Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
ungewollte Spigot Yahoo search Startseite

ungewollte Spigot Yahoo search Startseite


Plagegeister aller Art und deren Bekämpfung: ungewollte Spigot Yahoo search Startseite

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 05.12.2013, 11:20   #1
julekai
 
ungewollte Spigot Yahoo search Startseite - Standard

ungewollte Spigot Yahoo search Startseite


Ich habe vor etwa 1ner Woche den Youtube Downloader installiert und mit Ihnen weitere Programme, die ich sofort wieder gelöscht habe.
Bisher ist mir jedoch nicht gelungen die Startseite endgültig abzuändern. Habe bereits mehrere Programme danach drüber laufen lassen, aber da nichts geholfen hat, habe ich diese wieder mit dem CCleaner deinstalliert...

Hier die von euch erwünschten Logscans:

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:02 on 04/12/2013 (Jule)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-12-2013 01
Ran by Jule (administrator) on MASF on 04-12-2013 23:10:02
Running from C:\Users\Jule\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(IObit) C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(IObit) C:\Program Files\IObit Malware Fighter\IMFsrv.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(IObit) C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Flux Software LLC) C:\Users\Jule\AppData\Local\FluxSoftware\Flux\flux.exe
() C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\soffice.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4489216 2007-06-13] (Realtek Semiconductor)
HKLM\...\Run: [IObit Malware Fighter] - C:\Program Files\IObit Malware Fighter\IMF.exe [1574208 2013-11-13] (IObit)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKCU\...\Run: [f.lux] - C:\Users\Jule\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKCU\...\Run: [SODCPreLoad] - C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\preload.exe [40960 2010-11-16] ()
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2006-11-13] (TOSHIBA)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2006-11-13] (TOSHIBA)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.search.yahoo.com/?type=800236&fr=spigot-yhp-ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {5C811A52-FBAE-4D9C-8180-8EEF0AC1BF65} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=800236&p={searchTerms}
SearchScopes: HKCU - {5C811A52-FBAE-4D9C-8180-8EEF0AC1BF65} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=800236&p={searchTerms}
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll No File
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Jule\AppData\Roaming\Mozilla\Firefox\Profiles\qctezl56.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://de.search.yahoo.com/?type=800236&fr=spigot-yhp-ff
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=800236&p=
FF NetworkProxy: "autoconfig_url", "hxxp://204.93.211.220/"
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Jule\AppData\Roaming\Mozilla\Firefox\Profiles\qctezl56.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\Jule\AppData\Roaming\Mozilla\Firefox\Profiles\qctezl56.default\searchplugins\ecosia.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Jule\AppData\Roaming\Mozilla\Firefox\Profiles\qctezl56.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: WOT - C:\Users\Jule\AppData\Roaming\Mozilla\Firefox\Profiles\qctezl56.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: DVDVideoSoft Menu - C:\Users\Jule\AppData\Roaming\Mozilla\Firefox\Profiles\qctezl56.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: prefs - C:\Users\Jule\AppData\Roaming\Mozilla\Firefox\Profiles\qctezl56.default\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox

Chrome: 
=======
CHR HomePage: hxxp://de.search.yahoo.com/?type=800236&fr=spigot-yhp-ch
CHR RestoreOnStartup: "hxxp://de.search.yahoo.com/?type=800236&fr=spigot-yhp-ch"
CHR Extension: (Ads Removal) - C:\Users\Jule\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod\1.0.0_0
CHR Extension: (	"name":"Advanced SystemCare Surfing Protection",) - C:\Users\Jule\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0
CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\ErrorAssistant_1.2.crx

