| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Laptop gehackt!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
03.11.2014, 18:24
| #16 |
| /// TB-Ausbilder   |  Laptop gehackt! Ich bin dabei ;-) Hast du das von dir genannte ESET Log ? Und dann bitte noch: Starte noch einmal FRST.
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
|
04.11.2014, 12:45
| #17 |
 | Laptop gehackt!Code:
ATTFilter C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\MUServer.apk.vir Variante von Android/Mobserv.A evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Helmut\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk.vir Variante von Android/Mobserv.A evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Helmut\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll.vir Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Helmut\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll.vir Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Helmut\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.ChromeLocalPlugin.dll.vir Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Helmut\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.FireFoxLocalPlugin.dll.vir Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Helmut\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll.vir Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Helmut\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll.vir Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Helmut\AppData\Local\Smartbar\Application\smta.dll.vir Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Helmut\AppData\Local\Smartbar\Application\smtu.dll.vir Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Helmut\AppData\Local\Smartbar\Application\spbe.dll.vir Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Helmut\AppData\Local\Smartbar\Application\srau.dll.vir Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Helmut\AppData\Local\Smartbar\Application\srbs.dll.vir Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Helmut\AppData\Local\Smartbar\Application\srpu.dll.vir Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\windows\System32\roboot64.exe.vir Variante von Win64/Systweak.A evtl. unerwünschte Anwendung
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll Variante von Win32/Toolbar.Visicom.B evtl. unerwünschte Anwendung
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawaretb.dll Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung
C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_27113\BabylonChrome1.crx Variante von Win32/Toolbar.Babylon.Q evtl. unerwünschte Anwendung
C:\Users\Helmut\Desktop\Alte Firefox-Daten\qgobtzek.default-1413209788260\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\dtUser.exe Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung
C:\Users\Helmut\Downloads\adusetup_ashampoo.exe Variante von Win32/Systweak.H evtl. unerwünschte Anwendung
C:\Users\Helmut\Downloads\rcpsetup_2005.exe Win32/Systweak.D evtl. unerwünschte Anwendung
C:\Users\Helmut\Downloads\SandboxieInstall_CB-DL-Manager.exe Variante von Win32/InstallCore.QW evtl. unerwünschte Anwendung
C:\Users\Helmut\Downloads\tuppsetup_2005.exe Win32/Systweak.K evtl. unerwünschte Anwendung
C:\Users\Helmut\Downloads\wzdu18.exe Variante von Win32/Systweak.H evtl. unerwünschte Anwendung
C:\Users\Helmut\Downloads\xp-AntiSpy_setup-deutsch_CB-DL-Manager.exe Variante von Win32/InstallCore.QW evtl. unerwünschte Anwendung
C:\Users\Helmut\Downloads\zafwSetupWeb_120_104_000(1).exe Win32/Toolbar.Conduit evtl. unerwünschte Anwendung
C:\Users\Helmut\Downloads\zafwSetupWeb_120_104_000.exe Win32/Toolbar.Conduit evtl. unerwünschte Anwendung
C:\Users\Helmut\Downloads\zafwSetupWeb_132_015_000(1).exe Win32/Toolbar.Conduit evtl. unerwünschte Anwendung
C:\Users\Helmut\Downloads\zafwSetupWeb_132_015_000.exe Win32/Toolbar.Conduit evtl. unerwünschte Anwendung
C:\Users\Helmut\Downloads\zaSuiteSetupWeb_120_104_000.exe Win32/Toolbar.Conduit evtl. unerwünschte Anwendung
C:\Windows\Installer\14a7e6.msi Variante von Win32/Toolbar.Babylon.Q evtl. unerwünschte Anwendung
C:\Windows\Installer\be57f.msi Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014
Ran by Helmut (administrator) on HELMUT-TOSH on 04-11-2014 12:33:53
Running from C:\Users\Helmut\Desktop
Loaded Profile: Helmut (Available profiles: Helmut)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(Emsisoft GmbH) C:\Program Files (x86)\Online Armor\oacat.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Windows\System32\GFNEXSrv.exe
() C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe
(Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
() C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
() C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragmonitorservice.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
() C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragactivitymonitor.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe
(Tobit.Software) C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe
(J3S GmbH) C:\Program Files (x86)\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe
(Toshiba) C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosLeBtMng.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosLeSrvProvider.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-04-24] (Realtek Semiconductor)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2165120 2012-03-22] (SRS Labs, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2866960 2011-12-19] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-09-23] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [989056 2011-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1548208 2011-11-24] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-11-26] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2012-05-10] (Toshiba Europe GmbH)
HKLM\...\Run: [@OnlineArmor GUI] => C:\Program Files (x86)\Online Armor\oaui.exe [7558464 2013-10-11] (Emsisoft GmbH)
HKLM\...\Run: [MSC] => [X]
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-07-18] (Intel Corporation)
HKLM-x32\...\Run: [DefragTaskBar] => C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe [927072 2009-12-16] ()
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [440632 2014-08-29] (Malwarebytes Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5223016 2014-11-02] (AVAST Software)
HKLM-x32\...\RunOnce: [TodoBackupUninst] => [X]
HKLM\...\Policies\Explorer: [NoSecurity Tab] 1
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-19\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-20\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-21-3457080408-1642351141-37163438-1000\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-21-3457080408-1642351141-37163438-1000\...\Run: [RfxSrvTray] => C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe [1838872 2013-02-07] (Tobit.Software)
HKU\S-1-5-21-3457080408-1642351141-37163438-1000\...\Run: [COMPUTER BILD Account-Alarm] => C:\Program Files (x86)\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe [2058752 2014-08-07] (J3S GmbH)
HKU\S-1-5-21-3457080408-1642351141-37163438-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784392 2014-05-29] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-3457080408-1642351141-37163438-1000\...\Run: [PrivacyOptimizer] => "C:\Program Files\Badosoft\Privacy Optimizer\PrivacyOptimizer.exe" -m
