773bf77d20fe5d12cd760a0]
PUP.Optional.Trovi.A, HKU\S-1-5-21-3950301424-1890279349-3554157190-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|DisplayName, Trovi search, In Quarantäne, [2548244356345bdb87e67ad4ea1bdf21]
Registrierungsdaten: 3
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL , Gut: (), Schlecht: (C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL),Ersetzt,[f07d4324c6c460d64347c7b7d13207f9]
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL , Gut: (), Schlecht: (C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL),Ersetzt,[f07d4324c6c460d64347c7b7d13207f9]
PUP.Optional.Conduit.A, HKU\S-1-5-21-3950301424-1890279349-3554157190-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP27964FF6-342B-4F69-8116-AFFA72916455&SSPV=, Gut: (www.google.com), Schlecht: (hxxp://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP27964FF6-342B-4F69-8116-AFFA72916455&SSPV=),Ersetzt,[6409bfa8f496350107a1f2fef60fe31d]
Ordner: 12
PUP.Optional.OpenCandy, C:\Users\Aline\AppData\Roaming\OpenCandy, In Quarantäne, [06672344ec9ed4622beae59855aee41c],
PUP.Optional.OpenCandy, C:\Users\Aline\AppData\Roaming\OpenCandy\A57FC68AB6A243278BDEA14D231C9FCC, In Quarantäne, [06672344ec9ed4622beae59855aee41c],
PUP.Optional.OpenCandy, C:\Users\Aline\AppData\Roaming\OpenCandy\AE916625C1644E1F919E0C7BA6D63184, In Quarantäne, [06672344ec9ed4622beae59855aee41c],
PUP.Optional.OpenCandy, C:\Users\Aline\AppData\Roaming\OpenCandy\DF13C0AC1E554B8C8DD5D9A8CCEFB236, In Quarantäne, [06672344ec9ed4622beae59855aee41c],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\bin, In Quarantäne, [d697c99e3159c96d4a3f443af40fa060],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin, In Quarantäne, [f07d4324c6c460d64347c7b7d13207f9],
PUP.Optional.SearchProtect.A, C:\Users\Aline\AppData\Local\SearchProtect, In Quarantäne, [d99456118bffe650defe6728eb18d030],
PUP.Optional.Extutil.A, C:\Users\Aline\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B, In Quarantäne, [9bd2155295f5fc3aadfaa5ec6c97b14f],
PUP.Optional.Managera.A, C:\Users\Aline\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42, In Quarantäne, [234ad4930a80da5c6f39cfc2e12244bc],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main, In Quarantäne, [2b42303797f372c465fb4f5c2ad943bd],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin, In Quarantäne, [2b42303797f372c465fb4f5c2ad943bd],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep, In Quarantäne, [2b42303797f372c465fb4f5c2ad943bd],
Dateien: 84
PUP.Optional.Conduit.A, C:\Users\Aline\AppData\Roaming\OpenCandy\A57FC68AB6A243278BDEA14D231C9FCC\SSStub_SearchProtect_p1v0.exe, In Quarantäne, [fc717fe8d1b987afd11d3d0cae53669a],
PUP.Optional.Conduit.A, C:\Users\Aline\AppData\Roaming\OpenCandy\AE916625C1644E1F919E0C7BA6D63184\search_protect_global.exe, In Quarantäne, [beafb6b1167461d521cdb4956c95f907],
PUP.Optional.Conduit.A, C:\Users\Aline\AppData\Local\Temp\sp-downloader.exe, In Quarantäne, [8ae3ec7b4a4043f30fdf20296f9250b0],
PUP.Optional.SearchProtect.A, C:\Users\Aline\AppData\Local\Temp\nslC2E3.exe, In Quarantäne, [08655f084d3d3df9d6e83b1b2fd2df21],
PUP.Optional.SearchProtect.A, C:\Users\Aline\AppData\Local\Temp\nso64F.exe, In Quarantäne, [5b120661771367cfae1012449e636c94],
PUP.Optional.SearchProtect.A, C:\Users\Aline\AppData\Local\Temp\nsrB788.exe, In Quarantäne, [bab3d88f5d2d60d66c52c2941ae79d63],
PUP.Optional.SearchProtect.A, C:\Users\Aline\AppData\Local\Temp\nsw1A6.exe, In Quarantäne, [27461c4b92f85dd90faf4610a25f50b0],
PUP.Optional.SearchProtect.A, C:\Users\Aline\AppData\Local\Temp\nsx2E0.exe, In Quarantäne, [0667194e167487af03bb6aec08f9df21],
PUP.Optional.SearchProtect.A, C:\Users\Aline\AppData\Local\Temp\SPSetup.exe, In Quarantäne, [72fbe4830e7c64d2211c99216c9529d7],
PUP.Optional.SearchProtect.A, C:\Users\Aline\AppData\Local\Temp\nsbC3DE.exe, In Quarantäne, [1756dc8b751595a1f0ce203650b132ce],
PUP.Optional.SearchProtect.A, C:\Users\Aline\AppData\Local\Temp\nsd525.exe, In Quarantäne, [afbecd9a8cfe81b5f4ca4a0c966bf30d],
PUP.Optional.SearchProtect.A, C:\Users\Aline\AppData\Local\Temp\nsgB6AC.exe, In Quarantäne, [d7961d4afc8e69cd744a62f444bd2fd1],
