GVU-Trojaner: Win7, PB-Notebook

Narvik · 05.08.2013, 12:38

Hallo liebe Fachleute,

Ihr kennt das bestimmt: "Du studierst doch Informatik.." und schon sitzt man stundenlang ahnungslos vor einem PC.

Folgendes Problem: Auf dem Notebook ist der GVU-Trojaner drauf. Wenn ich mich mit dem anderen Benutzerprofil anmelde, wird scheinbar die explorer.exe beendet und a) ein weißer bildschirm erscheint oder b) das typische GVU-Bild.

Anbei die ganzen Logfiles, die ich bereits erstellt habe.

Danke schonmal im Voraus für eure Hilfe

MfG JJ

schrauber · 05.08.2013, 13:34

HI,

der Rechner ist aber immer noch gesperrt? Wenn ja:

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)

Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)

Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST 32-Bit | FRST 64-Bit

Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.

Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:

Über den Boot Manager:

Starte den Rechner neu.

Während dem Hochfahren drücke mehrmals die F8 Taste

Wähle nun Computer reparieren.

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD (auch bei Windows 8 möglich):

Lege die Windows CD in dein Laufwerk.

Starte den Rechner neu und starte von der CD.

Wähle die Spracheinstellungen und klicke "Weiter".

Klicke auf Computerreparaturoptionen !

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen: Eingabeaufforderung

Gib nun bitte notepad ein und drücke Enter.

Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.

Schließe Notepad wieder

Gib nun bitte folgenden Befehl ein.
e:\frst.exe bzw. e:\frst64.exe
Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.

Akzeptiere den Disclaimer mit Ja und klicke Untersuchen

Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

Narvik · 05.08.2013, 14:07

Nein ich komme weiterhin über den 2. Benutzer (nicht Admin) rein. Und ich kann mich auch ganz normal anmelden. Nur nach ein paar Sekunden kommt der Bildschirm.
Soll ich den Scan dennoch durchführen? (einer ist ja bereits im Anhang)

EDIT: Bin jetzt nochmal auf Benutzer wechseln gegangen. Jetzt macht er gar nichts problematisches (stürzt auch nicht ab o.ä.)
Auch nicht nach Neustart.

schrauber · 05.08.2013, 19:25

Wenn das Hauptkonto mit dem Problem nicht zur vollen verfügung steht mach bitte obigen Scan.

Narvik · 07.08.2013, 15:20

Hallo,

da ich nun auf dem betroffenen Benutzer arbeiten kann, habe ich alle Scans noch einmal vom Hauptkonto aus gemacht.
Anbei nun die neuen Logfiles.
Danke schonmal im Voraus,

MfG JJ

schrauber · 07.08.2013, 20:18

Hi,

Logs bitte nicht anhängen.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Narvik · 08.08.2013, 13:53

Hallo Schrauber,
ab jetzt übernehme ich (Anja) mal mein Laptop-Problem. Mein Sohn, mit dem du bisher kommuniziert hast, muss wieder studieren

Hoffe wir beide schaffen das auch zusammen
LG Anja

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-08-2013
Ran by AnjaNarvik (administrator) on 07-08-2013 15:46:00
Running from C:\Users\AnjaNarvik\Desktop
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Adobe Systems Incorporated) c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
() C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
(Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
(Acer Group) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Windows\PLFSetI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Akamai Technologies, Inc) C:\Users\AnjaNarvik\AppData\Local\Akamai\netsession_win.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Marketsplash by HP\HPLocalWebPrintAgent.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
(Akamai Technologies, Inc) C:\Users\AnjaNarvik\AppData\Local\Akamai\netsession_win.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Chicony) C:\Program Files (x86)\Video Web Camera\traybar.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe
(Corel) C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerEvent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Users\AnjaNarvik\Desktop\Defogger.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-02-05] (Alcor Micro Corp.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2107176 2010-03-11] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10816544 2010-05-25] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2090528 2010-05-25] (Realtek Semiconductor)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [206208 2010-06-09] ()
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTrayLauncher.exe [496160 2010-06-15] (Acer Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [Zune Launcher] - C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)
HKCU\...\Run: [Facebook Update] - C:\Users\AnjaNarvik\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-14] (Facebook Inc.)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\AnjaNarvik\AppData\Local\Akamai\netsession_win.exe [3305760 2011-12-13] (Akamai Technologies, Inc)
HKCU\...\Run: [Google Update] - C:\Users\AnjaNarvik\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-12-27] (Google Inc.)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
MountPoints2: {fb8ebe3a-d16a-11e1-b52d-60eb6984783b} - F:\iStudio.exe
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe [263936 2010-06-29] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2011-09-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-06-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [Camera Assistant Software] - C:\Program Files (x86)\Video Web Camera\traybar.exe [600688 2010-10-22] (Chicony)
HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TrayServer] - C:\Program Files (x86)\MAGIX\Video_deluxe_15_silver\TrayServer.exe [90112 2008-08-07] (MAGIX AG)
HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de)
HKLM-x32\...\Run: [Ulead AutoDetector v2] - C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe [95504 2007-08-02] (Ulead Systems, Inc.)
HKLM-x32\...\Run: [Standby] - c:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe [105632 2009-11-10] (Corel)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [413696 2008-09-06] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [UIExec] - C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe [153424 2011-08-25] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe [154144 2010-07-29] ()
HKU\Hauke\...\Policies\system: [LogonHoursAction] 2
HKU\Hauke\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
AppInit_DLLs-x32: c:\progra~3\browse~1\261519~1.190\{16cdf~1\browse~1.dll [2691536 2013-07-26] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Marketsplash Drucksoftware.lnk
ShortcutTarget: Marketsplash Drucksoftware.lnk -> C:\Program Files (x86)\Hewlett-Packard\Marketsplash by HP\HPLocalWebPrintAgent.exe (Hewlett-Packard Company)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=115303&tt=4612_4&babsrc=HP_ss&mntrId=62701ee7000000000000000000000000
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?ch_id=em&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.babylon.com/?affID=115303&tt=4612_4&babsrc=HP_ss&mntrId=62701ee7000000000000000000000000
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: (No Name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} -  No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=115303&tt=4612_4&babsrc=SP_ss&mntrId=62701ee7000000000000000000000000
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?ch_id=em&q={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ICQ Sparberater - {FE163F11-1919-4257-A280-FF5AF8DAEECB} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
Toolbar: HKLM-x32 - xplugin - {DFEFCDEE-CF1A-4FC8-88AD-18272BE37E29} - C:\Users\AnjaNarvik\AppData\Roaming\xplugin\toolbar.dll ()
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.20

FireFox:
========
FF ProfilePath: C:\Users\AnjaNarvik\AppData\Roaming\Mozilla\Firefox\Profiles\2m4a4f7y.default
FF SelectedSearchEngine: Search the web (Babylon)
FF Homepage: hxxp://search.babylon.com/?affID=115303&tt=4612_4&babsrc=HP_ss&mntrId=62701ee7000000000000000000000000
FF Keyword.URL: hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.5.3&q=
FF NetworkProxy: "type", 0
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Users\AnjaNarvik\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.15.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.15.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\6\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\AnjaNarvik\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\AnjaNarvik\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\AnjaNarvik\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\AnjaNarvik\AppData\Roaming\Mozilla\Firefox\Profiles\2m4a4f7y.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\AnjaNarvik\AppData\Roaming\Mozilla\Firefox\Profiles\2m4a4f7y.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\AnjaNarvik\AppData\Roaming\Mozilla\Firefox\Profiles\2m4a4f7y.default\searchplugins\browsemngr.xml
FF SearchPlugin: C:\Users\AnjaNarvik\AppData\Roaming\Mozilla\Firefox\Profiles\2m4a4f7y.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\AnjaNarvik\AppData\Roaming\Mozilla\Firefox\Profiles\2m4a4f7y.default\searchplugins\fileconverter-13-customized-web-search.xml
FF SearchPlugin: C:\Users\AnjaNarvik\AppData\Roaming\Mozilla\Firefox\Profiles\2m4a4f7y.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\AnjaNarvik\AppData\Roaming\Mozilla\Firefox\Profiles\2m4a4f7y.default\searchplugins\icqplugin-1.xml
FF SearchPlugin: C:\Users\AnjaNarvik\AppData\Roaming\Mozilla\Firefox\Profiles\2m4a4f7y.default\searchplugins\icqplugin-2.xml
FF SearchPlugin: C:\Users\AnjaNarvik\AppData\Roaming\Mozilla\Firefox\Profiles\2m4a4f7y.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Users\AnjaNarvik\AppData\Roaming\Mozilla\Firefox\Profiles\2m4a4f7y.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\AnjaNarvik\AppData\Roaming\Mozilla\Firefox\Profiles\2m4a4f7y.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Users\AnjaNarvik\AppData\Roaming\Mozilla\Firefox\Profiles\2m4a4f7y.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: Default Manager - C:\Users\AnjaNarvik\AppData\Roaming\Mozilla\Firefox\Profiles\2m4a4f7y.default\Extensions\DefaultManager@Microsoft
FF Extension: FileConverter 1.3  - C:\Users\AnjaNarvik\AppData\Roaming\Mozilla\Firefox\Profiles\2m4a4f7y.default\Extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}
FF Extension: firefox-hotfix - C:\Users\AnjaNarvik\AppData\Roaming\Mozilla\Firefox\Profiles\2m4a4f7y.default\Extensions\firefox-hotfix@mozilla.org.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox
FF Extension: Bing Bar - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\

Chrome: 
=======
CHR Extension: (Google Drive) - C:\Users\ANJANA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\ANJANA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\ANJANA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Norton Identity Protection) - C:\Users\ANJANA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.11.8_0
CHR Extension: (Gmail) - C:\Users\ANJANA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe [822304 2010-06-15] (Acer Incorporated)
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)
R2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
R2 ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [247872 2011-07-20] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [255744 2010-06-29] (NewTech Infosystems, Inc.)
R2 UI Assistant Service; C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe [270672 2011-08-25] ()
R2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group)
S2 Browser Manager; C:\ProgramData\Browser Manager\2.6.1519.190\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [x]

