Feven 1.5 / Better Surf Plus / Search Protect - Viren gefunden auf Wind. Vista

deeprybka · 12.09.2014, 18:01

Hi,

Schritt 1

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:

Code:

ATTFilter

R1 tStLib; C:\Windows\System32\drivers\tStLib.sys [55224 2014-03-24] (StdLib)
C:\Windows\System32\drivers\tStLib.sys
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [ciofmnkmmkifclnkmflcbopnokbljoeb] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta488\ch\VideoPlayerV3beta488.crx []
CHR HKLM\...\Chrome\Extension: [fajjlmbhnkdcimdnijpnpccgfhplmbmf] - C:\Program Files\MediaViewV1\MediaViewV1alpha1043\ch\MediaViewV1alpha1043.crx []
CHR HKLM\...\Chrome\Extension: [jnhbjhjficooacggmaognpejifaofnfj] - C:\Program Files\MediaViewV1\MediaViewV1alpha125\ch\MediaViewV1alpha125.crx []
CHR HKLM\...\Chrome\Extension: [ongopfbpiphhgfnlemmkajofmgbbdkne] - C:\Program Files\MediaWatchV1\MediaWatchV1home2672\ch\MediaWatchV1home2672.crx []
CHR HKLM\...\Chrome\Extension: [onpdpoehbhoonfncaenmonlbnonmofin] - C:\Program Files\MediaViewerV1\MediaViewerV1alpha1209\ch\MediaViewerV1alpha1209.crx []
CHR Extension: (Helper extension) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nchpfiddbhbdnagofhkjlaiaejmkdcla [2013-09-13]
CHR Extension: (Lightning Newtab) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo [2013-11-01]
CHR Extension: (sAvernet) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfialnlkofnjapfnmokopdehgfmhibg [2014-01-25]
CHR Extension: (Feven 1.5) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\baodmgdpdoelldjmkhknbolcldnfjegg [2013-12-19]
CHR Plugin: (Fun Web Products Plugin Stub) - C:\Program Files\FunWebProducts\Installr\1.bin\NPFunWeb.dll No File
C:\Program Files\FunWebProducts
CHR RestoreOnStartup: Default -> "hxxp://www.dosearches.com/?utm_source=b&utm_medium=slbnew&utm_campaign=rg&utm_content=hp&from=slbnew&uid=SAMSUNGXHD322HJ_S17AJ9BS704370&ts=1383335778"
CHR DefaultSearchKeyword: Default -> dosearches
CHR DefaultSearchURL: Default -> hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=slbnew&utm_campaign=rg&utm_content=ds&from=slbnew&uid=SAMSUNGXHD322HJ_S17AJ9BS704370&ts=1383335778&type=default&q={searchTerms}
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKLM - {A2BA2DB7-1711-40F9-93D0-139D05F0F584} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {A2BA2DB7-1711-40F9-93D0-139D05F0F584} URL = hxxp://www.sm.de/?q={searchTerms}
Emptytemp:

Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.

Starte FRST und drücke auf den Fix-Button.
Das Tool erstellt eine "Fixlog.txt" -Datei.
Poste mir bitte deren Inhalt.

Nach dem Reboot:

Schritt 2

Bitte starte FRST erneut, und drücke auf Scan.
Bitte poste mir den Inhalt des Logs.

Mena · 12.09.2014, 18:56

Guten Abend Jürgen!

Schritt 1 hat natürlich geklappt... Habe die Datei
ebenfalls am Desktop gespeichert.

Scantool findet die Datei auch & beginnt sie
zu scannen. Der Prozess wird aber leider jedes mal
unterbrochen :-(

Der grüne Scanbalken stockt & ich erhalte keine
Rückmeldung vom Programm.

Was kann ich jetzt tun?
Habe ich die Datei vllt. nur falsch gespeichert?
Aber immerhin erkennt das Tool die Datei ja.

deeprybka · 12.09.2014, 19:01

Probier mal bitte den Codetext ohne die letzte Zeile, also ohne das EmptyTemp...

Mena · 12.09.2014, 19:09

YES SIR!

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-09-2014
Ran by Madeleine at 2014-09-12 20:03:34 Run:7
Running from C:\Users\Madeleine\Desktop\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
R1 tStLib; C:\Windows\System32\drivers\tStLib.sys [55224 2014-03-24] (StdLib)
C:\Windows\System32\drivers\tStLib.sys
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [ciofmnkmmkifclnkmflcbopnokbljoeb] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta488\ch\VideoPlayerV3beta488.crx []
CHR HKLM\...\Chrome\Extension: [fajjlmbhnkdcimdnijpnpccgfhplmbmf] - C:\Program Files\MediaViewV1\MediaViewV1alpha1043\ch\MediaViewV1alpha1043.crx []
CHR HKLM\...\Chrome\Extension: [jnhbjhjficooacggmaognpejifaofnfj] - C:\Program Files\MediaViewV1\MediaViewV1alpha125\ch\MediaViewV1alpha125.crx []
CHR HKLM\...\Chrome\Extension: [ongopfbpiphhgfnlemmkajofmgbbdkne] - C:\Program Files\MediaWatchV1\MediaWatchV1home2672\ch\MediaWatchV1home2672.crx []
CHR HKLM\...\Chrome\Extension: [onpdpoehbhoonfncaenmonlbnonmofin] - C:\Program Files\MediaViewerV1\MediaViewerV1alpha1209\ch\MediaViewerV1alpha1209.crx []
CHR Extension: (Helper extension) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nchpfiddbhbdnagofhkjlaiaejmkdcla [2013-09-13]
CHR Extension: (Lightning Newtab) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo [2013-11-01]
CHR Extension: (sAvernet) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfialnlkofnjapfnmokopdehgfmhibg [2014-01-25]
CHR Extension: (Feven 1.5) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\baodmgdpdoelldjmkhknbolcldnfjegg [2013-12-19]
CHR Plugin: (Fun Web Products Plugin Stub) - C:\Program Files\FunWebProducts\Installr\1.bin\NPFunWeb.dll No File
C:\Program Files\FunWebProducts
CHR RestoreOnStartup: Default -> "hxxp://www.dosearches.com/?utm_source=b&utm_medium=slbnew&utm_campaign=rg&utm_content=hp&from=slbnew&uid=SAMSUNGXHD322HJ_S17AJ9BS704370&ts=1383335778"
CHR DefaultSearchKeyword: Default -> dosearches
CHR DefaultSearchURL: Default -> hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=slbnew&utm_campaign=rg&utm_content=ds&from=slbnew&uid=SAMSUNGXHD322HJ_S17AJ9BS704370&ts=1383335778&type=default&q={searchTerms}
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKLM - {A2BA2DB7-1711-40F9-93D0-139D05F0F584} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {A2BA2DB7-1711-40F9-93D0-139D05F0F584} URL = hxxp://www.sm.de/?q={searchTerms}
*****************

