DHL Paketankündigung fake email - leider versehentlich den Sendungsstatus link angeklickt - Infiziert?

deeprybka · 02.05.2015, 12:08

Gut und noch das FRST.

AGRO123 · 02.05.2015, 12:43

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2015 01
Ran by ag (administrator) on AG-PC on 02-05-2015 13:09:00
Running from C:\Users\ag\Downloads
Loaded Profiles: ag (Available profiles: ag)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
() C:\Program Files (x86)\VVW\Update\VVWUpdateDienst.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
() C:\Program Files (x86)\VVW\Update\VVWUpdateTray.exe
(Dropbox, Inc.) C:\Users\ag\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [Daemon for Mouse Suite] => C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.EXE 60
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2041192 2012-10-10] ()
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-12-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3745232 2015-04-15] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-1969579996-2544780815-1722642228-1001\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-1969579996-2544780815-1722642228-1001\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe [202024 2007-09-20] (Nero AG)
HKU\S-1-5-21-1969579996-2544780815-1722642228-1001\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-04-19] (Nokia)
HKU\S-1-5-21-1969579996-2544780815-1722642228-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1562264 2014-07-25] (Samsung)
Startup: C:\Users\ag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012-01-10]
ShortcutTarget: Dropbox.lnk -> C:\Users\ag\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VVWUpdateTray.lnk [2014-10-16]
ShortcutTarget: VVWUpdateTray.lnk -> C:\Program Files (x86)\VVW\Update\VVWUpdateTray.exe ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ag\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ag\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ag\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ag\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ag\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ag\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ag\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1969579996-2544780815-1722642228-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1969579996-2544780815-1722642228-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1969579996-2544780815-1722642228-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1969579996-2544780815-1722642228-1001 -> {0B131811-4AEA-44BD-A470-68E0C30CA2DB} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssie.dll No File
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1969579996-2544780815-1722642228-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\ag\AppData\Roaming\Mozilla\Firefox\Profiles\zg88klxh.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-18] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-18] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-04-08] ()
FF Plugin-x32: @eleco.com/o2cplayer -> C:\Program Files (x86)\o2c Player\npO2CPlayer.DLL [2011-03-30] (Eleco plc)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2013-04-19] ( )
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2012-10-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2012-10-02] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-08-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-08-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-08-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-08-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-08-13] (Apple Inc.)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-04-13]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3438032 2015-04-15] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [311792 2015-04-15] (AVG Technologies CZ, s.r.o.)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-09-20] (Nero AG)
R2 NVIDIA Performance Driver Service; C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [4901888 2009-05-14] () [File not signed]
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [49136 2015-03-27] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2010-09-16] (Lenovo Group Limited) [File not signed]
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-09-16] (Lenovo Group Limited)
R2 VVWUpdateService; C:\Program Files (x86)\VVW\Update\VVWUpdateDienst.exe [3079808 2014-03-28] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [284128 2015-04-09] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [213984 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [256992 2015-04-15] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [344544 2015-03-11] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [137184 2015-04-03] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [291296 2015-04-07] (AVG Technologies CZ, s.r.o.)
S3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl564.sys [754688 2006-10-12] (Broadcom Corporation) [File not signed]
R3 DLKRT64; C:\Windows\System32\DRIVERS\DLKRT64.sys [215040 2009-08-06] (D-Link corp.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 PCASp50a64; C:\Windows\System32\Drivers\PCASp50a64.sys [34304 2005-11-19] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [115240 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [19496 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [158760 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [137256 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [34344 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [136744 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [151592 2008-05-16] (MCCI Corporation)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-07-02] (Lenovo (United States) Inc.)
S3 ADIHdAudAddService; system32\drivers\ADIHdAud.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-02 12:02 - 2015-05-02 12:03 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-02 12:02 - 2015-05-02 12:02 - 00001116 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-02 12:02 - 2015-05-02 12:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-05-02 12:02 - 2015-05-02 12:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-02 12:02 - 2015-05-02 12:02 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-05-02 12:02 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-02 12:02 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-02 12:02 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-02 12:01 - 2015-05-02 12:01 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\ag\Desktop\mbam-setup-2.1.6.1022.exe
2015-05-01 10:06 - 2015-05-02 11:39 - 00000000 ____D () C:\AdwCleaner
2015-05-01 10:05 - 2015-05-01 10:05 - 02224640 ____N () C:\Users\ag\Desktop\AdwCleaner_4.202.exe
2015-04-30 17:49 - 2015-04-30 17:49 - 00030259 ____N () C:\ComboFix.txt
2015-04-30 17:19 - 2015-04-30 17:49 - 00000000 ____D () C:\Qoobox
2015-04-30 17:19 - 2011-06-26 08:45 - 00256000 ____N () C:\Windows\PEV.exe
2015-04-30 17:19 - 2010-11-07 19:20 - 00208896 ____N () C:\Windows\MBR.exe
2015-04-30 17:19 - 2009-04-20 06:56 - 00060416 ____N (NirSoft) C:\Windows\NIRCMD.exe
2015-04-30 17:19 - 2000-08-31 02:00 - 00518144 ____N (SteelWerX) C:\Windows\SWREG.exe
2015-04-30 17:19 - 2000-08-31 02:00 - 00406528 ____N (SteelWerX) C:\Windows\SWSC.exe
2015-04-30 17:19 - 2000-08-31 02:00 - 00098816 ____N () C:\Windows\sed.exe
2015-04-30 17:19 - 2000-08-31 02:00 - 00080412 ____N () C:\Windows\grep.exe
2015-04-30 17:19 - 2000-08-31 02:00 - 00068096 ____N () C:\Windows\zip.exe
2015-04-30 17:18 - 2015-04-30 17:47 - 00000000 ____D () C:\Windows\erdnt
2015-04-30 17:12 - 2015-04-30 17:12 - 05619691 ____R (Swearware) C:\Users\ag\Desktop\ComboFix.exe
2015-04-30 16:51 - 2015-04-30 16:51 - 04197016 ____N (Kaspersky Lab ZAO) C:\Users\ag\Downloads\tdsskiller.exe
2015-04-30 10:56 - 2015-04-30 10:56 - 00060944 ____N () C:\Users\ag\Downloads\Addition.txt
2015-04-30 09:04 - 2015-05-02 13:09 - 00020338 _____ () C:\Users\ag\Downloads\FRST.txt
2015-04-30 09:04 - 2015-05-02 13:09 - 00000000 ____D () C:\FRST
2015-04-30 09:03 - 2015-04-30 09:03 - 02101248 ____N (Farbar) C:\Users\ag\Downloads\FRST64.exe
2015-04-30 00:04 - 2015-04-30 00:04 - 00000502 ____N () C:\Users\ag\Desktop\01.csv
2015-04-29 16:14 - 2015-04-29 16:15 - 46525608 ____N (Safer-Networking Ltd. ) C:\Users\ag\Downloads\spybot-2.4.40.exe
