| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Nach websearches Befall, was in AdwCleaner löschen?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
25.05.2014, 15:00
| #1 |
| |  Nach websearches Befall, was in AdwCleaner löschen? Hallo zusammen, ich hab mir den Blue Stacks App Player installiert und mir so den websearches-Virus auf mein Win7 Notebook eingefangen. Ich hab diese Anleitung befolgt, um ihn wieder loszuwerden: hxxp://praxistipps.chip.de/websearch-webisawesome-virus-entfernen-so-klappts_27893 Ich hab mir den AdwCleaner runtergeladen und jetzt ist der letzte Schritt die Spuren des viruses mit dem Programm zu löschen. Bei dem programm steht: "[...] wählen Sie alle Elemente ab, die Sie nicht entfernen wollen." Jetzt hab ich total Angst etwas zu entfernen was systemrelvant ist oder sonst irgendwie Schwierigkeiten bereitet, wenn ich es entferne. Ich poste hier mal Die Screenshots, was der AdwCleaner alles gefunden hat. Was kann ich guten Gewissens entfernen und was sollte ich abwählen? (Die Reiter "Verknüpfungen" und "Chrome" sind leer)       |
|
25.05.2014, 18:02
| #2 |
| /// the machine /// TB-Ausbilder    | Nach websearches Befall, was in AdwCleaner löschen? hi,
__________________alles löschen, dann: Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
25.05.2014, 20:35
| #3 |
| | Nach websearches Befall, was in AdwCleaner löschen? Danke, hab ich gemacht
__________________FRST.txt: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by Computer (administrator) on COMPUTER-TOSH on 25-05-2014 21:31:43
Running from C:\Users\Computer\Downloads
Platform: Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\Computer\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
() C:\Program Files (x86)\Youtube Downloader HD\YouTubeDownloaderHD.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1489760 2010-03-17] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050072 2010-05-11] (Toshiba Europe GmbH)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288088 2009-11-11] (Microsoft Corporation)
HKLM-x32\...\Run: [NBAgent] => c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1234216 2010-09-02] (Nero AG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-05-05] (AVAST Software)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [832272 2014-05-01] (BlueStack Systems, Inc.)
HKU\.DEFAULT\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
HKU\S-1-5-21-2560161592-3816387559-2359114276-1000\...\Run: [Amazon Cloud Player] => C:\Users\Computer\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3168576 2014-03-07] ()
HKU\S-1-5-21-2560161592-3816387559-2359114276-1000\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {06E96EFE-8043-459D-925B-B4D5B82A2743} URL = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
SearchScopes: HKCU - {4DCB657A-6192-491C-B068-4554A7124208} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\6hvqdrtx.default-1401045432870
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-10]
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-05] (AVAST Software)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-05-01] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-05-01] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [774928 2014-05-01] (BlueStack Systems, Inc.)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-05-11] (Toshiba Europe GmbH)
==================== Drivers (Whitelisted) ====================
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-05] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-05] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-05] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-05] ()
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [123152 2014-05-01] (BlueStack Systems)
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-25 21:31 - 2014-05-25 21:31 - 00015797 _____ () C:\Users\Computer\Downloads\FRST.txt
2014-05-25 21:31 - 2014-05-25 21:31 - 00000000 ____D () C:\FRST
2014-05-25 21:30 - 2014-05-25 21:30 - 02066944 _____ (Farbar) C:\Users\Computer\Downloads\FRST64.exe
2014-05-25 21:18 - 2014-05-25 21:26 - 129141360 _____ () C:\Users\Computer\Documents\Lügen in der Politik - Ich gebe Ihnen mein Ehrenwort _ ARD-Dokumentation_(360p).mp4
2014-05-25 20:52 - 2014-05-25 21:17 - 433812888 _____ () C:\Users\Computer\Documents\hart aber fair Handy an, Hirn aus - wie doof machen uns Apple und Co.__(480p).mp4
2014-05-25 20:42 - 2014-05-25 20:52 - 124447560 _____ () C:\Users\Computer\Documents\Die KiK Story 2 - Neue Recherchen zum Textildiscounter_(360p).mp4
2014-05-25 19:49 - 2014-05-25 20:42 - 768610915 _____ () C:\Users\Computer\Documents\Der Kampf der Kleinen_(480p).mp4
2014-05-25 19:48 - 2014-05-25 19:48 - 03474636 _____ () C:\Users\Computer\Documents\Der Kampf der Kleinen_(360p).mp4
2014-05-25 19:43 - 2014-05-25 19:48 - 56076948 _____ () C:\Users\Computer\Documents\KiK-Ausbeute [ARD exclusiv] Teil 2_2_(360p).mp4
2014-05-25 19:40 - 2014-05-25 19:43 - 46510199 _____ () C:\Users\Computer\Documents\KiK-Ausbeute [ARD exclusiv] Teil 1_2_(360p).mp4
2014-05-25 17:54 - 2014-05-25 17:54 - 00000000 ____D () C:\Windows\system32\SPReview
2014-05-25 14:35 - 2014-05-25 21:21 - 00000000 ____D () C:\AdwCleaner
2014-05-25 14:35 - 2014-05-25 14:35 - 01326389 _____ () C:\Users\Computer\Downloads\adwcleaner_3.210.exe
2014-05-24 16:34 - 2014-05-25 19:26 - 00004982 _____ () C:\Users\Computer\Documents\24.05.2014.m3u8
2014-05-24 15:50 - 2014-05-25 21:17 - 00000000 ____D () C:\Users\Computer\Desktop\Alte Firefox-Daten
2014-05-24 12:27 - 2014-05-24 12:27 - 00003194 _____ () C:\Windows\System32\Tasks\{EEC10F91-11D8-4131-908C-FC47C488B291}
2014-05-23 19:47 - 2014-05-23 19:47 - 00000000 ____D () C:\Users\Computer\AppData\Local\com
2014-05-23 19:31 - 2014-05-24 15:47 - 00000000 ____D () C:\ProgramData\WindowsProtectManger
2014-05-23 19:27 - 2014-05-23 19:27 - 00290760 _____ () C:\Users\Computer\Downloads\Player_Setup.exe
2014-05-23 19:25 - 2014-05-23 19:25 - 00001814 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk
2014-05-23 19:25 - 2014-05-23 19:25 - 00001787 _____ () C:\Users\Public\Desktop\Apps.lnk
2014-05-23 19:25 - 2014-05-23 19:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2014-05-23 19:25 - 2014-05-23 19:25 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-05-23 19:25 - 2014-05-23 19:25 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2014-05-23 19:24 - 2014-05-23 19:39 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-05-23 19:24 - 2014-05-23 19:24 - 00000000 ____D () C:\Users\Computer\AppData\Local\Bluestacks
2014-05-23 18:59 - 2014-05-23 18:59 - 00000000 ____D () C:\Users\Computer\Downloads\gramblr
2014-05-23 18:53 - 2014-05-23 18:55 - 28516777 _____ () C:\Users\Computer\Downloads\gramblr.zip
2014-05-22 19:41 - 2014-05-22 19:46 - 00012881 _____ () C:\Users\Computer\Documents\Zusage der Kostenübernahme von Eltern.odt
2014-05-22 16:15 - 2014-05-22 16:15 - 10485760 _____ () C:\Users\Computer\Desktop\für Syavash.part2.rar
2014-05-22 16:15 - 2014-05-22 16:15 - 10485760 _____ () C:\Users\Computer\Desktop\für Syavash.part1.rar
2014-05-22 16:15 - 2014-05-22 16:15 - 07918941 _____ () C:\Users\Computer\Desktop\für Syavash.part3.rar
2014-05-22 15:50 - 2014-05-22 16:00 - 00000000 ____D () C:\Users\Computer\Desktop\für Syavash
