WinVista: Trojaner-Alarm und Umleitung auf Werbung

PapasPC · 29.08.2014, 16:17

So, hier die Logfiles.

Nochmal Zoek:

Code:

ATTFilter

Zoek.exe v5.0.0.0 Updated 28-08-2014
Tool run by Rolf on 29.08.2014 at 13:24:04,66.
Microsoft® Windows Vista™ Home Premium  6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Rolf\Documents\Downloads\zoek.exe [Scan all users] [Script inserted] 

==== Older Logs ======================

C:\zoek-results2014-08-29-090112.log	50901 bytes

==== Empty Folders Check ======================

C:\Program Files\Hewlett-Packard deleted successfully
C:\Users\Rolf\AppData\Local\LogMeIn Rescue Applet deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2050912381-1346219871-470563689-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7E853D72-626A-48EC-A868-BA8D5E23E045} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\{9d81af43-de53-48d0-a199-42c2a226b24c} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\BackupStack] 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] 
"Appinit_Dlls"=- 

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"web2pdfextension@web2pdf.adobedotcom"="C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn" [02.06.2014 14:49]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{e4f94d1e-2f53-401e-8885-681602c0ddd8}"="C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi" [04.04.2014 12:36]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\m8yv1nzb.default
- MediaPlayerEnhance - %ProfilePath%\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com
- Deutsches Wrterbuch - %ProfilePath%\extensions\de-DE@dictionaries.addons.mozilla.org
- British English Dictionary - %ProfilePath%\extensions\en-GB@dictionaries.addons.mozilla.org
- Pocket - %ProfilePath%\extensions\isreaditlater@ideashower.com
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
- PDF Download - %ProfilePath%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
- Fire.fm - %ProfilePath%\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
- DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
- SearchPreview - %ProfilePath%\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
- YouTube to MP3 - %ProfilePath%\extensions\youtube2mp3@mondayx.de.xpi
- Flagfox - %ProfilePath%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- Download Statusbar - %ProfilePath%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
- Extended Statusbar - %ProfilePath%\extensions\{daf44bf7-a45e-4450-979c-91cf07434c3d}.xpi

ProfilePath: C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\9fe330nl.default
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
- Undetermined - %ProfilePath%\extensions\staged-xpis
- Undetermined - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

