Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Zip- Datei in Spam-mail geöffnet

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 08.10.2013, 14:36   #1
vetti
 
Zip- Datei in Spam-mail geöffnet - Standard

Zip- Datei in Spam-mail geöffnet



Hallo ihr Lieben ,
dummerweise habe ich heut( vor ca. einer Stunde -und dafür könnt ich mich schlagen- auf eine Spam-mail mit einer Zip-Datei im Anhang reagiert, in der ich nach einer Zahlungsaufforderung gemahnt wurde. Ich frage mich jetzt noch wieso,wo ich doch weiß, dass das alles Schabernack ist, was betrieben wird. Naja jetzt ist es jedenfalls zu spät. Ich wollte diese Zip- Datei öffnen , aber nichts ist passiert. Weder hat sich was entpackt noch habe ich in dieser zip eine Datei gesehen, die ich hätte öffnen können. Einzig und allein beim Öffnen der Zip öffnete sich auch für etwa ein Sekunde ein schwarzes Fenster, was gleich wieder weg war.
Ich habe jetzt Angst, dass ich spioniert werde, oder ich Vieren eingefangen habe. Da ich keine Ahnung von Computern habe, wollte ich euch um Hilfe bitten.
Ist da jetzt was im Hintergrund passiert obwohl ich nichts gesehen habe ?
Was kann ich jetzt tun?
Mein Comupter läuft wie gewohnt.
Viele Grüße

Alt 08.10.2013, 15:08   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Zip- Datei in Spam-mail geöffnet - Standard

Zip- Datei in Spam-mail geöffnet



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!




Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 08.10.2013, 16:30   #3
vetti
 
Zip- Datei in Spam-mail geöffnet - Standard

Zip- Datei in Spam-mail geöffnet



Also ich haben nebenbei ein Virenscanner laufen lassen , welcher geradet beendet hat.
Und er hat den Trojaner erkannt . Er wird Win32/Matsnu.L benannt.
:/
Ich hätte nur ein Bitte ..kannst du mir verständlich erklären was ich jetzt tun soll?
Ich hab keine Ahnung von der Materie^^
Danke das wäre voll Lieb.

Und mein Windows defender meinte dass er erfolgreich alles entfernen konnte. Kann ich dem trauen?
__________________

Alt 09.10.2013, 00:54   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Zip- Datei in Spam-mail geöffnet - Standard

Zip- Datei in Spam-mail geöffnet



Es wurde alles beschrieben und verlinkt. Wenn du Probleme bei etwas hast musst du dich schon präziser ausdrücken, sonst kann ich werde ich dir nicht weiter helfen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 09.10.2013, 10:38   #5
vetti
 
Zip- Datei in Spam-mail geöffnet - Standard

Zip- Datei in Spam-mail geöffnet



Ich habe das gestern noch gescannt wie du gesagt hast...das ist enorm viel, finde ich soll ich alles posten aus FRST.txt und Addition.txt?

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Vetti1204 (administrator) on VETTI on 08-10-2013 18:24:11
Running from C:\Users\Vetti1204\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(Dassault Systèmes) C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Intel Corporation) C:\Windows\system32\hkcmd.exe
(Intel Corporation) C:\Windows\system32\igfxtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
() C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(Intel Corporation) C:\Windows\system32\igfxpers.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

