Angeblicher Keylogger/Rootkit: Doctor2 rundll32.exe

Exa · 22.06.2014, 13:30

Hallo,

Code:

ATTFilter

# AdwCleaner v3.212 - Bericht erstellt am 22/06/2014 um 14:05:03
# Aktualisiert 05/06/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Alex - ALEX-PC
# Gestartet von : C:\Users\Alex\Desktop\adwcleaner_3.212.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\Users\Alex\AppData\Roaming\UpdaterEX

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_winrar-64-bit_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_winrar-64-bit_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\UpdaterEX

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17126


-\\ Mozilla Firefox v30.0 (de)

[ Datei : C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\f2vgn55p.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.wajam.affiliate_id", "8523");
Zeile gelöscht : user_pref("extensions.wajam.firstrun", "false");
Zeile gelöscht : user_pref("extensions.wajam.log_send_info", "false");
Zeile gelöscht : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21087\",\"update_interval\":1060,\"base_url\":\"hxxp:\\/\\/www.wajam.com\\/\",\"update_url\":\"hxxp:\\/\\/www.wajam.com\\/addon\\/[...]
Zeile gelöscht : user_pref("extensions.wajam.no_trace", "false");
Zeile gelöscht : user_pref("extensions.wajam.server_current_mapping_version", "0.21087");
Zeile gelöscht : user_pref("extensions.wajam.trace_log", "1386016831179 - processDOMLoad - mappingListJsonString is null, request mapping\n1386016831181 - processDOMLoad - Checking: hxxp://de.pcthreat.com/parasitebyid[...]
Zeile gelöscht : user_pref("extensions.wajam.unique_id", "FDD8EA1305A791AFB9C7A394C4B8A2AB");
Zeile gelöscht : user_pref("extensions.wajam.user_current_mapping_version", "0");
Zeile gelöscht : user_pref("extensions.wajam.version", "1.26");

*************************

AdwCleaner[R0].txt - [2585 octets] - [22/06/2014 14:04:27]
AdwCleaner[S0].txt - [2408 octets] - [22/06/2014 14:05:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2468 octets] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Home Premium x64
Ran by Alex on 22.06.2014 at 14:12:14,26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values




~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Emptied folder: C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\f2vgn55p.default\minidumps [41 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.06.2014 at 14:14:58,98
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-06-2014
Ran by Alex (administrator) on ALEX-PC on 22-06-2014 14:16:30
Running from C:\Users\Alex\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
(FNet Co., Ltd.) C:\Program Files (x86)\XFastUSB\XFastUsb.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2013-07-26] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8290584 2013-08-01] (Logitech Inc.)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1279480 2014-05-30] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-30] (NVIDIA Corporation)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1743088 2014-05-21] (Bitdefender)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-03-12] (Intel Corporation)
HKLM-x32\...\Run: [XFastUSB] => C:\Program Files (x86)\XFastUSB\XFastUsb.exe [4936968 2013-11-02] (FNet Co., Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\.DEFAULT\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-05-20] (Bitdefender)
HKU\.DEFAULT\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [614744 2014-04-09] (Bitdefender)
HKU\.DEFAULT\...\Run: [Bitdefender-Geldbörse] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-04-09] (Bitdefender)
HKU\S-1-5-21-2514585675-1378572018-3791475494-1000\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-05-20] (Bitdefender)
HKU\S-1-5-21-2514585675-1378572018-3791475494-1000\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [614744 2014-04-09] (Bitdefender)
Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk
ShortcutTarget: Samsung Magician.lnk -> C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe (Samsung Electronics.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x65B23CA2D9D7CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender)
BHO-x32: Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll (Bitdefender)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\f2vgn55p.default
FF Homepage: https://www.google.de/
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*'))%20%7B%20return%20'PROXY%20nq-us05.personalitycores.com%3A8000%3B%20PROXY%20nq-us10.personalitycores.com%3A8000%3B%20PROXY%20nq-us04.personalitycores.com%3A8000%3B%20PROXY%20nq-us09.personalitycores.com%3A8000%3B%20PROXY%20nq-us08.personalitycores.com%3A8000%3B%20PROXY%20nq-us11.personalitycores.com%3A8000%3B%20PROXY%20nq-us12.personalitycores.com%3A8000%3B%20PROXY%20nq-us06.personalitycores.com%3A8000%3B%20PROXY%20nq-us07.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "ftp", "71.56.183.237"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "71.56.183.237"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "71.56.183.237"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxMate - Proxy on steroids! - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\f2vgn55p.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2014-01-26]
FF Extension: Adblock Plus - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\f2vgn55p.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-02]
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman [2014-06-18]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-06-18]
FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman\
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman\ []
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-06-18]

==================== Services (Whitelisted) =================

S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77632 2013-11-21] (Bitdefender)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-30] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2013-11-21] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-10] ()
R2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2013-10-07] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1526800 2014-05-21] (Bitdefender)
S2 avgwd; F:\AVG\avgwdsvc.exe [X]