==================== Drivers (Whitelisted) ====================

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-07 15:43 - 2013-08-07 15:43 - 01788943 _____ (Farbar) C:\Users\AnjaNarvik\Desktop\FRST64.exe
2013-08-07 15:41 - 2013-08-07 15:41 - 00050477 _____ C:\Users\AnjaNarvik\Desktop\Defogger.exe
2013-08-07 15:41 - 2013-08-07 15:41 - 00000482 _____ C:\Users\AnjaNarvik\Desktop\defogger_disable.log
2013-08-05 13:26 - 2013-08-05 13:26 - 00028808 _____ C:\Users\Hauke\Downloads\gmer.log
2013-08-05 13:26 - 2013-08-05 13:26 - 00028808 _____ C:\Users\Hauke\Desktop\gmer.log
2013-08-05 13:26 - 2013-08-05 13:26 - 00000000 ____D C:\Users\Hauke\AppData\Roaming\Malwarebytes
2013-08-05 13:24 - 2013-08-05 13:24 - 00028808 _____ C:\Users\AnjaNarvik\Desktop\gmer.log
2013-08-05 12:59 - 2013-08-05 12:59 - 00377856 _____ C:\Users\Hauke\Downloads\gmer_2.1.19163.exe
2013-08-05 12:57 - 2013-08-05 12:57 - 00021505 _____ C:\Users\Hauke\Desktop\FRST.txt
2013-08-05 12:57 - 2013-08-05 12:56 - 00033194 _____ C:\Users\Hauke\Desktop\Addition.txt
2013-08-05 12:56 - 2013-08-05 12:57 - 00021505 _____ C:\Users\Hauke\Downloads\FRST.txt
2013-08-05 12:56 - 2013-08-05 12:56 - 00033194 _____ C:\Users\Hauke\Downloads\Addition.txt
2013-08-05 12:55 - 2013-08-05 12:55 - 00000000 ____D C:\FRST
2013-08-05 12:50 - 2013-08-05 12:50 - 01788733 _____ (Farbar) C:\Users\Hauke\Downloads\FRST64.exe
2013-08-05 12:48 - 2013-08-05 12:48 - 00000482 _____ C:\Users\Hauke\Downloads\defogger_disable.log
2013-08-05 12:48 - 2013-08-05 12:48 - 00000482 _____ C:\Users\Hauke\Desktop\defogger_disable.log
2013-08-05 12:48 - 2013-08-05 12:48 - 00000000 _____ C:\Users\AnjaNarvik\defogger_reenable
2013-08-05 12:45 - 2013-08-05 12:45 - 00050477 _____ C:\Users\Hauke\Downloads\Defogger.exe
2013-08-05 12:34 - 2013-08-05 12:34 - 00000000 ____D C:\Users\Hauke\AppData\Roaming\Adobe
2013-08-05 12:04 - 2013-08-05 12:04 - 00000000 ____D C:\Users\AnjaNarvik\AppData\Roaming\Malwarebytes
2013-08-05 12:03 - 2013-08-05 12:03 - 00001085 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-05 12:03 - 2013-08-05 12:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-05 12:03 - 2013-08-05 12:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-05 12:03 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-05 12:01 - 2013-08-05 12:02 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Hauke\Downloads\mbam-setup-1.75.0.1300.exe

==================== One Month Modified Files and Folders =======

2013-08-07 15:45 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-07 15:45 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-07 15:43 - 2013-08-07 15:43 - 01788943 _____ (Farbar) C:\Users\AnjaNarvik\Desktop\FRST64.exe
2013-08-07 15:43 - 2011-03-19 16:20 - 01181051 _____ C:\Windows\WindowsUpdate.log
2013-08-07 15:41 - 2013-08-07 15:41 - 00050477 _____ C:\Users\AnjaNarvik\Desktop\Defogger.exe
2013-08-07 15:41 - 2013-08-07 15:41 - 00000482 _____ C:\Users\AnjaNarvik\Desktop\defogger_disable.log
2013-08-07 15:39 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-07 15:39 - 2009-07-14 06:51 - 00104503 _____ C:\Windows\setupact.log
2013-08-07 15:38 - 2011-09-18 19:43 - 00379536 _____ C:\Windows\PFRO.log
2013-08-07 15:28 - 2011-12-16 13:06 - 00000000 ____D C:\Users\ANJANA~1\AppData\Local\Akamai
2013-08-05 19:48 - 2012-12-27 17:25 - 00001140 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3911863923-1940824208-2522442793-1001UA.job
2013-08-05 17:24 - 2011-10-17 23:17 - 00001158 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3911863923-1940824208-2522442793-1001UA.job
2013-08-05 15:54 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-05 15:14 - 2012-11-14 17:02 - 00000000 ____D C:\ProgramData\Browser Manager
2013-08-05 13:26 - 2013-08-05 13:26 - 00028808 _____ C:\Users\Hauke\Downloads\gmer.log
2013-08-05 13:26 - 2013-08-05 13:26 - 00028808 _____ C:\Users\Hauke\Desktop\gmer.log
2013-08-05 13:26 - 2013-08-05 13:26 - 00000000 ____D C:\Users\Hauke\AppData\Roaming\Malwarebytes
2013-08-05 13:24 - 2013-08-05 13:24 - 00028808 _____ C:\Users\AnjaNarvik\Desktop\gmer.log
2013-08-05 12:59 - 2013-08-05 12:59 - 00377856 _____ C:\Users\Hauke\Downloads\gmer_2.1.19163.exe
2013-08-05 12:57 - 2013-08-05 12:57 - 00021505 _____ C:\Users\Hauke\Desktop\FRST.txt
2013-08-05 12:57 - 2013-08-05 12:56 - 00021505 _____ C:\Users\Hauke\Downloads\FRST.txt
2013-08-05 12:56 - 2013-08-05 12:57 - 00033194 _____ C:\Users\Hauke\Desktop\Addition.txt
2013-08-05 12:56 - 2013-08-05 12:56 - 00033194 _____ C:\Users\Hauke\Downloads\Addition.txt
2013-08-05 12:55 - 2013-08-05 12:55 - 00000000 ____D C:\FRST
2013-08-05 12:50 - 2013-08-05 12:50 - 01788733 _____ (Farbar) C:\Users\Hauke\Downloads\FRST64.exe
2013-08-05 12:48 - 2013-08-05 12:48 - 00000482 _____ C:\Users\Hauke\Downloads\defogger_disable.log
2013-08-05 12:48 - 2013-08-05 12:48 - 00000482 _____ C:\Users\Hauke\Desktop\defogger_disable.log
2013-08-05 12:48 - 2013-08-05 12:48 - 00000000 _____ C:\Users\AnjaNarvik\defogger_reenable
2013-08-05 12:48 - 2011-09-17 07:22 - 00000000 ____D C:\Users\AnjaNarvik
2013-08-05 12:47 - 2011-11-03 07:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-05 12:45 - 2013-08-05 12:45 - 00050477 _____ C:\Users\Hauke\Downloads\Defogger.exe
2013-08-05 12:34 - 2013-08-05 12:34 - 00000000 ____D C:\Users\Hauke\AppData\Roaming\Adobe
2013-08-05 12:27 - 2011-03-20 01:12 - 00654844 _____ C:\Windows\system32\perfh007.dat
2013-08-05 12:27 - 2011-03-20 01:12 - 00130426 _____ C:\Windows\system32\perfc007.dat
2013-08-05 12:27 - 2009-07-14 07:13 - 01500254 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-05 12:04 - 2013-08-05 12:04 - 00000000 ____D C:\Users\AnjaNarvik\AppData\Roaming\Malwarebytes
2013-08-05 12:03 - 2013-08-05 12:03 - 00001085 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-05 12:03 - 2013-08-05 12:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-05 12:03 - 2013-08-05 12:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-05 12:02 - 2013-08-05 12:01 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Hauke\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-05 11:57 - 2013-04-19 14:01 - 00001328 __RSH C:\Users\Hauke\ntuser.pol
2013-08-05 11:57 - 2013-04-19 13:49 - 00000000 ____D C:\Users\Hauke
2013-08-05 11:56 - 2013-06-04 16:49 - 00000004 _____ C:\Users\AnjaNarvik\AppData\Roaming\skype.ini

Files to move or delete:
====================
C:\Users\AnjaNarvik\AppData\Roaming\skype.ini

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-05 14:46

==================== End Of Log ============================

--- --- ---

--- --- ---

schrauber · 08.08.2013, 18:08

Zitat:

Hoffe wir beide schaffen das auch zusammen
LG Anja

Klar

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\Users\AnjaNarvik\AppData\Roaming\skype.ini

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Narvik · 08.08.2013, 20:19

Ich vermute mal, FRST ist das Programm mit der 64 dahinter?!
Wenn ich das Programme starte, kommt so eine doofe Meldung:
Your version of Frst64 ist outdate...
Click Yes to download the lastet version. Ckick no to continue without updating.

Klick ist Nein an, kommt ein neues Fenster:
No fixlist.txt found ...

Klick ich Ja an, öffnet sich so ne komische HP...
Hilfeeeeeeeeeeeeeeee

Ignoriere ich beides und klick auf fix, passiert auch nur nüscht.

Und nu???

Hmm, nach einigen Telefonaten mit JJ (dem Eröffner des Threads) klappt das fix. Bis später

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-08-2013
Ran by AnjaNarvik at 2013-08-08 20:54:55 Run:2
Running from C:\Users\AnjaNarvik\Desktop
Boot Mode: Normal
==============================================

"C:\Users\AnjaNarvik\AppData\Roaming\skype.ini" => File/Directory not found.