==================== Registry (Whitelisted) ==================

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Adobe Reader Synchronizer] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe [1272704 2013-09-03] (Adobe Systems Incorporated)
HKCU\...\Run: [SkyDrive] - C:\Users\Vetti1204\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-08-28] (Microsoft Corporation)
HKCU\...\Runonce: [Uninstall C:\Users\Vetti1204\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Vetti1204\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office 2010\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
AppInit_DLLs:   [958576 2013-04-04] ()
AppInit_DLLs-x32:   [ ] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=ST320LT012-9WS14C_S0V0XKJYXXXXS0V0XKJY&ts=1380899831
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=ST320LT012-9WS14C_S0V0XKJYXXXXS0V0XKJY&ts=1380899831
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=ST320LT012-9WS14C_S0V0XKJYXXXXS0V0XKJY&ts=1380899831
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=ST320LT012-9WS14C_S0V0XKJYXXXXS0V0XKJY&ts=1380899831
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=ST320LT012-9WS14C_S0V0XKJYXXXXS0V0XKJY&ts=1380899831
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=ST320LT012-9WS14C_S0V0XKJYXXXXS0V0XKJY&ts=1380899831
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=ST320LT012-9WS14C_S0V0XKJYXXXXS0V0XKJY&ts=1380899831&type=default&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=ST320LT012-9WS14C_S0V0XKJYXXXXS0V0XKJY&ts=1380899831&type=default&q={searchTerms}
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=ST320LT012-9WS14C_S0V0XKJYXXXXS0V0XKJY&ts=1380899831&type=default&q={searchTerms}
SearchScopes: HKCU - URL hxxp://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss_Btisdt7&mntrId=B8AADE85DE56CACC&affID=125035&tsp=5025
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=B8AADE85DE56CACC&affID=120524&tsp=5025
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=ST320LT012-9WS14C_S0V0XKJYXXXXS0V0XKJY&ts=1380899831&type=default&q={searchTerms}
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office 2010\Office14\URLREDIR.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Vetti1204\AppData\Roaming\Mozilla\Firefox\Profiles\3jtkfm5r.default
FF user.js: detected! => C:\Users\Vetti1204\AppData\Roaming\Mozilla\Firefox\Profiles\3jtkfm5r.default\user.js
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 - C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll ( )
FF SearchPlugin: C:\Users\Vetti1204\AppData\Roaming\Mozilla\Firefox\Profiles\3jtkfm5r.default\searchplugins\amazon.xml
FF SearchPlugin: C:\Users\Vetti1204\AppData\Roaming\Mozilla\Firefox\Profiles\3jtkfm5r.default\searchplugins\searchgol.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\qvo6.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: LyricXeeker - C:\Users\Vetti1204\AppData\Roaming\Mozilla\Firefox\Profiles\3jtkfm5r.default\Extensions\128
FF Extension: 7go - C:\Users\Vetti1204\AppData\Roaming\Mozilla\Firefox\Profiles\3jtkfm5r.default\Extensions\7go@7go.com.xpi
FF Extension: abb - C:\Users\Vetti1204\AppData\Roaming\Mozilla\Firefox\Profiles\3jtkfm5r.default\Extensions\abb@amazon.com.xpi
FF Extension: pricepeep - C:\Users\Vetti1204\AppData\Roaming\Mozilla\Firefox\Profiles\3jtkfm5r.default\Extensions\pricepeep@getpricepeep.com.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKCU\...\Firefox\Extensions: [lyrix@lyrixeeker.co] - C:\Program Files (x86)\LyriXeeker\128.xpi
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=ST320LT012-9WS14C_S0V0XKJYXXXXS0V0XKJY&ts=1380899831

Chrome: 
=======
CHR Extension: () - C:\Users\VETTI1~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjajpkikblccgefaibcafkfbanllpefi\1.0.0.2
CHR HKLM-x32\...\Chrome\Extension: [epojlgbehpaeekopencdagbdamnkppci] - C:\Program Files (x86)\LyriXeeker\128.crx
CHR HKLM-x32\...\Chrome\Extension: [gjajpkikblccgefaibcafkfbanllpefi] - C:\Users\Vetti1204\AppData\Roaming\7go\7go.crx
CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - \User Data\Default\Extensions\newtab.crx

==================== Services (Whitelisted) =================

R3 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 DraftSight API Service; C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [123392 2013-08-30] (Dassault Systèmes)
R3 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R3 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office 2010\Office14\GROOVE.EXE [30785672 2012-09-20] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
S2 vToolbarUpdater15.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [x]

==================== Drivers (Whitelisted) ====================

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-01-16] (ASUS Corporation)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6835784 2013-05-31] (Broadcom Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
U0 msahci; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-08 18:16 - 2013-10-08 18:17 - 00023286 _____ C:\Users\Vetti1204\Downloads\Addition.txt
2013-10-08 18:13 - 2013-10-08 18:13 - 01954124 _____ (Farbar) C:\Users\Vetti1204\Downloads\FRST64.exe
2013-10-08 18:13 - 2013-10-08 18:13 - 00000000 ____D C:\FRST
2013-10-08 18:12 - 2013-10-08 18:12 - 01087213 _____ (Farbar) C:\Users\Vetti1204\Downloads\FRST(1).exe
2013-10-08 18:01 - 2013-10-08 18:01 - 01087213 _____ (Farbar) C:\Users\Vetti1204\Downloads\FRST.exe
2013-10-08 16:39 - 2013-10-08 16:41 - 51187712 _____ C:\Users\Vetti1204\Downloads\wz175-32gev.msi
2013-10-06 12:45 - 2013-10-06 12:53 - 00006014 _____ C:\Windows\PFRO.log
2013-10-06 12:40 - 2013-10-06 12:40 - 00000000 ____D C:\Users\Vetti1204\AppData\Roaming\337 Wallpaper
2013-10-06 12:35 - 2013-10-06 12:35 - 00000000 ____D C:\Users\Vetti1204\AppData\Roaming\337
2013-10-06 12:34 - 2013-10-06 12:48 - 00000000 ____D C:\Program Files (x86)\WinZipper
2013-10-06 12:34 - 2013-10-06 12:47 - 00000000 ____D C:\Program Files (x86)\Omiga Plus
2013-10-06 12:34 - 2013-10-06 12:35 - 00000000 ____D C:\Users\Vetti1204\AppData\Roaming\Omiga Plus
2013-10-06 12:34 - 2013-10-06 12:34 - 00000000 ____D C:\Users\Vetti1204\AppData\Roaming\WinZipper
2013-10-04 23:04 - 2013-10-06 12:39 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-10-04 23:03 - 2013-10-06 12:34 - 00000000 ____D C:\Program Files (x86)\Desk 365
2013-10-04 23:03 - 2013-10-04 23:05 - 00000000 ____D C:\Users\Vetti1204\AppData\Roaming\Desk 365
2013-10-04 23:02 - 2013-10-04 23:02 - 00000000 ____D C:\Users\Vetti1204\Documents\Optimizer Pro
2013-10-04 23:01 - 2013-10-06 12:38 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2013-10-04 22:58 - 2013-10-04 22:58 - 00181296 _____ C:\Users\Vetti1204\Downloads\Setup.exe
2013-10-04 17:18 - 2013-10-06 13:09 - 00000000 ____D C:\ProgramData\eSafe
2013-10-04 17:17 - 2013-10-06 13:22 - 00000000 ____D C:\Program Files (x86)\BonanzaDealsLive
2013-10-04 17:17 - 2013-10-04 17:17 - 00000000 ____D C:\Users\Vetti1204\AppData\Local\BonanzaDealsLive
2013-10-04 17:17 - 2013-10-04 17:17 - 00000000 ____D C:\ProgramData\BonanzaDealsLive
2013-10-04 17:16 - 2013-10-06 12:36 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals
2013-10-04 17:15 - 2013-10-04 17:17 - 25842736 _____ (Microsoft Corporation) C:\Users\Vetti1204\Downloads\Media-Player.exe
2013-10-04 17:15 - 2013-10-04 17:15 - 00598424 _____ C:\Users\Vetti1204\Downloads\Media-Player(1).exe
2013-10-04 17:13 - 2013-10-04 17:19 - 00001805 _____ C:\Windows\wmsetup.log
2013-10-04 17:11 - 2013-10-04 17:13 - 25842736 _____ (Microsoft Corporation) C:\Users\Vetti1204\Downloads\wmp11-windowsxp-x86-DE-DE.exe
2013-10-03 20:26 - 2013-10-03 20:26 - 00000000 _____ C:\Windows\setuperr.log
2013-10-03 20:26 - 2013-10-03 20:26 - 00000000 _____ C:\Windows\setupact.log
2013-10-02 13:15 - 2013-10-02 13:15 - 00000000 ____D C:\ProgramData\HP
2013-09-20 10:41 - 2013-09-20 10:41 - 00029977 _____ C:\Users\Vetti1204\Downloads\webacc.htm
2013-09-19 13:12 - 2013-09-19 13:12 - 00000000 ____D C:\Users\Vetti1204\AppData\Local\CrashRpt
2013-09-19 13:08 - 2013-09-19 13:08 - 00000000 ____D C:\Users\Vetti1204\Documents\My Drawings
2013-09-19 13:06 - 2013-09-19 13:06 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared
2013-09-19 13:04 - 2013-09-19 13:08 - 00000000 ____D C:\Users\Vetti1204\AppData\Roaming\DraftSight
2013-09-19 13:04 - 2013-09-19 13:04 - 00002761 _____ C:\Users\Public\Desktop\DraftSight x64.lnk
2013-09-19 13:03 - 2013-09-19 13:03 - 00000000 ____D C:\ProgramData\Dassault Systemes
2013-09-19 13:03 - 2013-09-19 13:03 - 00000000 ____D C:\Program Files\Dassault Systemes
2013-09-19 12:52 - 2013-09-19 12:58 - 138710880 _____ (Microsoft Corporation) C:\Users\Vetti1204\Downloads\DraftSight64.exe
2013-09-18 11:12 - 2013-09-18 11:12 - 00501440 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-17 20:15 - 2013-10-04 23:00 - 00001856 _____ C:\Users\Vetti1204\Desktop\Search.lnk
2013-09-17 20:15 - 2013-10-04 23:00 - 00000000 ____D C:\ProgramData\DSearchLink
2013-09-17 20:15 - 2013-09-18 10:58 - 00000000 ____D C:\Users\Vetti1204\AppData\Roaming\PerformerSoft
2013-09-17 20:15 - 2013-09-18 10:58 - 00000000 ____D C:\Program Files (x86)\Lizardlink
2013-09-17 20:15 - 2013-09-17 20:15 - 00000000 ____D C:\Users\Vetti1204\AppData\Roaming\SpeedAnalysis3
2013-09-17 20:15 - 2013-09-17 20:15 - 00000000 ____D C:\Users\Vetti1204\AppData\Roaming\7go
2013-09-17 20:15 - 2013-06-19 14:58 - 00019456 _____ (PerformerSoft LLC) C:\Windows\system32\roboot64.exe
2013-09-17 20:14 - 2013-09-17 20:14 - 00001144 _____ C:\Users\Vetti1204\Desktop\SpeedAnalysis.lnk
2013-09-17 20:14 - 2013-09-17 20:14 - 00000000 ____D C:\Users\Vetti1204\AppData\Roaming\File Scout
2013-09-17 20:14 - 2013-09-17 20:14 - 00000000 ____D C:\Users\Vetti1204\AppData\Roaming\Babylon
2013-09-17 20:14 - 2013-09-17 20:14 - 00000000 ____D C:\ProgramData\IBUpdaterService
2013-09-17 20:14 - 2013-09-17 20:14 - 00000000 ____D C:\ProgramData\Babylon
2013-09-17 20:11 - 2013-09-17 20:11 - 00827616 _____ () C:\Users\Vetti1204\Downloads\VideoPerformerSetup.exe
2013-09-17 20:11 - 2013-09-17 20:11 - 00827616 _____ () C:\Users\Vetti1204\Downloads\VideoPerformerSetup(1).exe
2013-09-13 15:44 - 2013-09-16 10:28 - 00000000 ____D C:\Users\Vetti1204\Desktop\Silo und Brennstoffversorgung
2013-09-12 19:10 - 2013-09-12 19:10 - 00002021 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-09-12 12:15 - 2013-09-12 12:15 - 00032621 _____ C:\Users\Vetti1204\Documents\Wärmeverteilung.sdr
2013-09-11 15:42 - 2013-08-16 07:41 - 00058200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys
2013-09-11 15:42 - 2013-08-16 07:39 - 02371728 _____ (Microsoft Corporation) C:\Windows\system32\WSService.dll
2013-09-11 15:42 - 2013-08-16 07:39 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-09-11 15:42 - 2013-08-16 07:32 - 00209200 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2013-09-11 15:42 - 2013-08-16 07:22 - 04917760 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2013-09-11 15:42 - 2013-08-16 07:22 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-09-11 15:42 - 2013-08-16 07:21 - 03275776 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-09-11 15:42 - 2013-08-16 07:21 - 01621504 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-09-11 15:42 - 2013-08-16 07:21 - 01164288 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2013-09-11 15:42 - 2013-08-16 07:21 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-09-11 15:42 - 2013-08-16 07:21 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2013-09-11 15:42 - 2013-08-16 07:21 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2013-09-11 15:42 - 2013-08-16 07:21 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2013-09-11 15:42 - 2013-08-16 07:21 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\WSClient.dll
2013-09-11 15:42 - 2013-08-16 07:21 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2013-09-11 15:42 - 2013-08-16 07:21 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\WSSync.dll
2013-09-11 15:42 - 2013-08-16 07:21 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2013-09-11 15:42 - 2013-08-16 07:21 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-09-11 15:42 - 2013-08-16 07:21 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-09-11 15:42 - 2013-08-16 07:21 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\sppc.dll
2013-09-11 15:42 - 2013-08-16 07:21 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-09-11 15:42 - 2013-08-16 07:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\setupcln.dll
2013-09-11 15:42 - 2013-08-16 07:21 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2013-09-11 15:42 - 2013-08-16 07:21 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2013-09-11 15:42 - 2013-08-16 07:20 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2013-09-11 15:42 - 2013-08-16 00:43 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-09-11 15:42 - 2013-08-16 00:43 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2013-09-11 15:42 - 2013-08-16 00:43 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSClient.dll
