| |
| |||||||
Log-Analyse und Auswertung: DHL-Trojaner im GMX-Postfach aktiviertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
09.05.2015, 21:29
| #1 |
 |  DHL-Trojaner im GMX-Postfach aktiviert Liebes Trojaner-Board-Team, vor ein paar Tagen habe ich auf eine Viren-Mail, die sich als DHL-Absender ausgab, geklickt und daraufhin ca. ein Dutzend Mails in meinem Postfach vom "Mailer Demon" mit einer Failure-Message erhalten. Von GMX wurde mir nahegelegt, mein Passwort zu ändern, was ich getan habe. Heute wurde ich erneut zum Passwort-Wechsel aufgefordert, woraus ich schließe, dass ich trotz Virenscans mit Malwarebytes Antimalware sowie euren Programmen das Virus immer noch habe. Mein Kaspersky Internet Security hat übrigens keinen Alarm geschlagen, einen Komplettscan meines Systems habe ich damit allerdings noch nicht durchgeführt. Ich bitte euch um Hilfe, dankeschön!  Viele Grüße Estella --- Hier die Scan-Ergebnisse: Malwarebytes hat nichts gefunden, da ich die Datei nur als xml-Datei habe, kann ich sie hier nicht per Copy&Paste einfügen. FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-05-2015 01
Ran by ****** (administrator) on CENTAURI on 06-05-2015 19:36:35
Running from C:\Users\******\Downloads
Loaded Profiles: ****** (Available profiles: ****** & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\mkrmsg.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Dropbox, Inc.) C:\Users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Farbar) C:\Users\******\Downloads\FRST64 - Version Mai 2015.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2011-03-29] (Lenovo.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [310912 2011-04-26] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [40808 2011-05-31] (Lenovo Group Limited)
HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281960 2011-05-25] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63832 2014-03-14] (Lenovo)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-11-15] (Synaptics Incorporated)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-24] (CANON INC.)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-02-14] (DivX, LLC)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [309184 2012-03-28] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [ACWLIcon] => C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe [199000 2014-03-14] (Lenovo)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2010-03-02] (CANON INC.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2617601996-74598242-3223451816-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
HKU\S-1-5-21-2617601996-74598242-3223451816-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-11-07] (Google Inc.)
HKU\S-1-5-21-2617601996-74598242-3223451816-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [1128000 2014-06-03] (BillP Studios)
HKU\S-1-5-21-2617601996-74598242-3223451816-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ELECTR~1.SCR
HKU\S-1-5-18\...\RunOnce: [osk.exe] => C:\Windows\system32\osk.exe [692736 2014-06-18] (Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-04-25]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-04-10]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-06-28]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2012-02-02]
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-12-19]
ShortcutTarget: Dropbox.lnk -> C:\Users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2617601996-74598242-3223451816-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2617601996-74598242-3223451816-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2617601996-74598242-3223451816-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
HKU\S-1-5-21-2617601996-74598242-3223451816-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\S-1-5-21-2617601996-74598242-3223451816-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deDE465
SearchScopes: HKU\S-1-5-21-2617601996-74598242-3223451816-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deDE465
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-01-01] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-04-17] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-04-17] (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: FGCatchUrl -> {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} -> C:\Program Files (x86)\FlashGet\jccatch.dll [2007-08-06] (www.flashget.com)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-07-22] (RealPlayer)
BHO-x32: No Name -> {53707962-6F74-2D53-2644-206D7942484F} -> No File
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-01-01] (Kaspersky Lab ZAO)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-07-05] (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: FlashGet GetFlash Class -> {F156768E-81EF-470C-9057-481BA8380DBA} -> C:\Program Files (x86)\FlashGet\getflash.dll [2007-05-18] (www.flashget.com)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
Toolbar: HKU\S-1-5-21-2617601996-74598242-3223451816-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 136.199.8.101 136.199.8.129
FireFox:
========
FF ProfilePath: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\z93s0nb2.default
FF Homepage: hxxp://www.wetter.com/wetter_aktuell/aktuelles_wetter/deutschland/trier/DE0010618.html
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-17] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2013-09-17] (DivX, LLC.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2011-12-14] (Tracker Software Products Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-04-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-04-17] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-17] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-14] (CANON INC.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2013-09-17] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-02-18] (DivX, LLC)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2011-12-14] (Tracker Software Products Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll [2012-07-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll [2012-07-05] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2015-01-01] ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2015-01-01] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-01-01] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.5.109 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2012-07-22] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.5.109 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll [2012-07-22] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.5.109 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-07-22] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.5.109 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-07-22] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.5.109 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2012-07-22] (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2617601996-74598242-3223451816-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\******\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-03-13] (Unity Technologies ApS)
FF user.js: detected! => C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\z93s0nb2.default\user.js [2015-04-17]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2012-03-28] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll [2012-07-22] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-10-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-10-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-10-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-10-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-10-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll [2012-07-22] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2012-07-22] (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll [2012-03-19] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2012-03-28] (Citrix Systems, Inc.)
