Snap.Do

Steffen50 · 30.11.2013, 15:05

Habe auf meinen PC Snap.Do, den ich mit Cleaner nicht runterbekomme,auch mit anderen Programmen wie Malwarebytes nicht. Was tun und welchen Schaden richtet das Programm an?

schrauber · 30.11.2013, 16:15

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Steffen50 · 03.12.2013, 23:08

FRST.txt
FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-11-2013 01
Ran by steffen (administrator) on STEFFEN-MSI on 03-12-2013 21:56:09
Running from C:\Users\steffen\Downloads
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(IdeaCom Technology Inc.) C:\Program Files\IdeaCom\TSC\ETSCSERVICE.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\windows\SYSTEM32\WISPTIS.EXE
(Microsoft Corporation) C:\windows\SYSTEM32\WISPTIS.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
(Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(MICRO-STAR INT'L,.LTD.) C:\Program Files\msi\WMIHookBtnFn\WMI_Hook_Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
() C:\Program Files\Samsung\Samsung CLX-216x Series\SPanel\PSU\Scan2pc.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Samsung) C:\Program Files\Samsung\NetworkScan\NSCSysTrayUI.exe
(Nikon Corporation) C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
(Microsoft Corporation) C:\windows\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Microsoft Corporation) C:\windows\system32\wbengine.exe
(Microsoft Corporation) C:\windows\System32\vds.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7739936 2009-09-22] (Realtek Semiconductor)
HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Maple_S2P] - C:\Program Files\Samsung\Samsung CLX-216x Series\SPanel\PSU\Scan2pc.exe [253952 2007-01-16] ()
HKLM\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [520192 2007-04-19] ()
HKLM\...\Run: [NSCSysTrayUI] - C:\Program Files\Samsung\NetworkScan\NSCSysTrayUI.exe [270336 2007-04-18] (Samsung)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [286720 2007-12-11] (Apple Inc.)
HKLM\...\Run: [Nikon Transfer Monitor] - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe [479232 2008-12-16] (Nikon Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://msi.msn.com
SearchScopes: HKLM - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1QzuyEtDyCtCzzyCyEzzzy0EtAyB0FyEyBzytN0D0Tzu0CyCzztAtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=1372341782&ir=
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1QzuyEtDyCtCzzyCyEzzzy0EtAyB0FyEyBzytN0D0Tzu0CyCzztAtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=1372341782&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {2DDABD8C-06D4-713F-4DEB-6E86818ACF87} URL = hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=de0b2714-f2ae-b13c-04ec-67d666cb7aa8&searchtype=ds&q={searchTerms}&installDate=02/11/2013
SearchScopes: HKLM - {CA367895-CAA8-4C2F-8961-7D498186545D} URL = hxxp://www.bing.com/search?q={searchTerms}&amp;form=MSITDF&amp;pc=MAMI&amp;src=IE-SearchBox
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1QzuyEtDyCtCzzyCyEzzzy0EtAyB0FyEyBzytN0D0Tzu0CyCzztAtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=1372341782&ir=
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1QzuyEtDyCtCzzyCyEzzzy0EtAyB0FyEyBzytN0D0Tzu0CyCzztAtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=1372341782&ir=
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=5037002421D09EA9&affID=119392&tsp=5035
SearchScopes: HKCU - {2DDABD8C-06D4-713F-4DEB-6E86818ACF87} URL = hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=de0b2714-f2ae-b13c-04ec-67d666cb7aa8&searchtype=ds&q={searchTerms}&installDate=02/11/2013
SearchScopes: HKCU - {CA367895-CAA8-4C2F-8961-7D498186545D} URL = 
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: PassWidget - {4996fddf-da1e-4ad2-81f0-2de7d6ee2d66} - C:\Program Files\Pass-Widget\134.dll ()
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\IPSBHO.dll (Symantec Corporation)
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\steffen\AppData\Roaming\Mozilla\Firefox\Profiles\smkd6831.default
FF user.js: detected! => C:\Users\steffen\AppData\Roaming\Mozilla\Firefox\Profiles\smkd6831.default\user.js
FF NewTab: hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=de0b2714-f2ae-b13c-04ec-67d666cb7aa8&searchtype=nt&installDate=02/11/2013
FF DefaultSearchEngine: Mysearchdial
FF SearchEngineOrder.1: Mysearchdial
FF SelectedSearchEngine: Mysearchdial
FF Homepage: hxxp://metager.de/
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\steffen\AppData\Roaming\Mozilla\Firefox\Profiles\smkd6831.default\searchplugins\Mysearchdial.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Filesfrog Update Checker - C:\Users\steffen\AppData\Roaming\Mozilla\Firefox\Profiles\smkd6831.default\Extensions\{97A78363-B868-4B48-AC91-A783A31215AF}
FF Extension: MySearchDial NewTab - C:\Users\steffen\AppData\Roaming\Mozilla\Firefox\Profiles\smkd6831.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
FF Extension: Snap.Do  - C:\Users\steffen\AppData\Roaming\Mozilla\Firefox\Profiles\smkd6831.default\Extensions\{de0b2714-f2ae-b13c-04ec-67d666cb7aa8}
FF Extension: Adblock Plus - C:\Users\steffen\AppData\Roaming\Mozilla\Firefox\Profiles\smkd6831.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{8545daff-ad1e-493f-a37e-eed1ac79682b}
FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
FF HKCU\...\Firefox\Extensions: [{348179c6-ba7b-4aaf-92fa-6bd1702662b9}] - C:\Program Files\Pass-Widget\134.xpi
FF Extension: No Name - C:\Program Files\Pass-Widget\134.xpi

========================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 ETSCSERVICE; C:\Program Files\IdeaCom\TSC\ETSCSERVICE.exe [204800 2009-09-05] (IdeaCom Technology Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\16.8.3.6\diMaster.dll [135024 2013-10-17] (Symantec Corporation)
R2 WMI_Hook_Service; C:\Program Files\msi\WMIHookBtnFn\WMI_Hook_Service.exe [101376 2009-09-25] (MICRO-STAR INT'L,.LTD.)

