Einen Virenscanner, den ich deaktivieren könnte, habe ich meines Wissens seit Löschung von Avira nicht mehr. Sonst bitte Info, was noch da ist.

adwCleaner ergab keine Ergebnisse, siehe unten.

[Nachdem ich den Rechner mal wieder nur in den Ruhezustand versetzt hatte, hing hinterher wieder Thunderbird fest. Irgendwann kam die "gewohnte" Fehlermeldung, diesmal mit dem Skript: chrome://messenger/content/msgMail3PaneWindow.js:1866 ... Aber auch Firefox belegte enorme Ressourcen, die Memory-Werte fielen erst nach dessen Abbruch von nahezu Höchstlast auf etwas Brauchbares. ... Aber brauchst Du solche Infos überhaupt??]

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner 7.0.7.0 - Logfile created on Mon Feb 05 18:15:34 2018
# Updated on 2018/18/01 by Malwarebytes 
# Running on Windows 7 Professional (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

No malicious registry entries deleted.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Prefetch files deleted
::Proxy settings cleared
::IE policies deleted
::Chrome policies deleted
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [6726 B] - [2018/1/7 23:9:43]
C:/AdwCleaner/AdwCleaner[C1].txt - [1422 B] - [2018/1/7 23:26:50]
C:/AdwCleaner/AdwCleaner[S0].txt - [7767 B] - [2018/1/7 23:8:16]
C:/AdwCleaner/AdwCleaner[S1].txt - [1161 B] - [2018/1/7 23:25:1]
C:/AdwCleaner/AdwCleaner[S2].txt - [1217 B] - [2018/2/5 18:13:9]


########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt ##########
         

Ich brauche neue FRST-Logs . Haken setzen bei addition.txt dann auf Untersuchen klicken.

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.01.2018
Ran by ~.~ (administrator) on CUNEGONDE (06-02-2018 18:26:41)
Running from C:\Users\~.~\Desktop
Loaded Profiles: ~.~ (Available Profiles: ~.~ & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Lenovo.) C:\Windows\System32\LPlatSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program_Files_(x86)\AAVUpdateManager\aavus.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
(Intel(R) Corporation) C:\Program Files (x86)\WiFi\bin\EvtEng.exe
(pdfforge GmbH) C:\Program Files\PDF Architect 4\creator-ws.exe
(Geek Software GmbH) C:\Program_Files_(x86)\PDF24\pdf24.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program_Files_(x86)\TeamViewer\TeamViewer_Service.exe
(Intel® Corporation) C:\Program Files (x86)\WiFi\bin\ZeroConfigService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Lenovo.) C:\Windows\System32\LPlatSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Geek Software GmbH) C:\Program_Files_(x86)\PDF24\pdf24.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(pdfforge GmbH) C:\Program Files\PDF Architect 4\ws.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [PDFPrint] => C:\Program_Files_(x86)\PDF24\pdf24.exe [433288 2017-12-18] (Geek Software GmbH)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-21-765177893-555145608-490344441-1000\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-765177893-555145608-490344441-1000\...\MountPoints2: F - F:\PMCsetup.exe
HKU\S-1-5-21-765177893-555145608-490344441-1000\...\MountPoints2: {639bc51d-6b30-11e3-83cb-00269eac1f3a} - G:\PMCsetup.exe
HKU\S-1-5-21-765177893-555145608-490344441-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{43B9CFB8-8F73-46EA-9AD6-9C0B1223138D}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5050B7FC-F0E4-4BB6-B5F4-06FAE4F1E617}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{831887B8-28F5-4B9E-AF0A-13C6C8652B11}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-765177893-555145608-490344441-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
SearchScopes: HKU\S-1-5-21-765177893-555145608-490344441-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: PDF Architect 4 Helper -> {38279E1A-7019-40C1-B579-E99DFB3312E8} -> C:\Program Files (x86)\PDF Architect 4\creator-ie-helper.dll [2016-08-05] (pdfforge GmbH)
Toolbar: HKLM-x32 - PDF Architect 4 Toolbar - {23FD9C33-A9E1-48A1-8404-E5925CF1C8E1} - C:\Program Files (x86)\PDF Architect 4\creator-ie-plugin.dll [2016-08-05] (pdfforge GmbH)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: x2ie0fsf.default-1468139344231-1515350849047
FF ProfilePath: C:\Users\~.~\AppData\Roaming\Mozilla\Firefox\Profiles\x2ie0fsf.default-1468139344231-1515350849047 [2018-02-06]
FF Homepage: Mozilla\Firefox\Profiles\x2ie0fsf.default-1468139344231-1515350849047 -> about:blank
FF Session Restore: Mozilla\Firefox\Profiles\x2ie0fsf.default-1468139344231-1515350849047 -> is enabled.
FF Extension: (ADB Helper) - C:\Users\~.~\AppData\Roaming\Mozilla\Firefox\Profiles\x2ie0fsf.default-1468139344231-1515350849047\Extensions\adbhelper@mozilla.org [2018-01-09] [Legacy]
FF Extension: (Ghostery) - C:\Users\~.~\AppData\Roaming\Mozilla\Firefox\Profiles\x2ie0fsf.default-1468139344231-1515350849047\Extensions\firefox@ghostery.com.xpi [2018-02-03]
FF Extension: (Deaktivierungs-Add-on von Google Analytics) - C:\Users\~.~\AppData\Roaming\Mozilla\Firefox\Profiles\x2ie0fsf.default-1468139344231-1515350849047\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2018-01-07]
FF HKLM\...\Firefox\Extensions: [pdf_architect_4_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension
FF Extension: (PDF Architect 4 Creator) - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension [2018-01-31] [Legacy] [not signed]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-06-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program_Files_(x86)\Java\jre7\bin\plugin2\npjp2.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: PDF Architect 4 -> C:\Program Files (x86)\PDF Architect 4\np-previewer.dll [2016-08-05] (pdfforge GmbH)

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\~.~\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2013-10-30]

