mimamale | 29.11.2013 22:18 | Code:
# AdwCleaner v3.013 - Bericht erstellt am 29/11/2013 um 21:50:49
# Updated 24/11/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Maxi Thron - MAXITHRON-PC
# Gestartet von : C:\Users\Maxi Thron\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16736
-\\ Mozilla Firefox v25.0.1 (de)
[ Datei : C:\Users\Maxi Thron\AppData\Roaming\Mozilla\Firefox\Profiles\xy9cza34.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [8749 octets] - [26/11/2013 20:34:11]
AdwCleaner[R1].txt - [1178 octets] - [29/11/2013 21:50:02]
AdwCleaner[S0].txt - [8330 octets] - [26/11/2013 20:35:48]
AdwCleaner[S1].txt - [1096 octets] - [29/11/2013 21:50:49]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1156 octets] ########## Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Maxi Thron on 29.11.2013 at 21:57:56,79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Maxi Thron\AppData\Roaming\mozilla\firefox\profiles\xy9cza34.default\minidumps [93 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.11.2013 at 22:04:52,24
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org
Datenbank Version: v2013.11.29.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
Maxi Thron :: MAXITHRON-PC [Administrator]
Schutz: Aktiviert
29.11.2013 22:09:55
mbam-log-2013-11-29 (22-09-55).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 212470
Laufzeit: 6 Minute(n), 43 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 2
C:\Windows\Temp\INJ002\ExtensionUpdate.exe (PUP.Optional.SouthStarCo.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Maxi Thron\Downloads\gimp.exe (Adware.DomaIQ) -> Erfolgreich gelöscht und in Quarantäne gestellt.
(Ende) Code:
Zoek.exe Version 4.0.0.5 Updated 24-November-2013
Tool run by Maxi Thron on 29.11.2013 at 22:26:49,61.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\MAXITH~1\AppData\Local\Temp\Rar$EX52.408\zoek.exe [Script inserted]
==== System Restore Info ======================
29.11.2013 22:29:35 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1402554825-2578141828-3777356403-1001\Software\Microsoft\Internet Explorer\SearchScopes\{8C973B72-E436-4018-BDE3-8E90096D0602} deleted successfully
HKEY_USERS\S-1-5-21-1402554825-2578141828-3777356403-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} deleted successfully
HKEY_USERS\S-1-5-21-1402554825-2578141828-3777356403-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} deleted successfully
HKEY_USERS\S-1-5-21-1402554825-2578141828-3777356403-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} deleted successfully
HKEY_USERS\S-1-5-21-1402554825-2578141828-3777356403-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9421DD08-935F-4701-A9CA-22DF90AC4EA6} deleted successfully
HKEY_USERS\S-1-5-21-1402554825-2578141828-3777356403-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9421DD08-935F-4701-A9CA-22DF90AC4EA6} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{9421DD08-935F-4701-A9CA-22DF90AC4EA6} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-1402554825-2578141828-3777356403-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully
HKEY_USERS\S-1-5-21-1402554825-2578141828-3777356403-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{77BEC163-D389-42c1-91A4-C758846296A5} deleted successfully
HKEY_USERS\S-1-5-21-1402554825-2578141828-3777356403-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} deleted successfully
HKEY_USERS\S-1-5-21-1402554825-2578141828-3777356403-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{6E3C6B04-08FE-43BC-8E50-F90285024DEA} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{9421DD08-935F-4701-A9CA-22DF90AC4EA6} deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\xz123@ya456.com deleted successfully
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\Maxi Thron\AppData\Roaming\Mozilla\Firefox\Profiles\xy9cza34.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.de/");
user_pref("keyword.URL", "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=");
Added to C:\Users\Maxi Thron\AppData\Roaming\Mozilla\Firefox\Profiles\xy9cza34.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
ProfilePath: C:\Users\Maxi Thron\AppData\Roaming\Mozilla\Firefox\Profiles\xy9cza34.default
user.js not found
---- Lines ask.com removed from prefs.js ----
user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WR
user_pref("extensions.wrc.SearchRules.ask.com.url", "^http(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
---- Lines mybrowserbar modified from prefs.js ----
user_pref("extensions.enabledItems", "{ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.4,{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26,{e4a8a97b-f2ed-450b-b
---- Lines {77BEC163-D389-42c1-91A4-C758846296A5} removed from prefs.js ----
user_pref("{77BEC163-D389-42c1-91A4-C758846296A5}.extensionFirstRun", false);
user_pref("{77BEC163-D389-42c1-91A4-C758846296A5}.lastExtensionVersion", "2.0.0.433");
user_pref("{77BEC163-D389-42c1-91A4-C758846296A5}.ScriptData_install_date", "1383993012679|||8641383993012679");
user_pref("{77BEC163-D389-42c1-91A4-C758846296A5}.ScriptData_installer_name", "update");
user_pref("{77BEC163-D389-42c1-91A4-C758846296A5}.ScriptData_product_name", "Video downloader");
user_pref("{77BEC163-D389-42c1-91A4-C758846296A5}.ScriptData_product_version", "2.0.0.433");