========================== Services (Whitelisted) =================

R2 AdvancedSystemCareService7; C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe [878368 2013-10-25] (IObit)
R2 IMFservice; C:\Program Files\IObit Malware Fighter\IMFsrv.exe [341824 2013-11-11] (IObit)
R2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-10-25] (IObit)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2006-12-28] (AVM Berlin)
R0 CplIR; C:\Windows\System32\DRIVERS\CplIR.SYS [14848 2007-03-06] (COMPAL ELECTRONIC INC.)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S4 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
S4 FileMonitor; C:\Program Files\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys [21480 2013-03-23] (IObit)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [265088 2006-12-28] (AVM GmbH)
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-07-28] (COMPAL ELECTRONIC INC.)
R3 RegFilter; C:\Program Files\IObit Malware Fighter\drivers\wlh_x86\regfilter.sys [31752 2013-03-26] (IObit.com)
S3 UrlFilter; C:\Program Files\IObit Malware Fighter\drivers\wlh_x86\UrlFilter.sys [20944 2013-03-26] (IObit.com)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 igfx; system32\DRIVERS\igdkmd32.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S1 MpKsl9cd296d3; No ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 Tosrfcom; No ImagePath
S3 TpChoice; system32\DRIVERS\TpChoice.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-04 23:12 - 2013-12-04 23:12 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled
2013-12-04 23:10 - 2013-12-04 23:10 - 00011686 _____ C:\Users\Jule\Desktop\FRST.txt
2013-12-04 23:08 - 2013-12-04 23:08 - 00000000 ____D C:\FRST
2013-12-04 23:07 - 2013-12-04 23:07 - 01092683 _____ (Farbar) C:\Users\Jule\Desktop\FRST.exe
2013-12-04 23:02 - 2013-12-04 23:04 - 00000470 _____ C:\Users\Jule\Desktop\defogger_disable.log
2013-12-04 23:02 - 2013-12-04 23:02 - 00000000 _____ C:\Users\Jule\defogger_reenable
2013-12-04 22:48 - 2013-12-04 22:48 - 00050477 _____ C:\Users\Jule\Desktop\Defogger.exe
2013-12-04 20:31 - 2013-12-04 20:31 - 00101983 _____ C:\ProgramData\1386185447.bdinstall.bin
2013-12-04 20:30 - 2013-12-04 20:30 - 00037408 _____ C:\ProgramData\1386185408.bdinstall.bin
2013-11-30 23:55 - 2013-12-01 00:23 - 00000000 ____D C:\AdwCleaner
2013-11-30 23:44 - 2013-11-30 23:44 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-11-30 16:37 - 2013-11-30 16:37 - 00454288 _____ (Realtek                                            ) C:\Windows\system32\Drivers\Rtlh86.sys
2013-11-30 16:37 - 2013-11-30 16:37 - 00100896 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst32.dll
2013-11-30 16:37 - 2013-11-30 16:37 - 00080488 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp32.dll
2013-11-30 14:02 - 2013-12-04 21:22 - 00000000 ____D C:\ProgramData\ProductData
2013-11-30 14:02 - 2013-11-30 14:02 - 00000000 ____D C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2013-11-30 13:35 - 2013-12-04 21:19 - 00263844 _____ C:\Windows\PFRO.log
2013-11-30 10:31 - 2013-11-30 10:31 - 00001952 _____ C:\Windows\wininit.ini
2013-11-30 00:43 - 2013-11-30 00:43 - 00000000 ____D C:\Users\Jule\AppData\Local\Slick Savings
2013-11-29 16:15 - 2013-11-29 16:15 - 00260906 _____ C:\ProgramData\1385736874.bdinstall.bin
2013-11-29 16:08 - 2009-07-14 23:27 - 01461992 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2013-11-29 15:54 - 2013-11-29 15:54 - 00000000 ____D C:\Users\Jule\AppData\Roaming\QuickScan
2013-11-29 15:25 - 2013-11-29 15:25 - 00000000 ____D C:\Quarantine
2013-11-29 15:21 - 2013-11-29 18:46 - 00000000 ____D C:\Program Files\stinger
2013-11-29 11:14 - 2013-11-29 11:23 - 00000000 ____D C:\Program Files\Re-markit
2013-11-25 18:56 - 2013-11-25 23:26 - 00000000 ____D C:\Users\Jule\Desktop\TEX
2013-11-23 17:53 - 2013-11-23 17:53 - 00000000 _____ C:\Windows\setuperr.log
2013-11-22 19:48 - 2013-11-22 19:48 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MiKTeX 2.9
2013-11-22 18:12 - 2013-11-23 00:06 - 00000000 ____D C:\MikTex
2013-11-22 17:27 - 2013-11-22 17:27 - 00000000 ____D C:\Users\Jule\Archiv\Documents\Neuer Ordner
2013-11-22 15:40 - 2013-11-22 15:50 - 00000000 ____D C:\Users\Jule\Archiv\Documents\MiKTex1
2013-11-22 13:43 - 2013-11-22 15:14 - 00000000 ____D C:\Users\Jule\Archiv\Documents\miktex
2013-11-22 01:00 - 2013-11-22 00:27 - 07360000 _____ (MiKTeX.org) C:\setup-2.9.4503.exe
2013-11-22 00:49 - 2013-11-22 00:50 - 00067784 _____ C:\Users\Jule\Archiv\Documents\cc_20131122_004939.reg
2013-11-22 00:41 - 2013-06-09 21:59 - 00216064 _____ C:\Windows\system32\gcapi_dll.dll
2013-11-22 00:40 - 2013-11-22 00:42 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Foxit Software
2013-11-22 00:40 - 2013-11-22 00:41 - 00000000 ____D C:\Program Files\Foxit Reader
2013-11-21 23:00 - 2013-11-27 16:28 - 00000000 ____D C:\Users\Jule\Desktop\BA
2013-11-21 22:10 - 2013-11-21 22:10 - 00033235 _____ C:\Users\Jule\Desktop\ADHS eine kritische Bestandsaufnahme Christina Happ.odt
2013-11-20 23:58 - 2013-11-20 23:59 - 00000000 ____D C:\Users\Jule\AppData\Roaming\SumatraPDF
2013-11-20 23:58 - 2013-11-20 23:58 - 00000000 ____D C:\Program Files\SumatraPDF
2013-11-20 23:17 - 2013-11-20 23:17 - 00000000 ____D C:\Program Files\gs9.10
2013-11-20 22:53 - 2013-11-22 21:55 - 00000000 ____D C:\Program Files\TeXnicCenter
2013-11-20 22:17 - 2013-11-20 22:17 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Texmaker
2013-11-20 22:17 - 2013-11-20 22:17 - 00000000 ____D C:\Program Files\Texmaker
2013-11-20 16:09 - 2013-11-20 17:09 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Notepad++
2013-11-20 16:09 - 2013-11-20 16:10 - 00000000 ____D C:\Program Files\Notepad++
2013-11-17 16:44 - 2013-10-13 11:42 - 12344832 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-17 16:44 - 2013-10-13 11:08 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-17 16:44 - 2013-10-13 10:48 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-17 16:44 - 2013-10-13 10:37 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-17 16:44 - 2013-10-13 10:35 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-17 16:44 - 2013-10-13 10:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-17 16:44 - 2013-10-13 10:33 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-17 16:44 - 2013-10-13 10:32 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-17 16:44 - 2013-10-13 10:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-17 16:44 - 2013-10-13 10:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-17 16:44 - 2013-10-13 10:29 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-17 16:44 - 2013-10-13 10:27 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-17 16:44 - 2013-10-13 10:27 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-17 16:44 - 2013-10-13 10:26 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-17 16:44 - 2013-10-13 10:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-17 16:44 - 2013-10-13 10:20 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-17 15:12 - 2013-11-17 15:28 - 00001594 _____ C:\Windows\VPNUnInstall.MIF
2013-11-17 15:12 - 2013-11-17 15:12 - 00000000 ____D C:\Users\Jule\Archiv\Documents\capella
2013-11-17 15:12 - 2013-11-17 15:12 - 00000000 ____D C:\Users\Jule\AppData\Roaming\capella-software
2013-11-14 21:42 - 2013-11-20 15:14 - 00000000 ____D C:\Users\Jule\AppData\Roaming\xm1
2013-11-14 10:35 - 2013-10-03 13:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-14 10:35 - 2013-10-03 13:45 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 10:34 - 2013-10-11 03:08 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 10:34 - 2013-10-11 03:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 10:34 - 2013-10-11 01:39 - 00218228 _____ C:\Windows\system32\WFP.TMF
2013-11-14 00:10 - 2013-11-14 00:10 - 00000000 ____D C:\ProgramData\Gibraltar
2013-11-13 20:57 - 2013-11-13 20:57 - 00000000 ____D C:\Users\Jule\AppData\Local\Swiss Academic Software
2013-11-13 20:55 - 2013-11-23 10:37 - 00000000 ____D C:\Users\Jule\Archiv\Documents\Citavi 4
2013-11-13 20:55 - 2013-11-14 00:10 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Swiss Academic Software
2013-11-13 18:25 - 2013-11-13 18:25 - 00000000 ____D C:\ProgramData\Swiss Academic Software
2013-11-13 18:18 - 2013-11-13 18:24 - 00000000 ____D C:\Program Files\Citavi 4
2013-11-12 14:24 - 2011-05-04 14:36 - 00007657 _____ C:\Windows\_DETMP.1
2013-11-12 14:24 - 1996-05-10 10:41 - 00009296 _____ (Stirling Technologies Inc.) C:\Windows\_DETMP.2
2013-11-07 17:55 - 2013-11-07 17:55 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2013-11-07 17:55 - 2013-11-07 17:55 - 00000000 ____D C:\Users\Jule\AppData\Local\FluxSoftware
Code:
ATTFilter
==================== One Month Modified Files and Folders =======