2015-04-22 09:56 - 2015-04-22 09:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-15 13:06 - 2015-04-15 13:06 - 00256992 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2015-04-15 09:16 - 2015-03-25 05:24 - 03298816 ____N (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 09:16 - 2015-03-25 05:24 - 02553856 ____N (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 09:16 - 2015-03-25 05:24 - 00696320 ____N (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 09:16 - 2015-03-25 05:24 - 00191488 ____N (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 09:16 - 2015-03-25 05:24 - 00098304 ____N (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 09:16 - 2015-03-25 05:24 - 00060416 ____N (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 09:16 - 2015-03-25 05:24 - 00037376 ____N (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 09:16 - 2015-03-25 05:24 - 00035328 ____N (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 09:16 - 2015-03-25 05:23 - 00135168 ____N (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 09:16 - 2015-03-25 05:23 - 00036864 ____N (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 09:16 - 2015-03-25 05:23 - 00012288 ____N (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 09:16 - 2015-03-25 05:00 - 00566784 ____N (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 09:16 - 2015-03-25 05:00 - 00173056 ____N (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 09:16 - 2015-03-25 05:00 - 00092672 ____N (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 09:16 - 2015-03-25 05:00 - 00033792 ____N (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 09:16 - 2015-03-25 05:00 - 00029696 ____N (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 09:16 - 2015-03-17 07:22 - 05557696 ____N (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 09:16 - 2015-03-17 07:19 - 01727904 ____N (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 09:16 - 2015-03-17 07:16 - 01163264 ____N (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-15 09:16 - 2015-03-17 07:16 - 00424448 ____N (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-15 09:16 - 2015-03-17 07:01 - 03920824 ____N (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-15 09:16 - 2015-03-17 06:59 - 01309696 ____N (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-15 09:16 - 2015-03-10 05:25 - 01882624 ____N (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 09:16 - 2015-03-10 05:21 - 00002048 ____N (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 09:16 - 2015-03-10 05:08 - 01237504 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-15 09:16 - 2015-03-10 05:05 - 00002048 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-15 09:16 - 2015-03-05 07:12 - 00404480 ____N (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 09:16 - 2015-03-05 06:05 - 00311808 ____N (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-15 09:15 - 2015-04-02 02:17 - 00389808 ____N (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-15 09:15 - 2015-04-02 01:49 - 00342704 ____N (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-15 09:15 - 2015-03-17 07:22 - 00155576 ____N (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 09:15 - 2015-03-17 07:22 - 00095672 ____N (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 09:15 - 2015-03-17 07:17 - 00362496 ____N (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-15 09:15 - 2015-03-17 07:17 - 00243712 ____N (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-15 09:15 - 2015-03-17 07:17 - 00013312 ____N (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-15 09:15 - 2015-03-17 07:16 - 01461760 ____N (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-15 09:15 - 2015-03-17 07:16 - 00728064 ____N (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-15 09:15 - 2015-03-17 07:16 - 00503808 ____N (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-15 09:15 - 2015-03-17 07:16 - 00341504 ____N (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-15 09:15 - 2015-03-17 07:16 - 00314880 ____N (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-15 09:15 - 2015-03-17 07:16 - 00309760 ____N (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-15 09:15 - 2015-03-17 07:16 - 00296960 ____N (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 09:15 - 2015-03-17 07:16 - 00215040 ____N (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-15 09:15 - 2015-03-17 07:16 - 00210944 ____N (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-15 09:15 - 2015-03-17 07:16 - 00136192 ____N (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-15 09:15 - 2015-03-17 07:16 - 00112640 ____N (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-15 09:15 - 2015-03-17 07:16 - 00086528 ____N (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-15 09:15 - 2015-03-17 07:16 - 00050176 ____N (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 09:15 - 2015-03-17 07:16 - 00043520 ____N (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-15 09:15 - 2015-03-17 07:16 - 00029184 ____N (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-15 09:15 - 2015-03-17 07:16 - 00028160 ____N (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-15 09:15 - 2015-03-17 07:16 - 00022016 ____N (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-15 09:15 - 2015-03-17 07:16 - 00016384 ____N (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-15 09:15 - 2015-03-17 07:15 - 00338432 ____N (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-15 09:15 - 2015-03-17 07:15 - 00064000 ____N (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 09:15 - 2015-03-17 07:15 - 00031232 ____N (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-15 09:15 - 2015-03-17 07:13 - 00146432 ____N (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 09:15 - 2015-03-17 07:13 - 00060416 ____N (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 09:15 - 2015-03-17 07:11 - 00686080 ____N (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 09:15 - 2015-03-17 07:11 - 00006656 ____N (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-15 09:15 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 07:01 - 03976632 ____N (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-15 09:15 - 2015-03-17 06:57 - 00550912 ____N (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-15 09:15 - 2015-03-17 06:57 - 00259584 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-15 09:15 - 2015-03-17 06:57 - 00248832 ____N (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-15 09:15 - 2015-03-17 06:57 - 00221184 ____N (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-15 09:15 - 2015-03-17 06:57 - 00172032 ____N (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-15 09:15 - 2015-03-17 06:57 - 00065536 ____N (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-15 09:15 - 2015-03-17 06:57 - 00043008 ____N (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-15 09:15 - 2015-03-17 06:57 - 00022016 ____N (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-15 09:15 - 2015-03-17 06:57 - 00014336 ____N (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-15 09:15 - 2015-03-17 06:56 - 01114112 ____N (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-15 09:15 - 2015-03-17 06:56 - 00274944 ____N (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-15 09:15 - 2015-03-17 06:56 - 00096768 ____N (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-15 09:15 - 2015-03-17 06:56 - 00050176 ____N (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-15 09:15 - 2015-03-17 06:56 - 00025600 ____N (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-15 09:15 - 2015-03-17 06:56 - 00017408 ____N (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-15 09:15 - 2015-03-17 06:56 - 00005120 ____N (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-15 09:15 - 2015-03-17 06:53 - 00146432 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-15 09:15 - 2015-03-17 06:53 - 00060416 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-15 09:15 - 2015-03-17 06:50 - 00686080 ____N (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-15 09:15 - 2015-03-17 06:50 - 00006656 ____N (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-15 09:15 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 05:45 - 00007680 ____N (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-15 09:15 - 2015-03-17 05:45 - 00002048 ____N (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-15 09:15 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-15 09:15 - 2015-03-13 06:32 - 24980480 ____N (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 09:15 - 2015-03-13 06:25 - 02724864 ____N (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 09:15 - 2015-03-13 06:25 - 00004096 ____N (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 09:15 - 2015-03-13 06:09 - 00066560 ____N (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-15 09:15 - 2015-03-13 06:08 - 00584192 ____N (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 09:15 - 2015-03-13 06:08 - 00417280 ____N (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 09:15 - 2015-03-13 06:08 - 00048640 ____N (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-15 09:15 - 2015-03-13 06:07 - 02886144 ____N (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 09:15 - 2015-03-13 06:06 - 00088064 ____N (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-15 09:15 - 2015-03-13 06:00 - 00054784 ____N (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 09:15 - 2015-03-13 05:59 - 00034304 ____N (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-15 09:15 - 2015-03-13 05:55 - 00633856 ____N (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 09:15 - 2015-03-13 05:54 - 00144384 ____N (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 09:15 - 2015-03-13 05:54 - 00114688 ____N (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-15 09:15 - 2015-03-13 05:53 - 00814080 ____N (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-15 09:15 - 2015-03-13 05:50 - 06025216 ____N (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 09:15 - 2015-03-13 05:44 - 00968704 ____N (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 09:15 - 2015-03-13 05:42 - 19695616 ____N (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 09:15 - 2015-03-13 05:42 - 02724864 ____N (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-15 09:15 - 2015-03-13 05:40 - 00490496 ____N (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 09:15 - 2015-03-13 05:32 - 00077824 ____N (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 09:15 - 2015-03-13 05:28 - 00503296 ____N (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 09:15 - 2015-03-13 05:28 - 00062464 ____N (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-15 09:15 - 2015-03-13 05:27 - 00340992 ____N (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-15 09:15 - 2015-03-13 05:27 - 00199680 ____N (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-15 09:15 - 2015-03-13 05:27 - 00047616 ____N (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-15 09:15 - 2015-03-13 05:26 - 00092160 ____N (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 09:15 - 2015-03-13 05:26 - 00064000 ____N (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-15 09:15 - 2015-03-13 05:23 - 00316928 ____N (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 09:15 - 2015-03-13 05:22 - 02278400 ____N (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-15 09:15 - 2015-03-13 05:20 - 00047104 ____N (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-15 09:15 - 2015-03-13 05:20 - 00030720 ____N (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-15 09:15 - 2015-03-13 05:17 - 00478208 ____N (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-15 09:15 - 2015-03-13 05:16 - 00115712 ____N (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-15 09:15 - 2015-03-13 05:15 - 00620032 ____N (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-15 09:15 - 2015-03-13 05:08 - 00720384 ____N (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 09:15 - 2015-03-13 05:07 - 00801280 ____N (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 09:15 - 2015-03-13 05:06 - 00418304 ____N (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-15 09:15 - 2015-03-13 05:05 - 02125824 ____N (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 09:15 - 2015-03-13 05:05 - 01359360 ____N (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-15 09:15 - 2015-03-13 05:01 - 00060416 ____N (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-15 09:15 - 2015-03-13 05:00 - 14397440 ____N (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 09:15 - 2015-03-13 04:57 - 00168960 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-15 09:15 - 2015-03-13 04:56 - 00076288 ____N (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-15 09:15 - 2015-03-13 04:54 - 00285696 ____N (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-15 09:15 - 2015-03-13 04:49 - 04305408 ____N (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 09:15 - 2015-03-13 04:45 - 02358784 ____N (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 09:15 - 2015-03-13 04:44 - 00689152 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 09:15 - 2015-03-13 04:43 - 02052608 ____N (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-15 09:15 - 2015-03-13 04:42 - 01155072 ____N (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-15 09:15 - 2015-03-13 04:34 - 12825600 ____N (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 09:15 - 2015-03-13 04:33 - 01548288 ____N (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 09:15 - 2015-03-13 04:22 - 00800768 ____N (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 09:15 - 2015-03-13 04:20 - 01888256 ____N (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 09:15 - 2015-03-13 04:16 - 01311232 ____N (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 09:15 - 2015-03-13 04:14 - 00710144 ____N (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-15 09:15 - 2015-03-04 06:55 - 00367552 ____N (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 09:15 - 2015-03-04 06:41 - 00079360 ____N (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 09:15 - 2015-03-04 06:10 - 00058880 ____N (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-15 09:15 - 2015-02-25 05:18 - 00754688 ____N (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-09 14:11 - 2015-04-09 14:11 - 00284128 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2015-04-07 12:39 - 2015-04-07 12:39 - 00291296 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2015-04-06 15:31 - 2015-04-06 16:00 - 00001588 ____N () C:\Users\ag\Desktop\Neues Textdokument.txt
2015-04-03 09:34 - 2015-04-03 09:34 - 00137184 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-02 13:00 - 2012-02-25 14:16 - 00003480 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2015-05-02 13:00 - 2012-02-25 14:16 - 00003448 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2015-05-02 13:00 - 2012-02-25 14:16 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2015-05-02 13:00 - 2010-10-27 15:08 - 00005523 _____ () C:\Windows\system32\lvcoinst.log
2015-05-02 12:59 - 2011-03-28 20:36 - 00000632 _____ () C:\Windows\Tasks\WebContent AutoUpdate 2011.job
2015-05-02 12:58 - 2013-07-17 14:10 - 00000650 _____ () C:\Windows\Tasks\WebContent AutoUpdate 2012.job
2015-05-02 12:52 - 2011-07-24 23:01 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-02 11:52 - 2011-07-24 23:01 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-02 11:50 - 2009-07-14 06:45 - 00014960 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-02 11:50 - 2009-07-14 06:45 - 00014960 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-02 11:45 - 2010-10-26 12:54 - 01099147 _____ () C:\Windows\WindowsUpdate.log
2015-05-02 11:44 - 2012-01-10 17:55 - 00000000 ___RD () C:\Users\ag\Dropbox
2015-05-02 11:44 - 2012-01-10 17:52 - 00000000 ____D () C:\Users\ag\AppData\Roaming\Dropbox
2015-05-02 11:41 - 2011-05-28 12:09 - 00129968 _____ () C:\Windows\setupact.log
2015-05-02 11:41 - 2010-10-26 12:57 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-02 11:41 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-02 10:13 - 2010-10-26 18:06 - 00000000 ____D () C:\ProgramData\MFAData
2015-05-01 12:38 - 2010-10-26 15:40 - 00000000 ____D () C:\SWSHARE
2015-05-01 12:32 - 2010-10-27 10:37 - 00000000 ____D () C:\Users\ag\ARCHITEKTUR
2015-05-01 11:52 - 2010-10-26 12:54 - 00000000 ____D () C:\Users\ag
2015-04-30 17:53 - 2010-10-26 13:39 - 00179708 ____N () C:\Windows\PFRO.log
2015-04-30 17:46 - 2009-07-14 04:34 - 00000215 ____N () C:\Windows\system.ini
2015-04-27 18:09 - 2010-10-27 14:33 - 00000000 ____D () C:\Users\ag\AppData\Roaming\Skype
2015-04-25 16:15 - 2014-10-20 16:19 - 00000991 ____N () C:\Users\Public\Desktop\AVG 2015.lnk
2015-04-25 16:15 - 2014-03-31 21:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-04-24 09:42 - 2012-01-10 17:55 - 00001017 ____N () C:\Users\ag\Desktop\Dropbox.lnk
2015-04-24 09:42 - 2012-01-10 17:53 - 00000000 ____D () C:\Users\ag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-23 09:28 - 2012-07-09 20:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-22 09:33 - 2013-07-17 10:40 - 00000000 ____D () C:\ProgramData\Lenovo
2015-04-22 09:33 - 2010-10-26 15:42 - 00000000 ____D () C:\Windows\System32\Tasks\TVT
2015-04-22 09:33 - 2010-10-26 15:40 - 00000000 ____D () C:\Program Files (x86)\Lenovo
2015-04-22 09:33 - 2010-10-26 15:30 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2015-04-20 09:18 - 2012-02-25 14:16 - 00000528 ____N () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2015-04-19 18:00 - 2012-02-25 14:16 - 00004220 ____N () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2015-04-17 00:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-04-17 00:11 - 2009-07-14 19:58 - 00700130 ____N () C:\Windows\system32\perfh007.dat
2015-04-17 00:11 - 2009-07-14 19:58 - 00148926 ____N () C:\Windows\system32\perfc007.dat
2015-04-17 00:11 - 2009-07-14 07:13 - 01621148 ____N () C:\Windows\system32\PerfStringBackup.INI
2015-04-15 17:54 - 2010-10-26 19:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-15 17:53 - 2011-02-21 19:45 - 01598106 ____N () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-12 14:00 - 2010-10-27 14:33 - 00000000 ____D () C:\ProgramData\Skype