FF Extension: Avira Browser Safety - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\z93s0nb2.default\Extensions\abs@avira.com [2015-04-27]
FF Extension: WOT - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\z93s0nb2.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-06-28]
FF Extension: Block site - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\z93s0nb2.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2013-12-22]
FF Extension: FoxLingo - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\z93s0nb2.default\Extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66} [2012-11-11]
FF Extension: anonymoX - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\z93s0nb2.default\Extensions\client@anonymox.net.xpi [2013-11-22]
FF Extension: Ghostery - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\z93s0nb2.default\Extensions\firefox@ghostery.com.xpi [2014-08-30]
FF Extension: ProxTube - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\z93s0nb2.default\Extensions\ich@maltegoetz.de.xpi [2014-09-12]
FF Extension: Auto Shutdown NG - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\z93s0nb2.default\Extensions\jid0-HZ5UvAEiWWAxT9TKLuhEgUCARqo@jetpack.xpi [2012-02-23]
FF Extension: Lieferheld - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\z93s0nb2.default\Extensions\lieferheld@extensions.partneraddons.de.xpi [2012-02-25]
FF Extension: Adblock Plus - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\z93s0nb2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-01-05]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-04-21]
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox
FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox [2012-01-06]
FF HKLM-x32\...\Firefox\Extensions: [{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-07-22]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2015-01-01]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-01-01]
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2015-01-01]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2015-01-01]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2015-01-01]
FF HKU\S-1-5-21-2617601996-74598242-3223451816-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
Chrome:
=======
CHR StartupUrls: Default -> "https://login.my-wire.de/index.php"
CHR Profile: C:\Users\******\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Kaspersky Protection) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-01-01]
CHR Extension: (Avira Browser Safety) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-17]
CHR Extension: (Bookmark Manager) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2012-07-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-26]
CHR Extension: (Google Wallet) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-17]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-07-22]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-10]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-07-11] (SUPERAntiSpyware.com) [File not signed]
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [74752 2011-12-30] (Freemake) [File not signed]
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [8704 2011-12-30] (Microsoft) [File not signed]
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP2a\RpcAgentSrv.exe [72344 2008-05-19] (SiSoftware) [File not signed]
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24120 2014-02-21] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe" [X]
S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [X]
S2 ZAPrivacyService; "C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-04] (Disc Soft Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2015-01-01] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2015-01-01] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2013-11-15] (Synaptics Incorporated)
S3 ALSysIO; \??\C:\Users\******\AppData\Local\Temp\ALSysIO64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-06 19:37 - 2015-05-06 19:37 - 00380416 _____ () C:\Users\******\Downloads\Gmer-19357 - Version Mai 2015.exe
2015-05-06 19:36 - 2015-05-06 19:36 - 02102272 _____ (Farbar) C:\Users\******\Downloads\FRST64 - Version Mai 2015.exe
2015-05-06 19:35 - 2015-05-06 19:35 - 00000544 _____ () C:\Users\******\Downloads\defogger_disable.log
2015-05-06 19:35 - 2015-05-06 19:35 - 00000168 _____ () C:\Users\******\defogger_reenable
2015-05-06 19:34 - 2015-05-06 19:34 - 00050477 _____ () C:\Users\******\Downloads\Defogger - Version Mai 2015.exe
2015-04-21 16:10 - 2015-04-21 16:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-17 12:07 - 2015-04-17 12:06 - 00320424 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-04-17 12:06 - 2015-04-17 12:06 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-04-17 12:06 - 2015-04-17 12:06 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-04-17 12:06 - 2015-04-17 12:06 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-04-17 12:06 - 2015-04-17 12:06 - 00000000 ____D () C:\Program Files\Java
2015-04-15 07:02 - 2015-04-15 07:32 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
2015-04-15 07:02 - 2015-04-15 07:02 - 00003364 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask-Delay