==================== Drivers (Whitelisted) ====================

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [17920 2008-04-25] (ArcSoft, Inc.)
R1 BHDrvx86; C:\Windows\System32\Drivers\NIS\1008030.006\BHDrvx86.sys [259632 2010-01-20] (Symantec Corporation)
R1 ccHP; C:\Windows\System32\Drivers\NIS\1008030.006\ccHPx86.sys [467592 2013-10-17] (Symantec Corporation)
S2 DgiVecp; C:\windows\system32\Drivers\DgiVecp.sys [41984 2007-01-17] (Samsung Electronics Co., Ltd.)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-19] (Symantec Corporation)
S3 enecirhid; C:\Windows\system32\DRIVERS\enecirhid.sys [11776 2009-05-20] (ENE TECHNOLOGY INC.)
S3 enecirhidma; C:\Windows\system32\DRIVERS\enecirhidma.sys [5632 2008-04-25] (ENE TECHNOLOGY INC.)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-11-19] (Symantec Corporation)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20131202.001\IDSvix86.sys [393816 2013-10-25] (Symantec Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20131203.002\NAVENG.SYS [93272 2013-10-14] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20131203.002\NAVEX15.SYS [1612376 2013-10-14] (Symantec Corporation)
R0 nvamacpi; C:\Windows\System32\DRIVERS\NVAMACPI.sys [24608 2009-07-17] (NVIDIA Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NIS\1008030.006\SRTSP.SYS [308272 2009-10-07] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1008030.006\SRTSPX.SYS [43696 2009-10-07] (Symantec Corporation)
R2 SSPORT; C:\windows\system32\Drivers\SSPORT.sys [5120 2007-01-16] (Samsung Electronics)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1008030.006\SYMEFA.SYS [310320 2009-10-07] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT.SYS [124976 2013-10-14] (Symantec Corporation)
R3 SYMFW; C:\Windows\System32\Drivers\NIS\1008030.006\SYMFW.SYS [89976 2011-09-22] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [25648 2009-10-07] (Symantec Corporation)
R3 SYMNDISV; C:\Windows\System32\Drivers\NIS\1008030.006\SYMNDISV.SYS [48760 2011-09-22] (Symantec Corporation)
R1 SYMTDI; C:\Windows\System32\Drivers\NIS\1008030.006\SYMTDI.SYS [217464 2011-09-22] (Symantec Corporation)
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-03 21:45 - 2013-12-03 21:46 - 01092545 _____ (Farbar) C:\Users\steffen\Downloads\FRST(1).exe
2013-12-01 14:42 - 2013-12-01 14:42 - 00000304 _____ C:\windows\PFRO.log
2013-11-30 15:24 - 2013-12-03 21:35 - 00000336 _____ C:\windows\setupact.log
2013-11-30 15:24 - 2013-11-30 15:24 - 00000000 _____ C:\windows\setuperr.log
2013-11-30 15:12 - 2013-12-01 11:06 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-30 15:11 - 2013-12-01 11:06 - 00000000 ____D C:\Users\steffen\Desktop\mbar
2013-11-30 15:11 - 2013-12-01 09:33 - 00075992 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2013-11-30 15:08 - 2013-11-30 15:10 - 12576792 _____ (Malwarebytes Corp.) C:\Users\steffen\Downloads\mbar-1.07.0.1007.exe
2013-11-30 14:05 - 2013-11-30 14:27 - 00000000 ____D C:\Users\steffen\AppData\Roaming\systweak
2013-11-30 14:05 - 2013-11-05 14:38 - 01122304 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\windows\system32\libeay32.dll
2013-11-30 14:05 - 2013-11-05 14:38 - 00274432 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\windows\system32\ssleay32.dll
2013-11-30 14:05 - 2012-12-10 11:04 - 00356352 _____ (eSellerate Inc.) C:\windows\eSellerateEngine.dll
2013-11-30 14:05 - 2012-12-10 11:04 - 00081920 _____ (eSellerate Inc.) C:\windows\eSellerateControl350.dll
2013-11-30 13:58 - 2013-11-30 13:59 - 04618136 _____ (Piriform Ltd) C:\Users\steffen\Downloads\ccsetup408.exe
2013-11-30 12:55 - 2013-11-30 12:55 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-11-30 12:54 - 2013-11-30 12:54 - 06951048 _____ (Microsoft Corporation) C:\Users\steffen\Downloads\Silverlight.exe
2013-11-17 12:48 - 2013-11-17 12:48 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-13 21:13 - 2013-11-13 21:13 - 00161538 _____ C:\Users\steffen\Downloads\Datei1.txt
2013-11-13 21:13 - 2013-11-13 21:13 - 00017433 _____ C:\Users\steffen\Downloads\Datei2.txt
2013-11-13 21:12 - 2013-11-13 21:12 - 00017433 _____ C:\Users\steffen\Downloads\Addition.txt
2013-11-13 21:11 - 2013-12-03 21:56 - 00014835 _____ C:\Users\steffen\Downloads\FRST.txt
2013-11-13 21:11 - 2013-11-13 21:11 - 00000000 ____D C:\FRST
2013-11-13 21:10 - 2013-11-13 21:10 - 01090351 _____ (Farbar) C:\Users\steffen\Downloads\FRST.exe
2013-11-13 20:34 - 2013-11-14 22:29 - 00000000 ____D C:\Users\steffen\AppData\Roaming\Skype
2013-11-13 20:33 - 2013-11-14 21:04 - 00000000 ___RD C:\Program Files\Skype
2013-11-13 20:33 - 2013-11-13 20:33 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-11-13 20:31 - 2013-11-13 20:31 - 00000000 ____D C:\Users\steffen\AppData\Local\Google

==================== One Month Modified Files and Folders =======

2013-12-03 21:57 - 2013-11-13 21:11 - 00014835 _____ C:\Users\steffen\Downloads\FRST.txt
2013-12-03 21:46 - 2013-12-03 21:45 - 01092545 _____ (Farbar) C:\Users\steffen\Downloads\FRST(1).exe
2013-12-03 21:42 - 2009-07-14 05:34 - 00017376 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-03 21:42 - 2009-07-14 05:34 - 00017376 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-03 21:38 - 2013-10-14 19:15 - 01956399 _____ C:\windows\WindowsUpdate.log
2013-12-03 21:35 - 2013-11-30 15:24 - 00000336 _____ C:\windows\setupact.log
2013-12-03 21:35 - 2013-10-14 21:43 - 00000372 _____ C:\windows\Tasks\PassWidget Update.job
2013-12-03 21:35 - 2009-07-14 05:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-12-01 14:42 - 2013-12-01 14:42 - 00000304 _____ C:\windows\PFRO.log
2013-12-01 14:41 - 2009-07-14 03:37 - 00000000 ____D C:\windows\Web
2013-12-01 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\windows\rescache
2013-12-01 11:06 - 2013-11-30 15:12 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-01 11:06 - 2013-11-30 15:11 - 00000000 ____D C:\Users\steffen\Desktop\mbar
2013-12-01 09:33 - 2013-11-30 15:11 - 00075992 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2013-11-30 15:24 - 2013-11-30 15:24 - 00000000 _____ C:\windows\setuperr.log
2013-11-30 15:10 - 2013-11-30 15:08 - 12576792 _____ (Malwarebytes Corp.) C:\Users\steffen\Downloads\mbar-1.07.0.1007.exe
2013-11-30 14:27 - 2013-11-30 14:05 - 00000000 ____D C:\Users\steffen\AppData\Roaming\systweak
2013-11-30 13:59 - 2013-11-30 13:58 - 04618136 _____ (Piriform Ltd) C:\Users\steffen\Downloads\ccsetup408.exe
2013-11-30 12:55 - 2013-11-30 12:55 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-11-30 12:54 - 2013-11-30 12:54 - 06951048 _____ (Microsoft Corporation) C:\Users\steffen\Downloads\Silverlight.exe
2013-11-30 11:57 - 2009-10-07 09:40 - 01486084 _____ C:\windows\system32\PerfStringBackup.INI
2013-11-21 20:01 - 2013-10-14 20:50 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-17 13:30 - 2009-07-14 05:56 - 00000000 ____D C:\windows\DigitalLocker
2013-11-17 12:48 - 2013-11-17 12:48 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-14 22:29 - 2013-11-13 20:34 - 00000000 ____D C:\Users\steffen\AppData\Roaming\Skype
2013-11-14 21:04 - 2013-11-13 20:33 - 00000000 ___RD C:\Program Files\Skype
2013-11-14 21:04 - 2009-10-07 10:10 - 00000000 ____D C:\ProgramData\Skype
2013-11-13 21:13 - 2013-11-13 21:13 - 00161538 _____ C:\Users\steffen\Downloads\Datei1.txt
2013-11-13 21:13 - 2013-11-13 21:13 - 00017433 _____ C:\Users\steffen\Downloads\Datei2.txt
2013-11-13 21:12 - 2013-11-13 21:12 - 00017433 _____ C:\Users\steffen\Downloads\Addition.txt
2013-11-13 21:11 - 2013-11-13 21:11 - 00000000 ____D C:\FRST
2013-11-13 21:10 - 2013-11-13 21:10 - 01090351 _____ (Farbar) C:\Users\steffen\Downloads\FRST.exe
2013-11-13 20:39 - 2013-11-02 11:52 - 00000000 ____D C:\Program Files\Optimizer Pro
2013-11-13 20:33 - 2013-11-13 20:33 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-11-13 20:31 - 2013-11-13 20:31 - 00000000 ____D C:\Users\steffen\AppData\Local\Google
2013-11-10 00:34 - 2009-07-14 03:37 - 00000000 ____D C:\windows\Microsoft.NET
2013-11-06 17:55 - 2013-10-14 20:50 - 00000000 ____D C:\Users\steffen\AppData\Local\Mozilla
2013-11-05 17:16 - 2009-10-07 09:49 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-05 14:38 - 2013-11-30 14:05 - 01122304 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\windows\system32\libeay32.dll
2013-11-05 14:38 - 2013-11-30 14:05 - 00274432 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\windows\system32\ssleay32.dll

Files to move or delete:
====================
C:\ProgramData\PKP_DLdu.DAT
C:\ProgramData\PKP_DLdw.DAT


Some content of TEMP:
====================
C:\Users\steffen\AppData\Local\Temp\SHSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-01 13:47