HKU\S-1-5-21-3457080408-1642351141-37163438-1000\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKU\S-1-5-21-3457080408-1642351141-37163438-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3457080408-1642351141-37163438-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-3457080408-1642351141-37163438-1000\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-21-3457080408-1642351141-37163438-1000\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-21-3457080408-1642351141-37163438-1000\...\Policies\Explorer: [NoSecurityTab] 1
HKU\S-1-5-21-3457080408-1642351141-37163438-1000\...\MountPoints2: {894569e8-ac59-11e1-9076-806e6f6e6963} - D:\zdata\cobi.exe
HKU\S-1-5-18\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-18\...\Run: [Advanced SystemCare 7] => "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng1.exe (TOSHIBA CORPORATION.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Toshiba Places Icon Utility.lnk
ShortcutTarget: Toshiba Places Icon Utility.lnk -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe (Toshiba)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
SearchScopes: HKLM - {5A6C5665-1834-40E5-8C0E-E120683B42B8} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA;
SearchScopes: HKCU - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - {474EB444-5809-4E5F-A5C5-6D53CB97E798} URL = hxxp://search.findwide.com/serp?guid={164985FE-982A-470A-8E47-43FE52E8A846}&action=default_search&k={searchTerms}
SearchScopes: HKCU - {62C1D4AA-B385-4D65-AB3E-D8D78906BC3D} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
BHO-x32: CBAbzockschutz.InitToolbarBHO -> {2e250b90-0e7a-42a3-9d65-e39f9f227fa4} -> C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM-x32 - COMPUTERBILD-Abzockschutz - {353e2a48-6254-4bd3-88f4-3b51a0ca7870} - C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{5ACA316D-A103-4B5E-9B41-2C7672FDE354}: [NameServer] 156.154.70.25,156.154.71.25
Tcpip\..\Interfaces\{B099EE2C-A059-423B-A5F3-A2AED593E8D0}: [NameServer] 156.154.70.25,156.154.71.25
FireFox:
========
FF ProfilePath: C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\uyirx4ul.default-1414830766671
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\google-deutschland.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WEB.DE MailCheck - C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\uyirx4ul.default-1414830766671\Extensions\toolbar@web.de [2014-11-01]
FF Extension: gui:config - C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\uyirx4ul.default-1414830766671\Extensions\guiconfig@slosd.net.xpi [2014-11-04]
FF Extension: NoScript - C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\uyirx4ul.default-1414830766671\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-11-04]
FF Extension: Adblock Plus - C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\uyirx4ul.default-1414830766671\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-01]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-22]
FF Extension: No Name - wrc@avast.com [Not Found]
Chrome:
=======
CHR Profile: C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-14]
CHR Extension: (Google Drive) - C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-14]
CHR Extension: (YouTube) - C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-14]
CHR Extension: (Google Search) - C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-14]
CHR Extension: (RealDownloader) - C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-01-27]
CHR Extension: (No Name) - C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2014-03-19]
CHR Extension: (Google Wallet) - C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-14]
CHR Extension: (Gmail) - C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-14]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-10-22]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-22]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4816568 2014-10-13] (Emsisoft GmbH)
R2 Ashampoo Defrag Service; C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe [890208 2009-12-16] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-22] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-10-22] (Avast Software)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242216 2014-06-17] (Foxit Corporation)
R2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-10] ()
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2283296 2014-10-15] (IObit)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [441144 2014-08-29] (Malwarebytes Corporation)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 OAcat; C:\Program Files (x86)\Online Armor\OAcat.exe [584864 2013-10-11] (Emsisoft GmbH)
R2 Radio.fx; C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe [3999512 2013-06-03] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2014-01-17] (Realtek Semiconductor)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174088 2014-05-29] (Sandboxie Holdings, LLC)
S2 SvcOnlineArmor; C:\Program Files (x86)\Online Armor\oasrv.exe [4457688 2013-10-11] (Emsisoft GmbH)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)
S2 EaseUS Agent; No ImagePath
S2 Intel(R) Capability Licensing Service Interface; No ImagePath
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36096 2013-05-21] (Advanced Micro Devices, Inc.)
S1 AntiLog32; No ImagePath
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-10-22] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-10-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-10-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-10-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-10-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-10-22] ()
S3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63000 2014-08-30] ()
R4 EUBAKUP; C:\Windows\System32\Drivers\EUBAKUP.sys [61000 2014-08-13] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R4 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48200 2014-08-13] () [File not signed]
S3 FileMonitor; No ImagePath
R1 HBtnKey; C:\Windows\System32\DRIVERS\wstbtndb.sys [9856 2007-09-14] (Lenovo)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2014-04-30] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-04-30] (Kaspersky Lab ZAO)
S3 leawo_vad; C:\Windows\System32\drivers\leawo_vad.sys [33048 2013-05-21] (Shenzhen Moyea Software)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2014-05-24] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R1 OADevice; C:\windows\SysWow64\Drivers\OADriver.sys [64720 2013-10-11] ()
S1 oahlpXX; C:\windows\syswow64\drivers\oahlp64.sys [62008 2013-10-11] ()
R1 OAmon; C:\windows\SysWOW64\Drivers\OAmon.sys [52360 2013-10-11] (Emsisoft)
R3 OAnet; C:\Windows\System32\DRIVERS\oanet.sys [35368 2013-10-11] (Emsisoft)
S3 RegFilter; No ImagePath
R3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [555736 2014-03-17] (Realtek Semiconductor Corporation)
S3 RTL8192Ce; C:\Windows\System32\DRIVERS\rtwlane.sys [3073752 2014-03-17] (Realtek Semiconductor Corporation )
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [3073752 2014-03-17] (Realtek Semiconductor Corporation )