2015-04-14 19:25 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-14 19:25 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-14 19:25 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-14 19:25 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-14 19:25 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-14 19:25 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-14 19:25 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-14 19:25 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-14 19:25 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-14 19:25 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-14 19:25 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-14 19:25 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-14 19:25 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-14 19:25 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-14 19:25 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-14 19:25 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-14 19:25 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-14 19:24 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-14 19:24 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-14 19:24 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-14 19:24 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-14 19:24 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-14 19:24 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-14 19:24 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-14 19:24 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-14 19:24 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-14 19:24 - 2015-03-17 07:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-14 19:24 - 2015-03-17 07:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-14 19:24 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-14 19:24 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-14 19:24 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-14 19:24 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-14 19:24 - 2015-03-17 07:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-14 19:24 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-14 19:24 - 2015-03-17 07:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-14 19:24 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-14 19:24 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-14 19:24 - 2015-03-17 07:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-14 19:24 - 2015-03-17 07:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-14 19:24 - 2015-03-17 07:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-14 19:24 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-14 19:24 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-14 19:24 - 2015-03-17 07:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-14 19:24 - 2015-03-17 07:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-14 19:24 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-14 19:24 - 2015-03-17 07:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-14 19:24 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-14 19:24 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-14 19:24 - 2015-03-17 07:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-14 19:24 - 2015-03-17 07:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-14 19:24 - 2015-03-17 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-14 19:24 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-14 19:24 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-14 19:24 - 2015-03-17 07:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-14 19:24 - 2015-03-17 07:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-14 19:24 - 2015-03-17 07:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-14 19:24 - 2015-03-17 07:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-14 19:24 - 2015-03-17 07:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-14 19:24 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-14 19:24 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-14 19:24 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-14 19:24 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 19:24 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 19:24 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 19:24 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 19:24 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 19:24 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 19:24 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 19:24 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 19:24 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 19:24 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 19:24 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 19:24 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 19:24 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 19:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 19:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-14 19:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-14 19:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 19:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-14 19:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 19:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 19:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 19:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 19:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 19:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 19:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 19:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-14 19:24 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-14 19:24 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-14 19:24 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-14 19:24 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-14 19:24 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-14 19:24 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-14 19:24 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-14 19:24 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-14 19:24 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-14 19:24 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-14 19:24 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-14 19:24 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-14 19:24 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-14 19:24 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-14 19:24 - 2015-03-17 06:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-14 19:24 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-14 19:24 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-14 19:24 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-14 19:24 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-14 19:24 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-14 19:24 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-14 19:24 