BoringTomato | 23.06.2014 18:24 | Ok, alles erledigt. Hier die Logs:
MBAM: Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 23.06.2014
Suchlauf-Zeit: 18:16:14
Logdatei: mbam.txt
Administrator: Ja
Version: 2.00.2.1012
Malware Datenbank: v2014.06.23.10
Rootkit Datenbank: v2014.06.20.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: *****
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 330487
Verstrichene Zeit: 9 Min, 35 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 1
PUP.Optional.WindowsUpdateService.A, C:\Program Files (x86)\Security Updates Service\winupdsvc.exe, 1064, Löschen bei Neustart, [bd29abd0f487e35330273316f30de41c]
Module: 0
(No malicious items detected)
Registrierungsschlüssel: 8
PUP.Optional.WindowsUpdateService.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Security Updates Service, In Quarantäne, [bd29abd0f487e35330273316f30de41c],
PUP.Optional.GetNow.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{F126C9FC-9299-40F2-BD42-C59023AD1E7F}, In Quarantäne, [c91dc2b92d4ea690873752f727dbe21e],
PUP.Optional.GetNow.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{237FDFDB-3722-470E-8BA8-90196DABE967}, In Quarantäne, [c91dc2b92d4ea690873752f727dbe21e],
PUP.Optional.GetNow.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{237FDFDB-3722-470E-8BA8-90196DABE967}, In Quarantäne, [c91dc2b92d4ea690873752f727dbe21e],
PUP.Optional.GetNow.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{F126C9FC-9299-40F2-BD42-C59023AD1E7F}, In Quarantäne, [c91dc2b92d4ea690873752f727dbe21e],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\suprasavings, In Quarantäne, [519585f6abd0979f76be06b7e71b9868],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\suprasavings, In Quarantäne, [9254ec8f54275ed896d6e2d8649e18e8],
PUP.Optional.SupraSavings.A, HKU\S-1-5-21-1217699553-3716128148-941317649-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\suprasavings, In Quarantäne, [885eaecd502b73c3999dc1fce022ab55],
Registrierungswerte: 0
(No malicious items detected)
Registrierungsdaten: 0
(No malicious items detected)
Ordner: 2
PUP.Optional.SupraSavings.A, C:\Program Files\suprasavings, In Quarantäne, [b036cfacd6a5d95d49fb1582dd258b75],
PUP.Optional.SecurityUpdatesService.A, C:\Program Files (x86)\Security Updates Service, Löschen bei Neustart, [925479027dfe6ec8f6abdfc556acd030],
Dateien: 3
PUP.Optional.WindowsUpdateService.A, C:\Program Files (x86)\Security Updates Service\winupdsvc.exe, Löschen bei Neustart, [bd29abd0f487e35330273316f30de41c],
PUP.Optional.SupraSavings.A, C:\Program Files\suprasavings\uninstaller.exe, In Quarantäne, [b036cfacd6a5d95d49fb1582dd258b75],
PUP.Optional.SecurityUpdatesService.A, C:\Program Files (x86)\Security Updates Service\search_checker.exe, In Quarantäne, [925479027dfe6ec8f6abdfc556acd030],
Physische Sektoren: 0
(No malicious items detected)
(end) AdwCleaner: Code:
# AdwCleaner v3.213 - Bericht erstellt am 23/06/2014 um 18:49:30
# Aktualisiert 23/06/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : ***** - AKOYA
# Gestartet von : D:\adwcleaner_3.213.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Program Files\003
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17126
-\\ Mozilla Firefox v29.0.1 (de)
[ Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\47agqhf3.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [963 octets] - [23/06/2014 18:45:07]
AdwCleaner[S0].txt - [885 octets] - [23/06/2014 18:49:30]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [944 octets] ########## JRT: Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by ***** on 23.06.2014 at 19:02:33,40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\*****\appdata\local\{004F7AAB-C7CF-4D78-9608-613ACB682307}
Successfully deleted: [Empty Folder] C:\Users\*****\appdata\local\{010AD676-ABF4-4FC1-A488-507A1ACCD330}
