Ja! Habe ich. Aber immer leider noch jede Menge Seiten, die sich ungewollt aufmachen.

Zitat:

Zitat von dr.tschuna

Aber immer leider noch jede Menge Seiten, die sich ungewollt aufmachen.

War ja nur ne Frage, habe ja nicht gesagt, dass wir fertig sind.

Kaspersky vorübergehend deaktivieren.

Schritt 1
Download von ZOEK (by Smeenk)

• Speichere die zoek.exe auf dem Desktop.
• Bitte deaktiviere während der Verwendung von Zoek Deinen Virenscanner, da dieser Zoek stören könnte.
• Starte die zoek.exe mit einem Doppelklick und warte bis die Programmoberfläche erscheint (ca. 30 Sekunden)
• Kopiere den Text der folgenden Box in das Skriptfenster von Zoek:
  
  Code: Alles auswählenAufklappen

  ATTFilter

  systemspecs;
  autoclean;
  FFdefaults;
  iedefaults;
  emptyclsid;
           

• Nun klicke auf "Run script" und sei geduldig bis das Skript durchgelaufen ist.
  
  Zitat:

  Zoek.exe is running now.
  Do not start any browser windows, they may get closed automatically.
  Please wait! This window will close when finished.
  A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log

• Wenn das Tool fertig ist, wird sich eine Logdatei öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter C:\
• Bitte poste mir das zoek-results.log.

Code: Alles auswählenAufklappen

ATTFilter

Zoek.exe v5.0.0.0 Updated 23-04-2015
Tool run by Ron on 30.04.2015 at 19:04:48,07.
Microsoft® Windows Vista™ Home Premium  6.0.6002 Service Pack 2 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Ron\Downloads\zoek.exe [Scan all users] [Script inserted] 

==== System Restore Info ======================

30.04.2015 19:06:34 Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\Carbonite deleted successfully
C:\PROGRA~2\Cinema Pro Plus 3.4cV28.04 deleted successfully
C:\PROGRA~2\Convar deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\Nikon deleted successfully
C:\PROGRA~2\System NotifierV28.04 deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\Program Files\ATI Technologies deleted successfully
C:\Program Files\Google deleted successfully
C:\Program Files\Logitech deleted successfully
C:\Users\Ron\AppData\Roaming\Common deleted successfully
C:\Users\Ron\AppData\Roaming\Malwarebytes deleted successfully
C:\Users\Ron\AppData\Local\Canon Easy-PhotoPrint EX deleted successfully
C:\Users\Ron\AppData\Local\Nikon deleted successfully
C:\Users\Ron\AppData\Local\Secunia PSI deleted successfully
C:\Users\Ron\AppData\Local\Verkleinert deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2673002154-866942330-3263328844-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EFA2CDF5-331C-4E0D-ADEE-706B5C3B0896} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EFA2CDF5-331C-4E0D-ADEE-706B5C3B0896} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EFA2CDF5-331C-4E0D-ADEE-706B5C3B0896} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\1ewveuey.default-1430258247018\prefs.js:
user_pref("browser.search.defaultenginename", "oursurfing");
user_pref("browser.search.selectedEngine", "oursurfing");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\1ewveuey.default-1430258247018\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\1ewveuey.default-1430258247018

---- Lines Sweet removed from prefs.js ----
user_pref("extensions.xpiState", "{\"app-profile\":{\"quick_searchff@gmail.com\":{\"d\":\"C:\\\\Users\\\\Ron\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firef
---- Lines Sweet modified from prefs.js ----

user_pref("extensions.enabledAddons", "sweetsearch%40gmail.com:1.0.0.1031,quick_searchff%40gmail.com:5.4.10,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 1);
---- FireFox user.js and prefs.js backups ---- 