==== End of Fixlog ====

Code:

ATTFilter

# AdwCleaner v2.306 - Datei am 08/08/2013 um 21:00:42 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium  (64 bits)
# Benutzer : AnjaNarvik - ANJANARVIK-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\AnjaNarvik\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : Browser Manager
Gestoppt & Gelöscht : ICQ Service

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Users\AnjaNarvik\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
Datei Gelöscht : C:\Users\AnjaNarvik\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Datei Gelöscht : C:\Users\AnjaNarvik\AppData\Roaming\Mozilla\Firefox\Profiles\2m4a4f7y.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\AnjaNarvik\AppData\Roaming\Mozilla\Firefox\Profiles\2m4a4f7y.default\bprotector_prefs.js
Datei Gelöscht : C:\Users\AnjaNarvik\AppData\Roaming\Mozilla\Firefox\Profiles\2m4a4f7y.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\AnjaNarvik\AppData\Roaming\Mozilla\Firefox\Profiles\2m4a4f7y.default\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\AnjaNarvik\AppData\Roaming\Mozilla\Firefox\Profiles\2m4a4f7y.default\searchplugins\browsemngr.xml
Datei Gelöscht : C:\Users\AnjaNarvik\AppData\Roaming\Mozilla\Firefox\Profiles\2m4a4f7y.default\searchplugins\fileconverter-13-customized-web-search.xml
Datei Gelöscht : C:\Users\AnjaNarvik\AppData\Roaming\Mozilla\Firefox\Profiles\2m4a4f7y.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\AnjaNarvik\AppData\Roaming\Mozilla\Firefox\Profiles\2m4a4f7y.default\searchplugins\icqplugin-1.xml
Datei Gelöscht : C:\Users\AnjaNarvik\AppData\Roaming\Mozilla\Firefox\Profiles\2m4a4f7y.default\searchplugins\icqplugin-2.xml
Datei Gelöscht : C:\Users\Hauke\AppData\Roaming\Mozilla\Firefox\Profiles\yqflj7h9.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\Hauke\AppData\Roaming\Mozilla\Firefox\Profiles\yqflj7h9.default\bprotector_prefs.js
Gelöscht mit Neustart : C:\ProgramData\Browser Manager
Ordner Gelöscht : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Users\AnjaNarvik\AppData\Roaming\Mozilla\Firefox\Profiles\2m4a4f7y.default\CT3241949
Ordner Gelöscht : C:\Users\AnjaNarvik\AppData\Roaming\Mozilla\Firefox\Profiles\2m4a4f7y.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}
Ordner Gelöscht : C:\Users\AnjaNarvik\AppData\Roaming\Mozilla\Firefox\Profiles\2m4a4f7y.default\Smartbar
Ordner Gelöscht : C:\Users\AnjaNarvik\AppData\Roaming\xplugin

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\ICQ\ICQToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-88AD-18272BE37E29}
Schlüssel Gelöscht : HKCU\Software\5d4d9d9b569b946
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\ICQ\ICQToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\5d4d9d9b569b946
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-18272BE37E29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar
Schlüssel Gelöscht : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-88AD-18272BE37E29}]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7600.17153

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=115303&tt=4612_4&babsrc=HP_ss&mntrId=62701ee7000000000000000000000000 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?ch_id=em&q={searchTerms} --> hxxp://www.google.com

-\\ Mozilla Firefox v12.0 (de)

Datei : C:\Users\AnjaNarvik\AppData\Roaming\Mozilla\Firefox\Profiles\2m4a4f7y.default\prefs.js

Gelöscht : user_pref("avg.install.userHPSettings", "hxxp://search.babylon.com/?affID=115303&tt=4612_4&babsrc=HP[...]
Gelöscht : user_pref("avg.install.userSPSettings", "Search the web (Babylon)");
Gelöscht : user_pref("browser.search.order.1", "Search the web (Babylon)");
Gelöscht : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
Gelöscht : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=115303&tt=4612_4&babsrc=HP_s[...]
Gelöscht : user_pref("icqtoolbar.allowSendURL", false);
Gelöscht : user_pref("icqtoolbar.engineVerified", true);
Gelöscht : user_pref("icqtoolbar.firstTbRun", false);
Gelöscht : user_pref("icqtoolbar.geolastmodified", 1352895140);
Gelöscht : user_pref("icqtoolbar.history", "fachschule%20sozialwesen%20hermannswerder%20lernnfelder||fachschule[...]
Gelöscht : user_pref("icqtoolbar.icqgeo", 49);
Gelöscht : user_pref("icqtoolbar.installTime", "1343245758");
Gelöscht : user_pref("icqtoolbar.installsource", "1");
Gelöscht : user_pref("icqtoolbar.newtab_most_visited_state", "1");
Gelöscht : user_pref("icqtoolbar.newtab_recently_closed_state", "1");
Gelöscht : user_pref("icqtoolbar.newtab_state", "1");
Gelöscht : user_pref("icqtoolbar.numberOfSearches", 0);
Gelöscht : user_pref("icqtoolbar.previousFFVersion", "8.0");
Gelöscht : user_pref("icqtoolbar.skip_default_search", "no");
Gelöscht : user_pref("icqtoolbar.suggestions", false);
Gelöscht : user_pref("icqtoolbar.uniqueID", "133106245813310623381331065864471");
Gelöscht : user_pref("icqtoolbar.usageStatstTimestamp", 1352895146);
Gelöscht : user_pref("icqtoolbar.version", "1.5.3");
Gelöscht : user_pref("icqtoolbar.voucherHideClicks", 0);
Gelöscht : user_pref("icqtoolbar.voucherMoreLinkClicks", 0);
Gelöscht : user_pref("icqtoolbar.voucherRedeemClicks", 0);
Gelöscht : user_pref("icqtoolbar.voucherWasShown", 0);
Gelöscht : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Gelöscht : user_pref("icqtoolbar.xmlLanguage", "de");
Gelöscht : user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.5.3&q=");

Datei : C:\Users\Hauke\AppData\Roaming\Mozilla\Firefox\Profiles\yqflj7h9.default\prefs.js

Gelöscht : user_pref("browser.search.order.1", "Search the web (Babylon)");
Gelöscht : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
Gelöscht : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=115303&tt=4612_4&babsrc=HP_s[...]

-\\ Google Chrome v28.0.1500.95

Datei : C:\Users\AnjaNarvik\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [8900 octets] - [08/08/2013 21:00:42]

########## EOF - C:\AdwCleaner[S1].txt - [8960 octets] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.3.8 (08.07.2013:4)
OS: Windows 7 Home Premium x64
Ran by AnjaNarvik on 08.08.2013 at 21:09:37,50
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully deleted [Registry Value] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\bProtectTabs



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\trolltech
Successfully deleted: [Registry Key] "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3911863923-1940824208-2522442793-1001\Software\SweetIM"