PUP.Optional.Conduit.A, C:\Users\Aline\AppData\Local\Temp\nslF292\SpSetup.exe, In Quarantäne, [cf9e5a0d7911cb6bb4fee8630af742be],
PUP.Optional.Conduit.A, C:\Users\Aline\AppData\Local\Temp\nslA92E\SpSetup.exe, In Quarantäne, [422ba9be01890c2af9b9d675cf32cf31],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsaA1F6.exe, In Quarantäne, [a1cc94d3dcae59dd724c7ed853aebb45],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsaB8D2.exe, In Quarantäne, [2746fb6ca7e3290d14aadf7717ea3bc5],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsc6F71.exe, In Quarantäne, [88e58ddad6b4a88e695567efbe43a25e],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsc82DC.exe, In Quarantäne, [c3aaafb8296141f59c22510510f18c74],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsdA818.exe, In Quarantäne, [77f677f0325843f30eb0e472738e40c0],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsdDF4C.exe, In Quarantäne, [e78622454248b2847ba6b3fdc63bb34d],
PUP.Optional.Conduit.A, C:\Windows\Temp\nse1DF8.exe, In Quarantäne, [93da8addbccef24448d94769e021ff01],
PUP.Optional.Conduit.A, C:\Windows\Temp\nstAB1C.exe, In Quarantäne, [bbb2b9aeb9d1fb3b62bfcae67a87e41c],
PUP.Optional.Conduit.A, C:\Windows\Temp\nstD42F.exe, In Quarantäne, [6805f572632764d25dc4327eb54cb44c],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsu38B.exe, In Quarantäne, [3439c5a2b4d60135c3fb06506a975aa6],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsuED3.exe, In Quarantäne, [8ce14a1d6b1f1c1acfeff85ede23de22],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nswC856.exe, In Quarantäne, [fd7064035634c175c9f5233357aa0df3],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsx3750.exe, In Quarantäne, [5a13f6717416b4822af73a7609f89f61],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsx8B69.exe, In Quarantäne, [0964f473ddad3ff7dd445c5401003dc3],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsyC887.exe, In Quarantäne, [45286bfc57339d9935ec6c442ed3e818],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsfBEB3.exe, In Quarantäne, [b7b60067464457dfe9386e42b54c8f71],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsgC846.exe, In Quarantäne, [8be223446a20a1956b53b89e1ae7c937],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsh8DDA.exe, In Quarantäne, [5914f176d5b50d2976480551847ddb25],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsi40EC.exe, In Quarantäne, [fc71e87ffd8d1d194ed3387829d854ac],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsi50AB.exe, In Quarantäne, [e98489dea1e9092dde43753bff0204fc],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsjF44B.exe, In Quarantäne, [1459f473e3a77db9b869f6ba9c655ca4],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsk2C9F.exe, In Quarantäne, [70fdd691acde1422bb66a0101fe215eb],
PUP.Optional.Conduit.A, C:\Windows\Temp\nskB136.exe, In Quarantäne, [76f7cc9b088249ed2ff24b65cd3440c0],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nskB8C2.exe, In Quarantäne, [7af377f05b2fb48209b5094d7b86e61a],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsl6274.exe, In Quarantäne, [640972f5325877bf724cabab4ab7d927],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsn2B97.exe, In Quarantäne, [cf9e8ed93852a6904cd52c8447ba7f81],
PUP.Optional.Conduit.A, C:\Windows\Temp\nso33.exe, In Quarantäne, [d598abbc11790a2c9b86cde3629f0df3],
PUP.Optional.Conduit.A, C:\Windows\Temp\nso45EC.exe, In Quarantäne, [bab385e246443303e1405759fb0609f7],
PUP.Optional.Conduit.A, C:\Windows\Temp\nso4F93.exe, In Quarantäne, [d39a382fe4a60e2830f1cfe1dc258c74],
PUP.Optional.Conduit.A, C:\Windows\Temp\nso9A4F.exe, In Quarantäne, [2845adbaa7e3a88eb9683a7602ff2cd4],
PUP.Optional.Conduit.A, C:\Windows\Temp\nso9E98.exe, In Quarantäne, [9cd17ceb7119b77f8a97a30d847d5aa6],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsp1B98.exe, In Quarantäne, [b3badd8a1179221412ac0056e0217789],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsrCFEA.exe, In Quarantäne, [8de00e59404ad26449d82e82fc05f010],