2013-12-04 23:12 - 2013-12-04 23:12 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled
2013-12-04 23:10 - 2013-12-04 23:10 - 00011686 _____ C:\Users\Jule\Desktop\FRST.txt
2013-12-04 23:08 - 2013-12-04 23:08 - 00000000 ____D C:\FRST
2013-12-04 23:07 - 2013-12-04 23:07 - 01092683 _____ (Farbar) C:\Users\Jule\Desktop\FRST.exe
2013-12-04 23:04 - 2013-12-04 23:02 - 00000470 _____ C:\Users\Jule\Desktop\defogger_disable.log
2013-12-04 23:02 - 2013-12-04 23:02 - 00000000 _____ C:\Users\Jule\defogger_reenable
2013-12-04 23:02 - 2009-07-27 14:08 - 00000000 ____D C:\Users\Jule
2013-12-04 22:56 - 2013-03-29 20:14 - 00000342 _____ C:\Windows\Tasks\WpsUpdateTask_Jule.job
2013-12-04 22:48 - 2013-12-04 22:48 - 00050477 _____ C:\Users\Jule\Desktop\Defogger.exe
2013-12-04 22:45 - 2009-09-21 14:06 - 01796749 _____ C:\Windows\WindowsUpdate.log
2013-12-04 22:24 - 2009-08-27 20:18 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Skype
2013-12-04 22:14 - 2012-04-09 17:17 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-04 21:22 - 2013-11-30 14:02 - 00000000 ____D C:\ProgramData\ProductData
2013-12-04 21:22 - 2006-11-02 13:47 - 00003696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-04 21:22 - 2006-11-02 13:47 - 00003696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-04 21:20 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-04 21:19 - 2013-11-30 13:35 - 00263844 _____ C:\Windows\PFRO.log
2013-12-04 20:31 - 2013-12-04 20:31 - 00101983 _____ C:\ProgramData\1386185447.bdinstall.bin
2013-12-04 20:30 - 2013-12-04 20:30 - 00037408 _____ C:\ProgramData\1386185408.bdinstall.bin
2013-12-04 20:26 - 2011-12-29 13:54 - 00000000 ____D C:\Users\Jule\AppData\Roaming\DVDVideoSoft
2013-12-04 20:26 - 2011-12-29 13:36 - 00000000 ____D C:\Program Files\DVDVideoSoft
2013-12-04 20:26 - 2009-10-04 09:21 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-12-02 15:24 - 2006-11-02 14:01 - 00032630 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-01 00:31 - 2013-01-15 13:13 - 00000446 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2013-12-01 00:23 - 2013-11-30 23:55 - 00000000 ____D C:\AdwCleaner
2013-11-30 23:53 - 2009-07-27 14:35 - 00000000 ____D C:\Users\Jule\AppData\Local\Adobe
2013-11-30 23:44 - 2013-11-30 23:44 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-11-30 23:44 - 2009-08-18 20:56 - 00000000 ____D C:\ProgramData\Adobe
2013-11-30 23:44 - 2007-04-16 07:30 - 00000000 ____D C:\Program Files\Adobe
2013-11-30 23:43 - 2009-11-11 20:16 - 00000000 ____D C:\Program Files\AdobeReader 9.0
2013-11-30 16:37 - 2013-11-30 16:37 - 00454288 _____ (Realtek                                            ) C:\Windows\system32\Drivers\Rtlh86.sys
2013-11-30 16:37 - 2013-11-30 16:37 - 00100896 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst32.dll
2013-11-30 16:37 - 2013-11-30 16:37 - 00080488 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp32.dll
2013-11-30 14:06 - 2013-01-14 19:39 - 00000000 ____D C:\Users\Jule\AppData\Roaming\IObit
2013-11-30 14:02 - 2013-11-30 14:02 - 00000000 ____D C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2013-11-30 14:02 - 2013-01-14 19:57 - 00000000 ____D C:\Program Files\IObit
2013-11-30 14:01 - 2013-01-14 19:39 - 00000000 ____D C:\ProgramData\IObit
2013-11-30 10:31 - 2013-11-30 10:31 - 00001952 _____ C:\Windows\wininit.ini
2013-11-30 00:45 - 2013-01-14 19:39 - 00000000 ____D C:\Program Files\IObit Malware Fighter
2013-11-30 00:43 - 2013-11-30 00:43 - 00000000 ____D C:\Users\Jule\AppData\Local\Slick Savings
2013-11-29 18:46 - 2013-11-29 15:21 - 00000000 ____D C:\Program Files\stinger
2013-11-29 18:45 - 2009-09-21 10:04 - 00000000 ____D C:\Users\Jule\AppData\Roaming\vlc
2013-11-29 17:45 - 2013-01-22 17:08 - 00002912 _____ C:\Users\Jule\AppData\Roaming\Safer-Networking.log
2013-11-29 16:15 - 2013-11-29 16:15 - 00260906 _____ C:\ProgramData\1385736874.bdinstall.bin
2013-11-29 15:54 - 2013-11-29 15:54 - 00000000 ____D C:\Users\Jule\AppData\Roaming\QuickScan
2013-11-29 15:25 - 2013-11-29 15:25 - 00000000 ____D C:\Quarantine
2013-11-29 12:54 - 2012-11-12 00:38 - 00000000 ____D C:\Windows\system32\QuickTime
2013-11-29 11:23 - 2013-11-29 11:14 - 00000000 ____D C:\Program Files\Re-markit
2013-11-29 10:22 - 2009-10-19 18:11 - 00000000 ____D C:\Users\Jule\AppData\Roaming\dvdcss
2013-11-27 16:28 - 2013-11-21 23:00 - 00000000 ____D C:\Users\Jule\Desktop\BA
2013-11-25 23:26 - 2013-11-25 18:56 - 00000000 ____D C:\Users\Jule\Desktop\TEX
2013-11-23 17:53 - 2013-11-23 17:53 - 00000000 _____ C:\Windows\setuperr.log
2013-11-23 10:37 - 2013-11-13 20:55 - 00000000 ____D C:\Users\Jule\Archiv\Documents\Citavi 4
2013-11-23 10:05 - 2013-03-09 17:35 - 00000000 ____D C:\Users\Jule\Desktop\Themenpläne
2013-11-23 00:06 - 2013-11-22 18:12 - 00000000 ____D C:\MikTex
2013-11-22 21:55 - 2013-11-20 22:53 - 00000000 ____D C:\Program Files\TeXnicCenter
2013-11-22 19:48 - 2013-11-22 19:48 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MiKTeX 2.9
2013-11-22 17:27 - 2013-11-22 17:27 - 00000000 ____D C:\Users\Jule\Archiv\Documents\Neuer Ordner
2013-11-22 15:50 - 2013-11-22 15:40 - 00000000 ____D C:\Users\Jule\Archiv\Documents\MiKTex1
2013-11-22 15:24 - 2012-04-09 17:17 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-11-22 15:24 - 2011-09-26 10:56 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-11-22 15:14 - 2013-11-22 13:43 - 00000000 ____D C:\Users\Jule\Archiv\Documents\miktex
2013-11-22 14:37 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-11-22 13:47 - 2006-11-02 11:33 - 01593056 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-22 00:50 - 2013-11-22 00:49 - 00067784 _____ C:\Users\Jule\Archiv\Documents\cc_20131122_004939.reg
2013-11-22 00:42 - 2013-11-22 00:40 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Foxit Software
2013-11-22 00:41 - 2013-11-22 00:40 - 00000000 ____D C:\Program Files\Foxit Reader
2013-11-22 00:27 - 2013-11-22 01:00 - 07360000 _____ (MiKTeX.org) C:\setup-2.9.4503.exe
2013-11-22 00:20 - 2011-05-04 14:36 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SÜDWEST
2013-11-21 22:10 - 2013-11-21 22:10 - 00033235 _____ C:\Users\Jule\Desktop\ADHS eine kritische Bestandsaufnahme Christina Happ.odt
2013-11-21 16:52 - 2009-07-27 16:41 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-21 16:49 - 2009-08-02 14:50 - 00000061 _____ C:\Windows\vbaddin.ini
2013-11-20 23:59 - 2013-11-20 23:58 - 00000000 ____D C:\Users\Jule\AppData\Roaming\SumatraPDF
2013-11-20 23:58 - 2013-11-20 23:58 - 00000000 ____D C:\Program Files\SumatraPDF
2013-11-20 23:17 - 2013-11-20 23:17 - 00000000 ____D C:\Program Files\gs9.10
2013-11-20 22:17 - 2013-11-20 22:17 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Texmaker
2013-11-20 22:17 - 2013-11-20 22:17 - 00000000 ____D C:\Program Files\Texmaker
2013-11-20 17:09 - 2013-11-20 16:09 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Notepad++
2013-11-20 16:10 - 2013-11-20 16:09 - 00000000 ____D C:\Program Files\Notepad++
2013-11-20 15:51 - 2011-08-29 23:01 - 00188776 _____ C:\Users\Jule\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-20 15:14 - 2013-11-14 21:42 - 00000000 ____D C:\Users\Jule\AppData\Roaming\xm1
2013-11-20 12:29 - 2013-01-14 19:10 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-18 19:39 - 2009-08-05 19:25 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-17 21:42 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache
2013-11-17 21:20 - 2011-08-30 10:21 - 00649864 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-17 21:16 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\de-DE
2013-11-17 15:29 - 2010-07-01 14:24 - 00008522 _____ C:\Windows\system32\QuickTime.qtp
2013-11-17 15:28 - 2013-11-17 15:12 - 00001594 _____ C:\Windows\VPNUnInstall.MIF
2013-11-17 15:17 - 2013-10-01 12:41 - 00000000 ____D C:\Windows\system32\MRT
2013-11-17 15:12 - 2013-11-17 15:12 - 00000000 ____D C:\Users\Jule\Archiv\Documents\capella
2013-11-17 15:12 - 2013-11-17 15:12 - 00000000 ____D C:\Users\Jule\AppData\Roaming\capella-software
2013-11-17 14:50 - 2006-11-02 11:24 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-11-14 22:10 - 2011-08-30 20:15 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-11-14 21:53 - 2007-04-16 06:18 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-11-14 00:10 - 2013-11-14 00:10 - 00000000 ____D C:\ProgramData\Gibraltar
2013-11-14 00:10 - 2013-11-13 20:55 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Swiss Academic Software
2013-11-13 22:25 - 2013-10-31 23:49 - 00136653 _____ C:\Users\Jule\Desktop\ADHD__Ba ADHS da Between_biomedical_trends_and_social_norms.txt
2013-11-13 20:57 - 2013-11-13 20:57 - 00000000 ____D C:\Users\Jule\AppData\Local\Swiss Academic Software
2013-11-13 18:25 - 2013-11-13 18:25 - 00000000 ____D C:\ProgramData\Swiss Academic Software
2013-11-13 18:24 - 2013-11-13 18:18 - 00000000 ____D C:\Program Files\Citavi 4
2013-11-13 18:16 - 2011-10-04 22:59 - 00000000 ____D C:\Users\Jule\AppData\Local\Downloaded Installations
2013-11-13 18:12 - 2010-04-24 20:54 - 00000000 ____D C:\Program Files\Citavi
2013-11-13 18:10 - 2010-10-14 12:32 - 00000000 ____D C:\Users\Jule\Archiv\Documents\Citavi
2013-11-12 14:24 - 2011-05-04 14:35 - 00000000 ____D C:\Program Files\BGB
2013-11-11 05:50 - 2009-10-02 20:58 - 00230048 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-07 17:55 - 2013-11-07 17:55 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2013-11-07 17:55 - 2013-11-07 17:55 - 00000000 ____D C:\Users\Jule\AppData\Local\FluxSoftware