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\browser manager"
Successfully deleted: [Folder] "C:\Program Files (x86)\uniblue\speedupmypc"
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{00492F5B-80DB-4863-AA2E-066186D8015A}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{00FAFFC3-561A-4AF7-8D20-EE4478E5C438}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{019C8EC4-630A-4435-AA31-D0A255715C69}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{02659B9E-F453-4504-8393-FB9FC110445D}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{02E83281-1FD0-4919-A438-D3005AB54137}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{0395CF92-B1A1-4385-98CA-151167AF4FD9}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{047993FD-629D-48B1-BEF2-CFB75172F4DE}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{061D1F6D-9E84-4BB3-B92F-13B9F856765E}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{061FB2DF-3F56-412D-AD3F-E4022DD44A3F}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{06DE1AEE-F47E-4B63-A825-32CB3D052D39}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{07052212-E772-4293-A8E2-027BBC8A57AA}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{07066FD5-C11F-4F3A-928B-7CB7C54B1C6F}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{08F2BE31-FCD2-4215-9CDB-B47D2BD94D10}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{0B659B74-B4C0-4396-AF5F-C7FE4F0F6F1B}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{0CAD22FD-20A0-413A-9738-33D172024F15}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{0D675992-FD37-44D5-A663-F0C96381DFFD}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{0D9DD3D3-A785-4C00-B545-4F8E455100CF}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{0DAF2ACD-E3D7-427E-B6F5-624FB88AF6D1}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{0E858283-2AE8-4E57-8B5E-B76C3F0AC8F5}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{10649848-E4F4-444B-A505-6991F2F2DEE2}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{11E4D56A-7035-416F-8C51-8EF6F3314572}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{134A43D2-B10E-478D-8E38-327D3662EE0D}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{137391EC-C4F5-4CFA-9B00-975D0C5BF68F}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{14889AB8-5E3C-4841-9B89-B1AC6A50F781}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{1513BEF9-C62E-4138-9C1E-B21D4EBAC89D}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{15976467-610A-4B45-925E-385E4D760B09}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{16611523-9D60-4EA4-B791-E31B6A5F9469}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{1901971A-AFCA-41C4-A90F-4EAA7D6C6978}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{195E6B51-84E6-4EB0-AB9D-B4C41FA0EDF2}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{19EB5E85-303A-488C-A0D4-D80CB9B71EC9}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{1B695D7B-9553-4A9F-AF82-43C1975B2356}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{1C1D306F-2491-4B5D-81DF-55612500FDC4}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{1C47E5B5-4455-4BEF-8497-4866E62F7228}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{1CAABDA6-77F4-4478-96BD-38EF575B0300}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{1D1627D8-0ADD-4172-B1CD-2955A11B52CE}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{1D79FA70-48F8-4FD0-AF42-482017D048EB}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{1EBE1117-8F8D-4A33-B5B4-8DC9209983D3}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{2198F4F4-8CAF-42F3-B241-D9CF95929F41}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{22B69AB1-7617-4CFE-82EE-71E2FD9A0B85}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{24465C92-3111-4F6B-80D7-BEE2C4DF63D9}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{24E46E21-0F48-4EBD-A685-EA40AD4F9144}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{258C3E70-3EC1-48DB-9FF4-08C9FC4428A5}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{26699945-A9D1-4C4B-8543-CF5DC2DDD5DA}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{2722F5CA-1346-4D57-9F9B-3E650CD0CA2C}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{278E2F1D-1F59-43EE-98F8-86D59A764DFB}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{2911267C-F135-4986-981E-51A41BE4727F}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{2AA6FAF0-8A69-456A-9034-F745A708146E}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{2AD07062-1B31-4C4B-9BCF-4E180A04DEC7}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{2C9BD367-F953-418A-94B1-9E8C9EB5A6B6}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{2CA6F243-F864-466C-BAFB-D43BBF0B4252}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{2D413AA9-C65C-4D5B-9F7E-C7B5421DDC91}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{2D8AAA8A-D7D7-4F06-9B58-94544150BC6F}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{2E50E3DA-8BFD-486B-90BC-5E684937DFEE}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{2EA59011-34D9-4168-AFCC-C9F03878C037}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{2F93AC4E-03D0-41E6-8992-3D97C2778124}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{3130066F-1BCB-4D54-A8CE-58D6F3EF7F48}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{320514CB-D782-4EAE-A5DD-6D8F4EE9995A}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{34871B35-660D-4767-85CE-C7D8CE307872}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{34EA7ABA-5E72-4EC8-B061-4F97AC707702}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{358A029C-5BAC-4E00-88DC-74ECCC5328C9}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{365BD114-144E-4DD2-A2C3-E951B90F1B0D}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{37BE1D71-8359-46C1-BDDE-8ABA40EDC6A3}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{39274FB3-9A65-49C4-B599-BA3260157B71}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{3CFFA527-D2B6-4575-BACD-76A05076795D}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{3DAEC7A7-F83D-4BBE-A83E-3877F05D3476}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{3E4C4554-9BE0-455C-9E92-1BC5B817DDFD}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{3F188783-4BD7-44A9-B204-D554AE3A005F}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{3FBF1327-DBC1-45C1-9755-8FAC7653B025}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{43945DEE-E024-4854-9E0C-C3F115CAE559}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{449C05F6-E809-421C-B4FD-264147715E38}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{471098B6-92EE-4349-9B74-7D42E4474CE0}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{482BA3F7-7E3A-4EDC-A886-A28147F7A066}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{4999BAAB-8A6F-438F-A95D-3216E62B9DB3}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{4A56B606-7734-4917-A478-A4A809FEDE01}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{4AED7286-BCCB-48A7-8475-81A5E06ADBDA}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{4D1CD074-47E6-478C-A3D3-7AD351A1779C}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{4D52E397-333B-4B09-AAF9-8C1DDF171AFB}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{4EB59869-7057-48E9-B8C0-C0FD6EDB1A9B}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{50A7B754-5C10-4559-8178-0FAC751095DD}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{5123DF7C-D342-472E-A78C-F537B8E69CA4}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{53F8C0CB-3064-4F1B-BAF6-0B9D75670798}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{542A4251-C419-4D18-9A06-5595C2D2152F}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{571F8DB6-401B-46BE-909B-415629916727}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{574E7651-3C6D-4013-8B84-2768DA17E410}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{57756BBE-2583-4F5C-98A2-A376A3EE9B39}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{57C383ED-BD4F-4E76-8C89-8FD1208704C3}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{59A4C918-9CC3-46AD-AF14-7352256AEA3F}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{59EDA823-E2CB-4AFD-84DC-AE9AC7A626C6}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{5A591FE3-82EC-4B3F-9638-7F62F4E4F45C}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{5A8F68FA-0386-444C-8DC5-AF180437C444}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{5B8D14AC-413A-4F12-8018-F2ACD50F38AB}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{5CA841AE-F420-4241-9137-1D428FCA10BC}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{5EA1A83E-C432-48CD-858B-4A67F39C708D}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{5F51EA84-AC25-434B-A95B-A687C9A1F024}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{609980D7-E3EE-4A4B-AE97-61561A6C59B7}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{60EEBEAA-F65C-4FA3-B157-C39A2C929707}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{61DEB331-9DBE-4307-B98D-2B9657C9FD24}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{62309702-0F9A-4887-B926-AB6CBBAA335C}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{62AA21C1-1D81-47D6-AAE7-6721164377A9}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{6469E6FC-927D-4129-8B38-16133D14E636}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{64704B20-5388-4A30-BC98-F57DF561509F}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{64775E5F-4DF5-448A-89CE-A05575B8EC9F}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{6487558A-59FF-4A1A-9DBE-F1DC55020387}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{64B6621E-A07A-4DA1-905D-CDBFB56CE127}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{65679CB1-96CA-4B2B-945D-5DEC45E88798}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{6762FF5C-9157-46C2-A8C8-3CBB87236AF6}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{67C9FA59-41BE-4C26-AB24-EEAEBBF72F21}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{690A614A-5E39-405D-A28F-6D14CB64F002}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{6A99043C-7959-4AA9-AED0-7010E48C030B}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{6B860334-D189-46B6-B55F-A2879DFF4344}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{6C612714-3A31-4EBC-962C-BBFD5070E47F}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{6DA75E7C-5101-45CC-85CC-D98B3D815B8D}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{6E146B3E-B015-488A-AC3C-7216A27181B2}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{6E628D14-82CB-438E-B32F-C37679093DB6}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{6FD6FC8B-7FB7-479F-A6ED-C2697BB9DA01}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{70CC8D9C-4F84-4EF9-ABCF-38F6AE219C03}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{715D9E6B-BC76-4F33-BE6E-2E748F4133A6}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{74C90F29-C543-462D-8CF3-7E343054EBC8}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{74FFECD0-1218-425D-8030-14CF051A290A}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{75D96B20-B714-486A-94B2-859E0BE49261}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{77F4D808-7A60-40D3-854E-05E688E9D319}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{7AF8FD9D-5D34-49F6-8F56-E5DAAD6D8CBA}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{7BA3E26E-3F80-4413-AA86-BE3D75F445B1}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{7CEDD10F-E11D-4DDE-B95C-0D51FB6AC7B7}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{7E9EBC32-23DA-4E37-BA2B-84C9494F8780}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{80D941A7-8F64-42D8-A88A-6B2596ED3E42}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{812ECC07-7D04-4F34-B032-F178A93CC3EC}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{83387CA6-0FE5-482A-807D-6655A9719CB7}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{84590631-4DF5-4013-A5D0-ECB3C2780923}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{8467955E-A24E-4D9D-9DED-99EB500F4472}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{85816BF0-74F6-43BA-A2A6-44D962D2FEDE}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{85D27EB7-039E-46D8-AB44-FCDB8F38C2B9}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{874B0ED7-FE61-4F20-A606-6DCBAE2BC26B}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{87E0AA1E-5F81-463D-8401-588910106ECF}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{8A9154E3-D9BA-4C08-9613-460E3E2D4B0D}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{8ADAF341-3A4A-4EFC-8AEC-61D4605ECC90}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{8ADF159F-89D8-4B52-BD45-19739E91B27A}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{8B2C73E2-46EF-4953-84A9-599D94BEE375}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{8BF8DFB2-BD85-46DB-8FD7-E1A7FE3D4042}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{8DB96D49-BBF8-4B96-A796-E281469EEDA6}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{8EF2EF68-9225-43C9-8083-1C53B4C09DCD}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{903B4836-B981-4541-B5BE-0BBA178D8C67}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{909C0A63-0498-4E42-B941-5E92B44EA570}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{9111AD77-0285-497A-B1AB-EFA6EE16877B}