==================== Files in the root of some directories =======

2012-05-24 20:45 - 2012-09-18 13:11 - 0000132 _____ () C:\Users\ag\AppData\Roaming\Adobe BMP Format CS5 Prefs
2012-04-14 12:18 - 2012-04-14 12:19 - 0000132 _____ () C:\Users\ag\AppData\Roaming\Adobe PNG Format CS5 Prefs
2011-02-21 23:36 - 2014-12-26 00:48 - 0006656 _____ () C:\Users\ag\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-08-16 21:56 - 2011-08-16 21:56 - 0004096 ____H () C:\Users\ag\AppData\Local\keyfile3.drm
2010-10-27 14:35 - 2010-10-27 14:35 - 0000048 ____H () C:\ProgramData\ezsidmv.dat

ZeroAccess:
C:\Users\ag\AppData\Local\f1646c60
C:\Users\ag\AppData\Local\f1646c60\@

Some content of TEMP:
====================
C:\Users\ag\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprawe4y.dll
C:\Users\ag\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\ag\AppData\Local\Temp\Quarantine.exe
C:\Users\ag\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-24 12:29

==================== End Of Log ============================

--- --- ---

deeprybka · 02.05.2015, 12:59

Hi,

Schritt 1

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:

Code:

ATTFilter

CloseProcesses:
File: C:\Windows\Temp\_ex-68.exe 
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction 
HKU\S-1-5-21-1969579996-2544780815-1722642228-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKU\S-1-5-21-1969579996-2544780815-1722642228-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
C:\Users\ag\AppData\Local\f1646c60
Task: {4AE82D41-5938-4661-BF5C-AD8006A8D1D5} - System32\Tasks\task21481337 => C:\Windows\Temp\_ex-68.exe
EmptyTemp:

Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.

Starte FRST und drücke auf den Fix-Button.
Das Tool erstellt eine "Fixlog.txt" -Datei.
Poste mir bitte deren Inhalt.

Schritt 2
Downloade dir bitte

Farbar Service Scanner

Starte das Tool mit Doppelklick auf die FSS.exe
Gehe sicher, dass folgende Optionen angehakt sind.
- Internet Services
- Windows Firewall
- System Restore
- Security Center/Action Center
- Windows Update
- Windows Defender
- Other Services
Klicke auf Scan.
Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.

Schritt 3

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 4

Bitte starte FRST erneut, und drücke auf Scan.
Bitte poste mir den Inhalt des Logs.

Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?

AGRO123 · 02.05.2015, 13:22

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-04-2015 01
Ran by ag at 2015-05-02 14:13:38 Run:1
Running from C:\Users\ag\Downloads
Loaded Profiles: ag (Available profiles: ag)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
File: C:\Windows\Temp\_ex-68.exe 
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction 
HKU\S-1-5-21-1969579996-2544780815-1722642228-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKU\S-1-5-21-1969579996-2544780815-1722642228-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
C:\Users\ag\AppData\Local\f1646c60
Task: {4AE82D41-5938-4661-BF5C-AD8006A8D1D5} - System32\Tasks\task21481337 => C:\Windows\Temp\_ex-68.exe
EmptyTemp:
         
*****************

Processes closed successfully.

========================= File: C:\Windows\Temp\_ex-68.exe ========================

"C:\Windows\Temp\_ex-68.exe" not found.
====== End Of File: ======

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1969579996-2544780815-1722642228-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-1969579996-2544780815-1722642228-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found. 
C:\Users\ag\AppData\Local\f1646c60 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4AE82D41-5938-4661-BF5C-AD8006A8D1D5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4AE82D41-5938-4661-BF5C-AD8006A8D1D5}" => Key deleted successfully.
C:\Windows\System32\Tasks\task21481337 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\task21481337" => Key deleted successfully.
EmptyTemp: => Removed 3.2 GB temporary data.


The system needed a reboot. 

==== End of Fixlog 14:14:03 ====

Code:

ATTFilter

Farbar Service Scanner Version: 17-01-2015
Ran by ag (administrator) on 02-05-2015 at 14:21:40
Running from "C:\Users\ag\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Policy: 
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

deeprybka · 02.05.2015, 13:22

Gut. ESET dauert jetzt eh länger...

AGRO123 · 02.05.2015, 14:38

:-) bisher 31%....und keine infizierten Dateien.

deeprybka · 02.05.2015, 14:39

Es reicht wenn Du das Log postest wenn der Scan fertig ist.

AGRO123 · 02.05.2015, 14:43

Ok. Denke das Eset läuft sicher noch 2h...falls ich es heute nicht mehr poste bekommst du es morgen früh frisch auf den Tisch serviert

deeprybka · 02.05.2015, 14:59

Alles klar.

AGRO123 · 03.05.2015, 19:26

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=1480867e8c44d243ae3e5824edee276c
# engine=23663
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-02 07:49:51
# local_time=2015-05-02 09:49:51 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='AVG AntiVirus Free Edition 2015'
# compatibility_mode=1055 16777213 100 100 130127 117730175 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 56356000 182226041 0 0
# scanned=787213
# found=15
# cleaned=0
# scan_time=26386
sh=CFA884D870D7A6E9999528D9DADBFEA953328FF1 ft=0 fh=0000000000000000 vn="Java/TrojanDownloader.OpenStream.NBL Trojaner" ac=I fn="I:\BACKUP\Backup Eigene Dateien 05.04.02011\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\26184865-3d387999"
sh=CFA884D870D7A6E9999528D9DADBFEA953328FF1 ft=0 fh=0000000000000000 vn="Java/TrojanDownloader.OpenStream.NBL Trojaner" ac=I fn="I:\BACKUP\Backup Eigene Dateien 05.04.02011\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\7e7f0a76-7eef96f6"
sh=B37DFA9A40BDDCCA145066D2F0AAA70918EE8B65 ft=1 fh=780ecde24001d472 vn="Win32/InstalleRex.J evtl. unerwünschte Anwendung" ac=I fn="I:\BACKUP\Backup Eigene Dateien 12.11.2013\AppData\Local\Temp\6Qv9eq5e.exe.part"
sh=6F641E894F1CC2D632783F298DB346E3EBA42B64 ft=1 fh=b81aeacf82eeafc6 vn="Variante von Win32/Kryptik.ADHA Trojaner" ac=I fn="I:\BACKUP\Backup Eigene Dateien 12.11.2013\AppData\Local\Temp\88A8.tmp"
sh=84E4891BFFED329B34E8A0F7A1FFB5467C2CC635 ft=1 fh=ad0f9bf1c27b9027 vn="Variante von Win32/Kryptik.ADGT Trojaner" ac=I fn="I:\BACKUP\Backup Eigene Dateien 12.11.2013\AppData\Local\Temp\8DF7.tmp"
sh=DF443B5E0295B2D8D0AAEDC3885290F614B967E7 ft=1 fh=874ba8c2cae118dd vn="Win32/AdWare.1ClickDownload.AT Anwendung" ac=I fn="I:\BACKUP\Backup Eigene Dateien 12.11.2013\AppData\Local\Temp\fEqqIkOW.exe.part"
sh=563C7F7C05BB3A821EC6A0E8F023EB3117563772 ft=1 fh=f600c7f8fda754f9 vn="Mehrere Bedrohungen" ac=I fn="I:\BACKUP\Backup Eigene Dateien 12.11.2013\AppData\Local\Temp\gGxZ_AaX.exe.part"
sh=AAB2EB7F7BB0D56AB508CB3A9C4F5939E8E34EF7 ft=1 fh=3b5dbb1e5bd2e88d vn="Variante von Win32/YourFileDownloader.A evtl. unerwünschte Anwendung" ac=I fn="I:\BACKUP\Backup Eigene Dateien 12.11.2013\AppData\Local\Temp\jcDaSBKT.exe.part"
sh=24DF65F477168A82D65A6A0F4AC5DBC16D9EF81E ft=1 fh=38312537acc186df vn="Mehrere Bedrohungen" ac=I fn="I:\BACKUP\Backup Eigene Dateien 12.11.2013\AppData\Local\Temp\JOwqc+Yd.exe.part"
sh=24D0BDACC789AAAA1B05650445E10395DFC7B4C7 ft=1 fh=ec8649b8a0ca8b86 vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="I:\BACKUP\Backup Eigene Dateien 12.11.2013\AppData\Local\Temp\mt1djxZ4.exe.part"
sh=D08BD350E0531B2DDDC4E81A69B001B2D0550003 ft=1 fh=f6585e7df79a84bc vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="I:\BACKUP\Backup Eigene Dateien 12.11.2013\AppData\Local\Temp\oPJpoUGg.exe.part"
sh=110ECA4CB995A6D1A76B0F3B02B1997C82132C9F ft=1 fh=5c77f41edb62d8c0 vn="Win32/InstalleRex.J evtl. unerwünschte Anwendung" ac=I fn="I:\BACKUP\Backup Eigene Dateien 12.11.2013\AppData\Local\Temp\uQRv30Di.exe.part"
sh=186060C285B73D0342DACE740C50B9A8B14A0C88 ft=1 fh=7b523398605b966c vn="Variante von Win32/ExpressDownloader.H evtl. unerwünschte Anwendung" ac=I fn="I:\BACKUP\Backup Eigene Dateien 12.11.2013\AppData\Local\Temp\WlTveewm.exe.part"
sh=CFA884D870D7A6E9999528D9DADBFEA953328FF1 ft=0 fh=0000000000000000 vn="Java/TrojanDownloader.OpenStream.NBL Trojaner" ac=I fn="I:\BACKUP\Backup Eigene Dateien 12.11.2013\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\26184865-3d387999"
sh=CFA884D870D7A6E9999528D9DADBFEA953328FF1 ft=0 fh=0000000000000000 vn="Java/TrojanDownloader.OpenStream.NBL Trojaner" ac=I fn="I:\BACKUP\Backup Eigene Dateien 12.11.2013\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\7e7f0a76-7eef96f6"