Successfully deleted: [Empty Folder] C:\Users\*****\appdata\local\{02307114-EF32-4FC3-9D6C-816E4AEBCC1D}
Successfully deleted: [Empty Folder] C:\Users\*****\appdata\local\{1AF70A16-80BE-417C-870E-C622C9EE33A3}
Successfully deleted: [Empty Folder] C:\Users\*****\appdata\local\{201F9D01-D104-4A08-AFCC-75D64D937C67}
Successfully deleted: [Empty Folder] C:\Users\*****\appdata\local\{2B9BF577-DD14-445C-844D-501CD3B6F62D}
Successfully deleted: [Empty Folder] C:\Users\*****\appdata\local\{40B5B6A9-EB7B-4483-9570-9C56CAD1C4B7}
Successfully deleted: [Empty Folder] C:\Users\*****\appdata\local\{41731DE6-F6FD-45A7-855B-52D3CBCC944A}
Successfully deleted: [Empty Folder] C:\Users\*****\appdata\local\{4EBE1B4D-49BC-4367-A17A-7FAA0C4674E5}
Successfully deleted: [Empty Folder] C:\Users\*****\appdata\local\{6691454E-8D8D-4BB7-8D1B-47044B6FD98B}
Successfully deleted: [Empty Folder] C:\Users\*****\appdata\local\{6C4F3101-57C0-4DBB-B0FD-5ED0BF7FF98A}
Successfully deleted: [Empty Folder] C:\Users\*****\appdata\local\{6F205E4A-B5AB-446C-8AA5-A2306E001AF7}
Successfully deleted: [Empty Folder] C:\Users\*****\appdata\local\{74C0B10D-79CB-424F-870D-21A91B371018}
Successfully deleted: [Empty Folder] C:\Users\*****\appdata\local\{76AEAB55-BC05-496E-AB73-44CC04751A1E}
Successfully deleted: [Empty Folder] C:\Users\*****\appdata\local\{78D4AFC3-DA75-4FAC-AA74-EB4A16475D08}
Successfully deleted: [Empty Folder] C:\Users\*****\appdata\local\{9086B461-25A9-4A30-8269-0C05576A1F48}
Successfully deleted: [Empty Folder] C:\Users\*****\appdata\local\{AF37E38B-05D7-43A2-88A8-C98A26344601}
Successfully deleted: [Empty Folder] C:\Users\*****\appdata\local\{B58C040A-7A5F-4DBD-A22F-822E149E14BD}
Successfully deleted: [Empty Folder] C:\Users\*****\appdata\local\{C00DD1E5-F84C-44EC-AF9B-07D238207903}
Successfully deleted: [Empty Folder] C:\Users\*****\appdata\local\{C70E4C29-ABC5-4FE5-9EF6-C0A20676C323}
Successfully deleted: [Empty Folder] C:\Users\*****\appdata\local\{C93A44D4-CB63-4136-AB0D-D9465077019D}
Successfully deleted: [Empty Folder] C:\Users\*****\appdata\local\{CA4E4A29-9E79-491D-890B-36F3B0903693}
Successfully deleted: [Empty Folder] C:\Users\*****\appdata\local\{D278C969-6A09-472C-893A-4F7821435A22}
Successfully deleted: [Empty Folder] C:\Users\*****\appdata\local\{EA869947-B5BA-49B3-851A-AAA06FE52932}
Successfully deleted: [Empty Folder] C:\Users\*****\appdata\local\{ED8D2E32-8B10-4CC3-86AB-9BD40EB778E9}
Successfully deleted: [Empty Folder] C:\Users\*****\appdata\local\{F012BFE6-4B06-4C1A-B028-7A5E9661608D}
Successfully deleted: [Empty Folder] C:\Users\*****\appdata\local\{F2DD5D4A-5205-4501-834B-944D409911EB}
Successfully deleted: [Empty Folder] C:\Users\*****\appdata\local\{F87AD11B-CC38-4588-9537-0D92CEFF2185}
Successfully deleted: [Empty Folder] C:\Users\*****\appdata\local\{FE7BD4E4-DE85-46AD-8B97-34DABD13A579}
Successfully deleted: [Empty Folder] C:\Users\*****\appdata\local\{FEDC301B-42B6-45A2-8253-E9F4C4814A46}
~~~ FireFox
Emptied folder: C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\47agqhf3.default\minidumps [44 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.06.2014 at 19:08:56,98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Neues FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-06-2014 01
Ran by ***** (administrator) on AKOYA on 23-06-2014 19:11:41
Running from D:\
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Verbindungsassistent\WTGService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\SmartCam\SmartCam.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(HexaD) C:\Program Files\Duplicati\Duplicati.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Wistron) C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WButton.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [10358784 2011-11-15] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2294568 2010-09-03] (Synaptics Incorporated)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [4081008 2012-03-07] (ESET)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-30] (Intel Corporation)
HKLM-x32\...\Run: [HotkeyApp] => C:\Program Files (x86)\Launch Manager\HotkeyApp.exe [207400 2011-08-06] (Wistron)
HKLM-x32\...\Run: [LMgrVolOSD] => C:\Program Files (x86)\Launch Manager\OSD.exe [348960 2011-08-06] (Wistron Corp.)
HKLM-x32\...\Run: [Wbutton] => C:\Program Files (x86)\Launch Manager\Wbutton.exe [447016 2011-08-13] (Wistron Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [TP-LINK USB Printer Controller] => C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe [4226048 2012-09-21] ()
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2010624 2013-07-20] (Dominik Reichl)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1217699553-3716128148-941317649-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-1217699553-3716128148-941317649-1001\...\Run: [AVMUSBFernanschluss] => C:\Users\*****\AppData\Local\Apps\2.0\VCDQLPJD.X1E\40ZYLAAO.KE1\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\AVMAutoStart.exe [139264 2013-12-31] (AVM Berlin)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [245872 2013-03-11] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-03-11] (NVIDIA Corporation)
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Duplicati.lnk
ShortcutTarget: Duplicati.lnk -> C:\Program Files\Duplicati\Duplicati.exe (HexaD)
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
BHO-x32: EZ YouTube Video Downloader 1.0 - {FDBFEA30-EC51-4B8D-B4F0-8CA4F7253C0A} - C:\Program Files (x86)\EZ YouTube Video Downloader\yvd.dll (XtensionPlus)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: HKLM-x32 {336C9D79-263A-4D75-AA7C-60DAF945AE67} hxxp://192.168.78.79/classes/OvisLinkCamV_H264.cab
DPF: HKLM-x32 {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} hxxp://192.168.79.77/RtspVaPgDec.cab
DPF: HKLM-x32 {62415890-4985-0825-2508-23487C2A845F} hxxp://192.168.79.79/en/cab/ipcamera.cab
DPF: HKLM-x32 {B1953AD6-C50E-11D3-B020-00A0C9251384} hxxp://www.o2c.de/download/o2cplayer.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.11.0.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{70B3F7DF-247C-4210-9119-6973DA3FE5FE}: [NameServer]8.8.8.8
FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\47agqhf3.default
FF Homepage: hxxp://www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [{8167E8F2-A770-4EFB-BA53-8A511051CD9B}] - C:\Program Files (x86)\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B}
FF Extension: EZ YouTube Video Downloader - C:\Program Files (x86)\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B} [2014-06-16]
FF HKLM-x32\...\Firefox\Extensions: [{8167E8F2-A770-4EFB-BA53-8A511051CD9B}] - C:\Program Files (x86)\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B}
FF Extension: EZ YouTube Video Downloader - C:\Program Files (x86)\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B} [2014-06-16]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012-10-30]
==================== Services (Whitelisted) =================
R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [921664 2011-11-15] (Intel Corporation) [File not signed]
R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1355840 2011-11-15] (Intel Corporation) [File not signed]
R2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [995392 2011-11-15] (Intel Corporation) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [913144 2012-03-07] (ESET)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-06-25] ()
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [60416 2009-06-22] (Hewlett-Packard) [File not signed]
R3 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [118560 2011-08-06] (Wistron Corp.)