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{932E50A3-2FEA-4AEA-948B-73ED61272866}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{934336BF-6A68-46E6-B06F-3BAEEF5B1CC4}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{947C52CD-895B-4B22-B893-40D4A019F8AC}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{95108080-F026-4936-9A9C-798A7565EC8C}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{999BEFCD-B37A-4237-896E-A875664CA78B}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{9F8EBD84-9532-40EE-9131-5297B1AA6CC5}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{A0CE3094-3723-4710-ADD8-1A6594791158}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{A34169FF-4EC9-4A66-88EE-51A7FFF01FDC}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{A4558FD2-8044-4764-9165-D58FB6B2C229}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{A48A26FB-DB69-4983-99D9-ADD97CD0D34F}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{A5F895C0-47A6-45DC-8274-0A6B910BFA88}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{A7897696-FA40-4DE3-8543-FBD40112EEEF}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{A804E5FA-D89E-4F38-819D-CD3C591FF4CE}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{A80AC079-2030-4DB9-890A-ADBAE39EE3E1}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{A844C97B-5E34-4741-B734-69879519A3FA}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{A99A9F9E-FCE6-4506-AC84-067A8E4CBBFD}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{AA8BC41A-4D6D-4592-9480-F7E1FC85846C}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{AB508112-9A46-427A-8432-3E940C9D8223}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{ADDB2929-48AC-449B-B81C-A1234628DB59}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{AE910E22-910F-4F54-8587-D14F00C48AE4}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{AEB2DF59-4674-4B31-9D5A-FE6C2B44618B}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{AFA29EDC-E2BF-4163-B725-A04261AA20A3}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{B1FCE5FA-88A5-4E3E-AC24-9B201B6DFC0D}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{B3A7B88A-C908-459B-A6E4-E2F5C6F1AA24}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{B3EC6F4D-20BA-4E37-AFED-4D8AD36F7396}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{B4A376EF-74BD-4902-8CE8-8E8DF55BC5D8}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{B4AB127C-7C3A-44FC-8463-84517D13560E}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{B5B50B15-0BCC-45F3-B497-F6D025FEAD89}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{B6B3E547-16FE-4049-8C33-AA7DD09EFD7F}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{B92CF430-F5C3-4248-87DF-67797B57249D}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{BB16D069-8DE0-479B-91E2-E48C91C856ED}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{BBF4D353-3B78-4B78-8A13-1D1803F9C07D}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{BCE043A8-C574-4C94-8419-A9A56BD2CED9}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{C10C1E31-3265-4FFE-9110-59C536B43DD6}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{C3AF2145-C5C9-47EF-AC3D-99C7D13472D4}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{C3F5411F-AC25-4966-903D-65ACD93C39BB}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{C40D0BF6-C89B-4531-9388-3BF7E2451753}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{C5896675-B8E7-4DC2-97EB-C4FFA9B745BC}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{C5D01DEB-AF5D-42FC-8ACA-55CC65449E17}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{C61A9799-6CD2-47A9-9600-9E26E345FB39}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{C690E0C7-8E38-4FA3-BAE5-8BE825050A60}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{C701DAC3-B1FA-4DC7-81E5-2F0D550301DC}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{C708CCE9-10DA-4B9E-B28A-E1E65F7C3973}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{C8EC12FE-2293-46B6-A59C-96CBB1110D9D}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{C9A8447D-EBA1-4B6D-A711-2B71BDF7AFC8}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{CBE0D338-0436-48DA-9BE4-77A294C468CA}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{D093CA76-61D9-48FE-BB8C-2396E33386AD}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{D0B4486F-5083-4EAA-AA6F-1373DA1712BB}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{D0E42261-03B2-4435-9EC8-15AA47D4C617}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{D2355CBB-5E76-400C-8E1F-79A72023A2CF}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{D254ABEE-D0A7-4CD3-A72F-EA495090E4EB}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{D43CD62C-32C1-404F-9139-EF99566D83B0}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{D6AB9B15-8F01-461B-A947-E1EF797C0E5A}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{D9A534E4-5DCC-4D68-AB95-F3D01EE2C518}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{D9DBDEBA-CDB4-4DF0-960F-DD952335F90D}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{DA88B919-9035-45EA-9450-AC4438E7AB72}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{DB23BCAB-1BD0-4955-8703-C0B4C65FEE19}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{DB244CCB-7BC7-468C-9566-48CFE0B286A0}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{DBC55351-037B-49D5-8B57-F615647238BD}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{DC83B0A3-9C7C-47A4-9D8A-6B330647E293}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{DD407BA1-4167-42CA-A806-F5FA1536DF52}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{DD670CD0-1A2A-4279-82CC-2D43E24AA6A8}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{E004F6EF-228A-4AF1-96B0-538A2E3CE91B}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{E09BFDED-759D-416B-BC69-EA27CA7FD728}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{E0C1D082-9118-4ED5-8E7F-F3E077F2B867}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{E14A9C1B-8147-4C95-894C-78559A079267}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{E2AFDDEA-55EB-4F5C-A9A6-8BDEE2DF3EAF}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{E36651FA-053D-408C-85A0-7DD41F22BA04}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{E3D9A657-9487-4E92-9CF5-C90AFC8E061E}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{E5202395-791E-4996-BBFC-1D29BBE2D75B}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{E5995D83-20DC-43EE-8731-3A1CBFC65402}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{E6A12628-A068-4886-A46B-B485A3798D72}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{E7422FE7-F9D4-412A-BC8A-2BE0D0C41CD0}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{E822F6F0-1BAB-42E4-823D-B717DB9645F0}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{E84248A0-38DD-431A-A0EB-75A4D9F5A78B}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{E863ECA8-69A9-4A21-81F9-354EC51C2B7A}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{E8643BE9-AB11-4636-B4B2-F2B8BF9150D1}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{EA5BE727-8C72-417B-87AD-3691315D8236}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{EAB71D4B-F3EE-4CA8-BF09-D020CABD8513}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{EB4F3B3B-AF62-49E5-BCE3-663C57A89F73}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{EBAEDC93-5092-4858-AB36-1D1FA3CAA5D4}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{EBDB7ABF-C860-44BE-A0DF-356A7C0A84A9}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{ECB15FA4-6218-4EAD-81CD-60D2A0167036}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{ECCA11C6-8C20-464D-9122-098D2FF62CE1}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{ED7B0C1B-052D-4748-B068-507BA8C32178}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{EDC53275-5885-4B54-A580-C0C3242C10BB}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{EE833F10-3AE8-4BE4-BDB5-E789D2BD1A54}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{EE8F2A9B-1E16-472E-92A4-B709EE05DE6D}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{EFC6F43A-B71B-47AF-9EC1-0F8393E103CA}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{F0274887-C569-4390-9921-CA442856A4AB}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{F03CD774-59EA-4FDD-A92D-6A269278F630}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{F0C7FB79-00E0-45C9-B715-2DF92608280A}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{F0FC04CC-50E7-41A9-8587-754F651E2D98}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{F1BC008C-9F79-48A1-B364-AE03563C25EC}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{F1F92792-4438-4223-A1A8-477E7D34FCD9}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{F3B6176D-65CF-4B3E-B080-A93468396413}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{F504C39B-6593-4697-BEBA-3EB97DF39D45}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{F7392691-6C1B-45D8-9A2C-6B193562EE50}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{F955FC5F-535B-4B17-8347-183E41F50C18}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{F99A2E36-E46D-44CD-840E-3A3E16CF0CAE}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{FBA6BC10-9A5F-41D7-B388-322F68FC5A76}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{FD58E1C6-DC73-4808-8FBA-E714173E9A83}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{FE7E0BB9-2A48-40FE-851E-18BFF35EC954}
Successfully deleted: [Empty Folder] C:\Users\AnjaNarvik\appdata\local\{FFA23400-26A4-42FD-A8E3-FB9EE741481D}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.08.2013 at 21:15:04,78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-08-2013
Ran by AnjaNarvik (administrator) on 08-08-2013 21:18:07
Running from C:\Users\AnjaNarvik\Desktop
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Adobe Systems Incorporated) c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
(Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Windows\PLFSetI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Akamai Technologies, Inc) C:\Users\AnjaNarvik\AppData\Local\Akamai\netsession_win.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Marketsplash by HP\HPLocalWebPrintAgent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Akamai Technologies, Inc) C:\Users\AnjaNarvik\AppData\Local\Akamai\netsession_win.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Chicony) C:\Program Files (x86)\Video Web Camera\traybar.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe
(Corel) C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerEvent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-02-05] (Alcor Micro Corp.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2107176 2010-03-11] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10816544 2010-05-25] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2090528 2010-05-25] (Realtek Semiconductor)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [206208 2010-06-09] ()
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTrayLauncher.exe [496160 2010-06-15] (Acer Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [Zune Launcher] - C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)
HKCU\...\Run: [Facebook Update] - C:\Users\AnjaNarvik\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-14] (Facebook Inc.)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\AnjaNarvik\AppData\Local\Akamai\netsession_win.exe [3305760 2011-12-13] (Akamai Technologies, Inc)
HKCU\...\Run: [Google Update] - C:\Users\AnjaNarvik\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-12-27] (Google Inc.)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
MountPoints2: {fb8ebe3a-d16a-11e1-b52d-60eb6984783b} - F:\iStudio.exe
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe [263936 2010-06-29] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2011-09-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-06-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [Camera Assistant Software] - C:\Program Files (x86)\Video Web Camera\traybar.exe [600688 2010-10-22] (Chicony)
HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TrayServer] - C:\Program Files (x86)\MAGIX\Video_deluxe_15_silver\TrayServer.exe [90112 2008-08-07] (MAGIX AG)
HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de)
HKLM-x32\...\Run: [Ulead AutoDetector v2] - C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe [95504 2007-08-02] (Ulead Systems, Inc.)
HKLM-x32\...\Run: [Standby] - c:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe [105632 2009-11-10] (Corel)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [413696 2008-09-06] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [UIExec] - C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe [153424 2011-08-25] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe [154144 2010-07-29] ()
HKU\Hauke\...\Policies\system: [LogonHoursAction] 2
HKU\Hauke\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Marketsplash Drucksoftware.lnk
ShortcutTarget: Marketsplash Drucksoftware.lnk -> C:\Program Files (x86)\Hewlett-Packard\Marketsplash by HP\HPLocalWebPrintAgent.exe (Hewlett-Packard Company)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ICQ Sparberater - {FE163F11-1919-4257-A280-FF5AF8DAEECB} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.20