user_pref("{77BEC163-D389-42c1-91A4-C758846296A5}.ScriptData_pxl_VBATES_dailyPing", "dailyPing|||1385538865622");
user_pref("{77BEC163-D389-42c1-91A4-C758846296A5}.ScriptData_temp_installer_name", "");
user_pref("{77BEC163-D389-42c1-91A4-C758846296A5}.ScriptData_toolbarID", "74063331a70e463ea4e5d8fefdb608bb");
user_pref("{77BEC163-D389-42c1-91A4-C758846296A5}.ScriptData_VBATES_dailyPing", "true|||1385538865599");
user_pref("{77BEC163-D389-42c1-91A4-C758846296A5}.ScriptData_VBATES_ga_redirected", "not set");
user_pref("{77BEC163-D389-42c1-91A4-C758846296A5}.ScriptData_VBATES_Installed", "true|||8641372362708212");
user_pref("{77BEC163-D389-42c1-91A4-C758846296A5}.ScriptData_VBATES_lastUpdate", "1385452460158|||8641385452460160");
user_pref("{77BEC163-D389-42c1-91A4-C758846296A5}.ScriptData_VBATES_redirectURL", "hxxp://rd.market-beast.com/vbates/index.php?|||8641372928531792");
user_pref("{77BEC163-D389-42c1-91A4-C758846296A5}.ScriptData_VBATES_referer", "hxxp://shop.market-beast.com/?r=|||8641372928531792");
user_pref("{77BEC163-D389-42c1-91A4-C758846296A5}.ScriptData_VBATES_SEG", "0|||8641372362699223");
user_pref("{77BEC163-D389-42c1-91A4-C758846296A5}.ScriptData_VBATES_status", "active");
user_pref("{77BEC163-D389-42c1-91A4-C758846296A5}.ScriptData_VBATES_whiteList", "{\"www.otto.de\":\"043\"}|||8641372928531791");
user_pref("{77BEC163-D389-42c1-91A4-C758846296A5}.setdefaultsearch_2.0.0.432", false);
user_pref("{77BEC163-D389-42c1-91A4-C758846296A5}.setdefaultsearch_2.0.0.433", false);
user_pref("{77BEC163-D389-42c1-91A4-C758846296A5}.setdnscatch_2.0.0.413", false);
user_pref("{77BEC163-D389-42c1-91A4-C758846296A5}.setdnscatch_2.0.0.432", false);
user_pref("{77BEC163-D389-42c1-91A4-C758846296A5}.setdnscatch_2.0.0.433", false);
user_pref("{77BEC163-D389-42c1-91A4-C758846296A5}.sethomepage_2.0.0.432", false);
user_pref("{77BEC163-D389-42c1-91A4-C758846296A5}.sethomepage_2.0.0.433", false);
---- FireFox user.js and prefs.js backups ----
prefs__2238_.backup
==== Batch Command(s) Run By Tool======================
C:\Windows\system32\appdata deleted
==== Deleting Files \ Folders ======================
C:\Windows\syswow64\appdata deleted
C:\PROGRA~2\Better-Surf deleted
C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Hotspot Shield deleted
C:\ProgramData\z7_0ytr.pad deleted
C:\ProgramData\OberonGameConsole deleted
C:\Users\Maxi Thron\Downloads\FreeYouTubetoMP3Converter.exe deleted
C:\Users\Maxi Thron\Downloads\FreeYouTubeToMP3Converter34.exe deleted
C:\Users\Maxi Thron\Downloads\SoftonicDownloader_fuer_adobe-audition.exe deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Application Updater deleted
C:\Windows\wininit.ini deleted
C:\Users\Maxi Thron\AppData\Roaming\Mozilla\Firefox\Profiles\xy9cza34.default\{F0B1CEAC-7C0D-407c-B25E-623D7CBECCCB} deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"12x3q@3244516.com"="C:\Program Files (x86)\Better-Surf\ff" []
==== Firefox Extensions ======================
ProfilePath: C:\Users\Maxi Thron\AppData\Roaming\Mozilla\Firefox\Profiles\xy9cza34.default
- Undetermined - C:\Program Files (x86)\Better-Surf\ff
- Adblock Plus Pop-up Addon - %ProfilePath%\extensions\adblockpopups@jessehakanen.net.xpi
- Free Hide IP - %ProfilePath%\extensions\support@free-hideip.com.xpi
- DVDVideoSoft YouTube MP3 and Video Download - %ProfilePath%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- Greasemonkey - %ProfilePath%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Maxi Thron\AppData\Roaming\Mozilla\Firefox\Profiles\xy9cza34.default
4BF70B35B943BD73BD6E13EB7C1BA4B3 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll - Shockwave Flash
ADC539F67D3198679F480974EE203678 - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.210.11
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dedmngkbaffkenlfdcbganndoghblmap - C:\Program Files (x86)\BetterSurf\ch\Chrome.crx[]
poheodfamflhhhdcmjfeggbgigeefaco - C:\Program Files (x86)\Better-Surf\ch\Chrome.crx[]
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5741g&r=27360910n235l0454z1i5t46i2q56s"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://www.google.com"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{67A2568C-7A0A-4EED-AECC-B5405DE63B64}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
{67A2568C-7A0A-4EED-AECC-B5405DE63B64} Google Url="hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE399"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
Nothing found to reset
==== Deleting CLSID Registry Keys ======================
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-1402554825-2578141828-3777356403-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC} deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\12x3q@3244516.com deleted successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\dedmngkbaffkenlfdcbganndoghblmap deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\poheodfamflhhhdcmjfeggbgigeefaco deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Maxi Thron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\Maxi Thron\AppData\Local\Mozilla\Firefox\Profiles\xy9cza34.default\Cache emptied successfully
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\MAXITH~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 29.11.2013 at 22:46:41,26 ====================== |