Opera: 
=======
StartMenuInternet: (HKLM) Opera - C:\Program_Files_(x86)\Opera\Opera.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program_Files_(x86)\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
S3 ElfoService; C:\Program Files (x86)\ElsterFormular Update Service\bin\elfoService.exe [1283336 2017-12-18] ()
R2 EvtEng; C:\Program Files (x86)\WiFi\bin\EvtEng.exe [631024 2014-01-08] (Intel(R) Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2960672 2016-07-20] (IObit)
R2 LPlatSvc; C:\Windows\system32\LPlatSvc.exe [774736 2017-09-05] (Lenovo.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files (x86)\WiFi\bin\PanDhcpDns.exe [284912 2014-01-08] ()
R3 PDF Architect 4; C:\Program Files\PDF Architect 4\ws.exe [2438880 2016-08-05] (pdfforge GmbH)
S3 PDF Architect 4 CrashHandler; C:\Program Files\PDF Architect 4\crash-handler-ws.exe [1038048 2016-08-05] (pdfforge GmbH)
R2 PDF Architect 4 Creator; C:\Program Files\PDF Architect 4\creator-ws.exe [851168 2016-08-05] (pdfforge GmbH)
S3 PDF Architect 4 Manager; C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe [959248 2015-10-05] (© pdfforge GmbH.)
R2 PDF24; C:\Program_Files_(x86)\PDF24\pdf24.exe [433288 2017-12-18] (Geek Software GmbH)
R2 TeamViewer; C:\Program_Files_(x86)\TeamViewer\TeamViewer_Service.exe [10945776 2017-12-15] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files (x86)\WiFi\bin\ZeroConfigService.exe [3674864 2014-01-08] (Intel® Corporation)
S3 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-01-07] (Malwarebytes)
S3 NETw5s64; C:\Windows\System32\DRIVERS\NETw5s64.sys [7680512 2010-03-18] (Intel Corporation) [File not signed]
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 MBAMWebProtection; system32\DRIVERS\mwac.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-06 18:26 - 2018-02-06 18:31 - 000010056 _____ C:\Users\~.~\Desktop\FRST.txt
2018-02-05 18:49 - 2018-02-05 18:53 - 008206624 _____ (Malwarebytes) C:\Users\~.~\Desktop\adwcleaner_7.0.7.0.exe
2018-02-03 16:16 - 2018-02-05 19:56 - 000001258 _____ C:\Users\~.~\Desktop\Anweisung.Cosinus.txt
2018-02-03 16:16 - 2018-02-03 16:16 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\6375E5BF.sys
2018-02-03 15:45 - 2018-02-03 18:36 - 000000000 ____D C:\Users\~.~\Desktop\mbar
2018-02-03 15:45 - 2018-02-03 18:36 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-02-03 15:45 - 2018-02-03 15:45 - 000192952 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2018-02-03 15:40 - 2018-02-03 15:40 - 014178840 _____ (Malwarebytes Corp.) C:\Users\~.~\Desktop\mbar-1.10.3.1001.exe
2018-02-03 15:14 - 2018-02-03 15:14 - 000029612 _____ C:\Users\~.~\.recently-used.xbel
2018-02-02 22:16 - 2018-02-02 22:16 - 000033574 _____ C:\Users\~.~\Desktop\Addition_18-02-02.txt
2018-02-02 22:16 - 2018-02-02 22:16 - 000020866 _____ C:\Users\~.~\Desktop\FRST_18-02-02.txt
2018-02-02 22:14 - 2018-02-02 22:14 - 000000000 ____D C:\Users\~.~\Desktop\FRST-OlderVersion
2018-02-01 22:09 - 2018-02-01 22:09 - 000000118 _____ C:\Users\~.~\Desktop\Breun.txt
2018-01-31 14:10 - 2018-01-31 14:10 - 000000999 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2018-01-31 13:52 - 2018-01-31 13:52 - 000000861 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
2018-01-31 13:52 - 2018-01-31 13:52 - 000000849 _____ C:\Users\Public\Desktop\TeamViewer 13.lnk
2018-01-31 13:52 - 2018-01-31 13:52 - 000000000 ____D C:\Users\Administrator.Cunegonde\AppData\Roaming\TeamViewer
2018-01-31 13:49 - 2018-01-31 13:49 - 000000947 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-01-31 13:49 - 2018-01-31 13:49 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-01-31 13:32 - 2018-01-31 13:32 - 000000000 ____D C:\Users\Administrator.Cunegonde\AppData\Roaming\PDF Architect 4
2018-01-31 13:29 - 2018-02-05 19:06 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-01-31 13:09 - 2018-01-31 13:12 - 000000000 ____D C:\Program Files (x86)\OpenOffice.org 3
2018-01-31 11:36 - 2018-01-31 11:36 - 000000000 ____D C:\Users\~.~\Documents\PDF Architect
2018-01-30 13:41 - 2018-01-30 13:41 - 000000000 ____D C:\Users\~.~\AppData\Local\CEWE FOTOSERVICE
2018-01-30 13:41 - 2018-01-30 13:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CEWE FOTOSERVICE
2018-01-30 13:33 - 2018-01-30 13:33 - 000000000 ____D C:\Users\~.~\AppData\Roaming\hps-install
2018-01-30 01:25 - 2018-01-30 01:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2018-01-27 22:40 - 2018-01-27 22:40 - 000001238 _____ C:\Users\~.~\Desktop\Malwarebytes_18-01-27_report.txt
2018-01-27 22:39 - 2018-01-27 22:39 - 000001238 _____ C:\Users\~.~\Desktop\Malwarebytes_18-01-27_summary.txt
2018-01-26 21:28 - 2018-02-02 22:16 - 000033571 _____ C:\Users\~.~\Desktop\Addition_18-02-02_doubleSS.txt
2018-01-26 21:23 - 2018-02-02 22:16 - 000020863 _____ C:\Users\~.~\Desktop\FRST_18-02-02_doubleSS.txt
2018-01-26 21:21 - 2018-02-03 15:07 - 000001013 _____ C:\Users\~.~\Desktop\brrr,mal-wieder - Shortcut.lnk
2018-01-26 21:15 - 2018-02-02 22:14 - 002393088 _____ (Farbar) C:\Users\~.~\Desktop\FRST64.exe
2018-01-12 07:23 - 2018-01-12 07:23 - 000001230 _____ C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LRC2003_Lernprogramm.lnk
2018-01-08 00:06 - 2018-01-08 00:06 - 000001749 _____ C:\Users\~.~\Desktop\Bing, pls help.txt
2018-01-08 00:03 - 2018-02-05 19:26 - 000000000 ____D C:\AdwCleaner
2018-01-07 23:21 - 2018-01-07 23:21 - 000001696 _____ C:\Users\Public\Desktop\PDF24.lnk
2018-01-07 23:21 - 2018-01-07 23:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2018-01-07 23:17 - 2016-09-23 12:16 - 000000109 _____ C:\Users\~.~\Desktop\Online PDF Tools.url
2018-01-07 22:05 - 2018-01-07 22:05 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-01-07 22:04 - 2018-01-07 22:04 - 000001878 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-01-07 22:04 - 2018-01-07 22:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-01-07 22:04 - 2018-01-07 22:04 - 000000000 ____D C:\ProgramData\MB2Migration
2018-01-07 22:04 - 2018-01-07 22:04 - 000000000 ____D C:\Program Files\Malwarebytes
2018-01-07 22:04 - 2017-11-29 09:11 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-06 18:26 - 2016-07-03 21:09 - 000000000 ____D C:\FRST
2018-02-06 18:24 - 2017-09-05 23:04 - 000000000 ____D C:\Users\~.~\AppData\LocalLow\Mozilla
2018-02-06 18:23 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\tracing
2018-02-06 18:22 - 2009-07-14 05:45 - 000013456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-06 18:22 - 2009-07-14 05:45 - 000013456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-02-06 17:50 - 2015-09-27 02:43 - 000000000 ___HD C:\Windows\system32\WLANProfiles
2018-02-06 17:36 - 2009-07-14 06:13 - 000006222 _____ C:\Windows\system32\PerfStringBackup.INI
2018-02-05 19:27 - 2016-12-20 23:39 - 000065536 _____ C:\Windows\system32\Ikeext.etl
2018-02-05 19:27 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-02-05 19:18 - 2011-10-06 07:15 - 000000000 ____D C:\Users\Administrator.Cunegonde
2018-02-05 19:08 - 2017-03-06 21:33 - 000000000 ____D C:\ProgramData\ProductData
2018-02-05 19:07 - 2009-07-14 05:45 - 000331008 _____ C:\Windows\system32\FNTCACHE.DAT
2018-02-03 16:17 - 2016-04-03 14:15 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-02-03 15:40 - 2010-09-23 11:55 - 000000000 ____D C:\Users\~.~\.gimp-2.6
2018-02-03 15:14 - 2010-08-15 06:32 - 000000000 ____D C:\Users\~.~
2018-02-03 15:02 - 2010-09-23 12:20 - 000000000 ____D C:\Users\~.~\AppData\Roaming\gtk-2.0
2018-02-02 22:31 - 2010-08-16 21:14 - 000075728 _____ C:\Users\~.~\AppData\Local\GDIPFONTCACHEV1.DAT
2018-02-02 22:08 - 2010-08-16 14:54 - 000000000 ____D C:\Program_Files_(x86)
2018-02-02 22:08 - 2009-07-14 08:46 - 000000000 ____D C:\Windows\ShellNew
2018-02-02 22:08 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-01-31 11:40 - 2011-04-16 20:22 - 000000000 ____D C:\Users\~.~\AppData\Roaming\vlc
2018-01-31 11:38 - 2016-01-25 13:22 - 000000000 ____D C:\Program Files\PDF Architect 4
2018-01-31 11:37 - 2016-01-25 13:22 - 000000000 ____D C:\Program Files (x86)\PDF Architect 4
2018-01-31 08:58 - 2015-11-12 20:35 - 000000000 ____D C:\eBücher
2018-01-30 14:51 - 2014-01-19 21:51 - 000000000 ____D C:\ProgramData\tmp
2018-01-30 14:51 - 2014-01-19 21:51 - 000000000 ____D C:\ProgramData\hps
2018-01-30 10:19 - 2010-08-17 00:05 - 000000000 ____D C:\abracadabra
2018-01-30 01:54 - 2014-08-12 17:29 - 000000000 ____D C:\ProgramData\Package Cache
2018-01-18 00:32 - 2017-10-21 22:24 - 129365736 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-01-18 00:32 - 2013-07-25 19:33 - 000000000 ____D C:\Windows\system32\MRT
2018-01-18 00:32 - 2010-08-18 19:56 - 129365736 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-01-11 07:56 - 2010-08-17 00:16 - 000000000 ____D C:\Bilder
2018-01-11 07:37 - 2015-11-19 14:13 - 000000000 ____D C:\Users\~.~\AppData\Local\Opera Software
2018-01-11 07:37 - 2015-11-19 14:12 - 000000000 ____D C:\Users\~.~\AppData\Roaming\Opera Software
2018-01-08 07:06 - 2015-10-14 12:51 - 000001048 _____ C:\Users\~.~\Desktop\Desktop-Dateien.lnk
2018-01-08 00:09 - 2017-01-04 19:36 - 000000000 ____D C:\Users\~.~\AppData\Local\Downloaded Installations
2018-01-08 00:09 - 2016-01-25 13:17 - 000000000 ____D C:\Users\~.~\AppData\Roaming\Lavasoft
2018-01-08 00:08 - 2017-05-12 12:33 - 000000000 ____D C:\Users\Administrator.Cunegonde\AppData\Roaming\IObit
2018-01-08 00:08 - 2017-03-06 21:26 - 000000000 ____D C:\ProgramData\IObit
2018-01-08 00:08 - 2017-03-06 21:25 - 000000000 ____D C:\Users\~.~\AppData\Roaming\IObit
2018-01-08 00:08 - 2016-01-25 13:17 - 000000000 ____D C:\ProgramData\Lavasoft
2018-01-07 22:26 - 2017-11-19 03:31 - 000000000 ____D C:\00_USB-Stift_19.11.17
2018-01-07 21:36 - 2010-09-24 16:54 - 000000000 ____D C:\ProgramData\Skype
2018-01-07 21:32 - 2010-09-24 16:54 - 000000000 ____D C:\Users\~.~\AppData\Roaming\Skype
2018-01-07 21:27 - 2012-12-28 18:13 - 000000000 ____D C:\Windows\system32\Macromed
2018-01-07 21:27 - 2010-08-16 16:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed

==================== Files in the root of some directories =======

2017-12-25 01:54 - 2017-12-25 01:56 - 000009849 _____ () C:\Users\~.~\AppData\Roaming\.ptbt0
2013-02-24 18:33 - 2013-02-24 21:13 - 000000568 _____ () C:\Users\~.~\AppData\Roaming\AutoGK.ini
2012-10-03 12:51 - 2013-10-21 23:44 - 000000028 _____ () C:\Users\~.~\AppData\Roaming\PhonerLitesettings.ini
2011-01-06 19:22 - 2011-01-06 19:22 - 000003584 _____ () C:\Users\~.~\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-08-07 00:57 - 2016-04-04 20:45 - 000007605 _____ () C:\Users\~.~\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2011-09-09 18:45 - 2012-12-24 16:02 - 000248008 _____ (Ask.com) C:\Users\Administrator.Cunegonde\AppData\Local\Temp\AskSLib.dll
2017-03-17 16:14 - 2017-03-17 16:14 - 014456872 _____ (Microsoft Corporation) C:\Users\~.~\AppData\Local\Temp\vc_redist.x86.exe
2017-10-21 21:36 - 2017-11-04 22:18 - 000910504 _____ () C:\Users\~.~\AppData\Local\Temp\WCN001.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-01-30 09:38

==================== End of FRST.txt ============================
         

--- --- ---


[CODE]Additional
FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

scan result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018
Ran by ~.~ (06-02-2018 18:32:16)
Running from C:\Users\~.~\Desktop
Windows 7 Professional Service Pack 1 (X64) (2010-08-15 05:32:53)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-765177893-555145608-490344441-500 - Administrator - Enabled) => C:\Users\Administrator.Cunegonde
Guest (S-1-5-21-765177893-555145608-490344441-501 - Limited - Disabled)
~.~ (S-1-5-21-765177893-555145608-490344441-1000 - Administrator - Enabled) => C:\Users\~.~