R2 WTGService; C:\Program Files (x86)\Verbindungsassistent\WTGService.exe [296400 2009-03-03] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3325232 2012-06-25] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 avmaudio; C:\Windows\System32\DRIVERS\avmaudio.sys [116096 2012-11-01] (AVM Berlin)
R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [116480 2012-12-14] (AVM Berlin)
S3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [29184 2005-10-06] (REINER SCT)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [209768 2012-03-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [148528 2012-03-14] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [137144 2012-03-14] (ESET)
S3 hwdatacard; C:\Windows\SysWOW64\DRIVERS\ewusbmdm.sys [115328 2008-07-24] (Huawei Technologies Co., Ltd.)
S3 KOBCCID; C:\Windows\System32\drivers\KOBCCID.sys [116864 2013-11-01] (KOBIL Systems GmbH)
S3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [117912 2012-09-24] (Qualcomm Atheros Co., Ltd.)
R3 TPLINKUDSMBus; C:\Windows\System32\drivers\TplinkUDSMBus.sys [102688 2012-09-21] (Windows (R) Codename Longhorn DDK provider)
S3 TplinkUDSTcpBus; C:\Windows\System32\drivers\TplinkUDSTcpBus.sys [181024 2012-09-21] (Windows (R) Codename Longhorn DDK provider)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-23 19:08 - 2014-06-23 19:08 - 00003939 _____ () C:\Users\*****\Desktop\JRT.txt
2014-06-23 19:02 - 2014-06-23 19:02 - 00000000 ____D () C:\Windows\ERUNT
2014-06-23 18:44 - 2014-06-23 18:49 - 00000000 ____D () C:\AdwCleaner
2014-06-23 18:06 - 2014-06-23 18:55 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-23 18:06 - 2014-06-23 18:06 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-23 18:06 - 2014-06-23 18:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-23 18:06 - 2014-06-23 18:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-23 18:06 - 2014-06-23 18:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-23 18:06 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-23 18:06 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-23 18:06 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-22 19:10 - 2014-06-22 19:10 - 00023689 _____ () C:\ComboFix.txt
2014-06-22 18:47 - 2014-06-22 19:11 - 00000000 ____D () C:\Qoobox
2014-06-22 18:47 - 2014-06-22 19:07 - 00000000 ____D () C:\Windows\erdnt
2014-06-22 18:47 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-22 18:47 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-22 18:47 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-22 18:47 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-22 18:47 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-22 18:47 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-22 18:47 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-22 18:47 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-22 18:41 - 2014-06-22 18:41 - 00001228 _____ () C:\Users\*****\Desktop\Revo Uninstaller.lnk
2014-06-22 18:41 - 2014-06-22 18:41 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-22 15:17 - 2014-06-21 10:49 - 00380416 _____ () C:\Users\*****\Desktop\is310l4n.exe
2014-06-22 15:11 - 2014-06-23 19:11 - 00000000 ____D () C:\FRST
2014-06-22 15:11 - 2014-06-22 15:11 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-06-18 16:38 - 2014-06-18 16:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-16 21:16 - 2014-06-16 21:16 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Mozilla
2014-06-16 21:16 - 2014-06-16 21:16 - 00000000 ____D () C:\Users\Default\AppData\Local\Mozilla
2014-06-16 21:16 - 2014-06-16 21:16 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Mozilla
2014-06-16 21:16 - 2014-06-16 21:16 - 00000000 ____D () C:\Users\Default User\AppData\Local\Mozilla
2014-06-16 18:53 - 2014-06-16 18:53 - 00000000 ____D () C:\Users\*****\AppData\Roaming\EPSON PERFECTION V600 PHOTO user guide
2014-06-16 18:53 - 2014-06-16 18:53 - 00000000 ____D () C:\Program Files (x86)\EZ YouTube Video Downloader
2014-06-12 19:20 - 2014-06-12 19:20 - 09442928 _____ (ALF AG ) C:\Users\*****\Downloads\UpdateBanCo_541.exe
2014-06-12 18:55 - 2014-06-12 18:56 - 01057672 _____ (Adobe) C:\Users\*****\Downloads\install_reader11_de_mssa_aaa_aih.exe