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-05-29] (Sandboxie Holdings, LLC)
S3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2013-09-04] (Synaptics Incorporated)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [867824 2013-10-20] (Duplex Secure Ltd.)
S3 UrlFilter; No ImagePath
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [270728 2014-10-22] (Avast Software)
U4 CmdAgent; No ImagePath
U3 DfSdkS; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-04 12:33 - 2014-11-04 12:34 - 00025585 _____ () C:\Users\Helmut\Desktop\FRST.txt
2014-11-04 09:11 - 2014-11-04 11:58 - 00000168 _____ () C:\windows\setupact.log
2014-11-04 09:11 - 2014-11-04 09:11 - 00008706 _____ () C:\windows\PFRO.log
2014-11-04 09:11 - 2014-11-04 09:11 - 00000000 _____ () C:\windows\setuperr.log
2014-11-04 09:09 - 2014-11-04 09:09 - 88883200 _____ () C:\windows\system32\config\SOFTWARE.iodefrag
2014-11-04 09:09 - 2014-11-04 09:09 - 05885952 _____ () C:\windows\system32\config\DEFAULT.iodefrag
2014-11-04 09:09 - 2014-11-04 09:09 - 00061440 _____ () C:\windows\system32\config\SAM.iodefrag
2014-11-04 09:09 - 2014-11-04 09:09 - 00028672 _____ () C:\windows\system32\config\SECURITY.iodefrag
2014-11-04 09:09 - 2014-11-04 09:09 - 00000000 _____ () C:\asc_rdflag
2014-11-02 20:36 - 2014-11-02 20:37 - 00004672 _____ () C:\Users\Helmut\Desktop\Neues Textdokument ESET Onlinescanner.txt
2014-11-02 19:02 - 2014-11-02 19:02 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore1cff6c724e5fdf2.job
2014-11-02 17:57 - 2014-11-02 17:57 - 02347384 _____ (ESET) C:\Users\Helmut\Downloads\esetsmartinstaller_deu.exe
2014-11-02 17:09 - 2014-11-02 17:09 - 00001235 _____ () C:\Users\Helmut\Desktop\Revo Uninstaller.lnk
2014-11-02 17:09 - 2014-11-02 17:09 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-11-02 17:08 - 2014-11-02 17:08 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Helmut\Downloads\revosetup95.exe
2014-11-02 16:36 - 2014-11-03 23:34 - 00000000 ____D () C:\windows\Minidump
2014-11-02 09:51 - 2014-11-02 09:56 - 00001321 _____ () C:\Users\Helmut\Desktop\rundll32.exe.lnk
2014-10-31 11:47 - 2014-10-31 11:51 - 00000450 _____ () C:\windows\Tasks\SyneiStart.job
2014-10-31 11:42 - 2014-10-31 12:08 - 00000000 ____D () C:\Users\Helmut\AppData\Roaming\Synei
2014-10-31 11:41 - 2014-10-31 11:41 - 00000000 ____D () C:\Program Files (x86)\Synei
2014-10-31 11:22 - 2014-10-31 11:22 - 00000000 ____D () C:\Program Files (x86)\mozilla firefox
2014-10-29 22:45 - 2014-10-29 22:45 - 00077312 _____ (Emsisoft GmbH) C:\windows\system32\eamclean.exe
2014-10-29 22:45 - 2014-10-29 22:45 - 00001064 _____ () C:\windows\system32\eamclean.dat
2014-10-29 15:20 - 2014-10-29 15:20 - 00000584 _____ () C:\Users\Helmut\Downloads\defogger_disable.log
2014-10-29 15:20 - 2014-10-29 15:20 - 00000020 _____ () C:\Users\Helmut\defogger_reenable
2014-10-29 15:19 - 2014-10-29 15:19 - 00050477 _____ () C:\Users\Helmut\Downloads\Defogger.exe
2014-10-29 08:54 - 2014-10-29 08:54 - 00000250 _____ () C:\windows\Tasks\Driver Booster SkipUAC (Helmut).job
2014-10-28 21:22 - 2014-11-04 12:33 - 00000000 ____D () C:\FRST
2014-10-28 09:20 - 2014-10-28 09:20 - 00000000 ____D () C:\Users\Helmut\AppData\Local\Secunia PSI
2014-10-28 09:19 - 2014-10-28 23:38 - 00000000 ____D () C:\Program Files (x86)\Secunia
2014-10-28 09:18 - 2014-10-28 09:19 - 05329480 _____ (Secunia) C:\Users\Helmut\Downloads\PSISetup.exe
2014-10-27 17:29 - 2014-10-29 08:42 - 00000280 _____ () C:\windows\Tasks\Uninstaller_SkipUac_Helmut.job
2014-10-27 12:45 - 2014-10-27 12:45 - 01649619 _____ () C:\Users\Helmut\Downloads\wkg2.0.1.78.exe
2014-10-26 18:58 - 2014-10-26 18:58 - 00001236 _____ () C:\Users\Helmut\Desktop\AdwCleaner_4.001.exe - Verknüpfung.lnk
2014-10-26 18:40 - 2014-10-26 18:40 - 01962496 _____ () C:\Users\Helmut\Downloads\AdwCleaner_4.001.exe
2014-10-26 14:34 - 2014-11-04 09:29 - 02114560 _____ (Farbar) C:\Users\Helmut\Desktop\FRST64.exe
2014-10-26 10:13 - 2014-10-26 10:13 - 32601272 _____ (Microsoft Corporation) C:\Users\Helmut\Downloads\Windows-KB890830-x64-V5.17.exe
2014-10-26 09:27 - 2014-09-05 03:11 - 06584320 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-10-26 09:27 - 2014-09-05 02:52 - 05703168 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-10-25 10:50 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2014-10-25 10:50 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-10-25 10:50 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-10-25 10:50 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2014-10-25 10:50 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2014-10-25 10:50 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-10-25 10:50 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2014-10-25 10:50 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2014-10-25 10:50 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll
2014-10-25 10:50 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll
2014-10-25 10:50 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2014-10-25 10:50 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2014-10-25 10:50 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2014-10-25 10:50 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-10-25 10:50 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2014-10-25 10:50 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2014-10-25 09:03 - 2014-10-25 09:03 - 00000000 ____D () C:\Users\Helmut\AppData\Roaming\Awesomium
2014-10-24 18:35 - 2014-11-04 12:19 - 00000000 ____D () C:\Users\Helmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Badosoft
2014-10-24 18:35 - 2014-10-24 18:35 - 00000000 ____D () C:\windows\System32\Tasks\Badosoft
2014-10-24 18:34 - 2014-11-04 12:22 - 00000000 ____D () C:\Program Files\Badosoft
2014-10-22 16:12 - 2014-11-04 12:32 - 00000000 ____D () C:\Users\Helmut\AppData\Roaming\Dropbox
2014-10-22 16:07 - 2014-10-22 16:10 - 00000000 ____D () C:\windows\SysWOW64\vbox
2014-10-22 16:07 - 2014-10-22 16:10 - 00000000 ____D () C:\windows\system32\vbox
2014-10-22 16:01 - 2014-10-22 16:01 - 00000000 ____D () C:\Users\Helmut\AppData\Roaming\AVAST Software
2014-10-22 16:00 - 2014-10-22 16:00 - 00001975 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-10-22 16:00 - 2014-10-22 16:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-10-22 15:59 - 2014-10-27 08:54 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-10-22 15:58 - 2014-11-02 12:09 - 00083280 _____ (AVAST Software) C:\windows\system32\Drivers\aswmonflt.sys
2014-10-22 15:58 - 2014-10-22 15:59 - 36818984 _____ (Dropbox, Inc.) C:\Users\Public\Desktop\DropboxInstallerAvast.exe
2014-10-22 15:58 - 2014-10-22 15:57 - 00436624 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2014-10-22 15:58 - 2014-10-22 15:57 - 00267632 _____ () C:\windows\system32\Drivers\aswVmm.sys
2014-10-22 15:58 - 2014-10-22 15:57 - 00116728 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2014-10-22 15:58 - 2014-10-22 15:57 - 00093568 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-10-22 15:58 - 2014-10-22 15:57 - 00065776 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2014-10-22 15:58 - 2014-10-22 15:57 - 00029208 _____ () C:\windows\system32\Drivers\aswHwid.sys
2014-10-22 15:57 - 2014-11-02 12:09 - 01050432 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