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Auto Gordian Knot 2.55 (HKLM-x32\...\AutoGK) (Version: 2.55 - len0x)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
calibre 64bit (HKLM\...\{022ED169-3871-4D3E-963E-322226C5F455}) (Version: 2.13.0 - Kovid Goyal)
CEWE FOTOSERVICE (HKLM-x32\...\CEWE FOTOSERVICE) (Version: 6.3.1 - CEWE Stiftung u Co. KGaA)
ClipGrab 3.6.1 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version:  - Philipp Schmieder Medien)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Dropbox (HKU\S-1-5-21-765177893-555145608-490344441-1000\...\Dropbox) (Version: 2.0.26 - Dropbox, Inc.)
ElsterFormular (HKLM-x32\...\{C75F51E9-3DDE-42EC-9D00-97E7C4F9CEF8}) (Version: 18.3.0 - Thüringer Landesfinanzdirektion)
f.lux (HKU\S-1-5-21-765177893-555145608-490344441-1000\...\Flux) (Version:  - )
Finale NotePad 2008 (HKLM-x32\...\Finale NotePad 2008) (Version: 13.0.0.0 - MakeMusic)
Free M4a to MP3 Converter 8.1 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Free YouTube to MP3 Converter version 3.12.46.923 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.46.923 - DVDVideoSoft Ltd.)
FreeOCR v5.4 (HKLM-x32\...\freeocr_is1) (Version:  - )
FreeRIP v3.45 (HKLM-x32\...\{501451DE-5808-4599-B544-8BD0915B6B24}_is1) (Version: 3.45 - MGShareware)
GIMP 2.6.10 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.10 - The GIMP Team)
Hugin 2012.0.0 (HKLM-x32\...\Hugin) (Version: 2012.0.0 hg_a6e4184ad538 - The Hugin Development Team)
InfraRecorder (HKLM-x32\...\InfraRecorder) (Version:  - )
Intel® PROSet/Wireless Software (HKLM-x32\...\{eddf4201-b72e-4e94-9e7b-ac1ba97c029f}) (Version: 16.11.0 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.30 - Irfan Skiljan)
JavaScript Tools (HKLM-x32\...\HSJS) (Version:  - )
Konz 2013 (HKLM-x32\...\{76651FD7-2B71-4B61-9F3A-E82F52F08D92}) (Version: 1.00.0000 - USM) Hidden
Konz 2013 (HKLM-x32\...\InstallShield_{76651FD7-2B71-4B61-9F3A-E82F52F08D92}) (Version: 1.00.0000 - USM)
LAME v3.98.3 for Audacity (HKLM-x32\...\LAME for Audacity_is1) (Version:  - )
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.12.23 - Lenovo) Hidden
LRC 2003, Version 0.4 (HKLM-x32\...\LRC 2003_is1) (Version: 0.4 - Jakob Lemler)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Manager (HKLM-x32\...\{A11F05A4-7CAD-4F85-8C85-DCA18E3E208D}) (Version: 4.0.1.25166 - 2015 pdfforge GmbH. All rights reserved) Hidden
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Motorola Driver Installation 3.9.0 (HKLM\...\{3E2DA560-EE3E-45C2-9CC7-B1B0A06C6BE6}) (Version: 3.9.0 - Motorola Inc.)
Mozilla Firefox 58.0.1 (x64 de) (HKLM\...\Mozilla Firefox 58.0.1 (x64 de)) (Version: 58.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 58.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.6.0 - Mozilla)
Mozilla Thunderbird 52.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 52.6.0 (x86 de)) (Version: 52.6.0 - Mozilla)
Oxelon Media Converter 1.1 (HKLM-x32\...\Oxelon Media Converter_is1) (Version:  - Oxelon)
PDF Architect 4 (HKLM-x32\...\PDF Architect 4) (Version: 4.0.34.26215 - pdfforge GmbH)
PDF Architect 4 Create Module (HKLM\...\{72B9DF2C-76FA-40B5-A469-16EAB159CE72}) (Version: 4.1.5.29097 - pdfforge GmbH) Hidden
PDF Architect 4 Edit Module (HKLM\...\{BDF7326B-7ED4-4034-B867-F4E88D4E628B}) (Version: 4.1.5.29097 - pdfforge GmbH) Hidden
PDF Architect 4 View Module (HKLM\...\{03E04B47-9270-4613-8D7E-DA4AD2B259A0}) (Version: 4.1.5.29097 - pdfforge GmbH) Hidden
PDF24 Creator 8.4.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Revo Uninstaller 2.0.4 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.4 - VS Revo Group, Ltd.)
Steuer 2012 (HKLM-x32\...\{01159E8A-44F7-4885-A7F9-872CE4D74063}) (Version: 20.00.8137 - Buhl Data Service GmbH)
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.06 - Wolters Kluwer Deutschland GmbH)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.0.6447 - TeamViewer)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VobSub v2.23 (Remove Only) (HKLM-x32\...\VobSub) (Version:  - )
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinDjView 1.0.3 (HKLM-x32\...\WinDjView) (Version: 1.0.3 - Andrew Zhezherun)
XviD MPEG4 Video Codec (remove only) (HKLM-x32\...\XviD MPEG4 Video Codec) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-765177893-555145608-490344441-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\~.~\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-765177893-555145608-490344441-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\~.~\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-765177893-555145608-490344441-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\~.~\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-765177893-555145608-490344441-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\~.~\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-765177893-555145608-490344441-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\~.~\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ContextMenuHandlers1-x32: [OpenWithCtxMenuExt] -> {AC94BA2C-8211-45D4-AB5C-C2A9BCCC8FB6} => C:\Program_Files_(x86)\OxelonMedia_File-Converter\menuext.dll [2009-03-11] ()
ContextMenuHandlers1-x32: [PDFArchitect4_ManagerExt] -> {3AECFCB3-8472-48E9-BC7B-5A3CD945C886} => C:\Program Files\PDF Architect 4\creator-context-menu.dll [2016-08-05] (pdfforge GmbH)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-02-11] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers1_S-1-5-21-765177893-555145608-490344441-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\~.~\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-06-05] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-765177893-555145608-490344441-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\~.~\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-06-05] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-765177893-555145608-490344441-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\~.~\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-06-05] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {26A5A08A-7C32-4F2E-AD95-7C28491EC43C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {26CE1389-5D43-4568-98A2-AD6415912602} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
Task: {57F3203C-992C-4D7C-8B5E-57690269996C} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {60CBC99E-9B8B-4C73-8D62-5DCE59522290} - System32\Tasks\Java(TM) Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {6AAF6128-83BA-4BE3-B832-D04C58063F9B} - System32\Tasks\{8E0384D6-D1F2-407F-AAD8-65C63C261FC0} => "c:\program_files_(x86)\mozilla_firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.8.0.156/en/abandoninstall?page=tsProgressBar
Task: {6AD3FA40-972D-46D1-97F4-73F93B9228F2} - System32\Tasks\{8DC8F86E-7B5D-48BC-9CA6-3C225074A363} => "c:\program_files_(x86)\mozilla_firefox\firefox.exe" hxxp://ui.skype.com/ui/0/4.2.0.187.259/en/abandoninstall?source=lightinstaller&page=tsChrome&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:offered-installed;madedefault
Task: {80E627F7-4174-481E-B32E-2FAFF5D3709A} - System32\Tasks\{A7629334-9837-41B2-9256-9AA357C731C5} => C:\Windows\system32\pcalua.exe -a C:\Users\~.~\Desktop\Flash_Disinfector.exe -d C:\Users\~.~\Desktop
Task: {8223F5D9-D0C6-4B65-A95E-5BD77567AB68} - System32\Tasks\{905CA972-BE80-49B1-AB0D-EB111501DFF9} => "c:\program_files_(x86)\mozilla_firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.8.0.156/en/abandoninstall?page=tsProgressBar
Task: {A0CFECD4-DBE7-44F0-A1A8-715C167F78F8} - System32\Tasks\{18789D0E-3618-4737-B263-8CE0EC630E7D} => C:\Windows\system32\pcalua.exe -a "C:\Users\~.~\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0QVNPABN\Swf2Avi_Setup[1].exe" -d C:\Users\~.~\Desktop
Task: {A56B82D2-35C8-43F2-8EFD-21A7B5A616E4} - System32\Tasks\{523506CD-98C8-4C61-B478-64DD49AE03C0} => "c:\program_files_(x86)\mozilla_firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.8.0.156/en/abandoninstall?page=tsProgressBar
Task: {BEC7200B-93D8-4530-BDFE-D2436114707A} - System32\Tasks\{3EEADEBC-0E71-4265-906E-9C87C7213985} => "c:\program_files_(x86)\mozilla_firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.8.0.156/en/abandoninstall?page=tsProgressBar
Task: {D6F79C35-7D3D-42CE-976E-7E8BE0C5B833} - System32\Tasks\{E387F2EE-50F0-4801-89D6-C6591AE5B325} => C:\Windows\system32\pcalua.exe -a "C:\Users\~.~\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0QVNPABN\oxelonplugins[1].exe" -d C:\Users\~.~\Desktop
Task: {DC9F395E-A399-4AE6-87E6-A668443FC0D3} - System32\Tasks\{D3C540CA-7EAC-4D61-ADD2-2453D051F568} => C:\Windows\system32\pcalua.exe -a C:\Users\~.~\Desktop\Swf2Avi_Setup.exe -d C:\Users\~.~\Desktop
Task: {FE43990C-1489-44A6-9F88-BA66D29825BF} - System32\Tasks\{D1566649-4421-4B84-A531-8A311AD3B1EC} => "c:\program_files_(x86)\mozilla_firefox\firefox.exe" hxxp://ui.skype.com/ui/0/4.2.0.187/en/abandoninstall?source=lightinstaller&page=tsDownload&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;alreadyoffered

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enblend Droplet 360.lnk -> C:\Program_Files_(x86)\Hugin\bin\enblend_droplet_360.bat ()
Shortcut: C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enblend Droplet.lnk -> C:\Program_Files_(x86)\Hugin\bin\enblend_droplet.bat ()
Shortcut: C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enfuse Align Droplet.lnk -> C:\Program_Files_(x86)\Hugin\bin\enfuse_align_droplet.bat ()
Shortcut: C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enfuse Auto Droplet.lnk -> C:\Program_Files_(x86)\Hugin\bin\enfuse_auto_droplet.bat ()
Shortcut: C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enfuse Droplet 360.lnk -> C:\Program_Files_(x86)\Hugin\bin\enfuse_droplet_360.bat ()
Shortcut: C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enfuse Droplet.lnk -> C:\Program_Files_(x86)\Hugin\bin\enfuse_droplet.bat ()
Shortcut: C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co

==================== Loaded Modules (Whitelisted) ==============

2008-10-24 15:35 - 2008-10-24 15:35 - 000128296 _____ () C:\Program_Files_(x86)\AAVUpdateManager\aavus.exe
2018-01-07 22:04 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-765177893-555145608-490344441-1000\...\localhost -> localhost

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2010-09-24 15:29 - 000620296 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1  localhost
127.0.0.1  fr.a2dfp.net
127.0.0.1  m.fr.a2dfp.net
127.0.0.1  ad.a8.net
127.0.0.1  asy.a8ww.net
127.0.0.1  abcstats.com
127.0.0.1  a.abv.bg
127.0.0.1  adserver.abv.bg
127.0.0.1  adv.abv.bg
127.0.0.1  bimg.abv.bg
127.0.0.1  ca.abv.bg
127.0.0.1  www2.a-counter.kiev.ua
127.0.0.1  track.acclaimnetwork.com
127.0.0.1  accuserveadsystem.com
127.0.0.1  www.accuserveadsystem.com
127.0.0.1  achmedia.com
127.0.0.1  aconti.net
127.0.0.1  secure.aconti.net
127.0.0.1  www.aconti.net #[Dialer.Aconti]
127.0.0.1  ads.active.com
127.0.0.1  am1.activemeter.com
127.0.0.1  www.activemeter.com #[Tracking.Cookie]
127.0.0.1  ads.activepower.net
127.0.0.1  stat.active24stats.nl #[Tracking.Cookie]
127.0.0.1  ad2games.com
127.0.0.1  cms.ad2click.nl
127.0.0.1  ads.ad2games.com
127.0.0.1  content.ad20.net
127.0.0.1  core.ad20.net
127.0.0.1  as.ad611.com

There are 14742 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-765177893-555145608-490344441-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: WMPNetworkSvc => 3
MSCONFIG\startupfolder: C:^Users^~.~^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Skype^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: f.lux => "C:\Users\~.~\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{87C6CA73-8565-4CC8-A631-52DF2587208B}C:\program_files_(x86)\phonerlite\phonerlite.exe] => (Block) C:\program_files_(x86)\phonerlite\phonerlite.exe
FirewallRules: [UDP Query User{C3DD9A55-B77C-44B9-9493-03CA95431174}C:\program_files_(x86)\phonerlite\phonerlite.exe] => (Block) C:\program_files_(x86)\phonerlite\phonerlite.exe
FirewallRules: [{3AE68BFF-6C63-41C3-8C4C-74FAF25FE1A2}] => (Allow) C:\Program_Files_(x86)\Opera\opera.exe
FirewallRules: [{FBD8C0CC-F333-4157-820D-6901A9C2430C}] => (Allow) C:\Program_Files_(x86)\Opera\opera.exe
FirewallRules: [TCP Query User{90F4AF0A-BEBB-4442-A482-B036E46CEFEE}C:\program_files_(x86)\vlc\vlc.exe] => (Allow) C:\program_files_(x86)\vlc\vlc.exe
FirewallRules: [UDP Query User{9B99392F-C4D5-42A3-AEE0-9A8BBE715C85}C:\program_files_(x86)\vlc\vlc.exe] => (Allow) C:\program_files_(x86)\vlc\vlc.exe
FirewallRules: [{C7DECCB3-F652-4250-B6ED-D638AE67E15D}] => (Allow) C:\Program_Files_(x86)\Winamp\winamp.exe
FirewallRules: [{A2867E64-8572-4B4A-BF4A-6063E72D6673}] => (Allow) C:\Program_Files_(x86)\Winamp\winamp.exe
FirewallRules: [{58EA7E47-8BCD-44A3-A77A-E95F9BB356F5}] => (Allow) C:\Program_Files_(x86)\Winamp\winamp.exe
FirewallRules: [{91A9A53E-C2E8-4D75-826C-59FC1CD8331F}] => (Allow) C:\Program_Files_(x86)\Winamp\winamp.exe
FirewallRules: [{B9E3ED79-D949-4F1B-B962-D40904521A1B}] => (Allow) C:\Program Files (x86)\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{1A6CA4B9-F34B-4C72-9B83-543A4ECD7BE8}] => (Allow) C:\Program Files(x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{6FA1DC9A-43A6-4D07-A432-EB6F13ACF4F3}] => (Allow) C:\Program Files(x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{0AFA25DC-EC09-4659-A923-6592797C04C9}] => (Allow) C:\Program Files(x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F508EFF9-743F-49D1-BCC9-02137D90EFFB}] => (Allow) C:\Program Files(x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{DB187DA7-A638-44FC-BF20-68F9045F2F7C}] => (Allow) C:\Program_Files_(x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{8169384E-87BD-4453-8D98-6F73E738A87B}] => (Allow) C:\Program_Files_(x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{11CB155E-AD17-454A-9CC8-0ECCDE4CFA32}] => (Allow) C:\Program_Files_(x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{AFA0DDAE-C4C8-45E7-A5CD-EB3B97441A00}] => (Allow) C:\Program_Files_(x86)\TeamViewer\TeamViewer_Service.exe

==================== Restore Points =========================

05-02-2018 18:57:15 Windows Update

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid: {4d36e970-e325-11ce-bfc1-08002be10318}
Manufacturer: JMicron Technology Corp.
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/06/2018 05:36:09 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (02/06/2018 05:36:09 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (02/05/2018 07:32:06 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (02/05/2018 07:32:06 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (02/05/2018 07:19:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (02/05/2018 07:19:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (02/05/2018 07:10:42 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (02/05/2018 07:10:42 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (02/02/2018 10:33:09 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (02/02/2018 10:33:09 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.


System errors:
=============
Error: (02/05/2018 07:27:06 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (02/05/2018 07:27:06 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (02/05/2018 07:27:06 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (02/05/2018 07:27:02 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (02/05/2018 07:26:57 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (02/05/2018 07:26:57 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (02/05/2018 07:26:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) PROSet/Wireless Registry Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/05/2018 07:26:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The PDF24 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (02/05/2018 07:26:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (02/05/2018 07:26:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PDF Architect 4 Creator service terminated unexpectedly.  It has done this 1 time(s).


CodeIntegrity:
===================================
  Date: 2018-01-09 23:30:37.192
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\drivers\appid.sys because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-09 23:30:37.022
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\drivers\appid.sys because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-09 23:30:36.852
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\drivers\appid.sys because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-09 23:30:36.682
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\drivers\appid.sys because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-09 23:11:58.489
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\WinBioPlugIns\winbiostorageadapter.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-09 23:11:58.364
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\WinBioPlugIns\winbiostorageadapter.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-09 23:11:58.229
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\WinBioPlugIns\winbiostorageadapter.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-09 23:11:58.091
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\WinBioPlugIns\winbiostorageadapter.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-09 23:11:57.922
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\WinBioPlugIns\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-09 23:11:57.683
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\WinBioPlugIns\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T6570 @ 2.10GHz
Percentage of memory in use: 20%
Total physical RAM: 3932.86 MB
Available physical RAM: 3140.36 MB
Total Virtual: 7863.92 MB
Available Virtual: 6715.29 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:454.82 GB) (Free:45.98 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:2.97 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 3068127E)
Partition 1: (Active) - (Size=1.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=454.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
         

--- --- ---

Kontrollscans mit (1) MBAM, (2) ESET und (3) SecurityCheck bitte:


1. Schritt: Malwarebytes Version 3

Downloade Dir bitte Malwarebytes Anti-Malware 3

• Installiere das Programm in den vorgegebenen Pfad.
• Starte Malwarebytes' Anti-Malware (MBAM).
• Klicke im Anschluss auf Scan, wähle den Bedrohungs-Scan aus und klicke auf Scan starten.
• Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Ausgewählte Elemente in die Quarantäne verschieben.
• Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
• Starte MBAM nach dem Neustart, klicke auf Berichte.
• Wähle den neuesten Scan-Bericht aus, klicke auf Bericht anzeigen und dann auf Export.
• Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab.
• Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

2. Schritt: ESET

Downloade Dir bitte ESET Online Scanner (Bebilderte Anleitung)

• Starte die Installationsdatei.
• Akzeptiere die Nutzungsbedingungen.
• Wähle Erkennung evtl. unerwünschter Anwendungen aktivieren aus und klicke auf Scannen.
• Zuerst werden die notwendigen Signaturen heruntergeladen, anschließend startet ESET automatisch den Suchlauf.
• Am Ende des Suchlaufs werden gegebenenfalls die gefundenen Elemente aufgelistet.
• Schließe den ESET Online Scanner rechts oben [ X ] und klicke anschließend auf Schließen.
• Drücke bitte die Tastenkombination WIN+R zum Ausführen und kopiere folgenden Text in die Zeile und drücke im Anschluss auf OK:
  
  Code: Alles auswählenAufklappen

  ATTFilter

  notepad "%tmp%\log.txt"
           

• Kopiere den gesamten Text mittels STRG+A und STRG+C hier in deine Antwort in CODE-Tags

3. Schritt: SecurityCheck

Downloade Dir bitte SecurityCheck und:

• Speichere es auf dem Desktop.
• Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
• Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Das DOS-Fenster ist noch offen - einfach über "X" oben rechts schließen?

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/7/18
Scan Time: 7:25 AM
Log File: b9ef38e1-0bcf-11e8-9045-00269eac1f3a.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3881
License: Free

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Cunegonde\~.~

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 332568
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 27 min, 26 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)
         

Code: Alles auswählenAufklappen

ATTFilter

C:\AdwCleaner\Quarantine\exuieaoEiI\Application\Lavasoft.SearchProtect.WinService.exe	Variante von MSIL/WebCompanion.D eventuell unerwünschte Anwendung	
C:\AdwCleaner\Quarantine\exuieaoEiI\Application\Lavasoft.Utils.dll	Variante von MSIL/WebCompanion.D eventuell unerwünschte Anwendung	
C:\AdwCleaner\Quarantine\exuieaoEiI\Application\Lavasoft.WCAssistant.WinService.exe	Variante von MSIL/WebCompanion.D eventuell unerwünschte Anwendung	
C:\AdwCleaner\Quarantine\exuieaoEiI\Application\WebCompanion.exe	Variante von MSIL/WebCompanion.D eventuell unerwünschte Anwendung	
C:\AdwCleaner\Quarantine\exuieaoEiI\Application\WebCompanionInstaller.exe	Variante von MSIL/WebCompanion.C eventuell unerwünschte Anwendung	
C:\Program_Files_(x86)\Downloads\FreeYouTubeToMp3Converter3820.exe	Variante von Win32/Toolbar.Conduit.AU eventuell unerwünschte Anwendung	
C:\Program_Files_(x86)\TeamViewer\TeamViewer_Setup_de_CB-DL-Manager.exe	Variante von Win32/DownloadGuide.D eventuell unerwünschte Anwendung	
C:\Users\~.~\AppData\Local\Temp\WCN001.exe	Variante von MSIL/WebCompanion.A eventuell unerwünschte Anwendung,Variante von Win32/WebCompanion.B eventuell unerwünschte Anwendung	
C:\Users\~.~\AppData\Local\Temp\7zS87A831C1\DevLib.dll	Variante von MSIL/WebCompanion.A eventuell unerwünschte Anwendung	
C:\Users\~.~\AppData\Local\Temp\7zS87A831C1\GenericSetup.exe	Variante von MSIL/WebCompanion.A eventuell unerwünschte Anwendung	
C:\Users\~.~\AppData\Local\Temp\7zS87A831C1\installer.exe	Variante von Win32/WebCompanion.B eventuell unerwünschte Anwendung	
C:\Users\~.~\AppData\Local\Temp\7zS87A831C1\WizardPages.dll	Variante von MSIL/WebCompanion.A eventuell unerwünschte Anwendung	
C:\Users\~.~\AppData\Local\Temp\DMR\dmr_72.exe	Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung	
C:\Users\~.~\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\2673212d-6b0437fc	Mehrere Bedrohungen,Variante von Java/Exploit.Agent.OMZ Trojaner,Java/Exploit.CVE-2012-1723.HM Trojaner,Java/Exploit.CVE-2012-1723.GW Trojaner	
C:\Windows\Temp\WebCompanion.zip	Variante von MSIL/WebCompanion.D eventuell unerwünschte Anwendung,Variante von MSIL/WebCompanion.C eventuell unerwünschte Anwendung	
C:\Windows\Temp\wctmp_1178855646\WcInstaller.exe	Variante von MSIL/WebCompanion.C eventuell unerwünschte Anwendung	
C:\Windows\Temp\wctmp_27822647\WcInstaller.exe	Variante von MSIL/WebCompanion.C eventuell unerwünschte Anwendung	
C:\Windows\Temp\wctmp_304566458\WcInstaller.exe	Variante von MSIL/WebCompanion.C eventuell unerwünschte Anwendung	
C:\Windows\Temp\wctmp_887237532\WcInstaller.exe	Variante von MSIL/WebCompanion.C eventuell unerwünschte Anwendung	
C:\Windows\Temp\wctmp_962985567\WcInstaller.exe	Variante von MSIL/WebCompanion.C eventuell unerwünschte Anwendung	
C:\Windows.old\Documents and Settings\~.~\Desktop\burnsetup.exe	Variante von Win32/Toolbar.Conduit.K eventuell unerwünschte Anwendung	
C:\Windows.old\Program Files\NCH Swift Sound\ExpressBurn\burnsetup_v4.37.exe	Variante von Win32/Toolbar.Conduit.K eventuell unerwünschte Anwendung	
C:\Windows.old\Program Files\NCH Swift Sound\ExpressBurn\expressburn.exe	Variante von Win32/Toolbar.Conduit.K eventuell unerwünschte Anwendung	
C:\Windows.old\Program Files\NCH Swift Sound\ExpressBurn\uninst.exe	Variante von Win32/Toolbar.Conduit.K eventuell unerwünschte Anwendung	
C:\Windows.old\Users\~.~\Desktop\burnsetup.exe	Variante von Win32/Toolbar.Conduit.K eventuell unerwünschte Anwendung
         

