Hallo
Nun Diese Meldung kam von Virenscan.
Anwendung: WLIDSVC.EXE
Gestartet: services.exe
Habe ich auf erlauben geklickt.
Nach dem Malwarebytes Programm habe ich keine Internet Verbindung mehr.
Wie bekomme ich eine Verbindung zum Internet wieder hergestellt?
Viele Grüße
Alexsus
Hier nun die LogDateien. Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Protection, 30.06.2014 11:25:13, SYSTEM, CHEF, Protection, Malware Protection, Starting,
Protection, 30.06.2014 11:25:13, SYSTEM, CHEF, Protection, Malware Protection, Started,
Protection, 30.06.2014 11:25:13, SYSTEM, CHEF, Protection, Malicious Website Protection, Starting,
Update, 30.06.2014 11:25:15, SYSTEM, CHEF, Manual, Rootkit Database, 2014.2.20.1, 2014.6.23.2,
Update, 30.06.2014 11:25:20, SYSTEM, CHEF, Manual, Malware Database, 2014.3.4.9, 2014.6.30.4,
Protection, 30.06.2014 11:25:21, SYSTEM, CHEF, Protection, Refresh, Starting,
Protection, 30.06.2014 11:25:33, SYSTEM, CHEF, Protection, Malicious Website Protection, Started,
Protection, 30.06.2014 11:25:33, SYSTEM, CHEF, Protection, Malicious Website Protection, Stopping,
Protection, 30.06.2014 11:25:33, SYSTEM, CHEF, Protection, Malicious Website Protection, Stopped,
Protection, 30.06.2014 11:25:35, SYSTEM, CHEF, Protection, Refresh, Success,
Protection, 30.06.2014 11:25:35, SYSTEM, CHEF, Protection, Malicious Website Protection, Starting,
Protection, 30.06.2014 11:25:36, SYSTEM, CHEF, Protection, Malicious Website Protection, Started,
Detection, 30.06.2014 11:27:52, SYSTEM, CHEF, Protection, Malware Protection, File, PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\SearchProtect64.dll, Quarantine, [d1cb7e0095e6211536d0246702ff8080]
Detection, 30.06.2014 11:28:16, Erbel, CHEF, Protection, Malware Protection, File, PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\SearchProtect32.dll, Quarantine, [2e6e5b2397e4cd6913f3f695ae53cb35]
Detection, 30.06.2014 11:28:17, Erbel, CHEF, Protection, Malware Protection, File, PUP.Optional.Skytech.A, c:\program files (x86)\suptab\searchprotect64.dll, Quarantine, [d1cb7e0095e6211536d0246702ff8080]
Protection, 30.06.2014 11:28:17, SYSTEM, CHEF, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\suptab\searchprotect64.dll,
Error, 30.06.2014 11:28:17, SYSTEM, CHEF, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\suptab\searchprotect64.dll,
Detection, 30.06.2014 11:28:37, SYSTEM, CHEF, Protection, Malware Protection, File, PUP.Optional.Skytech.A, c:\program files (x86)\suptab\searchprotect32.dll, Quarantine, [2e6e5b2397e4cd6913f3f695ae53cb35]
Protection, 30.06.2014 11:28:37, SYSTEM, CHEF, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\suptab\searchprotect32.dll,
Error, 30.06.2014 11:28:37, SYSTEM, CHEF, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\suptab\searchprotect32.dll,
Detection, 30.06.2014 11:30:42, SYSTEM, CHEF, Protection, Malware Protection, File, PUP.Optional.Skytech.A, c:\program files (x86)\suptab\searchprotect32.dll, Quarantine, [2e6e5b2397e4cd6913f3f695ae53cb35]
Detection, 30.06.2014 11:30:42, Erbel, CHEF, Protection, Malware Protection, File, PUP.Optional.Skytech.A, c:\program files (x86)\suptab\searchprotect64.dll, Quarantine, [d1cb7e0095e6211536d0246702ff8080]
Protection, 30.06.2014 11:30:42, SYSTEM, CHEF, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\suptab\searchprotect32.dll,
Error, 30.06.2014 11:30:42, SYSTEM, CHEF, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\suptab\searchprotect32.dll,
Protection, 30.06.2014 11:30:42, SYSTEM, CHEF, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\suptab\searchprotect64.dll,
Error, 30.06.2014 11:30:42, SYSTEM, CHEF, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\suptab\searchprotect64.dll,
Detection, 30.06.2014 11:32:42, Erbel, CHEF, Protection, Malware Protection, File, PUP.Optional.Skytech.A, c:\program files (x86)\suptab\searchprotect32.dll, Quarantine, [2e6e5b2397e4cd6913f3f695ae53cb35]
Detection, 30.06.2014 11:32:42, Erbel, CHEF, Protection, Malware Protection, File, PUP.Optional.Skytech.A, c:\program files (x86)\suptab\searchprotect64.dll, Quarantine, [d1cb7e0095e6211536d0246702ff8080]