2014-10-22 15:57 - 2014-10-22 15:57 - 00364512 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-10-22 15:57 - 2014-10-22 15:57 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-10-22 15:55 - 2014-10-22 15:55 - 00000000 ____D () C:\Program Files\AVAST Software
2014-10-22 15:53 - 2014-10-22 15:55 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-10-22 15:50 - 2014-10-22 15:53 - 131078000 _____ (AVAST Software) C:\Users\Helmut\Downloads\avast_free_antivirus_setup.exe
2014-10-21 15:48 - 2014-10-21 15:48 - 00000017 _____ () C:\windows\SysWOW64\shortcut_ex.dat
2014-10-21 15:24 - 2014-10-21 15:26 - 15779840 _____ () C:\Users\Helmut\Downloads\FRITZ.Box_7330_SL.116.06.03(1).image
2014-10-21 15:19 - 2014-10-21 15:19 - 15779840 _____ () C:\Users\Helmut\Desktop\FRITZ.Box_7330_SL.116.06.03.image
2014-10-20 23:24 - 2014-10-20 23:28 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-20 23:24 - 2014-10-20 23:24 - 00000000 ____D () C:\Users\Helmut\AppData\Local\MFAData
2014-10-20 23:24 - 2014-10-20 23:24 - 00000000 ____D () C:\Users\Helmut\AppData\Local\Avg2015
2014-10-20 22:50 - 2014-10-20 23:13 - 00000857 _____ () C:\Users\Helmut\Downloads\Stinger_20102014_235041.html
2014-10-20 22:49 - 2014-10-20 23:17 - 00000116 ___RH () C:\Users\Helmut\Downloads\Stinger.opt
2014-10-20 22:48 - 2014-10-20 23:17 - 00000000 ____D () C:\Program Files\stinger
2014-10-20 16:58 - 2014-10-20 16:58 - 01705698 _____ (Thisisu) C:\Users\Helmut\Downloads\JRT633.exe
2014-10-19 17:48 - 2014-10-19 17:48 - 00000000 ____D () C:\Users\Helmut\AppData\Roaming\LavasoftStatistics
2014-10-19 17:45 - 2014-10-22 15:09 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection
2014-10-19 17:44 - 2014-10-19 17:44 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2014-10-19 17:40 - 2014-10-19 17:40 - 01753736 _____ () C:\Users\Helmut\Downloads\Adaware_Installer.exe
2014-10-19 17:20 - 2014-10-19 17:24 - 174325760 _____ () C:\Users\Helmut\Downloads\reparaturdatentraeger_windows_7_64_bit.iso
2014-10-19 17:12 - 2014-10-19 17:12 - 00001104 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Baseline Security Analyzer 2.3.lnk
2014-10-19 17:12 - 2014-10-19 17:12 - 00001092 _____ () C:\Users\Public\Desktop\Microsoft Baseline Security Analyzer 2.3.lnk
2014-10-19 17:12 - 2014-10-19 17:12 - 00000000 ____D () C:\Program Files\Microsoft Baseline Security Analyzer 2
2014-10-19 17:10 - 2014-10-19 17:10 - 01802240 _____ () C:\Users\Helmut\Downloads\MBSASetup-x64-DE.msi
2014-10-19 08:28 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-10-19 08:28 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\windows\system32\dfshim.dll
2014-10-19 08:28 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\windows\SysWOW64\dfshim.dll
2014-10-19 08:28 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscorier.dll
2014-10-19 08:28 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\windows\system32\mscorier.dll
2014-10-19 08:28 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscories.dll
2014-10-19 08:28 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\windows\system32\mscories.dll
2014-10-19 08:27 - 2014-10-10 03:05 - 00507392 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-10-19 08:27 - 2014-10-10 03:05 - 00276480 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-10-19 08:27 - 2014-10-10 03:00 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-10-19 08:27 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-10-19 08:27 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-10-19 08:27 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-10-19 08:27 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-10-19 08:27 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-10-19 08:27 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-10-19 08:27 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-10-19 08:27 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-10-19 08:27 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-10-19 08:27 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-10-19 08:27 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-10-19 08:27 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-10-19 08:27 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-10-19 08:27 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-10-19 08:27 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-10-19 08:27 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-10-19 08:27 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-10-19 08:27 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-10-19 08:27 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-10-19 08:27 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-10-19 08:27 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-10-19 08:27 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-10-19 08:27 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-10-19 08:27 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-10-19 08:27 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-10-19 08:27 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-10-19 08:27 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-10-19 08:27 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-10-19 08:27 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-10-19 08:27 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-10-19 08:27 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-10-19 08:27 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-10-19 08:27 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-10-19 08:27 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-10-19 08:27 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-10-19 08:27 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-10-19 08:27 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-10-19 08:27 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-10-19 08:27 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-10-19 08:27 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-10-19 08:27 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-10-19 08:27 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-10-19 08:27 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-10-19 08:27 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-10-19 08:27 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-10-19 08:27 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-10-19 08:27 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-19 08:27 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-10-19 08:27 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-10-19 08:27 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-10-19 08:27 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-10-19 08:27 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-10-19 08:27 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-10-19 08:27 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-10-19 08:27 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-10-19 08:27 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-10-19 08:26 - 2014-08-29 03:07 - 03179520 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-10-19 08:25 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-10-19 08:25 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-10-19 08:24 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll
2014-10-19 08:24 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll
2014-10-19 08:24 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-10-19 08:24 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-10-19 08:24 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll
2014-10-19 08:24 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll
2014-10-19 08:24 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-10-19 08:24 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-10-19 08:24 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\windows\SysWOW64\winsta.dll
2014-10-19 08:24 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-10-19 08:24 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-10-19 08:24 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys
2014-10-19 08:24 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2014-10-19 08:23 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-10-19 08:23 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-10-17 07:48 - 2014-10-17 07:48 - 36865528 _____ () C:\Users\Helmut\Downloads\WEB.DE_Firefox_Setup(5).exe
2014-10-16 12:15 - 2014-10-16 12:15 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-10-16 10:06 - 2014-10-16 10:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-10-16 10:05 - 2014-10-16 10:05 - 00001062 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-10-16 10:04 - 2014-11-04 11:58 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-10-16 09:15 - 2014-10-16 09:15 - 00000407 _____ () C:\Users\Helmut\Downloads\EmsisoftAntiMalware457Setup(1).exe
2014-10-16 08:56 - 2014-10-16 10:04 - 163225944 _____ (Emsisoft GmbH ) C:\Users\Helmut\Downloads\EmsisoftAntiMalware457Setup.exe
2014-10-15 22:34 - 2014-10-15 22:35 - 05249448 _____ (ParetoLogic Inc.) C:\Users\Helmut\Downloads\ParetoLogic PC Health Advisor_de.exe
2014-10-15 15:33 - 2014-10-15 15:33 - 00000000 ____D () C:\Users\Helmut\AppData\Roaming\ProductData
2014-10-15 15:31 - 2014-10-15 15:31 - 00002892 _____ () C:\windows\System32\Tasks\Uninstaller_SkipUac_Helmut
2014-10-15 15:22 - 2014-10-15 15:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
2014-10-15 15:22 - 2014-10-15 15:22 - 00000000 ____D () C:\Program Files (x86)\Security Task Manager
2014-10-15 11:08 - 2014-10-15 11:08 - 03455840 _____ (tuneuppro.com ) C:\Users\Helmut\Downloads\tuppsetup_2005.exe
2014-10-13 16:11 - 2014-10-13 16:11 - 00000047 _____ () C:\Users\Helmut\AppData\Roaming\WB.CFG
2014-10-13 15:13 - 2014-10-13 15:23 - 00000000 ____D () C:\Users\Helmut\AppData\Roaming\Panda Security
2014-10-13 15:11 - 2014-10-13 15:24 - 00000000 ____D () C:\ProgramData\Panda Security
2014-10-13 15:11 - 2014-10-13 15:24 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2014-10-12 18:01 - 2014-10-12 18:01 - 00000000 ____D () C:\Users\Helmut\AppData\Local\Adobe
2014-10-12 16:01 - 2014-10-12 16:01 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-10-12 16:00 - 2014-10-12 16:00 - 00001329 _____ () C:\Users\Public\Desktop\Foxit Reader.lnk
2014-10-12 16:00 - 2014-10-12 16:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-10-12 15:56 - 2014-10-12 15:57 - 46342192 _____ (Foxit Corporation ) C:\Users\Helmut\Downloads\FoxitReader615.0624_prom_L10N_Setup.exe
2014-10-12 15:48 - 2014-10-22 08:29 - 00000000 ____D () C:\Users\Helmut\AppData\Roaming\Foxit Software
2014-10-12 15:47 - 2014-10-12 16:00 - 00000000 ____D () C:\Program Files (x86)\Foxit Software
2014-10-12 15:46 - 2014-10-12 15:46 - 37730024 _____ (Foxit Software Inc. ) C:\Users\Helmut\Downloads\FoxitReader703.0916_enu_Setup.exe
2014-10-12 15:41 - 2014-10-12 15:41 - 37963088 _____ (Foxit Software Inc. ) C:\Users\Helmut\Downloads\FoxitReader703.0916_prom_enu_Setup.exe
2014-10-08 16:02 - 2014-10-08 16:02 - 00000011 ____R () C:\windows\amunres.lsl
2014-10-08 15:43 - 2014-10-08 15:43 - 00000000 ____D () C:\windows\ERUNT
2014-10-08 15:42 - 2014-10-08 15:42 - 01705141 _____ (Thisisu) C:\Users\Helmut\Downloads\JRT.exe
2014-10-07 15:12 - 2014-10-07 15:12 - 04393424 _____ (Systweak Inc ) C:\Users\Helmut\Downloads\rcpsetup_2005.exe
2014-10-07 09:33 - 2014-10-07 09:46 - 00000000 ____D () C:\ProgramData\OnlineArmor
2014-10-07 09:33 - 2014-10-07 09:34 - 00000000 ____D () C:\Users\Helmut\AppData\Roaming\OnlineArmor
2014-10-07 09:30 - 2014-11-04 10:34 - 00000000 ____D () C:\Program Files (x86)\Online Armor
2014-10-07 09:30 - 2014-10-07 22:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Armor
2014-10-07 09:30 - 2014-10-07 09:30 - 00001126 _____ () C:\Users\Helmut\Desktop\Online Armor.lnk
2014-10-07 09:30 - 2013-10-11 02:41 - 00062008 _____ () C:\windows\SysWOW64\Drivers\oahlp64.sys
2014-10-07 09:30 - 2013-10-11 02:40 - 00064720 _____ () C:\windows\SysWOW64\Drivers\OADriver.sys
2014-10-07 09:30 - 2013-10-11 02:40 - 00052360 _____ (Emsisoft) C:\windows\SysWOW64\Drivers\OAmon.sys
2014-10-07 09:30 - 2013-10-11 02:40 - 00035368 _____ (Emsisoft) C:\windows\system32\Drivers\OAnet.sys
2014-10-05 19:01 - 2014-11-04 09:17 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2014-10-05 19:01 - 2014-10-05 19:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2014-10-05 19:01 - 2014-10-05 19:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2014-10-05 19:00 - 2014-10-05 19:00 - 02737592 _____ (Malwarebytes ) C:\Users\Helmut\Downloads\mbae-setup-1.04.1.1012.exe
2014-10-05 18:57 - 2014-10-05 18:58 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Helmut\Downloads\mbam-setup-2.0.2.1012(2).exe
2014-10-05 18:47 - 2014-10-05 18:47 - 02454688 _____ (Malwarebytes ) C:\Users\Helmut\Downloads\mbae-setup-0.10.0.1000.exe
2014-10-05 18:20 - 2014-10-05 18:20 - 00000000 ____D () C:\Users\Helmut\Desktop\HashTab Shell Extension
2014-10-05 18:11 - 2014-10-05 18:11 - 00000000 ____D () C:\Program Files\HashTab Shell Extension
2014-10-05 18:07 - 2014-10-05 18:11 - 01217455 _____ () C:\Users\Helmut\Downloads\HashTab_v4.0.0_Setup.exe
2014-10-05 17:31 - 2014-10-05 17:31 - 00663680 _____ (Softwareentwicklung Patric Remus -ArchiCrypt) C:\Users\Helmut\Downloads\abtde.exe
2014-10-05 17:15 - 2014-10-05 17:18 - 00427218 _____ () C:\Users\Helmut\Downloads\xp-AntiSpy_setup-deutsch_CB-DL-Manager [1].exe
2014-10-05 17:15 - 2014-10-05 17:15 - 00816064 _____ ( ) C:\Users\Helmut\Downloads\xp-AntiSpy_setup-deutsch_CB-DL-Manager.exe
2014-10-05 11:07 - 2014-10-05 11:07 - 02365840 _____ () C:\Users\Helmut\Downloads\SecurityTaskManager_Setup.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-04 12:13 - 2014-01-06 23:54 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-11-04 12:07 - 2009-07-14 05:45 - 00024400 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-04 12:07 - 2009-07-14 05:45 - 00024400 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-04 12:00 - 2014-10-04 11:22 - 01831560 _____ () C:\windows\WindowsUpdate.log
2014-11-04 09:09 - 2014-01-07 09:00 - 88883200 _____ () C:\windows\system32\config\SOFTWARE.iodefrag.bak
2014-11-04 09:09 - 2014-01-07 08:59 - 05885952 _____ () C:\windows\system32\config\DEFAULT.iodefrag.bak
2014-11-04 09:09 - 2014-01-07 08:59 - 00061440 _____ () C:\windows\system32\config\SAM.iodefrag.bak
2014-11-04 09:09 - 2014-01-07 08:59 - 00028672 _____ () C:\windows\system32\config\SECURITY.iodefrag.bak
2014-11-04 09:09 - 2012-11-06 11:41 - 00000000 ____D () C:\Users\Helmut
2014-11-03 18:36 - 2014-09-22 16:05 - 00000179 ____H () C:\Users\Helmut\Desktop\NewFileTime.ini
2014-11-03 15:06 - 2014-01-06 23:54 - 00000000 ____D () C:\ProgramData\ProductData
2014-11-03 09:13 - 2011-02-11 09:50 - 00735642 _____ () C:\windows\system32\perfh013.dat
2014-11-03 09:13 - 2011-02-11 09:50 - 00153310 _____ () C:\windows\system32\perfc013.dat
2014-11-03 09:13 - 2011-02-11 09:40 - 00732190 _____ () C:\windows\system32\perfh010.dat
2014-11-03 09:13 - 2011-02-11 09:40 - 00147054 _____ () C:\windows\system32\perfc010.dat
2014-11-03 09:13 - 2011-02-11 09:31 - 00737860 _____ () C:\windows\system32\perfh00C.dat
2014-11-03 09:13 - 2011-02-11 09:31 - 00149788 _____ () C:\windows\system32\perfc00C.dat
2014-11-03 09:13 - 2011-02-11 09:21 - 00699682 _____ () C:\windows\system32\perfh007.dat
2014-11-03 09:13 - 2011-02-11 09:21 - 00149790 _____ () C:\windows\system32\perfc007.dat
2014-11-03 09:13 - 2009-07-14 06:13 - 04275022 _____ () C:\windows\system32\PerfStringBackup.INI
2014-11-02 19:02 - 2012-05-10 22:30 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-02 17:16 - 2014-04-25 08:11 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-01 09:32 - 2014-04-27 08:26 - 00000000 ____D () C:\Users\Helmut\Desktop\Alte Firefox-Daten
2014-10-31 15:57 - 2012-11-06 15:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-31 11:50 - 2014-08-15 11:06 - 00000000 ____D () C:\Users\Helmut\AppData\Local\CrashDumps
2014-10-29 23:48 - 2012-05-11 22:47 - 00000000 ____D () C:\windows\Panther
2014-10-29 16:31 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\NDF
2014-10-28 12:08 - 2012-11-10 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2014-10-28 12:08 - 2012-11-10 09:35 - 00000000 ____D () C:\Program Files (x86)\Ashampoo
2014-10-28 11:45 - 2014-02-17 18:24 - 04189188 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-10-28 09:35 - 2012-05-10 22:25 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-10-28 09:35 - 2012-05-10 22:25 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-28 09:35 - 2012-05-10 22:25 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-10-28 09:34 - 2012-05-10 21:55 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-28 06:34 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-10-27 10:00 - 2012-05-10 22:30 - 00001124 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-27 08:54 - 2013-12-27 18:24 - 00000408 _____ () C:\windows\Tasks\DriverEasy Scheduled Scan.job
2014-10-26 18:50 - 2014-02-16 16:10 - 00000424 _____ () C:\windows\Tasks\Wise Care 365.job
2014-10-26 18:50 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-10-26 18:46 - 2014-02-14 11:28 - 00000000 ____D () C:\AdwCleaner
2014-10-26 16:55 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-10-26 16:53 - 2014-02-17 18:25 - 00000000 ____D () C:\Users\Helmut\AppData\Roaming\SoftGrid Client
2014-10-26 16:33 - 2014-02-16 16:10 - 00000404 _____ () C:\windows\Tasks\Wise Turbo Checker.job
2014-10-25 11:06 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-25 09:39 - 2014-10-03 14:33 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-10-25 09:39 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\Cursors
2014-10-25 08:57 - 2013-10-20 17:10 - 00000000 ____D () C:\Program Files (x86)\StarBurn Software
2014-10-25 08:42 - 2014-10-03 14:33 - 00001073 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-10-25 08:42 - 2014-10-03 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-10-22 15:59 - 2014-09-17 14:42 - 00002064 _____ () C:\windows\Sandboxie.ini
2014-10-20 08:17 - 2014-10-04 11:22 - 00001945 _____ () C:\windows\epplauncher.mif
2014-10-20 08:17 - 2014-10-04 11:21 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-10-20 08:17 - 2014-10-04 11:21 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-10-19 09:12 - 2009-07-14 05:45 - 00269272 _____ () C:\windows\system32\FNTCACHE.DAT
2014-10-19 09:06 - 2014-04-23 16:37 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-10-19 08:54 - 2013-08-17 11:14 - 00000000 ____D () C:\windows\system32\MRT
2014-10-17 13:43 - 2014-01-06 23:54 - 00000000 ____D () C:\Users\Helmut\AppData\Roaming\IObit
2014-10-17 07:50 - 2012-11-06 15:50 - 00001130 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-17 07:50 - 2012-11-06 15:50 - 00001118 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-15 15:50 - 2014-02-06 19:32 - 00000000 ____D () C:\Users\Helmut\AppData\Local\PasswordSafe
2014-10-15 15:42 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\LiveKernelReports
2014-10-15 15:07 - 2014-09-17 14:40 - 00003858 _____ () C:\windows\System32\Tasks\Opera scheduled Autoupdate 1410961218
2014-10-15 15:07 - 2014-09-17 14:40 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-10-14 16:06 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\Web
2014-10-14 08:40 - 2014-09-23 14:59 - 00058408 _____ () C:\Users\Helmut\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-12 18:16 - 2014-06-18 22:20 - 00000000 ____D () C:\Users\Helmut\Desktop\Neuer Ordner (3)
2014-10-12 18:14 - 2014-06-05 17:27 - 00000000 ____D () C:\Users\Helmut\Desktop\C5
2014-10-12 18:03 - 2014-08-19 20:43 - 00126976 ___SH () C:\Users\Helmut\Desktop\Thumbs.db
2014-10-07 09:19 - 2009-07-14 06:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2014-10-05 19:10 - 2009-07-14 06:08 - 00032632 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-10-05 18:48 - 2014-04-25 08:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
Files to move or delete:
====================
C:\Users\Helmut\mp3DirectCut.exe
Some content of TEMP:
====================
C:\Users\Helmut\AppData\Local\Temp\Privacy Optimizer Uninstaller.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2013-01-10 20:15
==================== End Of Log ============================
--- --- --- |
|
04.11.2014, 14:55
| #18 |
| /// TB-Ausbilder | Laptop gehackt! Ist das das ESET Logfile ?
__________________Das sieht normalerweise anders aus. Was genau hast da genutzt ? Ich sehe keine Informationen nur Pfade. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ |
|
04.11.2014, 18:54
| #19 |
| | Laptop gehackt!Code:
ATTFilter CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
emptytemp:
FRST.exe konnte nur bei deaktivierten Internet durchgeführt werden! Der ESET Text stammt vom Onlinescanner. Ich habe gemerkt,daß ich was falsch gemacht habe.Hier nun die Berichtigung: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-11-2014
Ran by Helmut at 2014-11-04 18:39:27 Run:1
Running from C:\Users\Helmut\Desktop
Loaded Profile: Helmut (Available profiles: Helmut)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
emptytemp:
*****************
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
EmptyTemp: => Removed 200.1 MB temporary data.
The system needed a reboot.
==== End of Fixlog ====
Geändert von hel47 (04.11.2014 um 17:34 Uhr) |
|
05.11.2014, 09:02
| #20 |
| /// TB-Ausbilder | Laptop gehackt! Ja, aber das kann nicht das komplette Logfile gewesen sein. Unter C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt sollte das komplette Log stehen, kannst du das bitte ungekürzt posten ?