tStLib => Service not found.
"C:\Windows\System32\drivers\tStLib.sys" => File/Directory not found.
"C:\Windows\system32\GroupPolicy\Machine" => File/Directory not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\ciofmnkmmkifclnkmflcbopnokbljoeb" => Key not found.
"C:\Program Files\VideoPlayerV3\VideoPlayerV3beta488\ch\VideoPlayerV3beta488.crx" => File/Directory not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\fajjlmbhnkdcimdnijpnpccgfhplmbmf" => Key not found.
"C:\Program Files\MediaViewV1\MediaViewV1alpha1043\ch\MediaViewV1alpha1043.crx" => File/Directory not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\jnhbjhjficooacggmaognpejifaofnfj" => Key not found.
"C:\Program Files\MediaViewV1\MediaViewV1alpha125\ch\MediaViewV1alpha125.crx" => File/Directory not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\ongopfbpiphhgfnlemmkajofmgbbdkne" => Key not found.
"C:\Program Files\MediaWatchV1\MediaWatchV1home2672\ch\MediaWatchV1home2672.crx" => File/Directory not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\onpdpoehbhoonfncaenmonlbnonmofin" => Key not found.
"C:\Program Files\MediaViewerV1\MediaViewerV1alpha1209\ch\MediaViewerV1alpha1209.crx" => File/Directory not found.
C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nchpfiddbhbdnagofhkjlaiaejmkdcla directory not found.
C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo directory not found.
C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfialnlkofnjapfnmokopdehgfmhibg directory not found.
C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\baodmgdpdoelldjmkhknbolcldnfjegg directory not found.
C:\Program Files\FunWebProducts\Installr\1.bin\NPFunWeb.dll not found.
"C:\Program Files\FunWebProducts" => File/Directory not found.
Chrome RestoreOnStartup deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
Chrome DefaultSearchURL deleted successfully.
HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => Value not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A2BA2DB7-1711-40F9-93D0-139D05F0F584}" => Key not found.
"HKCR\CLSID\{A2BA2DB7-1711-40F9-93D0-139D05F0F584}" => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}" => Key not found.
"HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A2BA2DB7-1711-40F9-93D0-139D05F0F584}" => Key not found.
"HKCR\CLSID\{A2BA2DB7-1711-40F9-93D0-139D05F0F584}" => Key not found.

==== End of Fixlog ====

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

-.-

deeprybka · 12.09.2014, 19:22

Ok und ein frisches FRST bitte...