PUP.Optional.Conduit.A, C:\Windows\Temp\nssC470.exe, In Quarantäne, [ed8001660b7f171f0c15a010f011d927],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nst1C81.exe, In Quarantäne, [93dae384ef9b1125a11d4313d42da060],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nst1C82.exe, In Quarantäne, [5f0e77f00c7e50e6d6e845118d74a957],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsfAD42.exe, In Quarantäne, [f677c5a24644092d7b4362f41be6cd33],
PUP.Optional.Conduit.A, C:\Windows\Temp\nszBC72.exe, In Quarantäne, [511c61066723999da8796d438c75b34d],
PUP.Optional.Trovi.A, C:\Users\Aline\AppData\Roaming\Mozilla\Firefox\Profiles\s5rqgjdg.default\searchplugins\trovi-search.xml, In Quarantäne, [c9a492d5286234027fbe8270fc0722de],
PUP.Optional.SearchProtect, C:\Windows\apppatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, In Quarantäne, [8ae386e1404a35019d72ed56e81d26da],
PUP.Optional.ConduitSearchProtect, C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe, In Quarantäne, [a7c627403456e6508111b567669f3dc3],
PUP.Optional.OpenCandy, C:\Users\Aline\AppData\Roaming\OpenCandy\DF13C0AC1E554B8C8DD5D9A8CCEFB236\TuneUpUtilities2014_de-DE.exe, In Quarantäne, [06672344ec9ed4622beae59855aee41c],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, In Quarantäne, [d697c99e3159c96d4a3f443af40fa060],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, In Quarantäne, [f07d4324c6c460d64347c7b7d13207f9],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\RN32.dll, In Quarantäne, [f07d4324c6c460d64347c7b7d13207f9],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPtool64.exe, In Quarantäne, [f07d4324c6c460d64347c7b7d13207f9],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32.dll, In Quarantäne, [f07d4324c6c460d64347c7b7d13207f9],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll, In Quarantäne, [f07d4324c6c460d64347c7b7d13207f9],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64.dll, In Quarantäne, [f07d4324c6c460d64347c7b7d13207f9],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll, In Quarantäne, [f07d4324c6c460d64347c7b7d13207f9],
PUP.Optional.Extutil.A, C:\Users\Aline\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\bk.js, In Quarantäne, [9bd2155295f5fc3aadfaa5ec6c97b14f],
PUP.Optional.Extutil.A, C:\Users\Aline\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\cs.js, In Quarantäne, [9bd2155295f5fc3aadfaa5ec6c97b14f],
PUP.Optional.Extutil.A, C:\Users\Aline\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\manifest.json, In Quarantäne, [9bd2155295f5fc3aadfaa5ec6c97b14f],
PUP.Optional.Managera.A, C:\Users\Aline\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\cs.js, In Quarantäne, [234ad4930a80da5c6f39cfc2e12244bc],
PUP.Optional.Managera.A, C:\Users\Aline\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\manifest.json, In Quarantäne, [234ad4930a80da5c6f39cfc2e12244bc],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe_1415966682966, In Quarantäne, [2b42303797f372c465fb4f5c2ad943bd],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll, In Quarantäne, [2b42303797f372c465fb4f5c2ad943bd],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\sptool.dll_1417539811371, In Quarantäne, [2b42303797f372c465fb4f5c2ad943bd],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\sptool.dll_1418761095232, In Quarantäne, [2b42303797f372c465fb4f5c2ad943bd],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\sptool.dll_1420132209292, In Quarantäne, [2b42303797f372c465fb4f5c2ad943bd],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\sptool.dll_1420730930223, In Quarantäne, [2b42303797f372c465fb4f5c2ad943bd],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\sptool.dll_1423046660549, In Quarantäne, [2b42303797f372c465fb4f5c2ad943bd],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\sptool.dll_1423558777519, In Quarantäne, [2b42303797f372c465fb4f5c2ad943bd],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.pun, In Quarantäne, [2b42303797f372c465fb4f5c2ad943bd],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\cfi.bin, In Quarantäne, [2b42303797f372c465fb4f5c2ad943bd],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\edk.bin, In Quarantäne, [2b42303797f372c465fb4f5c2ad943bd],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\pni.bin, In Quarantäne, [2b42303797f372c465fb4f5c2ad943bd],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat, In Quarantäne, [2b42303797f372c465fb4f5c2ad943bd],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\trn.bin, In Quarantäne, [2b42303797f372c465fb4f5c2ad943bd],