==================== End Of Log ============================

--- --- ---

Addition.txt
FRST Additions Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-11-2013 01
Ran by steffen at 2013-11-13 21:12:08
Running from C:\Users\steffen\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

Adobe AIR (Version: 1.5.2.8870)
Adobe Flash Player 10 ActiveX (Version: 10.0.22.87)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader 9.1 - Deutsch (Version: 9.1.0)
ArcSoft Magic-i Visual Effects 2 (Version: 2.0.10.65)
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Brochures & Flyers
ArcSoft Print Creations - Funhouse II
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Photo Prints
ArcSoft Print Creations - Poster Creator
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
ArcSoft Print Creations (Version: 3.0.255.331)
ArcSoft WebCam Companion 3 (Version: 3.0.32.166)
BurnRecovery (Version: 3.0.908.2201)
BuzzSearch 2013.11.07.232809 (Version: 2013.11.07.232809)
CCleaner (Version: 4.07)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Compatibility Pack für 2007 Office System (Version: 12.0.4518.1014)
ENE CIR Receiver Driver (Version: 2.7.4.0)
Feven 1.5 (Version: 1.29.153.0)
File Uploader (Version: 1.2.0)
IdeaCom TSC 3.1.1406.15 (Version: 3.1.1406.15)
Junk Mail filter update (Version: 14.0.8089.726)
KIDOZ (Version: 1.0)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Excel MUI (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Excel MUI (Italian) 2007 (Version: 12.0.4518.1018)
Microsoft Office Excel MUI (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Home and Student 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (Italian) 2007 (Version: 12.0.4518.1018)
Microsoft Office OneNote MUI (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (Italian) 2007 (Version: 12.0.4518.1018)
Microsoft Office PowerPoint MUI (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint Viewer 2007 (German) (Version: 12.0.4518.1014)
Microsoft Office Proof (Arabic) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Basque) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Catalan) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Dutch) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Galician) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1018)
Microsoft Office Proof (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (Italian) 2007 (Version: 12.0.4518.1018)
Microsoft Office Proofing (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (Italian) 2007 (Version: 12.0.4518.1018)
Microsoft Office Shared MUI (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Word MUI (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Word MUI (Italian) 2007 (Version: 12.0.4518.1018)
Microsoft Office Word MUI (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Search Enhancement Pack (Version: 1.2.123.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft XNA Framework Redistributable 3.0 (Version: 3.0.11010.0)
Mozilla Firefox 25.0 (x86 de) (Version: 25.0)
Mozilla Maintenance Service (Version: 25.0)
msi EasyViewer (Version: 1.2)
MSI Software Install (Version: 3.0.908.2001)
msi Wind Match (Version: 0.0.7.0)
msi WindNotes (Version: 0.0.6.6)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Network Scan
Nikon Message Center (Version: 0.92.000)
Nikon Transfer (Version: 1.4.0)
Norton Internet Security (Version: 16.7.0.30)
Norton Internet Security (Version: 16.8.3.6)
NVIDIA Drivers (Version: 1.5)
PassWidget
Picture Control Utility (Version: 1.1.5)
QuickTime (Version: 7.3.1.70)
Readiris Pro 10
Realtek Ethernet Controller Driver For Windows Vista and Later (Version: 1.00.0009)
Realtek High Definition Audio Driver (Version: 6.0.1.5942)
Realtek USB 2.0 Card Reader (Version: 6.1.7100.30094)
REALTEK Wireless LAN Driver (Version: 1.00.0124)
Samsung CLX-216x Series
Skype™ 6.5 (Version: 6.5.158)
SmarThru 4
Snap.Do (Version: 1.138.1.12259)
Snap.Do Engine (HKCU Version: 1.138.1.12259)
SoftStylus (Version: 2.2.115.0)
Update for Office 2007 (KB934528)
Update for Office System 2007 Setup (KB929722)
ViewNX (Version: 1.3.0)
Windows Live Anmelde-Assistent (Version: 5.000.818.5)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Fotogalerie (Version: 14.0.8081.709)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Toolbar (Version: 14.0.8064.206)
Windows Live Writer (Version: 14.0.8089.0726)
Windows Live-Uploadtool (Version: 14.0.8014.1029)
WindTouch (Version: 0.0.2.3)
WinRAR archiver
WMIHookBtnFn (Version: 0.0.6.12)

==================== Restore Points  =========================

20-10-2013 17:00:37 Windows-Sicherung
28-10-2013 16:33:48 Windows-Sicherung
02-11-2013 10:55:26 Installed LibreOffice 4.1.2.3
02-11-2013 11:02:17 Removed LibreOffice 4.1.2.3
05-11-2013 16:22:53 Windows-Sicherung
13-11-2013 18:50:13 Windows-Sicherung

==================== Hosts content: ==========================

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {22F2A8DE-16C2-4F8D-B6C3-459C4BC6A7BB} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: {2BB22DA7-6AD6-44C6-9CEA-2CBE0259A01F} - System32\Tasks\Feven 1.5-enabler => C:\Program Files\Feven 1.5\Feven 1.5-enabler.exe [2013-11-02] (Feven)
Task: {4DB2E9D6-A170-4394-BB02-4BA9D48AF732} - System32\Tasks\Feven 1.5-updater => C:\Program Files\Feven 1.5\Feven 1.5-updater.exe [2013-11-02] (Feven)
Task: {5C9644FA-1855-4E8C-8C90-F05B6E5356D1} - System32\Tasks\Feven 1.5-codedownloader => C:\Program Files\Feven 1.5\Feven 1.5-codedownloader.exe [2013-11-02] (Feven)
Task: {A9469E70-AF67-4E77-967D-9F772A18D6A1} - System32\Tasks\SomotoUpdateCheckerAutoStart => C:\Users\steffen\AppData\Local\FilesFrog Update Checker\update_checker.exe
Task: {EADFC5D8-37FF-4174-AD30-DDA593B81BAF} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {F2D4473E-2801-415B-B8EB-A401436D0D42} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-22] (Piriform Ltd)
Task: {FF19503C-AF68-4EBF-B9AE-03CF7174E83C} - System32\Tasks\PassWidget Update => C:\Program Files\Pass-Widget\PassWidget_.exe [2013-10-14] ()
Task: C:\windows\Tasks\Feven 1.5-codedownloader.job => C:\Program Files\Feven 1.5\Feven 1.5-codedownloader.exe
Task: C:\windows\Tasks\Feven 1.5-enabler.job => C:\Program Files\Feven 1.5\Feven 1.5-enabler.exe
Task: C:\windows\Tasks\Feven 1.5-updater.job => C:\Program Files\Feven 1.5\Feven 1.5-updater.exe
Task: C:\windows\Tasks\PassWidget Update.job => C:\Program Files\Pass-Widget\PassWidget_.exe

==================== Loaded Modules (whitelisted) =============

2009-09-29 19:45 - 2009-09-29 19:45 - 00099592 _____ () C:\Program Files\SoftStylus\sstlstsrv.dll
2013-10-14 21:33 - 2007-01-16 04:00 - 00184320 _____ () C:\Program Files\Samsung\Samsung CLX-216x Series\SPanel\PSU\IMFilter.dll
2013-10-14 21:33 - 2007-01-16 04:00 - 01384520 _____ () C:\Program Files\Samsung\Samsung CLX-216x Series\SPanel\PSU\ssole.dll
2013-11-09 23:35 - 2013-11-09 23:35 - 03368048 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-10-20 06:01 - 2013-10-20 06:01 - 16233864 _____ () C:\windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:373E1720

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys => ""="FSFilter Activity Monitor"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SymEFA.sys => ""="FSFilter Activity Monitor"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/20/2013 06:54:04 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 24.0.0.5001, Zeitstempel: 0x522fd29f
Name des fehlerhaften Moduls: xul.dll, Version: 24.0.0.5001, Zeitstempel: 0x522fd1a4
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001b72a8
ID des fehlerhaften Prozesses: 0x1248
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (10/18/2013 00:57:40 PM) (Source: ESENT) (User: )
Description: WinMail (3152) WindowsMail0: Die Sicherung wurde abgebrochen, weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen wurde.