Mena · 12.09.2014, 19:28

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-09-2014
Ran by Madeleine (administrator) on MADELEINE-PC on 12-09-2014 20:26:20
Running from C:\Users\Madeleine\Desktop\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WLanNetService.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(AVM Berlin GmbH) C:\Program Files\avmwlanstick\FRITZWLanMini.exe
(Microsoft Corporation) C:\Windows\vVX1000.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Spotify Ltd) C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [AVMWlanClient] => C:\Program Files\avmwlanstick\FRITZWLANMini.exe [343552 2006-06-23] (AVM Berlin GmbH)
HKLM\...\Run: [VX1000] => C:\Windows\vVX1000.exe [757248 2009-06-26] (Microsoft Corporation)
HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [118640 2009-07-24] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421736 2012-03-27] (Apple Inc.)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start hxxp://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYAMgBHADMASwAtADgANwBXAFUAVQAtADIAVABWAEgAQQAtAFgANgBEAEYAOAAtAEwANgBQAEEATgA"&"inst=NwA3AC0ANAA0AD (the data entry has 293 more characters).
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation)
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [ICQ] => C:\Program Files\ICQ7.2\ICQ.exe [133432 2011-01-05] (ICQ, LLC.)
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [GoogleChromeAutoLaunch_8F8DCD463458B8C70FE6ACB3E05E83C2] => "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [AVG-Secure-Search-Update_1213b] => C:\Users\Madeleine\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=a2c67ac9e276bc7c749248a5af60a882-ad1491be2ce6c122f6b66faa90e70c2decf7d34c /CMPID=1213b
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [Spotify] => C:\Users\Madeleine\AppData\Roaming\Spotify\Spotify.exe [6621752 2014-08-31] (Spotify Ltd)
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [Spotify Web Helper] => C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-08-31] (Spotify Ltd)
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\MountPoints2: G - G:\pushinst.exe
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\MountPoints2: {4b5558a8-0427-11df-8b42-0022685d8ab7} - E:\pushinst.exe
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\MountPoints2: {6712b8a9-854a-11e1-8aea-0022685d8ab7} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.hta
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\MountPoints2: {f6386fd5-e721-11de-b041-0022685d8ab7} - K:\pushinst.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nokia Nseries PC Suite.lnk
ShortcutTarget: Nokia Nseries PC Suite.lnk -> C:\Program Files\Nokia\NNPCS\RunLauncher.exe ()
Startup: C:\Users\Madeleine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: 01FotoBank -> {489d8d66-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 02FotoBank -> {489d8d67-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 03FotoBank -> {489d8d68-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 04FotoBank -> {489d8d6A-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 05FotoBank -> {489d8d6B-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 06FotoBank -> {489d8d6C-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 07FotoBank -> {489d8d6D-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 08FotoBank -> {489d8d6E-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x20656961367BCA01
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Madeleine\AppData\Roaming\Mozilla\Firefox\Profiles\znn0mjrh.default-1410381468474
FF NewTab: hxxp://www.google.com/
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin -> C:\Program Files\Java\jre6\bin\dtplugin\npDeployJava1.dll No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Madeleine\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-05-10]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-14]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
CHR RestoreOnStartup: Default -> "hxxp://www.dosearches.com/?utm_source=b&utm_medium=slbnew&utm_campaign=rg&utm_content=hp&from=slbnew&uid=SAMSUNGXHD322HJ_S17AJ9BS704370&ts=1383335778"
CHR DefaultSearchKeyword: Default -> dosearches
CHR DefaultSearchProvider: Default -> dosearches
CHR DefaultSearchURL: Default -> hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=slbnew&utm_campaign=rg&utm_content=ds&from=slbnew&uid=SAMSUNGXHD322HJ_S17AJ9BS704370&ts=1383335778&type=default&q={searchTerms}
CHR DefaultSuggestURL: Default -> 
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\pdf.dll No File
CHR Plugin: (Microsoft Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Fun Web Products Plugin Stub) - C:\Program Files\FunWebProducts\Installr\1.bin\NPFunWeb.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U13) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Facebook Plugin) - C:\Users\Madeleine\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR CustomProfile: C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Ancient Map) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjcjaemihddenoopkkhaamlcoliiiain [2013-09-17]
CHR Extension: (No Name) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-08-22]
CHR Extension: (Google Wallet) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [350876 2006-04-06] (AVM Berlin) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2011-03-03] (Macrovision Europe Ltd.) [File not signed]
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
S3 ServiceLayer; C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe [300544 2007-06-15] (Nokia.) [File not signed]
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [200984 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [264704 2006-04-06] (AVM GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-12] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [18432 2010-04-19] (Apple Inc.) [File not signed]
R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [41984 2011-02-18] (Apple, Inc.) [File not signed]
S3 VX1000; C:\Windows\System32\DRIVERS\VX1000.sys [1956096 2009-06-26] (Microsoft Corporation)
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-12 13:55 - 2014-09-12 13:55 - 00001177 _____ () C:\Suchlaufprotokoll.txt
2014-09-12 13:54 - 2014-09-12 13:54 - 00001172 _____ () C:\Users\Madeleine\Desktop\Mawarebystes.txt
2014-09-12 10:48 - 2014-09-12 19:50 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-12 10:48 - 2014-09-12 10:48 - 00000903 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-12 10:48 - 2014-09-12 10:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-12 10:48 - 2014-09-12 10:48 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-09-12 10:48 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-12 10:48 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-12 10:48 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-11 22:29 - 2014-09-11 23:15 - 00004531 _____ () C:\folders.log
2014-09-11 22:29 - 2014-09-11 22:29 - 00000000 ____D () C:\zoek
2014-09-11 22:17 - 2014-09-11 22:32 - 00004748 _____ () C:\zoek-results.log
2014-09-11 22:17 - 2014-09-11 22:17 - 00000441 _____ () C:\Users\Madeleine\Desktop\zoeck.txt
2014-09-11 22:15 - 2014-09-11 22:32 - 00002821 _____ () C:\runcheck.txt
2014-09-11 22:11 - 2014-09-11 23:07 - 00000000 ____D () C:\zoek_backup
2014-09-11 22:10 - 2014-09-11 22:10 - 00029334 _____ () C:\Users\Madeleine\Desktop\ADWCleaner_Resp..txt
2014-09-11 20:01 - 2014-09-12 20:26 - 00000000 ____D () C:\FRST
2014-09-11 19:03 - 2014-09-11 19:03 - 00000000 _____ () C:\Users\Madeleine\defogger_reenable
2014-09-11 17:27 - 2014-08-15 16:51 - 12363264 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 17:27 - 2014-08-15 16:42 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 17:27 - 2014-08-15 16:42 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 17:27 - 2014-08-15 16:37 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 17:27 - 2014-08-15 16:37 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 17:27 - 2014-08-15 16:36 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 17:27 - 2014-08-15 16:35 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 17:27 - 2014-08-15 16:35 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-09-11 17:27 - 2014-08-15 16:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 17:27 - 2014-08-15 16:34 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 17:27 - 2014-08-15 16:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 17:27 - 2014-08-15 16:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-09-11 17:27 - 2014-08-15 16:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-09-10 23:58 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-09-10 23:56 - 2014-09-11 22:01 - 00000000 ____D () C:\AdwCleaner
2014-09-10 22:16 - 2014-09-10 22:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Madeleine\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-28 14:49 - 2014-08-23 03:03 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 14:49 - 2014-08-23 01:26 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-19 18:43 - 2014-08-19 18:00 - 19402103 _____ () C:\Users\Madeleine\Desktop\20140819_175929.mp4
2014-08-16 22:05 - 2014-06-27 00:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-16 22:05 - 2014-06-27 00:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-16 22:05 - 2014-06-27 00:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-16 22:05 - 2014-06-06 06:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-16 10:35 - 2014-07-08 02:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-16 10:35 - 2014-06-14 02:44 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-16 10:35 - 2014-06-14 02:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-16 10:35 - 2014-06-02 12:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-16 10:35 - 2014-06-02 12:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-16 10:35 - 2014-06-02 12:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-16 10:35 - 2014-06-02 12:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-08-16 10:35 - 2014-06-02 10:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-12 20:26 - 2014-09-11 20:01 - 00000000 ____D () C:\FRST
2014-09-12 20:06 - 2010-05-19 19:47 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-12 19:50 - 2014-09-12 10:48 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-12 19:48 - 2012-09-10 19:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-12 19:33 - 2014-08-11 19:07 - 00000000 ____D () C:\Users\Madeleine\AppData\Roaming\Spotify
2014-09-12 19:33 - 2009-12-15 17:10 - 00000000 ____D () C:\Users\Madeleine\Tracing
2014-09-12 19:30 - 2014-01-30 15:11 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-09-12 19:30 - 2010-05-19 19:46 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-12 19:29 - 2008-01-21 04:47 - 00166652 _____ () C:\Windows\PFRO.log
2014-09-12 19:29 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-12 19:29 - 2006-11-02 14:47 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-12 19:29 - 2006-11-02 14:47 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-12 19:28 - 2006-11-02 15:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-12 19:27 - 2009-12-12 15:32 - 02062918 _____ () C:\Windows\WindowsUpdate.log
2014-09-12 19:17 - 2006-11-02 13:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-09-12 17:56 - 2010-02-10 21:26 - 00000000 _____ () C:\Users\Madeleine\AppData\Local\prvlcl.dat
2014-09-12 17:38 - 2012-06-21 11:19 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-12 13:55 - 2014-09-12 13:55 - 00001177 _____ () C:\Suchlaufprotokoll.txt
2014-09-12 13:54 - 2014-09-12 13:54 - 00001172 _____ () C:\Users\Madeleine\Desktop\Mawarebystes.txt
2014-09-12 13:08 - 2014-08-06 19:14 - 00000000 ____D () C:\Users\Madeleine\Desktop\Neuer Ordner
2014-09-12 10:48 - 2014-09-12 10:48 - 00000903 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-12 10:48 - 2014-09-12 10:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-12 10:48 - 2014-09-12 10:48 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-09-11 23:15 - 2014-09-11 22:29 - 00004531 _____ () C:\folders.log
2014-09-11 23:07 - 2014-09-11 22:11 - 00000000 ____D () C:\zoek_backup
2014-09-11 22:32 - 2014-09-11 22:17 - 00004748 _____ () C:\zoek-results.log
2014-09-11 22:32 - 2014-09-11 22:15 - 00002821 _____ () C:\runcheck.txt
2014-09-11 22:29 - 2014-09-11 22:29 - 00000000 ____D () C:\zoek
2014-09-11 22:17 - 2014-09-11 22:17 - 00000441 _____ () C:\Users\Madeleine\Desktop\zoeck.txt
2014-09-11 22:10 - 2014-09-11 22:10 - 00029334 _____ () C:\Users\Madeleine\Desktop\ADWCleaner_Resp..txt
2014-09-11 22:01 - 2014-09-10 23:56 - 00000000 ____D () C:\AdwCleaner
2014-09-11 22:01 - 2014-05-10 20:06 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-11 22:01 - 2013-11-18 16:59 - 00000862 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-11 22:01 - 2009-12-12 15:37 - 00000987 _____ () C:\Users\Madeleine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-11 19:52 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-11 19:03 - 2014-09-11 19:03 - 00000000 _____ () C:\Users\Madeleine\defogger_reenable
2014-09-11 19:03 - 2009-12-12 15:37 - 00000000 ____D () C:\Users\Madeleine
2014-09-11 17:25 - 2009-08-18 07:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-11 17:23 - 2013-08-15 00:46 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 17:03 - 2006-11-02 12:24 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-09-10 23:55 - 2011-01-04 19:54 - 00000000 ____D () C:\Users\Madeleine\AppData\Roaming\DVDVideoSoft
2014-09-10 23:46 - 2009-04-11 18:55 - 08271192 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-10 22:18 - 2013-08-09 14:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-10 22:16 - 2014-09-10 22:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Madeleine\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-10 22:08 - 2010-05-19 19:46 - 00000000 ___RD () C:\Program Files\Skype
2014-09-10 22:08 - 2010-05-19 19:46 - 00000000 ____D () C:\ProgramData\Skype
2014-09-10 22:03 - 2009-12-25 00:02 - 00000000 ____D () C:\Program Files\Java
2014-09-10 21:35 - 2014-08-11 19:08 - 00000000 ____D () C:\Users\Madeleine\AppData\Local\Spotify
2014-09-10 21:28 - 2012-09-10 19:59 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-10 21:28 - 2011-12-12 18:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-10 21:26 - 2010-06-14 20:54 - 00000000 ____D () C:\Users\Madeleine\AppData\Local\Adobe
2014-09-04 10:35 - 2014-03-31 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-04 10:35 - 2013-11-18 16:43 - 00000862 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-08-29 15:27 - 2006-11-02 14:47 - 03835752 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-23 03:03 - 2014-08-28 14:49 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 01:26 - 2014-08-28 14:49 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 15:36 - 2010-06-08 19:28 - 00007944 _____ () C:\Users\Madeleine\AppData\Local\d3d9caps.dat
2014-08-19 18:44 - 2010-05-04 14:31 - 00000000 ____D () C:\Users\Madeleine\AppData\Roaming\vlc
2014-08-19 18:00 - 2014-08-19 18:43 - 19402103 _____ () C:\Users\Madeleine\Desktop\20140819_175929.mp4
2014-08-17 17:02 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache
2014-08-17 16:43 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-08-15 16:51 - 2014-09-11 17:27 - 12363264 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 16:42 - 2014-09-11 17:27 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 16:42 - 2014-09-11 17:27 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 16:37 - 2014-09-11 17:27 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 16:37 - 2014-09-11 17:27 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 16:36 - 2014-09-11 17:27 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 16:35 - 2014-09-11 17:27 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 16:35 - 2014-09-11 17:27 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-15 16:34 - 2014-09-11 17:27 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 16:34 - 2014-09-11 17:27 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-15 16:34 - 2014-09-11 17:27 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 16:34 - 2014-09-11 17:27 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-15 16:34 - 2014-09-11 17:27 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

Some content of TEMP:
====================
C:\Users\Madeleine\AppData\Local\Temp\7za.exe
C:\Users\Madeleine\AppData\Local\Temp\APNSetup.exe
C:\Users\Madeleine\AppData\Local\Temp\contentDATs.exe
C:\Users\Madeleine\AppData\Local\Temp\d77ty3q2.dll
C:\Users\Madeleine\AppData\Local\Temp\eauninstall.exe
C:\Users\Madeleine\AppData\Local\Temp\First15.exe
C:\Users\Madeleine\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Madeleine\AppData\Local\Temp\hijackthis.exe
C:\Users\Madeleine\AppData\Local\Temp\Java.exe
C:\Users\Madeleine\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Madeleine\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Madeleine\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Madeleine\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Madeleine\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Madeleine\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Madeleine\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Madeleine\AppData\Local\Temp\msgC6B7.exe
C:\Users\Madeleine\AppData\Local\Temp\NirCmd.exe
C:\Users\Madeleine\AppData\Local\Temp\ose00000.exe
C:\Users\Madeleine\AppData\Local\Temp\PEVZ.EXE
C:\Users\Madeleine\AppData\Local\Temp\PicasaCD.exe
C:\Users\Madeleine\AppData\Local\Temp\PrefJsonCpp.exe
C:\Users\Madeleine\AppData\Local\Temp\qbyfjkct.dll
C:\Users\Madeleine\AppData\Local\Temp\Quarantine.exe
C:\Users\Madeleine\AppData\Local\Temp\remove.exe
C:\Users\Madeleine\AppData\Local\Temp\sed.exe
C:\Users\Madeleine\AppData\Local\Temp\shortcut.exe
C:\Users\Madeleine\AppData\Local\Temp\sqlite3.exe
C:\Users\Madeleine\AppData\Local\Temp\swreg.exe
C:\Users\Madeleine\AppData\Local\Temp\swxcacls.exe
C:\Users\Madeleine\AppData\Local\Temp\tbsof0.dll
C:\Users\Madeleine\AppData\Local\Temp\TB_9BE1.exe
C:\Users\Madeleine\AppData\Local\Temp\The Sims 2_uninst.exe
C:\Users\Madeleine\AppData\Local\Temp\uninst1.exe
C:\Users\Madeleine\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Madeleine\AppData\Local\Temp\VP6Install.exe
C:\Users\Madeleine\AppData\Local\Temp\VP6VFW.dll
C:\Users\Madeleine\AppData\Local\Temp\wget.exe
C:\Users\Madeleine\AppData\Local\Temp\wlsetup-cvr.exe
C:\Users\Madeleine\AppData\Local\Temp\zoek-delete.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-12 19:40

==================== End Of Log ============================

--- --- ---

deeprybka · 12.09.2014, 19:32

Ok...

Lade dir

TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.

Öffne die TFC.exe.
Vista und Win 7 User mit Rechtsklick "als Administrator starten".
Schließe alle anderen Programme.
Drücke auf den Button Start.
Falls du zu einem Neustart aufgefordert wirst, bestätige diesen.

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Mena · 12.09.2014, 20:01

Hallo :-)

habe gerade folgenden Schritt durchgeführt:

Lade dir TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.

Öffne die TFC.exe.
Vista und Win 7 User mit Rechtsklick "als Administrator starten".
Schließe alle anderen Programme.
Drücke auf den Button Start.
Falls du zu einem Neustart aufgefordert wirst, bestätige diesen.

Nachdem ich den Start button gedrückt hatte schien das Programm zu rechnen.
Kurz darauf hat es sich allerdings aufgehängt - wieder keine Rückmeldung.
Hatte zur Auswahl programm beenden - reagiert nicht. Habe das gemacht und im anschluss wurde mein screen "grau". Über STRG. ALT ENTF. kam ich zwar in das Anmeldemenü von Vista, konnte mich aber nicht anmelden (wieder greyscreen). habe neugestartet und im anschluss den vorgang wiederholt. Wieder das selbe problem..

allerdings befinden sich jetzt dateien auf meinem desktop, die vorher nicht da waren !
Diese sind aber eher wie wasserzeichen zu erkennen.

Liebe Grüße

deeprybka · 12.09.2014, 20:14

Ok, dann lass bitte Tempfilecleaner weg.

Und beachte bitte was ich im Eingangsposting geschrieben habe,

Zitat:

Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.

Also nicht immer wieder probieren, sondern abbrechen und beschreiben...

Mach bitte mit ESET weiter...

Mena · 12.09.2014, 20:16

Ok sorry! Wird gemacht...

deeprybka · 12.09.2014, 20:17

Mach bitte mit ESET weiter...

Mena · 12.09.2014, 20:19

Soll ich alle Daten oder nur die eigenen bereinigen ? Alle macht mehr Sinn, oder?

deeprybka · 12.09.2014, 20:21

Bitte mit ESET weitermachen, Datenbereinigung machen wir später.

Mena · 12.09.2014, 23:49

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=7c34cd166c47044f9e69fead13c324ea
# engine=20130
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-09-12 10:09:05
# local_time=2014-09-13 12:09:05 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='AVG AntiVirus Free Edition 2014'
# compatibility_mode=1051 16777213 100 100 48313 97693729 0 0
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 100 25775605 248092473 0 0
# scanned=277949
# found=64
# cleaned=0
# scan_time=9197
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert.dll.vir"
sh=93510E07EBD463BE51052EC8114EC16C5423103E ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Mozilla Firefox\nsprotector.js.vir"
sh=5FB95D21BE8CF2753FD8A42398ADD26E2B21409F ft=1 fh=0f2c5f177050d203 vn="Variante von Win32/Toolbar.Conduit.AJ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Conduit\Multi\CT3317893\UninstallerUI.exe.vir"
sh=0C73CCC63EC56232CA1EF6BF8573B3A9AB323052 ft=1 fh=d014c1be8c7ac6c1 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Madeleine\AppData\Local\ConduitEngine\ConduitEngine.dll.vir"
sh=7A5B168BB2B8C06B2A9134B656BBF195830D21C2 ft=1 fh=55d4f387d8566cf4 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Madeleine\AppData\Local\DVDVideoSoftTB\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll.vir"
sh=B00AAA76783727675CF43122549420C894CDE1CF ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfialnlkofnjapfnmokopdehgfmhibg\1.3\i7sQO3ZXObOo.js.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Madeleine\AppData\Local\softonic-de3\tbsof0.dll.vir"
sh=7A5B168BB2B8C06B2A9134B656BBF195830D21C2 ft=1 fh=55d4f387d8566cf4 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Madeleine\AppData\Local\softonic-de3\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Madeleine\AppData\LocalLow\DVDVideoSoftTB\tbDVD0.dll.vir"
sh=3664B7B546B41FBFB469128DEA194DBA1AF556AC ft=1 fh=532d857584187cdc vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Madeleine\AppData\LocalLow\DVDVideoSoftTB\tbDVD1.dll.vir"
sh=AF2A09062B79711D5D92F58251EE238DF2E5E9F9 ft=1 fh=ea86b3a42b031233 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Madeleine\AppData\LocalLow\DVDVideoSoftTB\tbDVDV.dll.vir"
sh=7A5B168BB2B8C06B2A9134B656BBF195830D21C2 ft=1 fh=55d4f387d8566cf4 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Madeleine\AppData\LocalLow\DVDVideoSoftTB\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll.vir"
sh=2B71A57C96480FE13CB46A9F319794A0AF697642 ft=1 fh=296865a4b95bf4e8 vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Madeleine\AppData\Roaming\BabSolution\Shared\enhancedNT.dll.vir"
sh=0FBAFB91B97CDAFDF71FC7B04854C0F38A7048BF ft=0 fh=0000000000000000 vn="Win32/Adware.ADON evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Madeleine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\eBay.lnk.vir"
sh=256B50DA47470AA3AEDA47FD13FB9D5A85FABC41 ft=0 fh=0000000000000000 vn="Win32/Adware.ADON evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Madeleine\AppData\Roaming\Microsoft\Windows\Start Menu\eBay.lnk.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Madeleine\AppData\Local\DVDVideoSoft\tbDVD0.dll"
sh=7A5B168BB2B8C06B2A9134B656BBF195830D21C2 ft=1 fh=55d4f387d8566cf4 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Madeleine\AppData\Local\DVDVideoSoft\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll"
sh=9E0A96449BD16DB18E6E4418F677565712B8EBFF ft=1 fh=79d5711226c99797 vn="möglicherweise Variante von Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Madeleine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\366TJQ0L\tbedrs[1].dll"
sh=594E0844207ADD0DBD163E1AFB7696BAA25CB961 ft=1 fh=b78030dcfe359240 vn="möglicherweise Variante von Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Madeleine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K804MYPB\tbedrs[1].dll"
sh=E31F45110B742889AFD4D31AC4FBF46D2E8044C7 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\Madeleine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TT9IG8IB\mzhiphop_com[1].txt"
sh=8DE31C10B78FC6647C351EB26D0AEE308E406F5E ft=0 fh=0000000000000000 vn="HTML/Iframe.B.Gen Virus" ac=I fn="C:\Users\Madeleine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XCLP7GR9\index[1].htm"
sh=BD853E572026DFBF31FA1B6C3BBE47CA8CEDD2AD ft=1 fh=23af513eff6ebc20 vn="Variante von Win32/SProtector.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Madeleine\AppData\Local\Temp\0014c823.ftf.ftf"
sh=92E84D2216A7763D580E42FA2493CCF67D0D0560 ft=1 fh=e8efc42494afd9f6 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Madeleine\AppData\Local\Temp\tbsof0.dll"
sh=EA456404E605CF2E7CAC6416ADD1E0717E9BB627 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Madeleine\AppData\Local\Temp\tmp-c7f.xpi"
sh=E0814D0F17EE1122F6D3507DC676030F8E1CC133 ft=1 fh=0e0f46db8e6ee8c4 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Madeleine\AppData\Local\Temp\BBE19AD9-BAB0-7891-84EE-25C09013C70B\Latest\BabMaint.exe"
sh=E2BA5F8A7BD2BAF32FF31730BAD873C8E7957030 ft=1 fh=6e8622963c31f56a vn="Variante von Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Madeleine\AppData\Local\Temp\BBE19AD9-BAB0-7891-84EE-25C09013C70B\Latest\BUSolution.dll"
sh=7759A3318DE2ABC3755EBB7F50322C6D586B5286 ft=1 fh=e3d39714b3bfb2a0 vn="Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Madeleine\AppData\Local\Temp\BBE19AD9-BAB0-7891-84EE-25C09013C70B\Latest\IEHelper.dll"
sh=2B71A57C96480FE13CB46A9F319794A0AF697642 ft=1 fh=296865a4b95bf4e8 vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Madeleine\AppData\Local\Temp\bus70A7\enhancedNT.dll"
sh=2E90EBC6D69DF089A01B0F57AC92A42FEC376F17 ft=0 fh=0000000000000000 vn="Win32/AdWare.BetterSurf.A Anwendung" ac=I fn="C:\Users\Madeleine\AppData\Local\Temp\scoped_dir_2056_16390\Chrome.crx"
sh=A87B7647DC34B5B6186209377786E946B677C574 ft=1 fh=c2834f18f25710d9 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Madeleine\AppData\Local\Temp\{9C997DDA-4987-41C8-835C-811CB99D234C}\setup.exe"