PUP.Optional.Conduit.A, C:\Users\Aline\AppData\Roaming\Mozilla\Firefox\Profiles\s5rqgjdg.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?gd=&ctid=CT3321540&octid=EB_ORIGINAL_CTID&ISID=MC7805D7A-4915-4B68-B02F-E9CEA93E459E&SearchSource=55&CUI=&UM=5&UP=SP27964FF6-342B-4F69-8116-AFFA72916455&SSPV=");), Ersetzt,[4e1ff176810961d5ec8ad365887e47b9]
Physische Sektoren: 0
(Keine schädliche Elemente gefunden)
(end)
AdwCleaner Code:
# AdwCleaner v4.200 - Bericht erstellt 01/04/2015 um 22:30:19
# Aktualisiert 29/03/2015 von Xplode
# Datenbank : 2015-03-29.1 [Server]
# Betriebssystem : Windows 8.1 (x64)
# Benutzername : Aline - RAPTOR
# Gestarted von : C:\Users\Aline\Downloads\AdwCleaner_4.200.exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : APNMCP
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\ProgramData\AskPartnerNetwork
Ordner Gelöscht : C:\Program Files (x86)\AskPartnerNetwork
Ordner Gelöscht : C:\Program Files (x86)\SearchProtect
Ordner Gelöscht : C:\WINDOWS\SysWOW64\SearchProtect
Ordner Gelöscht : C:\Users\Aline\AppData\Local\Temp\apn
Ordner Gelöscht : C:\Users\Aline\AppData\Local\AskPartnerNetwork
Datei Gelöscht : C:\END
Datei Gelöscht : C:\WINDOWS\apppatch\apppatch64\vcldr64.dll
Datei Gelöscht : C:\WINDOWS\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
Datei Gelöscht : C:\WINDOWS\AppPatch\nbin\VC32Loader.dll
***** [ Geplante Tasks ] *****
Task Gelöscht : avayvaxvaa
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEA63863-87BC-4DCA-A5B5-EB97E3B04806}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{41564952-412D-5637-00A7-7A786E7484D7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{41564952-412D-5637-00A7-7A786E7484D7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{41564952-412D-5637-00A7-7A786E7484D7}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{41564952-412D-5637-00A7-7A786E7484D7}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{41564952-412D-5637-00A7-7A786E7484D7}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Schlüssel Gelöscht : HKCU\Software\AskPartnerNetwork
Schlüssel Gelöscht : HKLM\SOFTWARE\AskPartnerNetwork
Schlüssel Gelöscht : HKLM\SOFTWARE\SPPDCOM
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\AskPartnerNetwork
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17416
-\\ Mozilla Firefox v36.0.4 (x86 de)
[s5rqgjdg.default\prefs.js] - Zeile Gelöscht : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?gd=&ctid=CT3321540&octid=EB_ORIGINAL_CTID&ISID=MC7805D7A-4915-4B68-B02F-E9CEA93E459E&SearchSource=55&CUI=&UM=5&UP=SP27964FF6-342B-4F69[...]
[s5rqgjdg.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.xpiState", "{\"app-profile\":{\"abs@avira.com\":{\"d\":\"C:\\\\Users\\\\Aline\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\s5rqgjdg.default\\\\extensions\\\\abs@avi[...]
*************************
AdwCleaner[R0].txt - [5445 Bytes] - [01/04/2015 22:29:56]
AdwCleaner[S0].txt - [5291 Bytes] - [01/04/2015 22:30:19]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5350 Bytes] ##########
JRT Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.0 (03.31.2015:2)
OS: Windows 8.1 x64
Ran by Aline on 01.04.2015 at 22:36:49.33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted: [File] C:\Users\Aline\AppData\Roaming\mozilla\firefox\profiles\s5rqgjdg.default\extensions\toolbar_avira-v7@apn.ask.com.xpi
Successfully deleted the following from C:\Users\Aline\AppData\Roaming\mozilla\firefox\profiles\s5rqgjdg.default\prefs.js
user_pref("extensions.xpiState", "{\"app-profile\":{\"abs@avira.com\":{\"d\":\"C:\\\\Users\\\\Aline\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\s5rqgjdg.default
Emptied folder: C:\Users\Aline\AppData\Roaming\mozilla\firefox\profiles\s5rqgjdg.default\minidumps [54 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.04.2015 at 22:38:02.70
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST folgt. |
FRST 32-Bit | FRST 64-Bit
Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
SecurityCheck und:
dann auf 
und dann auf 
. 
