Hallo,
Malwarebytes Anti-Malware:
Malwarebytes Anti-Malware 1.75.0.1300
Malwarebytes : Free Anti-Malware
Datenbank Version: v2014.03.09.07
Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16518
V5-573G :: MILAN [Administrator]
09.03.2014 19:34:01
mbam-log-2014-03-09 (19-34-01).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 522249
Laufzeit: 1 Stunde(n), 3 Minute(n), 49 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)
(Ende)
AdwCleaner:AdwCleaner Logfile:
Code:
# AdwCleaner v3.020 - Bericht erstellt am 09/03/2014 um 20:46:09
# Aktualisiert 27/02/2014 von Xplode
# Betriebssystem : Windows 8.1 (64 bits)
# Benutzername : V5-573G - MILAN
# Gestartet von : C:\Users\V5-573G\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\Program Files (x86)\SupTab
Ordner Gelöscht : C:\Users\V5-573G\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\V5-573G\Documents\PC Speed Maximizer
Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16518
-\\ Mozilla Firefox v27.0.1 (de)
[ Datei : C:\Users\V5-573G\AppData\Roaming\Mozilla\Firefox\Profiles\9j5cj0ao.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [1122 octets] - [09/03/2014 20:44:34]
AdwCleaner[S0].txt - [1054 octets] - [09/03/2014 20:46:09]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1114 octets] ##########
--- --- ---
Junkware Removal Tool :JRT Logfile:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 8.1 x64
Ran by V5-573G on 09.03.2014 at 20:57:11,44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\pc speed maximizer
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3004627E-F8E9-4E8B-909D-316753CBA923}
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1255564938-2326567129-3581081882-1002\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escort.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortapp.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escorteng.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortlbr.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\esrv.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dsiteproducts
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\mysearchdial
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\pc speed maximizer
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\esrv.mysearchdialesrvc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\esrv.mysearchdialesrvc.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mysearchdial.mysearchdialappcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mysearchdial.mysearchdialappcore.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mysearchdial.mysearchdialdskbnd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mysearchdial.mysearchdialdskbnd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mysearchdial.mysearchdialhlpr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mysearchdial.mysearchdialhlpr.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mysearchdial
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\openit open it!
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
~~~ Files
Successfully deleted: [File] "C:\Users\Public\Desktop\open it!.lnk"
~~~ Folders
Failed to delete: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\V5-573G\AppData\Roaming\mysearchdial"
Successfully deleted: [Folder] "C:\Users\V5-573G\AppData\Roaming\pc speed maximizer"
Successfully deleted: [Folder] "C:\Program Files (x86)\mysearchdial"
Successfully deleted: [Folder] "C:\Program Files (x86)\openit"
Failed to delete: [Folder] "C:\Program Files (x86)\pc speed maximizer"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it!"
~~~ FireFox
Successfully deleted: [File] C:\Users\V5-573G\AppData\Roaming\mozilla\firefox\profiles\9j5cj0ao.default\user.js
Successfully deleted: [File] C:\Users\V5-573G\AppData\Roaming\mozilla\firefox\profiles\9j5cj0ao.default\searchplugins\mysearchdial.xml
Successfully deleted: [Folder] C:\Users\V5-573G\AppData\Roaming\mozilla\firefox\profiles\9j5cj0ao.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
Successfully deleted the following from C:\Users\V5-573G\AppData\Roaming\mozilla\firefox\profiles\9j5cj0ao.default\prefs.js
user_pref("browser.search.defaultenginename", "Mysearchdial");
user_pref("browser.search.order.1", "Mysearchdial");
user_pref("browser.search.selectedEngine", "Mysearchdial");
user_pref("extensions.mysearchdial.AL", 2);
user_pref("extensions.mysearchdial.aflt", "dsites_14_10_ff");
user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDtDyC0BtB0E0A0Czy0DzztN0D0Tzu0SyBzyzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2S
user_pref("extensions.mysearchdial.cntry", "DE");
user_pref("extensions.mysearchdial.cr", "799056659");
user_pref("extensions.mysearchdial.dfltLng", "");
user_pref("extensions.mysearchdial.dfltSrch", true);
user_pref("extensions.mysearchdial.dnsErr", true);
user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,32
user_pref("extensions.mysearchdial.excTlbr", false);
user_pref("extensions.mysearchdial.hdrMd5", "D700C8B343C8E4DEFD52558D8FB69ADF");
user_pref("extensions.mysearchdial.hmpg", true);
user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=dsites_14_10_ff&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDtDyC0BtB0E0A0Czy0DzztN0D0Tzu0SyBzyzytN1L2Xzut
user_pref("extensions.mysearchdial.id", "A4DB3006B2EAC9D8");
user_pref("extensions.mysearchdial.instlDay", "16138");
user_pref("extensions.mysearchdial.instlRef", "140305_a");
user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=dsites_14_10_ff&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDtDyC0BtB0E0A0Czy0DzztN0D0Tzu0SyBzyzytN1L2XzutBt
user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.29.020:50:33");
user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=dsites_14_10_ff&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDtDyC0BtB0E0A0Czy0DzztN0D0Tzu0SyBzyzytN1L2Xz
user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"90\",\"lastVrsn\":\"90\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\
user_pref("extensions.mysearchdial.prdct", "mysearchdial");
user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
user_pref("extensions.mysearchdial.sg", "none");
user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
user_pref("extensions.mysearchdial.tlbrId", "base");
user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=dsites_14_10_ff&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDtDyC0BtB0E0A0Czy0DzztN0D0Tzu0SyBzyzytN1L2
user_pref("extensions.mysearchdial.vrsn", "1.8.29.0");
user_pref("extensions.mysearchdial.vrsni", "1.8.29.0");
user_pref("extensions.mysearchdial_i.newTab", false);
user_pref("extensions.mysearchdial_i.smplGrp", "none");
user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.29.020:50:33");
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.03.2014 at 21:01:03,96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--- --- ---
FRST 32-Bit | FRST 64-Bit
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
SecurityCheck und:
