|
Log-Analyse und Auswertung: Windows7: Bing als Standardsuche in Firefox... & Computer immer wieder langsam, bei nonresponsive scripts in Firefox & ThunderbirdWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
05.02.2018, 19:59 | #16 |
| Windows7: Bing als Standardsuche in Firefox... & Computer immer wieder langsam, bei nonresponsive scripts in Firefox & Thunderbird Einen Virenscanner, den ich deaktivieren könnte, habe ich meines Wissens seit Löschung von Avira nicht mehr. Sonst bitte Info, was noch da ist. adwCleaner ergab keine Ergebnisse, siehe unten. [Nachdem ich den Rechner mal wieder nur in den Ruhezustand versetzt hatte, hing hinterher wieder Thunderbird fest. Irgendwann kam die "gewohnte" Fehlermeldung, diesmal mit dem Skript: chrome://messenger/content/msgMail3PaneWindow.js:1866 ... Aber auch Firefox belegte enorme Ressourcen, die Memory-Werte fielen erst nach dessen Abbruch von nahezu Höchstlast auf etwas Brauchbares. ... Aber brauchst Du solche Infos überhaupt??] Code:
ATTFilter # AdwCleaner 7.0.7.0 - Logfile created on Mon Feb 05 18:15:34 2018 # Updated on 2018/18/01 by Malwarebytes # Running on Windows 7 Professional (X64) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services deleted. ***** [ Folders ] ***** No malicious folders deleted. ***** [ Files ] ***** No malicious files deleted. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks deleted. ***** [ Registry ] ***** No malicious registry entries deleted. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries deleted. ************************* ::Tracing keys deleted ::Winsock settings cleared ::Prefetch files deleted ::Proxy settings cleared ::IE policies deleted ::Chrome policies deleted ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[C0].txt - [6726 B] - [2018/1/7 23:9:43] C:/AdwCleaner/AdwCleaner[C1].txt - [1422 B] - [2018/1/7 23:26:50] C:/AdwCleaner/AdwCleaner[S0].txt - [7767 B] - [2018/1/7 23:8:16] C:/AdwCleaner/AdwCleaner[S1].txt - [1161 B] - [2018/1/7 23:25:1] C:/AdwCleaner/AdwCleaner[S2].txt - [1217 B] - [2018/2/5 18:13:9] ########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt ########## |
05.02.2018, 21:39 | #17 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows7: Bing als Standardsuche in Firefox... & Computer immer wieder langsam, bei nonresponsive scripts in Firefox & Thunderbird Ich brauche neue FRST-Logs . Haken setzen bei addition.txt dann auf Untersuchen klicken.
__________________
__________________ |
06.02.2018, 18:35 | #18 |
| Windows7: Bing als Standardsuche in Firefox... & Computer immer wieder langsam, bei nonresponsive scripts in Firefox & ThunderbirdFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.01.2018 Ran by ~.~ (administrator) on CUNEGONDE (06-02-2018 18:26:41) Running from C:\Users\~.~\Desktop Loaded Profiles: ~.~ (Available Profiles: ~.~ & Administrator) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (Lenovo.) C:\Windows\System32\LPlatSvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe () C:\Program_Files_(x86)\AAVUpdateManager\aavus.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe (Intel(R) Corporation) C:\Program Files (x86)\WiFi\bin\EvtEng.exe (pdfforge GmbH) C:\Program Files\PDF Architect 4\creator-ws.exe (Geek Software GmbH) C:\Program_Files_(x86)\PDF24\pdf24.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (TeamViewer GmbH) C:\Program_Files_(x86)\TeamViewer\TeamViewer_Service.exe (Intel® Corporation) C:\Program Files (x86)\WiFi\bin\ZeroConfigService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Lenovo.) C:\Windows\System32\LPlatSvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Geek Software GmbH) C:\Program_Files_(x86)\PDF24\pdf24.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (pdfforge GmbH) C:\Program Files\PDF Architect 4\ws.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [PDFPrint] => C:\Program_Files_(x86)\PDF24\pdf24.exe [433288 2017-12-18] (Geek Software GmbH) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-21-765177893-555145608-490344441-1000\...\Policies\Explorer: [DisallowRun] 1 HKU\S-1-5-21-765177893-555145608-490344441-1000\...\MountPoints2: F - F:\PMCsetup.exe HKU\S-1-5-21-765177893-555145608-490344441-1000\...\MountPoints2: {639bc51d-6b30-11e3-83cb-00269eac1f3a} - G:\PMCsetup.exe HKU\S-1-5-21-765177893-555145608-490344441-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-20] (Microsoft Corporation) HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{43B9CFB8-8F73-46EA-9AD6-9C0B1223138D}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{5050B7FC-F0E4-4BB6-B5F4-06FAE4F1E617}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{831887B8-28F5-4B9E-AF0A-13C6C8652B11}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKU\S-1-5-21-765177893-555145608-490344441-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/ SearchScopes: HKU\S-1-5-21-765177893-555145608-490344441-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO-x32: PDF Architect 4 Helper -> {38279E1A-7019-40C1-B579-E99DFB3312E8} -> C:\Program Files (x86)\PDF Architect 4\creator-ie-helper.dll [2016-08-05] (pdfforge GmbH) Toolbar: HKLM-x32 - PDF Architect 4 Toolbar - {23FD9C33-A9E1-48A1-8404-E5925CF1C8E1} - C:\Program Files (x86)\PDF Architect 4\creator-ie-plugin.dll [2016-08-05] (pdfforge GmbH) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2010-11-20] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2010-11-20] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: x2ie0fsf.default-1468139344231-1515350849047 FF ProfilePath: C:\Users\~.~\AppData\Roaming\Mozilla\Firefox\Profiles\x2ie0fsf.default-1468139344231-1515350849047 [2018-02-06] FF Homepage: Mozilla\Firefox\Profiles\x2ie0fsf.default-1468139344231-1515350849047 -> about:blank FF Session Restore: Mozilla\Firefox\Profiles\x2ie0fsf.default-1468139344231-1515350849047 -> is enabled. FF Extension: (ADB Helper) - C:\Users\~.~\AppData\Roaming\Mozilla\Firefox\Profiles\x2ie0fsf.default-1468139344231-1515350849047\Extensions\adbhelper@mozilla.org [2018-01-09] [Legacy] FF Extension: (Ghostery) - C:\Users\~.~\AppData\Roaming\Mozilla\Firefox\Profiles\x2ie0fsf.default-1468139344231-1515350849047\Extensions\firefox@ghostery.com.xpi [2018-02-03] FF Extension: (Deaktivierungs-Add-on von Google Analytics) - C:\Users\~.~\AppData\Roaming\Mozilla\Firefox\Profiles\x2ie0fsf.default-1468139344231-1515350849047\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2018-01-07] FF HKLM\...\Firefox\Extensions: [pdf_architect_4_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension FF Extension: (PDF Architect 4 Creator) - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension [2018-01-31] [Legacy] [not signed] FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-06-25] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program_Files_(x86)\Java\jre7\bin\plugin2\npjp2.dll [No File] FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: PDF Architect 4 -> C:\Program Files (x86)\PDF Architect 4\np-previewer.dll [2016-08-05] (pdfforge GmbH) Chrome: ======= CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\~.~\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2013-10-30] Opera: ======= StartMenuInternet: (HKLM) Opera - C:\Program_Files_(x86)\Opera\Opera.exe ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AAV UpdateService; C:\Program_Files_(x86)\AAVUpdateManager\aavus.exe [128296 2008-10-24] () S3 ElfoService; C:\Program Files (x86)\ElsterFormular Update Service\bin\elfoService.exe [1283336 2017-12-18] () R2 EvtEng; C:\Program Files (x86)\WiFi\bin\EvtEng.exe [631024 2014-01-08] (Intel(R) Corporation) S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2960672 2016-07-20] (IObit) R2 LPlatSvc; C:\Windows\system32\LPlatSvc.exe [774736 2017-09-05] (Lenovo.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes) S3 MyWiFiDHCPDNS; C:\Program Files (x86)\WiFi\bin\PanDhcpDns.exe [284912 2014-01-08] () R3 PDF Architect 4; C:\Program Files\PDF Architect 4\ws.exe [2438880 2016-08-05] (pdfforge GmbH) S3 PDF Architect 4 CrashHandler; C:\Program Files\PDF Architect 4\crash-handler-ws.exe [1038048 2016-08-05] (pdfforge GmbH) R2 PDF Architect 4 Creator; C:\Program Files\PDF Architect 4\creator-ws.exe [851168 2016-08-05] (pdfforge GmbH) S3 PDF Architect 4 Manager; C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe [959248 2015-10-05] (© pdfforge GmbH.) R2 PDF24; C:\Program_Files_(x86)\PDF24\pdf24.exe [433288 2017-12-18] (Geek Software GmbH) R2 TeamViewer; C:\Program_Files_(x86)\TeamViewer\TeamViewer_Service.exe [10945776 2017-12-15] (TeamViewer GmbH) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files (x86)\WiFi\bin\ZeroConfigService.exe [3674864 2014-01-08] (Intel® Corporation) S3 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.) R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-01-07] (Malwarebytes) S3 NETw5s64; C:\Windows\System32\DRIVERS\NETw5s64.sys [7680512 2010-03-18] (Intel Corporation) [File not signed] S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.) S3 massfilter; system32\drivers\massfilter.sys [X] S3 MBAMWebProtection; system32\DRIVERS\mwac.sys [X] S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X] S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X] S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-02-06 18:26 - 2018-02-06 18:31 - 000010056 _____ C:\Users\~.~\Desktop\FRST.txt 2018-02-05 18:49 - 2018-02-05 18:53 - 008206624 _____ (Malwarebytes) C:\Users\~.~\Desktop\adwcleaner_7.0.7.0.exe 2018-02-03 16:16 - 2018-02-05 19:56 - 000001258 _____ C:\Users\~.~\Desktop\Anweisung.Cosinus.txt 2018-02-03 16:16 - 2018-02-03 16:16 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\6375E5BF.sys 2018-02-03 15:45 - 2018-02-03 18:36 - 000000000 ____D C:\Users\~.~\Desktop\mbar 2018-02-03 15:45 - 2018-02-03 18:36 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2018-02-03 15:45 - 2018-02-03 15:45 - 000192952 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2018-02-03 15:40 - 2018-02-03 15:40 - 014178840 _____ (Malwarebytes Corp.) C:\Users\~.~\Desktop\mbar-1.10.3.1001.exe 2018-02-03 15:14 - 2018-02-03 15:14 - 000029612 _____ C:\Users\~.~\.recently-used.xbel 2018-02-02 22:16 - 2018-02-02 22:16 - 000033574 _____ C:\Users\~.~\Desktop\Addition_18-02-02.txt 2018-02-02 22:16 - 2018-02-02 22:16 - 000020866 _____ C:\Users\~.~\Desktop\FRST_18-02-02.txt 2018-02-02 22:14 - 2018-02-02 22:14 - 000000000 ____D C:\Users\~.~\Desktop\FRST-OlderVersion 2018-02-01 22:09 - 2018-02-01 22:09 - 000000118 _____ C:\Users\~.~\Desktop\Breun.txt 2018-01-31 14:10 - 2018-01-31 14:10 - 000000999 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk 2018-01-31 13:52 - 2018-01-31 13:52 - 000000861 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk 2018-01-31 13:52 - 2018-01-31 13:52 - 000000849 _____ C:\Users\Public\Desktop\TeamViewer 13.lnk 2018-01-31 13:52 - 2018-01-31 13:52 - 000000000 ____D C:\Users\Administrator.Cunegonde\AppData\Roaming\TeamViewer 2018-01-31 13:49 - 2018-01-31 13:49 - 000000947 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2018-01-31 13:49 - 2018-01-31 13:49 - 000000000 ____D C:\Program Files\Mozilla Firefox 2018-01-31 13:32 - 2018-01-31 13:32 - 000000000 ____D C:\Users\Administrator.Cunegonde\AppData\Roaming\PDF Architect 4 2018-01-31 13:29 - 2018-02-05 19:06 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2018-01-31 13:09 - 2018-01-31 13:12 - 000000000 ____D C:\Program Files (x86)\OpenOffice.org 3 2018-01-31 11:36 - 2018-01-31 11:36 - 000000000 ____D C:\Users\~.~\Documents\PDF Architect 2018-01-30 13:41 - 2018-01-30 13:41 - 000000000 ____D C:\Users\~.~\AppData\Local\CEWE FOTOSERVICE 2018-01-30 13:41 - 2018-01-30 13:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CEWE FOTOSERVICE 2018-01-30 13:33 - 2018-01-30 13:33 - 000000000 ____D C:\Users\~.~\AppData\Roaming\hps-install 2018-01-30 01:25 - 2018-01-30 01:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller 2018-01-27 22:40 - 2018-01-27 22:40 - 000001238 _____ C:\Users\~.~\Desktop\Malwarebytes_18-01-27_report.txt 2018-01-27 22:39 - 2018-01-27 22:39 - 000001238 _____ C:\Users\~.~\Desktop\Malwarebytes_18-01-27_summary.txt 2018-01-26 21:28 - 2018-02-02 22:16 - 000033571 _____ C:\Users\~.~\Desktop\Addition_18-02-02_doubleSS.txt 2018-01-26 21:23 - 2018-02-02 22:16 - 000020863 _____ C:\Users\~.~\Desktop\FRST_18-02-02_doubleSS.txt 2018-01-26 21:21 - 2018-02-03 15:07 - 000001013 _____ C:\Users\~.~\Desktop\brrr,mal-wieder - Shortcut.lnk 2018-01-26 21:15 - 2018-02-02 22:14 - 002393088 _____ (Farbar) C:\Users\~.~\Desktop\FRST64.exe 2018-01-12 07:23 - 2018-01-12 07:23 - 000001230 _____ C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LRC2003_Lernprogramm.lnk 2018-01-08 00:06 - 2018-01-08 00:06 - 000001749 _____ C:\Users\~.~\Desktop\Bing, pls help.txt 2018-01-08 00:03 - 2018-02-05 19:26 - 000000000 ____D C:\AdwCleaner 2018-01-07 23:21 - 2018-01-07 23:21 - 000001696 _____ C:\Users\Public\Desktop\PDF24.lnk 2018-01-07 23:21 - 2018-01-07 23:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24 2018-01-07 23:17 - 2016-09-23 12:16 - 000000109 _____ C:\Users\~.~\Desktop\Online PDF Tools.url 2018-01-07 22:05 - 2018-01-07 22:05 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2018-01-07 22:04 - 2018-01-07 22:04 - 000001878 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2018-01-07 22:04 - 2018-01-07 22:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-01-07 22:04 - 2018-01-07 22:04 - 000000000 ____D C:\ProgramData\MB2Migration 2018-01-07 22:04 - 2018-01-07 22:04 - 000000000 ____D C:\Program Files\Malwarebytes 2018-01-07 22:04 - 2017-11-29 09:11 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-02-06 18:26 - 2016-07-03 21:09 - 000000000 ____D C:\FRST 2018-02-06 18:24 - 2017-09-05 23:04 - 000000000 ____D C:\Users\~.~\AppData\LocalLow\Mozilla 2018-02-06 18:23 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\tracing 2018-02-06 18:22 - 2009-07-14 05:45 - 000013456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2018-02-06 18:22 - 2009-07-14 05:45 - 000013456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2018-02-06 17:50 - 2015-09-27 02:43 - 000000000 ___HD C:\Windows\system32\WLANProfiles 2018-02-06 17:36 - 2009-07-14 06:13 - 000006222 _____ C:\Windows\system32\PerfStringBackup.INI 2018-02-05 19:27 - 2016-12-20 23:39 - 000065536 _____ C:\Windows\system32\Ikeext.etl 2018-02-05 19:27 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-02-05 19:18 - 2011-10-06 07:15 - 000000000 ____D C:\Users\Administrator.Cunegonde 2018-02-05 19:08 - 2017-03-06 21:33 - 000000000 ____D C:\ProgramData\ProductData 2018-02-05 19:07 - 2009-07-14 05:45 - 000331008 _____ C:\Windows\system32\FNTCACHE.DAT 2018-02-03 16:17 - 2016-04-03 14:15 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-02-03 15:40 - 2010-09-23 11:55 - 000000000 ____D C:\Users\~.~\.gimp-2.6 2018-02-03 15:14 - 2010-08-15 06:32 - 000000000 ____D C:\Users\~.~ 2018-02-03 15:02 - 2010-09-23 12:20 - 000000000 ____D C:\Users\~.~\AppData\Roaming\gtk-2.0 2018-02-02 22:31 - 2010-08-16 21:14 - 000075728 _____ C:\Users\~.~\AppData\Local\GDIPFONTCACHEV1.DAT 2018-02-02 22:08 - 2010-08-16 14:54 - 000000000 ____D C:\Program_Files_(x86) 2018-02-02 22:08 - 2009-07-14 08:46 - 000000000 ____D C:\Windows\ShellNew 2018-02-02 22:08 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf 2018-01-31 11:40 - 2011-04-16 20:22 - 000000000 ____D C:\Users\~.~\AppData\Roaming\vlc 2018-01-31 11:38 - 2016-01-25 13:22 - 000000000 ____D C:\Program Files\PDF Architect 4 2018-01-31 11:37 - 2016-01-25 13:22 - 000000000 ____D C:\Program Files (x86)\PDF Architect 4 2018-01-31 08:58 - 2015-11-12 20:35 - 000000000 ____D C:\eBücher 2018-01-30 14:51 - 2014-01-19 21:51 - 000000000 ____D C:\ProgramData\tmp 2018-01-30 14:51 - 2014-01-19 21:51 - 000000000 ____D C:\ProgramData\hps 2018-01-30 10:19 - 2010-08-17 00:05 - 000000000 ____D C:\abracadabra 2018-01-30 01:54 - 2014-08-12 17:29 - 000000000 ____D C:\ProgramData\Package Cache 2018-01-18 00:32 - 2017-10-21 22:24 - 129365736 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe 2018-01-18 00:32 - 2013-07-25 19:33 - 000000000 ____D C:\Windows\system32\MRT 2018-01-18 00:32 - 2010-08-18 19:56 - 129365736 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2018-01-11 07:56 - 2010-08-17 00:16 - 000000000 ____D C:\Bilder 2018-01-11 07:37 - 2015-11-19 14:13 - 000000000 ____D C:\Users\~.~\AppData\Local\Opera Software 2018-01-11 07:37 - 2015-11-19 14:12 - 000000000 ____D C:\Users\~.~\AppData\Roaming\Opera Software 2018-01-08 07:06 - 2015-10-14 12:51 - 000001048 _____ C:\Users\~.~\Desktop\Desktop-Dateien.lnk 2018-01-08 00:09 - 2017-01-04 19:36 - 000000000 ____D C:\Users\~.~\AppData\Local\Downloaded Installations 2018-01-08 00:09 - 2016-01-25 13:17 - 000000000 ____D C:\Users\~.~\AppData\Roaming\Lavasoft 2018-01-08 00:08 - 2017-05-12 12:33 - 000000000 ____D C:\Users\Administrator.Cunegonde\AppData\Roaming\IObit 2018-01-08 00:08 - 2017-03-06 21:26 - 000000000 ____D C:\ProgramData\IObit 2018-01-08 00:08 - 2017-03-06 21:25 - 000000000 ____D C:\Users\~.~\AppData\Roaming\IObit 2018-01-08 00:08 - 2016-01-25 13:17 - 000000000 ____D C:\ProgramData\Lavasoft 2018-01-07 22:26 - 2017-11-19 03:31 - 000000000 ____D C:\00_USB-Stift_19.11.17 2018-01-07 21:36 - 2010-09-24 16:54 - 000000000 ____D C:\ProgramData\Skype 2018-01-07 21:32 - 2010-09-24 16:54 - 000000000 ____D C:\Users\~.~\AppData\Roaming\Skype 2018-01-07 21:27 - 2012-12-28 18:13 - 000000000 ____D C:\Windows\system32\Macromed 2018-01-07 21:27 - 2010-08-16 16:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed ==================== Files in the root of some directories ======= 2017-12-25 01:54 - 2017-12-25 01:56 - 000009849 _____ () C:\Users\~.~\AppData\Roaming\.ptbt0 2013-02-24 18:33 - 2013-02-24 21:13 - 000000568 _____ () C:\Users\~.~\AppData\Roaming\AutoGK.ini 2012-10-03 12:51 - 2013-10-21 23:44 - 000000028 _____ () C:\Users\~.~\AppData\Roaming\PhonerLitesettings.ini 2011-01-06 19:22 - 2011-01-06 19:22 - 000003584 _____ () C:\Users\~.~\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2011-08-07 00:57 - 2016-04-04 20:45 - 000007605 _____ () C:\Users\~.~\AppData\Local\Resmon.ResmonCfg Some files in TEMP: ==================== 2011-09-09 18:45 - 2012-12-24 16:02 - 000248008 _____ (Ask.com) C:\Users\Administrator.Cunegonde\AppData\Local\Temp\AskSLib.dll 2017-03-17 16:14 - 2017-03-17 16:14 - 014456872 _____ (Microsoft Corporation) C:\Users\~.~\AppData\Local\Temp\vc_redist.x86.exe 2017-10-21 21:36 - 2017-11-04 22:18 - 000910504 _____ () C:\Users\~.~\AppData\Local\Temp\WCN001.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-01-30 09:38 ==================== End of FRST.txt ============================ [CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018 Ran by ~.~ (06-02-2018 18:32:16) Running from C:\Users\~.~\Desktop Windows 7 Professional Service Pack 1 (X64) (2010-08-15 05:32:53) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-765177893-555145608-490344441-500 - Administrator - Enabled) => C:\Users\Administrator.Cunegonde Guest (S-1-5-21-765177893-555145608-490344441-501 - Limited - Disabled) ~.~ (S-1-5-21-765177893-555145608-490344441-1000 - Administrator - Enabled) => C:\Users\~.~ ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH) Auto Gordian Knot 2.55 (HKLM-x32\...\AutoGK) (Version: 2.55 - len0x) AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - ) calibre 64bit (HKLM\...\{022ED169-3871-4D3E-963E-322226C5F455}) (Version: 2.13.0 - Kovid Goyal) CEWE FOTOSERVICE (HKLM-x32\...\CEWE FOTOSERVICE) (Version: 6.3.1 - CEWE Stiftung u Co. KGaA) ClipGrab 3.6.1 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version: - Philipp Schmieder Medien) Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation) Dropbox (HKU\S-1-5-21-765177893-555145608-490344441-1000\...\Dropbox) (Version: 2.0.26 - Dropbox, Inc.) ElsterFormular (HKLM-x32\...\{C75F51E9-3DDE-42EC-9D00-97E7C4F9CEF8}) (Version: 18.3.0 - Thüringer Landesfinanzdirektion) f.lux (HKU\S-1-5-21-765177893-555145608-490344441-1000\...\Flux) (Version: - ) Finale NotePad 2008 (HKLM-x32\...\Finale NotePad 2008) (Version: 13.0.0.0 - MakeMusic) Free M4a to MP3 Converter 8.1 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com) Free YouTube to MP3 Converter version 3.12.46.923 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.46.923 - DVDVideoSoft Ltd.) FreeOCR v5.4 (HKLM-x32\...\freeocr_is1) (Version: - ) FreeRIP v3.45 (HKLM-x32\...\{501451DE-5808-4599-B544-8BD0915B6B24}_is1) (Version: 3.45 - MGShareware) GIMP 2.6.10 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.10 - The GIMP Team) Hugin 2012.0.0 (HKLM-x32\...\Hugin) (Version: 2012.0.0 hg_a6e4184ad538 - The Hugin Development Team) InfraRecorder (HKLM-x32\...\InfraRecorder) (Version: - ) Intel® PROSet/Wireless Software (HKLM-x32\...\{eddf4201-b72e-4e94-9e7b-ac1ba97c029f}) (Version: 16.11.0 - Intel Corporation) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.30 - Irfan Skiljan) JavaScript Tools (HKLM-x32\...\HSJS) (Version: - ) Konz 2013 (HKLM-x32\...\{76651FD7-2B71-4B61-9F3A-E82F52F08D92}) (Version: 1.00.0000 - USM) Hidden Konz 2013 (HKLM-x32\...\InstallShield_{76651FD7-2B71-4B61-9F3A-E82F52F08D92}) (Version: 1.00.0000 - USM) LAME v3.98.3 for Audacity (HKLM-x32\...\LAME for Audacity_is1) (Version: - ) Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.12.23 - Lenovo) Hidden LRC 2003, Version 0.4 (HKLM-x32\...\LRC 2003_is1) (Version: 0.4 - Jakob Lemler) Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes) Manager (HKLM-x32\...\{A11F05A4-7CAD-4F85-8C85-DCA18E3E208D}) (Version: 4.0.1.25166 - 2015 pdfforge GmbH. All rights reserved) Hidden Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Motorola Driver Installation 3.9.0 (HKLM\...\{3E2DA560-EE3E-45C2-9CC7-B1B0A06C6BE6}) (Version: 3.9.0 - Motorola Inc.) Mozilla Firefox 58.0.1 (x64 de) (HKLM\...\Mozilla Firefox 58.0.1 (x64 de)) (Version: 58.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 58.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.6.0 - Mozilla) Mozilla Thunderbird 52.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 52.6.0 (x86 de)) (Version: 52.6.0 - Mozilla) Oxelon Media Converter 1.1 (HKLM-x32\...\Oxelon Media Converter_is1) (Version: - Oxelon) PDF Architect 4 (HKLM-x32\...\PDF Architect 4) (Version: 4.0.34.26215 - pdfforge GmbH) PDF Architect 4 Create Module (HKLM\...\{72B9DF2C-76FA-40B5-A469-16EAB159CE72}) (Version: 4.1.5.29097 - pdfforge GmbH) Hidden PDF Architect 4 Edit Module (HKLM\...\{BDF7326B-7ED4-4034-B867-F4E88D4E628B}) (Version: 4.1.5.29097 - pdfforge GmbH) Hidden PDF Architect 4 View Module (HKLM\...\{03E04B47-9270-4613-8D7E-DA4AD2B259A0}) (Version: 4.1.5.29097 - pdfforge GmbH) Hidden PDF24 Creator 8.4.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) Revo Uninstaller 2.0.4 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.4 - VS Revo Group, Ltd.) Steuer 2012 (HKLM-x32\...\{01159E8A-44F7-4885-A7F9-872CE4D74063}) (Version: 20.00.8137 - Buhl Data Service GmbH) Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.06 - Wolters Kluwer Deutschland GmbH) TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.0.6447 - TeamViewer) ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - ) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN) VobSub v2.23 (Remove Only) (HKLM-x32\...\VobSub) (Version: - ) Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc) WinDjView 1.0.3 (HKLM-x32\...\WinDjView) (Version: 1.0.3 - Andrew Zhezherun) XviD MPEG4 Video Codec (remove only) (HKLM-x32\...\XviD MPEG4 Video Codec) (Version: - ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-765177893-555145608-490344441-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\~.~\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-765177893-555145608-490344441-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\~.~\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-765177893-555145608-490344441-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\~.~\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-765177893-555145608-490344441-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\~.~\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-765177893-555145608-490344441-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\~.~\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.) ContextMenuHandlers1-x32: [OpenWithCtxMenuExt] -> {AC94BA2C-8211-45D4-AB5C-C2A9BCCC8FB6} => C:\Program_Files_(x86)\OxelonMedia_File-Converter\menuext.dll [2009-03-11] () ContextMenuHandlers1-x32: [PDFArchitect4_ManagerExt] -> {3AECFCB3-8472-48E9-BC7B-5A3CD945C886} => C:\Program Files\PDF Architect 4\creator-context-menu.dll [2016-08-05] (pdfforge GmbH) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-02-11] (Intel Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes) ContextMenuHandlers1_S-1-5-21-765177893-555145608-490344441-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\~.~\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-06-05] (Dropbox, Inc.) ContextMenuHandlers4_S-1-5-21-765177893-555145608-490344441-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\~.~\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-06-05] (Dropbox, Inc.) ContextMenuHandlers5_S-1-5-21-765177893-555145608-490344441-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\~.~\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-06-05] (Dropbox, Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {26A5A08A-7C32-4F2E-AD95-7C28491EC43C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated) Task: {26CE1389-5D43-4568-98A2-AD6415912602} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe Task: {57F3203C-992C-4D7C-8B5E-57690269996C} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe Task: {60CBC99E-9B8B-4C73-8D62-5DCE59522290} - System32\Tasks\Java(TM) Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation) Task: {6AAF6128-83BA-4BE3-B832-D04C58063F9B} - System32\Tasks\{8E0384D6-D1F2-407F-AAD8-65C63C261FC0} => "c:\program_files_(x86)\mozilla_firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.8.0.156/en/abandoninstall?page=tsProgressBar Task: {6AD3FA40-972D-46D1-97F4-73F93B9228F2} - System32\Tasks\{8DC8F86E-7B5D-48BC-9CA6-3C225074A363} => "c:\program_files_(x86)\mozilla_firefox\firefox.exe" hxxp://ui.skype.com/ui/0/4.2.0.187.259/en/abandoninstall?source=lightinstaller&page=tsChrome&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:offered-installed;madedefault Task: {80E627F7-4174-481E-B32E-2FAFF5D3709A} - System32\Tasks\{A7629334-9837-41B2-9256-9AA357C731C5} => C:\Windows\system32\pcalua.exe -a C:\Users\~.~\Desktop\Flash_Disinfector.exe -d C:\Users\~.~\Desktop Task: {8223F5D9-D0C6-4B65-A95E-5BD77567AB68} - System32\Tasks\{905CA972-BE80-49B1-AB0D-EB111501DFF9} => "c:\program_files_(x86)\mozilla_firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.8.0.156/en/abandoninstall?page=tsProgressBar Task: {A0CFECD4-DBE7-44F0-A1A8-715C167F78F8} - System32\Tasks\{18789D0E-3618-4737-B263-8CE0EC630E7D} => C:\Windows\system32\pcalua.exe -a "C:\Users\~.~\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0QVNPABN\Swf2Avi_Setup[1].exe" -d C:\Users\~.~\Desktop Task: {A56B82D2-35C8-43F2-8EFD-21A7B5A616E4} - System32\Tasks\{523506CD-98C8-4C61-B478-64DD49AE03C0} => "c:\program_files_(x86)\mozilla_firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.8.0.156/en/abandoninstall?page=tsProgressBar Task: {BEC7200B-93D8-4530-BDFE-D2436114707A} - System32\Tasks\{3EEADEBC-0E71-4265-906E-9C87C7213985} => "c:\program_files_(x86)\mozilla_firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.8.0.156/en/abandoninstall?page=tsProgressBar Task: {D6F79C35-7D3D-42CE-976E-7E8BE0C5B833} - System32\Tasks\{E387F2EE-50F0-4801-89D6-C6591AE5B325} => C:\Windows\system32\pcalua.exe -a "C:\Users\~.~\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0QVNPABN\oxelonplugins[1].exe" -d C:\Users\~.~\Desktop Task: {DC9F395E-A399-4AE6-87E6-A668443FC0D3} - System32\Tasks\{D3C540CA-7EAC-4D61-ADD2-2453D051F568} => C:\Windows\system32\pcalua.exe -a C:\Users\~.~\Desktop\Swf2Avi_Setup.exe -d C:\Users\~.~\Desktop Task: {FE43990C-1489-44A6-9F88-BA66D29825BF} - System32\Tasks\{D1566649-4421-4B84-A531-8A311AD3B1EC} => "c:\program_files_(x86)\mozilla_firefox\firefox.exe" hxxp://ui.skype.com/ui/0/4.2.0.187/en/abandoninstall?source=lightinstaller&page=tsDownload&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;alreadyoffered (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enblend Droplet 360.lnk -> C:\Program_Files_(x86)\Hugin\bin\enblend_droplet_360.bat () Shortcut: C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enblend Droplet.lnk -> C:\Program_Files_(x86)\Hugin\bin\enblend_droplet.bat () Shortcut: C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enfuse Align Droplet.lnk -> C:\Program_Files_(x86)\Hugin\bin\enfuse_align_droplet.bat () Shortcut: C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enfuse Auto Droplet.lnk -> C:\Program_Files_(x86)\Hugin\bin\enfuse_auto_droplet.bat () Shortcut: C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enfuse Droplet 360.lnk -> C:\Program_Files_(x86)\Hugin\bin\enfuse_droplet_360.bat () Shortcut: C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enfuse Droplet.lnk -> C:\Program_Files_(x86)\Hugin\bin\enfuse_droplet.bat () Shortcut: C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co ==================== Loaded Modules (Whitelisted) ============== 2008-10-24 15:35 - 2008-10-24 15:35 - 000128296 _____ () C:\Program_Files_(x86)\AAVUpdateManager\aavus.exe 2018-01-07 22:04 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\.DEFAULT\...\localhost -> localhost IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com IE trusted site: HKU\S-1-5-21-765177893-555145608-490344441-1000\...\localhost -> localhost ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2010-09-24 15:29 - 000620296 _____ C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 fr.a2dfp.net 127.0.0.1 m.fr.a2dfp.net 127.0.0.1 ad.a8.net 127.0.0.1 asy.a8ww.net 127.0.0.1 abcstats.com 127.0.0.1 a.abv.bg 127.0.0.1 adserver.abv.bg 127.0.0.1 adv.abv.bg 127.0.0.1 bimg.abv.bg 127.0.0.1 ca.abv.bg 127.0.0.1 www2.a-counter.kiev.ua 127.0.0.1 track.acclaimnetwork.com 127.0.0.1 accuserveadsystem.com 127.0.0.1 www.accuserveadsystem.com 127.0.0.1 achmedia.com 127.0.0.1 aconti.net 127.0.0.1 secure.aconti.net 127.0.0.1 www.aconti.net #[Dialer.Aconti] 127.0.0.1 ads.active.com 127.0.0.1 am1.activemeter.com 127.0.0.1 www.activemeter.com #[Tracking.Cookie] 127.0.0.1 ads.activepower.net 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie] 127.0.0.1 ad2games.com 127.0.0.1 cms.ad2click.nl 127.0.0.1 ads.ad2games.com 127.0.0.1 content.ad20.net 127.0.0.1 core.ad20.net 127.0.0.1 as.ad611.com There are 14742 more lines. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-765177893-555145608-490344441-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: WMPNetworkSvc => 3 MSCONFIG\startupfolder: C:^Users^~.~^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Skype^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup MSCONFIG\startupreg: f.lux => "C:\Users\~.~\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [TCP Query User{87C6CA73-8565-4CC8-A631-52DF2587208B}C:\program_files_(x86)\phonerlite\phonerlite.exe] => (Block) C:\program_files_(x86)\phonerlite\phonerlite.exe FirewallRules: [UDP Query User{C3DD9A55-B77C-44B9-9493-03CA95431174}C:\program_files_(x86)\phonerlite\phonerlite.exe] => (Block) C:\program_files_(x86)\phonerlite\phonerlite.exe FirewallRules: [{3AE68BFF-6C63-41C3-8C4C-74FAF25FE1A2}] => (Allow) C:\Program_Files_(x86)\Opera\opera.exe FirewallRules: [{FBD8C0CC-F333-4157-820D-6901A9C2430C}] => (Allow) C:\Program_Files_(x86)\Opera\opera.exe FirewallRules: [TCP Query User{90F4AF0A-BEBB-4442-A482-B036E46CEFEE}C:\program_files_(x86)\vlc\vlc.exe] => (Allow) C:\program_files_(x86)\vlc\vlc.exe FirewallRules: [UDP Query User{9B99392F-C4D5-42A3-AEE0-9A8BBE715C85}C:\program_files_(x86)\vlc\vlc.exe] => (Allow) C:\program_files_(x86)\vlc\vlc.exe FirewallRules: [{C7DECCB3-F652-4250-B6ED-D638AE67E15D}] => (Allow) C:\Program_Files_(x86)\Winamp\winamp.exe FirewallRules: [{A2867E64-8572-4B4A-BF4A-6063E72D6673}] => (Allow) C:\Program_Files_(x86)\Winamp\winamp.exe FirewallRules: [{58EA7E47-8BCD-44A3-A77A-E95F9BB356F5}] => (Allow) C:\Program_Files_(x86)\Winamp\winamp.exe FirewallRules: [{91A9A53E-C2E8-4D75-826C-59FC1CD8331F}] => (Allow) C:\Program_Files_(x86)\Winamp\winamp.exe FirewallRules: [{B9E3ED79-D949-4F1B-B962-D40904521A1B}] => (Allow) C:\Program Files (x86)\WiFi\bin\PanDhcpDns.exe FirewallRules: [{1A6CA4B9-F34B-4C72-9B83-543A4ECD7BE8}] => (Allow) C:\Program Files(x86)\TeamViewer\TeamViewer.exe FirewallRules: [{6FA1DC9A-43A6-4D07-A432-EB6F13ACF4F3}] => (Allow) C:\Program Files(x86)\TeamViewer\TeamViewer.exe FirewallRules: [{0AFA25DC-EC09-4659-A923-6592797C04C9}] => (Allow) C:\Program Files(x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{F508EFF9-743F-49D1-BCC9-02137D90EFFB}] => (Allow) C:\Program Files(x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{DB187DA7-A638-44FC-BF20-68F9045F2F7C}] => (Allow) C:\Program_Files_(x86)\TeamViewer\TeamViewer.exe FirewallRules: [{8169384E-87BD-4453-8D98-6F73E738A87B}] => (Allow) C:\Program_Files_(x86)\TeamViewer\TeamViewer.exe FirewallRules: [{11CB155E-AD17-454A-9CC8-0ECCDE4CFA32}] => (Allow) C:\Program_Files_(x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{AFA0DDAE-C4C8-45E7-A5CD-EB3B97441A00}] => (Allow) C:\Program_Files_(x86)\TeamViewer\TeamViewer_Service.exe ==================== Restore Points ========================= 05-02-2018 18:57:15 Windows Update ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Base System Device Description: Base System Device Class Guid: {4d36e970-e325-11ce-bfc1-08002be10318} Manufacturer: JMicron Technology Corp. Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (02/06/2018 05:36:09 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (02/06/2018 05:36:09 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (02/05/2018 07:32:06 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (02/05/2018 07:32:06 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (02/05/2018 07:19:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error: (02/05/2018 07:19:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error: (02/05/2018 07:10:42 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (02/05/2018 07:10:42 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (02/02/2018 10:33:09 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (02/02/2018 10:33:09 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. System errors: ============= Error: (02/05/2018 07:27:06 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll Error: (02/05/2018 07:27:06 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll Error: (02/05/2018 07:27:06 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll Error: (02/05/2018 07:27:02 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll Error: (02/05/2018 07:26:57 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 70. Error: (02/05/2018 07:26:57 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 70. Error: (02/05/2018 07:26:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intel(R) PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s). Error: (02/05/2018 07:26:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The PDF24 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (02/05/2018 07:26:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (02/05/2018 07:26:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The PDF Architect 4 Creator service terminated unexpectedly. It has done this 1 time(s). CodeIntegrity: =================================== Date: 2018-01-09 23:30:37.192 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\drivers\appid.sys because the set of per-page image hashes could not be found on the system. Date: 2018-01-09 23:30:37.022 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\drivers\appid.sys because the set of per-page image hashes could not be found on the system. Date: 2018-01-09 23:30:36.852 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\drivers\appid.sys because the set of per-page image hashes could not be found on the system. Date: 2018-01-09 23:30:36.682 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\drivers\appid.sys because the set of per-page image hashes could not be found on the system. Date: 2018-01-09 23:11:58.489 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\WinBioPlugIns\winbiostorageadapter.dll because the set of per-page image hashes could not be found on the system. Date: 2018-01-09 23:11:58.364 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\WinBioPlugIns\winbiostorageadapter.dll because the set of per-page image hashes could not be found on the system. Date: 2018-01-09 23:11:58.229 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\WinBioPlugIns\winbiostorageadapter.dll because the set of per-page image hashes could not be found on the system. Date: 2018-01-09 23:11:58.091 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\WinBioPlugIns\winbiostorageadapter.dll because the set of per-page image hashes could not be found on the system. Date: 2018-01-09 23:11:57.922 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\WinBioPlugIns\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system. Date: 2018-01-09 23:11:57.683 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\WinBioPlugIns\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU T6570 @ 2.10GHz Percentage of memory in use: 20% Total physical RAM: 3932.86 MB Available physical RAM: 3140.36 MB Total Virtual: 7863.92 MB Available Virtual: 6715.29 MB ==================== Drives ================================ Drive c: (Windows7_OS) (Fixed) (Total:454.82 GB) (Free:45.98 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:2.97 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 3068127E) Partition 1: (Active) - (Size=1.2 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=454.8 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ |
07.02.2018, 00:32 | #19 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows7: Bing als Standardsuche in Firefox... & Computer immer wieder langsam, bei nonresponsive scripts in Firefox & Thunderbird Kontrollscans mit (1) MBAM, (2) ESET und (3) SecurityCheck bitte: 1. Schritt: Malwarebytes Version 3 Downloade Dir bitte Malwarebytes Anti-Malware 3
2. Schritt: ESET Downloade Dir bitte ESET Online Scanner (Bebilderte Anleitung)
3. Schritt: SecurityCheck Downloade Dir bitte SecurityCheck und:
__________________ Logfiles bitte immer in CODE-Tags posten |
08.02.2018, 06:50 | #20 |
| Windows7: Bing als Standardsuche in Firefox... & Computer immer wieder langsam, bei nonresponsive scripts in Firefox & Thunderbird Das DOS-Fenster ist noch offen - einfach über "X" oben rechts schließen? Code:
ATTFilter Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 2/7/18 Scan Time: 7:25 AM Log File: b9ef38e1-0bcf-11e8-9045-00269eac1f3a.json Administrator: Yes -Software Information- Version: 3.3.1.2183 Components Version: 1.0.262 Update Package Version: 1.0.3881 License: Free -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Cunegonde\~.~ -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 332568 Threats Detected: 0 (No malicious items detected) Threats Quarantined: 0 (No malicious items detected) Time Elapsed: 27 min, 26 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) (end) Code:
ATTFilter C:\AdwCleaner\Quarantine\exuieaoEiI\Application\Lavasoft.SearchProtect.WinService.exe Variante von MSIL/WebCompanion.D eventuell unerwünschte Anwendung C:\AdwCleaner\Quarantine\exuieaoEiI\Application\Lavasoft.Utils.dll Variante von MSIL/WebCompanion.D eventuell unerwünschte Anwendung C:\AdwCleaner\Quarantine\exuieaoEiI\Application\Lavasoft.WCAssistant.WinService.exe Variante von MSIL/WebCompanion.D eventuell unerwünschte Anwendung C:\AdwCleaner\Quarantine\exuieaoEiI\Application\WebCompanion.exe Variante von MSIL/WebCompanion.D eventuell unerwünschte Anwendung C:\AdwCleaner\Quarantine\exuieaoEiI\Application\WebCompanionInstaller.exe Variante von MSIL/WebCompanion.C eventuell unerwünschte Anwendung C:\Program_Files_(x86)\Downloads\FreeYouTubeToMp3Converter3820.exe Variante von Win32/Toolbar.Conduit.AU eventuell unerwünschte Anwendung C:\Program_Files_(x86)\TeamViewer\TeamViewer_Setup_de_CB-DL-Manager.exe Variante von Win32/DownloadGuide.D eventuell unerwünschte Anwendung C:\Users\~.~\AppData\Local\Temp\WCN001.exe Variante von MSIL/WebCompanion.A eventuell unerwünschte Anwendung,Variante von Win32/WebCompanion.B eventuell unerwünschte Anwendung C:\Users\~.~\AppData\Local\Temp\7zS87A831C1\DevLib.dll Variante von MSIL/WebCompanion.A eventuell unerwünschte Anwendung C:\Users\~.~\AppData\Local\Temp\7zS87A831C1\GenericSetup.exe Variante von MSIL/WebCompanion.A eventuell unerwünschte Anwendung C:\Users\~.~\AppData\Local\Temp\7zS87A831C1\installer.exe Variante von Win32/WebCompanion.B eventuell unerwünschte Anwendung C:\Users\~.~\AppData\Local\Temp\7zS87A831C1\WizardPages.dll Variante von MSIL/WebCompanion.A eventuell unerwünschte Anwendung C:\Users\~.~\AppData\Local\Temp\DMR\dmr_72.exe Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung C:\Users\~.~\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\2673212d-6b0437fc Mehrere Bedrohungen,Variante von Java/Exploit.Agent.OMZ Trojaner,Java/Exploit.CVE-2012-1723.HM Trojaner,Java/Exploit.CVE-2012-1723.GW Trojaner C:\Windows\Temp\WebCompanion.zip Variante von MSIL/WebCompanion.D eventuell unerwünschte Anwendung,Variante von MSIL/WebCompanion.C eventuell unerwünschte Anwendung C:\Windows\Temp\wctmp_1178855646\WcInstaller.exe Variante von MSIL/WebCompanion.C eventuell unerwünschte Anwendung C:\Windows\Temp\wctmp_27822647\WcInstaller.exe Variante von MSIL/WebCompanion.C eventuell unerwünschte Anwendung C:\Windows\Temp\wctmp_304566458\WcInstaller.exe Variante von MSIL/WebCompanion.C eventuell unerwünschte Anwendung C:\Windows\Temp\wctmp_887237532\WcInstaller.exe Variante von MSIL/WebCompanion.C eventuell unerwünschte Anwendung C:\Windows\Temp\wctmp_962985567\WcInstaller.exe Variante von MSIL/WebCompanion.C eventuell unerwünschte Anwendung C:\Windows.old\Documents and Settings\~.~\Desktop\burnsetup.exe Variante von Win32/Toolbar.Conduit.K eventuell unerwünschte Anwendung C:\Windows.old\Program Files\NCH Swift Sound\ExpressBurn\burnsetup_v4.37.exe Variante von Win32/Toolbar.Conduit.K eventuell unerwünschte Anwendung C:\Windows.old\Program Files\NCH Swift Sound\ExpressBurn\expressburn.exe Variante von Win32/Toolbar.Conduit.K eventuell unerwünschte Anwendung C:\Windows.old\Program Files\NCH Swift Sound\ExpressBurn\uninst.exe Variante von Win32/Toolbar.Conduit.K eventuell unerwünschte Anwendung C:\Windows.old\Users\~.~\Desktop\burnsetup.exe Variante von Win32/Toolbar.Conduit.K eventuell unerwünschte Anwendung Code:
ATTFilter 17:36:17 # product=EOS # version=8 # flags=0 # esetonlinescanner_deu.exe=2.0.19.0 # EOSSerial= # end=init # utc_time=2018-02-07 16:36:17 # local_time=2018-02-07 17:36:17 (+0100, W. Europe Standard Time) # country="Germany" # osver=6.1.7601 NT Service Pack 1 17:36:23 # product=EOS # version=8 # flags=0 # esetonlinescanner_deu.exe=2.0.19.0 # EOSSerial=9ae7ee322bbe0f47b80c583d443d3fc7 # end=init # utc_time=2018-02-07 16:36:23 # local_time=2018-02-07 17:36:23 (+0100, W. Europe Standard Time) # country="Germany" # osver=6.1.7601 NT Service Pack 1 17:36:51 Updating 17:36:51 Update Init 17:36:56 Update Download 17:36:56 esets_scanner_update returned -1 esets_gle=12 17:36:56 Update Finalize 17:36:56 Call m_esets_charon_send 17:36:56 Call m_esets_charon_destroy 17:36:56 Retrying Update 17:36:56 Updating 17:36:56 Update Init 17:37:04 Update Download 17:37:04 esets_scanner_update returned -1 esets_gle=12 17:37:04 Update Finalize 17:37:04 Call m_esets_charon_send 17:37:04 Call m_esets_charon_destroy 17:37:04 Retrying Update 17:37:04 Updating 17:37:04 Update Init 17:37:12 Update Download 17:37:13 esets_scanner_update returned -1 esets_gle=12 17:37:13 Update Finalize 17:37:13 Call m_esets_charon_send 17:37:13 Call m_esets_charon_destroy 18:45:55 RecursiveRemoveDirectoryAndAllFiles: C:\Users\~.~\AppData\Local\ESET\ESETOnlineScanner\Quarantine\ 18:51:44 # product=EOS # version=8 # flags=0 # esetonlinescanner_deu.exe=2.0.19.0 # EOSSerial=9ae7ee322bbe0f47b80c583d443d3fc7 # end=init # utc_time=2018-02-07 17:51:44 # local_time=2018-02-07 18:51:44 (+0100, W. Europe Standard Time) # country="Germany" # osver=6.1.7601 NT Service Pack 1 18:51:49 # product=EOS # version=8 # flags=0 # esetonlinescanner_deu.exe=2.0.19.0 # EOSSerial=9ae7ee322bbe0f47b80c583d443d3fc7 # end=init # utc_time=2018-02-07 17:51:49 # local_time=2018-02-07 18:51:49 (+0100, W. Europe Standard Time) # country="Germany" # osver=6.1.7601 NT Service Pack 1 18:51:52 Updating 18:51:52 Update Init 18:52:01 Update Download 18:57:41 esets_scanner_reload returned 0 18:57:41 g_uiModuleBuild: 36325 18:57:42 Update Finalize 18:57:42 Call m_esets_charon_send 18:57:42 Call m_esets_charon_destroy 18:57:42 Updated modules version: 36325 18:57:59 Call m_esets_charon_setup_create 18:57:59 Call m_esets_charon_create 18:57:59 m_esets_charon_create OK 18:57:59 Call m_esets_charon_start_send_thread 18:57:59 Call m_esets_charon_setup_set 18:57:59 m_esets_charon_setup_set OK 18:57:59 Scanner engine: 36325 22:10:36 # product=EOS # version=8 # flags=0 # esetonlinescanner_deu.exe=2.0.19.0 # EOSSerial=9ae7ee322bbe0f47b80c583d443d3fc7 # engine=36325 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # sfx_checked=true # utc_time=2018-02-07 21:10:35 # local_time=2018-02-07 22:10:35 (+0100, W. Europe Standard Time) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 59759 269667685 0 0 # scanned=0 # found=0 # cleaned=0 # scan_time=11572 22:10:39 Call m_esets_charon_send 22:10:39 Call m_esets_charon_destroy 22:10:41 RecursiveRemoveDirectoryAndAllFiles: C:\Users\~.~\AppData\Local\ESET\ESETOnlineScanner\Quarantine\ 22:10:48 # product=EOS # version=8 # flags=0 # esetonlinescanner_deu.exe=2.0.19.0 # EOSSerial=9ae7ee322bbe0f47b80c583d443d3fc7 # end=init # utc_time=2018-02-07 21:10:48 # local_time=2018-02-07 22:10:48 (+0100, W. Europe Standard Time) # country="Germany" # osver=6.1.7601 NT Service Pack 1 22:10:54 # product=EOS # version=8 # flags=0 # esetonlinescanner_deu.exe=2.0.19.0 # EOSSerial=9ae7ee322bbe0f47b80c583d443d3fc7 # end=init # utc_time=2018-02-07 21:10:54 # local_time=2018-02-07 22:10:54 (+0100, W. Europe Standard Time) # country="Germany" # osver=6.1.7601 NT Service Pack 1 22:11:15 Call m_esets_charon_setup_create 22:11:15 Call m_esets_charon_create 22:11:15 m_esets_charon_create OK 22:11:15 Call m_esets_charon_start_send_thread 22:11:15 Call m_esets_charon_setup_set 22:11:15 m_esets_charon_setup_set OK 22:11:33 Updating 22:11:37 Update Init 22:12:22 Call m_esets_charon_send 22:12:23 Call m_esets_charon_destroy 23:55:44 Call m_esets_charon_setup_create 23:55:44 Call m_esets_charon_create 23:55:44 m_esets_charon_setup_set ERROR 23:55:49 Call m_esets_charon_send 23:55:50 Call m_esets_charon_destroy 23:55:57 RecursiveRemoveDirectoryAndAllFiles: C:\Users\~.~\AppData\Local\ESET\ESETOnlineScanner\Quarantine\ 00:00:04 # product=EOS # version=8 # flags=0 # esetonlinescanner_deu.exe=2.0.19.0 # EOSSerial=9ae7ee322bbe0f47b80c583d443d3fc7 # end=init # utc_time=2018-02-07 23:00:04 # local_time=2018-02-08 00:00:04 (+0100, W. Europe Standard Time) # country="Germany" # osver=6.1.7601 NT Service Pack 1 00:00:09 # product=EOS # version=8 # flags=0 # esetonlinescanner_deu.exe=2.0.19.0 # EOSSerial=9ae7ee322bbe0f47b80c583d443d3fc7 # end=init # utc_time=2018-02-07 23:00:08 # local_time=2018-02-08 00:00:08 (+0100, W. Europe Standard Time) # country="Germany" # osver=6.1.7601 NT Service Pack 1 00:00:26 Call m_esets_charon_setup_create 00:00:26 Call m_esets_charon_create 00:00:26 m_esets_charon_create OK 00:00:26 Call m_esets_charon_start_send_thread 00:00:26 Call m_esets_charon_setup_set 00:00:26 m_esets_charon_setup_set OK 00:00:32 Updating 00:00:32 Update Init 00:00:47 Call m_esets_charon_setup_create 00:00:47 Call m_esets_charon_create 00:00:47 m_esets_charon_setup_set ERROR 00:00:47 Update Download 00:01:30 esets_scanner_reload returned 0 00:01:30 g_uiModuleBuild: 36327 00:01:30 Update Finalize 00:01:30 Call m_esets_charon_send 00:01:30 Call m_esets_charon_destroy 00:01:31 Updated modules version: 36327 00:01:46 Call m_esets_charon_setup_create 00:01:46 Call m_esets_charon_create 00:01:46 m_esets_charon_setup_set ERROR 00:01:46 Scanner engine: 36327 04:16:29 # product=EOS # version=8 # flags=0 # esetonlinescanner_deu.exe=2.0.19.0 # EOSSerial=9ae7ee322bbe0f47b80c583d443d3fc7 # engine=36327 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # sfx_checked=true # utc_time=2018-02-08 03:16:29 # local_time=2018-02-08 04:16:29 (+0100, W. Europe Standard Time) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 81713 269689639 0 0 # scanned=2 # found=25 # cleaned=0 # scan_time=15297 sh=410796D6E6845A5286450F36F801BF63353A07BD ft=1 fh=0000000000000000 vn="Variante von MSIL/WebCompanion.D eventuell unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\exuieaoEiI\Application\Lavasoft.SearchProtect.WinService.exe" sh=DB9E4F1755F8AB17528719F1320EC627FF7FE1D3 ft=1 fh=0000000000000000 vn="Variante von MSIL/WebCompanion.D eventuell unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\exuieaoEiI\Application\Lavasoft.Utils.dll" sh=4280A9DD624BE6591A899B5A3683413A6FCBC027 ft=1 fh=0000000000000000 vn="Variante von MSIL/WebCompanion.D eventuell unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\exuieaoEiI\Application\Lavasoft.WCAssistant.WinService.exe" sh=C646DC4AE1E5F6AD484677B8522456A7EB69213F ft=1 fh=0000000000000000 vn="Variante von MSIL/WebCompanion.D eventuell unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\exuieaoEiI\Application\WebCompanion.exe" sh=9A16190BAB145A19BD5AC9697692E3DADB0D639D ft=1 fh=0000000000000000 vn="Variante von MSIL/WebCompanion.C eventuell unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\exuieaoEiI\Application\WebCompanionInstaller.exe" sh=20BA51F96F4EA5423FC90E17F635791D97DA4D44 ft=1 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.AU eventuell unerwünschte Anwendung" ac=I fn="C:\Program_Files_(x86)\Downloads\FreeYouTubeToMp3Converter3820.exe" sh=0246DAC8B5C093EFB5F1E0E2B69177731CA50ED7 ft=1 fh=0000000000000000 vn="Variante von Win32/DownloadGuide.D eventuell unerwünschte Anwendung" ac=I fn="C:\Program_Files_(x86)\TeamViewer\TeamViewer_Setup_de_CB-DL-Manager.exe" sh=CA761761744B5AB8DCB969316CE632925434D28C ft=1 fh=0000000000000000 vn="Variante von MSIL/WebCompanion.A eventuell unerwünschte Anwendung,Variante von Win32/WebCompanion.B eventuell unerwünschte Anwendung" ac=I fn="C:\Users\~.~\AppData\Local\Temp\WCN001.exe" sh=688FF62EEDCB9F17C22E032D0120BA77B4BD7DC7 ft=1 fh=0000000000000000 vn="Variante von MSIL/WebCompanion.A eventuell unerwünschte Anwendung" ac=I fn="C:\Users\~.~\AppData\Local\Temp\7zS87A831C1\DevLib.dll" sh=A5EC1B91463A83646F7ACE5A94834EE61B732923 ft=1 fh=0000000000000000 vn="Variante von MSIL/WebCompanion.A eventuell unerwünschte Anwendung" ac=I fn="C:\Users\~.~\AppData\Local\Temp\7zS87A831C1\GenericSetup.exe" sh=37D006174A0AA4A5C62867A0CDE4CDDB826622B9 ft=1 fh=0000000000000000 vn="Variante von Win32/WebCompanion.B eventuell unerwünschte Anwendung" ac=I fn="C:\Users\~.~\AppData\Local\Temp\7zS87A831C1\installer.exe" sh=5609EDDAD40A2E38425F3C8FA3C3212E0FCEE2F2 ft=1 fh=0000000000000000 vn="Variante von MSIL/WebCompanion.A eventuell unerwünschte Anwendung" ac=I fn="C:\Users\~.~\AppData\Local\Temp\7zS87A831C1\WizardPages.dll" sh=E372AF7F5CBB53D354E3BE2AC726ED730F17FF4A ft=1 fh=0000000000000000 vn="Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung" ac=I fn="C:\Users\~.~\AppData\Local\Temp\DMR\dmr_72.exe" sh=3193068E2BA855836809E2DC4B53634BEF004ACD ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen,Variante von Java/Exploit.Agent.OMZ Trojaner,Java/Exploit.CVE-2012-1723.HM Trojaner,Java/Exploit.CVE-2012-1723.GW Trojaner" ac=I fn="C:\Users\~.~\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\2673212d-6b0437fc" sh=7F268045E08BC65CFF7DC97EEDD5149C8FFEB19E ft=0 fh=0000000000000000 vn="Variante von MSIL/WebCompanion.D eventuell unerwünschte Anwendung,Variante von MSIL/WebCompanion.C eventuell unerwünschte Anwendung" ac=I fn="C:\Windows\Temp\WebCompanion.zip" sh=58A0C2588043C136835E8219175E59EEEF4520E0 ft=1 fh=0000000000000000 vn="Variante von MSIL/WebCompanion.C eventuell unerwünschte Anwendung" ac=I fn="C:\Windows\Temp\wctmp_1178855646\WcInstaller.exe" sh=5B4B0DD147CE9A188473E289B5F4016F34BD0B67 ft=1 fh=0000000000000000 vn="Variante von MSIL/WebCompanion.C eventuell unerwünschte Anwendung" ac=I fn="C:\Windows\Temp\wctmp_27822647\WcInstaller.exe" sh=94549509601D21D2DF433B30E26516885952ADB4 ft=1 fh=0000000000000000 vn="Variante von MSIL/WebCompanion.C eventuell unerwünschte Anwendung" ac=I fn="C:\Windows\Temp\wctmp_304566458\WcInstaller.exe" sh=4DDFCAFC25A6ED65A042DAA74A02F5F4FD0CF92B ft=1 fh=0000000000000000 vn="Variante von MSIL/WebCompanion.C eventuell unerwünschte Anwendung" ac=I fn="C:\Windows\Temp\wctmp_887237532\WcInstaller.exe" sh=7971078748BB5F1A053558385FFCA817A1025053 ft=1 fh=0000000000000000 vn="Variante von MSIL/WebCompanion.C eventuell unerwünschte Anwendung" ac=I fn="C:\Windows\Temp\wctmp_962985567\WcInstaller.exe" sh=21B8C9D2144EA602AF01B1565CC80B21D95D76AD ft=1 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.K eventuell unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\~.~\Desktop\burnsetup.exe" sh=21B8C9D2144EA602AF01B1565CC80B21D95D76AD ft=1 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.K eventuell unerwünschte Anwendung" ac=I fn="C:\Windows.old\Program Files\NCH Swift Sound\ExpressBurn\burnsetup_v4.37.exe" sh=27070EE60FA6B04CAD9275B8F2D755859AE26FC2 ft=1 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.K eventuell unerwünschte Anwendung" ac=I fn="C:\Windows.old\Program Files\NCH Swift Sound\ExpressBurn\expressburn.exe" sh=454A225249E4B9E7170687BB75F52BD22F66E7E2 ft=1 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.K eventuell unerwünschte Anwendung" ac=I fn="C:\Windows.old\Program Files\NCH Swift Sound\ExpressBurn\uninst.exe" sh=21B8C9D2144EA602AF01B1565CC80B21D95D76AD ft=1 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.K eventuell unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\~.~\Desktop\burnsetup.exe" 06:21:25 Call m_esets_charon_send 06:21:25 Call m_esets_charon_destroy 06:21:26 RecursiveRemoveDirectoryAndAllFiles: C:\Users\~.~\AppData\Local\ESET\ESETOnlineScanner\Quarantine\ |
08.02.2018, 09:21 | #21 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows7: Bing als Standardsuche in Firefox... & Computer immer wieder langsam, bei nonresponsive scripts in Firefox & Thunderbird Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Program_Files_(x86)\Downloads C:\Program_Files_(x86)\TeamViewer\TeamViewer_Setup_de_CB-DL-Manager.exe hosts: emptytemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ --> Windows7: Bing als Standardsuche in Firefox... & Computer immer wieder langsam, bei nonresponsive scripts in Firefox & Thunderbird |
09.02.2018, 19:24 | #22 |
| Windows7: Bing als Standardsuche in Firefox... & Computer immer wieder langsam, bei nonresponsive scripts in Firefox & Thunderbird "Starte nun FRST erneut und klicke den Entfernen Button. " Tut mir leid, den Teil verstehe ich nicht - die Programmoberfläche ist ja englisch, aber es gibt auch kein "delete" oder ähnliches. Wenn ich die Taste "Entfernen" drücke, passiert auch nichts. Was genau ist gemeint - ? |
09.02.2018, 19:39 | #23 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows7: Bing als Standardsuche in Firefox... & Computer immer wieder langsam, bei nonresponsive scripts in Firefox & Thunderbird Lies doch mal die Anleitung richtig. Und die auch richtig d.h. 1:1 umsetzen. Einfacher gehts nun wirklich nich zu beschreiben.
__________________ Logfiles bitte immer in CODE-Tags posten |
09.02.2018, 22:29 | #24 |
| Windows7: Bing als Standardsuche in Firefox... & Computer immer wieder langsam, bei nonresponsive scripts in Firefox & Thunderbird Ich habe die Anleitung schon ein paarmal (mittlerweile im zweistelligen Bereich) gelesen. Ich hatte sie schon vor meinem letzten Eintrag Zeile für Zeile abgearbeitet. Bis halt zu dem einen Schritt, den ich nicht verstehe. Den habe ich genannt. Und nun? |
09.02.2018, 23:05 | #25 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows7: Bing als Standardsuche in Firefox... & Computer immer wieder langsam, bei nonresponsive scripts in Firefox & Thunderbird Das liegt daran, dass du die Schritte zuvor nicht richtig machst. Und es gibt keine einfachere Erklärung, wie man eine Textdatei erstellt, mit Inhalt füllt und diese mit dem geforderten Dateinamen versieht und anschließend FRST startet für den Fix. Wie ich schon sagte, ANleitung KOMPLETT LESEN und umsetzen. Unsere Anleitungsbausteine wurden schon viele Tausend Male verwendet.
__________________ Logfiles bitte immer in CODE-Tags posten |
10.02.2018, 15:24 | #26 |
| Windows7: Bing als Standardsuche in Firefox... & Computer immer wieder langsam, bei nonresponsive scripts in Firefox & Thunderbird Nachdem wir also festgestellt haben, daß es 1000e Nutzer gibt, die erfolgreich einen "Entfernen Button" identifiziert und geklickt haben, sehe ich vier Möglichkeiten: - Du erklärst es mir. - Du nennst mir einen der 1000en, damit ich den unauffällig fragen kann. - Ich frage hier im Forum in einem neuen Faden, was gemeint ist. - Wir diskutieren jetzt längere Zeit darüber, daß es gut erklärt und total einfach ist und ich es trotzdem nicht verstehe. ;-) ... Wenn Du weitere Möglichkeiten kennst, gern. |
10.02.2018, 16:08 | #27 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows7: Bing als Standardsuche in Firefox... & Computer immer wieder langsam, bei nonresponsive scripts in Firefox & Thunderbird Ich schreib für dich die Anleitung jedenfalls nicht neu. Sag KONKRET an welchen Punkt du nicht weiterkommst, nicht einfach sowas sinngemäß wie "boar ich schnall das alles nicht" - wenn du den button ENTFERNEN nicht siehst ja dann weiß ich auch nicht, Brille mal aufsetzen?
__________________ Logfiles bitte immer in CODE-Tags posten |
10.02.2018, 16:09 | #28 |
/// TB-Senior | Windows7: Bing als Standardsuche in Firefox... & Computer immer wieder langsam, bei nonresponsive scripts in Firefox & Thunderbird Sorry für die Störung: In der englischen Oberfläche heißt der Button FIX.
__________________ Zum Schutz vor Trojanerinnen und Femaleware ist bei einem aktuellen Windows 10 die Windows-Defenderin ausreichend. |
10.02.2018, 16:21 | #29 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows7: Bing als Standardsuche in Firefox... & Computer immer wieder langsam, bei nonresponsive scripts in Firefox & Thunderbird Der Button ist aber der selben Position wie der Entfernen-Button oder nicht? BTW: du brauchst dich nicht zu entschuldigen Frau root ich hab dir ja gesagt wenn was ist darfst du in "meinen" Threads posten
__________________ Logfiles bitte immer in CODE-Tags posten |
10.02.2018, 22:33 | #30 |
| Windows7: Bing als Standardsuche in Firefox... & Computer immer wieder langsam, bei nonresponsive scripts in Firefox & Thunderbird Danke, Fragerin! (Irreführend, daß die Sprachversionen so unterschiedliche Wörter benutzen. Zumal ich nicht einmal um die deutsche Version wußte...) Code:
ATTFilter Fix result of Farbar Recovery Scan Tool (x64) Version: 10.02.2018 02 Ran by ~.~ (10-02-2018 20:52:38) Run:1 Running from C:\Users\~.~\Desktop Loaded Profiles: ~.~ (Available Profiles: ~.~ & Administrator) Boot Mode: Normal ============================================== fixlist content: ***************** C:\Program_Files_(x86)\Downloads C:\Program_Files_(x86)\TeamViewer\TeamViewer_Setup_de_CB-DL-Manager.exe hosts: emptytemp: ***************** C:\Program_Files_(x86)\Downloads => moved successfully C:\Program_Files_(x86)\TeamViewer\TeamViewer_Setup_de_CB-DL-Manager.exe => moved successfully C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 149613144 B Java, Flash, Steam htmlcache => 5729 B Windows/system/drivers => 278730392 B Edge => 0 B Chrome => 0 B Firefox => 382197169 B Opera => 0 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 66228 B Public => 0 B ProgramData => 0 B systemprofile => 36106986 B systemprofile32 => 648981 B LocalService => 132244 B NetworkService => 715482 B ~.~ => 1442702542 B Administrator.Cunegonde => 2883757 B RecycleBin => 685817936 B EmptyTemp: => 2.8 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 20:55:11 ==== Nun habe ich neugierig die erste Seite des Fadens aufgerufen... und bekomme auch Graphiken angezeigt in den Beiträgen #10 und #11 (ebenfalls mit dem ominösen "Entfernen"-Button in FRST!) und in #13 (Screenshot hier aus dem Forum). Wieso bekomme ich die erst jetzt angezeigt??? Umgekehrt bekam ich zwischenzeitlich ja schon mal Graphiken (von Schaltflächen, glaube ich) in #2 angezeigt - die werden auch jetzt wieder nicht angezeigt. [Ich habe seit dem Neu-Aufspielen von Firefox auch mehrfach Probleme gehabt, wie Bilder (verdeckten zT den Text) oder Sonderzeichen (übereinander) angezeigt werden - allerdings nie einheitlich, mal treten sie auf, mal (nach Neuladen derselben Seite) nicht. Veränderungen der Textkodierung konnten die Sonderzeichen-Anzeige übrigens nicht verbessern. Ist das alles dasselbe Problem?] Ich habe jetzt erstmal meinen kompletten Firefox-Cache geleert. Und die Seiten neugeladen. Nun gibt's wieder überhaupt keine eingebundenen Graphiken! (Andere Graphiken sehe ich schon: die jpg-Graphik am Seitenkopf (mit dem Logo des Trojaner-Boards usw.), die Smilies, die Schaltflächen "Alles auswählen" bzw. "Aufklappen" vor Code-Feldern, auch die Schaltflächen über dem Textfeld, in das ich hier jetzt schreibe...) ... so in etwa. PPS: Erneutes Speichern zaubert die Graphiken übrigens nicht wieder hervor... Geändert von PoseidoPferd (10.02.2018 um 22:38 Uhr) |
Themen zu Windows7: Bing als Standardsuche in Firefox... & Computer immer wieder langsam, bei nonresponsive scripts in Firefox & Thunderbird |
adobe, adware, antivir, antivirus, avdevprot, bildschirm, bing; standardsuche; langsam; script; chrome, browser, computer, converter, cpu, defender, firefox, google analytics, langsam, mozilla, mp3, performance, programm, registry, scan, security, services.exe, software, svchost.exe, system, udp, windows |