2013-09-11 15:42 - 2013-08-16 00:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSSync.dll
2013-09-11 15:42 - 2013-08-16 00:43 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2013-09-11 15:42 - 2013-08-16 00:43 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-09-11 15:42 - 2013-08-16 00:43 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-09-11 15:42 - 2013-08-16 00:43 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-09-11 15:42 - 2013-08-16 00:43 - 00083968 _____ C:\Windows\SysWOW64\OEMLicense.dll
2013-09-11 15:42 - 2013-08-16 00:43 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-09-11 15:42 - 2013-08-16 00:43 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2013-09-11 15:42 - 2013-08-16 00:42 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppc.dll
2013-09-11 15:42 - 2013-08-16 00:42 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupcln.dll
2013-09-11 15:41 - 2013-08-21 06:11 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-11 15:41 - 2013-08-21 06:11 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-11 15:41 - 2013-08-21 06:11 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-11 15:41 - 2013-08-21 04:05 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-11 15:40 - 2013-08-21 06:12 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-11 15:40 - 2013-08-21 06:12 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-11 15:40 - 2013-08-21 06:11 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-11 15:40 - 2013-08-21 06:11 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-11 15:40 - 2013-08-21 06:11 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-09-11 15:40 - 2013-08-21 06:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-11 15:40 - 2013-08-21 06:11 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-11 15:40 - 2013-08-21 06:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-11 15:40 - 2013-08-21 06:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-11 15:40 - 2013-08-21 06:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2013-09-11 15:40 - 2013-08-21 06:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-11 15:40 - 2013-08-21 06:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-11 15:40 - 2013-08-21 04:34 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-11 15:40 - 2013-08-21 04:06 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-11 15:40 - 2013-08-21 04:06 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-11 15:40 - 2013-08-21 04:06 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-09-11 15:40 - 2013-08-21 04:05 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-11 15:40 - 2013-08-21 04:05 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-11 15:40 - 2013-08-21 04:05 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-11 15:40 - 2013-08-21 04:05 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-11 15:40 - 2013-08-21 04:05 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-11 15:40 - 2013-08-21 04:05 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-11 15:40 - 2013-08-21 04:05 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-11 15:40 - 2013-08-21 04:05 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-11 15:40 - 2013-08-21 04:05 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-11 15:40 - 2013-08-21 03:43 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-11 15:40 - 2013-08-21 01:52 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2013-09-11 15:40 - 2013-08-07 07:15 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2013-09-11 15:40 - 2013-08-03 06:30 - 04038144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-11 15:40 - 2013-07-09 10:04 - 00120144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpioclx.sys