2014-06-12 17:11 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 17:11 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 17:11 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-12 17:11 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 17:11 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-12 17:11 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-12 17:11 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-12 17:11 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 17:11 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-12 17:11 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 17:11 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-12 17:11 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-12 17:11 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-12 17:11 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-12 17:11 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-12 17:11 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 17:11 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 17:11 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-12 17:11 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-12 17:11 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-12 17:11 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 17:11 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-12 17:11 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 17:11 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-12 17:11 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-12 17:11 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-12 17:11 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-12 17:11 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-12 17:11 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-12 17:11 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-12 17:11 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 17:11 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-12 17:11 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-12 17:11 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-12 17:11 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 17:11 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-12 17:11 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-12 17:11 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-12 17:11 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-12 17:11 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-12 17:11 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-12 17:11 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 17:11 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-12 17:11 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-12 17:11 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-12 17:11 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 17:11 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-12 17:11 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 17:11 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-12 17:11 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-12 17:11 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-12 17:11 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-12 17:11 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-12 17:11 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-12 17:11 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 17:11 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-12 17:11 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 17:11 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-12 17:11 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 17:11 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-12 17:11 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-12 17:11 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-12 17:11 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-12 17:11 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-12 17:11 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-12 17:11 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-07 18:01 - 2014-06-07 18:01 - 00000000 ____D () C:\Users\*****\AppData\Roaming\SanDisk SecureAccess
2014-06-07 16:08 - 2014-06-07 16:09 - 00000000 ____D () C:\Users\*****\Documents\Sparkasse
2014-06-07 05:20 - 2014-06-07 16:17 - 00000000 ____D () C:\Users\*****\Documents\Nachbarn
2014-05-27 18:34 - 2014-05-27 18:37 - 00000000 ____D () C:\Users\*****\Documents\Netzwerke
==================== One Month Modified Files and Folders =======
2014-06-23 19:11 - 2014-06-22 15:11 - 00000000 ____D () C:\FRST
2014-06-23 19:08 - 2014-06-23 19:08 - 00003939 _____ () C:\Users\*****\Desktop\JRT.txt
2014-06-23 19:02 - 2014-06-23 19:02 - 00000000 ____D () C:\Windows\ERUNT
2014-06-23 18:58 - 2009-07-14 06:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-23 18:58 - 2009-07-14 06:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-23 18:55 - 2014-06-23 18:06 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-23 18:55 - 2012-10-30 18:42 - 00000000 ____D () C:\Users\*****\Documents\Youcam
2014-06-23 18:54 - 2012-11-01 16:01 - 00000000 ____D () C:\Users\*****\AppData\Local\Deployment
2014-06-23 18:50 - 2012-03-20 00:34 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-23 18:50 - 2010-11-21 05:47 - 00196678 _____ () C:\Windows\PFRO.log
2014-06-23 18:50 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-23 18:50 - 2009-07-14 06:51 - 00180518 _____ () C:\Windows\setupact.log