Protection, 30.06.2014 11:32:43, SYSTEM, CHEF, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\suptab\searchprotect64.dll,
Error, 30.06.2014 11:32:43, SYSTEM, CHEF, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\suptab\searchprotect64.dll,
Error, 30.06.2014 11:32:43, SYSTEM, CHEF, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\suptab\searchprotect32.dll,
Detection, 30.06.2014 11:34:26, SYSTEM, CHEF, Protection, Malware Protection, File, PUP.Optional.Skytech.A, c:\program files (x86)\suptab\searchprotect64.dll, Quarantine, [d1cb7e0095e6211536d0246702ff8080]
Protection, 30.06.2014 11:34:26, SYSTEM, CHEF, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\suptab\searchprotect64.dll,
Error, 30.06.2014 11:34:26, SYSTEM, CHEF, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\suptab\searchprotect64.dll,
Detection, 30.06.2014 11:34:52, SYSTEM, CHEF, Protection, Malware Protection, File, PUP.Optional.Skytech.A, c:\program files (x86)\suptab\searchprotect64.dll, Quarantine, [d1cb7e0095e6211536d0246702ff8080]
Protection, 30.06.2014 11:34:52, SYSTEM, CHEF, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\suptab\searchprotect64.dll,
Error, 30.06.2014 11:34:52, SYSTEM, CHEF, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\suptab\searchprotect64.dll,
Protection, 30.06.2014 11:36:30, SYSTEM, CHEF, Protection, Malware Protection, Starting,
Protection, 30.06.2014 11:36:30, SYSTEM, CHEF, Protection, Malware Protection, Started,
Protection, 30.06.2014 11:36:30, SYSTEM, CHEF, Protection, Malicious Website Protection, Starting,
Protection, 30.06.2014 11:36:59, SYSTEM, CHEF, Protection, Malicious Website Protection, Started,
(end) Code:
# AdwCleaner v3.214 - Bericht erstellt am 30/06/2014 um 12:19:09
# Aktualisiert 29/06/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Erbel - CHEF
# Gestartet von : I:\adwcleaner_3.214.exe
# Option : Lˆschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelˆscht : C:\Save
Ordner Gelˆscht : C:\ProgramData\ParetoLogic
Ordner Gelˆscht : C:\ProgramData\Partner
Ordner Gelˆscht : C:\Program Files\003
Ordner Gelˆscht : C:\Program Files\SupraSavings
Ordner Gelˆscht : C:\Users\Erbel\AppData\Roaming\DriverCure
Ordner Gelˆscht : C:\Users\Erbel\AppData\Roaming\ParetoLogic
Ordner Gelˆscht : C:\Users\Erbel\AppData\Roaming\SupTab
Ordner Gelˆscht : C:\Users\Erbel\AppData\Roaming\Systweak
Datei Gelˆscht : C:\Windows\System32\roboot64.exe
***** [ Verkn¸pfungen ] *****
Verkn¸pfung Desinfiziert : C:\Users\Erbel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verkn¸pfung Desinfiziert : C:\Users\Erbel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verkn¸pfung Desinfiziert : C:\Users\Erbel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
***** [ Registrierungsdatenbank ] *****
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Schl¸ssel Gelˆscht : HKCU\Software\ParetoLogic
Schl¸ssel Gelˆscht : HKCU\Software\systweak
Schl¸ssel Gelˆscht : HKLM\Software\ParetoLogic
Schl¸ssel Gelˆscht : HKLM\Software\SupDp
Schl¸ssel Gelˆscht : HKLM\Software\SupTab
Schl¸ssel Gelˆscht : HKLM\Software\systweak
Schl¸ssel Gelˆscht : HKLM\Software\Wpm
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17126
-\\ Mozilla Firefox v30.0 (de)
[ Datei : C:\Users\Erbel\AppData\Roaming\Mozilla\Firefox\Profiles\3yfzrtza.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [2605 octets] - [30/06/2014 12:12:31]
AdwCleaner[S0].txt - [2100 octets] - [30/06/2014 12:19:09]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2160 octets] ########## Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by Erbel on 30.06.2014 at 12:22:59,61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\Erbel\appdata\local\{9551DBE6-18C3-4EE8-B19F-0FE8125321E1}
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.06.2014 at 12:26:58,26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2014 (ATTENTION: ====> FRST version is 8 days old and could be outdated)
Ran by Erbel (administrator) on CHEF on 30-06-2014 12:31:33
Running from C:\Users\Erbel\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
() C:\Program Files (x86)\CB78F643-3729-434F-8C25-F28D15F025F3\SupraSavingsService64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\Lucidlogix Technologies\VIRTU\VirtuControlPanel.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Fujitsu Technology Solutions) C:\Fujitsu\Programs\Deskupdate\DeskUpdateNotifier.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [VIRTU] => C:\Program Files\Lucidlogix Technologies\VIRTU\VirtuControlPanel.Exe [2596168 2012-07-05] ()
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe /t
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DeskUpdateNotifier] => c:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe [101728 2013-12-11] (Fujitsu Technology Solutions)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
==================== Internet (Whitelisted) ====================
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:49171;https=127.0.0.1:49171
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSH&bmod=FTSH
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {3EA29DCC-47BF-496A-B38E-9AD502D0B960} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Erbel\AppData\Roaming\Mozilla\Firefox\Profiles\3yfzrtza.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
==================== Services (Whitelisted) =================
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2464400 2012-11-20] (Realsil Microelectronics Inc.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-29] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-29] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 SAService; C:\Windows\SysWOW64\SAsrv.exe [440320 2011-09-01] (Conexant Systems, Inc.) [File not signed]
R2 SupraSavingsService64; C:\Program Files (x86)\CB78F643-3729-434F-8C25-F28D15F025F3\SupraSavingsService64.exe [172544 2014-06-25] () [File not signed]
==================== Drivers (Whitelisted) ====================
S3 FscBapi; C:\Windows\System32\DRIVERS\FscBapi.sys [19456 2011-12-15] (Fujitsu Technology Solutions)
R3 FscEfDmi; C:\Windows\System32\DRIVERS\FscEfDmi.sys [17920 2012-07-25] (Fujitsu Technology Solutions)
R3 FscGabi; C:\Windows\System32\DRIVERS\FscGabi.sys [22016 2011-12-15] (Fujitsu Technology Solutions)
S3 FUJ02E3; C:\Windows\system32\drivers\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-01] (Intel Corporation)
R0 lucidpci; C:\Windows\System32\DRIVERS\lucidpci.sys [27464 2012-07-05] (Lucidlogix Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-30] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-06-12] (NetFilterSDK.com)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-30 12:26 - 2014-06-30 12:26 - 00000733 _____ () C:\Users\Erbel\Desktop\JRT.txt
2014-06-30 12:22 - 2014-06-30 12:22 - 00000000 ____D () C:\Windows\ERUNT
2014-06-30 12:20 - 2014-06-30 12:20 - 00000000 ____D () C:\Program Files\SupraSavings
2014-06-30 12:12 - 2014-06-30 12:19 - 00000000 ____D () C:\AdwCleaner
2014-06-30 11:25 - 2014-06-30 12:21 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-30 11:25 - 2014-06-30 11:25 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-30 11:25 - 2014-06-30 11:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-30 11:25 - 2014-06-30 11:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-30 11:25 - 2014-06-30 11:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-30 11:25 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-30 11:25 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-30 11:25 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-30 11:24 - 2014-06-30 11:24 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Erbel\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-30 11:22 - 2014-06-30 11:22 - 00001165 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-30 11:22 - 2014-06-30 11:22 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-30 11:20 - 2014-06-30 11:21 - 29677544 _____ (Mozilla) C:\Users\Erbel\Downloads\Firefox Setup 30.0.exe
2014-06-30 10:10 - 2014-06-30 10:10 - 00000000 ____D () C:\Program Files (x86)\CB78F643-3729-434F-8C25-F28D15F025F3