2014-05-17 17:44 - 2014-05-17 17:46 - 34419752 _____ (DVDVideoSoft Ltd. ) C:\Users\Computer\Downloads\FreeYouTubeToMP3Converter.exe
2014-05-10 00:54 - 2014-05-10 00:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-06 23:36 - 2014-05-14 19:40 - 00000000 ____D () C:\Users\Computer\Desktop\zu drucken 2
2014-05-06 23:26 - 2014-05-06 23:26 - 02752854 _____ () C:\Users\Computer\Desktop\uni lageplan.bmp
2014-05-06 23:23 - 2014-05-06 23:24 - 03072054 _____ () C:\Users\Computer\Desktop\Neue Bitmap.bmp
2014-05-06 23:23 - 2014-05-06 23:23 - 03072054 _____ () C:\Users\Computer\Desktop\Neue Bitmap (3).bmp
2014-05-05 10:19 - 2014-05-05 10:19 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-05 10:19 - 2014-05-05 10:19 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-04 22:42 - 2014-05-04 23:16 - 106479872 _____ () C:\Users\Computer\Downloads\Kavi.part1.rar
2014-05-04 22:29 - 2014-05-04 22:31 - 31419822 _____ () C:\Users\Computer\Downloads\JDownloader.zip
2014-05-03 22:36 - 2014-05-03 22:49 - 00013614 _____ () C:\Users\Computer\Desktop\Metallica-Load.txt
2014-05-03 00:47 - 2014-05-03 00:49 - 31507478 _____ () C:\Users\Computer\Documents\Wie der Mc Donalds Konzern seine Mitarbeiter Behandelt_(360p).mp4
2014-05-03 00:00 - 2014-05-03 00:12 - 00014861 _____ () C:\Users\Computer\Desktop\Metallica-Metallica.txt
2014-05-02 17:35 - 2014-05-14 19:05 - 00006874 _____ () C:\Users\Computer\Documents\02.05.2014.m3u8
2014-04-30 10:54 - 2014-04-30 17:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-04-28 21:44 - 2014-04-28 21:51 - 00008661 _____ () C:\Users\Computer\Desktop\Metallica Kill ’Em All.txt
2014-04-27 15:38 - 2014-04-27 15:38 - 09664032 _____ (YoutubeDownloaderHD.com ) C:\Users\Computer\Downloads\youtube_downloader_hd_setup.exe
==================== One Month Modified Files and Folders =======
2014-05-25 21:31 - 2014-05-25 21:31 - 00015797 _____ () C:\Users\Computer\Downloads\FRST.txt
2014-05-25 21:31 - 2014-05-25 21:31 - 00000000 ____D () C:\FRST
2014-05-25 21:30 - 2014-05-25 21:30 - 02066944 _____ (Farbar) C:\Users\Computer\Downloads\FRST64.exe
2014-05-25 21:29 - 2014-01-10 19:06 - 01205135 _____ () C:\Windows\WindowsUpdate.log
2014-05-25 21:26 - 2014-05-25 21:18 - 129141360 _____ () C:\Users\Computer\Documents\Lügen in der Politik - Ich gebe Ihnen mein Ehrenwort _ ARD-Dokumentation_(360p).mp4
2014-05-25 21:24 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-25 21:24 - 2009-07-14 06:51 - 00072022 _____ () C:\Windows\setupact.log
2014-05-25 21:22 - 2014-01-11 12:14 - 00130182 _____ () C:\Windows\PFRO.log
2014-05-25 21:22 - 2009-07-14 06:45 - 00016080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-25 21:22 - 2009-07-14 06:45 - 00016080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-25 21:21 - 2014-05-25 14:35 - 00000000 ____D () C:\AdwCleaner
2014-05-25 21:17 - 2014-05-25 20:52 - 433812888 _____ () C:\Users\Computer\Documents\hart aber fair Handy an, Hirn aus - wie doof machen uns Apple und Co.__(480p).mp4
2014-05-25 21:17 - 2014-05-24 15:50 - 00000000 ____D () C:\Users\Computer\Desktop\Alte Firefox-Daten
2014-05-25 21:17 - 2014-02-05 12:45 - 00000000 ____D () C:\Users\Computer\AppData\Roaming\Youtube Downloader HD
2014-05-25 20:52 - 2014-05-25 20:42 - 124447560 _____ () C:\Users\Computer\Documents\Die KiK Story 2 - Neue Recherchen zum Textildiscounter_(360p).mp4
2014-05-25 20:43 - 2014-01-21 20:24 - 00000000 ____D () C:\Users\Computer\AppData\Local\Last.fm
2014-05-25 20:42 - 2014-05-25 19:49 - 768610915 _____ () C:\Users\Computer\Documents\Der Kampf der Kleinen_(480p).mp4
2014-05-25 20:39 - 2014-01-10 20:00 - 00000000 ____D () C:\Users\Computer\AppData\Roaming\Audacity
2014-05-25 20:36 - 2009-07-14 19:58 - 00654166 _____ () C:\Windows\system32\perfh007.dat
2014-05-25 20:36 - 2009-07-14 19:58 - 00130006 _____ () C:\Windows\system32\perfc007.dat
2014-05-25 20:36 - 2009-07-14 07:13 - 01498506 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-25 19:48 - 2014-05-25 19:48 - 03474636 _____ () C:\Users\Computer\Documents\Der Kampf der Kleinen_(360p).mp4
2014-05-25 19:48 - 2014-05-25 19:43 - 56076948 _____ () C:\Users\Computer\Documents\KiK-Ausbeute [ARD exclusiv] Teil 2_2_(360p).mp4
2014-05-25 19:43 - 2014-05-25 19:40 - 46510199 _____ () C:\Users\Computer\Documents\KiK-Ausbeute [ARD exclusiv] Teil 1_2_(360p).mp4
2014-05-25 19:26 - 2014-05-24 16:34 - 00004982 _____ () C:\Users\Computer\Documents\24.05.2014.m3u8
2014-05-25 17:54 - 2014-05-25 17:54 - 00000000 ____D () C:\Windows\system32\SPReview
2014-05-25 14:35 - 2014-05-25 14:35 - 01326389 _____ () C:\Users\Computer\Downloads\adwcleaner_3.210.exe
2014-05-25 14:28 - 2014-01-21 14:38 - 00000000 ____D () C:\Users\Computer\Documents\Planung
2014-05-24 15:47 - 2014-05-23 19:31 - 00000000 ____D () C:\ProgramData\WindowsProtectManger
2014-05-24 15:46 - 2014-01-18 14:16 - 00001416 _____ () C:\Users\Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-05-24 15:46 - 2014-01-10 19:56 - 00001170 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-24 15:46 - 2014-01-10 19:56 - 00001158 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-24 15:46 - 2014-01-10 19:46 - 00001450 _____ () C:\Users\Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-24 13:46 - 2014-02-04 20:33 - 00067737 _____ () C:\Users\Computer\Desktop\noch zu lesen2.odt
2014-05-24 13:23 - 2014-01-26 16:31 - 00000000 ____D () C:\Users\Computer\Desktop\wiki artikel für Kindle
2014-05-24 12:27 - 2014-05-24 12:27 - 00003194 _____ () C:\Windows\System32\Tasks\{EEC10F91-11D8-4131-908C-FC47C488B291}
2014-05-23 21:59 - 2014-02-21 14:14 - 00030304 _____ () C:\Users\Computer\Desktop\schon gelesen zu sortieren.odt
2014-05-23 21:41 - 2014-02-05 21:34 - 00000000 ____D () C:\Users\Computer\AppData\Roaming\vlc
2014-05-23 19:47 - 2014-05-23 19:47 - 00000000 ____D () C:\Users\Computer\AppData\Local\com
2014-05-23 19:39 - 2014-05-23 19:24 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-05-23 19:27 - 2014-05-23 19:27 - 00290760 _____ () C:\Users\Computer\Downloads\Player_Setup.exe
2014-05-23 19:25 - 2014-05-23 19:25 - 00001814 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk
2014-05-23 19:25 - 2014-05-23 19:25 - 00001787 _____ () C:\Users\Public\Desktop\Apps.lnk
2014-05-23 19:25 - 2014-05-23 19:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2014-05-23 19:25 - 2014-05-23 19:25 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-05-23 19:25 - 2014-05-23 19:25 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2014-05-23 19:25 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-05-23 19:24 - 2014-05-23 19:24 - 00000000 ____D () C:\Users\Computer\AppData\Local\Bluestacks
2014-05-23 18:59 - 2014-05-23 18:59 - 00000000 ____D () C:\Users\Computer\Downloads\gramblr
2014-05-23 18:55 - 2014-05-23 18:53 - 28516777 _____ () C:\Users\Computer\Downloads\gramblr.zip
2014-05-22 19:46 - 2014-05-22 19:41 - 00012881 _____ () C:\Users\Computer\Documents\Zusage der Kostenübernahme von Eltern.odt
2014-05-22 16:15 - 2014-05-22 16:15 - 10485760 _____ () C:\Users\Computer\Desktop\für Syavash.part2.rar
2014-05-22 16:15 - 2014-05-22 16:15 - 10485760 _____ () C:\Users\Computer\Desktop\für Syavash.part1.rar
2014-05-22 16:15 - 2014-05-22 16:15 - 07918941 _____ () C:\Users\Computer\Desktop\für Syavash.part3.rar