Guten Abend Jürgen,

das eset Programm hat 7h für den scan gebraucht...15 infizierte Dateien!

Grüße Andreas

deeprybka · 03.05.2015, 19:28

Ja, aber nichts aktives - alles alte Backup Dateien. Bitte die weiteren Anweisungen ausführen. Der Rest wird dann morgen erledigt, habe heute schon Feierabend.

AGRO123 · 03.05.2015, 19:47

Danke dir

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2015 01
Ran by ag (administrator) on AG-PC on 03-05-2015 20:41:23
Running from C:\Users\ag\Downloads
Loaded Profiles: ag (Available profiles: ag)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
() C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
() C:\Program Files (x86)\VVW\Update\VVWUpdateDienst.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
() C:\Program Files (x86)\VVW\Update\VVWUpdateTray.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Dropbox, Inc.) C:\Users\ag\AppData\Roaming\Dropbox\bin\Dropbox.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [Daemon for Mouse Suite] => C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.EXE 60
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2041192 2012-10-10] ()
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-12-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3745232 2015-04-15] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-1969579996-2544780815-1722642228-1001\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-1969579996-2544780815-1722642228-1001\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe [202024 2007-09-20] (Nero AG)
HKU\S-1-5-21-1969579996-2544780815-1722642228-1001\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-04-19] (Nokia)
HKU\S-1-5-21-1969579996-2544780815-1722642228-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1562264 2014-07-25] (Samsung)
Startup: C:\Users\ag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012-01-10]
ShortcutTarget: Dropbox.lnk -> C:\Users\ag\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VVWUpdateTray.lnk [2014-10-16]
ShortcutTarget: VVWUpdateTray.lnk -> C:\Program Files (x86)\VVW\Update\VVWUpdateTray.exe ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ag\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ag\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ag\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ag\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [Symbol-Overlay-Steuerprogramm für AutoCAD Digitale Signaturen] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2010-02-10] (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ag\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ag\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ag\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1969579996-2544780815-1722642228-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1969579996-2544780815-1722642228-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-1969579996-2544780815-1722642228-1001 -> {0B131811-4AEA-44BD-A470-68E0C30CA2DB} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssie.dll No File
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\ag\AppData\Roaming\Mozilla\Firefox\Profiles\zg88klxh.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-18] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-18] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-04-08] ()
FF Plugin-x32: @eleco.com/o2cplayer -> C:\Program Files (x86)\o2c Player\npO2CPlayer.DLL [2011-03-30] (Eleco plc)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2013-04-19] ( )
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2012-10-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2012-10-02] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-08-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-08-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-08-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-08-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-08-13] (Apple Inc.)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-04-13]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3438032 2015-04-15] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [311792 2015-04-15] (AVG Technologies CZ, s.r.o.)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-09-20] (Nero AG)
R2 NVIDIA Performance Driver Service; C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [4901888 2009-05-14] () [File not signed]
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [49136 2015-03-27] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2010-09-16] (Lenovo Group Limited) [File not signed]
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-09-16] (Lenovo Group Limited)
R2 VVWUpdateService; C:\Program Files (x86)\VVW\Update\VVWUpdateDienst.exe [3079808 2014-03-28] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [284128 2015-04-09] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [213984 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [256992 2015-04-15] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [344544 2015-03-11] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [137184 2015-04-03] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [291296 2015-04-07] (AVG Technologies CZ, s.r.o.)
S3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl564.sys [754688 2006-10-12] (Broadcom Corporation) [File not signed]
R3 DLKRT64; C:\Windows\System32\DRIVERS\DLKRT64.sys [215040 2009-08-06] (D-Link corp.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 PCASp50a64; C:\Windows\System32\Drivers\PCASp50a64.sys [34304 2005-11-19] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [115240 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [19496 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [158760 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [137256 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [34344 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [136744 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [151592 2008-05-16] (MCCI Corporation)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-07-02] (Lenovo (United States) Inc.)
S3 ADIHdAudAddService; system32\drivers\ADIHdAud.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-02 14:25 - 2015-05-02 14:25 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-05-02 14:23 - 2015-05-02 14:23 - 02347384 _____ (ESET) C:\Users\ag\Desktop\esetsmartinstaller_deu.exe
2015-05-02 14:21 - 2015-05-02 14:21 - 00002742 _____ () C:\Users\ag\Desktop\FSS.txt
2015-05-02 14:20 - 2015-05-02 14:20 - 00415232 _____ (Farbar) C:\Users\ag\Desktop\FSS.exe
2015-05-02 12:02 - 2015-05-02 12:03 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-02 12:02 - 2015-05-02 12:02 - 00001116 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-02 12:02 - 2015-05-02 12:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-05-02 12:02 - 2015-05-02 12:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-02 12:02 - 2015-05-02 12:02 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-05-02 12:02 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-02 12:02 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-02 12:02 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-02 12:01 - 2015-05-02 12:01 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\ag\Desktop\mbam-setup-2.1.6.1022.exe
2015-05-01 10:06 - 2015-05-02 11:39 - 00000000 ____D () C:\AdwCleaner
2015-05-01 10:05 - 2015-05-01 10:05 - 02224640 ____N () C:\Users\ag\Desktop\AdwCleaner_4.202.exe
2015-04-30 17:49 - 2015-04-30 17:49 - 00030259 ____N () C:\ComboFix.txt
2015-04-30 17:19 - 2015-04-30 17:49 - 00000000 ____D () C:\Qoobox
2015-04-30 17:19 - 2011-06-26 08:45 - 00256000 ____N () C:\Windows\PEV.exe
2015-04-30 17:19 - 2010-11-07 19:20 - 00208896 ____N () C:\Windows\MBR.exe
2015-04-30 17:19 - 2009-04-20 06:56 - 00060416 ____N (NirSoft) C:\Windows\NIRCMD.exe
2015-04-30 17:19 - 2000-08-31 02:00 - 00518144 ____N (SteelWerX) C:\Windows\SWREG.exe
2015-04-30 17:19 - 2000-08-31 02:00 - 00406528 ____N (SteelWerX) C:\Windows\SWSC.exe
2015-04-30 17:19 - 2000-08-31 02:00 - 00098816 ____N () C:\Windows\sed.exe
2015-04-30 17:19 - 2000-08-31 02:00 - 00080412 ____N () C:\Windows\grep.exe
2015-04-30 17:19 - 2000-08-31 02:00 - 00068096 ____N () C:\Windows\zip.exe
2015-04-30 17:18 - 2015-04-30 17:47 - 00000000 ____D () C:\Windows\erdnt
2015-04-30 17:12 - 2015-04-30 17:12 - 05619691 ____R (Swearware) C:\Users\ag\Desktop\ComboFix.exe
2015-04-30 16:51 - 2015-04-30 16:51 - 04197016 ____N (Kaspersky Lab ZAO) C:\Users\ag\Downloads\tdsskiller.exe
2015-04-30 10:56 - 2015-04-30 10:56 - 00060944 ____N () C:\Users\ag\Downloads\Addition.txt
2015-04-30 09:04 - 2015-05-03 20:41 - 00019642 _____ () C:\Users\ag\Downloads\FRST.txt
2015-04-30 09:04 - 2015-05-03 20:41 - 00000000 ____D () C:\FRST
2015-04-30 09:03 - 2015-04-30 09:03 - 02101248 ____N (Farbar) C:\Users\ag\Downloads\FRST64.exe
2015-04-30 00:04 - 2015-04-30 00:04 - 00000502 ____N () C:\Users\ag\Desktop\01.csv
2015-04-29 16:14 - 2015-04-29 16:15 - 46525608 ____N (Safer-Networking Ltd. ) C:\Users\ag\Downloads\spybot-2.4.40.exe