2014-06-30 09:25 - 2014-06-30 10:09 - 00000000 ____D () C:\Users\Erbel\AppData\Local\CrashDumps
2014-06-28 08:32 - 2014-06-28 08:32 - 00023145 _____ () C:\ComboFix.txt
2014-06-28 08:05 - 2014-06-28 08:33 - 00000000 ____D () C:\Qoobox
2014-06-28 08:05 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-28 08:05 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-28 08:05 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-28 08:05 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-28 08:05 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-28 08:05 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-28 08:05 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-28 08:05 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-28 08:03 - 2014-06-28 08:28 - 00000000 ____D () C:\Windows\erdnt
2014-06-28 08:02 - 2014-06-28 08:07 - 05212118 ____R (Swearware) C:\Users\Erbel\Desktop\ComboFix.exe
2014-06-24 15:35 - 2014-06-30 12:27 - 00000000 ____D () C:\Users\Erbel\Desktop\Wichtig für ALEX
2014-06-24 15:26 - 2014-06-30 12:31 - 00012339 _____ () C:\Users\Erbel\Downloads\FRST.txt
2014-06-24 15:26 - 2014-06-24 16:00 - 00032684 _____ () C:\Users\Erbel\Downloads\Addition.txt
2014-06-24 15:25 - 2014-06-30 12:31 - 00000000 ____D () C:\FRST
2014-06-24 15:22 - 2014-06-24 15:22 - 02082816 _____ (Farbar) C:\Users\Erbel\Downloads\FRST64.exe
2014-06-24 12:43 - 2014-06-24 12:48 - 00000000 ____D () C:\Users\Erbel\Documents\Tütentexte
2014-06-23 12:14 - 2014-06-30 11:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-12 21:05 - 2014-06-12 21:05 - 00046376 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter64.sys
2014-06-11 11:47 - 2014-06-11 11:48 - 00441354 _____ (Hopfgartner Niklas ) C:\Users\Erbel\Downloads\setup152(1).exe
2014-06-11 11:47 - 2014-06-11 11:47 - 00441354 _____ (Hopfgartner Niklas ) C:\Users\Erbel\Downloads\setup152.exe
2014-06-11 10:40 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 10:40 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 10:40 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 10:40 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 10:40 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 10:40 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 10:40 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 10:40 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 10:40 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 10:40 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 10:40 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 10:40 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 10:40 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 10:40 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 10:40 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 10:40 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 10:40 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 10:40 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 10:40 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 10:40 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 10:40 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 10:40 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 10:40 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 10:40 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 10:40 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-11 10:40 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 10:40 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 10:40 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 10:40 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 10:40 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 10:40 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 10:40 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 10:40 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-11 10:40 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 10:40 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 10:40 