Some content of TEMP:
====================
C:\Users\Jule\AppData\Local\Temp\adwcleaner313.exe
C:\Users\Jule\AppData\Local\Temp\pricepeep_1.exe
C:\Users\Jule\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Jule\AppData\Local\Temp\sdapskill.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-04 21:34

==================== End Of Log ============================
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-12-2013 01
Ran by Jule (administrator) on MASF on 04-12-2013 23:10:02
Running from C:\Users\Jule\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(IObit) C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(IObit) C:\Program Files\IObit Malware Fighter\IMFsrv.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(IObit) C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Flux Software LLC) C:\Users\Jule\AppData\Local\FluxSoftware\Flux\flux.exe
() C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\soffice.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4489216 2007-06-13] (Realtek Semiconductor)
HKLM\...\Run: [IObit Malware Fighter] - C:\Program Files\IObit Malware Fighter\IMF.exe [1574208 2013-11-13] (IObit)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKCU\...\Run: [f.lux] - C:\Users\Jule\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKCU\...\Run: [SODCPreLoad] - C:\Program Files\IBM Lotus Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\preload.exe [40960 2010-11-16] ()
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2006-11-13] (TOSHIBA)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2006-11-13] (TOSHIBA)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.search.yahoo.com/?type=800236&fr=spigot-yhp-ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {5C811A52-FBAE-4D9C-8180-8EEF0AC1BF65} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=800236&p={searchTerms}
SearchScopes: HKCU - {5C811A52-FBAE-4D9C-8180-8EEF0AC1BF65} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=800236&p={searchTerms}
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll No File
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Jule\AppData\Roaming\Mozilla\Firefox\Profiles\qctezl56.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://de.search.yahoo.com/?type=800236&fr=spigot-yhp-ff
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=800236&p=
FF NetworkProxy: "autoconfig_url", "hxxp://204.93.211.220/"
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Jule\AppData\Roaming\Mozilla\Firefox\Profiles\qctezl56.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\Jule\AppData\Roaming\Mozilla\Firefox\Profiles\qctezl56.default\searchplugins\ecosia.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Jule\AppData\Roaming\Mozilla\Firefox\Profiles\qctezl56.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: WOT - C:\Users\Jule\AppData\Roaming\Mozilla\Firefox\Profiles\qctezl56.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: DVDVideoSoft Menu - C:\Users\Jule\AppData\Roaming\Mozilla\Firefox\Profiles\qctezl56.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: prefs - C:\Users\Jule\AppData\Roaming\Mozilla\Firefox\Profiles\qctezl56.default\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox

Chrome: 
=======
CHR HomePage: hxxp://de.search.yahoo.com/?type=800236&fr=spigot-yhp-ch
CHR RestoreOnStartup: "hxxp://de.search.yahoo.com/?type=800236&fr=spigot-yhp-ch"
CHR Extension: (Ads Removal) - C:\Users\Jule\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod\1.0.0_0
CHR Extension: (	"name":"Advanced SystemCare Surfing Protection",) - C:\Users\Jule\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0
CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\ErrorAssistant_1.2.crx

========================== Services (Whitelisted) =================

R2 AdvancedSystemCareService7; C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe [878368 2013-10-25] (IObit)
R2 IMFservice; C:\Program Files\IObit Malware Fighter\IMFsrv.exe [341824 2013-11-11] (IObit)
R2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-10-25] (IObit)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2006-12-28] (AVM Berlin)
R0 CplIR; C:\Windows\System32\DRIVERS\CplIR.SYS [14848 2007-03-06] (COMPAL ELECTRONIC INC.)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S4 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
S4 FileMonitor; C:\Program Files\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys [21480 2013-03-23] (IObit)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [265088 2006-12-28] (AVM GmbH)
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-07-28] (COMPAL ELECTRONIC INC.)
R3 RegFilter; C:\Program Files\IObit Malware Fighter\drivers\wlh_x86\regfilter.sys [31752 2013-03-26] (IObit.com)
S3 UrlFilter; C:\Program Files\IObit Malware Fighter\drivers\wlh_x86\UrlFilter.sys [20944 2013-03-26] (IObit.com)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 igfx; system32\DRIVERS\igdkmd32.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S1 MpKsl9cd296d3; No ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 Tosrfcom; No ImagePath
S3 TpChoice; system32\DRIVERS\TpChoice.sys [x]

==================== NetSvcs (Whitelisted) ===================
Code:
ATTFilter
==================== One Month Created Files and Folders ========

2013-12-04 23:12 - 2013-12-04 23:12 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled
2013-12-04 23:10 - 2013-12-04 23:10 - 00011686 _____ C:\Users\Jule\Desktop\FRST.txt
2013-12-04 23:08 - 2013-12-04 23:08 - 00000000 ____D C:\FRST
2013-12-04 23:07 - 2013-12-04 23:07 - 01092683 _____ (Farbar) C:\Users\Jule\Desktop\FRST.exe
2013-12-04 23:02 - 2013-12-04 23:04 - 00000470 _____ C:\Users\Jule\Desktop\defogger_disable.log
2013-12-04 23:02 - 2013-12-04 23:02 - 00000000 _____ C:\Users\Jule\defogger_reenable
2013-12-04 22:48 - 2013-12-04 22:48 - 00050477 _____ C:\Users\Jule\Desktop\Defogger.exe
2013-12-04 20:31 - 2013-12-04 20:31 - 00101983 _____ C:\ProgramData\1386185447.bdinstall.bin
2013-12-04 20:30 - 2013-12-04 20:30 - 00037408 _____ C:\ProgramData\1386185408.bdinstall.bin
2013-11-30 23:55 - 2013-12-01 00:23 - 00000000 ____D C:\AdwCleaner
2013-11-30 23:44 - 2013-11-30 23:44 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-11-30 16:37 - 2013-11-30 16:37 - 00454288 _____ (Realtek                                            ) C:\Windows\system32\Drivers\Rtlh86.sys
2013-11-30 16:37 - 2013-11-30 16:37 - 00100896 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst32.dll
2013-11-30 16:37 - 2013-11-30 16:37 - 00080488 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp32.dll
2013-11-30 14:02 - 2013-12-04 21:22 - 00000000 ____D C:\ProgramData\ProductData
2013-11-30 14:02 - 2013-11-30 14:02 - 00000000 ____D C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2013-11-30 13:35 - 2013-12-04 21:19 - 00263844 _____ C:\Windows\PFRO.log
2013-11-30 10:31 - 2013-11-30 10:31 - 00001952 _____ C:\Windows\wininit.ini
2013-11-30 00:43 - 2013-11-30 00:43 - 00000000 ____D C:\Users\Jule\AppData\Local\Slick Savings
2013-11-29 16:15 - 2013-11-29 16:15 - 00260906 _____ C:\ProgramData\1385736874.bdinstall.bin
2013-11-29 16:08 - 2009-07-14 23:27 - 01461992 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2013-11-29 15:54 - 2013-11-29 15:54 - 00000000 ____D C:\Users\Jule\AppData\Roaming\QuickScan
2013-11-29 15:25 - 2013-11-29 15:25 - 00000000 ____D C:\Quarantine
2013-11-29 15:21 - 2013-11-29 18:46 - 00000000 ____D C:\Program Files\stinger
2013-11-29 11:14 - 2013-11-29 11:23 - 00000000 ____D C:\Program Files\Re-markit
2013-11-25 18:56 - 2013-11-25 23:26 - 00000000 ____D C:\Users\Jule\Desktop\TEX
2013-11-23 17:53 - 2013-11-23 17:53 - 00000000 _____ C:\Windows\setuperr.log
2013-11-22 19:48 - 2013-11-22 19:48 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MiKTeX 2.9
2013-11-22 18:12 - 2013-11-23 00:06 - 00000000 ____D C:\MikTex
2013-11-22 17:27 - 2013-11-22 17:27 - 00000000 ____D C:\Users\Jule\Archiv\Documents\Neuer Ordner
2013-11-22 15:40 - 2013-11-22 15:50 - 00000000 ____D C:\Users\Jule\Archiv\Documents\MiKTex1
2013-11-22 13:43 - 2013-11-22 15:14 - 00000000 ____D C:\Users\Jule\Archiv\Documents\miktex
2013-11-22 01:00 - 2013-11-22 00:27 - 07360000 _____ (MiKTeX.org) C:\setup-2.9.4503.exe
2013-11-22 00:49 - 2013-11-22 00:50 - 00067784 _____ C:\Users\Jule\Archiv\Documents\cc_20131122_004939.reg
2013-11-22 00:41 - 2013-06-09 21:59 - 00216064 _____ C:\Windows\system32\gcapi_dll.dll
2013-11-22 00:40 - 2013-11-22 00:42 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Foxit Software
2013-11-22 00:40 - 2013-11-22 00:41 - 00000000 ____D C:\Program Files\Foxit Reader
2013-11-21 23:00 - 2013-11-27 16:28 - 00000000 ____D C:\Users\Jule\Desktop\BA
2013-11-21 22:10 - 2013-11-21 22:10 - 00033235 _____ C:\Users\Jule\Desktop\ADHS eine kritische Bestandsaufnahme Christina Happ.odt
2013-11-20 23:58 - 2013-11-20 23:59 - 00000000 ____D C:\Users\Jule\AppData\Roaming\SumatraPDF
2013-11-20 23:58 - 2013-11-20 23:58 - 00000000 ____D C:\Program Files\SumatraPDF
2013-11-20 23:17 - 2013-11-20 23:17 - 00000000 ____D C:\Program Files\gs9.10
2013-11-20 22:53 - 2013-11-22 21:55 - 00000000 ____D C:\Program Files\TeXnicCenter
2013-11-20 22:17 - 2013-11-20 22:17 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Texmaker
2013-11-20 22:17 - 2013-11-20 22:17 - 00000000 ____D C:\Program Files\Texmaker
2013-11-20 16:09 - 2013-11-20 17:09 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Notepad++
2013-11-20 16:09 - 2013-11-20 16:10 - 00000000 ____D C:\Program Files\Notepad++
2013-11-17 16:44 - 2013-10-13 11:42 - 12344832 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-17 16:44 - 2013-10-13 11:08 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-17 16:44 - 2013-10-13 10:48 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-17 16:44 - 2013-10-13 10:37 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-17 16:44 - 2013-10-13 10:35 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-17 16:44 - 2013-10-13 10:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-17 16:44 - 2013-10-13 10:33 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-17 16:44 - 2013-10-13 10:32 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-17 16:44 - 2013-10-13 10:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-17 16:44 - 2013-10-13 10:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-17 16:44 - 2013-10-13 10:29 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-17 16:44 - 2013-10-13 10:27 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-17 16:44 - 2013-10-13 10:27 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-17 16:44 - 2013-10-13 10:26 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-17 16:44 - 2013-10-13 10:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-17 16:44 - 2013-10-13 10:20 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-17 15:12 - 2013-11-17 15:28 - 00001594 _____ C:\Windows\VPNUnInstall.MIF
2013-11-17 15:12 - 2013-11-17 15:12 - 00000000 ____D C:\Users\Jule\Archiv\Documents\capella
2013-11-17 15:12 - 2013-11-17 15:12 - 00000000 ____D C:\Users\Jule\AppData\Roaming\capella-software
2013-11-14 21:42 - 2013-11-20 15:14 - 00000000 ____D C:\Users\Jule\AppData\Roaming\xm1
2013-11-14 10:35 - 2013-10-03 13:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-14 10:35 - 2013-10-03 13:45 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 10:34 - 2013-10-11 03:08 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 10:34 - 2013-10-11 03:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 10:34 - 2013-10-11 01:39 - 00218228 _____ C:\Windows\system32\WFP.TMF
2013-11-14 00:10 - 2013-11-14 00:10 - 00000000 ____D C:\ProgramData\Gibraltar
2013-11-13 20:57 - 2013-11-13 20:57 - 00000000 ____D C:\Users\Jule\AppData\Local\Swiss Academic Software
2013-11-13 20:55 - 2013-11-23 10:37 - 00000000 ____D C:\Users\Jule\Archiv\Documents\Citavi 4
2013-11-13 20:55 - 2013-11-14 00:10 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Swiss Academic Software
2013-11-13 18:25 - 2013-11-13 18:25 - 00000000 ____D C:\ProgramData\Swiss Academic Software
2013-11-13 18:18 - 2013-11-13 18:24 - 00000000 ____D C:\Program Files\Citavi 4
2013-11-12 14:24 - 2011-05-04 14:36 - 00007657 _____ C:\Windows\_DETMP.1
2013-11-12 14:24 - 1996-05-10 10:41 - 00009296 _____ (Stirling Technologies Inc.) C:\Windows\_DETMP.2
2013-11-07 17:55 - 2013-11-07 17:55 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2013-11-07 17:55 - 2013-11-07 17:55 - 00000000 ____D C:\Users\Jule\AppData\Local\FluxSoftware