2015-04-22 09:56 - 2015-04-22 09:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-15 13:06 - 2015-04-15 13:06 - 00256992 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2015-04-15 09:16 - 2015-03-25 05:24 - 03298816 ____N (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 09:16 - 2015-03-25 05:24 - 02553856 ____N (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 09:16 - 2015-03-25 05:24 - 00696320 ____N (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 09:16 - 2015-03-25 05:24 - 00191488 ____N (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 09:16 - 2015-03-25 05:24 - 00098304 ____N (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 09:16 - 2015-03-25 05:24 - 00060416 ____N (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 09:16 - 2015-03-25 05:24 - 00037376 ____N (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 09:16 - 2015-03-25 05:24 - 00035328 ____N (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 09:16 - 2015-03-25 05:23 - 00135168 ____N (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 09:16 - 2015-03-25 05:23 - 00036864 ____N (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 09:16 - 2015-03-25 05:23 - 00012288 ____N (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 09:16 - 2015-03-25 05:00 - 00566784 ____N (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 09:16 - 2015-03-25 05:00 - 00173056 ____N (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 09:16 - 2015-03-25 05:00 - 00092672 ____N (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 09:16 - 2015-03-25 05:00 - 00033792 ____N (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 09:16 - 2015-03-25 05:00 - 00029696 ____N (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 09:16 - 2015-03-17 07:22 - 05557696 ____N (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 09:16 - 2015-03-17 07:19 - 01727904 ____N (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 09:16 - 2015-03-17 07:16 - 01163264 ____N (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-15 09:16 - 2015-03-17 07:16 - 00424448 ____N (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-15 09:16 - 2015-03-17 07:01 - 03920824 ____N (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-15 09:16 - 2015-03-17 06:59 - 01309696 ____N (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-15 09:16 - 2015-03-10 05:25 - 01882624 ____N (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 09:16 - 2015-03-10 05:21 - 00002048 ____N (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 09:16 - 2015-03-10 05:08 - 01237504 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-15 09:16 - 2015-03-10 05:05 - 00002048 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-15 09:16 - 2015-03-05 07:12 - 00404480 ____N (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 09:16 - 2015-03-05 06:05 - 00311808 ____N (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-15 09:15 - 2015-04-02 02:17 - 00389808 ____N (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-15 09:15 - 2015-04-02 01:49 - 00342704 ____N (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-15 09:15 - 2015-03-17 07:22 - 00155576 ____N (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 09:15 - 2015-03-17 07:22 - 00095672 ____N (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 09:15 - 2015-03-17 07:17 - 00362496 ____N (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-15 09:15 - 2015-03-17 07:17 - 00243712 ____N (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-15 09:15 - 2015-03-17 07:17 - 00013312 ____N (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-15 09:15 - 2015-03-17 07:16 - 01461760 ____N (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-15 09:15 - 2015-03-17 07:16 - 00728064 ____N (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-15 09:15 - 2015-03-17 07:16 - 00503808 ____N (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-15 09:15 - 2015-03-17 07:16 - 00341504 ____N (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-15 09:15 - 2015-03-17 07:16 - 00314880 ____N (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-15 09:15 - 2015-03-17 07:16 - 00309760 ____N (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-15 09:15 - 2015-03-17 07:16 - 00296960 ____N (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 09:15 - 2015-03-17 07:16 - 00215040 ____N (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-15 09:15 - 2015-03-17 07:16 - 00210944 ____N (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-15 09:15 - 2015-03-17 07:16 - 00136192 ____N (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-15 09:15 - 2015-03-17 07:16 - 00112640 ____N (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-15 09:15 - 2015-03-17 07:16 - 00086528 ____N (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-15 09:15 - 2015-03-17 07:16 - 00050176 ____N (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 09:15 - 2015-03-17 07:16 - 00043520 ____N (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-15 09:15 - 2015-03-17 07:16 - 00029184 ____N (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-15 09:15 - 2015-03-17 07:16 - 00028160 ____N (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-15 09:15 - 2015-03-17 07:16 - 00022016 ____N (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-15 09:15 - 2015-03-17 07:16 - 00016384 ____N (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-15 09:15 - 2015-03-17 07:15 - 00338432 ____N (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-15 09:15 - 2015-03-17 07:15 - 00064000 ____N (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 09:15 - 2015-03-17 07:15 - 00031232 ____N (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-15 09:15 - 2015-03-17 07:13 - 00146432 ____N (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 09:15 - 2015-03-17 07:13 - 00060416 ____N (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 09:15 - 2015-03-17 07:11 - 00686080 ____N (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 09:15 - 2015-03-17 07:11 - 00006656 ____N (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-15 09:15 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 07:01 - 03976632 ____N (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-15 09:15 - 2015-03-17 06:57 - 00550912 ____N (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-15 09:15 - 2015-03-17 06:57 - 00259584 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-15 09:15 - 2015-03-17 06:57 - 00248832 ____N (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-15 09:15 - 2015-03-17 06:57 - 00221184 ____N (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-15 09:15 - 2015-03-17 06:57 - 00172032 ____N (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-15 09:15 - 2015-03-17 06:57 - 00065536 ____N (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-15 09:15 - 2015-03-17 06:57 - 00043008 ____N (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-15 09:15 - 2015-03-17 06:57 - 00022016 ____N (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-15 09:15 - 2015-03-17 06:57 - 00014336 ____N (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-15 09:15 - 2015-03-17 06:56 - 01114112 ____N (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-15 09:15 - 2015-03-17 06:56 - 00274944 ____N (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-15 09:15 - 2015-03-17 06:56 - 00096768 ____N (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-15 09:15 - 2015-03-17 06:56 - 00050176 ____N (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-15 09:15 - 2015-03-17 06:56 - 00025600 ____N (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-15 09:15 - 2015-03-17 06:56 - 00017408 ____N (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-15 09:15 - 2015-03-17 06:56 - 00005120 ____N (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-15 09:15 - 2015-03-17 06:53 - 00146432 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-15 09:15 - 2015-03-17 06:53 - 00060416 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-15 09:15 - 2015-03-17 06:50 - 00686080 ____N (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-15 09:15 - 2015-03-17 06:50 - 00006656 ____N (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-15 09:15 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 05:45 - 00007680 ____N (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-15 09:15 - 2015-03-17 05:45 - 00002048 ____N (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-15 09:15 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 09:15 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-15 09:15 - 2015-03-13 06:32 - 24980480 ____N (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 09:15 - 2015-03-13 06:25 - 02724864 ____N (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 09:15 - 2015-03-13 06:25 - 00004096 ____N (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 09:15 - 2015-03-13 06:09 - 00066560 ____N (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-15 09:15 - 2015-03-13 06:08 - 00584192 ____N (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 09:15 - 2015-03-13 06:08 - 00417280 ____N (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 09:15 - 2015-03-13 06:08 - 00048640 ____N (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-15 09:15 - 2015-03-13 06:07 - 02886144 ____N (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 