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 10:40 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-11 10:40 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 10:40 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 10:40 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 10:40 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 10:40 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 10:40 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 10:40 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-11 10:40 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 10:40 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 10:40 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 10:40 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 10:40 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 10:40 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 10:40 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 10:40 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-11 10:40 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-11 10:40 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-11 10:40 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 10:40 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 10:40 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 10:40 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 10:40 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 10:40 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 10:40 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 10:40 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 10:40 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 10:40 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 10:40 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 10:40 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-03 13:49 - 2014-06-03 13:49 - 00000000 ____D () C:\Users\Erbel\AppData\Local\Adobe
2014-06-03 09:12 - 2014-06-03 09:11 - 00010495 ____T () C:\Users\Erbel\Documents\Monatsverbrauch Rösch14.5.ods
2014-06-03 04:55 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-06-03 04:55 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-06-02 19:04 - 2014-06-02 19:04 - 00004471 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log
2014-06-02 19:04 - 2014-06-02 19:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-02 19:04 - 2014-05-07 15:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-02 19:04 - 2014-05-07 14:59 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-02 19:04 - 2014-05-07 14:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-02 19:04 - 2014-05-07 14:58 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-02 19:02 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-06-02 19:02 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-06-02 19:02 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-06-02 19:02 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-06-02 19:02 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-06-02 19:02 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-06-02 19:02 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-06-02 19:02 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-06-02 19:02 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-06-02 19:02 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-06-02 19:02 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-06-02 19:02 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-06-02 19:02 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-06-02 19:02 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-06-02 19:02 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-06-02 19:02 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-06-02 19:01 - 2014-06-02 19:01 - 00918952 _____ (Oracle Corporation) C:\Users\Erbel\Downloads\jxpiinstall.exe
2014-06-02 18:58 - 2013-09-25 04:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-06-02 18:58 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-06-02 17:23 - 2014-06-02 17:23 - 00000000 ____D () C:\Users\Erbel\AppData\Local\G DATA