2014-05-22 16:00 - 2014-05-22 15:50 - 00000000 ____D () C:\Users\Computer\Desktop\für Syavash
2014-05-22 15:42 - 2014-02-09 16:11 - 00000000 ____D () C:\Users\Computer\Desktop\M
2014-05-17 17:51 - 2014-01-21 17:49 - 00001543 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-05-17 17:51 - 2014-01-21 17:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-05-17 17:51 - 2014-01-21 17:48 - 00000000 ____D () C:\Users\Computer\AppData\Roaming\DVDVideoSoft
2014-05-17 17:51 - 2014-01-21 17:48 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-05-17 17:46 - 2014-05-17 17:44 - 34419752 _____ (DVDVideoSoft Ltd. ) C:\Users\Computer\Downloads\FreeYouTubeToMP3Converter.exe
2014-05-15 20:12 - 2014-01-17 03:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 20:09 - 2014-01-17 03:06 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 18:10 - 2014-01-10 20:49 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-15 18:10 - 2014-01-10 20:49 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-15 18:10 - 2014-01-10 20:49 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-14 19:40 - 2014-05-06 23:36 - 00000000 ____D () C:\Users\Computer\Desktop\zu drucken 2
2014-05-14 19:05 - 2014-05-02 17:35 - 00006874 _____ () C:\Users\Computer\Documents\02.05.2014.m3u8
2014-05-13 19:16 - 2014-03-07 23:55 - 00000000 ____D () C:\Users\Computer\AppData\Roaming\dvdcss
2014-05-13 10:19 - 2014-01-10 20:49 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-05-10 15:30 - 2014-01-10 19:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-10 00:54 - 2014-05-10 00:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-07 08:32 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-06 23:26 - 2014-05-06 23:26 - 02752854 _____ () C:\Users\Computer\Desktop\uni lageplan.bmp
2014-05-06 23:24 - 2014-05-06 23:23 - 03072054 _____ () C:\Users\Computer\Desktop\Neue Bitmap.bmp
2014-05-06 23:23 - 2014-05-06 23:23 - 03072054 _____ () C:\Users\Computer\Desktop\Neue Bitmap (3).bmp
2014-05-05 10:19 - 2014-05-05 10:19 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-05 10:19 - 2014-05-05 10:19 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-05 10:19 - 2014-01-10 20:50 - 00001973 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-05-05 10:19 - 2014-01-10 20:49 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1400170257058
2014-05-05 10:19 - 2014-01-10 20:49 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1400170257058
2014-05-05 10:19 - 2014-01-10 20:49 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-05-05 10:19 - 2014-01-10 20:49 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-05-05 10:19 - 2014-01-10 20:49 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-05-05 10:19 - 2014-01-10 20:49 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-05-05 10:19 - 2014-01-10 20:49 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-05-05 09:38 - 2014-01-16 21:37 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-05 09:38 - 2014-01-16 21:37 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-04 23:16 - 2014-05-04 22:42 - 106479872 _____ () C:\Users\Computer\Downloads\Kavi.part1.rar
2014-05-04 22:31 - 2014-05-04 22:29 - 31419822 _____ () C:\Users\Computer\Downloads\JDownloader.zip
2014-05-03 22:49 - 2014-05-03 22:36 - 00013614 _____ () C:\Users\Computer\Desktop\Metallica-Load.txt
2014-05-03 00:49 - 2014-05-03 00:47 - 31507478 _____ () C:\Users\Computer\Documents\Wie der Mc Donalds Konzern seine Mitarbeiter Behandelt_(360p).mp4
2014-05-03 00:12 - 2014-05-03 00:00 - 00014861 _____ () C:\Users\Computer\Desktop\Metallica-Metallica.txt
2014-04-30 20:14 - 2014-01-25 13:44 - 00006786 _____ () C:\Users\Computer\Documents\25.01.2014.m3u8
2014-04-30 17:59 - 2014-04-30 10:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-04-30 17:59 - 2014-03-19 19:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird.bak
2014-04-28 21:51 - 2014-04-28 21:44 - 00008661 _____ () C:\Users\Computer\Desktop\Metallica Kill ’Em All.txt
2014-04-27 15:42 - 2014-02-05 12:45 - 00001164 _____ () C:\Users\Computer\Desktop\Youtube Downloader HD.lnk
2014-04-27 15:42 - 2014-02-05 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Youtube Downloader HD
2014-04-27 15:42 - 2014-02-05 12:45 - 00000000 ____D () C:\Program Files (x86)\Youtube Downloader HD
2014-04-27 15:40 - 2014-03-18 13:57 - 00012535 _____ () C:\Users\Computer\Documents\18.03.2014.m3u8
2014-04-27 15:38 - 2014-04-27 15:38 - 09664032 _____ (YoutubeDownloaderHD.com ) C:\Users\Computer\Downloads\youtube_downloader_hd_setup.exe
Some content of TEMP:
====================
C:\Users\Computer\AppData\Local\Temp\BlueStacks089-SplitInstaller_native.exe
C:\Users\Computer\AppData\Local\Temp\KUIU.EXE
C:\Users\Computer\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Computer\AppData\Local\Temp\Quarantine.exe
C:\Users\Computer\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Computer\AppData\Local\Temp\sdapskill.exe
C:\Users\Computer\AppData\Local\Temp\sdaspwn.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2010-12-08 12:36
==================== End Of Log ============================
|
|
26.05.2014, 19:27
| #4 |
| /// the machine /// TB-Ausbilder | Nach websearches Befall, was in AdwCleaner löschen? Addition.txt fehlt noch 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
26.05.2014, 20:40
| #5 | |
| | Nach websearches Befall, was in AdwCleaner löschen? Addition.txt: Zitat:
|
|
27.05.2014, 18:15
| #6 |
| /// the machine /// TB-Ausbilder | Nach websearches Befall, was in AdwCleaner löschen? Downloade Dir bitte  Malwarebytes Anti-Malware
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Nach websearches Befall, was in AdwCleaner löschen? |
|
05.06.2014, 20:43
| #7 | ||
| | Nach websearches Befall, was in AdwCleaner löschen? Tut mir leid, dass ich mich erst jetzt melde, ich hatte beruflich viel um die Ohren (inkl. Wochenend-& Feiertagsdienst) erstmal, nach dem ich alles im AdwCleaner gelöscht hatte erhalte ich bei jedem Systemstart folgende Meldung auf den Desktop:  mbam.txt: Zitat:
Zitat:
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by Computer (administrator) on COMPUTER-TOSH on 05-06-2014 21:32:34
Running from C:\Users\Computer\Downloads
Platform: Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
() C:\Users\Computer\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Microsoft Corporation) C:\Windows\System32\mspaint.exe
() C:\Program Files (x86)\Youtube Downloader HD\YouTubeDownloaderHD.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Thisisu) C:\Users\Computer\Downloads\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(VideoLAN) C:\Program Files\VideoLAN\VLC\vlc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1489760 2010-03-17] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050072 2010-05-11] (Toshiba Europe GmbH)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288088 2009-11-11] (Microsoft Corporation)
HKLM-x32\...\Run: [NBAgent] => c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1234216 2010-09-02] (Nero AG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-05] (AVAST Software)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [832272 2014-05-01] (BlueStack Systems, Inc.)
HKU\.DEFAULT\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
HKU\S-1-5-21-2560161592-3816387559-2359114276-1000\...\Run: [Amazon Cloud Player] => C:\Users\Computer\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3168576 2014-03-07] ()
HKU\S-1-5-21-2560161592-3816387559-2359114276-1000\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
HKU\S-1-5-21-2560161592-3816387559-2359114276-1000\...\Run: [UsowoLqera] => regsvr32.exe "C:\ProgramData\UsowoLqera.dat"
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {06E96EFE-8043-459D-925B-B4D5B82A2743} URL = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
SearchScopes: HKCU - {4DCB657A-6192-491C-B068-4554A7124208} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\6hvqdrtx.default-1401045432870
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*'))%20%7B%20return%20'PROXY%20nq-us08.personalitycores.com%3A8000%3B%20PROXY%20nq-us07.personalitycores.com%3A8000%3B%20PROXY%20nq-us11.personalitycores.com%3A8000%3B%20PROXY%20nq-us04.personalitycores.com%3A8000%3B%20PROXY%20nq-us05.personalitycores.com%3A8000%3B%20PROXY%20nq-us06.personalitycores.com%3A8000%3B%20PROXY%20nq-us09.personalitycores.com%3A8000%3B%20PROXY%20nq-us10.personalitycores.com%3A8000%3B%20PROXY%20nq-us12.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\6hvqdrtx.default-1401045432870\searchplugins\youtube-videosuche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: YouTube Unblocker - C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\6hvqdrtx.default-1401045432870\Extensions\youtubeunblocker@unblocker.yt [2014-06-02]
FF Extension: ProxMate - Proxy on steroids! - C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\6hvqdrtx.default-1401045432870\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2014-05-26]
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-10]
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-05] (AVAST Software)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-05-01] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-05-01] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [774928 2014-05-01] (BlueStack Systems, Inc.)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-05-11] (Toshiba Europe GmbH)
==================== Drivers (Whitelisted) ====================
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-05] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-05] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-05] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-05] ()
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [123152 2014-05-01] (BlueStack Systems)
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-05 21:32 - 2014-06-05 21:32 - 00000000 ____D () C:\Users\Computer\Downloads\FRST-OlderVersion
2014-06-05 21:31 - 2014-06-05 21:31 - 00000777 _____ () C:\Users\Computer\Desktop\JRT.txt
2014-06-05 21:26 - 2014-06-05 21:26 - 02972033 _____ () C:\Users\Computer\Documents\JBG2 Tour DVD [8_8]_(360p).mp4
2014-06-05 21:22 - 2014-06-05 21:25 - 62399917 _____ () C:\Users\Computer\Documents\JBG2 Tour DVD [7_8]_(360p).mp4
2014-06-05 21:19 - 2014-06-05 21:19 - 00000000 ____D () C:\Windows\ERUNT
2014-06-05 21:18 - 2014-06-05 21:21 - 66858058 _____ () C:\Users\Computer\Documents\JBG2 Tour DVD [6_8]_(360p).mp4
2014-06-05 21:11 - 2014-06-05 21:18 - 65750430 _____ () C:\Users\Computer\Documents\JBG2 Tour DVD [5_8]_(360p).mp4
2014-06-05 20:59 - 2014-06-05 20:59 - 01016261 _____ (Thisisu) C:\Users\Computer\Downloads\JRT.exe
2014-06-05 20:55 - 2014-06-05 20:59 - 62012422 _____ () C:\Users\Computer\Documents\JBG2 Tour DVD [4_8]_(360p).mp4
2014-06-05 20:46 - 2014-06-05 20:54 - 71286219 _____ () C:\Users\Computer\Documents\JBG2 Tour DVD [3_8]_(360p).mp4
2014-06-05 20:41 - 2014-06-05 20:44 - 42394797 _____ () C:\Users\Computer\Documents\NWA - Deleted Scenes_(480p).mp4
2014-06-05 20:29 - 2014-06-05 20:40 - 115568286 _____ () C:\Users\Computer\Documents\Shindy - NWA DVD pt. 2_(480p).mp4
2014-06-05 20:24 - 2014-06-05 20:24 - 00002200 _____ () C:\Users\Computer\Desktop\mbam.txt
2014-06-05 20:15 - 2014-06-05 20:28 - 116095089 _____ () C:\Users\Computer\Documents\Shindy - NWA DVD pt. 1_(480p).mp4
2014-06-05 20:00 - 2014-06-05 20:07 - 61035378 _____ () C:\Users\Computer\Documents\JBG2 Tour DVD [1_8]_(360p).mp4
2014-06-05 19:58 - 2014-06-05 19:59 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-05 19:58 - 2014-06-05 19:58 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-05 19:58 - 2014-06-05 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-05 19:58 - 2014-06-05 19:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-05 19:58 - 2014-06-05 19:58 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-06-05 19:58 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-05 19:58 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-05 19:58 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-05 19:55 - 2014-06-05 19:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Computer\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-05 18:19 - 2014-06-05 18:19 - 00000000 ____D () C:\Windows\system32\SPReview
2014-06-02 22:37 - 2014-06-02 22:54 - 18475736 _____ () C:\Users\Computer\Documents\Kollegah King DVD [5_5] - Anekdoten zu Regen 2, Openair Frauenfeld 2, Abschluss_(360p).mp4
2014-06-02 22:34 - 2014-06-02 22:37 - 43375205 _____ () C:\Users\Computer\Documents\Kollegah King DVD [4_5] - Budva, Vojvoda Vuk, Drogenkonsum, Anekdoten zu Regen_(360p).mp4
2014-06-02 22:19 - 2014-06-02 22:27 - 56244361 _____ () C:\Users\Computer\Documents\Kollegah King DVD [3_5] - Doubletime, Urlaub, Kollegha, Beine beanspruchen_(360p).mp4
2014-06-02 22:13 - 2014-06-02 22:18 - 53775617 _____ () C:\Users\Computer\Documents\Kollegah King DVD [2_5] - Openair Frauenfeld, Montenegro, Studio-Session, Foto-Shooting_(360p).mp4
2014-06-02 21:41 - 2014-06-02 22:12 - 363564030 _____ () C:\Users\Computer\Documents\Disco MMA DVD_(480p).mp4
2014-06-02 21:30 - 2014-06-02 21:38 - 56948003 _____ () C:\Users\Computer\Documents\Kollegah King DVD [1_5] - Fragen, Barcelona, Schloss, Studio, Farid Bang_(360p).mp4
2014-05-29 23:13 - 2014-05-29 23:21 - 173525581 _____ () C:\Users\Computer\Documents\Die Getriebenen - Politik bis zur Schmerzgrenze - ZDF Dokumentation - 20.09.2013_(480p).mp4
2014-05-29 22:56 - 2014-05-29 23:12 - 324496940 _____ () C:\Users\Computer\Documents\Pussy Riot - Ein russischer Skandal_(480p).mp4
2014-05-28 18:24 - 2014-05-29 22:55 - 228077703 _____ () C:\Users\Computer\Documents\Die Story im Ersten_ Sex - Made in Germany_ Prostitution und ihre Profiteure_(480p).mp4
2014-05-28 18:14 - 2014-05-28 18:23 - 00210540 _____ () C:\Users\Computer\Documents\Klartext spezial_ Streit um Asylbewerber_(360p).mp4
2014-05-28 18:01 - 2014-05-28 18:13 - 247472284 _____ () C:\Users\Computer\Documents\Schlachtfeld Politik - Die finstere Seite der Macht (Doku)_(480p).mp4
2014-05-28 17:51 - 2014-05-28 18:01 - 00950892 _____ () C:\Users\Computer\Documents\Wie billig kann Bio sein_ ARD Reportage Exklusiv im Ersten (2012)_(360p).mp4
2014-05-28 17:38 - 2014-05-28 17:50 - 225443263 _____ () C:\Users\Computer\Documents\Facebook - Milliardengeschäft Freundschaft _ Die Story im Ersten _ DAS ERSTE _ NDR _ ARD_(480p).mp4
2014-05-28 17:25 - 2014-05-28 17:38 - 179701788 _____ () C:\Users\Computer\Documents\Deutschlands neue Slums - Das Geschäft mit den Armutseinwanderern _ EXCLUSIV IM ERSTEN _ ARD_(480p).mp4
2014-05-28 17:12 - 2014-05-28 17:23 - 114524040 _____ () C:\Users\Computer\Documents\Lobbyisten.in.der.Politik.ARD.Exclusiv.Die_Einfluesterer_12.09_(360p).mp4
2014-05-28 16:49 - 2014-05-28 17:11 - 156076220 _____ () C:\Users\Computer\Documents\Die story - Wir sind drin! - Die neuen Tricks der Lobbyisten_(360p).mp4
2014-05-28 16:35 - 2014-05-28 16:48 - 175141740 _____ () C:\Users\Computer\Documents\Über Merkel - Politik als Kompromiss_(360p).mp4
2014-05-28 16:27 - 2014-05-28 16:32 - 108406679 _____ () C:\Users\Computer\Documents\Die Einflüsterer - Wie Geld Politik macht (Doku)_(360p).mp4
2014-05-28 16:14 - 2014-05-28 16:27 - 129870401 _____ () C:\Users\Computer\Documents\Die Story im Ersten_ Du schaffst das!_(360p).mp4
2014-05-28 15:39 - 2014-05-28 16:12 - 243450891 _____ () C:\Users\Computer\Documents\Gysi und die Stasi - Ein Politiker im Zwielicht (Doku)_(480p).mp4
2014-05-26 22:13 - 2013-09-18 17:03 - 00377153 _____ () C:\Users\Computer\Downloads\proxmate_unblock_the_internet-2.3.3-fx.xpi
2014-05-26 22:12 - 2014-05-26 22:12 - 00359040 _____ () C:\Users\Computer\Downloads\proxmate_unblock_the_internet-2.3.3-fx.xpi.zip
2014-05-26 22:11 - 2014-05-26 22:21 - 149601442 _____ () C:\Users\Computer\Documents\Al-Gear WMA DVD [4_5]_(720p).mp4
2014-05-26 22:07 - 2014-05-26 22:11 - 63563803 _____ () C:\Users\Computer\Documents\Al-Gear WMA DVD [3_5]_(720p).mp4
2014-05-26 21:57 - 2014-05-26 22:06 - 101403368 _____ () C:\Users\Computer\Documents\Al-Gear WMA DVD [2_5]_(720p).mp4
2014-05-26 21:47 - 2014-05-26 21:56 - 109448303 _____ () C:\Users\Computer\Documents\Al-Gear WMA DVD [1_5]_(720p).mp4
2014-05-26 06:02 - 2014-05-26 06:09 - 120517619 _____ () C:\Users\Computer\Documents\- Die Akte Gysi -_(360p).mp4
2014-05-26 05:49 - 2014-05-26 06:01 - 165155406 _____ () C:\Users\Computer\Documents\Wie weit links_ 150 Jahre SPD - Dokumentation_Doku über die SPD_(360p).mp4
2014-05-25 21:32 - 2014-05-25 21:33 - 00036526 _____ () C:\Users\Computer\Downloads\Addition.txt
2014-05-25 21:31 - 2014-06-05 21:32 - 00019660 _____ () C:\Users\Computer\Downloads\FRST.txt
2014-05-25 21:31 - 2014-06-05 21:32 - 00000000 ____D () C:\FRST
2014-05-25 21:30 - 2014-06-05 21:32 - 02068992 _____ (Farbar) C:\Users\Computer\Downloads\FRST64.exe
2014-05-25 14:35 - 2014-05-25 21:21 - 00000000 ____D () C:\AdwCleaner
2014-05-25 14:35 - 2014-05-25 14:35 - 01326389 _____ () C:\Users\Computer\Downloads\adwcleaner_3.210.exe
2014-05-24 16:34 - 2014-05-25 19:26 - 00004982 _____ () C:\Users\Computer\Documents\24.05.2014.m3u8
2014-05-24 15:50 - 2014-05-25 21:17 - 00000000 ____D () C:\Users\Computer\Desktop\Alte Firefox-Daten
2014-05-24 12:27 - 2014-05-24 12:27 - 00003194 _____ () C:\Windows\System32\Tasks\{EEC10F91-11D8-4131-908C-FC47C488B291}
2014-05-23 19:47 - 2014-05-23 19:47 - 00000000 ____D () C:\Users\Computer\AppData\Local\com
2014-05-23 19:31 - 2014-05-24 15:47 - 00000000 ____D () C:\ProgramData\WindowsProtectManger
2014-05-23 19:25 - 2014-05-23 19:25 - 00001814 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk
2014-05-23 19:25 - 2014-05-23 19:25 - 00001787 _____ () C:\Users\Public\Desktop\Apps.lnk
2014-05-23 19:25 - 2014-05-23 19:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2014-05-23 19:25 - 2014-05-23 19:25 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-05-23 19:25 - 2014-05-23 19:25 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2014-05-23 19:24 - 2014-05-23 19:39 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-05-23 19:24 - 2014-05-23 19:24 - 00000000 ____D () C:\Users\Computer\AppData\Local\Bluestacks
2014-05-23 18:59 - 2014-05-23 18:59 - 00000000 ____D () C:\Users\Computer\Downloads\gramblr
2014-05-23 18:53 - 2014-05-23 18:55 - 28516777 _____ () C:\Users\Computer\Downloads\gramblr.zip
2014-05-22 19:41 - 2014-05-22 19:46 - 00012881 _____ () C:\Users\Computer\Documents\Zusage der Kostenübernahme von Eltern.odt
2014-05-22 16:15 - 2014-05-22 16:15 - 10485760 _____ () C:\Users\Computer\Desktop\für Syavash.part2.rar
2014-05-22 16:15 - 2014-05-22 16:15 - 10485760 _____ () C:\Users\Computer\Desktop\für Syavash.part1.rar
2014-05-22 16:15 - 2014-05-22 16:15 - 07918941 _____ () C:\Users\Computer\Desktop\für Syavash.part3.rar
2014-05-22 15:50 - 2014-05-22 16:00 - 00000000 ____D () C:\Users\Computer\Desktop\für Syavash
2014-05-17 17:44 - 2014-05-17 17:46 - 34419752 _____ (DVDVideoSoft Ltd. ) C:\Users\Computer\Downloads\FreeYouTubeToMP3Converter.exe
2014-05-10 00:54 - 2014-05-10 00:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-06 23:36 - 2014-05-14 19:40 - 00000000 ____D () C:\Users\Computer\Desktop\zu drucken 2
2014-05-06 23:26 - 2014-05-06 23:26 - 02752854 _____ () C:\Users\Computer\Desktop\uni lageplan.bmp
2014-05-06 23:23 - 2014-05-06 23:24 - 03072054 _____ () C:\Users\Computer\Desktop\Neue Bitmap.bmp
2014-05-06 23:23 - 2014-05-06 23:23 - 03072054 _____ () C:\Users\Computer\Desktop\Neue Bitmap (3).bmp
==================== One Month Modified Files and Folders =======
2014-06-05 21:32 - 2014-06-05 21:32 - 00000000 ____D () C:\Users\Computer\Downloads\FRST-OlderVersion
2014-06-05 21:32 - 2014-05-25 21:31 - 00019660 _____ () C:\Users\Computer\Downloads\FRST.txt
2014-06-05 21:32 - 2014-05-25 21:31 - 00000000 ____D () C:\FRST
2014-06-05 21:32 - 2014-05-25 21:30 - 02068992 _____ (Farbar) C:\Users\Computer\Downloads\FRST64.exe
2014-06-05 21:32 - 2014-01-10 19:41 - 00000000 ____D () C:\Users\Computer\AppData\Local\Temp
2014-06-05 21:31 - 2014-06-05 21:31 - 00000777 _____ () C:\Users\Computer\Desktop\JRT.txt
2014-06-05 21:26 - 2014-06-05 21:26 - 02972033 _____ () C:\Users\Computer\Documents\JBG2 Tour DVD [8_8]_(360p).mp4
2014-06-05 21:25 - 2014-06-05 21:22 - 62399917 _____ () C:\Users\Computer\Documents\JBG2 Tour DVD [7_8]_(360p).mp4
2014-06-05 21:21 - 2014-06-05 21:18 - 66858058 _____ () C:\Users\Computer\Documents\JBG2 Tour DVD [6_8]_(360p).mp4
2014-06-05 21:19 - 2014-06-05 21:19 - 00000000 ____D () C:\Windows\ERUNT
2014-06-05 21:18 - 2014-06-05 21:11 - 65750430 _____ () C:\Users\Computer\Documents\JBG2 Tour DVD [5_8]_(360p).mp4
2014-06-05 21:18 - 2014-02-05 12:45 - 00000000 ____D () C:\Users\Computer\AppData\Roaming\Youtube Downloader HD
2014-06-05 21:08 - 2009-07-14 06:45 - 00016080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-05 21:08 - 2009-07-14 06:45 - 00016080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-05 21:01 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-05 21:01 - 2009-07-14 06:51 - 00073982 _____ () C:\Windows\setupact.log
2014-06-05 21:00 - 2014-01-11 12:14 - 00131858 _____ () C:\Windows\PFRO.log
2014-06-05 21:00 - 2014-01-10 19:06 - 01770881 _____ () C:\Windows\WindowsUpdate.log
2014-06-05 21:00 - 2009-07-14 20:18 - 00000000 ____D () C:\Windows\ShellNew
2014-06-05 20:59 - 2014-06-05 20:59 - 01016261 _____ (Thisisu) C:\Users\Computer\Downloads\JRT.exe
2014-06-05 20:59 - 2014-06-05 20:55 - 62012422 _____ () C:\Users\Computer\Documents\JBG2 Tour DVD [4_8]_(360p).mp4
2014-06-05 20:54 - 2014-06-05 20:46 - 71286219 _____ () C:\Users\Computer\Documents\JBG2 Tour DVD [3_8]_(360p).mp4
2014-06-05 20:44 - 2014-06-05 20:41 - 42394797 _____ () C:\Users\Computer\Documents\NWA - Deleted Scenes_(480p).mp4
2014-06-05 20:40 - 2014-06-05 20:29 - 115568286 _____ () C:\Users\Computer\Documents\Shindy - NWA DVD pt. 2_(480p).mp4
2014-06-05 20:28 - 2014-06-05 20:15 - 116095089 _____ () C:\Users\Computer\Documents\Shindy - NWA DVD pt. 1_(480p).mp4
2014-06-05 20:24 - 2014-06-05 20:24 - 00002200 _____ () C:\Users\Computer\Desktop\mbam.txt
2014-06-05 20:07 - 2014-06-05 20:00 - 61035378 _____ () C:\Users\Computer\Documents\JBG2 Tour DVD [1_8]_(360p).mp4
2014-06-05 19:59 - 2014-06-05 19:58 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-05 19:58 - 2014-06-05 19:58 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-05 19:58 - 2014-06-05 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-05 19:58 - 2014-06-05 19:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-05 19:58 - 2014-06-05 19:58 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-06-05 19:56 - 2014-06-05 19:55 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Computer\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-05 18:19 - 2014-06-05 18:19 - 00000000 ____D () C:\Windows\system32\SPReview
2014-06-05 17:24 - 2014-02-05 21:34 - 00000000 ____D () C:\Users\Computer\AppData\Roaming\vlc
2014-06-04 20:38 - 2009-07-14 19:58 - 00654166 _____ () C:\Windows\system32\perfh007.dat
2014-06-04 20:38 - 2009-07-14 19:58 - 00130006 _____ () C:\Windows\system32\perfc007.dat