Error: (10/18/2013 09:01:10 AM) (Source: Windows Search Service) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/18/2013 09:01:10 AM) (Source: Windows Search Service) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/18/2013 09:01:10 AM) (Source: Windows Search Service) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/18/2013 09:01:10 AM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)

Error: (10/18/2013 09:01:10 AM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/18/2013 09:01:10 AM) (Source: Windows Search Service) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (10/18/2013 09:01:10 AM) (Source: Windows Search Service) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/18/2013 09:01:10 AM) (Source: Windows Search Service) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (11/13/2013 08:58:43 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%20

Error: (11/13/2013 07:53:13 PM) (Source: Virtual Disk Service) (User: )
Description: Unerwarteter Anbieterfehler. Möglicherweise kann das Problem durch erneutes Starten des Dienstes behoben werden. Fehlercode: 8007001F@02000014

Error: (11/13/2013 07:39:57 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%20

Error: (11/10/2013 00:35:13 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%20

Error: (11/09/2013 11:06:25 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%20

Error: (11/06/2013 05:48:20 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%20

Error: (11/05/2013 05:24:04 PM) (Source: Virtual Disk Service) (User: )
Description: Unerwarteter Anbieterfehler. Möglicherweise kann das Problem durch erneutes Starten des Dienstes behoben werden. Fehlercode: 8007001F@02000014

Error: (11/05/2013 05:12:34 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%20

Error: (11/02/2013 01:25:52 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%20

Error: (11/02/2013 11:25:57 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%20


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 58%
Total physical RAM: 1791.24 MB
Available physical RAM: 735.65 MB
Total Pagefile: 3582.48 MB
Available Pagefile: 2214.37 MB
Total Virtual: 2047.88 MB
Available Virtual: 1899.45 MB

==================== Drives ================================

Drive c: (OS_Install) (Fixed) (Total:68.36 GB) (Free:46.73 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:214.98 GB) (Free:187.77 GB) NTFS
Drive f: () (Removable) (Total:7.39 GB) (Free:7.17 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: AD2B1D50)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=27)
Partition 3: (Not Active) - (Size=68 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=215 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)

==================== End Of Log ============================

--- --- ---

schrauber · 04.12.2013, 11:59

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Steffen50 · 05.12.2013, 19:08

Malwarebytes Anti-Malware 1.75.0.1300
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2013.12.05.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
steffen :: STEFFEN-MSI [Administrator]

05.12.2013 17:09:02
mbam-log-2013-12-05 (17-09-02).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 287563
Laufzeit: 50 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v3.014 - Bericht erstellt am 05/12/2013 um 18:10:46
# Updated 01/12/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : steffen - STEFFEN-MSI
# Gestartet von : C:\Users\steffen\Downloads\adwcleaner.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\END
Datei Gefunden : C:\Users\steffen\AppData\Roaming\Mozilla\Firefox\Profiles\smkd6831.default\bprotector_extensions.sqlite
Datei Gefunden : C:\Users\steffen\AppData\Roaming\Mozilla\Firefox\Profiles\smkd6831.default\bprotector_prefs.js
Datei Gefunden : C:\Users\steffen\AppData\Roaming\Mozilla\Firefox\Profiles\smkd6831.default\invalidprefs.js
Datei Gefunden : C:\Users\steffen\AppData\Roaming\Mozilla\Firefox\Profiles\smkd6831.default\searchplugins\Mysearchdial.xml
Datei Gefunden : C:\Users\steffen\AppData\Roaming\Mozilla\Firefox\Profiles\smkd6831.default\user.js
Datei Gefunden : C:\windows\System32\Tasks\PassWidget Update
Datei Gefunden : C:\windows\Tasks\PassWidget Update.job
Ordner Gefunden : C:\Users\steffen\AppData\Roaming\Mozilla\Firefox\Profiles\smkd6831.default\Extensions\{97A78363-B868-4B48-AC91-A783A31215AF}
Ordner Gefunden : C:\Users\steffen\AppData\Roaming\Mozilla\Firefox\Profiles\smkd6831.default\Extensions\{AD9A41D2-9A49-4FA6-A79E-71A0785364C8}
Ordner Gefunden C:\Program Files\MyPC Backup
Ordner Gefunden C:\Program Files\optimizer pro
Ordner Gefunden C:\Program Files\Pass-Widget
Ordner Gefunden C:\Program Files\Searchprotect
Ordner Gefunden C:\ProgramData\Babylon
Ordner Gefunden C:\ProgramData\BitGuard
Ordner Gefunden C:\ProgramData\DSearchLink
Ordner Gefunden C:\Users\steffen\AppData\Local\Searchprotect
Ordner Gefunden C:\Users\steffen\AppData\LocalLow\Delta
Ordner Gefunden C:\Users\steffen\AppData\Roaming\Systweak

***** [ Verknüpfungen ] *****

Verknüpfung Gefunden : C:\Users\steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk ( hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=de0b2714-f2ae-b13c-04ec-67d666cb7aa8&searchtype=sc&installDate=02/11/2013 )

***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\5e6dddee238eb48
Schlüssel Gefunden : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PassWidget
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\smartbarbackup
Schlüssel Gefunden : HKCU\Software\smartbarlog
Schlüssel Gefunden : HKCU\Software\systweak
Schlüssel Gefunden : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gefunden : HKLM\SOFTWARE\5e6dddee238eb48
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\fbdagnimlohkpamglloopgfnoiijpmoj
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasapi32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasmancs
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\PassWidget Update
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF19503C-AF68-4EBF-B9AE-03CF7174E83C}
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Schlüssel Gefunden : HKLM\Software\Vittalia
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16514

Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxp://start.mysearchdial.com/?f=2&a=irmsd103&cd=2XzuyEtN2Y1L1QzuyEtDyCtCzzyCyEzzzy0EtAyB0FyEyBzytN0D0Tzu0CyCzztAtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=1372341782&ir=
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=de0b2714-f2ae-b13c-04ec-67d666cb7aa8&searchtype=ds&q={searchTerms}&installDate=02/11/2013
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=de0b2714-f2ae-b13c-04ec-67d666cb7aa8&searchtype=ds&q={searchTerms}&installDate=02/11/2013

-\\ Mozilla Firefox v25.0.1 (de)

[ Datei : C:\Users\steffen\AppData\Roaming\Mozilla\Firefox\Profiles\smkd6831.default\prefs.js ]

Zeile gefunden : user_pref("browser.newtab.url", "hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=de0b2714-f2ae-b13c-04ec-67d666cb7aa8&searchtype=nt&installDate=02/11/2013");
Zeile gefunden : user_pref("browser.search.defaultenginename", "Mysearchdial");
Zeile gefunden : user_pref("browser.search.order.1", "Mysearchdial");
Zeile gefunden : user_pref("browser.search.selectedEngine", "Mysearchdial");
Zeile gefunden : user_pref("extensions.delta.admin", false);
Zeile gefunden : user_pref("extensions.delta.aflt", "babsst");
Zeile gefunden : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Zeile gefunden : user_pref("extensions.delta.autoRvrt", "false");
Zeile gefunden : user_pref("extensions.delta.bbDpng", "14");
Zeile gefunden : user_pref("extensions.delta.cntry", "DE");
Zeile gefunden : user_pref("extensions.delta.dfltLng", "de");
Zeile gefunden : user_pref("extensions.delta.excTlbr", false);
Zeile gefunden : user_pref("extensions.delta.ffxUnstlRst", true);
Zeile gefunden : user_pref("extensions.delta.hdrMd5", "673CE021D72C62AC0F611802EB7384EB");
Zeile gefunden : user_pref("extensions.delta.id", "5037f479000000000000002421d09ea9");
Zeile gefunden : user_pref("extensions.delta.instlDay", "15992");
Zeile gefunden : user_pref("extensions.delta.instlRef", "sst");
Zeile gefunden : user_pref("extensions.delta.lastVrsnTs", "1.8.24.622:42:29");
Zeile gefunden : user_pref("extensions.delta.newTab", false);
Zeile gefunden : user_pref("extensions.delta.prdct", "delta");
Zeile gefunden : user_pref("extensions.delta.prtnrId", "delta");
Zeile gefunden : user_pref("extensions.delta.rvrt", "false");
Zeile gefunden : user_pref("extensions.delta.sg", "czb");
Zeile gefunden : user_pref("extensions.delta.smplGrp", "none");
Zeile gefunden : user_pref("extensions.delta.tlbrId", "base");
Zeile gefunden : user_pref("extensions.delta.tlbrSrchUrl", "");
Zeile gefunden : user_pref("extensions.delta.vrsn", "1.8.24.6");
Zeile gefunden : user_pref("extensions.delta.vrsnTs", "1.8.24.622:42:29");
Zeile gefunden : user_pref("extensions.delta.vrsni", "1.8.24.6");
Zeile gefunden : user_pref("extensions.delta_i.babExt", "");
Zeile gefunden : user_pref("extensions.delta_i.babTrack", "affID=119392&tsp=5035");
Zeile gefunden : user_pref("extensions.delta_i.srcExt", "ss");
Zeile gefunden : user_pref("extensions.helperbar.DockingPositionDown", true);
Zeile gefunden : user_pref("extensions.helperbar.LastHiddenTime", 23101817);
Zeile gefunden : user_pref("extensions.helperbar.SmartbarDisabled", false);
Zeile gefunden : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Zeile gefunden : user_pref("extensions.helperbar.Visibility", true);
Zeile gefunden : user_pref("extensions.helperbar.countryiso", "de");
Zeile gefunden : user_pref("extensions.helperbar.downloadprovider", "tuguucr");
Zeile gefunden : user_pref("extensions.helperbar.installationid", "de0b2714-f2ae-b13c-04ec-67d666cb7aa8");
Zeile gefunden : user_pref("extensions.helperbar.installdate", "02/11/2013");
Zeile gefunden : user_pref("extensions.helperbar.publisher", "tuguu");
Zeile gefunden : user_pref("extensions.kango.storage.minibar.config", "{\"name\":\"Filesfrog Update Checker\",\"description\":\"Filesfrog Update Checker\",\"button\":{\"tooltip\":\"Check for updates\",\"icon\":\"hxxp:[...]
Zeile gefunden : user_pref("extensions.kango.storage.ui.button.iconCache", "\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABMAAAATCAYAAAByUDbMAAAETUlEQVQ4jY2UfTTVBxjHn7C0kxLJLaoVNy8TOalxTXG65HJ7G+noRauxRC8TMc20Ky8HC[...]
Zeile gefunden : user_pref("extensions.mysearchdial.aflt", "irmsd103");
Zeile gefunden : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Zeile gefunden : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzuyEtDyCtCzzyCyEzzzy0EtAyB0FyEyBzytN0D0Tzu0CyCzztAtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA");
Zeile gefunden : user_pref("extensions.mysearchdial.cntry", "DE");
Zeile gefunden : user_pref("extensions.mysearchdial.cr", "1372341782");
Zeile gefunden : user_pref("extensions.mysearchdial.dfltLng", "");
Zeile gefunden : user_pref("extensions.mysearchdial.dfltSrch", true);
Zeile gefunden : user_pref("extensions.mysearchdial.dnsErr", true);
Zeile gefunden : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285[...]
Zeile gefunden : user_pref("extensions.mysearchdial.excTlbr", false);
Zeile gefunden : user_pref("extensions.mysearchdial.hdrMd5", "06300AED9A057039A2AA77FCA102DBDE");
Zeile gefunden : user_pref("extensions.mysearchdial.hmpg", true);
Zeile gefunden : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1QzuyEtDyCtCzzyCyEzzzy0EtAyB0FyEyBzytN0D0Tzu0CyCzztAtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1[...]
Zeile gefunden : user_pref("extensions.mysearchdial.id", "406186489E37F479");
Zeile gefunden : user_pref("extensions.mysearchdial.instlDay", "16022");
Zeile gefunden : user_pref("extensions.mysearchdial.instlRef", "");
Zeile gefunden : user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1QzuyEtDyCtCzzyCyEzzzy0EtAyB0FyEyBzytN0D0Tzu0CyCzztAtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1[...]
Zeile gefunden : user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.21.020:31:6");
Zeile gefunden : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=irmsd103&cd=2XzuyEtN2Y1L1QzuyEtDyCtCzzyCyEzzzy0EtAyB0FyEyBzytN0D0Tzu0CyCzztAtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1[...]
Zeile gefunden : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"85\",\"lastVrsn\":\"85\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Zeile gefunden : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Zeile gefunden : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Zeile gefunden : user_pref("extensions.mysearchdial.sg", "none");
Zeile gefunden : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Zeile gefunden : user_pref("extensions.mysearchdial.tlbrId", "base");
Zeile gefunden : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=irmsd103&cd=2XzuyEtN2Y1L1QzuyEtDyCtCzzyCyEzzzy0EtAyB0FyEyBzytN0D0Tzu0CyCzztAtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1[...]
Zeile gefunden : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
Zeile gefunden : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
Zeile gefunden : user_pref("extensions.mysearchdial_i.hmpg", true);
Zeile gefunden : user_pref("extensions.mysearchdial_i.newTab", false);
Zeile gefunden : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Zeile gefunden : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.020:31:6");

*************************

AdwCleaner[R0].txt - [13888 octets] - [05/12/2013 18:10:46]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [13949 octets] ##########

--- --- ---JRT Logfile:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x86
Ran by steffen on 05.12.2013 at 18:35:23,19
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2DDABD8C-06D4-713F-4DEB-6E86818ACF87}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2DDABD8C-06D4-713F-4DEB-6E86818ACF87}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4996fddf-da1e-4ad2-81f0-2de7d6ee2d66}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4996fddf-da1e-4ad2-81f0-2de7d6ee2d66}



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\steffen\AppData\Roaming\mozilla\firefox\profiles\smkd6831.default\minidumps [9 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05.12.2013 at 18:39:42,06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

--- --- ---

Malwarebytes Anti-Rootkit BETA 1.07.0.1007
Malwarebytes : Free Anti-Malware download

Database version: v2013.11.30.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
steffen :: STEFFEN-MSI [administrator]

05.12.2013 18:41:41
mbar-log-2013-12-05 (18-41-41).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 201658
Time elapsed: 8 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

schrauber · 06.12.2013, 10:43

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Steffen50 · 06.12.2013, 22:52

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=3286ad309c1c7c43a4935510aa3e6ef4
# engine=16169
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-12-06 09:20:39
# local_time=2013-12-06 10:20:39 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 97860 137996030 0 0
# scanned=99058
# found=0
# cleaned=0
# scan_time=3314

Results of screen317's Security Check version 0.99.76
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Kaspersky PURE 3.0
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware Version 1.75.0.1300
CCleaner
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.9.900.117
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (25.0.1)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
Kaspersky Lab Kaspersky PURE 3.0 avp.exe
Kaspersky Lab Kaspersky PURE 3.0 klwtblfs.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-11-2013 01
Ran by steffen (administrator) on STEFFEN-MSI on 06-12-2013 22:43:09
Running from C:\Users\steffen\Downloads
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(IdeaCom Technology Inc.) C:\Program Files\IdeaCom\TSC\ETSCSERVICE.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\windows\SYSTEM32\WISPTIS.EXE
(Microsoft Corporation) C:\windows\SYSTEM32\WISPTIS.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Infowatch) C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
() C:\Program Files\Samsung\Samsung CLX-216x Series\SPanel\PSU\Scan2pc.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Nikon Corporation) C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
() C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(MICRO-STAR INT'L,.LTD.) C:\Program Files\msi\WMIHookBtnFn\WMI_Hook_Service.exe
(Microsoft Corporation) C:\windows\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\klwtblfs.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7739936 2009-09-22] (Realtek Semiconductor)
HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Maple_S2P] - C:\Program Files\Samsung\Samsung CLX-216x Series\SPanel\PSU\Scan2pc.exe [253952 2007-01-16] ()
HKLM\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [520192 2007-04-19] ()
HKLM\...\Run: [NSCSysTrayUI] - C:\Program Files\Samsung\NetworkScan\NSCSysTrayUI.exe [270336 2007-04-18] (Samsung)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [286720 2007-12-11] (Apple Inc.)
HKLM\...\Run: [Nikon Transfer Monitor] - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe [479232 2008-12-16] (Nikon Corporation)
HKLM\...\Run: [HOSTS Anti-Adware_PUPs] - C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe [302961 2013-12-05] ()
HKLM\...\Run: [AVP] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
MountPoints2: {6cdbd80e-3547-11e3-aa7e-806e6f6e6963} - E:\autorun.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://msi.msn.com
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {CA367895-CAA8-4C2F-8961-7D498186545D} URL = hxxp://www.bing.com/search?q={searchTerms}&amp;form=MSITDF&amp;pc=MAMI&amp;src=IE-SearchBox
SearchScopes: HKCU - {CA367895-CAA8-4C2F-8961-7D498186545D} URL = 
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKCU - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\steffen\AppData\Roaming\Mozilla\Firefox\Profiles\smkd6831.default
FF DefaultSearchEngine: Wikipedia (de)
FF Homepage: hxxp://metager.de/
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Snap.Do  - C:\Users\steffen\AppData\Roaming\Mozilla\Firefox\Profiles\smkd6831.default\Extensions\{de0b2714-f2ae-b13c-04ec-67d666cb7aa8}
FF Extension: Adblock Plus - C:\Users\steffen\AppData\Roaming\Mozilla\Firefox\Profiles\smkd6831.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
FF HKLM\...\Firefox\Extensions:  - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF HKCU\...\Firefox\Extensions: [{348179c6-ba7b-4aaf-92fa-6bd1702662b9}] - C:\Program Files\Pass-Widget\134.xpi

========================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
R2 CSObjectsSrv; C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch)
R2 ETSCSERVICE; C:\Program Files\IdeaCom\TSC\ETSCSERVICE.exe [204800 2009-09-05] (IdeaCom Technology Inc.)
S2 HOSTS Anti-PUPs; C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [285795 2013-12-05] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 WMI_Hook_Service; C:\Program Files\msi\WMIHookBtnFn\WMI_Hook_Service.exe [101376 2009-09-25] (MICRO-STAR INT'L,.LTD.)

==================== Drivers (Whitelisted) ====================

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [17920 2008-04-25] (ArcSoft, Inc.)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [88632 2011-06-02] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [39736 2011-06-02] (Infowatch)
S2 DgiVecp; C:\windows\system32\Drivers\DgiVecp.sys [41984 2007-01-17] (Samsung Electronics Co., Ltd.)
S3 enecirhid; C:\Windows\system32\DRIVERS\enecirhid.sys [11776 2009-05-20] (ENE TECHNOLOGY INC.)
S3 enecirhidma; C:\Windows\system32\DRIVERS\enecirhidma.sys [5632 2008-04-25] (ENE TECHNOLOGY INC.)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2013-11-11] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [595552 2013-11-11] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [24408 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25696 2013-11-11] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-11-11] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44000 2013-11-11] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145040 2013-11-11] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 nvamacpi; C:\Windows\System32\DRIVERS\NVAMACPI.sys [24608 2009-07-17] (NVIDIA Corporation)
R2 SSPORT; C:\windows\system32\Drivers\SSPORT.sys [5120 2007-01-16] (Samsung Electronics)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74848 2013-11-11] (Kaspersky Lab ZAO)
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-06 22:43 - 2013-12-06 22:43 - 00012645 _____ C:\Users\steffen\Downloads\FRST.txt
2013-12-06 22:39 - 2013-12-06 22:40 - 00891184 _____ C:\Users\steffen\Downloads\SecurityCheck.exe
2013-12-06 21:24 - 2013-12-06 21:24 - 00000000 ____D C:\Program Files\ESET
2013-12-06 21:18 - 2013-12-06 21:18 - 02347384 _____ (ESET) C:\Users\steffen\Downloads\esetsmartinstaller_enu.exe
2013-12-05 20:09 - 2013-11-19 03:33 - 00230048 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2013-12-05 20:02 - 2013-12-05 20:02 - 00000000 ____H C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-12-05 19:52 - 2013-12-05 19:52 - 00002176 _____ C:\Users\steffen\Desktop\Sicherer Zahlungsverkehr.lnk
2013-12-05 19:47 - 2013-12-05 19:46 - 00001058 _____ C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk
2013-12-05 19:46 - 2011-06-02 14:39 - 00088632 _____ (Infowatch) C:\windows\system32\Drivers\CSCrySec.sys
2013-12-05 19:46 - 2011-06-02 14:39 - 00039736 _____ (Infowatch) C:\windows\system32\Drivers\CSVirtualDiskDrv.sys
2013-12-05 19:45 - 2013-12-05 19:45 - 00000000 ____D C:\windows\ELAMBKUP
2013-12-05 19:45 - 2013-12-05 19:45 - 00000000 ____D C:\Program Files\Common Files\InfoWatch
2013-12-05 19:42 - 2013-12-05 19:43 - 194045080 _____ (Kaspersky Lab) C:\Users\steffen\Downloads\pure13.0.2.558abcdDE_5372.exe
2013-12-05 19:38 - 2013-12-05 19:38 - 00017408 _____ C:\Users\steffen\AppData\Local\WebpageIcons.db
2013-12-05 19:35 - 2013-12-06 21:24 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-12-05 19:35 - 2013-12-05 19:49 - 00000000 ____D C:\Program Files\Kaspersky Lab
2013-12-05 19:33 - 2013-12-05 19:49 - 00179452 _____ C:\windows\PFRO.log
2013-12-05 19:27 - 2013-12-06 21:09 - 00000877 _____ C:\windows\setupact.log
2013-12-05 19:27 - 2013-12-05 19:27 - 00000000 _____ C:\windows\setuperr.log
2013-12-05 18:39 - 2013-12-05 18:39 - 00001324 _____ C:\Users\steffen\Desktop\JRT.txt
2013-12-05 18:35 - 2013-12-05 18:35 - 00000000 ____D C:\windows\ERUNT
2013-12-05 18:34 - 2013-12-05 18:34 - 01034531 _____ (Thisisu) C:\Users\steffen\Downloads\JRT.exe
2013-12-05 18:19 - 2013-12-05 18:19 - 00001153 _____ C:\Users\steffen\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk
2013-12-05 18:17 - 2013-12-05 18:19 - 00000000 ____D C:\Program Files\Hosts_Anti_Adwares_PUPs
2013-12-05 18:12 - 2013-12-05 18:16 - 00013526 _____ C:\Users\steffen\Desktop\AdwCleaner[S0].txt
2013-12-05 18:03 - 2013-12-05 18:25 - 00000000 ____D C:\AdwCleaner
2013-12-05 18:03 - 2013-12-05 18:03 - 01110034 _____ C:\Users\steffen\Downloads\adwcleaner.exe
2013-12-03 21:45 - 2013-12-03 21:46 - 01092545 _____ (Farbar) C:\Users\steffen\Downloads\FRST(1).exe
2013-11-30 15:12 - 2013-12-05 19:07 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-30 15:11 - 2013-12-05 19:07 - 00000000 ____D C:\Users\steffen\Desktop\mbar
2013-11-30 15:11 - 2013-12-05 18:41 - 00075992 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2013-11-30 15:08 - 2013-11-30 15:10 - 12576792 _____ (Malwarebytes Corp.) C:\Users\steffen\Downloads\mbar-1.07.0.1007.exe
2013-11-30 14:05 - 2013-11-05 14:38 - 01122304 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\windows\system32\libeay32.dll
2013-11-30 14:05 - 2013-11-05 14:38 - 00274432 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\windows\system32\ssleay32.dll
2013-11-30 14:05 - 2012-12-10 11:04 - 00356352 _____ (eSellerate Inc.) C:\windows\eSellerateEngine.dll
2013-11-30 14:05 - 2012-12-10 11:04 - 00081920 _____ (eSellerate Inc.) C:\windows\eSellerateControl350.dll
2013-11-30 13:58 - 2013-11-30 13:59 - 04618136 _____ (Piriform Ltd) C:\Users\steffen\Downloads\ccsetup408.exe
2013-11-30 12:55 - 2013-11-30 12:55 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-11-30 12:54 - 2013-11-30 12:54 - 06951048 _____ (Microsoft Corporation) C:\Users\steffen\Downloads\Silverlight.exe
2013-11-17 12:48 - 2013-11-17 12:48 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-13 21:13 - 2013-11-13 21:13 - 00161538 _____ C:\Users\steffen\Downloads\Datei1.txt
2013-11-13 21:13 - 2013-11-13 21:13 - 00017433 _____ C:\Users\steffen\Downloads\Datei2.txt
2013-11-13 21:12 - 2013-11-13 21:12 - 00017433 _____ C:\Users\steffen\Desktop\Addition.txt
2013-11-13 21:11 - 2013-12-03 21:57 - 00022208 _____ C:\Users\steffen\Desktop\FRST.txt
2013-11-13 21:11 - 2013-11-13 21:11 - 00000000 ____D C:\FRST
2013-11-13 21:10 - 2013-11-13 21:10 - 01090351 _____ (Farbar) C:\Users\steffen\Downloads\FRST.exe
2013-11-13 20:34 - 2013-11-14 22:29 - 00000000 ____D C:\Users\steffen\AppData\Roaming\Skype
2013-11-13 20:33 - 2013-11-14 21:04 - 00000000 ___RD C:\Program Files\Skype
2013-11-13 20:33 - 2013-11-13 20:33 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-11-13 20:31 - 2013-11-13 20:31 - 00000000 ____D C:\Users\steffen\AppData\Local\Google
2013-11-11 19:13 - 2013-11-11 19:13 - 00595552 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klif.sys
2013-11-11 19:13 - 2013-11-11 19:13 - 00145040 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\kneps.sys
2013-11-11 19:13 - 2013-11-11 19:13 - 00135776 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\kl1.sys
2013-11-11 19:13 - 2013-11-11 19:13 - 00074848 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klflt.sys
2013-11-11 19:13 - 2013-11-11 19:13 - 00058712 _____ (Kaspersky Lab) C:\windows\system32\klfphc.dll
2013-11-11 19:13 - 2013-11-11 19:13 - 00044000 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\kltdi.sys
2013-11-11 19:13 - 2013-11-11 19:13 - 00025696 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klmouflt.sys
2013-11-11 19:13 - 2013-11-11 19:13 - 00025696 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klkbdflt.sys