09:15 - 2015-03-13 06:06 - 00088064 ____N (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-15 09:15 - 2015-03-13 06:00 - 00054784 ____N (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 09:15 - 2015-03-13 05:59 - 00034304 ____N (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-15 09:15 - 2015-03-13 05:55 - 00633856 ____N (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 09:15 - 2015-03-13 05:54 - 00144384 ____N (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 09:15 - 2015-03-13 05:54 - 00114688 ____N (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-15 09:15 - 2015-03-13 05:53 - 00814080 ____N (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-15 09:15 - 2015-03-13 05:50 - 06025216 ____N (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 09:15 - 2015-03-13 05:44 - 00968704 ____N (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 09:15 - 2015-03-13 05:42 - 19695616 ____N (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 09:15 - 2015-03-13 05:42 - 02724864 ____N (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-15 09:15 - 2015-03-13 05:40 - 00490496 ____N (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 09:15 - 2015-03-13 05:32 - 00077824 ____N (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 09:15 - 2015-03-13 05:28 - 00503296 ____N (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 09:15 - 2015-03-13 05:28 - 00062464 ____N (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-15 09:15 - 2015-03-13 05:27 - 00340992 ____N (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-15 09:15 - 2015-03-13 05:27 - 00199680 ____N (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-15 09:15 - 2015-03-13 05:27 - 00047616 ____N (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-15 09:15 - 2015-03-13 05:26 - 00092160 ____N (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 09:15 - 2015-03-13 05:26 - 00064000 ____N (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-15 09:15 - 2015-03-13 05:23 - 00316928 ____N (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 09:15 - 2015-03-13 05:22 - 02278400 ____N (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-15 09:15 - 2015-03-13 05:20 - 00047104 ____N (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-15 09:15 - 2015-03-13 05:20 - 00030720 ____N (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-15 09:15 - 2015-03-13 05:17 - 00478208 ____N (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-15 09:15 - 2015-03-13 05:16 - 00115712 ____N (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-15 09:15 - 2015-03-13 05:15 - 00620032 ____N (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-15 09:15 - 2015-03-13 05:08 - 00720384 ____N (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 09:15 - 2015-03-13 05:07 - 00801280 ____N (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 09:15 - 2015-03-13 05:06 - 00418304 ____N (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-15 09:15 - 2015-03-13 05:05 - 02125824 ____N (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 09:15 - 2015-03-13 05:05 - 01359360 ____N (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-15 09:15 - 2015-03-13 05:01 - 00060416 ____N (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-15 09:15 - 2015-03-13 05:00 - 14397440 ____N (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 09:15 - 2015-03-13 04:57 - 00168960 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-15 09:15 - 2015-03-13 04:56 - 00076288 ____N (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-15 09:15 - 2015-03-13 04:54 - 00285696 ____N (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-15 09:15 - 2015-03-13 04:49 - 04305408 ____N (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 09:15 - 2015-03-13 04:45 - 02358784 ____N (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 09:15 - 2015-03-13 04:44 - 00689152 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 09:15 - 2015-03-13 04:43 - 02052608 ____N (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-15 09:15 - 2015-03-13 04:42 - 01155072 ____N (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-15 09:15 - 2015-03-13 04:34 - 12825600 ____N (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 09:15 - 2015-03-13 04:33 - 01548288 ____N (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 09:15 - 2015-03-13 04:22 - 00800768 ____N (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 09:15 - 2015-03-13 04:20 - 01888256 ____N (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 09:15 - 2015-03-13 04:16 - 01311232 ____N (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 09:15 - 2015-03-13 04:14 - 00710144 ____N (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-15 09:15 - 2015-03-04 06:55 - 00367552 ____N (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 09:15 - 2015-03-04 06:41 - 00079360 ____N (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 09:15 - 2015-03-04 06:10 - 00058880 ____N (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-15 09:15 - 2015-02-25 05:18 - 00754688 ____N (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-09 14:11 - 2015-04-09 14:11 - 00284128 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2015-04-07 12:39 - 2015-04-07 12:39 - 00291296 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2015-04-06 15:31 - 2015-04-06 16:00 - 00001588 ____N () C:\Users\ag\Desktop\Neues Textdokument.txt
2015-04-03 09:34 - 2015-04-03 09:34 - 00137184 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-03 20:18 - 2011-03-28 20:36 - 00000632 _____ () C:\Windows\Tasks\WebContent AutoUpdate 2011.job
2015-05-03 20:17 - 2013-07-17 14:10 - 00000650 _____ () C:\Windows\Tasks\WebContent AutoUpdate 2012.job
2015-05-03 20:17 - 2013-07-17 14:10 - 00000494 _____ () C:\Windows\Tasks\AutoUpdate Allplan 2012.job
2015-05-03 19:52 - 2011-07-24 23:01 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-03 13:00 - 2012-02-25 14:16 - 00003480 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2015-05-03 13:00 - 2012-02-25 14:16 - 00003448 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2015-05-03 13:00 - 2012-02-25 14:16 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2015-05-03 13:00 - 2010-10-27 15:08 - 00006107 _____ () C:\Windows\system32\lvcoinst.log
2015-05-03 11:52 - 2011-07-24 23:01 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-03 10:11 - 2010-10-26 12:54 - 01140990 _____ () C:\Windows\WindowsUpdate.log
2015-05-02 14:23 - 2009-07-14 06:45 - 00014960 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-02 14:23 - 2009-07-14 06:45 - 00014960 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-02 14:16 - 2012-01-10 17:55 - 00000000 ___RD () C:\Users\ag\Dropbox
2015-05-02 14:16 - 2012-01-10 17:52 - 00000000 ____D () C:\Users\ag\AppData\Roaming\Dropbox
2015-05-02 14:15 - 2011-05-28 12:09 - 00130024 _____ () C:\Windows\setupact.log
2015-05-02 14:15 - 2010-10-26 13:39 - 00180080 _____ () C:\Windows\PFRO.log
2015-05-02 14:15 - 2010-10-26 12:57 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-02 14:15 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-02 10:13 - 2010-10-26 18:06 - 00000000 ____D () C:\ProgramData\MFAData
2015-05-01 12:38 - 2010-10-26 15:40 - 00000000 ____D () C:\SWSHARE
2015-05-01 12:32 - 2010-10-27 10:37 - 00000000 ____D () C:\Users\ag\ARCHITEKTUR
2015-05-01 11:52 - 2010-10-26 12:54 - 00000000 ____D () C:\Users\ag
2015-04-30 17:46 - 2009-07-14 04:34 - 00000215 ____N () C:\Windows\system.ini
2015-04-27 18:09 - 2010-10-27 14:33 - 00000000 ____D () C:\Users\ag\AppData\Roaming\Skype
2015-04-25 16:15 - 2014-10-20 16:19 - 00000991 ____N () C:\Users\Public\Desktop\AVG 2015.lnk
2015-04-25 16:15 - 2014-03-31 21:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-04-24 09:42 - 2012-01-10 17:55 - 00001017 ____N () C:\Users\ag\Desktop\Dropbox.lnk
2015-04-24 09:42 - 2012-01-10 17:53 - 00000000 ____D () C:\Users\ag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-23 09:28 - 2012-07-09 20:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-22 09:33 - 2013-07-17 10:40 - 00000000 ____D () C:\ProgramData\Lenovo
2015-04-22 09:33 - 2010-10-26 15:42 - 00000000 ____D () C:\Windows\System32\Tasks\TVT
2015-04-22 09:33 - 2010-10-26 15:40 - 00000000 ____D () C:\Program Files (x86)\Lenovo
2015-04-22 09:33 - 2010-10-26 15:30 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2015-04-20 09:18 - 2012-02-25 14:16 - 00000528 ____N () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2015-04-19 18:00 - 2012-02-25 14:16 - 00004220 ____N () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2015-04-17 00:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-04-17 00:11 - 2009-07-14 19:58 - 00700130 ____N () C:\Windows\system32\perfh007.dat
2015-04-17 00:11 - 2009-07-14 19:58 - 00148926 ____N () C:\Windows\system32\perfc007.dat
2015-04-17 00:11 - 2009-07-14 07:13 - 01621148 ____N () C:\Windows\system32\PerfStringBackup.INI
2015-04-15 17:54 - 2010-10-26 19:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-15 17:53 - 2011-02-21 19:45 - 01598106 ____N () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-12 14:00 - 2010-10-27 14:33 - 00000000 ____D () C:\ProgramData\Skype