user__1923_.backup
prefs__1923_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Carbonite not found
C:\PROGRA~2\Cinema Pro Plus 3.4cV28.04 not found
C:\PROGRA~2\Convar not found
C:\PROGRA~2\Nikon not found
C:\PROGRA~2\System NotifierV28.04 not found
C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\1ewveuey.default-1430258247018\extensions\sweetsearch@gmail.com not found
C:\found.000 deleted
C:\found.001 deleted
C:\found.002 deleted
C:\found.003 deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Ron\AppData\Local\Google\Chrome Frame\User Data\IEXPLORE\Default\ext_offermosquito deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted
C:\Windows\patsearch.bin deleted
C:\Windows\wininit.ini deleted
C:\windows\SysNative\drivers\Msft_Kernel_webTinstMKTN84_01009.Wdf deleted
C:\Users\Ron\Desktop\WordToPDF - CHIP Downloader.lnk deleted
"C:\Users\Ron\AppData\Roaming\Flanger" deleted
"C:\Users\Ron\AppData\Roaming\Flowers" deleted
"C:\Users\Ron\AppData\Roaming\Folder Actions" deleted
"C:\ProgramData\Electric Piano" deleted
"C:\ProgramData\Flange Saw" deleted
"C:\ProgramData\Flowers" deleted
"C:\PROGRA~2\Windows Collaboration" deleted

==== System Specs ======================

Windows: Windows Vista Home Premium Edition (64-bit) Service Pack 2 (Build 6002)
Memory (RAM): 6143 MB
CPU Info: Intel(R) Core(TM)2 Quad  CPU   Q8200  @ 2.33GHz
CPU Speed: 2346,6 MHz
Sound Card: Lautsprecher (Realtek High Defi | 
Realtek Digital Output (Realtek | 
Realtek HDMI Output (Realtek Hi | 
Display Adapters: ATI Radeon HD 5400 Series | ATI Radeon HD 5400 Series | RDPDD Chained DD | RDP Encoder Mirror Driver
Monitors: 1x; PnP-Monitor (Standard) | 
Screen Resolution: 1280 X 1024 - 32 bit
Network: Network Present
Network Adapters: Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
CD / DVD Drives: 1x (F: | ) F: TSSTcorpCDDVDW TS-H653Z
Ports: COM Ports NOT Present. LPT Port NOT Present. 
Mouse: 3 Button Wheel Mouse Present
Hard Disks: C:  582,3GB | D:  13,8GB | E:  596,2GB | H:  931,5GB
Hard Disks - Free: C:  265,3GB | D:  1,6GB | E:  589,9GB | H:  691,2GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 12/16/08 | HPQOEM - 20081216
Time Zone: Mitteleuropäische Zeit
Motherboard *: PEGATRON CORPORATION Benicia
Country: Deutschland 
Language: DEU 

==== System Specs (Software) ======================

Anti-Virus: Kaspersky Internet Security On-access scanning disabled (Outdated)
Anti-Spyware: Kaspersky Internet Security disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Firewall: Kaspersky Internet Security disabled
Internet Explorer Version: 9.0.8112.16421 
Mozilla Firefox version: 37.0.2 (x86 de)
Adobe Reader version: 10.1.13.16
Sun Java version: 1.8.0_40 (32-bit) 
Sun Java version: 1.8.0_40 (64-bit) 
Flash Player version: 17.0.0.169

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\1ewveuey.default-1430258247018
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"online_banking@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com" [16.12.2014 15:58]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{e4f94d1e-2f53-401e-8885-681602c0ddd8}"="C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi" [04.04.2014 12:36]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\1ewveuey.default-1430258247018
AB87EEFFD18F2BAAFC274E7075EA6C67	- C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll -	Windows Presentation Foundation / Windows Presentation Foundation
9AE02005247DA91AB1743F5208DBEF76	- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll -	Shockwave Flash


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx[14.08.2013 12:43]
hakdifolhalapjijoafobooafbilfakh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx[14.08.2013 12:43]
hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx[14.08.2013 12:43]
jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx[16.12.2014 15:55]
pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx[14.08.2013 12:43]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://www.google.com/ie"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="hxxp://www.google.com/search?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="hxxp://www.google.com/ie"
"Default_Search_URL"="hxxp://www.google.com/ie"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="hxxp://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{E733165D-CBCF-4FDA-883E-ADEF965B476C} Google  Url="web/?type=dspp&q={searchTerms}"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Ron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Ron\AppData\Local\temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Ron\AppData\Local\temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Ron\AppData\Local\temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Ron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\1ewveuey.default-1430258247018\cache2 emptied successfully

==== Empty Chrome Cache ======================

No Chrome Cache found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=32 folders=22 15005657 bytes)

==== Empty Temp Folders ======================

C:\Users\Administrator\AppData\Local\temp emptied successfully
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\Ron\AppData\Local\temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Ron\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Ron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

==== EOF on 30.04.2015 at 19:34:32,99 ======================