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [893440 2013-12-02] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [635392 2013-12-02] (BitDefender)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192824 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-09-02] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2013-11-13] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [76944 2012-04-17] (BitDefender)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [495376 2013-05-30] (Intel Corporation)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2013-11-02] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [16648 2013-11-02] (FNet Co., Ltd.)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-22] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0116.sys [28768 2014-03-12] (SoftEther VPN Project at University of Tsukuba, Japan.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [389240 2013-08-07] (BitDefender S.R.L.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-22 14:14 - 2014-06-22 14:14 - 00000850 _____ () C:\Users\Alex\Desktop\JRT.txt
2014-06-22 14:09 - 2014-06-22 14:09 - 00000000 ____D () C:\Windows\ERUNT
2014-06-22 14:04 - 2014-06-22 14:05 - 00000000 ____D () C:\AdwCleaner
2014-06-18 17:12 - 2014-06-18 17:12 - 00513892 _____ () C:\ProgramData\1403104218.bdinstall.bin
2014-06-18 17:12 - 2014-06-18 17:12 - 00002193 _____ () C:\Users\Alex\Desktop\Bitdefender Safepay.lnk
2014-06-18 17:12 - 2014-06-18 17:12 - 00002074 _____ () C:\Users\Alex\Desktop\Bitdefender Total Security.lnk
2014-06-18 17:12 - 2014-06-18 17:12 - 00000684 ____H () C:\bdr-cf01
2014-06-18 17:12 - 2014-06-18 17:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender
2014-06-18 17:11 - 2014-06-18 17:12 - 00253404 ____H () C:\bdr-ld01
2014-06-18 17:11 - 2014-06-18 17:12 - 00009216 ____H () C:\bdr-ld01.mbr
2014-06-18 17:11 - 2014-06-18 17:12 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Bitdefender
2014-06-18 17:11 - 2013-12-02 12:58 - 00635392 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2014-06-18 17:11 - 2013-12-02 12:56 - 00893440 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2014-06-18 17:11 - 2013-11-13 16:41 - 00093600 _____ (BitDefender LLC) C:\Windows\system32\Drivers\BdfNdisf6.sys
2014-06-18 17:11 - 2013-11-04 16:47 - 00082824 _____ (BitDefender SRL) C:\Windows\system32\Drivers\bdsandbox.sys
2014-06-18 17:11 - 2013-09-24 16:38 - 46879860 ____H () C:\bdr-im01.gz
2014-06-18 17:11 - 2013-08-13 13:38 - 03271472 ____H () C:\bdr-bz01
2014-06-18 17:11 - 2012-04-17 14:34 - 00076944 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys
2014-06-18 17:10 - 2014-06-18 17:12 - 00000000 ____D () C:\ProgramData\Bitdefender
2014-06-18 17:10 - 2013-08-23 13:48 - 00150256 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2014-06-18 17:10 - 2013-08-07 13:46 - 00389240 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2014-06-18 17:09 - 2014-06-18 17:09 - 00062193 _____ () C:\ProgramData\1403104148.bdinstall.bin
2014-06-18 17:08 - 2014-06-18 17:08 - 00017631 _____ () C:\Users\Alex\Desktop\ComboFix.txt
2014-06-18 17:08 - 2014-06-18 17:08 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-18 17:08 - 2014-06-18 17:08 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-18 17:08 - 2014-06-18 17:08 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-18 17:05 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-18 17:05 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-18 17:05 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-18 17:05 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-18 17:05 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-18 17:05 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-18 17:05 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-18 17:05 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-18 16:54 - 2014-06-18 17:08 - 00000000 ____D () C:\Qoobox
2014-06-18 16:54 - 2014-06-18 17:07 - 00000000 ____D () C:\Windows\erdnt
2014-06-18 13:22 - 2014-06-22 14:16 - 00017669 _____ () C:\Users\Alex\Desktop\FRST.txt
2014-06-18 13:22 - 2014-06-18 13:23 - 00026678 _____ () C:\Users\Alex\Downloads\Addition.txt
2014-06-18 13:21 - 2014-06-22 14:16 - 00000000 ____D () C:\FRST
2014-06-18 13:21 - 2014-06-18 13:21 - 02081280 _____ (Farbar) C:\Users\Alex\Desktop\FRST64.exe
2014-06-18 10:27 - 2014-06-18 10:27 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1403080315885
2014-06-18 10:27 - 2014-06-18 10:27 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1403080315885
2014-06-18 10:26 - 2014-06-18 10:26 - 94714880 _____ (AVAST Software) C:\Users\Alex\Downloads\avast_free_antivirus_setup_21514.exe
2014-06-17 23:22 - 2014-06-17 23:22 - 00577058 _____ () C:\Users\Alex\Downloads\Skada-1.4-17.zip
2014-06-17 22:53 - 2014-06-19 00:19 - 00000000 ____D () C:\Users\Alex\AppData\Local\Battle.net
2014-06-17 22:53 - 2014-06-17 22:55 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Battle.net
2014-06-17 22:53 - 2014-06-17 22:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-06-17 22:52 - 2014-06-17 22:53 - 00000000 ____D () C:\ProgramData\Battle.net
2014-06-17 22:46 - 2014-06-17 22:46 - 02907552 _____ (Blizzard Entertainment) C:\Users\Alex\Downloads\Battle.net-Setup-deDE(1).exe
2014-06-17 21:22 - 2014-06-17 22:53 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-06-16 15:47 - 2014-06-16 15:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2014-06-16 14:58 - 2014-06-16 14:58 - 00000000 ____D () C:\Users\Alex\AppData\Local\Blizzard Entertainment
2014-06-16 13:56 - 2014-06-22 14:11 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-16 13:56 - 2014-06-16 13:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-16 13:56 - 2014-06-16 13:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-16 13:56 - 2014-06-16 13:56 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-16 13:56 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-16 13:56 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-16 13:56 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-16 13:55 - 2014-06-16 13:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Alex\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-16 12:30 - 2014-06-16 12:32 - 00001154 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-16 12:28 - 2014-06-16 12:29 - 00284288 _____ (Mozilla) C:\Users\Alex\Downloads\Firefox Setup Stub 30.0.exe
2014-06-16 09:53 - 2014-06-16 09:53 - 00000385 _____ () C:\Windows\system32\user_gensett.xml
2014-06-16 09:53 - 2014-06-16 09:53 - 00000385 _____ () C:\Users\Alex\AppData\Roaminguser_gensett.xml
2014-06-16 09:53 - 2014-06-16 09:53 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2014-06-16 09:53 - 2014-06-16 09:53 - 00000000 ____D () C:\ProgramData\BDLogging
2014-06-16 09:53 - 2013-11-04 16:47 - 00074512 _____ (BitDefender SRL) C:\Windows\SysWOW64\bdsandboxuiskin32.dll
2014-06-16 09:53 - 2012-11-02 14:17 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2014-06-16 09:53 - 2007-04-11 11:11 - 00511328 _____ (Microsoft Corporation) C:\Windows\capicom.dll
2014-06-16 09:51 - 2014-06-18 17:11 - 00000000 ____D () C:\Program Files\Bitdefender
2014-06-16 09:51 - 2014-06-16 11:18 - 00074512 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll
2014-06-16 09:51 - 2013-11-04 16:47 - 00084848 _____ (BitDefender SRL) C:\Windows\system32\BDSandBoxUISkin.dll
2014-06-16 09:51 - 2013-11-04 16:46 - 00034384 _____ (BitDefender SRL) C:\Windows\system32\BDSandBoxUH.dll
2014-06-16 09:50 - 2014-06-16 09:50 - 07304560 _____ () C:\Users\Alex\Downloads\bitdefender_tsecurity(1).exe
2014-06-16 09:50 - 2014-06-16 09:50 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\QuickScan
2014-06-16 09:49 - 2014-06-18 17:10 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2014-06-16 09:49 - 2014-06-16 09:49 - 07304560 _____ () C:\Users\Alex\Downloads\bitdefender_tsecurity.exe
2014-06-16 00:43 - 2014-06-17 22:43 - 00000000 ____D () C:\Users\Alex\Documents\My Curse
2014-06-16 00:43 - 2014-06-16 00:44 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Curse Advertising
2014-06-16 00:43 - 2014-06-16 00:43 - 00003110 _____ () C:\Windows\System32\Tasks\{70495B33-1C5A-432C-98DA-FEB4468E8575}
2014-06-16 00:43 - 2014-06-16 00:43 - 00000000 ____D () C:\Users\Alex\AppData\Local\Apps\2.0
2014-06-16 00:42 - 2014-06-17 22:43 - 00000000 ____D () C:\Users\Alex\AppData\Local\Deployment
2014-06-16 00:42 - 2014-06-16 00:42 - 00402696 _____ () C:\Users\Alex\Downloads\setup.exe
2014-06-15 23:49 - 2014-06-15 23:49 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\LavasoftStatistics
2014-06-15 23:48 - 2014-06-15 23:48 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Lavasoft
2014-06-15 23:43 - 2014-06-15 23:43 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-06-15 23:43 - 2014-06-15 23:43 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-06-15 23:42 - 2014-06-15 23:42 - 01707144 _____ () C:\Users\Alex\Downloads\Adaware_Installer.exe
2014-06-15 21:33 - 2014-06-22 14:06 - 00390396 _____ () C:\Windows\PFRO.log
2014-06-15 19:50 - 2014-06-15 20:25 - 00000000 ____D () C:\Users\Alex\AppData\Local\._LiveCode_
2014-06-15 19:50 - 2014-06-15 19:50 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Acreon
2014-06-15 12:30 - 2014-06-15 12:30 - 02247960 _____ () C:\Users\Alex\Downloads\battlelog-web-plugins_2.4.0_141(1).exe
2014-06-15 10:11 - 2014-06-22 14:11 - 00003790 _____ () C:\Windows\setupact.log
2014-06-15 10:11 - 2014-06-15 10:11 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-14 17:05 - 2014-06-14 17:06 - 04748896 _____ (Piriform Ltd) C:\Users\Alex\Downloads\ccsetup414.exe
2014-06-14 09:38 - 2014-06-14 09:38 - 00000000 ____D () C:\Users\Alex\AppData\Local\Adobe
2014-06-11 16:50 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-11 16:50 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-11 16:50 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 16:50 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 16:50 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 16:50 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 16:50 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 16:50 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 16:50 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 16:50 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 16:50 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 16:50 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 16:50 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 16:50 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 16:50 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 16:50 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 16:50 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 16:50 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 16:50 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 16:50 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 16:50 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 16:50 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 16:50 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 16:50 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 16:50 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 16:50 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 16:50 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-11 16:50 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 16:50 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 16:50 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 16:50 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 16:50 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 16:50 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 16:50 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 16:50 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-11 16:50 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 16:50 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 16:50 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 16:50 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-11 16:50 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 16:50 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 16:50 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 16:50 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 16:50 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 16:50 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 16:50 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-11 16:50 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 16:50 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 16:50 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 16:50 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 16:50 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 16:50 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 16:50 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 16:50 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-11 16:50 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 16:50 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 16:50 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 16:50 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 16:50 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 16:50 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 16:50 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 16:50 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 16:50 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 16:50 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 16:50 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 16:50 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-10 20:00 - 2014-06-10 20:03 - 00000000 ____D () C:\Users\Alex\Documents\BFH.Beta
2014-06-10 19:48 - 2014-06-10 19:48 - 00000827 _____ () C:\Users\Public\Desktop\Battlefield Hardline Beta.lnk
2014-06-10 19:48 - 2014-06-10 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield Hardline Beta
2014-06-02 17:42 - 2014-05-30 01:07 - 01715176 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-06-02 17:42 - 2014-05-30 01:07 - 01291232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-05-29 22:16 - 2014-05-29 22:16 - 02247960 _____ () C:\Users\Alex\Downloads\battlelog-web-plugins_2.4.0_141.exe
2014-05-26 18:50 - 2014-05-20 01:10 - 00601432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-05-26 18:49 - 2014-05-20 04:44 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-05-26 18:49 - 2014-05-20 04:44 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-05-26 18:49 - 2014-05-20 04:44 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-05-26 18:49 - 2014-05-20 04:44 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-05-26 18:49 - 2014-05-20 04:44 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-05-26 18:49 - 2014-05-20 04:44 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-05-26 18:49 - 2014-05-20 04:44 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-05-26 18:49 - 2014-05-20 04:44 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-05-26 18:49 - 2014-05-20 04:44 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-05-26 18:49 - 2014-05-20 04:44 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-05-26 18:49 - 2014-05-20 04:44 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-05-26 18:49 - 2014-05-20 04:44 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-05-26 18:49 - 2014-05-20 04:44 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll
2014-05-26 18:49 - 2014-05-20 04:44 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll
2014-05-26 18:49 - 2014-05-20 04:44 - 00895776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-05-26 18:49 - 2014-05-20 04:44 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-05-26 18:49 - 2014-05-20 04:44 - 00867784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-05-26 18:49 - 2014-05-20 04:44 - 00861128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-05-26 18:49 - 2014-05-20 04:44 - 00837056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-05-26 18:49 - 2014-05-20 04:44 - 00492376 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-05-26 18:49 - 2014-05-20 04:44 - 00416712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-05-26 18:49 - 2014-05-20 04:44 - 00382240 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-05-26 18:49 - 2014-05-20 04:44 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-05-26 18:49 - 2014-05-20 04:44 - 00335704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-05-26 18:49 - 2014-05-20 04:44 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-05-26 18:49 - 2014-05-20 04:44 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-05-26 18:49 - 2014-05-20 04:44 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll

==================== One Month Modified Files and Folders =======

2014-06-22 14:16 - 2014-06-18 13:22 - 00017669 _____ () C:\Users\Alex\Desktop\FRST.txt
2014-06-22 14:16 - 2014-06-18 13:21 - 00000000 ____D () C:\FRST
2014-06-22 14:16 - 2013-11-02 16:00 - 00000000 ____D () C:\Users\Alex\AppData\Local\Temp
2014-06-22 14:14 - 2014-06-22 14:14 - 00000850 _____ () C:\Users\Alex\Desktop\JRT.txt
2014-06-22 14:11 - 2014-06-16 13:56 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-22 14:11 - 2014-06-15 10:11 - 00003790 _____ () C:\Windows\setupact.log
2014-06-22 14:11 - 2013-11-10 00:11 - 01952413 _____ () C:\Windows\WindowsUpdate.log
2014-06-22 14:11 - 2013-11-02 16:46 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-22 14:11 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-22 14:11 - 2009-07-14 06:45 - 00015632 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-22 14:11 - 2009-07-14 06:45 - 00015632 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-22 14:09 - 2014-06-22 14:09 - 00000000 ____D () C:\Windows\ERUNT
2014-06-22 14:06 - 2014-06-15 21:33 - 00390396 _____ () C:\Windows\PFRO.log
2014-06-22 14:05 - 2014-06-22 14:04 - 00000000 ____D () C:\AdwCleaner
2014-06-22 14:04 - 2013-11-02 16:54 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\TS3Client
2014-06-22 14:03 - 2009-07-14 19:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-06-22 14:03 - 2009-07-14 19:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-06-22 14:03 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-20 22:10 - 2014-01-16 17:03 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-19 00:19 - 2014-06-17 22:53 - 00000000 ____D () C:\Users\Alex\AppData\Local\Battle.net
2014-06-19 00:19 - 2014-02-12 21:35 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\MediaMonkey
2014-06-18 17:12 - 2014-06-18 17:12 - 00513892 _____ () C:\ProgramData\1403104218.bdinstall.bin
2014-06-18 17:12 - 2014-06-18 17:12 - 00002193 _____ () C:\Users\Alex\Desktop\Bitdefender Safepay.lnk
2014-06-18 17:12 - 2014-06-18 17:12 - 00002074 _____ () C:\Users\Alex\Desktop\Bitdefender Total Security.lnk
2014-06-18 17:12 - 2014-06-18 17:12 - 00000684 ____H () C:\bdr-cf01
2014-06-18 17:12 - 2014-06-18 17:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender
2014-06-18 17:12 - 2014-06-18 17:11 - 00253404 ____H () C:\bdr-ld01
2014-06-18 17:12 - 2014-06-18 17:11 - 00009216 ____H () C:\bdr-ld01.mbr
2014-06-18 17:12 - 2014-06-18 17:11 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Bitdefender
2014-06-18 17:12 - 2014-06-18 17:10 - 00000000 ____D () C:\ProgramData\Bitdefender
2014-06-18 17:11 - 2014-06-16 09:51 - 00000000 ____D () C:\Program Files\Bitdefender
2014-06-18 17:10 - 2014-06-16 09:49 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2014-06-18 17:09 - 2014-06-18 17:09 - 00062193 _____ () C:\ProgramData\1403104148.bdinstall.bin
2014-06-18 17:08 - 2014-06-18 17:08 - 00017631 _____ () C:\Users\Alex\Desktop\ComboFix.txt
2014-06-18 17:08 - 2014-06-18 17:08 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-18 17:08 - 2014-06-18 17:08 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-18 17:08 - 2014-06-18 17:08 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-18 17:08 - 2014-06-18 16:54 - 00000000 ____D () C:\Qoobox
2014-06-18 17:08 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-06-18 17:07 - 2014-06-18 16:54 - 00000000 ____D () C:\Windows\erdnt
2014-06-18 17:07 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-18 13:35 - 2014-03-09 20:19 - 00000000 ____D () C:\Windows\Minidump
2014-06-18 13:35 - 2013-11-02 21:41 - 00305487 ____N () C:\Windows\Minidump\061814-6208-01.dmp
2014-06-18 13:26 - 2013-11-02 16:00 - 00000000 ____D () C:\Users\Alex
2014-06-18 13:23 - 2014-06-18 13:22 - 00026678 _____ () C:\Users\Alex\Downloads\Addition.txt
2014-06-18 13:21 - 2014-06-18 13:21 - 02081280 _____ (Farbar) C:\Users\Alex\Desktop\FRST64.exe
2014-06-18 11:56 - 2013-11-02 18:10 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-06-18 10:33 - 2013-11-02 18:11 - 00000000 ____D () C:\Users\Alex\AppData\Local\Google
2014-06-18 10:33 - 2013-11-02 18:11 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-18 10:27 - 2014-06-18 10:27 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1403080315885
2014-06-18 10:27 - 2014-06-18 10:27 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1403080315885
2014-06-18 10:26 - 2014-06-18 10:26 - 94714880 _____ (AVAST Software) C:\Users\Alex\Downloads\avast_free_antivirus_setup_21514.exe
2014-06-17 23:22 - 2014-06-17 23:22 - 00577058 _____ () C:\Users\Alex\Downloads\Skada-1.4-17.zip
2014-06-17 22:55 - 2014-06-17 22:53 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Battle.net
2014-06-17 22:53 - 2014-06-17 22:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-06-17 22:53 - 2014-06-17 22:52 - 00000000 ____D () C:\ProgramData\Battle.net
2014-06-17 22:53 - 2014-06-17 21:22 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-06-17 22:46 - 2014-06-17 22:46 - 02907552 _____ (Blizzard Entertainment) C:\Users\Alex\Downloads\Battle.net-Setup-deDE(1).exe
2014-06-17 22:43 - 2014-06-16 00:43 - 00000000 ____D () C:\Users\Alex\Documents\My Curse