==================== One Month Modified Files and Folders =======

2013-12-04 23:12 - 2013-12-04 23:12 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled
2013-12-04 23:10 - 2013-12-04 23:10 - 00011686 _____ C:\Users\Jule\Desktop\FRST.txt
2013-12-04 23:08 - 2013-12-04 23:08 - 00000000 ____D C:\FRST
2013-12-04 23:07 - 2013-12-04 23:07 - 01092683 _____ (Farbar) C:\Users\Jule\Desktop\FRST.exe
2013-12-04 23:04 - 2013-12-04 23:02 - 00000470 _____ C:\Users\Jule\Desktop\defogger_disable.log
2013-12-04 23:02 - 2013-12-04 23:02 - 00000000 _____ C:\Users\Jule\defogger_reenable
2013-12-04 23:02 - 2009-07-27 14:08 - 00000000 ____D C:\Users\Jule
2013-12-04 22:56 - 2013-03-29 20:14 - 00000342 _____ C:\Windows\Tasks\WpsUpdateTask_Jule.job
2013-12-04 22:48 - 2013-12-04 22:48 - 00050477 _____ C:\Users\Jule\Desktop\Defogger.exe
2013-12-04 22:45 - 2009-09-21 14:06 - 01796749 _____ C:\Windows\WindowsUpdate.log
2013-12-04 22:24 - 2009-08-27 20:18 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Skype
2013-12-04 22:14 - 2012-04-09 17:17 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-04 21:22 - 2013-11-30 14:02 - 00000000 ____D C:\ProgramData\ProductData
2013-12-04 21:22 - 2006-11-02 13:47 - 00003696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-04 21:22 - 2006-11-02 13:47 - 00003696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-04 21:20 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-04 21:19 - 2013-11-30 13:35 - 00263844 _____ C:\Windows\PFRO.log
2013-12-04 20:31 - 2013-12-04 20:31 - 00101983 _____ C:\ProgramData\1386185447.bdinstall.bin
2013-12-04 20:30 - 2013-12-04 20:30 - 00037408 _____ C:\ProgramData\1386185408.bdinstall.bin
2013-12-04 20:26 - 2011-12-29 13:54 - 00000000 ____D C:\Users\Jule\AppData\Roaming\DVDVideoSoft
2013-12-04 20:26 - 2011-12-29 13:36 - 00000000 ____D C:\Program Files\DVDVideoSoft
2013-12-04 20:26 - 2009-10-04 09:21 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-12-02 15:24 - 2006-11-02 14:01 - 00032630 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-01 00:31 - 2013-01-15 13:13 - 00000446 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2013-12-01 00:23 - 2013-11-30 23:55 - 00000000 ____D C:\AdwCleaner
2013-11-30 23:53 - 2009-07-27 14:35 - 00000000 ____D C:\Users\Jule\AppData\Local\Adobe
2013-11-30 23:44 - 2013-11-30 23:44 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-11-30 23:44 - 2009-08-18 20:56 - 00000000 ____D C:\ProgramData\Adobe
2013-11-30 23:44 - 2007-04-16 07:30 - 00000000 ____D C:\Program Files\Adobe
2013-11-30 23:43 - 2009-11-11 20:16 - 00000000 ____D C:\Program Files\AdobeReader 9.0
2013-11-30 16:37 - 2013-11-30 16:37 - 00454288 _____ (Realtek                                            ) C:\Windows\system32\Drivers\Rtlh86.sys
2013-11-30 16:37 - 2013-11-30 16:37 - 00100896 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst32.dll
2013-11-30 16:37 - 2013-11-30 16:37 - 00080488 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp32.dll
2013-11-30 14:06 - 2013-01-14 19:39 - 00000000 ____D C:\Users\Jule\AppData\Roaming\IObit
2013-11-30 14:02 - 2013-11-30 14:02 - 00000000 ____D C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2013-11-30 14:02 - 2013-01-14 19:57 - 00000000 ____D C:\Program Files\IObit
2013-11-30 14:01 - 2013-01-14 19:39 - 00000000 ____D C:\ProgramData\IObit
2013-11-30 10:31 - 2013-11-30 10:31 - 00001952 _____ C:\Windows\wininit.ini
2013-11-30 00:45 - 2013-01-14 19:39 - 00000000 ____D C:\Program Files\IObit Malware Fighter
2013-11-30 00:43 - 2013-11-30 00:43 - 00000000 ____D C:\Users\Jule\AppData\Local\Slick Savings
2013-11-29 18:46 - 2013-11-29 15:21 - 00000000 ____D C:\Program Files\stinger
2013-11-29 18:45 - 2009-09-21 10:04 - 00000000 ____D C:\Users\Jule\AppData\Roaming\vlc
2013-11-29 17:45 - 2013-01-22 17:08 - 00002912 _____ C:\Users\Jule\AppData\Roaming\Safer-Networking.log
2013-11-29 16:15 - 2013-11-29 16:15 - 00260906 _____ C:\ProgramData\1385736874.bdinstall.bin
2013-11-29 15:54 - 2013-11-29 15:54 - 00000000 ____D C:\Users\Jule\AppData\Roaming\QuickScan
2013-11-29 15:25 - 2013-11-29 15:25 - 00000000 ____D C:\Quarantine
2013-11-29 12:54 - 2012-11-12 00:38 - 00000000 ____D C:\Windows\system32\QuickTime
2013-11-29 11:23 - 2013-11-29 11:14 - 00000000 ____D C:\Program Files\Re-markit
2013-11-29 10:22 - 2009-10-19 18:11 - 00000000 ____D C:\Users\Jule\AppData\Roaming\dvdcss
2013-11-27 16:28 - 2013-11-21 23:00 - 00000000 ____D C:\Users\Jule\Desktop\BA
2013-11-25 23:26 - 2013-11-25 18:56 - 00000000 ____D C:\Users\Jule\Desktop\TEX
2013-11-23 17:53 - 2013-11-23 17:53 - 00000000 _____ C:\Windows\setuperr.log
2013-11-23 10:37 - 2013-11-13 20:55 - 00000000 ____D C:\Users\Jule\Archiv\Documents\Citavi 4
2013-11-23 10:05 - 2013-03-09 17:35 - 00000000 ____D C:\Users\Jule\Desktop\Themenpläne