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
|
05.11.2014, 17:34
| #21 |
| | Laptop gehackt! Es sind 4 Dateien auf dem Desktop,meinst du die? Code:
ATTFilter [.ShellClassInfo] LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769 IconResource=%SystemRoot%\system32\imageres.dll,-183 [LocalizedFileNames] Run.lnk=@%SystemRoot%\system32\shell32.dll,-127 Code:
ATTFilter [.ShellClassInfo] LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769 IconResource=%SystemRoot%\system32\imageres.dll,-183 [LocalizedFileNames] Run.lnk=@%SystemRoot%\system32\shell32.dll,-12710 Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=6993fcdb8f0e0f45bb2af50bb6a2ad60
# engine=20942
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-11-05 04:31:23
# local_time=2014-11-05 05:31:23 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 94 262513 1215466 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 27611 166834933 0 0
# compatibility_mode_1='Emsisoft Anti-Malware'
# compatibility_mode=16642 16777213 100 100 9637 216447371 0 0
# scanned=223235
# found=32
# cleaned=0
# scan_time=6891
# nod_component=V3 Build:0x30000000
sh=BE50098E2FA537D256FD60FFDF2DA32B43BAECB4 ft=0 fh=0000000000000000 vn="Variante von Android/Mobserv.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\MUServer.apk.vir"
sh=1FD24BAE5755536F5B1CDF3F46A6C75BFD137933 ft=0 fh=0000000000000000 vn="Variante von Android/Mobserv.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Helmut\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk.vir"
sh=BBEA242CC77F3C1F3734442F0C800E05B22D7152 ft=1 fh=fb3ba2c9167114af vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Helmut\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll.vir"
sh=AC80821257BA5F6E99BE8375597F06C21CD33AF3 ft=1 fh=2ef19f151d6452ff vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Helmut\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll.vir"
sh=1286BE3317251A3A4DEDD8794BA3035511E160E2 ft=1 fh=cb94be3fc97323f0 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Helmut\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.ChromeLocalPlugin.dll.vir"
sh=C11018C059C513F8A2B0E75C4CAA3A1DF1AA7FBA ft=1 fh=4069e6978f0e55ba vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Helmut\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.FireFoxLocalPlugin.dll.vir"
sh=C26590A395CB7AF0C18F3E06887126A5966C9E51 ft=1 fh=5cff4e441f48be70 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Helmut\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll.vir"
sh=29A22C6B0EFB212BF73C9F787BD4252FB8B65B06 ft=1 fh=f36b54ab57d080b3 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Helmut\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll.vir"
sh=67F6D6F084DB7012825A196A4D487B6A2731A2C7 ft=1 fh=307d32fcd242a31e vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Helmut\AppData\Local\Smartbar\Application\smta.dll.vir"
sh=16DA45A2DC2FFE0B7A121066311CFA5F8DD8C5AD ft=1 fh=1a75664674080c47 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Helmut\AppData\Local\Smartbar\Application\smtu.dll.vir"
sh=EB67C2E89E52025F3D2B2CF0074BC4BADF1D954F ft=1 fh=fb626be00482d04d vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Helmut\AppData\Local\Smartbar\Application\spbe.dll.vir"
sh=7307C4DE629E391EF71310DC344D91D7F5418032 ft=1 fh=c2d6c9a6490cc567 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Helmut\AppData\Local\Smartbar\Application\srau.dll.vir"
sh=37703B3CFC8731E02C802496A698EB572B31B702 ft=1 fh=d1edc0fb9743c5e0 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Helmut\AppData\Local\Smartbar\Application\srbs.dll.vir"
sh=7F09497F908DEBC06B17EF029878CEDCDD12860D ft=1 fh=77b66252dba872a6 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Helmut\AppData\Local\Smartbar\Application\srpu.dll.vir"
sh=61897FE467FE567D4E93C0E87AF1899DB5416CA2 ft=1 fh=2b4e98822df8a714 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\windows\System32\roboot64.exe.vir"
sh=395EFA475333AD69CAA9B3C936077F19C18E9D8D ft=1 fh=e04f965664c1032e vn="Variante von Win32/Toolbar.Visicom.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll"
sh=3519A17B76B6113C56EAFA45761AFDC404D3FDB1 ft=1 fh=b32fdf6a2c32fa5c vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawaretb.dll"
sh=66362D70954A79040858B9C743EBAAD8CD218D50 ft=1 fh=ba9c22da21ab1c66 vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe"
sh=ECAD0BD6E1F0A2E321F674E209E660FFF3DE5D42 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Babylon.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_27113\BabylonChrome1.crx"
sh=66362D70954A79040858B9C743EBAAD8CD218D50 ft=1 fh=ba9c22da21ab1c66 vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Helmut\Desktop\Alte Firefox-Daten\qgobtzek.default-1413209788260\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\dtUser.exe"
sh=8A3DA8FB53582A141FA6E789414FF85925FCB49B ft=1 fh=3d4517e6bcadc197 vn="Variante von Win32/Systweak.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Helmut\Downloads\adusetup_ashampoo.exe"
sh=AD8BC2C1BD90C1AB93613324E3C536B47AC7A419 ft=1 fh=f6b9bd3cd8ffcef8 vn="Win32/Systweak.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Helmut\Downloads\rcpsetup_2005.exe"
sh=662363BE04004F2EFAF4ED2B12400BCD8A9ECFC9 ft=1 fh=7dcb11e926d7b1b1 vn="Variante von Win32/InstallCore.QW evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Helmut\Downloads\SandboxieInstall_CB-DL-Manager.exe"
sh=94A7F9AD74470EFD3DD9E78C97DF815DB9FF232A ft=1 fh=a7ed7a8778302207 vn="Variante von Win32/SoftonicDownloader.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Helmut\Downloads\SoftonicDownloader_for_revealer-keylogger.exe"
sh=9E1A80618BAC3CDCB129CBD1F858452B431545DF ft=1 fh=aa5c80b81726eedb vn="Win32/Systweak.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Helmut\Downloads\tuppsetup_2005.exe"
sh=90AC7124AD9F3E43BB8048760308F73581546C52 ft=1 fh=c1a012b9361bd0ff vn="Variante von Win32/Systweak.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Helmut\Downloads\wzdu18.exe"
sh=59C90DD6CF49215BDAC4568B2A6B27D98DF31B39 ft=1 fh=7dcb11e98b68b308 vn="Variante von Win32/InstallCore.QW evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Helmut\Downloads\xp-AntiSpy_setup-deutsch_CB-DL-Manager.exe"