2014-06-17 22:43 - 2014-06-16 00:42 - 00000000 ____D () C:\Users\Alex\AppData\Local\Deployment
2014-06-17 22:43 - 2013-11-02 16:00 - 00000000 ___RD () C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-16 15:48 - 2014-06-16 15:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2014-06-16 15:48 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-16 15:02 - 2013-11-02 18:34 - 00000000 ___RD () C:\Users\Alex\Desktop\Favoriten
2014-06-16 14:58 - 2014-06-16 14:58 - 00000000 ____D () C:\Users\Alex\AppData\Local\Blizzard Entertainment
2014-06-16 14:03 - 2014-05-10 03:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-16 14:03 - 2013-11-02 18:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-16 14:03 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\addins
2014-06-16 13:58 - 2013-11-02 16:00 - 00000000 ____D () C:\Users\Alex\AppData\Local\VirtualStore
2014-06-16 13:56 - 2014-06-16 13:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-16 13:56 - 2014-06-16 13:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-16 13:56 - 2014-06-16 13:56 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-16 13:56 - 2014-06-16 13:55 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Alex\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-16 12:32 - 2014-06-16 12:30 - 00001154 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-16 12:32 - 2013-11-02 18:09 - 00001166 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-16 12:29 - 2014-06-16 12:28 - 00284288 _____ (Mozilla) C:\Users\Alex\Downloads\Firefox Setup Stub 30.0.exe
2014-06-16 11:18 - 2014-06-16 09:51 - 00074512 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll
2014-06-16 09:53 - 2014-06-16 09:53 - 00000385 _____ () C:\Windows\system32\user_gensett.xml
2014-06-16 09:53 - 2014-06-16 09:53 - 00000385 _____ () C:\Users\Alex\AppData\Roaminguser_gensett.xml
2014-06-16 09:53 - 2014-06-16 09:53 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2014-06-16 09:53 - 2014-06-16 09:53 - 00000000 ____D () C:\ProgramData\BDLogging
2014-06-16 09:50 - 2014-06-16 09:50 - 07304560 _____ () C:\Users\Alex\Downloads\bitdefender_tsecurity(1).exe
2014-06-16 09:50 - 2014-06-16 09:50 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\QuickScan
2014-06-16 09:49 - 2014-06-16 09:49 - 07304560 _____ () C:\Users\Alex\Downloads\bitdefender_tsecurity.exe
2014-06-16 00:44 - 2014-06-16 00:43 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Curse Advertising
2014-06-16 00:43 - 2014-06-16 00:43 - 00003110 _____ () C:\Windows\System32\Tasks\{70495B33-1C5A-432C-98DA-FEB4468E8575}
2014-06-16 00:43 - 2014-06-16 00:43 - 00000000 ____D () C:\Users\Alex\AppData\Local\Apps\2.0
2014-06-16 00:42 - 2014-06-16 00:42 - 00402696 _____ () C:\Users\Alex\Downloads\setup.exe
2014-06-15 23:49 - 2014-06-15 23:49 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\LavasoftStatistics
2014-06-15 23:48 - 2014-06-15 23:48 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Lavasoft
2014-06-15 23:43 - 2014-06-15 23:43 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-06-15 23:43 - 2014-06-15 23:43 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-06-15 23:42 - 2014-06-15 23:42 - 01707144 _____ () C:\Users\Alex\Downloads\Adaware_Installer.exe
2014-06-15 21:26 - 2013-11-02 19:18 - 00000000 ____D () C:\ProgramData\Origin
2014-06-15 20:25 - 2014-06-15 19:50 - 00000000 ____D () C:\Users\Alex\AppData\Local\._LiveCode_
2014-06-15 19:50 - 2014-06-15 19:50 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Acreon
2014-06-15 12:30 - 2014-06-15 12:30 - 02247960 _____ () C:\Users\Alex\Downloads\battlelog-web-plugins_2.4.0_141(1).exe
2014-06-15 10:11 - 2014-06-15 10:11 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-14 17:06 - 2014-06-14 17:05 - 04748896 _____ (Piriform Ltd) C:\Users\Alex\Downloads\ccsetup414.exe
2014-06-14 17:06 - 2013-11-02 19:15 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-14 09:38 - 2014-06-14 09:38 - 00000000 ____D () C:\Users\Alex\AppData\Local\Adobe
2014-06-12 19:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-11 23:20 - 2013-11-04 18:56 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-11 23:20 - 2013-11-04 18:56 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 23:19 - 2014-04-30 22:26 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-11 23:15 - 2014-01-16 17:03 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-11 23:15 - 2013-11-02 18:19 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-11 23:15 - 2013-11-02 18:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-11 15:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-10 20:03 - 2014-06-10 20:00 - 00000000 ____D () C:\Users\Alex\Documents\BFH.Beta
2014-06-10 19:48 - 2014-06-10 19:48 - 00000827 _____ () C:\Users\Public\Desktop\Battlefield Hardline Beta.lnk
2014-06-10 19:48 - 2014-06-10 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield Hardline Beta