2013-09-11 15:40 - 2013-07-09 08:18 - 00439488 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2013-09-11 15:40 - 2013-07-09 06:25 - 00385768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2013-09-11 15:40 - 2013-07-09 05:57 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LocationApi.dll
2013-09-11 15:40 - 2013-07-09 00:46 - 00543744 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
2013-09-11 15:40 - 2013-07-09 00:46 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2013-09-11 15:40 - 2013-07-09 00:46 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Wwanadvui.dll
2013-09-11 15:40 - 2013-07-09 00:45 - 00312832 _____ (Microsoft Corporation) C:\Windows\system32\LocationApi.dll
2013-09-11 15:40 - 2013-07-06 02:16 - 01025024 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2013-09-11 15:40 - 2013-07-03 02:23 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2013-09-11 15:40 - 2013-07-03 02:23 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll
2013-09-11 15:40 - 2013-07-03 02:22 - 02839552 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2013-09-11 15:40 - 2013-07-03 02:22 - 01300480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-09-11 15:40 - 2013-07-03 02:11 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2013-09-11 15:40 - 2013-07-03 02:11 - 00268800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2013-09-11 15:40 - 2013-07-03 02:10 - 02273792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2013-09-11 15:40 - 2013-07-02 00:08 - 00387583 _____ C:\Windows\system32\ApnDatabase.xml
2013-09-11 15:40 - 2013-07-01 00:30 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\openfiles.exe
2013-09-11 15:40 - 2013-07-01 00:29 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\openfiles.exe
2013-09-11 15:40 - 2013-06-29 08:15 - 00195416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2013-09-11 15:40 - 2013-06-29 08:15 - 00125784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2013-09-11 15:40 - 2013-06-29 07:43 - 00327512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2013-09-11 15:40 - 2013-06-29 03:12 - 01022464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-09-11 15:40 - 2013-06-26 05:01 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2013-09-11 15:40 - 2013-06-26 04:59 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys
2013-09-11 15:40 - 2013-06-25 00:54 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-09-11 15:40 - 2013-06-25 00:54 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2013-09-11 15:40 - 2013-06-25 00:54 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2013-09-11 15:40 - 2013-06-19 07:36 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\winmmbase.dll
2013-09-11 15:40 - 2013-06-19 07:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\winmm.dll
2013-09-11 15:40 - 2013-06-19 00:38 - 00160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmmbase.dll
2013-09-11 15:40 - 2013-06-19 00:38 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll
2013-09-11 15:40 - 2013-06-12 01:43 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2013-09-11 15:40 - 2013-06-12 01:26 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2013-09-11 15:40 - 2013-06-10 23:17 - 00096512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2013-09-11 15:40 - 2013-06-10 21:16 - 00888832 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-09-11 15:40 - 2013-06-10 21:15 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-09-11 15:40 - 2013-06-10 21:15 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2013-09-11 15:40 - 2013-06-10 21:15 - 00381952 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-09-11 15:40 - 2013-06-10 21:10 - 00702464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-09-11 15:40 - 2013-06-10 21:10 - 00245248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-09-11 15:40 - 2013-06-06 10:03 - 00119040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2013-09-09 17:50 - 2013-09-09 17:53 - 00000000 ____D C:\Users\Vetti1204\Desktop\#_Kennzahlen - Leistungsdialog
2013-09-08 11:40 - 2013-10-08 17:46 - 01390174 _____ C:\Windows\WindowsUpdate.log