FireFox:
========
FF ProfilePath: C:\Users\AnjaNarvik\AppData\Roaming\Mozilla\Firefox\Profiles\2m4a4f7y.default
FF NetworkProxy: "type", 0
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Users\AnjaNarvik\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.15.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.15.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\6\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\AnjaNarvik\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\AnjaNarvik\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\AnjaNarvik\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\AnjaNarvik\AppData\Roaming\Mozilla\Firefox\Profiles\2m4a4f7y.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\AnjaNarvik\AppData\Roaming\Mozilla\Firefox\Profiles\2m4a4f7y.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\AnjaNarvik\AppData\Roaming\Mozilla\Firefox\Profiles\2m4a4f7y.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\AnjaNarvik\AppData\Roaming\Mozilla\Firefox\Profiles\2m4a4f7y.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Users\AnjaNarvik\AppData\Roaming\Mozilla\Firefox\Profiles\2m4a4f7y.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: Default Manager - C:\Users\AnjaNarvik\AppData\Roaming\Mozilla\Firefox\Profiles\2m4a4f7y.default\Extensions\DefaultManager@Microsoft
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox
FF Extension: Bing Bar - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\

Chrome: 
=======
CHR Extension: (Google Drive) - C:\Users\ANJANA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\ANJANA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\ANJANA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Norton Identity Protection) - C:\Users\ANJANA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.11.8_0
CHR Extension: (Gmail) - C:\Users\ANJANA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe [822304 2010-06-15] (Acer Incorporated)
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)
R2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [255744 2010-06-29] (NewTech Infosystems, Inc.)
R2 UI Assistant Service; C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe [270672 2011-08-25] ()
S2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group)