ProfilePath: C:\Users\Rolf\AppData\Roaming\Mozilla\Firefox\Profiles\8908hkg2.default
- TS Magic Player - C:\Users\Rolf\AppData\Roaming\ACEStream\extensions\firefox\magicplayer@torrentstream.org
- Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
- Avira Browser Safety - %ProfilePath%\extensions\abs@avira.com
- Deutsches Wrterbuch - %ProfilePath%\extensions\de-DE@dictionaries.addons.mozilla.org
- British English Dictionary - %ProfilePath%\extensions\en-GB@dictionaries.addons.mozilla.org
- Pocket - %ProfilePath%\extensions\isreaditlater@ideashower.com
- Undetermined - %ProfilePath%\extensions\staged
- YouTube to MP3 ConverterDownload YouTube to MP4 - %ProfilePath%\extensions\YoutubeToMp3@wontube.com
- Fire.fm - %ProfilePath%\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
- WOT - %ProfilePath%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
- DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
- SearchPreview - %ProfilePath%\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
- Ghostery - %ProfilePath%\extensions\firefox@ghostery.com.xpi
- Youtube To MP3 PRO converter - %ProfilePath%\extensions\jid0-irAmugmQgdURBSCIFZAcjR8ZQMg@jetpack.xpi
- YouTube to MP3 - %ProfilePath%\extensions\youtube2mp3@mondayx.de.xpi
- YouTube to MP3 ConverterDownload YouTube to MP4 - %ProfilePath%\extensions\YoutubeToMp3@wontube.com.xpi
- Flagfox - %ProfilePath%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- BetterPrivacy - %ProfilePath%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
- Download Statusbar - %ProfilePath%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
- Extended Statusbar - %ProfilePath%\extensions\{daf44bf7-a45e-4450-979c-91cf07434c3d}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Rolf\AppData\Roaming\Mozilla\Firefox\Profiles\8908hkg2.default
9EE20E6E2E3F94714D44F739B9A228F4	- C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll -	Shockwave Flash
14D06C3796CE3F6BA8F43CDF3AD65D76	- C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll -	Java(TM) Platform SE 7 U67
0A6E5E3BEF374AA2F47071E7374EAD7B	- C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll -	Java Deployment Toolkit 7.0.670.1
FB5621842FDABF9F8359775573498FBC	- C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll -	Google Update
893BF7D2261C56C24F813405D9D018E0	- c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.1.0.30716.0.dll -	Silverlight Plug-In
893BF7D2261C56C24F813405D9D018E0	- c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll -	Silverlight Plug-In
1E5E8C84DE796A01D1D46E3A660690F1	- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll -	Adobe Acrobat
E30C13DE5E2B96341BD1B0691A9AFB32	- C:\Program Files\QuickTime\Plugins\npqtplugin5.dll -	QuickTime Plug-in 7.7.5
4310CAACD0FF0506C55389F04ED6049F	- C:\Program Files\QuickTime\Plugins\npqtplugin4.dll -	QuickTime Plug-in 7.7.5
08EF980C9444262DB84C5106BCCA990C	- C:\Program Files\QuickTime\Plugins\npqtplugin3.dll -	QuickTime Plug-in 7.7.5
0E56A9CBF2B73E1C3186094C108690CA	- C:\Program Files\QuickTime\Plugins\npqtplugin2.dll -	QuickTime Plug-in 7.7.5
E972DDCDBEFDED34BCB7B2D1035883E5	- C:\Program Files\QuickTime\Plugins\npqtplugin.dll -	QuickTime Plug-in 7.7.5
B5371D2C9017EEE216B5361D600B3543	- C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll -	iTunes Application Detector
C694F47FB5870679B9C0D8D4BE97556B	- C:\Users\Rolf\AppData\Roaming\ACEStream\player\npace_plugin.dll -	Ace Stream P2P Multimedia Plug-in
5B92CB0A3EEE50F6B9AE036B4F9B0F0C	- C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll -	Google Earth Plugin
AE84791D996D1F05A2446B0C447D937A	- C:\Program Files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll -	Adobe Acrobat
AE84791D996D1F05A2446B0C447D937A	- C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll -	Adobe Acrobat
F00DA1A135FCA11D4426D9A5AB72CF0F	- C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll -	AdobeAAMDetect
1F8FFDE82C52353906244AFDC6BAF2AB	- C:\Program Files\VideoLAN\VLC\npvlc.dll -	VLC Web Plugin
DD33975DCFE8C020C07F6707F81A1D12	- c:\program files\real\realplayer\Netscape6\nprjplug.dll -	RealJukebox NS Plugin
65FB4909BD29CAAA81FDC69AD21BB905	- c:\program files\real\realplayer\Netscape6\nppl3260.dll -	RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
01F0264937036BD962563F1ADF35CE72	- c:\program files\real\realplayer\Netscape6\nprpjplug.dll -	RealPlayer Version Plugin
E93467C5327C2760FCAB2B4670847496	- C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll -	DivX Player Netscape Plugin
1DE714BB4BB48B10BC94FF84C9BC6471	- C:\Program Files\DivX\DivX Web Player\npdivx32.dll -	DivX Web Player
AB87EEFFD18F2BAAFC274E7075EA6C67	- c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll -	Windows Presentation Foundation / Windows Presentation Foundation
ACEF2CBC1032BC14D112EB4494537DA5	- C:\Windows\system32\Adobe\Director\np32dsw.dll -	Shockwave for Director / Shockwave for Director
8DA2ED6B04EA33F2EAE8BA883F903729	- c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrlui.dll -	Microsoft® Silverlight
41561B8AE9E551BD08304D48DAA900FA	- C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll -	AdobeAAMDetect