2014-06-04 20:38 - 2009-07-14 07:13 - 01498506 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-02 23:06 - 2014-01-21 20:24 - 00000000 ____D () C:\Users\Computer\AppData\Local\Last.fm
2014-06-02 22:54 - 2014-06-02 22:37 - 18475736 _____ () C:\Users\Computer\Documents\Kollegah King DVD [5_5] - Anekdoten zu Regen 2, Openair Frauenfeld 2, Abschluss_(360p).mp4
2014-06-02 22:37 - 2014-06-02 22:34 - 43375205 _____ () C:\Users\Computer\Documents\Kollegah King DVD [4_5] - Budva, Vojvoda Vuk, Drogenkonsum, Anekdoten zu Regen_(360p).mp4
2014-06-02 22:27 - 2014-06-02 22:19 - 56244361 _____ () C:\Users\Computer\Documents\Kollegah King DVD [3_5] - Doubletime, Urlaub, Kollegha, Beine beanspruchen_(360p).mp4
2014-06-02 22:18 - 2014-06-02 22:13 - 53775617 _____ () C:\Users\Computer\Documents\Kollegah King DVD [2_5] - Openair Frauenfeld, Montenegro, Studio-Session, Foto-Shooting_(360p).mp4
2014-06-02 22:12 - 2014-06-02 21:41 - 363564030 _____ () C:\Users\Computer\Documents\Disco MMA DVD_(480p).mp4
2014-06-02 21:38 - 2014-06-02 21:30 - 56948003 _____ () C:\Users\Computer\Documents\Kollegah King DVD [1_5] - Fragen, Barcelona, Schloss, Studio, Farid Bang_(360p).mp4
2014-06-02 20:47 - 2014-01-10 20:00 - 00000000 ____D () C:\Users\Computer\AppData\Roaming\Audacity
2014-06-02 18:09 - 2014-02-09 16:11 - 00000000 ____D () C:\Users\Computer\Desktop\M
2014-05-29 23:28 - 2014-02-04 20:33 - 00068088 _____ () C:\Users\Computer\Desktop\noch zu lesen2.odt
2014-05-29 23:21 - 2014-05-29 23:13 - 173525581 _____ () C:\Users\Computer\Documents\Die Getriebenen - Politik bis zur Schmerzgrenze - ZDF Dokumentation - 20.09.2013_(480p).mp4
2014-05-29 23:12 - 2014-05-29 22:56 - 324496940 _____ () C:\Users\Computer\Documents\Pussy Riot - Ein russischer Skandal_(480p).mp4
2014-05-29 22:55 - 2014-05-28 18:24 - 228077703 _____ () C:\Users\Computer\Documents\Die Story im Ersten_ Sex - Made in Germany_ Prostitution und ihre Profiteure_(480p).mp4
2014-05-28 18:23 - 2014-05-28 18:14 - 00210540 _____ () C:\Users\Computer\Documents\Klartext spezial_ Streit um Asylbewerber_(360p).mp4
2014-05-28 18:13 - 2014-05-28 18:01 - 247472284 _____ () C:\Users\Computer\Documents\Schlachtfeld Politik - Die finstere Seite der Macht (Doku)_(480p).mp4
2014-05-28 18:01 - 2014-05-28 17:51 - 00950892 _____ () C:\Users\Computer\Documents\Wie billig kann Bio sein_ ARD Reportage Exklusiv im Ersten (2012)_(360p).mp4
2014-05-28 17:50 - 2014-05-28 17:38 - 225443263 _____ () C:\Users\Computer\Documents\Facebook - Milliardengeschäft Freundschaft _ Die Story im Ersten _ DAS ERSTE _ NDR _ ARD_(480p).mp4
2014-05-28 17:38 - 2014-05-28 17:25 - 179701788 _____ () C:\Users\Computer\Documents\Deutschlands neue Slums - Das Geschäft mit den Armutseinwanderern _ EXCLUSIV IM ERSTEN _ ARD_(480p).mp4
2014-05-28 17:23 - 2014-05-28 17:12 - 114524040 _____ () C:\Users\Computer\Documents\Lobbyisten.in.der.Politik.ARD.Exclusiv.Die_Einfluesterer_12.09_(360p).mp4
2014-05-28 17:11 - 2014-05-28 16:49 - 156076220 _____ () C:\Users\Computer\Documents\Die story - Wir sind drin! - Die neuen Tricks der Lobbyisten_(360p).mp4
2014-05-28 17:00 - 2014-01-21 14:38 - 00000000 ____D () C:\Users\Computer\Documents\Planung
2014-05-28 16:48 - 2014-05-28 16:35 - 175141740 _____ () C:\Users\Computer\Documents\Über Merkel - Politik als Kompromiss_(360p).mp4
2014-05-28 16:32 - 2014-05-28 16:27 - 108406679 _____ () C:\Users\Computer\Documents\Die Einflüsterer - Wie Geld Politik macht (Doku)_(360p).mp4
2014-05-28 16:27 - 2014-05-28 16:14 - 129870401 _____ () C:\Users\Computer\Documents\Die Story im Ersten_ Du schaffst das!_(360p).mp4
2014-05-28 16:12 - 2014-05-28 15:39 - 243450891 _____ () C:\Users\Computer\Documents\Gysi und die Stasi - Ein Politiker im Zwielicht (Doku)_(480p).mp4
2014-05-27 06:10 - 2014-01-16 21:37 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-27 06:10 - 2014-01-16 21:37 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-26 22:21 - 2014-05-26 22:11 - 149601442 _____ () C:\Users\Computer\Documents\Al-Gear WMA DVD [4_5]_(720p).mp4
2014-05-26 22:12 - 2014-05-26 22:12 - 00359040 _____ () C:\Users\Computer\Downloads\proxmate_unblock_the_internet-2.3.3-fx.xpi.zip
2014-05-26 22:11 - 2014-05-26 22:07 - 63563803 _____ () C:\Users\Computer\Documents\Al-Gear WMA DVD [3_5]_(720p).mp4
2014-05-26 22:06 - 2014-05-26 21:57 - 101403368 _____ () C:\Users\Computer\Documents\Al-Gear WMA DVD [2_5]_(720p).mp4
2014-05-26 21:56 - 2014-05-26 21:47 - 109448303 _____ () C:\Users\Computer\Documents\Al-Gear WMA DVD [1_5]_(720p).mp4
2014-05-26 06:09 - 2014-05-26 06:02 - 120517619 _____ () C:\Users\Computer\Documents\- Die Akte Gysi -_(360p).mp4
2014-05-26 06:01 - 2014-05-26 05:49 - 165155406 _____ () C:\Users\Computer\Documents\Wie weit links_ 150 Jahre SPD - Dokumentation_Doku über die SPD_(360p).mp4
2014-05-25 21:33 - 2014-05-25 21:32 - 00036526 _____ () C:\Users\Computer\Downloads\Addition.txt
2014-05-25 21:21 - 2014-05-25 14:35 - 00000000 ____D () C:\AdwCleaner
2014-05-25 21:17 - 2014-05-24 15:50 - 00000000 ____D () C:\Users\Computer\Desktop\Alte Firefox-Daten
2014-05-25 19:26 - 2014-05-24 16:34 - 00004982 _____ () C:\Users\Computer\Documents\24.05.2014.m3u8
2014-05-25 14:35 - 2014-05-25 14:35 - 01326389 _____ () C:\Users\Computer\Downloads\adwcleaner_3.210.exe
2014-05-24 15:47 - 2014-05-23 19:31 - 00000000 ____D () C:\ProgramData\WindowsProtectManger
2014-05-24 15:46 - 2014-01-18 14:16 - 00001416 _____ () C:\Users\Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-05-24 15:46 - 2014-01-10 19:56 - 00001170 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-24 15:46 - 2014-01-10 19:56 - 00001158 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-24 15:46 - 2014-01-10 19:46 - 00001450 _____ () C:\Users\Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-24 13:23 - 2014-01-26 16:31 - 00000000 ____D () C:\Users\Computer\Desktop\wiki artikel für Kindle
2014-05-24 12:27 - 2014-05-24 12:27 - 00003194 _____ () C:\Windows\System32\Tasks\{EEC10F91-11D8-4131-908C-FC47C488B291}
2014-05-23 21:59 - 2014-02-21 14:14 - 00030304 _____ () C:\Users\Computer\Desktop\schon gelesen zu sortieren.odt
2014-05-23 19:47 - 2014-05-23 19:47 - 00000000 ____D () C:\Users\Computer\AppData\Local\com
2014-05-23 19:39 - 2014-05-23 19:24 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-05-23 19:25 - 2014-05-23 19:25 - 00001814 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk
2014-05-23 19:25 - 2014-05-23 19:25 - 00001787 _____ () C:\Users\Public\Desktop\Apps.lnk
2014-05-23 19:25 - 2014-05-23 19:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2014-05-23 19:25 - 2014-05-23 19:25 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-05-23 19:25 - 2014-05-23 19:25 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2014-05-23 19:25 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-05-23 19:24 - 2014-05-23 19:24 - 00000000 ____D () C:\Users\Computer\AppData\Local\Bluestacks
2014-05-23 18:59 - 2014-05-23 18:59 - 00000000 ____D () C:\Users\Computer\Downloads\gramblr
2014-05-23 18:55 - 2014-05-23 18:53 - 28516777 _____ () C:\Users\Computer\Downloads\gramblr.zip
2014-05-22 19:46 - 2014-05-22 19:41 - 00012881 _____ () C:\Users\Computer\Documents\Zusage der Kostenübernahme von Eltern.odt
2014-05-22 16:15 - 2014-05-22 16:15 - 10485760 _____ () C:\Users\Computer\Desktop\für Syavash.part2.rar
2014-05-22 16:15 - 2014-05-22 16:15 - 10485760 _____ () C:\Users\Computer\Desktop\für Syavash.part1.rar
2014-05-22 16:15 - 2014-05-22 16:15 - 07918941 _____ () C:\Users\Computer\Desktop\für Syavash.part3.rar
2014-05-22 16:00 - 2014-05-22 15:50 - 00000000 ____D () C:\Users\Computer\Desktop\für Syavash
2014-05-17 17:51 - 2014-01-21 17:49 - 00001543 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-05-17 17:51 - 2014-01-21 17:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-05-17 17:51 - 2014-01-21 17:48 - 00000000 ____D () C:\Users\Computer\AppData\Roaming\DVDVideoSoft
2014-05-17 17:51 - 2014-01-21 17:48 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-05-17 17:46 - 2014-05-17 17:44 - 34419752 _____ (DVDVideoSoft Ltd. ) C:\Users\Computer\Downloads\FreeYouTubeToMP3Converter.exe