2014-06-23 18:49 - 2014-06-23 18:44 - 00000000 ____D () C:\AdwCleaner
2014-06-23 18:49 - 2012-10-30 18:32 - 01159469 _____ () C:\Windows\WindowsUpdate.log
2014-06-23 18:21 - 2012-11-07 17:36 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-23 18:15 - 2012-11-01 13:47 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{83AB4207-0211-4530-A1AB-6D539FADF900}
2014-06-23 18:06 - 2014-06-23 18:06 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-23 18:06 - 2014-06-23 18:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-23 18:06 - 2014-06-23 18:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-23 18:06 - 2014-06-23 18:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-22 23:15 - 2012-11-01 16:01 - 00000000 ____D () C:\Users\*****\AppData\Local\Apps\2.0
2014-06-22 19:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-22 19:11 - 2014-06-22 18:47 - 00000000 ____D () C:\Qoobox
2014-06-22 19:11 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-06-22 19:10 - 2014-06-22 19:10 - 00023689 _____ () C:\ComboFix.txt
2014-06-22 19:07 - 2014-06-22 18:47 - 00000000 ____D () C:\Windows\erdnt
2014-06-22 19:00 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-22 18:41 - 2014-06-22 18:41 - 00001228 _____ () C:\Users\*****\Desktop\Revo Uninstaller.lnk
2014-06-22 18:41 - 2014-06-22 18:41 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-22 15:14 - 2011-05-16 16:04 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-06-22 15:14 - 2011-05-16 16:04 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-06-22 15:14 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-22 15:11 - 2014-06-22 15:11 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-06-22 15:11 - 2012-10-30 18:39 - 00000000 ____D () C:\Users\*****
2014-06-21 10:49 - 2014-06-22 15:17 - 00380416 _____ () C:\Users\*****\Desktop\is310l4n.exe
2014-06-19 17:57 - 2014-03-11 18:21 - 00000000 ____D () C:\Users\*****\Documents\*****
2014-06-19 17:39 - 2014-03-10 17:53 - 00000000 ____D () C:\Users\*****\Documents\*****
2014-06-19 17:18 - 2013-10-03 14:31 - 00000000 ____D () C:\Users\*****\AppData\Roaming\KeePass
2014-06-19 16:39 - 2013-10-05 15:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-18 16:54 - 2014-06-18 16:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-18 16:38 - 2013-11-01 14:57 - 00000000 ____D () C:\Users\*****\AppData\Roaming\ALFBanCo5
2014-06-18 16:38 - 2013-11-01 14:56 - 00000000 ____D () C:\ProgramData\AlfBanCo5
2014-06-17 19:24 - 2014-03-15 19:44 - 00000000 ____D () C:\Users\*****\AppData\Local\Windows Live
2014-06-17 18:01 - 2012-10-30 18:40 - 00000000 ____D () C:\Users\*****\AppData\Local\VirtualStore
2014-06-16 21:16 - 2014-06-16 21:16 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Mozilla
2014-06-16 21:16 - 2014-06-16 21:16 - 00000000 ____D () C:\Users\Default\AppData\Local\Mozilla
2014-06-16 21:16 - 2014-06-16 21:16 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Mozilla
2014-06-16 21:16 - 2014-06-16 21:16 - 00000000 ____D () C:\Users\Default User\AppData\Local\Mozilla
2014-06-16 18:53 - 2014-06-16 18:53 - 00000000 ____D () C:\Users\*****\AppData\Roaming\EPSON PERFECTION V600 PHOTO user guide
2014-06-16 18:53 - 2014-06-16 18:53 - 00000000 ____D () C:\Program Files (x86)\EZ YouTube Video Downloader
2014-06-15 16:23 - 2013-12-14 20:47 - 00000000 ____D () C:\Users\*****\Documents\Verbrauch
2014-06-15 15:58 - 2013-12-24 12:01 - 00000000 ____D () C:\Users\*****\Documents\Buchführung
2014-06-15 15:48 - 2014-03-11 18:41 - 00000000 ____D () C:\Users\*****\Documents\To Do
2014-06-15 15:18 - 2013-01-19 17:22 - 00000000 ____D () C:\Users\*****\Documents\Rentenversicherung
2014-06-12 19:20 - 2014-06-12 19:20 - 09442928 _____ (ALF AG ) C:\Users\*****\Downloads\UpdateBanCo_541.exe
2014-06-12 18:56 - 2014-06-12 18:55 - 01057672 _____ (Adobe) C:\Users\*****\Downloads\install_reader11_de_mssa_aaa_aih.exe
2014-06-12 17:19 - 2013-07-26 14:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 17:17 - 2011-07-18 22:31 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-12 17:16 - 2012-11-02 20:03 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-07 18:01 - 2014-06-07 18:01 - 00000000 ____D () C:\Users\*****\AppData\Roaming\SanDisk SecureAccess
2014-06-07 16:17 - 2014-06-07 05:20 - 00000000 ____D () C:\Users\*****\Documents\Nachbarn
2014-06-07 16:09 - 2014-06-07 16:08 - 00000000 ____D () C:\Users\*****\Documents\Sparkasse
2014-06-07 05:00 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-06 14:32 - 2012-10-31 19:00 - 00018432 _____ () C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-02 20:29 - 2013-12-25 18:58 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Duplicati
2014-06-01 14:38 - 2014-01-17 21:25 - 00001983 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-06-01 14:38 - 2011-07-18 23:07 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-06-01 09:28 - 2013-12-14 21:21 - 00000000 ____D () C:\Users\*****\AppData\Local\iCopy