2013-11-23 00:06 - 2013-11-22 18:12 - 00000000 ____D C:\MikTex
2013-11-22 21:55 - 2013-11-20 22:53 - 00000000 ____D C:\Program Files\TeXnicCenter
2013-11-22 19:48 - 2013-11-22 19:48 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MiKTeX 2.9
2013-11-22 17:27 - 2013-11-22 17:27 - 00000000 ____D C:\Users\Jule\Archiv\Documents\Neuer Ordner
2013-11-22 15:50 - 2013-11-22 15:40 - 00000000 ____D C:\Users\Jule\Archiv\Documents\MiKTex1
2013-11-22 15:24 - 2012-04-09 17:17 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-11-22 15:24 - 2011-09-26 10:56 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-11-22 15:14 - 2013-11-22 13:43 - 00000000 ____D C:\Users\Jule\Archiv\Documents\miktex
2013-11-22 14:37 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-11-22 13:47 - 2006-11-02 11:33 - 01593056 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-22 00:50 - 2013-11-22 00:49 - 00067784 _____ C:\Users\Jule\Archiv\Documents\cc_20131122_004939.reg
2013-11-22 00:42 - 2013-11-22 00:40 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Foxit Software
2013-11-22 00:41 - 2013-11-22 00:40 - 00000000 ____D C:\Program Files\Foxit Reader
2013-11-22 00:27 - 2013-11-22 01:00 - 07360000 _____ (MiKTeX.org) C:\setup-2.9.4503.exe
2013-11-22 00:20 - 2011-05-04 14:36 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SÜDWEST
2013-11-21 22:10 - 2013-11-21 22:10 - 00033235 _____ C:\Users\Jule\Desktop\ADHS eine kritische Bestandsaufnahme Christina Happ.odt
2013-11-21 16:52 - 2009-07-27 16:41 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-21 16:49 - 2009-08-02 14:50 - 00000061 _____ C:\Windows\vbaddin.ini
2013-11-20 23:59 - 2013-11-20 23:58 - 00000000 ____D C:\Users\Jule\AppData\Roaming\SumatraPDF
2013-11-20 23:58 - 2013-11-20 23:58 - 00000000 ____D C:\Program Files\SumatraPDF
2013-11-20 23:17 - 2013-11-20 23:17 - 00000000 ____D C:\Program Files\gs9.10
2013-11-20 22:17 - 2013-11-20 22:17 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Texmaker
2013-11-20 22:17 - 2013-11-20 22:17 - 00000000 ____D C:\Program Files\Texmaker
2013-11-20 17:09 - 2013-11-20 16:09 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Notepad++
2013-11-20 16:10 - 2013-11-20 16:09 - 00000000 ____D C:\Program Files\Notepad++
2013-11-20 15:51 - 2011-08-29 23:01 - 00188776 _____ C:\Users\Jule\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-20 15:14 - 2013-11-14 21:42 - 00000000 ____D C:\Users\Jule\AppData\Roaming\xm1
2013-11-20 12:29 - 2013-01-14 19:10 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-18 19:39 - 2009-08-05 19:25 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-17 21:42 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache
2013-11-17 21:20 - 2011-08-30 10:21 - 00649864 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-17 21:16 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\de-DE
2013-11-17 15:29 - 2010-07-01 14:24 - 00008522 _____ C:\Windows\system32\QuickTime.qtp
2013-11-17 15:28 - 2013-11-17 15:12 - 00001594 _____ C:\Windows\VPNUnInstall.MIF
2013-11-17 15:17 - 2013-10-01 12:41 - 00000000 ____D C:\Windows\system32\MRT
2013-11-17 15:12 - 2013-11-17 15:12 - 00000000 ____D C:\Users\Jule\Archiv\Documents\capella
2013-11-17 15:12 - 2013-11-17 15:12 - 00000000 ____D C:\Users\Jule\AppData\Roaming\capella-software
2013-11-17 14:50 - 2006-11-02 11:24 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-11-14 22:10 - 2011-08-30 20:15 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-11-14 21:53 - 2007-04-16 06:18 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-11-14 00:10 - 2013-11-14 00:10 - 00000000 ____D C:\ProgramData\Gibraltar
2013-11-14 00:10 - 2013-11-13 20:55 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Swiss Academic Software
2013-11-13 22:25 - 2013-10-31 23:49 - 00136653 _____ C:\Users\Jule\Desktop\ADHD__Ba ADHS da Between_biomedical_trends_and_social_norms.txt
2013-11-13 20:57 - 2013-11-13 20:57 - 00000000 ____D C:\Users\Jule\AppData\Local\Swiss Academic Software
2013-11-13 18:25 - 2013-11-13 18:25 - 00000000 ____D C:\ProgramData\Swiss Academic Software
2013-11-13 18:24 - 2013-11-13 18:18 - 00000000 ____D C:\Program Files\Citavi 4
2013-11-13 18:16 - 2011-10-04 22:59 - 00000000 ____D C:\Users\Jule\AppData\Local\Downloaded Installations
2013-11-13 18:12 - 2010-04-24 20:54 - 00000000 ____D C:\Program Files\Citavi
2013-11-13 18:10 - 2010-10-14 12:32 - 00000000 ____D C:\Users\Jule\Archiv\Documents\Citavi
2013-11-12 14:24 - 2011-05-04 14:35 - 00000000 ____D C:\Program Files\BGB
2013-11-11 05:50 - 2009-10-02 20:58 - 00230048 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-07 17:55 - 2013-11-07 17:55 - 00000000 ____D C:\Users\Jule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2013-11-07 17:55 - 2013-11-07 17:55 - 00000000 ____D C:\Users\Jule\AppData\Local\FluxSoftware

