You are not logged in.

Tuesday, September 2nd 2014, 11:17pm

The Avira Forum will be moved to the new platform Avira Answers soon. We'll make the transition of existing user profiles and threads as smooth as possible.
New visitors are able to log in on Avira Answers with the existing Avira account directly or sign up with a new account.

  • "xpandi" started this thread

Date of registration:
Nov 18th 2010

Version:
Avira Free Antivirus

Operating System:
Windows 8 Profesional

  • Send private message

1

Thursday, November 14th 2013, 5:06pm

BKA - Trojaner - Browser gesperrt

Hallo zusammen,

ich wurde gerade weitergeleitet auf eine Seite, die angeblich vom BKA sein soll. Diese Seite sperrt meinen Browser. Um das zu beheben, habe ich ein weiteres Firefox fenster geöffnet und beide gleichzeitig per task-manager geschlossen. Beim nächsten Start von Firefox wurde ich gefragt ob ich die letzte Sitzung wiederherstellen möchte. Ich habe dann die letzte Sitzung verworfen und sofort meinen Firefox Cache gelöscht. Es funktioniert jetzt wieder alles. Allerdings denke ich nicht, dass es damit getan ist, oder? Ich habe jetzt Angst mich irgendwo einzuloggen (außer bei avira^^). Was soll ich jetzt machen? (System: Windows 8.1)

Schon mal vielen Dank für die Hilfe

Viele Grüße

Andi

2

Thursday, November 14th 2013, 5:29pm

Lade dir FRST auf deinen Desktop:

Achtung: Es gibt eine 32 und 64 Bit-Version, bitte die entsprechende auswählen.

Download

Programm starten ( Vista / Win 7 als Admin starten )
"Scan" klicken
Lade die FRST.txt und Addition.txt zu pastebinhoch.
Bitte die URL des Uploads posten.

  • "xpandi" started this thread

Date of registration:
Nov 18th 2010

Version:
Avira Free Antivirus

Operating System:
Windows 8 Profesional

  • Send private message

3

Thursday, November 14th 2013, 5:39pm

FRST.txt:
http://pastebin.com/sDHc5sAb

addition:
http://pastebin.com/cBBmTYyj

  • "xpandi" started this thread

Date of registration:
Nov 18th 2010

Version:
Avira Free Antivirus

Operating System:
Windows 8 Profesional

  • Send private message

4

Thursday, November 14th 2013, 6:54pm

Entschuldigung, wenn ich nochmal frage, aber was muss ich als nächstes tun? :S
Ich muss nämlich so schnell wie möglich ne Mail mit Anhang verschicken und habe Angst mich in meinen Account einzuloggen bzw. jemand anderes durch meinen Anhang in der E-Mail zu beschädigen.

5

Thursday, November 14th 2013, 7:22pm

Erstelle ein leeres Textdokument im folgenden Ordner : "C:\Users\Admin\Desktop"
Kopier folgenden Text dort rein ( ohne das Wort "Zitat" ) :

Quoted

HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableClock] 1
HKCU\...\Policies\Explorer: [NoControlPanel] 0
HKCU\...\Policies\Explorer: [NoFind] 0
HKU\Andi\...\Policies\system: [DisableRegistryTools] 1
HKU\Andi\...\Policies\system: [DisableLockWorkstation] 0
HKU\Andi\...\Policies\system: [DisableTaskMgr] 1
HKU\Andi\...\Policies\system: [DisableClock] 1
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF2A4739307D3CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
2013-11-14 16:56 - 2013-06-24 18:41 - 00001122 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-14 12:20 - 2013-06-24 18:41 - 00001118 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\Users\Admin\AppData\Local\Temp\avgnt.exe
C:\Users\Andi\AppData\Local\Temp\avgnt.exe



- Speichere das Dokument als Fixlist.txt
- Starte FRST und klicke auf Fix
- Poste dann den Inhalt des erstellten Fixlog

  • "xpandi" started this thread

Date of registration:
Nov 18th 2010

Version:
Avira Free Antivirus

Operating System:
Windows 8 Profesional

  • Send private message

6

Thursday, November 14th 2013, 7:37pm

Hier die Logfile:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-11-2013
Ran by Admin at 2013-11-14 19:37:20 Run:1
Running from C:\Users\Admin\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableClock] 1
HKCU\...\Policies\Explorer: [NoControlPanel] 0
HKCU\...\Policies\Explorer: [NoFind] 0
HKU\Andi\...\Policies\system: [DisableRegistryTools] 1
HKU\Andi\...\Policies\system: [DisableLockWorkstation] 0
HKU\Andi\...\Policies\system: [DisableTaskMgr] 1
HKU\Andi\...\Policies\system: [DisableClock] 1
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF2A4739307D3CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
2013-11-14 16:56 - 2013-06-24 18:41 - 00001122 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-14 12:20 - 2013-06-24 18:41 - 00001118 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\Users\Admin\AppData\Local\Temp\avgnt.exe
C:\Users\Andi\AppData\Local\Temp\avgnt.exe
*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\system\\ DisableLockWorkstation => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\system\\ DisableClock => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ NoControlPanel => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ NoFind => Value not found.
HKU\ Andi\Software\Microsoft\Windows\CurrentVersion\Policies\system\\ DisableRegistryTools => Value not found.
HKU\ Andi\Software\Microsoft\Windows\CurrentVersion\Policies\system\\ DisableLockWorkstation => Value not found.
HKU\ Andi\Software\Microsoft\Windows\CurrentVersion\Policies\system\\ DisableTaskMgr => Value not found.
HKU\ Andi\Software\Microsoft\Windows\CurrentVersion\Policies\system\\ DisableClock => Value not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs => Value deleted successfully.
HKLM\Software\Wow6432Node\MozillaPlugins\ @tools.google.com/Google Update;version=3 => Key not found.
C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll not found.
HKLM\Software\Wow6432Node\MozillaPlugins\ @tools.google.com/Google Update;version=9 => Key not found.
C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll not found.
" C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml" => not found.
" C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml" => not found.
" C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml" => not found.
" C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml" => not found.

==== End of Fixlog ====

7

Thursday, November 14th 2013, 7:55pm

Deine Mail kannst du natürlich verschicken.

Lade dir AdwCleaner auf deinen Desktop:

Hier Klicken

- Programm öffnen (bei Vista / Win 7 rechte Maustaste "Als Administrator ausführen")
Falls Avira blockieren sollte, bitte den Echtzeitscanner deaktivieren
- auf "Suchen" klicken
- auf "Bericht" klicken
- Logfile ins Forum stellen

  • "xpandi" started this thread

Date of registration:
Nov 18th 2010

Version:
Avira Free Antivirus

Operating System:
Windows 8 Profesional

  • Send private message

8

Thursday, November 14th 2013, 8:02pm

# AdwCleaner v3.012 - Bericht erstellt am 14/11/2013 um 20:00:23
# Updated 11/11/2013 von Xplode
# Betriebssystem : Windows 8.1 (64 bits)
# Benutzername : Admin - ANDI-PC
# Gestartet von : C:\Users\Admin\Desktop\AdwCleaner.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gefunden C:\Users\Admin\AppData\Roaming\pdfforge

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16384


-\\ Mozilla Firefox v25.0 (de)

[ Datei : C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\cpw0ans3.default\prefs.js ]


[ Datei : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stwbs034.default\prefs.js ]


-\\ Google Chrome v30.0.1599.101

[ Datei : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1430 octets] - [14/11/2013 19:57:06]
AdwCleaner[R1].txt - [1490 octets] - [14/11/2013 19:59:03]
AdwCleaner[R2].txt - [1410 octets] - [14/11/2013 20:00:23]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1470 octets] ##########

  • "xpandi" started this thread

Date of registration:
Nov 18th 2010

Version:
Avira Free Antivirus

Operating System:
Windows 8 Profesional

  • Send private message

9

Thursday, November 14th 2013, 8:03pm

Ich habe davon noch nichts gelöscht. Soll ich alles löschen?

10

Thursday, November 14th 2013, 8:12pm

Ja und erneut scannen, Bericht posten.

Danach nochmal mit FRST scannen.

Rajo

Moderator

Date of registration:
Jun 12th 2006

Operating System:
Mac - Linux - Windows XP Pro SP3 - PUPPY 4.12 AUFM STICK

  • Send private message

11

Thursday, November 14th 2013, 8:16pm

Soll ich alles löschen?



Ja alles löschen - > neustart machen
... und neuen Scan ( ADWcleaner ) zur Kontrolle bitte - auch hier das Ergebnis posten -

Danke -
Rajo

edit:
doppelt hält b
esser :)
Telepolis
Dieses Forum dem ich lange Jahre "gedient" habe, wird bald aus unverständlichen Gründen geschlossen - Ich bleibe bis zum Schluss hier! - und mache mit Beate, Nobbi und weiteren Helfern das LICHT aus ! Ihr ALLE wart SUPER !

  • "xpandi" started this thread

Date of registration:
Nov 18th 2010

Version:
Avira Free Antivirus

Operating System:
Windows 8 Profesional

  • Send private message

12

Thursday, November 14th 2013, 8:29pm

Hier schon mal der Bericht zum Löschvorgang:
# AdwCleaner v3.012 - Bericht erstellt am 14/11/2013 um 20:15:49
# Updated 11/11/2013 von Xplode
# Betriebssystem : Windows 8.1 (64 bits)
# Benutzername : Admin - ANDI-PC
# Gestartet von : C:\Users\Admin\Desktop\AdwCleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\pdfforge

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16384


-\\ Mozilla Firefox v25.0 (de)

[ Datei : C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\cpw0ans3.default\prefs.js ]


[ Datei : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stwbs034.default\prefs.js ]


-\\ Google Chrome v30.0.1599.101

[ Datei : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1430 octets] - [14/11/2013 19:57:06]
AdwCleaner[R1].txt - [1490 octets] - [14/11/2013 19:59:03]
AdwCleaner[R2].txt - [1550 octets] - [14/11/2013 20:00:23]
AdwCleaner[S0].txt - [1473 octets] - [14/11/2013 20:15:49]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1533 octets] ##########







und noch der Bericht zum neuen Scan:
# AdwCleaner v3.012 - Bericht erstellt am 14/11/2013 um 20:22:01
# Updated 11/11/2013 von Xplode
# Betriebssystem : Windows 8.1 (64 bits)
# Benutzername : Admin - ANDI-PC
# Gestartet von : C:\Users\Admin\Desktop\AdwCleaner.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16384


-\\ Mozilla Firefox v25.0 (de)

[ Datei : C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\cpw0ans3.default\prefs.js ]


[ Datei : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stwbs034.default\prefs.js ]


-\\ Google Chrome v30.0.1599.101

[ Datei : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1430 octets] - [14/11/2013 19:57:06]
AdwCleaner[R1].txt - [1490 octets] - [14/11/2013 19:59:03]
AdwCleaner[R2].txt - [1550 octets] - [14/11/2013 20:00:23]
AdwCleaner[R3].txt - [1238 octets] - [14/11/2013 20:21:31]
AdwCleaner[R4].txt - [1098 octets] - [14/11/2013 20:22:01]
AdwCleaner[S0].txt - [1613 octets] - [14/11/2013 20:15:49]

########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [1218 octets] ##########

  • "xpandi" started this thread

Date of registration:
Nov 18th 2010

Version:
Avira Free Antivirus

Operating System:
Windows 8 Profesional

  • Send private message

13

Thursday, November 14th 2013, 8:32pm

Hier die FRST file:

http://pastebin.com/zm8vQhgR

und die addition:

http://pastebin.com/dGZQESG1

14

Thursday, November 14th 2013, 9:12pm

OTL starten und "Bereinigung" klicken, PC neustarten.

Erstelle ein leeres Textdokument im folgenden Ordner : "C:\Users\Admin\Desktop"
Kopier folgenden Text dort rein ( ohne das Wort "Zitat" ) :

Quoted

HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableClock] 1
HKCU\...\Policies\Explorer: [NoControlPanel] 0
HKCU\...\Policies\Explorer: [NoFind] 0
HKU\Andi\...\Policies\system: [DisableRegistryTools] 1
HKU\Andi\...\Policies\system: [DisableLockWorkstation] 0
HKU\Andi\...\Policies\system: [DisableTaskMgr] 1
HKU\Andi\...\Policies\system: [DisableClock] 1
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
2013-11-14 20:26 - 2013-06-24 18:41 - 00001118 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-14 19:56 - 2013-06-24 18:41 - 00001122 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\Users\Admin\AppData\Local\Temp\avgnt.exe
C:\Users\Admin\AppData\Local\Temp\Quarantine.exe
C:\Users\Andi\AppData\Local\Temp\avgnt.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe


- Speichere das Dokument als Fixlist.txt
- Starte FRST und klicke auf Fix
- Poste dann den Inhalt des erstellten Fixlog

  • "xpandi" started this thread

Date of registration:
Nov 18th 2010

Version:
Avira Free Antivirus

Operating System:
Windows 8 Profesional

  • Send private message

15

Thursday, November 14th 2013, 9:26pm

wenn ich auf OTL Bereinigung gehe kommt folgende Meldung: " Es wurde kein Fix vorgesehen" ?!

16

Thursday, November 14th 2013, 9:39pm

Ok. Wahrscheinlich brauchen wir OTL sowieso nochmal.

  • "xpandi" started this thread

Date of registration:
Nov 18th 2010

Version:
Avira Free Antivirus

Operating System:
Windows 8 Profesional

  • Send private message

17

Thursday, November 14th 2013, 9:48pm

Hier die Logfile vom OTL:
http://pastebin.com/r2dqbqHF

Hier die extras datei:
http://pastebin.com/Rz5ukSRm

Wie ist die fix datei für OTL?

18

Thursday, November 14th 2013, 10:46pm

- Starte OTL
- Kopier folgenden Inhalt in die Textbox: (ohne das Wort "Zitat")

Quoted

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-166770179-3281443526-2598176900-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.de.msn.com/
IE - HKU\S-1-5-21-166770179-3281443526-2598176900-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-166770179-3281443526-2598176900-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 69 F8 E9 F3 BA 48 CE 01 [binary data]
IE - HKU\S-1-5-21-166770179-3281443526-2598176900-1002\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-166770179-3281443526-2598176900-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerm…Box&FORM=IE10SR
IE - HKU\S-1-5-21-166770179-3281443526-2598176900-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-166770179-3281443526-2598176900-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-166770179-3281443526-2598176900-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerm…Box&FORM=IE11SR
IE - HKU\S-1-5-21-166770179-3281443526-2598176900-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\S-1-5-21-166770179-3281443526-2598176900-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-21-166770179-3281443526-2598176900-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-21-166770179-3281443526-2598176900-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-166770179-3281443526-2598176900-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-166770179-3281443526-2598176900-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableClock = 1
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
[2013.11.14 20:56:00 | 000,001,122 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.11.14 20:26:45 | 000,001,118 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[Reboot]


- Schließe alle Programme
- Klicke auf "Fix"
- Klicke auf "Ok"
- Nach dem Neustart bitte das Logfile posten

  • "xpandi" started this thread

Date of registration:
Nov 18th 2010

Version:
Avira Free Antivirus

Operating System:
Windows 8 Profesional

  • Send private message

19

Friday, November 15th 2013, 11:55am

Hier die Log file:

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\S-1-5-21-166770179-3281443526-2598176900-1002\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-166770179-3281443526-2598176900-1002\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-166770179-3281443526-2598176900-1002\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKEY_USERS\S-1-5-21-166770179-3281443526-2598176900-1002\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-166770179-3281443526-2598176900-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-166770179-3281443526-2598176900-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKEY_USERS\S-1-5-21-166770179-3281443526-2598176900-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-166770179-3281443526-2598176900-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-166770179-3281443526-2598176900-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Privacy\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableCursorSuppression deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableCAD deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLinkedConnections deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideFastUserSwitching deleted successfully.
Registry value HKEY_USERS\S-1-5-21-166770179-3281443526-2598176900-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoControlPanel deleted successfully.
Registry value HKEY_USERS\S-1-5-21-166770179-3281443526-2598176900-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFind deleted successfully.
Registry value HKEY_USERS\S-1-5-21-166770179-3281443526-2598176900-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry value HKEY_USERS\S-1-5-21-166770179-3281443526-2598176900-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableLockWorkstation deleted successfully.
Registry value HKEY_USERS\S-1-5-21-166770179-3281443526-2598176900-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableClock deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\grooveLocalGWS\ deleted successfully.
File Protocol\Handler\grooveLocalGWS - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages:livessp deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
File rity] not found.
File ptytemp] not found.
File boot] not found.

OTL by OldTimer - Version 3.2.69.0 log created on 11152013_115144

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

20

Friday, November 15th 2013, 6:07pm

Starte OTL
Kopier folgenden Inhalt in die Textbox: (ohne das Wort "Zitat")


Quoted

:Files
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
[Reboot]



- Schließe alle Programme
- Klicke auf "Fix"
- Klicke auf "Ok"
- Nach dem Neustart bitte das Logfile posten