==== shortcuts on Users Desktops ======================

C:\Users\Gabi\Desktop\SopCast.lnk - C:\Program Files\SopCast\SopCast.exe 
C:\Users\Gast\Desktop\SopCast.lnk - C:\Program Files\SopCast\SopCast.exe 
C:\Users\Rolf\Desktop\Ace Player.lnk - C:\Users\Rolf\AppData\Roaming\ACEStream\player\ace_player.exe 
C:\Users\Rolf\Desktop\Bluetooth-Geräte - Verknüpfung.lnk -  
C:\Users\Rolf\Desktop\e-Wörterbücher.lnk -  
C:\Users\Rolf\Desktop\Format Factory.lnk - C:\Program Files\FreeTime\FormatFactory\FormatFactory.exe 
C:\Users\Rolf\Desktop\Microsoft Outlook 2010.lnk - C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\outicon.exe 
C:\Users\Rolf\Desktop\Norton Download Manager.lnk - C:\Users\Public\Downloads\Norton\{NIS_prod_1.6.18_18.6.0.29}\NISDownloader (1).exe 
C:\Users\Rolf\Desktop\Norton-Installationsdateien.lnk - C:\Users\Public\Downloads\Norton\{NIS_prod_1.6.18_18.6.0.29} 
C:\Users\Rolf\Desktop\PC-Bibliothek 2.0.lnk - C:\PC-BIB\pc_bib2.exe 
C:\Users\Rolf\Desktop\SopCast.lnk - C:\Program Files\SopCast\SopCast.exe 
C:\Users\Rolf\Desktop\Sync Folder.lnk - C:\Program Files\JustCloud\JustCloud.exe opensync

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe 
C:\Users\Public\Desktop\Adobe Application Manager.lnk - C:\Program Files\Common Files\Adobe\OOBE\PDApp\core\PDapp.exe --appletID=CCM_UI --appletVersion=1.0 --workflow=CCM_workflow_launch
C:\Users\Public\Desktop\Adobe Reader 9.lnk - C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe 
C:\Users\Public\Desktop\Avira Control Center.lnk - C:\Program Files\Avira\AntiVir Desktop\avcenter.exe 
C:\Users\Public\Desktop\Avira.lnk - C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe /showMiniGui
C:\Users\Public\Desktop\Content Transfer.lnk - C:\Program Files\Sony\Content Transfer\ContentTransfer.exe 
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe 
C:\Users\Public\Desktop\Google Earth.lnk - C:\Program Files\Google\Google Earth\client\googleearth.exe 
C:\Users\Public\Desktop\HP LJ300-400 color MFP M375-M475 - Hilfe- und Lern-Center.lnk - C:\Program Files\HP\HP LJ300-400 color M375-M475\Help_Learn\Help.exe 
C:\Users\Public\Desktop\HP LJ300-400 M375-M475 Scan.lnk - C:\Program Files\HP\HP LJ300-400 color MFP M375-M475\Bin\HPScan.exe 
C:\Users\Public\Desktop\HP Photosmart Essential 2.5.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe 
C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files\iTunes\iTunes.exe 
C:\Users\Public\Desktop\LayOut 3.lnk - C:\Program Files\Google\Google SketchUp 8\LayOut\LayOut.exe 
C:\Users\Public\Desktop\LG PC Suite.Lnk - C:\Program Files\LG Electronics\LG PC Suite\LGPCSuite.exe 
C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.150\McUICnt.exe SecurityScanner.dll
C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk - C:\Program Files\Nero\Nero8\Nero StartSmart\NeroStartSmart.exe -ScParameter=65  
C:\Users\Public\Desktop\PlayMemories Home.lnk - C:\Program Files\Sony\PlayMemories Home\PMBBrowser.exe 
C:\Users\Public\Desktop\SketchUp 8.lnk - C:\Program Files\Google\Google SketchUp 8\SketchUp.exe 
C:\Users\Public\Desktop\Style Builder 2.lnk - C:\Program Files\Google\Google SketchUp 8\Style Builder\Style Builder.exe 
C:\Users\Public\Desktop\TeamViewer 8.lnk - C:\Program Files\TeamViewer\Version8\TeamViewer.exe 
C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files\VideoLAN\VLC\vlc.exe 

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\My Avira\Avira.lnk - C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe /showMiniGui
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk - C:\Program Files\iTunes\iTunes.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\Über iTunes.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files\Java\jre7\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files\Java\jre7\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files\Java\jre7\bin\javacpl.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -  