2014-06-02 17:13 - 2014-06-02 17:13 - 00000779 _____ () C:\Users\Erbel\AppData\Roaming\gdscan.log
2014-06-02 17:13 - 2014-06-02 17:13 - 00000000 _____ () C:\Users\Erbel\AppData\Roaming\gdfw.log
2014-06-02 17:12 - 2014-06-30 09:53 - 00000000 ____D () C:\Program Files (x86)\G Data
2014-06-02 16:52 - 2014-06-02 16:56 - 465796320 _____ (G Data Software AG) C:\Users\Erbel\Downloads\INT_R_FUL_2015_IS.exe
2014-06-02 16:52 - 2014-06-02 16:52 - 00411144 _____ () C:\Users\Erbel\Downloads\AVCleaner.exe
==================== One Month Modified Files and Folders =======
2014-06-30 12:31 - 2014-06-24 15:26 - 00012339 _____ () C:\Users\Erbel\Downloads\FRST.txt
2014-06-30 12:31 - 2014-06-24 15:25 - 00000000 ____D () C:\FRST
2014-06-30 12:27 - 2014-06-24 15:35 - 00000000 ____D () C:\Users\Erbel\Desktop\Wichtig für ALEX
2014-06-30 12:27 - 2011-02-11 16:47 - 00700470 _____ () C:\Windows\system32\perfh007.dat
2014-06-30 12:27 - 2011-02-11 16:47 - 00150108 _____ () C:\Windows\system32\perfc007.dat
2014-06-30 12:27 - 2009-07-14 07:13 - 01624106 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-30 12:27 - 2009-07-14 06:45 - 00016768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-30 12:27 - 2009-07-14 06:45 - 00016768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-30 12:26 - 2014-06-30 12:26 - 00000733 _____ () C:\Users\Erbel\Desktop\JRT.txt
2014-06-30 12:22 - 2014-06-30 12:22 - 00000000 ____D () C:\Windows\ERUNT
2014-06-30 12:21 - 2014-06-30 11:25 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-30 12:20 - 2014-06-30 12:20 - 00000000 ____D () C:\Program Files\SupraSavings
2014-06-30 12:20 - 2013-04-26 12:47 - 00013721 _____ () C:\Windows\setupact.log
2014-06-30 12:20 - 2010-11-21 05:47 - 01143354 _____ () C:\Windows\PFRO.log
2014-06-30 12:20 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-30 12:19 - 2014-06-30 12:12 - 00000000 ____D () C:\AdwCleaner
2014-06-30 12:19 - 2012-09-21 20:07 - 00001001 _____ () C:\Users\Erbel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-30 12:19 - 2012-09-21 19:55 - 01361483 _____ () C:\Windows\WindowsUpdate.log
2014-06-30 12:04 - 2012-10-02 14:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-30 11:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-30 11:34 - 2012-09-21 19:58 - 00000000 ____D () C:\Windows\PCHEALTH
2014-06-30 11:27 - 2012-09-27 13:56 - 00000000 ____D () C:\Users\Erbel\Documents\Outlook-Dateien
2014-06-30 11:25 - 2014-06-30 11:25 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-30 11:25 - 2014-06-30 11:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-30 11:25 - 2014-06-30 11:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-30 11:25 - 2014-06-30 11:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-30 11:24 - 2014-06-30 11:24 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Erbel\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-30 11:22 - 2014-06-30 11:22 - 00001165 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-30 11:22 - 2014-06-30 11:22 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-30 11:22 - 2014-06-23 12:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-30 11:22 - 2012-09-24 21:40 - 00000000 ____D () C:\Users\Erbel\AppData\Roaming\Mozilla
2014-06-30 11:22 - 2012-09-24 21:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-30 11:21 - 2014-06-30 11:20 - 29677544 _____ (Mozilla) C:\Users\Erbel\Downloads\Firefox Setup 30.0.exe
2014-06-30 10:10 - 2014-06-30 10:10 - 00000000 ____D () C:\Program Files (x86)\CB78F643-3729-434F-8C25-F28D15F025F3
2014-06-30 10:09 - 2014-06-30 09:25 - 00000000 ____D () C:\Users\Erbel\AppData\Local\CrashDumps
2014-06-30 09:53 - 2014-06-02 17:12 - 00000000 ____D () C:\Program Files (x86)\G Data
2014-06-30 09:52 - 2012-09-22 19:35 - 00000000 ____D () C:\ProgramData\G DATA
2014-06-30 09:48 - 2013-03-13 13:19 - 00000000 ____D () C:\Users\Erbel\Documents\Telefonlisten
2014-06-28 08:33 - 2014-06-28 08:05 - 00000000 ____D () C:\Qoobox
2014-06-28 08:32 - 2014-06-28 08:32 - 00023145 _____ () C:\ComboFix.txt