==================== One Month Modified Files and Folders =======

2013-12-06 22:43 - 2013-12-06 22:43 - 00012645 _____ C:\Users\steffen\Downloads\FRST.txt
2013-12-06 22:40 - 2013-12-06 22:39 - 00891184 _____ C:\Users\steffen\Downloads\SecurityCheck.exe
2013-12-06 22:32 - 2009-10-07 09:53 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-12-06 21:24 - 2013-12-06 21:24 - 00000000 ____D C:\Program Files\ESET
2013-12-06 21:24 - 2013-12-05 19:35 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-12-06 21:18 - 2013-12-06 21:18 - 02347384 _____ (ESET) C:\Users\steffen\Downloads\esetsmartinstaller_enu.exe
2013-12-06 21:16 - 2009-07-14 05:34 - 00017376 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-06 21:16 - 2009-07-14 05:34 - 00017376 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-06 21:12 - 2013-10-14 19:15 - 02002106 _____ C:\windows\WindowsUpdate.log
2013-12-06 21:09 - 2013-12-05 19:27 - 00000877 _____ C:\windows\setupact.log
2013-12-06 21:09 - 2009-07-14 05:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-12-05 20:02 - 2013-12-05 20:02 - 00000000 ____H C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-12-05 19:52 - 2013-12-05 19:52 - 00002176 _____ C:\Users\steffen\Desktop\Sicherer Zahlungsverkehr.lnk
2013-12-05 19:49 - 2013-12-05 19:35 - 00000000 ____D C:\Program Files\Kaspersky Lab
2013-12-05 19:49 - 2013-12-05 19:33 - 00179452 _____ C:\windows\PFRO.log
2013-12-05 19:47 - 2009-07-14 03:37 - 00000000 ___RD C:\Users\Public
2013-12-05 19:46 - 2013-12-05 19:47 - 00001058 _____ C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk
2013-12-05 19:45 - 2013-12-05 19:45 - 00000000 ____D C:\windows\ELAMBKUP
2013-12-05 19:45 - 2013-12-05 19:45 - 00000000 ____D C:\Program Files\Common Files\InfoWatch
2013-12-05 19:43 - 2013-12-05 19:42 - 194045080 _____ (Kaspersky Lab) C:\Users\steffen\Downloads\pure13.0.2.558abcdDE_5372.exe
2013-12-05 19:38 - 2013-12-05 19:38 - 00017408 _____ C:\Users\steffen\AppData\Local\WebpageIcons.db
2013-12-05 19:31 - 2009-10-07 10:01 - 00000000 ____D C:\ProgramData\Norton
2013-12-05 19:27 - 2013-12-05 19:27 - 00000000 _____ C:\windows\setuperr.log
2013-12-05 19:07 - 2013-11-30 15:12 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-05 19:07 - 2013-11-30 15:11 - 00000000 ____D C:\Users\steffen\Desktop\mbar
2013-12-05 18:41 - 2013-11-30 15:11 - 00075992 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2013-12-05 18:39 - 2013-12-05 18:39 - 00001324 _____ C:\Users\steffen\Desktop\JRT.txt
2013-12-05 18:35 - 2013-12-05 18:35 - 00000000 ____D C:\windows\ERUNT
2013-12-05 18:34 - 2013-12-05 18:34 - 01034531 _____ (Thisisu) C:\Users\steffen\Downloads\JRT.exe
2013-12-05 18:25 - 2013-12-05 18:03 - 00000000 ____D C:\AdwCleaner
2013-12-05 18:19 - 2013-12-05 18:19 - 00001153 _____ C:\Users\steffen\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk
2013-12-05 18:19 - 2013-12-05 18:17 - 00000000 ____D C:\Program Files\Hosts_Anti_Adwares_PUPs
2013-12-05 18:16 - 2013-12-05 18:12 - 00013526 _____ C:\Users\steffen\Desktop\AdwCleaner[S0].txt
2013-12-05 18:12 - 2013-11-02 11:53 - 00001051 _____ C:\Users\steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2013-12-05 18:03 - 2013-12-05 18:03 - 01110034 _____ C:\Users\steffen\Downloads\adwcleaner.exe
2013-12-03 21:57 - 2013-11-13 21:11 - 00022208 _____ C:\Users\steffen\Desktop\FRST.txt
2013-12-03 21:46 - 2013-12-03 21:45 - 01092545 _____ (Farbar) C:\Users\steffen\Downloads\FRST(1).exe
2013-12-01 14:41 - 2009-07-14 03:37 - 00000000 ____D C:\windows\Web
2013-12-01 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\windows\rescache
2013-11-30 15:10 - 2013-11-30 15:08 - 12576792 _____ (Malwarebytes Corp.) C:\Users\steffen\Downloads\mbar-1.07.0.1007.exe
2013-11-30 13:59 - 2013-11-30 13:58 - 04618136 _____ (Piriform Ltd) C:\Users\steffen\Downloads\ccsetup408.exe
2013-11-30 12:55 - 2013-11-30 12:55 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-11-30 12:54 - 2013-11-30 12:54 - 06951048 _____ (Microsoft Corporation) C:\Users\steffen\Downloads\Silverlight.exe
2013-11-30 11:57 - 2009-10-07 09:40 - 01486084 _____ C:\windows\system32\PerfStringBackup.INI
2013-11-21 20:01 - 2013-10-14 20:50 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-19 03:33 - 2013-12-05 20:09 - 00230048 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2013-11-17 13:30 - 2009-07-14 05:56 - 00000000 ____D C:\windows\DigitalLocker
2013-11-17 12:48 - 2013-11-17 12:48 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-14 22:29 - 2013-11-13 20:34 - 00000000 ____D C:\Users\steffen\AppData\Roaming\Skype
2013-11-14 21:04 - 2013-11-13 20:33 - 00000000 ___RD C:\Program Files\Skype
2013-11-14 21:04 - 2009-10-07 10:10 - 00000000 ____D C:\ProgramData\Skype
2013-11-13 21:13 - 2013-11-13 21:13 - 00161538 _____ C:\Users\steffen\Downloads\Datei1.txt
2013-11-13 21:13 - 2013-11-13 21:13 - 00017433 _____ C:\Users\steffen\Downloads\Datei2.txt
2013-11-13 21:12 - 2013-11-13 21:12 - 00017433 _____ C:\Users\steffen\Desktop\Addition.txt
2013-11-13 21:11 - 2013-11-13 21:11 - 00000000 ____D C:\FRST
2013-11-13 21:10 - 2013-11-13 21:10 - 01090351 _____ (Farbar) C:\Users\steffen\Downloads\FRST.exe
2013-11-13 20:33 - 2013-11-13 20:33 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-11-13 20:31 - 2013-11-13 20:31 - 00000000 ____D C:\Users\steffen\AppData\Local\Google
2013-11-11 19:13 - 2013-11-11 19:13 - 00595552 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klif.sys
2013-11-11 19:13 - 2013-11-11 19:13 - 00145040 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\kneps.sys
2013-11-11 19:13 - 2013-11-11 19:13 - 00135776 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\kl1.sys
2013-11-11 19:13 - 2013-11-11 19:13 - 00074848 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klflt.sys
2013-11-11 19:13 - 2013-11-11 19:13 - 00058712 _____ (Kaspersky Lab) C:\windows\system32\klfphc.dll
2013-11-11 19:13 - 2013-11-11 19:13 - 00044000 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\kltdi.sys
2013-11-11 19:13 - 2013-11-11 19:13 - 00025696 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klmouflt.sys
2013-11-11 19:13 - 2013-11-11 19:13 - 00025696 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klkbdflt.sys
2013-11-10 00:34 - 2009-07-14 03:37 - 00000000 ____D C:\windows\Microsoft.NET
2013-11-06 17:55 - 2013-10-14 20:50 - 00000000 ____D C:\Users\steffen\AppData\Local\Mozilla