2014-05-30 12:21 - 2014-06-12 17:11 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 12:02 - 2014-06-12 17:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 12:02 - 2014-06-12 17:11 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 11:45 - 2014-06-12 17:11 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 11:39 - 2014-06-12 17:11 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 11:39 - 2014-06-12 17:11 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 11:38 - 2014-06-12 17:11 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 11:28 - 2014-06-12 17:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 11:27 - 2014-06-12 17:11 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 11:24 - 2014-06-12 17:11 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 11:21 - 2014-06-12 17:11 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 11:21 - 2014-06-12 17:11 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 11:20 - 2014-06-12 17:11 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 11:18 - 2014-06-12 17:11 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 11:11 - 2014-06-12 17:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 11:08 - 2014-06-12 17:11 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 11:06 - 2014-06-12 17:11 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 11:02 - 2014-06-12 17:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 10:55 - 2014-06-12 17:11 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:49 - 2014-06-12 17:11 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 10:46 - 2014-06-12 17:11 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 10:44 - 2014-06-12 17:11 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 10:44 - 2014-06-12 17:11 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 10:43 - 2014-06-12 17:11 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 10:42 - 2014-06-12 17:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-12 17:11 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 10:35 - 2014-06-12 17:11 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 10:34 - 2014-06-12 17:11 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 10:33 - 2014-06-12 17:11 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 10:30 - 2014-06-12 17:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 10:29 - 2014-06-12 17:11 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 10:28 - 2014-06-12 17:11 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 10:27 - 2014-06-12 17:11 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 10:24 - 2014-06-12 17:11 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 10:23 - 2014-06-12 17:11 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 10:16 - 2014-06-12 17:11 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 10:10 - 2014-06-12 17:11 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-12 17:11 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 10:04 - 2014-06-12 17:11 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 10:02 - 2014-06-12 17:11 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 09:56 - 2014-06-12 17:11 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 09:56 - 2014-06-12 17:11 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 09:54 - 2014-06-12 17:11 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 09:50 - 2014-06-12 17:11 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-12 17:11 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 09:43 - 2014-06-12 17:11 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 09:40 - 2014-06-12 17:11 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 09:30 - 2014-06-12 17:11 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 09:21 - 2014-06-12 17:11 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 09:15 - 2014-06-12 17:11 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 09:13 - 2014-06-12 17:11 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 09:13 - 2014-06-12 17:11 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-29 14:11 - 2014-05-14 17:26 - 00000000 ____D () C:\Users\*****\Documents\Steuererklärung
2014-05-28 16:21 - 2013-11-01 14:31 - 00000000 ____D () C:\Users\*****\Desktop\alt
2014-05-28 16:09 - 2014-03-10 11:16 - 00000000 ____D () C:\Users\*****\Downloads\NIBC
2014-05-28 14:42 - 2013-11-01 17:36 - 00000000 ____D () C:\Users\*****\Documents\Keepass
2014-05-27 18:37 - 2014-05-27 18:34 - 00000000 ____D () C:\Users\*****\Documents\Netzwerke
2014-05-26 08:20 - 2014-03-10 11:30 - 00000000 ____D () C:\Users\*****\Documents\Adressen
Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-22 19:33
==================== End Of Log ============================ --- --- ---
--- --- ---
--- --- ---
--- --- --- |