2014-06-10 19:48 - 2013-11-02 20:44 - 00281872 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-06-10 19:48 - 2013-11-02 20:44 - 00281872 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-06-10 19:48 - 2013-11-02 20:44 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-06-08 11:13 - 2014-06-11 16:50 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 11:08 - 2014-06-11 16:50 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-02 17:42 - 2013-11-02 16:44 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-05-30 17:45 - 2013-11-02 20:45 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-05-30 12:21 - 2014-06-11 16:50 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 12:02 - 2014-06-11 16:50 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 12:02 - 2014-06-11 16:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 11:45 - 2014-06-11 16:50 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 11:39 - 2014-06-11 16:50 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 11:39 - 2014-06-11 16:50 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 11:38 - 2014-06-11 16:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 11:28 - 2014-06-11 16:50 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 11:27 - 2014-06-11 16:50 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 11:24 - 2014-06-11 16:50 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 11:21 - 2014-06-11 16:50 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 11:21 - 2014-06-11 16:50 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 11:20 - 2014-06-11 16:50 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 11:18 - 2014-06-11 16:50 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 11:11 - 2014-06-11 16:50 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 11:08 - 2014-06-11 16:50 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 11:06 - 2014-06-11 16:50 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 11:02 - 2014-06-11 16:50 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 10:55 - 2014-06-11 16:50 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:49 - 2014-06-11 16:50 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 10:46 - 2014-06-11 16:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 10:44 - 2014-06-11 16:50 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 10:44 - 2014-06-11 16:50 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 10:43 - 2014-06-11 16:50 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 10:42 - 2014-06-11 16:50 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-11 16:50 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 10:35 - 2014-06-11 16:50 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 10:34 - 2014-06-11 16:50 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 10:33 - 2014-06-11 16:50 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 10:30 - 2014-06-11 16:50 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 10:29 - 2014-06-11 16:50 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 10:28 - 2014-06-11 16:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 10:27 - 2014-06-11 16:50 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 10:24 - 2014-06-11 16:50 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 10:23 - 2014-06-11 16:50 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 10:16 - 2014-06-11 16:50 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 10:10 - 2014-06-11 16:50 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-11 16:50 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 10:04 - 2014-06-11 16:50 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 10:02 - 2014-06-11 16:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 09:56 - 2014-06-11 16:50 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 09:56 - 2014-06-11 16:50 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 09:54 - 2014-06-11 16:50 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 09:50 - 2014-06-11 16:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-11 16:50 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 09:43 - 2014-06-11 16:50 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 09:40 - 2014-06-11 16:50 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 09:30 - 2014-06-11 16:50 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 09:21 - 2014-06-11 16:50 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 09:15 - 2014-06-11 16:50 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 09:13 - 2014-06-11 16:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 09:13 - 2014-06-11 16:50 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-30 01:07 - 2014-06-02 17:42 - 01715176 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-05-30 01:07 - 2014-06-02 17:42 - 01291232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-05-30 01:07 - 2013-11-12 22:28 - 01279480 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-05-30 01:07 - 2013-11-12 22:28 - 01122312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-05-29 22:16 - 2014-05-29 22:16 - 02247960 _____ () C:\Users\Alex\Downloads\battlelog-web-plugins_2.4.0_141.exe
2014-05-26 18:50 - 2013-11-02 16:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-05-26 18:50 - 2013-11-02 16:46 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation

Some content of TEMP:
====================
C:\Users\Alex\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-18 14:50

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Der Addition.txt wurde nicht erstellt

cosinus · 22.06.2014, 20:04

Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken.

Exa · 22.06.2014, 20:19

Danke,

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-06-2014 01
Ran by Alex at 2014-06-22 21:17:56
Running from C:\Users\Alex\Desktop\Favoriten\Client\Virenschutz
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AS: Bitdefender Spyware-Schutz (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
AVG 2014 (Version: 14.0.3615 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4158 - AVG Technologies) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.2.0.2 - Electronic Arts)
Battlefield™ Hardline Beta (HKLM-x32\...\{599276A7-F45D-40B1-A0B6-CF132A1CAD49}) (Version: 1.0.0.4 - Electronic Arts)
Bitdefender Total Security (HKLM\...\Bitdefender) (Version: 17.28.0.1191 - Bitdefender)
Canon MG2100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2100_series) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Company of Heroes 2 (HKLM-x32\...\Steam App 231430) (Version:  - Relic Entertainment)
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Dead Island: Epidemic (HKLM-x32\...\Steam App 222900) (Version:  - Stunlock Studios)
Free YouTube to MP3 Converter version 3.12.17.1125 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.17.1125 - DVDVideoSoft Ltd.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel(R) Network Connections 18.5.54.0 (HKLM\...\PROSetDX) (Version: 18.5.54.0 - Intel)
Intel(R) Network Connections 18.5.54.0 (Version: 18.5.54.0 - Intel) Hidden
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 8.50 (HKLM\...\Logitech Gaming Software) (Version: 8.50.281 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSI Afterburner 2.3.1 (HKLM-x32\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD)
NVIDIA 3D Vision Controller-Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden
NVIDIA Update 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.3.10.4710 - Electronic Arts, Inc.)
PCGH-Skyrim-Tuner Version 2.1 (HKLM-x32\...\{B9A49BF6-3990-4E23-8DB2-6BCED39FAA0C}_is1) (Version: 2.1 - PCGH)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.3.0 - Samsung Electronics)
SHIELD Streaming (Version: 2.1.214 - NVIDIA Corporation) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Titanfall™ (HKLM-x32\...\{347EE0C3-0690-48F6-A231-53853C2A80D6}) (Version: 1.0.3.6 - Electronic Arts)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
XFastUSB (HKLM-x32\...\XFastUSB) (Version: 3.02.31 - ASRock Inc.)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-06-18 17:07 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {089AFA84-80BE-4CAD-8972-99413A956EDD} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {11F70035-2EC7-42E7-8569-611D2DCADAC0} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {8BDA4746-EC05-4C1E-8AF2-4F0822864030} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-11] (Adobe Systems Incorporated)
Task: {F9B9B4C4-83D1-4E08-B671-4A386784595A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-06-18 17:11 - 2013-06-19 12:45 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender\txmlutil.dll
2014-06-18 17:11 - 2014-05-26 19:03 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\accessl.ui
2014-06-18 17:11 - 2011-11-14 20:17 - 00153680 _____ () C:\Program Files\Bitdefender\Bitdefender\bdfwcore.dll
2014-06-18 17:11 - 2014-05-26 19:03 - 00005120 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\IMSecurityAL.ui
2014-06-18 17:18 - 2014-06-18 17:18 - 00780592 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00046_002\ashttpbr.mdl
2014-06-18 17:18 - 2014-06-18 17:18 - 00568400 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00046_002\ashttpdsp.mdl
2014-06-18 17:18 - 2014-06-18 17:18 - 02599584 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00046_002\ashttpph.mdl
2014-06-18 17:18 - 2014-06-18 17:18 - 01322896 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00046_002\ashttprbl.mdl
2013-11-02 20:44 - 2014-06-10 19:48 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-06-18 17:11 - 2013-03-25 16:16 - 01117920 _____ () C:\Program Files\Bitdefender\Bitdefender SafeBox\System.Data.SQLite.dll
2013-11-02 16:46 - 2014-05-20 03:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-03-13 16:45 - 2014-03-13 16:45 - 00173568 _____ () C:\Program Files\TeamSpeak 3 Client\quazip.dll
2014-03-13 16:45 - 2014-03-13 16:45 - 01080832 _____ () C:\Program Files\TeamSpeak 3 Client\platforms\qwindows.dll
2014-03-13 16:45 - 2014-03-13 16:45 - 00833024 _____ () C:\Program Files\TeamSpeak 3 Client\sqldrivers\qsqlite.dll
2013-10-23 14:15 - 2014-03-13 16:45 - 00102344 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\directsound_win64.dll
2013-10-23 14:15 - 2014-03-13 16:45 - 00108488 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll
2014-03-13 16:45 - 2014-03-13 16:45 - 00030208 _____ () C:\Program Files\TeamSpeak 3 Client\imageformats\qgif.dll
2014-03-13 16:45 - 2014-03-13 16:45 - 00233984 _____ () C:\Program Files\TeamSpeak 3 Client\imageformats\qjpeg.dll
2013-10-23 14:15 - 2014-03-13 16:45 - 00563656 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
2013-10-23 14:15 - 2014-03-13 16:45 - 00577480 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll
2013-10-23 14:15 - 2014-03-13 16:45 - 00041928 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\ts3g15.dll
2014-06-18 17:11 - 2014-03-15 01:05 - 00204280 _____ () C:\Program Files\Bitdefender\Bitdefender\antispam32\txmlutil.dll
2013-11-02 16:47 - 2013-03-12 14:19 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-05-10 03:11 - 2014-06-06 06:38 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-06-18 17:11 - 2014-03-15 01:10 - 00035896 _____ () C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman\components\ffpwdman.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Alex\Downloads\Battle.net-Setup-deDE(1).exe:BDU
AlternateDataStreams: C:\Users\Alex\Downloads\Firefox Setup Stub 30.0.exe:BDU
AlternateDataStreams: C:\Users\Alex\Downloads\mbam-setup-2.0.2.1012.exe:BDU