==================== Drivers (Whitelisted) ====================

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-08 21:15 - 2013-08-08 21:15 - 00028817 _____ C:\Users\AnjaNarvik\Desktop\JRT.txt
2013-08-08 21:09 - 2013-08-08 21:09 - 00000000 ____D C:\Windows\ERUNT
2013-08-08 21:00 - 2013-08-08 21:04 - 00009023 _____ C:\AdwCleaner[S1].txt
2013-08-08 21:00 - 2013-08-08 21:00 - 00957230 _____ (Oleg N. Scherbakov) C:\Users\AnjaNarvik\Desktop\JRT.exe
2013-08-08 20:59 - 2013-08-08 20:59 - 00666633 _____ C:\Users\AnjaNarvik\Desktop\adwcleaner.exe
2013-08-08 20:58 - 2013-08-08 20:58 - 00791488 _____ C:\Users\AnjaNarvik\Desktop\ZipOpenerSetup.exe
2013-08-07 15:49 - 2013-08-07 15:49 - 00377856 _____ C:\Users\AnjaNarvik\Desktop\gmer_2.1.19163.exe
2013-08-07 15:46 - 2013-08-07 15:46 - 00033872 _____ C:\Users\AnjaNarvik\Desktop\Addition.txt
2013-08-07 15:43 - 2013-08-07 15:43 - 01788943 _____ (Farbar) C:\Users\AnjaNarvik\Desktop\FRST64.exe
2013-08-07 15:41 - 2013-08-07 15:41 - 00050477 _____ C:\Users\AnjaNarvik\Desktop\Defogger.exe
2013-08-07 15:41 - 2013-08-07 15:41 - 00000482 _____ C:\Users\AnjaNarvik\Desktop\defogger_disable.log
2013-08-05 13:26 - 2013-08-05 13:26 - 00028808 _____ C:\Users\Hauke\Downloads\gmer.log
2013-08-05 13:26 - 2013-08-05 13:26 - 00028808 _____ C:\Users\Hauke\Desktop\gmer.log
2013-08-05 13:26 - 2013-08-05 13:26 - 00000000 ____D C:\Users\Hauke\AppData\Roaming\Malwarebytes
2013-08-05 13:24 - 2013-08-07 16:10 - 00025739 _____ C:\Users\AnjaNarvik\Desktop\gmer.log
2013-08-05 12:59 - 2013-08-05 12:59 - 00377856 _____ C:\Users\Hauke\Downloads\gmer_2.1.19163.exe
2013-08-05 12:57 - 2013-08-05 12:57 - 00021505 _____ C:\Users\Hauke\Desktop\FRST.txt
2013-08-05 12:57 - 2013-08-05 12:56 - 00033194 _____ C:\Users\Hauke\Desktop\Addition.txt
2013-08-05 12:56 - 2013-08-05 12:57 - 00021505 _____ C:\Users\Hauke\Downloads\FRST.txt
2013-08-05 12:56 - 2013-08-05 12:56 - 00033194 _____ C:\Users\Hauke\Downloads\Addition.txt
2013-08-05 12:55 - 2013-08-05 12:55 - 00000000 ____D C:\FRST
2013-08-05 12:50 - 2013-08-05 12:50 - 01788733 _____ (Farbar) C:\Users\Hauke\Downloads\FRST64.exe
2013-08-05 12:48 - 2013-08-05 12:48 - 00000482 _____ C:\Users\Hauke\Downloads\defogger_disable.log
2013-08-05 12:48 - 2013-08-05 12:48 - 00000482 _____ C:\Users\Hauke\Desktop\defogger_disable.log
2013-08-05 12:48 - 2013-08-05 12:48 - 00000000 _____ C:\Users\AnjaNarvik\defogger_reenable
2013-08-05 12:45 - 2013-08-05 12:45 - 00050477 _____ C:\Users\Hauke\Downloads\Defogger.exe
2013-08-05 12:34 - 2013-08-05 12:34 - 00000000 ____D C:\Users\Hauke\AppData\Roaming\Adobe
2013-08-05 12:04 - 2013-08-05 12:04 - 00000000 ____D C:\Users\AnjaNarvik\AppData\Roaming\Malwarebytes
2013-08-05 12:03 - 2013-08-05 12:03 - 00001085 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-05 12:03 - 2013-08-05 12:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-05 12:03 - 2013-08-05 12:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-05 12:03 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-05 12:01 - 2013-08-05 12:02 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Hauke\Downloads\mbam-setup-1.75.0.1300.exe

==================== One Month Modified Files and Folders =======

2013-08-08 21:15 - 2013-08-08 21:15 - 00028817 _____ C:\Users\AnjaNarvik\Desktop\JRT.txt
2013-08-08 21:13 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-08 21:13 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-08 21:11 - 2012-11-14 17:02 - 00000000 ____D C:\Program Files (x86)\Uniblue
2013-08-08 21:10 - 2011-03-19 16:20 - 01258072 _____ C:\Windows\WindowsUpdate.log
2013-08-08 21:09 - 2013-08-08 21:09 - 00000000 ____D C:\Windows\ERUNT
2013-08-08 21:06 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-08 21:06 - 2009-07-14 06:51 - 00104559 _____ C:\Windows\setupact.log
2013-08-08 21:04 - 2013-08-08 21:00 - 00009023 _____ C:\AdwCleaner[S1].txt
2013-08-08 21:00 - 2013-08-08 21:00 - 00957230 _____ (Oleg N. Scherbakov) C:\Users\AnjaNarvik\Desktop\JRT.exe
2013-08-08 20:59 - 2013-08-08 20:59 - 00666633 _____ C:\Users\AnjaNarvik\Desktop\adwcleaner.exe
2013-08-08 20:58 - 2013-08-08 20:58 - 00791488 _____ C:\Users\AnjaNarvik\Desktop\ZipOpenerSetup.exe
2013-08-08 20:58 - 2011-12-16 13:06 - 00000000 ____D C:\Users\ANJANA~1\AppData\Local\Akamai
2013-08-08 20:53 - 2012-12-27 17:25 - 00001140 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3911863923-1940824208-2522442793-1001UA.job
2013-08-08 20:24 - 2011-10-17 23:17 - 00001158 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3911863923-1940824208-2522442793-1001UA.job
2013-08-08 20:01 - 2012-12-27 17:25 - 00001088 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3911863923-1940824208-2522442793-1001Core.job
2013-08-08 15:02 - 2011-10-17 23:17 - 00001136 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3911863923-1940824208-2522442793-1001Core.job
2013-08-07 16:10 - 2013-08-05 13:24 - 00025739 _____ C:\Users\AnjaNarvik\Desktop\gmer.log
2013-08-07 15:49 - 2013-08-07 15:49 - 00377856 _____ C:\Users\AnjaNarvik\Desktop\gmer_2.1.19163.exe
2013-08-07 15:48 - 2012-12-27 17:25 - 00004120 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3911863923-1940824208-2522442793-1001UA
2013-08-07 15:48 - 2012-12-27 17:25 - 00003724 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3911863923-1940824208-2522442793-1001Core
2013-08-07 15:46 - 2013-08-07 15:46 - 00033872 _____ C:\Users\AnjaNarvik\Desktop\Addition.txt
2013-08-07 15:43 - 2013-08-07 15:43 - 01788943 _____ (Farbar) C:\Users\AnjaNarvik\Desktop\FRST64.exe
2013-08-07 15:41 - 2013-08-07 15:41 - 00050477 _____ C:\Users\AnjaNarvik\Desktop\Defogger.exe
2013-08-07 15:41 - 2013-08-07 15:41 - 00000482 _____ C:\Users\AnjaNarvik\Desktop\defogger_disable.log
2013-08-07 15:38 - 2011-09-18 19:43 - 00379536 _____ C:\Windows\PFRO.log
2013-08-05 15:54 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-05 13:26 - 2013-08-05 13:26 - 00028808 _____ C:\Users\Hauke\Downloads\gmer.log
2013-08-05 13:26 - 2013-08-05 13:26 - 00028808 _____ C:\Users\Hauke\Desktop\gmer.log
2013-08-05 13:26 - 2013-08-05 13:26 - 00000000 ____D C:\Users\Hauke\AppData\Roaming\Malwarebytes
2013-08-05 12:59 - 2013-08-05 12:59 - 00377856 _____ C:\Users\Hauke\Downloads\gmer_2.1.19163.exe
2013-08-05 12:57 - 2013-08-05 12:57 - 00021505 _____ C:\Users\Hauke\Desktop\FRST.txt
2013-08-05 12:57 - 2013-08-05 12:56 - 00021505 _____ C:\Users\Hauke\Downloads\FRST.txt
2013-08-05 12:56 - 2013-08-05 12:57 - 00033194 _____ C:\Users\Hauke\Desktop\Addition.txt
2013-08-05 12:56 - 2013-08-05 12:56 - 00033194 _____ C:\Users\Hauke\Downloads\Addition.txt
2013-08-05 12:55 - 2013-08-05 12:55 - 00000000 ____D C:\FRST
2013-08-05 12:50 - 2013-08-05 12:50 - 01788733 _____ (Farbar) C:\Users\Hauke\Downloads\FRST64.exe
2013-08-05 12:48 - 2013-08-05 12:48 - 00000482 _____ C:\Users\Hauke\Downloads\defogger_disable.log
2013-08-05 12:48 - 2013-08-05 12:48 - 00000482 _____ C:\Users\Hauke\Desktop\defogger_disable.log
2013-08-05 12:48 - 2013-08-05 12:48 - 00000000 _____ C:\Users\AnjaNarvik\defogger_reenable
2013-08-05 12:48 - 2011-09-17 07:22 - 00000000 ____D C:\Users\AnjaNarvik
2013-08-05 12:47 - 2011-11-03 07:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-05 12:45 - 2013-08-05 12:45 - 00050477 _____ C:\Users\Hauke\Downloads\Defogger.exe
2013-08-05 12:34 - 2013-08-05 12:34 - 00000000 ____D C:\Users\Hauke\AppData\Roaming\Adobe
2013-08-05 12:27 - 2011-03-20 01:12 - 00654844 _____ C:\Windows\system32\perfh007.dat
2013-08-05 12:27 - 2011-03-20 01:12 - 00130426 _____ C:\Windows\system32\perfc007.dat
2013-08-05 12:27 - 2009-07-14 07:13 - 01500254 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-05 12:04 - 2013-08-05 12:04 - 00000000 ____D C:\Users\AnjaNarvik\AppData\Roaming\Malwarebytes
2013-08-05 12:03 - 2013-08-05 12:03 - 00001085 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-05 12:03 - 2013-08-05 12:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-05 12:03 - 2013-08-05 12:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-05 12:02 - 2013-08-05 12:01 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Hauke\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-05 11:57 - 2013-04-19 14:01 - 00001328 __RSH C:\Users\Hauke\ntuser.pol
2013-08-05 11:57 - 2013-04-19 13:49 - 00000000 ____D C:\Users\Hauke

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-05 14:46

==================== End Of Log ============================

--- --- ---

--- --- ---

schrauber · 09.08.2013, 10:20

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Narvik · 09.08.2013, 15:32

Doofe Frage, der Scan läuft seit heute Mittag. Es sieht jetzt aus, als wäre er fertig. Es ist auch ein Logfile im Ordner. Allerdings steht da nichts von Finish. Nicht dass ich das ganze zu früh schließe???

