Kein Abgesicherter Modus mehr nach BKA Trojaner

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-11-2013
Ran by DoubleEyE at 2013-11-15 22:30:02 Run:2
Running from C:\Users\DoubleEyE\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
HKCU\...\Run: [DrvUpdater] - C:\Users\DoubleEyE\AppData\Roaming\DRPSu\DrvUpdater.exe /hide
C:\Users\DoubleEyE\AppData\Roaming\DRPSu
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F736F7572636569643D69653726713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26726C7A3D31493741434157&st={searchTerms}&clid=e03bd68f-3298-4224-9b47-dd0fdc6eb270&pid=murb&k=0
SearchScopes: HKCU - {2184B338-9589-480C-B3CD-0031C0936934} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=e03bd68f-3298-4224-9b47-dd0fdc6eb270&pid=murb&mode=bounce&k=0
SearchScopes: HKCU - {2E313ED3-CDCA-41BE-8926-F7B3B864BCBB} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=e03bd68f-3298-4224-9b47-dd0fdc6eb270&pid=murb&mode=bounce&k=0
SearchScopes: HKCU - {320FE6CB-94A1-4881-BF66-73850EBD1994} URL = hxxp://websearch.ask.com.anonymize-me.de/?anonymto=687474703A2F2F7765627365617263682E61736B2E636F6D2F72656469726563743F636C69656E743D69652674623D4D59432D5354266F3D313032383639267372633D6B7726713D7B7365617263685465726D737D266C6F63616C653D2661706E5F70746E72733D354A2661706E5F647469643D595959595959595944452661706E5F7569643D66323331303635612D326261642D346131322D383530372D6532363262663866633237312661706E5F73617569643D45444637364537322D304435352D343539432D383230442D32303142433235323336374426&st={searchTerms}&clid=e03bd68f-3298-4224-9b47-dd0fdc6eb270&pid=murb&k=0
SearchScopes: HKCU - {3D28BC96-CD8C-448E-921C-487E61651D1D} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=e03bd68f-3298-4224-9b47-dd0fdc6eb270&pid=murb&mode=bounce&k=0
SearchScopes: HKCU - {606412B7-9183-4913-8DD9-98B016DE4630} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=e03bd68f-3298-4224-9b47-dd0fdc6eb270&pid=murb&mode=bounce&k=0
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F736F7572636569643D69653726713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26726C7A3D31493741434157&st={searchTerms}&clid=e03bd68f-3298-4224-9b47-dd0fdc6eb270&pid=murb&k=0
SearchScopes: HKCU - {D1097494-C4E8-49B3-97D3-F57D664F01B2} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=e03bd68f-3298-4224-9b47-dd0fdc6eb270&pid=murb&mode=bounce&k=0
SearchScopes: HKCU - {D6FB274F-1C47-4B32-98AC-52041BF16AB1} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=e03bd68f-3298-4224-9b47-dd0fdc6eb270&pid=murb&mode=bounce&k=0
FF NetworkProxy: "gopher", ""
FF NetworkProxy: "gopher_port", 0
FF NetworkProxy: "http", "localhost"
FF NetworkProxy: "http_port", 9666
FF NetworkProxy: "socks", "localhost"
FF NetworkProxy: "socks_port", 9050
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "ssl", "localhost"
FF NetworkProxy: "ssl_port", 9666
FF NetworkProxy: "type", 0
end
*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\DrvUpdater => Value not found.
"C:\Users\DoubleEyE\AppData\Roaming\DRPSu" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2184B338-9589-480C-B3CD-0031C0936934} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{2184B338-9589-480C-B3CD-0031C0936934} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E313ED3-CDCA-41BE-8926-F7B3B864BCBB} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{2E313ED3-CDCA-41BE-8926-F7B3B864BCBB} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{320FE6CB-94A1-4881-BF66-73850EBD1994} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{320FE6CB-94A1-4881-BF66-73850EBD1994} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3D28BC96-CD8C-448E-921C-487E61651D1D} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{3D28BC96-CD8C-448E-921C-487E61651D1D} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{606412B7-9183-4913-8DD9-98B016DE4630} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{606412B7-9183-4913-8DD9-98B016DE4630} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D1097494-C4E8-49B3-97D3-F57D664F01B2} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{D1097494-C4E8-49B3-97D3-F57D664F01B2} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D6FB274F-1C47-4B32-98AC-52041BF16AB1} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{D6FB274F-1C47-4B32-98AC-52041BF16AB1} => Key not found.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.

==== End of Fixlog ====
         

# AdwCleaner v3.012 - Bericht erstellt am 15/11/2013 um 22:34:02
# Updated 11/11/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : DoubleEyE - DOUBLEEYE
# Gestartet von : C:\Users\DoubleEyE\Downloads\adwcleaner_3012.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Ordner Gelöscht : C:\Program Files\myfree codec
Ordner Gelöscht : C:\Users\DoubleEyE\AppData\Roaming\Mozilla\Firefox\Profiles\ngx8lx9q.DoubleEyE\ICQToolbarData
Ordner Gelöscht : C:\Users\DoubleEyE\AppData\Roaming\Mozilla\Firefox\Profiles\xv3goia0.default\ICQToolbarData

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\powerpack
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16736


-\\ Mozilla Firefox v25.0.1 (de)

[ Datei : C:\Users\DoubleEyE\AppData\Roaming\Mozilla\Firefox\Profiles\ngx8lx9q.DoubleEyE\prefs.js ]

Zeile gelöscht : user_pref("socialfixer.100000888091224/prefs", "{\"installed_on_5\":1325619582931,\"last_message_check\":1325619582931,\"sfx_donate_check_time\":1326224383103,\"last_tip_check\":1325619583104,\"show_c[...]

[ Datei : C:\Users\DoubleEyE\AppData\Roaming\Mozilla\Firefox\Profiles\xv3goia0.default\prefs.js ]


[ Datei : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\hp0t9mv7.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [3286 octets] - [15/11/2013 22:32:42]
AdwCleaner[S0].txt - [3215 octets] - [15/11/2013 22:34:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3275 octets] ##########
         

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Professional x86
Ran by DoubleEyE on 15.11.2013 at 22:43:51,91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\DoubleEyE\AppData\Roaming\mozilla\firefox\profiles\ngx8lx9q.DoubleEyE\prefs.js

user_pref("socialfixer.100002160363206/cache/bfb_tip_pagelet", "<div style=\"border:2px solid #cccc99;padding:5px;background-color:#ffffcc;-moz-border-radius:5px;-webkit-borde
Emptied folder: C:\Users\DoubleEyE\AppData\Roaming\mozilla\firefox\profiles\ngx8lx9q.DoubleEyE\minidumps [17 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.11.2013 at 22:47:51,70
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.11.15.10

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16736
DoubleEyE :: DOUBLEEYE [Administrator]

Schutz: Aktiviert

15.11.2013 23:11:36
mbam-log-2013-11-15 (23-11-36).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 243201
Laufzeit: 15 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\DoubleEyE\Downloads\HijackThis - CHIP-Downloader.exe (PUP.Optional.DownloadSponsor.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)