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Gabi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Adobe Acrobat 8 Professional.lnk -  
C:\Users\Gabi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe 
C:\Users\Gabi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Excel 2010.lnk - C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\xlicons.exe 
C:\Users\Gabi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook 2010.lnk - C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\outicon.exe 
C:\Users\Gabi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Word 2010.lnk - C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\wordicon.exe 
C:\Users\Gabi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe 
C:\Users\Gabi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Gabi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Gast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe 
C:\Users\Gast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Gast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Rolf\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Adobe Acrobat 8 Professional.lnk -  
C:\Users\Rolf\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe 
C:\Users\Rolf\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Excel 2010.lnk - C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\xlicons.exe 
C:\Users\Rolf\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook 2010.lnk - C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\outicon.exe 
C:\Users\Rolf\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Word 2010.lnk - C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\wordicon.exe 
C:\Users\Rolf\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe 
C:\Users\Rolf\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk - C:\Program Files\Nero\Nero8\Nero StartSmart\NeroStartSmart.exe -ScParameter=65  
C:\Users\Rolf\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyOverride.Bonjour"=""
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyOverride.Bonjour"=""
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\awesomehp uninstaller deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\c657f8f0-597a-49b4-9835-e252fa248185 deleted successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=16 folders=1 1500652 bytes)

==== EOF on 29.08.2014 at 13:46:41,80 ======================

Und dann noch AdwCleaner:

Code:

ATTFilter

# AdwCleaner v3.308 - Bericht erstellt am 29/08/2014 um 14:41:57
# Aktualisiert 20/08/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : Rolf - ROLF-PC
# Gestartet von : C:\Users\Rolf\Documents\Downloads\adwcleaner_3.308.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files\Uninstaller
Ordner Gelöscht : C:\Users\Rolf\AppData\Local\Tuguu_SL
Ordner Gelöscht : C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\m8yv1nzb.default\Extensions\isreaditlater@ideashower.com
Ordner Gelöscht : C:\Users\Rolf\AppData\Roaming\Mozilla\Firefox\Profiles\8908hkg2.default\Extensions\isreaditlater@ideashower.com
Ordner Gelöscht : C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel
Ordner Gelöscht : C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm
Ordner Gelöscht : C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo
Datei Gelöscht : C:\Users\Rolf\Desktop\Sync Folder.lnk
Datei Gelöscht : C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx
Datei Gelöscht : C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Schlüssel Gelöscht : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Re_Markit
Schlüssel Gelöscht : HKLM\SOFTWARE\awesomehpSoftware
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DMUninstaller
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\awesomehp uninstaller
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DMUninstaller
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VOPackage

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16563


-\\ Mozilla Firefox v31.0 (x86 de)

[ Datei : C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\m8yv1nzb.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
Zeile gelöscht : user_pref("extensions.crossrider.bic", "145742ba6e27cf25dc3d7c10e5db7f00");

[ Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\9fe330nl.default\prefs.js ]


[ Datei : C:\Users\Rolf\AppData\Roaming\Mozilla\Firefox\Profiles\8908hkg2.default\prefs.js ]

Zeile gelöscht : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
Zeile gelöscht : user_pref("extensions.quick_start.enable_search1", false);
Zeile gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

-\\ Google Chrome v36.0.1985.143

[ Datei : C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [61227 octets] - [19/03/2014 15:01:52]
AdwCleaner[R1].txt - [4472 octets] - [29/08/2014 14:09:34]
AdwCleaner[S0].txt - [59803 octets] - [19/03/2014 15:15:20]
AdwCleaner[S1].txt - [4097 octets] - [29/08/2014 14:41:57]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4157 octets] ##########

Ich fahre jetzt zu ner Hochzeit, also stress Dich nicht mit diesem Thread hier. Falls wir tatsächlich bereits am Ende der Bereinigung sein sollten, sag bitte noch wie wir uns für Deine Hilfe erkenntlich zeigen können.

LG,
Björn

WinVista: Trojaner-Alarm und Umleitung auf Werbung

Log-Analyse und Auswertung: WinVista: Trojaner-Alarm und Umleitung auf Werbung

WinVista: Trojaner-Alarm und Umleitung auf Werbung

Ähnliche Themen: WinVista: Trojaner-Alarm und Umleitung auf Werbung