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=5d12974da39ea541b52a5fb8d9ca2c5f
# engine=14707
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-09 01:14:48
# local_time=2013-08-09 03:14:48 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=5893 16776574 100 94 53892747 127683938 0 0
# scanned=342248
# found=1
# cleaned=0
# scan_time=9044
sh=54C812F015CD8780822C38B95F205AB7C2364630 ft=0 fh=0000000000000000 vn="Win32/LockScreen.AXJ trojan" ac=I fn="C:\Users\AnjaNarvik\AppData\Local\Temp\index.html"

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.71  
 Windows 7  x64 (UAC is enabled)  
 Out of date service pack!! 
``````````````Antivirus/Firewall Check:`````````````` 
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java 7 Update 15  
 Java version out of Date! 
 Adobe Flash Player 10 Flash Player out of Date! 
 Adobe Reader 9 Adobe Reader out of Date! 
 Mozilla Firefox 12.0 Firefox out of Date!  
 Google Chrome 27.0.1453.94  
 Google Chrome 28.0.1500.95  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 Symantec Norton Online Backup NOBuAgent.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-08-2013
Ran by AnjaNarvik (administrator) on 09-08-2013 16:30:22
Running from C:\Users\AnjaNarvik\Desktop
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Adobe Systems Incorporated) c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
(Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
(Acer Group) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Windows\PLFSetI.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Marketsplash by HP\HPLocalWebPrintAgent.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Chicony) C:\Program Files (x86)\Video Web Camera\traybar.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerEvent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Akamai Technologies, Inc) C:\Users\AnjaNarvik\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc) C:\Users\AnjaNarvik\AppData\Local\Akamai\netsession_win.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Corel) C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-02-05] (Alcor Micro Corp.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2107176 2010-03-11] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10816544 2010-05-25] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2090528 2010-05-25] (Realtek Semiconductor)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [206208 2010-06-09] ()
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTrayLauncher.exe [496160 2010-06-15] (Acer Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [Zune Launcher] - C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)
HKCU\...\Run: [Facebook Update] - C:\Users\AnjaNarvik\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-14] (Facebook Inc.)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\AnjaNarvik\AppData\Local\Akamai\netsession_win.exe [3305760 2011-12-13] (Akamai Technologies, Inc)
HKCU\...\Run: [Google Update] - C:\Users\AnjaNarvik\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-12-27] (Google Inc.)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
MountPoints2: {fb8ebe3a-d16a-11e1-b52d-60eb6984783b} - F:\iStudio.exe
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe [263936 2010-06-29] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2011-09-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-06-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [Camera Assistant Software] - C:\Program Files (x86)\Video Web Camera\traybar.exe [600688 2010-10-22] (Chicony)
HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TrayServer] - C:\Program Files (x86)\MAGIX\Video_deluxe_15_silver\TrayServer.exe [90112 2008-08-07] (MAGIX AG)
HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de)
HKLM-x32\...\Run: [Ulead AutoDetector v2] - C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe [95504 2007-08-02] (Ulead Systems, Inc.)
HKLM-x32\...\Run: [Standby] - c:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe [105632 2009-11-10] (Corel)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [413696 2008-09-06] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [UIExec] - C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe [153424 2011-08-25] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe [154144 2010-07-29] ()
HKU\Hauke\...\Policies\system: [LogonHoursAction] 2
HKU\Hauke\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Marketsplash Drucksoftware.lnk
ShortcutTarget: Marketsplash Drucksoftware.lnk -> C:\Program Files (x86)\Hewlett-Packard\Marketsplash by HP\HPLocalWebPrintAgent.exe (Hewlett-Packard Company)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ICQ Sparberater - {FE163F11-1919-4257-A280-FF5AF8DAEECB} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.20

FireFox:
========
FF ProfilePath: C:\Users\AnjaNarvik\AppData\Roaming\Mozilla\Firefox\Profiles\2m4a4f7y.default
FF NetworkProxy: "type", 0
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Users\AnjaNarvik\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.15.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.15.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\6\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\AnjaNarvik\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\AnjaNarvik\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\AnjaNarvik\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\AnjaNarvik\AppData\Roaming\Mozilla\Firefox\Profiles\2m4a4f7y.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\AnjaNarvik\AppData\Roaming\Mozilla\Firefox\Profiles\2m4a4f7y.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\AnjaNarvik\AppData\Roaming\Mozilla\Firefox\Profiles\2m4a4f7y.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\AnjaNarvik\AppData\Roaming\Mozilla\Firefox\Profiles\2m4a4f7y.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Users\AnjaNarvik\AppData\Roaming\Mozilla\Firefox\Profiles\2m4a4f7y.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: Default Manager - C:\Users\AnjaNarvik\AppData\Roaming\Mozilla\Firefox\Profiles\2m4a4f7y.default\Extensions\DefaultManager@Microsoft
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox
FF Extension: Bing Bar - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\

Chrome: 
=======
CHR Extension: (Google Drive) - C:\Users\ANJANA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\ANJANA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\ANJANA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Norton Identity Protection) - C:\Users\ANJANA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.11.8_0
CHR Extension: (Gmail) - C:\Users\ANJANA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe [822304 2010-06-15] (Acer Incorporated)
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)
R2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [255744 2010-06-29] (NewTech Infosystems, Inc.)
R2 UI Assistant Service; C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe [270672 2011-08-25] ()
R2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group)

==================== Drivers (Whitelisted) ====================

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-09 12:40 - 2013-08-09 12:40 - 02347384 _____ (ESET) C:\Users\AnjaNarvik\Desktop\esetsmartinstaller_enu.exe
2013-08-09 12:03 - 2013-08-09 12:03 - 00891098 _____ C:\Users\AnjaNarvik\Desktop\SecurityCheck.exe
2013-08-08 21:15 - 2013-08-08 21:15 - 00028817 _____ C:\Users\AnjaNarvik\Desktop\JRT.txt
2013-08-08 21:09 - 2013-08-08 21:09 - 00000000 ____D C:\Windows\ERUNT
2013-08-08 21:00 - 2013-08-08 21:04 - 00009023 _____ C:\AdwCleaner[S1].txt
2013-08-08 21:00 - 2013-08-08 21:00 - 00957230 _____ (Oleg N. Scherbakov) C:\Users\AnjaNarvik\Desktop\JRT.exe
2013-08-08 20:59 - 2013-08-08 20:59 - 00666633 _____ C:\Users\AnjaNarvik\Desktop\adwcleaner.exe
2013-08-08 20:58 - 2013-08-08 20:58 - 00791488 _____ C:\Users\AnjaNarvik\Desktop\ZipOpenerSetup.exe
2013-08-07 15:49 - 2013-08-07 15:49 - 00377856 _____ C:\Users\AnjaNarvik\Desktop\gmer_2.1.19163.exe
2013-08-07 15:46 - 2013-08-07 15:46 - 00033872 _____ C:\Users\AnjaNarvik\Desktop\Addition.txt
2013-08-07 15:43 - 2013-08-07 15:43 - 01788943 _____ (Farbar) C:\Users\AnjaNarvik\Desktop\FRST64.exe
2013-08-07 15:41 - 2013-08-07 15:41 - 00050477 _____ C:\Users\AnjaNarvik\Desktop\Defogger.exe
2013-08-07 15:41 - 2013-08-07 15:41 - 00000482 _____ C:\Users\AnjaNarvik\Desktop\defogger_disable.log
2013-08-05 13:26 - 2013-08-05 13:26 - 00028808 _____ C:\Users\Hauke\Downloads\gmer.log
2013-08-05 13:26 - 2013-08-05 13:26 - 00028808 _____ C:\Users\Hauke\Desktop\gmer.log
2013-08-05 13:26 - 2013-08-05 13:26 - 00000000 ____D C:\Users\Hauke\AppData\Roaming\Malwarebytes
2013-08-05 13:24 - 2013-08-07 16:10 - 00025739 _____ C:\Users\AnjaNarvik\Desktop\gmer.log
2013-08-05 12:59 - 2013-08-05 12:59 - 00377856 _____ C:\Users\Hauke\Downloads\gmer_2.1.19163.exe
2013-08-05 12:57 - 2013-08-05 12:57 - 00021505 _____ C:\Users\Hauke\Desktop\FRST.txt
2013-08-05 12:57 - 2013-08-05 12:56 - 00033194 _____ C:\Users\Hauke\Desktop\Addition.txt
2013-08-05 12:56 - 2013-08-05 12:57 - 00021505 _____ C:\Users\Hauke\Downloads\FRST.txt
2013-08-05 12:56 - 2013-08-05 12:56 - 00033194 _____ C:\Users\Hauke\Downloads\Addition.txt
2013-08-05 12:55 - 2013-08-05 12:55 - 00000000 ____D C:\FRST
2013-08-05 12:50 - 2013-08-05 12:50 - 01788733 _____ (Farbar) C:\Users\Hauke\Downloads\FRST64.exe
2013-08-05 12:48 - 2013-08-05 12:48 - 00000482 _____ C:\Users\Hauke\Downloads\defogger_disable.log
2013-08-05 12:48 - 2013-08-05 12:48 - 00000482 _____ C:\Users\Hauke\Desktop\defogger_disable.log
2013-08-05 12:48 - 2013-08-05 12:48 - 00000000 _____ C:\Users\AnjaNarvik\defogger_reenable
2013-08-05 12:45 - 2013-08-05 12:45 - 00050477 _____ C:\Users\Hauke\Downloads\Defogger.exe
2013-08-05 12:34 - 2013-08-05 12:34 - 00000000 ____D C:\Users\Hauke\AppData\Roaming\Adobe
2013-08-05 12:04 - 2013-08-05 12:04 - 00000000 ____D C:\Users\AnjaNarvik\AppData\Roaming\Malwarebytes
2013-08-05 12:03 - 2013-08-05 12:03 - 00001085 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-05 12:03 - 2013-08-05 12:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-05 12:03 - 2013-08-05 12:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-05 12:03 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-05 12:01 - 2013-08-05 12:02 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Hauke\Downloads\mbam-setup-1.75.0.1300.exe

==================== One Month Modified Files and Folders =======

2013-08-09 16:17 - 2011-03-19 16:20 - 01281977 _____ C:\Windows\WindowsUpdate.log
2013-08-09 16:12 - 2011-12-16 13:06 - 00000000 ____D C:\Users\ANJANA~1\AppData\Local\Akamai
2013-08-09 15:53 - 2012-12-27 17:25 - 00001140 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3911863923-1940824208-2522442793-1001UA.job
2013-08-09 15:53 - 2012-12-27 17:25 - 00001088 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3911863923-1940824208-2522442793-1001Core.job
2013-08-09 14:24 - 2011-10-17 23:17 - 00001158 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3911863923-1940824208-2522442793-1001UA.job
2013-08-09 12:42 - 2011-03-20 01:12 - 00654844 _____ C:\Windows\system32\perfh007.dat
2013-08-09 12:42 - 2011-03-20 01:12 - 00130426 _____ C:\Windows\system32\perfc007.dat
2013-08-09 12:42 - 2009-07-14 07:13 - 01500254 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-09 12:40 - 2013-08-09 12:40 - 02347384 _____ (ESET) C:\Users\AnjaNarvik\Desktop\esetsmartinstaller_enu.exe
2013-08-09 12:03 - 2013-08-09 12:03 - 00891098 _____ C:\Users\AnjaNarvik\Desktop\SecurityCheck.exe
2013-08-09 11:57 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-09 11:57 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-09 11:49 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-09 11:49 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-09 11:49 - 2009-07-14 06:51 - 00104615 _____ C:\Windows\setupact.log
2013-08-08 21:42 - 2012-02-10 20:33 - 00000030 _____ C:\Windows\iedit.INI
2013-08-08 21:15 - 2013-08-08 21:15 - 00028817 _____ C:\Users\AnjaNarvik\Desktop\JRT.txt
2013-08-08 21:11 - 2012-11-14 17:02 - 00000000 ____D C:\Program Files (x86)\Uniblue
2013-08-08 21:09 - 2013-08-08 21:09 - 00000000 ____D C:\Windows\ERUNT
2013-08-08 21:04 - 2013-08-08 21:00 - 00009023 _____ C:\AdwCleaner[S1].txt
2013-08-08 21:00 - 2013-08-08 21:00 - 00957230 _____ (Oleg N. Scherbakov) C:\Users\AnjaNarvik\Desktop\JRT.exe
2013-08-08 20:59 - 2013-08-08 20:59 - 00666633 _____ C:\Users\AnjaNarvik\Desktop\adwcleaner.exe
2013-08-08 20:58 - 2013-08-08 20:58 - 00791488 _____ C:\Users\AnjaNarvik\Desktop\ZipOpenerSetup.exe
2013-08-08 15:02 - 2011-10-17 23:17 - 00001136 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3911863923-1940824208-2522442793-1001Core.job
2013-08-07 16:10 - 2013-08-05 13:24 - 00025739 _____ C:\Users\AnjaNarvik\Desktop\gmer.log
2013-08-07 15:49 - 2013-08-07 15:49 - 00377856 _____ C:\Users\AnjaNarvik\Desktop\gmer_2.1.19163.exe
2013-08-07 15:48 - 2012-12-27 17:25 - 00004120 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3911863923-1940824208-2522442793-1001UA
2013-08-07 15:48 - 2012-12-27 17:25 - 00003724 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3911863923-1940824208-2522442793-1001Core
2013-08-07 15:46 - 2013-08-07 15:46 - 00033872 _____ C:\Users\AnjaNarvik\Desktop\Addition.txt
2013-08-07 15:43 - 2013-08-07 15:43 - 01788943 _____ (Farbar) C:\Users\AnjaNarvik\Desktop\FRST64.exe
2013-08-07 15:41 - 2013-08-07 15:41 - 00050477 _____ C:\Users\AnjaNarvik\Desktop\Defogger.exe
2013-08-07 15:41 - 2013-08-07 15:41 - 00000482 _____ C:\Users\AnjaNarvik\Desktop\defogger_disable.log
2013-08-07 15:38 - 2011-09-18 19:43 - 00379536 _____ C:\Windows\PFRO.log
2013-08-05 15:54 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-05 13:26 - 2013-08-05 13:26 - 00028808 _____ C:\Users\Hauke\Downloads\gmer.log
2013-08-05 13:26 - 2013-08-05 13:26 - 00028808 _____ C:\Users\Hauke\Desktop\gmer.log
2013-08-05 13:26 - 2013-08-05 13:26 - 00000000 ____D C:\Users\Hauke\AppData\Roaming\Malwarebytes
2013-08-05 12:59 - 2013-08-05 12:59 - 00377856 _____ C:\Users\Hauke\Downloads\gmer_2.1.19163.exe
2013-08-05 12:57 - 2013-08-05 12:57 - 00021505 _____ C:\Users\Hauke\Desktop\FRST.txt
2013-08-05 12:57 - 2013-08-05 12:56 - 00021505 _____ C:\Users\Hauke\Downloads\FRST.txt
2013-08-05 12:56 - 2013-08-05 12:57 - 00033194 _____ C:\Users\Hauke\Desktop\Addition.txt
2013-08-05 12:56 - 2013-08-05 12:56 - 00033194 _____ C:\Users\Hauke\Downloads\Addition.txt
2013-08-05 12:55 - 2013-08-05 12:55 - 00000000 ____D C:\FRST
2013-08-05 12:50 - 2013-08-05 12:50 - 01788733 _____ (Farbar) C:\Users\Hauke\Downloads\FRST64.exe
2013-08-05 12:48 - 2013-08-05 12:48 - 00000482 _____ C:\Users\Hauke\Downloads\defogger_disable.log
2013-08-05 12:48 - 2013-08-05 12:48 - 00000482 _____ C:\Users\Hauke\Desktop\defogger_disable.log
2013-08-05 12:48 - 2013-08-05 12:48 - 00000000 _____ C:\Users\AnjaNarvik\defogger_reenable
2013-08-05 12:48 - 2011-09-17 07:22 - 00000000 ____D C:\Users\AnjaNarvik
2013-08-05 12:47 - 2011-11-03 07:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-05 12:45 - 2013-08-05 12:45 - 00050477 _____ C:\Users\Hauke\Downloads\Defogger.exe
2013-08-05 12:34 - 2013-08-05 12:34 - 00000000 ____D C:\Users\Hauke\AppData\Roaming\Adobe
2013-08-05 12:04 - 2013-08-05 12:04 - 00000000 ____D C:\Users\AnjaNarvik\AppData\Roaming\Malwarebytes
2013-08-05 12:03 - 2013-08-05 12:03 - 00001085 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-05 12:03 - 2013-08-05 12:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-05 12:03 - 2013-08-05 12:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-05 12:02 - 2013-08-05 12:01 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Hauke\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-05 11:57 - 2013-04-19 14:01 - 00001328 __RSH C:\Users\Hauke\ntuser.pol
2013-08-05 11:57 - 2013-04-19 13:49 - 00000000 ____D C:\Users\Hauke

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-05 14:46

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Zitat:

Zitat von schrauber

. Noch Probleme?

Nööö, sieht nicht so aus

schrauber · 10.08.2013, 09:30

Java, Flash, Adobe, Firefox und Windows komplett updaten.

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Narvik · 11.08.2013, 13:56

Soo, ich habe jetzt glaub ich alles erledigt. Zumindest, was das Löschen und so angeht.
Werde mal schauen, was ich noch an Sicherheitssachen drauf packen soll/darf.

Ein Logfile muss ich nicht noch posten, nicht dass ich was überlesen habe????

Ansonsten

Alles erledigt. Kannst den Thread aus deinen Abos löschen.
Danke für die tolle Hilfe

schrauber · 11.08.2013, 16:41

Gern Geschehen

05.08.2013, 19:25	#4
schrauber /// the machine /// TB-Ausbilder	GVU-Trojaner: Win7, PB-Notebook Wenn das Hauptkonto mit dem Problem nicht zur vollen verfügung steht mach bitte obigen Scan. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

11.08.2013, 16:41	#14
schrauber /// the machine /// TB-Ausbilder	GVU-Trojaner: Win7, PB-Notebook Gern Geschehen __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

GVU-Trojaner: Win7, PB-Notebook

Log-Analyse und Auswertung: GVU-Trojaner: Win7, PB-Notebook