grizly354 | 28.08.2013 16:12 | Habe jetzt AdwCleaner, JRT und MalwareBytes durchlaufen lassen. Code:
# AdwCleaner v3.001 - Report created 29/08/2013 at 16:57:55
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : user123 - user123-PC
# Running from : C:\Users\user123\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
[#] Service Deleted : IBUpdaterService
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong
Folder Deleted : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Folder Deleted : C:\Windows\SysWOW64\jmdp
Folder Deleted : C:\Windows\SysWOW64\WNLT
Folder Deleted : C:\Users\user123\AppData\Roaming\Mozilla\Firefox\Profiles\mrdsvp9r.default\SweetPacksToolbarData
[!] Folder Deleted : C:\Users\user123\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
[!] Folder Deleted : C:\Users\user123\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
[!] Folder Deleted : C:\Users\user123\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
File Deleted : C:\Windows\System32\dmwu.exe
File Deleted : C:\Windows\System32\ImhxxpComm.dll
File Deleted : C:\Users\user123\AppData\Roaming\Mozilla\Firefox\Profiles\mrdsvp9r.default\bProtector_extensions.rdf
File Deleted : C:\Windows\Tasks\EPUpdater.job
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKCU\Software\a08cddb03ebe48
Key Deleted : HKLM\SOFTWARE\a08cddb03ebe48
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_fl-studio(1)_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_fl-studio(1)_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_fl-studio_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_fl-studio_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{11C27351-716B-4052-9361-E3B0A3F8221C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4F36-8D02-8C43722EE5DA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0C43FE6B-E881-4AFC-B384-4AEBC90047E8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Key Deleted : [x64] HKLM\SOFTWARE\DomaIQ
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\WNLT
***** [ Browsers ] *****
-\\ Internet Explorer v0.0.0.0
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v23.0.1 (de)
[ File : C:\Users\user123\AppData\Roaming\Mozilla\Firefox\Profiles\mrdsvp9r.default\prefs.js ]
Line Deleted : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");
Line Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.yahoo.com/*\" param=\"[...]
-\\ Google Chrome v29.0.1547.57
[ File : C:\Users\user123\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [18812 octets] - [29/08/2013 16:49:42]
AdwCleaner[S0].txt - [5191 octets] - [29/08/2013 16:57:55]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5251 octets] ########## Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.1.6 (07.17.2013:4)
OS: Windows 7 Home Premium x64
Ran by user123 on 29.08.2013 at 16:49:40,16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
Failed to stop: [Service] ibupdaterservice
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sweetpacks communicator
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-773110419-507169222-884805310-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\menubuttonie.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\pricegongie.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{835315fc-1bf6-4ca9-80cd-f6c158d40692}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{c26644c4-2a12-4ca6-8f2e-0ede6cf018f3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\clsid\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\clsid\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babsolution
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylontoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\clickpotatolitesa
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr_toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\delta ltd
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wnlt
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\stats\{00000000-6e41-4fd3-8538-502f5495e5fc}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\stats\{c1af5fa5-852c-4c90-812e-a7f75e011d87}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\askpartnercobrandingtool_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\bundlesweetimsetup_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\bundlesweetimsetup_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\dvdvideosofttbtoolbarhelper_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\dvdvideosofttbtoolbarhelper_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\sweetim_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\sweetim_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\sweetpacksupdatemanager_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\sweetpacksupdatemanager_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\clickpotatolite
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\datamngr
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{374BFF06-9EF0-4C19-A2B1-703CEC5BEF55}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C3204226-4EBC-48B0-BA43-AD9718FB0C09}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
~~~ Files
Successfully deleted: [File] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ebay.lnk"
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\clickpotatolitesa"
Successfully deleted: [Folder] "C:\ProgramData\sweetim"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\user123\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\user123\AppData\Roaming\clickpotatolite"
Successfully deleted: [Folder] "C:\Users\user123\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\user123\AppData\Roaming\file scout"
Successfully deleted: [Folder] "C:\Users\user123\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\user123\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\user123\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\user123\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Program Files (x86)\clickpotatolite"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\optimizer pro"
Successfully deleted: [Folder] "C:\Program Files (x86)\pricegong"
Successfully deleted: [Folder] "C:\Program Files (x86)\sweetim"
Successfully deleted: [Folder] "C:\ProgramData\2aca5cc3-0f83-453d-a079-1076fe1a8b65"
Successfully deleted: [Folder] "C:\Windows\syswow64\arfc"
Failed to delete: [Folder] "C:\Windows\syswow64\jmdp"