Code: Alles auswählenAufklappen

ATTFilter

17:36:17 # product=EOS
# version=8
# flags=0
# esetonlinescanner_deu.exe=2.0.19.0
# EOSSerial=
# end=init
# utc_time=2018-02-07 16:36:17
# local_time=2018-02-07 17:36:17 (+0100, W. Europe Standard Time)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
17:36:23 # product=EOS
# version=8
# flags=0
# esetonlinescanner_deu.exe=2.0.19.0
# EOSSerial=9ae7ee322bbe0f47b80c583d443d3fc7
# end=init
# utc_time=2018-02-07 16:36:23
# local_time=2018-02-07 17:36:23 (+0100, W. Europe Standard Time)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
17:36:51 Updating
17:36:51 Update Init
17:36:56 Update Download
17:36:56 esets_scanner_update returned -1 esets_gle=12
17:36:56 Update Finalize
17:36:56 Call m_esets_charon_send
17:36:56 Call m_esets_charon_destroy
17:36:56 Retrying Update
17:36:56 Updating
17:36:56 Update Init
17:37:04 Update Download
17:37:04 esets_scanner_update returned -1 esets_gle=12
17:37:04 Update Finalize
17:37:04 Call m_esets_charon_send
17:37:04 Call m_esets_charon_destroy
17:37:04 Retrying Update
17:37:04 Updating
17:37:04 Update Init
17:37:12 Update Download
17:37:13 esets_scanner_update returned -1 esets_gle=12
17:37:13 Update Finalize
17:37:13 Call m_esets_charon_send
17:37:13 Call m_esets_charon_destroy
18:45:55 RecursiveRemoveDirectoryAndAllFiles: C:\Users\~.~\AppData\Local\ESET\ESETOnlineScanner\Quarantine\
18:51:44 # product=EOS
# version=8
# flags=0
# esetonlinescanner_deu.exe=2.0.19.0
# EOSSerial=9ae7ee322bbe0f47b80c583d443d3fc7
# end=init
# utc_time=2018-02-07 17:51:44
# local_time=2018-02-07 18:51:44 (+0100, W. Europe Standard Time)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
18:51:49 # product=EOS
# version=8
# flags=0
# esetonlinescanner_deu.exe=2.0.19.0
# EOSSerial=9ae7ee322bbe0f47b80c583d443d3fc7
# end=init
# utc_time=2018-02-07 17:51:49
# local_time=2018-02-07 18:51:49 (+0100, W. Europe Standard Time)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
18:51:52 Updating
18:51:52 Update Init
18:52:01 Update Download
18:57:41 esets_scanner_reload returned 0
18:57:41 g_uiModuleBuild: 36325
18:57:42 Update Finalize
18:57:42 Call m_esets_charon_send
18:57:42 Call m_esets_charon_destroy
18:57:42 Updated modules version: 36325
18:57:59 Call m_esets_charon_setup_create
18:57:59 Call m_esets_charon_create
18:57:59 m_esets_charon_create OK
18:57:59 Call m_esets_charon_start_send_thread
18:57:59 Call m_esets_charon_setup_set
18:57:59 m_esets_charon_setup_set OK
18:57:59 Scanner engine: 36325
22:10:36 # product=EOS
# version=8
# flags=0
# esetonlinescanner_deu.exe=2.0.19.0
# EOSSerial=9ae7ee322bbe0f47b80c583d443d3fc7
# engine=36325
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# sfx_checked=true
# utc_time=2018-02-07 21:10:35
# local_time=2018-02-07 22:10:35 (+0100, W. Europe Standard Time)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 59759 269667685 0 0
# scanned=0
# found=0
# cleaned=0
# scan_time=11572
22:10:39 Call m_esets_charon_send
22:10:39 Call m_esets_charon_destroy
22:10:41 RecursiveRemoveDirectoryAndAllFiles: C:\Users\~.~\AppData\Local\ESET\ESETOnlineScanner\Quarantine\
22:10:48 # product=EOS
# version=8
# flags=0
# esetonlinescanner_deu.exe=2.0.19.0
# EOSSerial=9ae7ee322bbe0f47b80c583d443d3fc7
# end=init
# utc_time=2018-02-07 21:10:48
# local_time=2018-02-07 22:10:48 (+0100, W. Europe Standard Time)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
22:10:54 # product=EOS
# version=8
# flags=0
# esetonlinescanner_deu.exe=2.0.19.0
# EOSSerial=9ae7ee322bbe0f47b80c583d443d3fc7
# end=init
# utc_time=2018-02-07 21:10:54
# local_time=2018-02-07 22:10:54 (+0100, W. Europe Standard Time)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
22:11:15 Call m_esets_charon_setup_create
22:11:15 Call m_esets_charon_create
22:11:15 m_esets_charon_create OK
22:11:15 Call m_esets_charon_start_send_thread
22:11:15 Call m_esets_charon_setup_set
22:11:15 m_esets_charon_setup_set OK
22:11:33 Updating
22:11:37 Update Init
22:12:22 Call m_esets_charon_send
22:12:23 Call m_esets_charon_destroy
23:55:44 Call m_esets_charon_setup_create
23:55:44 Call m_esets_charon_create
23:55:44 m_esets_charon_setup_set ERROR
23:55:49 Call m_esets_charon_send
23:55:50 Call m_esets_charon_destroy
23:55:57 RecursiveRemoveDirectoryAndAllFiles: C:\Users\~.~\AppData\Local\ESET\ESETOnlineScanner\Quarantine\
00:00:04 # product=EOS
# version=8
# flags=0
# esetonlinescanner_deu.exe=2.0.19.0
# EOSSerial=9ae7ee322bbe0f47b80c583d443d3fc7
# end=init
# utc_time=2018-02-07 23:00:04
# local_time=2018-02-08 00:00:04 (+0100, W. Europe Standard Time)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
00:00:09 # product=EOS
# version=8
# flags=0
# esetonlinescanner_deu.exe=2.0.19.0
# EOSSerial=9ae7ee322bbe0f47b80c583d443d3fc7
# end=init
# utc_time=2018-02-07 23:00:08
# local_time=2018-02-08 00:00:08 (+0100, W. Europe Standard Time)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
00:00:26 Call m_esets_charon_setup_create
00:00:26 Call m_esets_charon_create
00:00:26 m_esets_charon_create OK
00:00:26 Call m_esets_charon_start_send_thread
00:00:26 Call m_esets_charon_setup_set
00:00:26 m_esets_charon_setup_set OK
00:00:32 Updating
00:00:32 Update Init
00:00:47 Call m_esets_charon_setup_create
00:00:47 Call m_esets_charon_create
00:00:47 m_esets_charon_setup_set ERROR
00:00:47 Update Download
00:01:30 esets_scanner_reload returned 0
00:01:30 g_uiModuleBuild: 36327
00:01:30 Update Finalize
00:01:30 Call m_esets_charon_send
00:01:30 Call m_esets_charon_destroy
00:01:31 Updated modules version: 36327
00:01:46 Call m_esets_charon_setup_create
00:01:46 Call m_esets_charon_create
00:01:46 m_esets_charon_setup_set ERROR
00:01:46 Scanner engine: 36327
04:16:29 # product=EOS
# version=8
# flags=0
# esetonlinescanner_deu.exe=2.0.19.0
# EOSSerial=9ae7ee322bbe0f47b80c583d443d3fc7
# engine=36327
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# sfx_checked=true
# utc_time=2018-02-08 03:16:29
# local_time=2018-02-08 04:16:29 (+0100, W. Europe Standard Time)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 81713 269689639 0 0
# scanned=2
# found=25
# cleaned=0
# scan_time=15297
sh=410796D6E6845A5286450F36F801BF63353A07BD ft=1 fh=0000000000000000 vn="Variante von MSIL/WebCompanion.D eventuell unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\exuieaoEiI\Application\Lavasoft.SearchProtect.WinService.exe"
sh=DB9E4F1755F8AB17528719F1320EC627FF7FE1D3 ft=1 fh=0000000000000000 vn="Variante von MSIL/WebCompanion.D eventuell unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\exuieaoEiI\Application\Lavasoft.Utils.dll"
sh=4280A9DD624BE6591A899B5A3683413A6FCBC027 ft=1 fh=0000000000000000 vn="Variante von MSIL/WebCompanion.D eventuell unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\exuieaoEiI\Application\Lavasoft.WCAssistant.WinService.exe"
sh=C646DC4AE1E5F6AD484677B8522456A7EB69213F ft=1 fh=0000000000000000 vn="Variante von MSIL/WebCompanion.D eventuell unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\exuieaoEiI\Application\WebCompanion.exe"
sh=9A16190BAB145A19BD5AC9697692E3DADB0D639D ft=1 fh=0000000000000000 vn="Variante von MSIL/WebCompanion.C eventuell unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\exuieaoEiI\Application\WebCompanionInstaller.exe"
sh=20BA51F96F4EA5423FC90E17F635791D97DA4D44 ft=1 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.AU eventuell unerwünschte Anwendung" ac=I fn="C:\Program_Files_(x86)\Downloads\FreeYouTubeToMp3Converter3820.exe"
sh=0246DAC8B5C093EFB5F1E0E2B69177731CA50ED7 ft=1 fh=0000000000000000 vn="Variante von Win32/DownloadGuide.D eventuell unerwünschte Anwendung" ac=I fn="C:\Program_Files_(x86)\TeamViewer\TeamViewer_Setup_de_CB-DL-Manager.exe"
sh=CA761761744B5AB8DCB969316CE632925434D28C ft=1 fh=0000000000000000 vn="Variante von MSIL/WebCompanion.A eventuell unerwünschte Anwendung,Variante von Win32/WebCompanion.B eventuell unerwünschte Anwendung" ac=I fn="C:\Users\~.~\AppData\Local\Temp\WCN001.exe"
sh=688FF62EEDCB9F17C22E032D0120BA77B4BD7DC7 ft=1 fh=0000000000000000 vn="Variante von MSIL/WebCompanion.A eventuell unerwünschte Anwendung" ac=I fn="C:\Users\~.~\AppData\Local\Temp\7zS87A831C1\DevLib.dll"
sh=A5EC1B91463A83646F7ACE5A94834EE61B732923 ft=1 fh=0000000000000000 vn="Variante von MSIL/WebCompanion.A eventuell unerwünschte Anwendung" ac=I fn="C:\Users\~.~\AppData\Local\Temp\7zS87A831C1\GenericSetup.exe"
sh=37D006174A0AA4A5C62867A0CDE4CDDB826622B9 ft=1 fh=0000000000000000 vn="Variante von Win32/WebCompanion.B eventuell unerwünschte Anwendung" ac=I fn="C:\Users\~.~\AppData\Local\Temp\7zS87A831C1\installer.exe"
sh=5609EDDAD40A2E38425F3C8FA3C3212E0FCEE2F2 ft=1 fh=0000000000000000 vn="Variante von MSIL/WebCompanion.A eventuell unerwünschte Anwendung" ac=I fn="C:\Users\~.~\AppData\Local\Temp\7zS87A831C1\WizardPages.dll"
sh=E372AF7F5CBB53D354E3BE2AC726ED730F17FF4A ft=1 fh=0000000000000000 vn="Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung" ac=I fn="C:\Users\~.~\AppData\Local\Temp\DMR\dmr_72.exe"
sh=3193068E2BA855836809E2DC4B53634BEF004ACD ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen,Variante von Java/Exploit.Agent.OMZ Trojaner,Java/Exploit.CVE-2012-1723.HM Trojaner,Java/Exploit.CVE-2012-1723.GW Trojaner" ac=I fn="C:\Users\~.~\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\2673212d-6b0437fc"
sh=7F268045E08BC65CFF7DC97EEDD5149C8FFEB19E ft=0 fh=0000000000000000 vn="Variante von MSIL/WebCompanion.D eventuell unerwünschte Anwendung,Variante von MSIL/WebCompanion.C eventuell unerwünschte Anwendung" ac=I fn="C:\Windows\Temp\WebCompanion.zip"
sh=58A0C2588043C136835E8219175E59EEEF4520E0 ft=1 fh=0000000000000000 vn="Variante von MSIL/WebCompanion.C eventuell unerwünschte Anwendung" ac=I fn="C:\Windows\Temp\wctmp_1178855646\WcInstaller.exe"
sh=5B4B0DD147CE9A188473E289B5F4016F34BD0B67 ft=1 fh=0000000000000000 vn="Variante von MSIL/WebCompanion.C eventuell unerwünschte Anwendung" ac=I fn="C:\Windows\Temp\wctmp_27822647\WcInstaller.exe"
sh=94549509601D21D2DF433B30E26516885952ADB4 ft=1 fh=0000000000000000 vn="Variante von MSIL/WebCompanion.C eventuell unerwünschte Anwendung" ac=I fn="C:\Windows\Temp\wctmp_304566458\WcInstaller.exe"
sh=4DDFCAFC25A6ED65A042DAA74A02F5F4FD0CF92B ft=1 fh=0000000000000000 vn="Variante von MSIL/WebCompanion.C eventuell unerwünschte Anwendung" ac=I fn="C:\Windows\Temp\wctmp_887237532\WcInstaller.exe"
sh=7971078748BB5F1A053558385FFCA817A1025053 ft=1 fh=0000000000000000 vn="Variante von MSIL/WebCompanion.C eventuell unerwünschte Anwendung" ac=I fn="C:\Windows\Temp\wctmp_962985567\WcInstaller.exe"
sh=21B8C9D2144EA602AF01B1565CC80B21D95D76AD ft=1 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.K eventuell unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\~.~\Desktop\burnsetup.exe"
sh=21B8C9D2144EA602AF01B1565CC80B21D95D76AD ft=1 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.K eventuell unerwünschte Anwendung" ac=I fn="C:\Windows.old\Program Files\NCH Swift Sound\ExpressBurn\burnsetup_v4.37.exe"
sh=27070EE60FA6B04CAD9275B8F2D755859AE26FC2 ft=1 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.K eventuell unerwünschte Anwendung" ac=I fn="C:\Windows.old\Program Files\NCH Swift Sound\ExpressBurn\expressburn.exe"
sh=454A225249E4B9E7170687BB75F52BD22F66E7E2 ft=1 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.K eventuell unerwünschte Anwendung" ac=I fn="C:\Windows.old\Program Files\NCH Swift Sound\ExpressBurn\uninst.exe"
sh=21B8C9D2144EA602AF01B1565CC80B21D95D76AD ft=1 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.K eventuell unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\~.~\Desktop\burnsetup.exe"
06:21:25 Call m_esets_charon_send
06:21:25 Call m_esets_charon_destroy
06:21:26 RecursiveRemoveDirectoryAndAllFiles: C:\Users\~.~\AppData\Local\ESET\ESETOnlineScanner\Quarantine\
         