2014-05-15 20:12 - 2014-01-17 03:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 20:09 - 2014-01-17 03:06 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 18:10 - 2014-01-10 20:49 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-15 18:10 - 2014-01-10 20:49 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-15 18:10 - 2014-01-10 20:49 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-14 19:40 - 2014-05-06 23:36 - 00000000 ____D () C:\Users\Computer\Desktop\zu drucken 2
2014-05-14 19:05 - 2014-05-02 17:35 - 00006874 _____ () C:\Users\Computer\Documents\02.05.2014.m3u8
2014-05-13 19:16 - 2014-03-07 23:55 - 00000000 ____D () C:\Users\Computer\AppData\Roaming\dvdcss
2014-05-13 10:19 - 2014-01-10 20:49 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-05-12 07:26 - 2014-06-05 19:58 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-05 19:58 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-05 19:58 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-10 15:30 - 2014-01-10 19:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-10 00:54 - 2014-05-10 00:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-07 08:32 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-06 23:26 - 2014-05-06 23:26 - 02752854 _____ () C:\Users\Computer\Desktop\uni lageplan.bmp
2014-05-06 23:24 - 2014-05-06 23:23 - 03072054 _____ () C:\Users\Computer\Desktop\Neue Bitmap.bmp
2014-05-06 23:23 - 2014-05-06 23:23 - 03072054 _____ () C:\Users\Computer\Desktop\Neue Bitmap (3).bmp
Some content of TEMP:
====================
C:\Users\Computer\AppData\Local\Temp\BlueStacks089-SplitInstaller_native.exe
C:\Users\Computer\AppData\Local\Temp\KUIU.EXE
C:\Users\Computer\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Computer\AppData\Local\Temp\Quarantine.exe
C:\Users\Computer\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Computer\AppData\Local\Temp\sdapskill.exe
C:\Users\Computer\AppData\Local\Temp\sdaspwn.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2010-12-08 12:36
==================== End Of Log ============================
|
|
06.06.2014, 18:57
| #8 |
| /// the machine /// TB-Ausbilder | Nach websearches Befall, was in AdwCleaner löschen? Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\S-1-5-21-2560161592-3816387559-2359114276-1000\...\Run: [UsowoLqera] => regsvr32.exe "C:\ProgramData\UsowoLqera.dat"
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.06.2014, 13:29
| #9 |
| | Nach websearches Befall, was in AdwCleaner löschen? Ich erhalte beim ersten Schritt folgende Fehlermeldung:  |
|
09.06.2014, 06:41
| #10 |
| /// the machine /// TB-Ausbilder | Nach websearches Befall, was in AdwCleaner löschen? mach mal den Rest.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
27.06.2014, 20:56
| #11 | ||
| | Nach websearches Befall, was in AdwCleaner löschen? Tut mir Leid, dass wieder so viel Zeit zwischen dem letzten Post liegt, hab immer noch viel auf der Arbeit zu tun. Bin zwischen durch umgezogen und hab (noch) kein Internet dort. Schreibe hier gerade von meinem Elternhaus aus. Eset Log: Zitat:
Zitat:
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-06-2014
Ran by Computer (administrator) on COMPUTER-TOSH on 27-06-2014 21:33:22
Running from C:\Users\Computer\Downloads
Platform: Windows 7 Home Premium (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
() C:\Users\Computer\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe
(Last.fm) C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
() C:\Users\Computer\Downloads\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
(The Audacity Team) C:\Program Files (x86)\Audacity\audacity.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1489760 2010-03-17] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050072 2010-05-11] (Toshiba Europe GmbH)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288088 2009-11-11] (Microsoft Corporation)
HKLM-x32\...\Run: [NBAgent] => c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1234216 2010-09-02] (Nero AG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-05] (AVAST Software)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [832272 2014-05-01] (BlueStack Systems, Inc.)
HKU\.DEFAULT\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
HKU\S-1-5-21-2560161592-3816387559-2359114276-1000\...\Run: [Amazon Cloud Player] => C:\Users\Computer\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3168576 2014-03-07] ()
HKU\S-1-5-21-2560161592-3816387559-2359114276-1000\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
HKU\S-1-5-21-2560161592-3816387559-2359114276-1000\...\Run: [UsowoLqera] => regsvr32.exe "C:\ProgramData\UsowoLqera.dat"
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {06E96EFE-8043-459D-925B-B4D5B82A2743} URL = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
SearchScopes: HKCU - {4DCB657A-6192-491C-B068-4554A7124208} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\6hvqdrtx.default-1401045432870
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*'))%20%7B%20return%20'PROXY%20nq-us10.personalitycores.com%3A8000%3B%20PROXY%20nq-us08.personalitycores.com%3A8000%3B%20PROXY%20nq-us07.personalitycores.com%3A8000%3B%20PROXY%20nq-us06.personalitycores.com%3A8000%3B%20PROXY%20nq-us09.personalitycores.com%3A8000%3B%20PROXY%20nq-us12.personalitycores.com%3A8000%3B%20PROXY%20nq-us11.personalitycores.com%3A8000%3B%20PROXY%20nq-us05.personalitycores.com%3A8000%3B%20PROXY%20nq-us04.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\6hvqdrtx.default-1401045432870\searchplugins\youtube-videosuche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: YouTube Unblocker - C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\6hvqdrtx.default-1401045432870\Extensions\youtubeunblocker@unblocker.yt [2014-06-02]
FF Extension: ProxMate - Proxy on steroids! - C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\6hvqdrtx.default-1401045432870\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2014-05-26]
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2010-12-08]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-10]
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-05] (AVAST Software)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-05-01] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-05-01] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [774928 2014-05-01] (BlueStack Systems, Inc.)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-05-11] (Toshiba Europe GmbH)
==================== Drivers (Whitelisted) ====================
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-05] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-05] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-05] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-05] ()
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [123152 2014-05-01] (BlueStack Systems)
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-27 17:37 - 2014-06-27 17:37 - 00854367 _____ () C:\Users\Computer\Downloads\SecurityCheck.exe
2014-06-27 17:25 - 2014-06-27 17:53 - 299423150 _____ () C:\Users\Computer\Documents\Zane Lowe meets.... Rick Rubin_(720p).mp4
2014-06-27 14:46 - 2014-06-27 14:46 - 02347384 _____ (ESET) C:\Users\Computer\Downloads\esetsmartinstaller_deu.exe
2014-06-27 14:46 - 2014-06-27 14:46 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-25 15:54 - 2014-06-25 16:36 - 00013422 _____ () C:\Users\Computer\Documents\Zusage der Ausbildung SBK zum 01.10.2014.odt
2014-06-25 09:20 - 2014-06-25 09:20 - 00000000 ____D () C:\Windows\system32\SPReview
2014-06-24 19:29 - 2014-06-25 16:54 - 00011057 _____ () C:\Users\Computer\Documents\Briefkastenettiketten.odt
2014-06-19 14:41 - 2014-06-19 14:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-15 19:41 - 2014-06-15 19:41 - 00010022 _____ () C:\Users\Computer\Desktop\öfnnung reimer huxhold.odt