~~~ FireFox
Successfully deleted: [File] C:\Users\user123\AppData\Roaming\mozilla\firefox\profiles\mrdsvp9r.default\user.js
Successfully deleted: [File] C:\Users\user123\AppData\Roaming\mozilla\firefox\profiles\mrdsvp9r.default\invalidprefs.js
Successfully deleted: [File] C:\Users\user123\AppData\Roaming\mozilla\firefox\profiles\mrdsvp9r.default\extensions\{eee6c361-6118-11dc-9c72-001320c79847}.xpi
Successfully deleted: [File] C:\Users\user123\AppData\Roaming\mozilla\firefox\profiles\mrdsvp9r.default\searchplugins\askcom.xml
Successfully deleted: [Folder] C:\Users\user123\AppData\Roaming\mozilla\firefox\profiles\mrdsvp9r.default\conduitcommon
Successfully deleted: [Folder] C:\Users\user123\AppData\Roaming\mozilla\firefox\profiles\mrdsvp9r.default\extensions\{8a9386b4-e958-4c4c-adf4-8f26db3e4829}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\clickpotatolite@clickpotatolite.com
Successfully deleted the following from C:\Users\user123\AppData\Roaming\mozilla\firefox\profiles\mrdsvp9r.default\prefs.js
user_pref("CommunityToolbar.EngineOwner", "");
user_pref("CommunityToolbar.EngineOwnerGuid", "{872b5b88-9db5-4310-bdd0-ac189557e5f5}");
user_pref("CommunityToolbar.EngineOwnerToolbarId", "dvdvideosofttb");
user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Wed Apr 27 2011 10:56:31 GMT+0200");
user_pref("CommunityToolbar.alert.alertEnabled", false);
user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Apr 27 2011 10:56:40 GMT+0200");
user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
user_pref("CommunityToolbar.alert.locale", "en");
user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue Aug 16 2011 10:55:23 GMT+0200");
user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
user_pref("CommunityToolbar.alert.showTrayIcon", false);
user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.alert.userId", "fa7035c0-7cd5-4076-8d5f-fb939decd579");
user_pref("browser.newtab.url", "hxxp://home.sweetim.com/?src=97&barid={65158C2A-340E-11E2-A06F-90FBA6AA58F1}");
user_pref("browser.search.defaultengine", "Ask.com");
user_pref("sweetim.toolbar.RevertDialog.enable", "false");
user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "1377765201789");
user_pref("sweetim.toolbar.Visibility.enable", "true");
user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");
user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");
user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");
user_pref("sweetim.toolbar.cda.returnValue", "hide");
user_pref("sweetim.toolbar.dialogs.0.enable", "true");
user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js");
user_pref("sweetim.toolbar.dialogs.0.height", "335");
user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?lang=$locale_id;&toolbar_version=$ITEM_VERSION;&crg=$cargo;");
user_pref("sweetim.toolbar.dialogs.0.width", "761");
user_pref("sweetim.toolbar.dialogs.1.enable", "true");
user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js");
user_pref("sweetim.toolbar.dialogs.1.height", "300");
user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html");
user_pref("sweetim.toolbar.dialogs.1.width", "500");
user_pref("sweetim.toolbar.dialogs.2.enable", "true");
user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handler.js");
user_pref("sweetim.toolbar.dialogs.2.height", "150");
user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
user_pref("sweetim.toolbar.dialogs.2.width", "530");
user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.google.com/.*|.*.google.co.in/.*|.*.google.com.br/.*|.*.google.es/.*|.*.youtube
user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
user_pref("sweetim.toolbar.mode.debug", "false");
user_pref("sweetim.toolbar.newtab.created", "true");
user_pref("sweetim.toolbar.newtab.enable", "true");
user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_VERSION;&crg=$cargo;");
user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
user_pref("sweetim.toolbar.scripts.0.enable", "false");
user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");
user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
user_pref("sweetim.toolbar.scripts.1.enable", "false");
user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");
user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
user_pref("sweetim.toolbar.scripts.2.callback", "");
user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*|.*ask.com.*|.*.sweetim.com.*");
user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
user_pref("sweetim.toolbar.scripts.2.enable", "false");
user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1");
user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://sear
user_pref("sweetim.toolbar.search.history.capacity", "10");
user_pref("sweetim.toolbar.searchguard.enable", "false");
user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
user_pref("sweetim.toolbar.simapp_id", "{65158C2A-340E-11E2-A06F-90FBA6AA58F1}");
user_pref("sweetim.toolbar.version", "1.9.0.0");
Emptied folder: C:\Users\user123\AppData\Roaming\mozilla\firefox\profiles\mrdsvp9r.default\minidumps [67 files]
~~~ Chrome
Failed to delete: [Folder] C:\Users\user123\appdata\local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Failed to delete: [Folder] C:\Users\user123\appdata\local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Failed to delete: [Folder] C:\Users\user123\appdata\local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.08.2013 at 16:57:01,53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Datenbank Version: v2013.08.28.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
user123 :: user123-PC [Administrator]
29.08.2013 17:03:34
mb-log.txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 216051
Laufzeit: 8 Minute(n), 46 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 6
C:\Windows\Temp\Optimizer_Pro.exe (PUP.Optional.OptimizerPro.A) -> Keine Aktion durchgeführt.
C:\Users\user123\Downloads\microsoft-powerpoint-viewer.exe (Adware.DomaIQ) -> Keine Aktion durchgeführt.
C:\Users\user123\Downloads\Player_Setup.exe (PUP.Adware.Domalq) -> Keine Aktion durchgeführt.
C:\Windows\Installer\1c70138.msi (PUP.Optional.SweetIM) -> Keine Aktion durchgeführt.
C:\Windows\Installer\1c70140.msi (PUP.Optional.SweetIM) -> Keine Aktion durchgeführt.
C:\ProgramData\2433f433 (Trojan.Agent.TPL) -> Keine Aktion durchgeführt.
(Ende) |