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code: Alles auswählenAufklappen

ATTFilter

C:\Program_Files_(x86)\Downloads
C:\Program_Files_(x86)\TeamViewer\TeamViewer_Setup_de_CB-DL-Manager.exe
hosts:
emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

• Starte nun FRST erneut und klicke den Entfernen Button.
• Das Tool erstellt eine Fixlog.txt.
• Poste mir deren Inhalt.

"Starte nun FRST erneut und klicke den Entfernen Button. "

Tut mir leid, den Teil verstehe ich nicht - die Programmoberfläche ist ja englisch, aber es gibt auch kein "delete" oder ähnliches. Wenn ich die Taste "Entfernen" drücke, passiert auch nichts. Was genau ist gemeint - ?

Lies doch mal die Anleitung richtig. Und die auch richtig d.h. 1:1 umsetzen. Einfacher gehts nun wirklich nich zu beschreiben.

Ich habe die Anleitung schon ein paarmal (mittlerweile im zweistelligen Bereich) gelesen. Ich hatte sie schon vor meinem letzten Eintrag Zeile für Zeile abgearbeitet. Bis halt zu dem einen Schritt, den ich nicht verstehe. Den habe ich genannt. Und nun?

Das liegt daran, dass du die Schritte zuvor nicht richtig machst. Und es gibt keine einfachere Erklärung, wie man eine Textdatei erstellt, mit Inhalt füllt und diese mit dem geforderten Dateinamen versieht und anschließend FRST startet für den Fix.

Wie ich schon sagte, ANleitung KOMPLETT LESEN und umsetzen. Unsere Anleitungsbausteine wurden schon viele Tausend Male verwendet.

Nachdem wir also festgestellt haben, daß es 1000e Nutzer gibt, die erfolgreich einen "Entfernen Button" identifiziert und geklickt haben, sehe ich vier Möglichkeiten:
- Du erklärst es mir.
- Du nennst mir einen der 1000en, damit ich den unauffällig fragen kann.
- Ich frage hier im Forum in einem neuen Faden, was gemeint ist.
- Wir diskutieren jetzt längere Zeit darüber, daß es gut erklärt und total einfach ist und ich es trotzdem nicht verstehe. ;-)

... Wenn Du weitere Möglichkeiten kennst, gern.

Ich schreib für dich die Anleitung jedenfalls nicht neu. Sag KONKRET an welchen Punkt du nicht weiterkommst, nicht einfach sowas sinngemäß wie "boar ich schnall das alles nicht" - wenn du den button ENTFERNEN nicht siehst ja dann weiß ich auch nicht, Brille mal aufsetzen?

Sorry für die Störung:
In der englischen Oberfläche heißt der Button FIX.

Der Button ist aber der selben Position wie der Entfernen-Button oder nicht?

BTW: du brauchst dich nicht zu entschuldigen Frau root ich hab dir ja gesagt wenn was ist darfst du in "meinen" Threads posten

Danke, Fragerin! (Irreführend, daß die Sprachversionen so unterschiedliche Wörter benutzen. Zumal ich nicht einmal um die deutsche Version wußte...)

Code: Alles auswählenAufklappen

ATTFilter

Fix result of Farbar Recovery Scan Tool (x64) Version: 10.02.2018 02
Ran by ~.~ (10-02-2018 20:52:38) Run:1
Running from C:\Users\~.~\Desktop
Loaded Profiles: ~.~ (Available Profiles: ~.~ & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
C:\Program_Files_(x86)\Downloads
C:\Program_Files_(x86)\TeamViewer\TeamViewer_Setup_de_CB-DL-Manager.exe
hosts:
emptytemp:
*****************

C:\Program_Files_(x86)\Downloads => moved successfully
C:\Program_Files_(x86)\TeamViewer\TeamViewer_Setup_de_CB-DL-Manager.exe => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 149613144 B
Java, Flash, Steam htmlcache => 5729 B
Windows/system/drivers => 278730392 B
Edge => 0 B
Chrome => 0 B
Firefox => 382197169 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 36106986 B
systemprofile32 => 648981 B
LocalService => 132244 B
NetworkService => 715482 B
~.~ => 1442702542 B
Administrator.Cunegonde => 2883757 B

RecycleBin => 685817936 B
EmptyTemp: => 2.8 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:55:11 ====
         

PS: Was ist das denn?! Nach dem Speichern meines Beitrags bekomme ich in Beitrag #17 eine Graphik angezeigt (quasi ein Screenshot von FRST)!! Da wäre ja ziemlich klargewesen, was mit "Entfernen" gemeint ist! (Du mußt davon ausgegangen sein, daß ich die Graphik gesehen hatte, Cosinus - jetzt verstehe ich auch Dein Unverständnis!)
Nun habe ich neugierig die erste Seite des Fadens aufgerufen... und bekomme auch Graphiken angezeigt in den Beiträgen #10 und #11 (ebenfalls mit dem ominösen "Entfernen"-Button in FRST!) und in #13 (Screenshot hier aus dem Forum). Wieso bekomme ich die erst jetzt angezeigt??? Umgekehrt bekam ich zwischenzeitlich ja schon mal Graphiken (von Schaltflächen, glaube ich) in #2 angezeigt - die werden auch jetzt wieder nicht angezeigt.
[Ich habe seit dem Neu-Aufspielen von Firefox auch mehrfach Probleme gehabt, wie Bilder (verdeckten zT den Text) oder Sonderzeichen (übereinander) angezeigt werden - allerdings nie einheitlich, mal treten sie auf, mal (nach Neuladen derselben Seite) nicht. Veränderungen der Textkodierung konnten die Sonderzeichen-Anzeige übrigens nicht verbessern. Ist das alles dasselbe Problem?]

Ich habe jetzt erstmal meinen kompletten Firefox-Cache geleert. Und die Seiten neugeladen. Nun gibt's wieder überhaupt keine eingebundenen Graphiken!
(Andere Graphiken sehe ich schon: die jpg-Graphik am Seitenkopf (mit dem Logo des Trojaner-Boards usw.), die Smilies, die Schaltflächen "Alles auswählen" bzw. "Aufklappen" vor Code-Feldern, auch die Schaltflächen über dem Textfeld, in das ich hier jetzt schreibe...)

Zitat:

Zitat von cosinus

"boar ich schnall das alles nicht"

... so in etwa.


PPS: Erneutes Speichern zaubert die Graphiken übrigens nicht wieder hervor...