==================== Files in the root of some directories =======

2012-05-24 20:45 - 2012-09-18 13:11 - 0000132 _____ () C:\Users\ag\AppData\Roaming\Adobe BMP Format CS5 Prefs
2012-04-14 12:18 - 2012-04-14 12:19 - 0000132 _____ () C:\Users\ag\AppData\Roaming\Adobe PNG Format CS5 Prefs
2011-02-21 23:36 - 2014-12-26 00:48 - 0006656 _____ () C:\Users\ag\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-08-16 21:56 - 2011-08-16 21:56 - 0004096 ____H () C:\Users\ag\AppData\Local\keyfile3.drm
2010-10-27 14:35 - 2010-10-27 14:35 - 0000048 ____H () C:\ProgramData\ezsidmv.dat

Some content of TEMP:
====================
C:\Users\ag\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpl2ptbu.dll
C:\Users\ag\AppData\Local\Temp\NOSEventMessages.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-24 12:29

==================== End Of Log ============================

--- --- ---

AGRO123 · 05.05.2015, 16:43

Hallo an alle die meinen Beitrag hier lesen und natürlich an dich Jürgen, ein großes Dankeschön für deine Hilfe.

Zur Sache: Gestern Abend war ich mit Kollegen ein Feierabendbierchen trinken, ich erzählte in der Runde von dem was mir mit dieser fake email von DHL geschehen ist. Ein Sitznachbar hörte mit und unterbrach mein Gespräch freundlich.
Er erzählte, dass er vor 2 Wochen dieselbe Email mit der DHL Sendungsankündigung erhalten habe, auch er hat versehentlich den Sendungsverfolgungslink angeklickt. Bei ihm ging die Sache nicht so gut aus...es hatte sich auf seinem Rechner ein Trojaner UNBEMERKT eingenistet, als er einen Tag später in sein online banking ging, war der Troyaner sofort aktiv. Er tätigte seine Überweisung, bekam von der Bank die Bestätigungs - SMS mit der TAN zum eingeben, und überwies ganz normal seinen gewünschten Betrag an den entsprechenden Empfänger. Jetzt kommt der Hammer: 2 Tage später schaut er in sein online banking die Umsatzanzeige an und sieht einen Überweisungsbetrag von 2900,00 Euro an einen ihm nicht bekannten Empfänger.
Nach Recherche kam raus, dass diese Kriminellen mithilfe des Trojaners ein dem Besitzer nicht sichtbares Browser Fenster über sein aktives (für ihn sichtbares) gelegt hatten. Daher dachte er auch, dass er seinen gewünschten Betrag an den für ihn bestimmten Empfänger überweist - Pustekuchen - die Hacker hatten kurzerhand den Betrag und die Kontonummer mit Empfänger geändert. Und er gibt danach dann ganz normal seine TAN aus der SMS ein - völlig unwissend überweist er damit 2900 Lappen an diese f..... hacker!

Also an ALLE, seid gewarnt, die Machenschaften der online Kriminalität werden immer dreister und vor allem unbemerkbarer.

Euch einen schönen Abend.

deeprybka · 05.05.2015, 17:56

Hi,
danke für diese Mitteilung. Ich sag aber mal so, da ist er schon selber schuld. Ich weiß ja nicht welche Bank er hat. Normalerweise wird nicht nur die SMS-TAN geschickt sondern auch Betrag und Kontonummer. Also würde das sofort auffallen.

Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?

AGRO123 · 05.05.2015, 18:56

Ja das stimmt...es war die deutsche bank. Er hätte eigentlich den Betrag und die Kontonummer sehen sollen.
Mein pc läuft ohne probleme....ist dir noch was in der letzten log file aufgefallen?
Danke dir.

02.05.2015, 12:08	#16
deeprybka /// TB-Ausbilder /// Anleitungs-Guru	DHL Paketankündigung fake email - leider versehentlich den Sendungsstatus link angeklickt - Infiziert? Gut und noch das FRST. __________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

02.05.2015, 13:22	#20
deeprybka /// TB-Ausbilder /// Anleitungs-Guru	DHL Paketankündigung fake email - leider versehentlich den Sendungsstatus link angeklickt - Infiziert? Gut. ESET dauert jetzt eh länger... __________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

02.05.2015, 14:39	#22
deeprybka /// TB-Ausbilder /// Anleitungs-Guru	DHL Paketankündigung fake email - leider versehentlich den Sendungsstatus link angeklickt - Infiziert? Es reicht wenn Du das Log postest wenn der Scan fertig ist. __________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

02.05.2015, 14:59	#24
deeprybka /// TB-Ausbilder /// Anleitungs-Guru	DHL Paketankündigung fake email - leider versehentlich den Sendungsstatus link angeklickt - Infiziert? Alles klar. __________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

DHL Paketankündigung fake email - leider versehentlich den Sendungsstatus link angeklickt - Infiziert?

Plagegeister aller Art und deren Bekämpfung: DHL Paketankündigung fake email - leider versehentlich den Sendungsstatus link angeklickt - Infiziert?