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupreg: AVG_UI => "F:\AVG\avgui.exe" /TRAYONLY
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (06/22/2014 02:34:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AVG WatchDog" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (06/22/2014 02:17:20 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-06-18 17:07:11.168
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-18 17:07:11.121
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 27%
Total physical RAM: 8111.46 MB
Available physical RAM: 5921.02 MB
Total Pagefile: 16621.09 MB
Available Pagefile: 14174.51 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (SSD) (Fixed) (Total:232.79 GB) (Free:199.86 GB) NTFS
Drive d: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HDD) (Fixed) (Total:931.41 GB) (Free:701.15 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: E26C8224)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 8EEE2030)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

==================== End Of Log ============================

cosinus · 23.06.2014, 08:36

Okay, dann Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Exa · 23.06.2014, 22:52

Hallo,

hier schonma der MBAM log.

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 23.06.2014
Suchlauf-Zeit: 18:06:42
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.06.23.10
Rootkit Datenbank: v2014.06.20.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Alex

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 279948
Verstrichene Zeit: 3 Min, 50 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)

Noch ne Frage ist es normal das ESET erst direkt auf 16% springt und danach 20 min für jedes weitere % braucht?

Nach 6 Std endlich fertig

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=75ecaee8a8d56541bf95a80c01495556
# engine=18840
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-23 04:15:11
# local_time=2014-06-23 06:15:11 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Bitdefender Antivirus'
# compatibility_mode=2063 16777213 66 100 2078 107385420 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 19732504 155169961 0 0
# scanned=6635
# found=0
# cleaned=0
# scan_time=75
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=75ecaee8a8d56541bf95a80c01495556
# engine=18840
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-23 09:41:35
# local_time=2014-06-23 11:41:35 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Bitdefender Antivirus'
# compatibility_mode=2063 16777213 66 100 21662 107405004 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 19748488 155189545 0 0
# scanned=164130
# found=1
# cleaned=0
# scan_time=19526
sh=E555FA41A295C6F640CAB5D5428EBE581C84E576 ft=1 fh=5af65d404a6e6ffd vn="Win64/PSW.Agent.E Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Alex\AppData\Local\Temp\Dw64.dll.vir"

cosinus · 24.06.2014, 07:18

TFC - Temp File Cleaner

Lade dir

TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.

Öffne die TFC.exe.
Vista und Win 7 User mit Rechtsklick "als Administrator starten".
Schließe alle anderen Programme.
Drücke auf den Button Start.
Falls du zu einem Neustart aufgefordert wirst, bestätige diesen.

Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ist aber nur optional. Um Usertracking zu verhindern kann man gut die Firefox-Erweiterung Ghostery verwenden.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Exa · 24.06.2014, 09:43

Ok super,

Den virus soll ich in der Quarantäne belassen oder kann ich den löschen?

Danke schonma für deine hilfe

cosinus · 24.06.2014, 10:11

Überleg doch mal was eine Quarantäne ist. Ob da die schädliche Datei drinbleibt oder nicht, das hat keine Auswirkungen. Schädlinge in der Quarantäne können nichts mehr anrichten, sie sind dort isoliert. Du solltest grundsätzlich mit der Quarantäne arbeiten, denn falls der Virenscanner durch einen Fehlalarm was wichtiges löscht, kannst Du notfalls noch über die Quarantäne an die Datei ran.

Dann wären wir durch!

Falls du noch Lob oder Kritik loswerden möchtest => Lob, Kritik und Wünsche - Trojaner-Board

Die Programme, die hier zum Einsatz kamen, können alle deinstalliert werden. Es empfiehlt sich Malwarebytes Anti-Malware zu behalten und damit wöchentlich nach Malware zu scannen.

Helfen kann dir dabei delfix:

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Bitte abschließend noch die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

Exa · 24.06.2014, 17:58

Alles klar vielen dank!

Eine sache noch ist es normal das Bitdefender Delfix als schädling ansieht?

cosinus · 24.06.2014, 20:10

Das ist ein Fehlalarm. Du solltest nicht alles für bare Münze nehmen was der Virenscanner meldet.

22.06.2014, 20:04	#17
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Angeblicher Keylogger/Rootkit: Doctor2 rundll32.exe Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken. __________________ __________________

24.06.2014, 20:10	#25
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Angeblicher Keylogger/Rootkit: Doctor2 rundll32.exe Das ist ein Fehlalarm. Du solltest nicht alles für bare Münze nehmen was der Virenscanner meldet. __________________ Logfiles bitte immer in CODE-Tags posten

Angeblicher Keylogger/Rootkit: Doctor2 rundll32.exe

Log-Analyse und Auswertung: Angeblicher Keylogger/Rootkit: Doctor2 rundll32.exe