==================== One Month Modified Files and Folders =======

2013-10-08 18:17 - 2013-10-08 18:16 - 00023286 _____ C:\Users\Vetti1204\Downloads\Addition.txt
2013-10-08 18:13 - 2013-10-08 18:13 - 01954124 _____ (Farbar) C:\Users\Vetti1204\Downloads\FRST64.exe
2013-10-08 18:13 - 2013-10-08 18:13 - 00000000 ____D C:\FRST
2013-10-08 18:12 - 2013-10-08 18:12 - 01087213 _____ (Farbar) C:\Users\Vetti1204\Downloads\FRST(1).exe
2013-10-08 18:01 - 2013-10-08 18:01 - 01087213 _____ (Farbar) C:\Users\Vetti1204\Downloads\FRST.exe
2013-10-08 18:00 - 2013-08-25 00:22 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-08 18:00 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru
2013-10-08 17:46 - 2013-09-08 11:40 - 01390174 _____ C:\Windows\WindowsUpdate.log
2013-10-08 16:49 - 2013-08-25 06:21 - 00000000 ____D C:\Users\Vetti1204
2013-10-08 16:49 - 2013-08-24 23:19 - 00000000 ____D C:\ProgramData\WinZip
2013-10-08 16:41 - 2013-10-08 16:39 - 51187712 _____ C:\Users\Vetti1204\Downloads\wz175-32gev.msi
2013-10-08 08:17 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-10-07 08:59 - 2013-08-25 06:24 - 00000062 _____ C:\Users\Vetti1204\AppData\Roaming\sp_data.sys
2013-10-07 08:59 - 2013-05-31 19:02 - 00003542 _____ C:\Windows\System32\Tasks\ASUS Touchpad Launcher (x64)
2013-10-07 08:59 - 2013-05-31 19:02 - 00003052 _____ C:\Windows\System32\Tasks\ASUS P4G
2013-10-07 08:59 - 2013-05-31 19:02 - 00003004 _____ C:\Windows\System32\Tasks\ASUS Splendid ColorU
2013-10-07 08:59 - 2013-05-31 19:02 - 00002988 _____ C:\Windows\System32\Tasks\ASUS Splendid ACMON
2013-10-07 08:59 - 2013-05-31 19:00 - 00003024 _____ C:\Windows\System32\Tasks\ASUS USB Charger Plus
2013-10-07 08:59 - 2013-05-31 18:59 - 00003114 _____ C:\Windows\System32\Tasks\ASUS Live Update
2013-10-07 08:58 - 2013-08-25 18:43 - 00000484 _____ C:\Windows\Tasks\SDMsgUpdate (TE).job
2013-10-06 18:53 - 2012-08-03 01:02 - 00753134 _____ C:\Windows\system32\perfh007.dat
2013-10-06 18:53 - 2012-08-03 01:02 - 00155826 _____ C:\Windows\system32\perfc007.dat
2013-10-06 18:53 - 2012-07-26 09:28 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-06 18:47 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-06 14:01 - 2013-08-25 06:29 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3734775389-2830244704-707604587-1001
2013-10-06 13:22 - 2013-10-04 17:17 - 00000000 ____D C:\Program Files (x86)\BonanzaDealsLive
2013-10-06 13:09 - 2013-10-04 17:18 - 00000000 ____D C:\ProgramData\eSafe
2013-10-06 12:53 - 2013-10-06 12:45 - 00006014 _____ C:\Windows\PFRO.log
2013-10-06 12:53 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-10-06 12:48 - 2013-10-06 12:34 - 00000000 ____D C:\Program Files (x86)\WinZipper
2013-10-06 12:47 - 2013-10-06 12:34 - 00000000 ____D C:\Program Files (x86)\Omiga Plus
2013-10-06 12:40 - 2013-10-06 12:40 - 00000000 ____D C:\Users\Vetti1204\AppData\Roaming\337 Wallpaper
2013-10-06 12:39 - 2013-10-04 23:04 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-10-06 12:39 - 2013-08-25 06:23 - 00000000 ___RD C:\Users\Vetti1204\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-06 12:38 - 2013-10-04 23:01 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2013-10-06 12:36 - 2013-10-04 17:16 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals
2013-10-06 12:35 - 2013-10-06 12:35 - 00000000 ____D C:\Users\Vetti1204\AppData\Roaming\337
2013-10-06 12:35 - 2013-10-06 12:34 - 00000000 ____D C:\Users\Vetti1204\AppData\Roaming\Omiga Plus
2013-10-06 12:34 - 2013-10-06 12:34 - 00000000 ____D C:\Users\Vetti1204\AppData\Roaming\WinZipper
2013-10-06 12:34 - 2013-10-04 23:03 - 00000000 ____D C:\Program Files (x86)\Desk 365