Files to move or delete:
====================
C:\ProgramData\PKP_DLdu.DAT
C:\ProgramData\PKP_DLdw.DAT


Some content of TEMP:
====================
C:\Users\steffen\AppData\Local\Temp\Install_HOSTS_Anti-Adware.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-01 13:47

==================== End Of Log ============================

--- --- ---

--- --- ---

Hallo und vorab Danke für die Mühe,
in der Startseite von Firefox hängt Snap.do immer noch drin und wenn ich draufklicke öffnet sich ein Auge???

schrauber · 07.12.2013, 12:33

Adobe und Flash updaten.

Firefox deinstallieren, keine Daten behalten, neu installieren. Frisches FRST log bitte. Noch probleme?

Steffen50 · 09.12.2013, 21:14

Ich habe alles so gemacht,allerdings ist in der oberen Leiste immer noch Snap.do vorhanden. Mit CCleaner sehe ich das Programm auch noch auf meiner Platte. Wenn ich versuchen will zu löschen, dann gibt er mir an:The feature you are trying to use ison a network resource that is unavailable.

schrauber · 10.12.2013, 11:48

In welcher Leiste? Nur noch bei den installierten Programmen oder auch noch im Browser? Wurde der Browser deinstalliert und wirklich keine Daten behalten?

Steffen50 · 11.12.2013, 17:54

Sowohl als auch.

schrauber · 12.12.2013, 10:18

Firefox komplett zurücksetzen, dann einen Screenshot machen wo Du die Dinger im Firefox noch siehst.

Downloade dir bitte Shortcut Cleaner (by Grinler) auf deinen Desktop.

Starte die sc-cleaner.exe mit einem Doppelclick.
Bestätige die Meldung Shortcut Cleaner Finished am Ende des Suchlaufs mit Ok.
Eine Logdatei wird sich öffnen (sc-cleaner.txt).
Poste den Inhalt mit deiner nächsten Antwort.

Scan mit SystemLook

Lade SystemLook von jpshortstuff vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit)

Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
Code:
ATTFilter
```
:regfind
Snap.Do
         
```
Klicke nun auf den Button Look, um den Scan zu starten.
Der Suchlauf kann einige Zeit dauern.
Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

Steffen50 · 15.12.2013, 10:31

Shortcut Cleaner 1.2.6 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
hxxp://www.bleepingcomputer.com/download/shortcut-cleaner/

Windows Version: Windows 7 Home Premium Service Pack 1
Program started at: 12/15/2013 10:27:08 AM.

Scanning for registry hijacks:

* No issues found in the Registry.

Searching for Hijacked Shortcuts:

Searching C:\Users\steffen\AppData\Roaming\Microsoft\Windows\Start Menu\

Searching C:\ProgramData\Microsoft\Windows\Start Menu\

Searching C:\Users\steffen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

Searching C:\Users\Public\Desktop\

Searching C:\Users\steffen\Desktop

0 bad shortcuts found.

Program finished at: 12/15/2013 10:27:10 AM
Execution time: 0 hours(s), 0 minute(s), and 2 seconds(s)

SystemLook 30.07.11 by jpshortstuff
Log created at 10:30 on 15/12/2013 by steffen
Administrator - Elevation successful

========== regfind ==========

Searching for "Snap.Do"
[HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\82323AE90705CBE44AD264F01DE54142]
"ProductName"="Snap.Do"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2173947673-1267679727-2680781687-1000\Products\82323AE90705CBE44AD264F01DE54142\InstallProperties]
"HelpLink"="hxxp://snap.do"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2173947673-1267679727-2680781687-1000\Products\82323AE90705CBE44AD264F01DE54142\InstallProperties]
"URLInfoAbout"="hxxp://snap.do"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2173947673-1267679727-2680781687-1000\Products\82323AE90705CBE44AD264F01DE54142\InstallProperties]
"DisplayName"="Snap.Do"
[HKEY_USERS\S-1-5-21-2173947673-1267679727-2680781687-1000\Software\Microsoft\Installer\Products\82323AE90705CBE44AD264F01DE54142]
"ProductName"="Snap.Do"

-= EOF =-

schrauber · 15.12.2013, 18:50

Kopiere den Text in der Codebox in deinen Editor (z.B. Notepad) und speichere es unter dem Namen regfix.reg (bei Dateityp bitte "alle Dateien" wählen)

Code:

ATTFilter

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\82323AE90705CBE44AD264F01DE54142]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2173947673-1267679727-2680781687-1000\Products\82323AE90705CBE44AD264F01DE54142]
[-HKEY_USERS\S-1-5-21-2173947673-1267679727-2680781687-1000\Software\Microsoft\Installer\Products\82323AE90705CBE44AD264F01DE54142]

Starte die regfix.reg duch Doppelklick.

Steffen50 · 16.12.2013, 20:37

Das ist ja wie Weihnachten :-)
Vielen Dank, jetzt ist alles bereinigt! Das ist eine Philosophie sondersgleichen. Hut ab!

07.12.2013, 12:33	#8
schrauber /// the machine /// TB-Ausbilder	Snap.Do Adobe und Flash updaten. Firefox deinstallieren, keine Daten behalten, neu installieren. Frisches FRST log bitte. Noch probleme? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

10.12.2013, 11:48	#10
schrauber /// the machine /// TB-Ausbilder	Snap.Do In welcher Leiste? Nur noch bei den installierten Programmen oder auch noch im Browser? Wurde der Browser deinstalliert und wirklich keine Daten behalten? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Snap.Do

Log-Analyse und Auswertung: Snap.Do

Snap.Do

Snap.Do

Snap.Do

Snap.Do

Snap.Do

Snap.Do

Snap.Do

Snap.Do

Snap.Do

Snap.Do

Snap.Do

Snap.Do

Snap.Do

Snap.Do

Snap.Do

Ähnliche Themen: Snap.Do

30.11.2013, 15:05	#1
Steffen50	Snap.Do Habe auf meinen PC Snap.Do, den ich mit Cleaner nicht runterbekomme,auch mit anderen Programmen wie Malwarebytes nicht. Was tun und welchen Schaden richtet das Programm an?

09.12.2013, 21:14	#9
Steffen50	Snap.Do Ich habe alles so gemacht,allerdings ist in der oberen Leiste immer noch Snap.do vorhanden. Mit CCleaner sehe ich das Programm auch noch auf meiner Platte. Wenn ich versuchen will zu löschen, dann gibt er mir an:The feature you are trying to use ison a network resource that is unavailable.

16.12.2013, 20:37	#15
Steffen50	Snap.Do Das ist ja wie Weihnachten :-) Vielen Dank, jetzt ist alles bereinigt! Das ist eine Philosophie sondersgleichen. Hut ab!