sh=C2C7BD3BD6C75D5DBCCA298C785C208AB6C73CF0 ft=1 fh=154117e7567d41ef vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Madeleine\AppData\LocalLow\DVDVideoSoft\ldrtbDVD2.dll"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Madeleine\AppData\LocalLow\DVDVideoSoft\tbDVD0.dll"
sh=41CDE566540E31CF556FFC948255F45D4A94EAF8 ft=1 fh=3fb8233a96c1e513 vn="Variante von Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Madeleine\AppData\LocalLow\DVDVideoSoft\tbDVD1.dll"
sh=5C684D51F07A183EEA13D66F5C7E9630C48D93B5 ft=1 fh=53be76e80c29ad73 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Madeleine\AppData\LocalLow\DVDVideoSoft\tbDVD2.dll"
sh=7A5B168BB2B8C06B2A9134B656BBF195830D21C2 ft=1 fh=55d4f387d8566cf4 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Madeleine\AppData\LocalLow\DVDVideoSoft\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll"
sh=AF2A09062B79711D5D92F58251EE238DF2E5E9F9 ft=1 fh=ea86b3a42b031233 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Madeleine\AppData\LocalLow\MAX_DE_Atube\tbMAX_.dll"
sh=CE55BBBBAECD415840AC4D09762084A749DBA50A ft=0 fh=0000000000000000 vn="Java/TrojanDownloader.Agent.NBK Trojaner" ac=I fn="C:\Users\Madeleine\AppData\Roaming\Sun\Java\Deployment\cache\6.0\33\30feb821-1bb2fd39"
sh=861D9FCFC5C004CE608C195056CEF6265C2B8387 ft=0 fh=0000000000000000 vn="Java/TrojanDownloader.Agent.NBM Trojaner" ac=I fn="C:\Users\Madeleine\AppData\Roaming\Sun\Java\Deployment\cache\6.0\4\5541aec4-1c51cc5e"
sh=4A9F0A627FFE289F339A2DF6EA68808D47DBB5EA ft=0 fh=0000000000000000 vn="Java/TrojanDownloader.Agent.NBL Trojaner" ac=I fn="C:\Users\Madeleine\AppData\Roaming\Sun\Java\Deployment\cache\6.0\52\31bba1f4-11ca9d7e"
sh=EF8351D907A44D00E3D270A2D8C1AF9B3FA7AE7C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Madeleine\Desktop\Neuer Ordner\Alte Firefox-Daten\33js4w13.default\prefs-1.js"
sh=ACE72A815B965F86C50D998C31307CB8DF18583C ft=1 fh=8a8ff7b68542ea8a vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Madeleine\Documents\Downloads\FreeStudio.exe"
sh=D66CF06B8760DD8094AE26B85F47BBDB442F80ED ft=1 fh=17056912def553f7 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Madeleine\Documents\Downloads\FreeYouTubeToMp3Converter(2).exe"
sh=07C3A8DE40271B9ECD674AF867A2C7F61D40DFBA ft=1 fh=8a8ff7b630139cd7 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Madeleine\Documents\Downloads\FreeYouTubeToMp3Converter.exe"
sh=6B5089FE0C65DE83554B4B2047CFCD825850C32D ft=1 fh=5d8f07097d0ed01d vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Madeleine\Documents\Downloads\iMeshV9de.exe"
sh=13C0C3ED4E051740A8C5C8D7B4172F522C8271B6 ft=1 fh=df47965e4474db9d vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Madeleine\Documents\Downloads\SoftonicDownloader_fuer_adobe-photoshop.exe"
sh=ACE72A815B965F86C50D998C31307CB8DF18583C ft=1 fh=8a8ff7b68542ea8a vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Madeleine\Pictures\2012\Downloads\FreeStudio.exe"
sh=D66CF06B8760DD8094AE26B85F47BBDB442F80ED ft=1 fh=17056912def553f7 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Madeleine\Pictures\2012\Downloads\FreeYouTubeToMp3Converter(2).exe"
sh=07C3A8DE40271B9ECD674AF867A2C7F61D40DFBA ft=1 fh=8a8ff7b630139cd7 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Madeleine\Pictures\2012\Downloads\FreeYouTubeToMp3Converter.exe"
sh=6B5089FE0C65DE83554B4B2047CFCD825850C32D ft=1 fh=5d8f07097d0ed01d vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Madeleine\Pictures\2012\Downloads\iMeshV9de.exe"
sh=13C0C3ED4E051740A8C5C8D7B4172F522C8271B6 ft=1 fh=df47965e4474db9d vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Madeleine\Pictures\2012\Downloads\SoftonicDownloader_fuer_adobe-photoshop.exe"
sh=E647501CDAA9FC44FFBC2BF49A375D1DEB24F3FF ft=1 fh=ef36aaaf5122fd47 vn="Variante von Win32/SweetIM.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Madeleine\Pictures\2012\My Art\DVDVideoSoft\SweetImSetup.exe"
sh=C1E721705E99313D1AD4F726E2C86DD6B9C6DAA7 ft=1 fh=a578adafe6b2cc92 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Madeleine\Pictures\2012\Programme\aTube_Catcher552DE.exe"
sh=7BC60488C1F1B100A6E341944BDC274C6BB3A7A1 ft=0 fh=0000000000000000 vn="Win32/Adware.ADON evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Madeleine\Pictures\2012\Programme\eBay.lnk"
sh=2606DF6F23B8CAEC1210C5A4C8FFFF409FD4AF11 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H Anwendung" ac=I fn="C:\zoek_backup\C_PROGRA~2_nnlikkcdnapggndngajijlcneepblkkk\eKWIWH1Mx65h.js"
sh=ACE72A815B965F86C50D998C31307CB8DF18583C ft=1 fh=8a8ff7b68542ea8a vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="F:\2012\Downloads\FreeStudio.exe"
sh=D66CF06B8760DD8094AE26B85F47BBDB442F80ED ft=1 fh=17056912def553f7 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="F:\2012\Downloads\FreeYouTubeToMp3Converter(2).exe"
sh=07C3A8DE40271B9ECD674AF867A2C7F61D40DFBA ft=1 fh=8a8ff7b630139cd7 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="F:\2012\Downloads\FreeYouTubeToMp3Converter.exe"
sh=6B5089FE0C65DE83554B4B2047CFCD825850C32D ft=1 fh=5d8f07097d0ed01d vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="F:\2012\Downloads\iMeshV9de.exe"
sh=13C0C3ED4E051740A8C5C8D7B4172F522C8271B6 ft=1 fh=df47965e4474db9d vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="F:\2012\Downloads\SoftonicDownloader_fuer_adobe-photoshop.exe"
sh=D080EB1BD0F6772B21D59337480EC99139A75032 ft=1 fh=f2807c5671e19a21 vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="F:\2012\Downloads\SoftonicDownloader_fuer_atube-catcher.exe"
sh=8C03F5D26ED7FA2B7461932439FE3897A3C5EE65 ft=1 fh=5cb7a4c17ad31409 vn="Variante von Win32/Adware.HotBar.H Anwendung" ac=I fn="F:\2012\Downloads\VLCSetup.exe"
sh=E647501CDAA9FC44FFBC2BF49A375D1DEB24F3FF ft=1 fh=ef36aaaf5122fd47 vn="Variante von Win32/SweetIM.A evtl. unerwünschte Anwendung" ac=I fn="F:\2012\My Art\DVDVideoSoft\SweetImSetup.exe"
sh=C1E721705E99313D1AD4F726E2C86DD6B9C6DAA7 ft=1 fh=a578adafe6b2cc92 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="F:\2012\Programme\aTube_Catcher552DE.exe"
sh=7BC60488C1F1B100A6E341944BDC274C6BB3A7A1 ft=0 fh=0000000000000000 vn="Win32/Adware.ADON evtl. unerwünschte Anwendung" ac=I fn="F:\2012\Programme\eBay.lnk"