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-14 19:24 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-14 19:24 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-14 19:24 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 19:24 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 19:24 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 19:24 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 19:24 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 19:24 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 19:24 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 19:24 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 19:24 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 19:24 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 19:24 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 19:24 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 19:24 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-14 19:24 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 19:24 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 19:24 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-14 19:24 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 19:24 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 19:24 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 19:24 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 19:24 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 19:24 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 19:24 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-14 19:24 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-14 19:24 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-14 19:24 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-14 19:24 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 19:24 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 19:24 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-14 19:24 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-14 19:24 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-14 19:24 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-14 19:24 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-14 19:24 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-14 19:24 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-14 19:22 - 2015-04-02 02:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-14 19:22 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-14 19:22 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-14 19:22 - 2015-03-13 06:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-14 19:22 - 2015-03-13 06:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-14 19:22 - 2015-03-13 06:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-14 19:22 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-14 19:22 - 2015-03-13 06:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-14 19:22 - 2015-03-13 06:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-14 19:22 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-14 19:22 - 2015-03-13 06:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-14 19:22 - 2015-03-13 06:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-14 19:22 - 2015-03-13 05:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-14 19:22 - 2015-03-13 05:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-14 19:22 - 2015-03-13 05:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-14 19:22 - 2015-03-13 05:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-14 19:22 - 2015-03-13 05:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-14 19:22 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-14 19:22 - 2015-03-13 05:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-14 19:22 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-14 19:22 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-14 19:22 - 2015-03-13 05:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-14 19:22 - 2015-03-13 05:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-14 19:22 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-14 19:22 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-14 19:22 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-14 19:22 - 2015-03-13 05:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-14 19:22 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-14 19:22 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-14 19:22 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-14 19:22 - 2015-03-13 05:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-14 19:22 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-14 19:22 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-14 19:22 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-14 19:22 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-14 19:22 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-14 19:22 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-14 19:22 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-14 19:22 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-14 19:22 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-14 19:22 - 2015-03-13 05:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-14 19:22 - 2015-03-13 05:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-14 19:22 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-14 19:22 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-14 19:22 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-14 19:22 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-14 19:22 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-14 19:22 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-14 19:22 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-14 19:22 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-14 19:22 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-14 19:22 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-14 19:22 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-14 19:22 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-14 19:22 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-14 19:22 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-14 19:22 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-14 19:22 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-14 19:21 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-14 19:21 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-14 19:21 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-13 01:33 - 2015-04-13 01:33 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-04-13 01:33 - 2015-04-13 01:33 - 00002058 _____ () C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-04-13 00:19 - 2015-04-13 06:31 - 00000000 ____D () C:\Users\******\Documents\Happ-Mail