2014-06-11 21:29 - 2014-06-12 22:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-10 19:48 - 2014-06-10 20:00 - 00026105 _____ () C:\Users\Computer\Desktop\carola leyendecker.odt
2014-06-06 18:37 - 2014-06-06 18:39 - 00000000 ____D () C:\Users\Computer\Desktop\Lyrics
2014-06-05 21:33 - 2014-06-05 21:33 - 00045405 _____ () C:\Users\Computer\Desktop\FRST.txt
2014-06-05 21:32 - 2014-06-27 21:33 - 00000000 ____D () C:\Users\Computer\Downloads\FRST-OlderVersion
2014-06-05 21:31 - 2014-06-05 21:31 - 00000777 _____ () C:\Users\Computer\Desktop\JRT.txt
2014-06-05 21:19 - 2014-06-05 21:19 - 00000000 ____D () C:\Windows\ERUNT
2014-06-05 20:59 - 2014-06-05 20:59 - 01016261 _____ (Thisisu) C:\Users\Computer\Downloads\JRT.exe
2014-06-05 20:24 - 2014-06-05 20:24 - 00002200 _____ () C:\Users\Computer\Desktop\mbam.txt
2014-06-05 19:58 - 2014-06-05 19:59 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-05 19:58 - 2014-06-05 19:58 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-05 19:58 - 2014-06-05 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-05 19:58 - 2014-06-05 19:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-05 19:58 - 2014-06-05 19:58 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-06-05 19:58 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-05 19:58 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-05 19:58 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-05 19:55 - 2014-06-05 19:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Computer\Downloads\mbam-setup-2.0.2.1012.exe
==================== One Month Modified Files and Folders =======
2014-06-27 21:33 - 2014-06-05 21:32 - 00000000 ____D () C:\Users\Computer\Downloads\FRST-OlderVersion
2014-06-27 21:33 - 2014-05-25 21:31 - 00020174 _____ () C:\Users\Computer\Downloads\FRST.txt
2014-06-27 21:33 - 2014-05-25 21:31 - 00000000 ____D () C:\FRST
2014-06-27 21:33 - 2014-05-25 21:30 - 02083328 _____ (Farbar) C:\Users\Computer\Downloads\FRST64.exe
2014-06-27 21:32 - 2009-07-14 06:51 - 00083156 _____ () C:\Windows\setupact.log
2014-06-27 21:26 - 2014-01-10 19:06 - 01824181 _____ () C:\Windows\WindowsUpdate.log
2014-06-27 21:20 - 2014-01-10 20:00 - 00000000 ____D () C:\Users\Computer\AppData\Roaming\Audacity
2014-06-27 21:13 - 2014-01-21 20:24 - 00000000 ____D () C:\Users\Computer\AppData\Local\Last.fm
2014-06-27 21:09 - 2014-01-16 21:37 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-27 21:09 - 2014-01-16 21:37 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-27 21:03 - 2009-07-14 06:45 - 00016080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-27 21:03 - 2009-07-14 06:45 - 00016080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-27 20:55 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-27 17:53 - 2014-06-27 17:25 - 299423150 _____ () C:\Users\Computer\Documents\Zane Lowe meets.... Rick Rubin_(720p).mp4
2014-06-27 17:37 - 2014-06-27 17:37 - 00854367 _____ () C:\Users\Computer\Downloads\SecurityCheck.exe
2014-06-27 17:35 - 2014-02-04 20:33 - 00071217 _____ () C:\Users\Computer\Desktop\noch zu lesen2.odt
2014-06-27 14:47 - 2009-07-14 19:58 - 00654166 _____ () C:\Windows\system32\perfh007.dat
2014-06-27 14:47 - 2009-07-14 19:58 - 00130006 _____ () C:\Windows\system32\perfc007.dat
2014-06-27 14:47 - 2009-07-14 07:13 - 01498506 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-27 14:46 - 2014-06-27 14:46 - 02347384 _____ (ESET) C:\Users\Computer\Downloads\esetsmartinstaller_deu.exe
2014-06-27 14:46 - 2014-06-27 14:46 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-27 13:19 - 2014-01-10 20:49 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-27 10:41 - 2014-02-05 21:34 - 00000000 ____D () C:\Users\Computer\AppData\Roaming\vlc
2014-06-26 12:14 - 2014-01-21 14:38 - 00000000 ____D () C:\Users\Computer\Documents\Planung
2014-06-25 23:25 - 2014-02-09 16:11 - 00000000 ____D () C:\Users\Computer\Desktop\M
2014-06-25 16:54 - 2014-06-24 19:29 - 00011057 _____ () C:\Users\Computer\Documents\Briefkastenettiketten.odt
2014-06-25 16:36 - 2014-06-25 15:54 - 00013422 _____ () C:\Users\Computer\Documents\Zusage der Ausbildung SBK zum 01.10.2014.odt
2014-06-25 09:20 - 2014-06-25 09:20 - 00000000 ____D () C:\Windows\system32\SPReview
2014-06-21 00:03 - 2014-01-10 19:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-20 16:58 - 2014-03-19 21:21 - 00001109 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-06-20 16:58 - 2014-03-19 21:21 - 00001097 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-06-19 16:27 - 2014-02-05 12:45 - 00000000 ____D () C:\Users\Computer\AppData\Roaming\Youtube Downloader HD
2014-06-19 14:42 - 2014-06-19 14:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-15 19:41 - 2014-06-15 19:41 - 00010022 _____ () C:\Users\Computer\Desktop\öfnnung reimer huxhold.odt
2014-06-13 00:22 - 2014-01-17 03:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-13 00:20 - 2014-01-17 03:06 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-12 22:31 - 2014-06-11 21:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-10 20:00 - 2014-06-10 19:48 - 00026105 _____ () C:\Users\Computer\Desktop\carola leyendecker.odt
2014-06-08 14:09 - 2014-02-21 14:14 - 00030735 _____ () C:\Users\Computer\Desktop\schon gelesen zu sortieren.odt
2014-06-07 22:59 - 2014-01-26 16:31 - 00000000 ____D () C:\Users\Computer\Desktop\wiki artikel für Kindle
2014-06-07 12:55 - 2014-05-24 16:34 - 00009604 _____ () C:\Users\Computer\Documents\24.05.2014.m3u8
2014-06-06 18:42 - 2014-05-22 15:50 - 00000000 ____D () C:\Users\Computer\Desktop\für Syavash
2014-06-06 18:39 - 2014-06-06 18:37 - 00000000 ____D () C:\Users\Computer\Desktop\Lyrics
2014-06-06 14:52 - 2014-02-04 17:20 - 738900975 _____ () C:\Windows\MEMORY.DMP
2014-06-06 14:52 - 2014-02-04 17:20 - 00000000 ____D () C:\Windows\Minidump
2014-06-05 23:58 - 2014-01-11 12:14 - 00132478 _____ () C:\Windows\PFRO.log
2014-06-05 21:33 - 2014-06-05 21:33 - 00045405 _____ () C:\Users\Computer\Desktop\FRST.txt
2014-06-05 21:31 - 2014-06-05 21:31 - 00000777 _____ () C:\Users\Computer\Desktop\JRT.txt
2014-06-05 21:19 - 2014-06-05 21:19 - 00000000 ____D () C:\Windows\ERUNT
2014-06-05 21:00 - 2009-07-14 20:18 - 00000000 ____D () C:\Windows\ShellNew
2014-06-05 20:59 - 2014-06-05 20:59 - 01016261 _____ (Thisisu) C:\Users\Computer\Downloads\JRT.exe
2014-06-05 20:24 - 2014-06-05 20:24 - 00002200 _____ () C:\Users\Computer\Desktop\mbam.txt
2014-06-05 19:59 - 2014-06-05 19:58 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-05 19:58 - 2014-06-05 19:58 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-05 19:58 - 2014-06-05 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-05 19:58 - 2014-06-05 19:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-05 19:58 - 2014-06-05 19:58 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-06-05 19:56 - 2014-06-05 19:55 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Computer\Downloads\mbam-setup-2.0.2.1012.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2010-12-08 12:36
==================== End Of Log ============================
--- --- --- |
|
28.06.2014, 18:26
| #12 |
| /// the machine /// TB-Ausbilder | Nach websearches Befall, was in AdwCleaner löschen? Java udpaten, Windows updaten, da fehlt ein Servicepack. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\S-1-5-21-2560161592-3816387559-2359114276-1000\...\Run: [UsowoLqera] => regsvr32.exe "C:\ProgramData\UsowoLqera.dat"
C:\ProgramData\UsowoLqera.dat
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Frisches FRST log bitte. Passwörter alle ändern.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Nach websearches Befall, was in AdwCleaner löschen? |
| programm, pup.optional.domaiq, pup.optional.newplayer.a, pup.optional.opencandy, pup.optional.qone8, pup.optional.scramblepacker.a, screenshots, trojan.fakems.ed, verknüpfungen, win32/downloadsponsor.a, win32/elex.ad, win32/thinknice.a, win32/thinknice.b, win32/thinknice.c, win64/thinknice.a, zusammen |
Hybrid-Darstellung