deeprybka · 13.09.2014, 16:16

Hi,

Schritt 1

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:

Code:

ATTFilter

C:\Users\Madeleine\AppData\Local\DVDVideoSoft\tbDVD0.dll
C:\Users\Madeleine\AppData\Local\DVDVideoSoft\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll
C:\Users\Madeleine\AppData\LocalLow\DVDVideoSoft\ldrtbDVD2.dll
C:\Users\Madeleine\AppData\LocalLow\DVDVideoSoft\tbDVD0.dll
C:\Users\Madeleine\AppData\LocalLow\DVDVideoSoft\tbDVD1.dll
C:\Users\Madeleine\AppData\LocalLow\DVDVideoSoft\tbDVD2.dll
C:\Users\Madeleine\AppData\LocalLow\DVDVideoSoft\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll
C:\Users\Madeleine\AppData\LocalLow\MAX_DE_Atube\tbMAX_.dll
C:\Users\Madeleine\AppData\Roaming\Sun\Java\Deployment\cache\6.0
C:\Users\Madeleine\Desktop\Neuer Ordner\Alte Firefox-Daten\33js4w13.default\prefs-1.js
C:\Program Files\Google\Chrome
C:\Users\Madeleine\AppData\Local\Google\Chrome

Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.

Starte FRST und drücke auf den Fix-Button.
Das Tool erstellt eine "Fixlog.txt" -Datei.
Poste mir bitte deren Inhalt.

Schritt 2
Datenträgerbereinigung:

cleanmgr eingeben

ENTER drücken

Alle Benutzer auswählen

Laufwerk C: auswählen

Alle Haken setzen und mit OK bestätigen.

Dateien löschen auswählen.

Dann bitte PC neu starten.

Schritt 3

Bitte starte FRST erneut, und drücke auf Scan.
Bitte poste mir den Inhalt des Logs.

Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?

12.09.2014, 19:01	#18
deeprybka /// TB-Ausbilder /// Anleitungs-Guru	Feven 1.5 / Better Surf Plus / Search Protect - Viren gefunden auf Wind. Vista Probier mal bitte den Codetext ohne die letzte Zeile, also ohne das EmptyTemp... __________________ __________________

12.09.2014, 19:22	#20
deeprybka /// TB-Ausbilder /// Anleitungs-Guru	Feven 1.5 / Better Surf Plus / Search Protect - Viren gefunden auf Wind. Vista Ok und ein frisches FRST bitte... __________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

12.09.2014, 20:17	#26
deeprybka /// TB-Ausbilder /// Anleitungs-Guru	Feven 1.5 / Better Surf Plus / Search Protect - Viren gefunden auf Wind. Vista Mach bitte mit ESET weiter... __________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

12.09.2014, 20:21	#28
deeprybka /// TB-Ausbilder /// Anleitungs-Guru	Feven 1.5 / Better Surf Plus / Search Protect - Viren gefunden auf Wind. Vista Bitte mit ESET weitermachen, Datenbereinigung machen wir später. __________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Feven 1.5 / Better Surf Plus / Search Protect - Viren gefunden auf Wind. Vista

Plagegeister aller Art und deren Bekämpfung: Feven 1.5 / Better Surf Plus / Search Protect - Viren gefunden auf Wind. Vista