2015-04-09 22:21 - 2015-04-15 03:48 - 00000000 ____D () C:\Users\******\Documents\Verhaltensgenetik Laborpraktikum
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-06 19:38 - 2014-06-26 18:54 - 00037693 _____ () C:\Users\******\Downloads\FRST.txt
2015-05-06 19:37 - 2014-06-22 23:11 - 00000000 ____D () C:\FRST
2015-05-06 19:35 - 2012-01-05 19:49 - 00000000 ____D () C:\Users\******
2015-05-06 18:57 - 2015-01-01 23:44 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-05-06 18:52 - 2011-11-07 17:00 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-06 18:49 - 2014-06-29 17:25 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-06 18:40 - 2012-04-02 10:53 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-06 12:25 - 2012-01-05 19:50 - 00003494 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2015-05-06 12:25 - 2012-01-05 19:50 - 00003448 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2015-05-06 12:25 - 2012-01-05 19:50 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2015-05-06 12:25 - 2011-11-07 17:00 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-05 15:34 - 2011-11-07 16:28 - 01622080 _____ () C:\Windows\WindowsUpdate.log
2015-05-04 19:43 - 2012-01-06 17:59 - 00000000 ___RD () C:\Users\******\Dropbox
2015-05-04 09:04 - 2012-01-05 20:05 - 00000000 ____D () C:\Users\******\AppData\Roaming\Adobe
2015-05-02 10:37 - 2009-07-14 06:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-02 10:37 - 2009-07-14 06:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-30 13:21 - 2012-01-06 17:58 - 00000000 ____D () C:\Users\******\AppData\Roaming\Dropbox
2015-04-30 13:17 - 2014-08-18 12:27 - 00009228 _____ () C:\Windows\setupact.log
2015-04-30 13:17 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-30 11:36 - 2014-08-17 21:54 - 00002186 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-27 09:06 - 2012-01-06 17:59 - 00001032 _____ () C:\Users\******\Desktop\Dropbox.lnk
2015-04-27 09:06 - 2012-01-06 17:58 - 00000000 ____D () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-27 08:59 - 2012-05-04 16:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-24 15:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-24 14:42 - 2014-06-28 21:10 - 00032213 _____ () C:\Windows\SecuniaPackage.log
2015-04-24 14:42 - 2013-10-20 21:35 - 00001005 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-04-20 10:45 - 2012-01-05 19:50 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2015-04-20 10:42 - 2010-11-21 05:47 - 00930534 _____ () C:\Windows\PFRO.log
2015-04-19 13:48 - 2011-11-08 00:59 - 00000000 ____D () C:\ProgramData\Lenovo
2015-04-17 16:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-17 14:48 - 2014-07-09 21:45 - 00000000 ____D () C:\Users\******\AppData\Local\Adobe
2015-04-17 14:47 - 2013-12-12 00:06 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-17 14:47 - 2012-04-02 10:53 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-17 14:47 - 2012-01-06 15:56 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-16 22:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-04-15 07:01 - 2012-01-05 19:50 - 00004234 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2015-04-15 03:52 - 2014-12-11 04:32 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 03:52 - 2014-05-07 03:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 03:52 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-15 03:33 - 2012-05-15 01:04 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-15 03:23 - 2012-01-06 19:17 - 00000000 ____D () C:\ProgramData\Skype
2015-04-15 03:22 - 2012-01-06 19:17 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-15 03:20 - 2013-07-23 02:05 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 03:08 - 2012-07-13 14:18 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-15 03:08 - 2009-07-14 04:34 - 00000569 _____ () C:\Windows\win.ini
2015-04-13 01:34 - 2014-12-26 23:56 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-04-13 01:33 - 2012-01-06 17:33 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-04-13 01:33 - 2011-11-07 16:51 - 00000000 ____D () C:\ProgramData\Adobe
2015-04-13 01:13 - 2011-11-08 01:09 - 06771244 _____ () C:\Windows\system32\perfh007.dat
2015-04-13 01:13 - 2011-11-08 01:09 - 02129642 _____ () C:\Windows\system32\perfc007.dat
2015-04-13 01:13 - 2009-07-14 07:13 - 00006528 _____ () C:\Windows\system32\PerfStringBackup.INI
==================== Files in the root of some directories =======
2014-06-05 15:20 - 2014-08-27 00:54 - 14282752 _____ () C:\Users\******\AppData\Roaming\Sandra.mdb
Some content of TEMP:
====================
C:\Users\Gast\AppData\Local\Temp\avgnt.exe
C:\Users\******\AppData\Local\Temp\avgnt.exe
C:\Users\******\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpm_jsyb.dll
C:\Users\******\AppData\Local\Temp\MSETUP4.EXE
C:\Users\******\AppData\Local\Temp\Quarantine.exe
C:\Users\******\AppData\Local\Temp\SkypeSetup.exe
C:\Users\******\AppData\Local\Temp\{B22560DE-663A-4F59-92F7-D1A1D4887B64}-41.0.2272.101_chrome_installer.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-04 09:35
==================== End Of Log ============================
|
| Themen zu DHL-Trojaner im GMX-Postfach aktiviert |
| adobe, avg, avira, bonjour, browser, chromium, combofix, defender, desktop, ebanking, firefox, flash player, google, home, homepage, internet, kaspersky, mozilla, registry, rundll, security, services.exe, software, svchost.exe, temp, tracker, virus, windows, ändern |
Baum-Darstellung