sh=7E7DB3BA40925260342B3BE45D0283D1606ADA6A ft=1 fh=105c227c4a6f1187 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Helmut\Downloads\zafwSetupWeb_120_104_000.exe"
sh=66C5A81F475C4E95CE4E09BFAD23CB5598170679 ft=1 fh=7d83a6cb031e2e24 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Helmut\Downloads\zafwSetupWeb_132_015_000.exe"
sh=7B4F452ECFD82D21FF7BA490A479EA0F686A3086 ft=1 fh=5cd9cb0ea3ee43cb vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Helmut\Downloads\zaSuiteSetupWeb_120_104_000.exe"
sh=C53462209F30DE063DA5569DEBFDC97724CCEF70 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Babylon.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\14a7e6.msi"
sh=62F73D53591919563A4B714436D59988211264E1 ft=0 fh=0000000000000000 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\be57f.msi"
|
|
06.11.2014, 08:57
| #22 |
| /// TB-Ausbilder | Laptop gehackt! OK, das ESET Log war schon mal hilfreich. Ich sehe einige Downloader von Softonic oder ComputerBild, diese kommen nahezu immer mit AdWare. Mein Tipp dazu:  Chip/Softonic Downloader:Bei Chip.de und Softonic gibt es beim Download zwei Möglichkeiten: einmal den Chip Downloader mit DownloadSponsor, der Werbung mitbringt und gern versucht, den User dazu zu überreden, noch diese und jene Toolbar zu installieren. Und es gibt immer den alternativen Download, das ist die eigentliche Anwendung als Setup, so wie sie vom Hersteller kommt. Der Alternativlink ist genau unter der Chip Download-Schaltfläche. Auch ist Ad-Aware nicht mehr sonderlich effektiv, dann lieber auf Malwarebytes umsteigen, bei der Free Version muss man halt von Hand scannen. Eset hat wie gesagt, nur noch AdWare/Toolbars gefunden, ich habe aus der Fixlist erstmal die Sachen für Ad Aware usw. rausgenommen: Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter "C:\Users\Helmut\Downloads\adusetup_ashampoo.exe"
"C:\Users\Helmut\Downloads\rcpsetup_2005.exe"
"C:\Users\Helmut\Downloads\SandboxieInstall_CB-DL-Manager.exe"
"C:\Users\Helmut\Downloads\SoftonicDownloader_for_revealer-keylogger.exe"
"C:\Users\Helmut\Downloads\tuppsetup_2005.exe"
"C:\Users\Helmut\Downloads\wzdu18.exe"
"C:\Users\Helmut\Downloads\xp-AntiSpy_setup-deutsch_CB-DL-Manager.exe"
"C:\Users\Helmut\Downloads\zafwSetupWeb_120_104_000.exe"
="C:\Users\Helmut\Downloads\zafwSetupWeb_132_015_000.exe"
"C:\Users\Helmut\Downloads\zaSuiteSetupWeb_120_104_000.exe"
"C:\Windows\Installer\14a7e6.msi"
"C:\Windows\Installer\be57f.msi"
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Macht der Rechner denn noch ungewollt Webseiten auf ?
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
|
06.11.2014, 09:58
| #23 |
| | Laptop gehackt! Ich weiß nicht ob ich was verkehrt gemacht habe.ich habe die notepaddatei in FRST- Datei gezogen und nach der fixtaste kam :No fixlist found. The fixlist.text should be in the Same folder/directory tool is located. Seiten gehen nicht mehr ungewollt auf. |
|
06.11.2014, 13:23
| #24 | |
| /// TB-Ausbilder | Laptop gehackt!Zitat:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet). Schau auch, ob die Datei den richtigen Namen hat.
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
|
06.11.2014, 13:27
| #25 |
| /// TB-Ausbilder | Laptop gehackt! Bevor wir lange "rumdoktorn", hab ich die Fixlist.txt für dich erstellt und als Anhang beigefügt. Einfach ins Verzeichnis/Desktop kopieren, dort wo die FRST.exe /Frst64.exe liegt.
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
|
06.11.2014, 15:22
| #26 |
| | Laptop gehackt!Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-11-2014
Ran by Helmut at 2014-11-06 15:12:13 Run:2
Running from C:\Users\Helmut\Desktop
Loaded Profile: Helmut (Available profiles: Helmut)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
*****************
==== End of Fixlog ====
|
|
07.11.2014, 08:51
| #27 | |
| /// TB-Ausbilder | Laptop gehackt!Zitat:
Bitte meine Datei verwenden.
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
|
07.11.2014, 09:27
| #28 |
| | Laptop gehackt!Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-11-2014
Ran by Helmut at 2014-11-07 09:16:52 Run:3
Running from C:\Users\Helmut\Desktop
Loaded Profile: Helmut (Available profiles: Helmut)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
"C:\Users\Helmut\Downloads\adusetup_ashampoo.exe"
"C:\Users\Helmut\Downloads\rcpsetup_2005.exe"
"C:\Users\Helmut\Downloads\SandboxieInstall_CB-DL-Manager.exe"
"C:\Users\Helmut\Downloads\SoftonicDownloader_for_revealer-keylogger.exe"
"C:\Users\Helmut\Downloads\tuppsetup_2005.exe"
"C:\Users\Helmut\Downloads\wzdu18.exe"
"C:\Users\Helmut\Downloads\xp-AntiSpy_setup-deutsch_CB-DL-Manager.exe"
"C:\Users\Helmut\Downloads\zafwSetupWeb_120_104_000.exe"
="C:\Users\Helmut\Downloads\zafwSetupWeb_132_015_000.exe"
"C:\Users\Helmut\Downloads\zaSuiteSetupWeb_120_104_000.exe"
"C:\Windows\Installer\14a7e6.msi"
"C:\Windows\Installer\be57f.msi"
*****************
C:\Users\Helmut\Downloads\adusetup_ashampoo.exe => Moved successfully.
C:\Users\Helmut\Downloads\rcpsetup_2005.exe => Moved successfully.
C:\Users\Helmut\Downloads\SandboxieInstall_CB-DL-Manager.exe => Moved successfully.
C:\Users\Helmut\Downloads\SoftonicDownloader_for_revealer-keylogger.exe => Moved successfully.
C:\Users\Helmut\Downloads\tuppsetup_2005.exe => Moved successfully.
C:\Users\Helmut\Downloads\wzdu18.exe => Moved successfully.
C:\Users\Helmut\Downloads\xp-AntiSpy_setup-deutsch_CB-DL-Manager.exe => Moved successfully.
C:\Users\Helmut\Downloads\zafwSetupWeb_120_104_000.exe => Moved successfully.
="C:\Users\Helmut\Downloads\zafwSetupWeb_132_015_000.exe" => Error: No automatic fix found for this entry.
C:\Users\Helmut\Downloads\zaSuiteSetupWeb_120_104_000.exe => Moved successfully.
C:\Windows\Installer\14a7e6.msi => Moved successfully.
C:\Windows\Installer\be57f.msi => Moved successfully.
==== End of Fixlog ====
|
|
07.11.2014, 11:05
| #29 |
| /// TB-Ausbilder | Laptop gehackt! Was für Aktivitäten ?
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
|
07.11.2014, 14:47
| #30 |
| | Laptop gehackt! Es kamen von Online Armor Firewall Ob ich FRST erlaube.ich hatte bejaht aber dann wollte sie ob ich auch Musik erlaube,da hatte ich geblockt. |
|