Some content of TEMP:
====================
C:\Users\Jule\AppData\Local\Temp\adwcleaner313.exe
C:\Users\Jule\AppData\Local\Temp\pricepeep_1.exe
C:\Users\Jule\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Jule\AppData\Local\Temp\sdapskill.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-04 21:34

==================== End Of Log ============================
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-12-05 00:23:02
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.DL03 149.05GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Jule\AppData\Local\Temp\ugddypob.sys


---- Kernel code sections - GMER 2.1 ----

.text           C:\Windows\system32\DRIVERS\tos_sps32.sys                                              section is writeable [0x8875C000, 0x4036D, 0xE8000020]
.dsrt           C:\Windows\system32\DRIVERS\tos_sps32.sys                                              unknown last section [0x887A5000, 0x510, 0x40000040]

---- User code sections - GMER 2.1 ----

.text           C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe[2368] kernel32.dll!CreateThread + 1A  769CCB28 4 Bytes  CALL 004558C5 C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                Wdf01000.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                Wdf01000.sys
AttachedDevice  \FileSystem\fastfat \Fat                                                               fltmgr.sys
AttachedDevice  \FileSystem\fastfat \Fat                                                               fltmgr.sys

---- EOF - GMER 2.1 ----

 

Themen zu ungewollte Spigot Yahoo search Startseite
.dll, administrator, adobe, bonjour, browser, downloader, explorer, firefox, flash player, helper, home, homepage, installation, malware, mozilla, plug-in, realtek, registry, rundll, services.exe, software, spigot yahoo search hijacker, svchost.exe, temp, usb, windows, winlogon.exe, yahoo search, youtube downloader


« Mein Mailaccount wurde gehackt | Spam-Mail "Abmahnung" - Dateianhang geöffnet »


Ähnliche Themen: ungewollte Spigot Yahoo search Startseite


  1. yahoo suche (startseite + neuer tab) in allen Browsern
    Plagegeister aller Art und deren Bekämpfung - 14.09.2015 (25)
  2. Yahoo startseite eingefangen und nicht mehr los zu werden.
    Plagegeister aller Art und deren Bekämpfung - 14.08.2015 (3)
  3. Yahoo Startseite eingefangen
    Plagegeister aller Art und deren Bekämpfung - 22.06.2015 (17)
  4. fbdownloader als ungewollte startseite, Windows 7
    Log-Analyse und Auswertung - 11.04.2015 (11)
  5. Ungewollte Startseite in den Browsern - http://www.default-search.net - wie entferne ich das?
    Plagegeister aller Art und deren Bekämpfung - 23.09.2014 (17)
  6. de.yhs4.search.yahoo.com
    Plagegeister aller Art und deren Bekämpfung - 26.08.2014 (27)
  7. babylon search und delta search als startseite im browser
    Plagegeister aller Art und deren Bekämpfung - 06.06.2014 (9)
  8. Windows 8: Startseite geändert, ungewollte Ads
    Plagegeister aller Art und deren Bekämpfung - 24.05.2014 (31)
  9. Spigot-Infektion des Browsers (Startseite: http://ch.search.yahoo.com/?type=198484&fr=spigot-yhp-ie)
    Log-Analyse und Auswertung - 29.03.2014 (15)
  10. Windows 7: Browser Startseite ist unveränderbar yahoo ...mit spigot
    Log-Analyse und Auswertung - 19.01.2014 (6)
  11. Yahoo.com plötzlich als Startseite
    Plagegeister aller Art und deren Bekämpfung - 02.05.2013 (28)
  12. Probleme mit Yahoo Search
    Plagegeister aller Art und deren Bekämpfung - 02.05.2013 (30)
  13. O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSetting
    Mülltonne - 02.07.2012 (0)
  14. Spigot Search Settings nicht entfernbar
    Plagegeister aller Art und deren Bekämpfung - 08.01.2012 (20)
  15. spigot bzw. spigot.inc nach pdfforge-Installation
    Log-Analyse und Auswertung - 14.08.2011 (2)
  16. Yahoo Search Redirect Virus
    Plagegeister aller Art und deren Bekämpfung - 22.05.2011 (8)
  17. Ungewollte Toolbar, Desktopsymbole und IE Startseite
    Plagegeister aller Art und deren Bekämpfung - 31.12.2004 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema ungewollte Spigot Yahoo search Startseite - Ich habe vor etwa 1ner Woche den Youtube Downloader installiert und mit Ihnen weitere Programme, die ich sofort wieder gelöscht habe. Bisher ist mir jedoch nicht gelungen die Startseite endgültig - ungewollte Spigot Yahoo search Startseite...
Archiv
Du betrachtest: ungewollte Spigot Yahoo search Startseite auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19