2014-06-28 08:32 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-06-28 08:28 - 2014-06-28 08:03 - 00000000 ____D () C:\Windows\erdnt
2014-06-28 08:17 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-28 08:07 - 2014-06-28 08:02 - 05212118 ____R (Swearware) C:\Users\Erbel\Desktop\ComboFix.exe
2014-06-26 12:24 - 2013-11-26 10:45 - 00000000 ____D () C:\Users\Erbel\Documents\Zettel
2014-06-24 16:00 - 2014-06-24 15:26 - 00032684 _____ () C:\Users\Erbel\Downloads\Addition.txt
2014-06-24 15:22 - 2014-06-24 15:22 - 02082816 _____ (Farbar) C:\Users\Erbel\Downloads\FRST64.exe
2014-06-24 12:48 - 2014-06-24 12:43 - 00000000 ____D () C:\Users\Erbel\Documents\Tütentexte
2014-06-18 12:00 - 2014-01-13 12:12 - 00000000 ____D () C:\Users\Erbel\Documents\München
2014-06-18 07:53 - 2013-03-13 14:26 - 00000000 ____D () C:\Users\Erbel\Documents\Versand- Nicole
2014-06-17 12:48 - 2013-10-21 10:22 - 00000000 ____D () C:\Users\Erbel\Documents\Produkte
2014-06-12 21:05 - 2014-06-12 21:05 - 00046376 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter64.sys
2014-06-12 03:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-12 03:03 - 2013-07-30 03:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 03:02 - 2012-09-22 21:42 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-12 03:01 - 2012-09-24 21:33 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-11 11:48 - 2014-06-11 11:47 - 00441354 _____ (Hopfgartner Niklas ) C:\Users\Erbel\Downloads\setup152(1).exe
2014-06-11 11:47 - 2014-06-11 11:47 - 00441354 _____ (Hopfgartner Niklas ) C:\Users\Erbel\Downloads\setup152.exe
2014-06-03 13:49 - 2014-06-03 13:49 - 00000000 ____D () C:\Users\Erbel\AppData\Local\Adobe
2014-06-03 09:11 - 2014-06-03 09:12 - 00010495 ____T () C:\Users\Erbel\Documents\Monatsverbrauch Rösch14.5.ods
2014-06-02 19:12 - 2012-09-21 20:04 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-06-02 19:08 - 2012-10-02 14:29 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-02 19:08 - 2012-10-02 14:29 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-02 19:08 - 2012-10-02 14:29 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-02 19:05 - 2013-12-16 17:26 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-02 19:04 - 2014-06-02 19:04 - 00004471 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log
2014-06-02 19:04 - 2014-06-02 19:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-02 19:04 - 2013-04-26 12:26 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-02 19:02 - 2011-12-23 20:55 - 01597450 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-06-02 19:01 - 2014-06-02 19:01 - 00918952 _____ (Oracle Corporation) C:\Users\Erbel\Downloads\jxpiinstall.exe
2014-06-02 17:23 - 2014-06-02 17:23 - 00000000 ____D () C:\Users\Erbel\AppData\Local\G DATA
2014-06-02 17:13 - 2014-06-02 17:13 - 00000779 _____ () C:\Users\Erbel\AppData\Roaming\gdscan.log
2014-06-02 17:13 - 2014-06-02 17:13 - 00000000 _____ () C:\Users\Erbel\AppData\Roaming\gdfw.log
2014-06-02 17:12 - 2014-05-02 13:32 - 00004018 _____ () C:\Windows\DPINST.LOG
2014-06-02 17:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Setup
2014-06-02 17:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\oobe
2014-06-02 17:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\com
2014-06-02 16:56 - 2014-06-02 16:52 - 465796320 _____ (G Data Software AG) C:\Users\Erbel\Downloads\INT_R_FUL_2015_IS.exe
2014-06-02 16:52 - 2014-06-02 16:52 - 00411144 _____ () C:\Users\Erbel\Downloads\AVCleaner.exe
Some content of TEMP:
====================
C:\Users\Erbel\AppData\Local\Temp\adks_omiga-plus_20140623.exe
C:\Users\Erbel\AppData\Local\Temp\aff_setup.exe
C:\Users\Erbel\AppData\Local\Temp\CloudBackup7254.exe
C:\Users\Erbel\AppData\Local\Temp\Quarantine.exe
C:\Users\Erbel\AppData\Local\Temp\ssupsetup_binstall3.exe
C:\Users\Erbel\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Erbel\AppData\Local\Temp\WdfCoInstaller01007.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-28 00:23
==================== End Of Log ============================ --- --- --- |