2013-10-04 23:05 - 2013-10-04 23:03 - 00000000 ____D C:\Users\Vetti1204\AppData\Roaming\Desk 365
2013-10-04 23:02 - 2013-10-04 23:02 - 00000000 ____D C:\Users\Vetti1204\Documents\Optimizer Pro
2013-10-04 23:00 - 2013-09-17 20:15 - 00001856 _____ C:\Users\Vetti1204\Desktop\Search.lnk
2013-10-04 23:00 - 2013-09-17 20:15 - 00000000 ____D C:\ProgramData\DSearchLink
2013-10-04 22:58 - 2013-10-04 22:58 - 00181296 _____ C:\Users\Vetti1204\Downloads\Setup.exe
2013-10-04 17:19 - 2013-10-04 17:13 - 00001805 _____ C:\Windows\wmsetup.log
2013-10-04 17:17 - 2013-10-04 17:17 - 00000000 ____D C:\Users\Vetti1204\AppData\Local\BonanzaDealsLive
2013-10-04 17:17 - 2013-10-04 17:17 - 00000000 ____D C:\ProgramData\BonanzaDealsLive
2013-10-04 17:17 - 2013-10-04 17:15 - 25842736 _____ (Microsoft Corporation) C:\Users\Vetti1204\Downloads\Media-Player.exe
2013-10-04 17:17 - 2013-08-25 06:23 - 00001299 _____ C:\Users\Vetti1204\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-10-04 17:17 - 2013-08-24 23:05 - 00001345 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-10-04 17:15 - 2013-10-04 17:15 - 00598424 _____ C:\Users\Vetti1204\Downloads\Media-Player(1).exe
2013-10-04 17:13 - 2013-10-04 17:11 - 25842736 _____ (Microsoft Corporation) C:\Users\Vetti1204\Downloads\wmp11-windowsxp-x86-DE-DE.exe
2013-10-03 20:26 - 2013-10-03 20:26 - 00000000 _____ C:\Windows\setuperr.log
2013-10-03 20:26 - 2013-10-03 20:26 - 00000000 _____ C:\Windows\setupact.log
2013-10-02 17:29 - 2013-08-24 23:05 - 00000000 ____D C:\Users\Vetti1204\AppData\Local\Mozilla
2013-10-02 17:29 - 2013-08-24 23:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-02 13:20 - 2013-08-25 06:21 - 00000000 ____D C:\Users\Vetti1204\AppData\Local\Packages
2013-10-02 13:15 - 2013-10-02 13:15 - 00000000 ____D C:\ProgramData\HP
2013-09-30 17:30 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-09-26 19:39 - 2013-08-28 08:32 - 00000000 ___RD C:\Users\Vetti1204\SkyDrive
2013-09-20 10:41 - 2013-09-20 10:41 - 00029977 _____ C:\Users\Vetti1204\Downloads\webacc.htm
2013-09-19 13:33 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache
2013-09-19 13:27 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\WinStore
2013-09-19 13:27 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-09-19 13:12 - 2013-09-19 13:12 - 00000000 ____D C:\Users\Vetti1204\AppData\Local\CrashRpt
2013-09-19 13:08 - 2013-09-19 13:08 - 00000000 ____D C:\Users\Vetti1204\Documents\My Drawings
2013-09-19 13:08 - 2013-09-19 13:04 - 00000000 ____D C:\Users\Vetti1204\AppData\Roaming\DraftSight
2013-09-19 13:06 - 2013-09-19 13:06 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared
2013-09-19 13:04 - 2013-09-19 13:04 - 00002761 _____ C:\Users\Public\Desktop\DraftSight x64.lnk
2013-09-19 13:03 - 2013-09-19 13:03 - 00000000 ____D C:\ProgramData\Dassault Systemes
2013-09-19 13:03 - 2013-09-19 13:03 - 00000000 ____D C:\Program Files\Dassault Systemes
2013-09-19 12:58 - 2013-09-19 12:52 - 138710880 _____ (Microsoft Corporation) C:\Users\Vetti1204\Downloads\DraftSight64.exe
2013-09-19 01:26 - 2013-08-28 07:15 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-19 01:26 - 2013-08-28 07:15 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-18 11:12 - 2013-09-18 11:12 - 00501440 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-18 11:10 - 2012-07-26 11:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-09-18 11:10 - 2012-07-26 11:43 - 00000000 ____D C:\Windows\SysWOW64\winrm
2013-09-18 11:10 - 2012-07-26 11:43 - 00000000 ____D C:\Windows\SysWOW64\sysprep
2013-09-18 11:10 - 2012-07-26 11:43 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2013-09-18 11:10 - 2012-07-26 11:43 - 00000000 ____D C:\Windows\en-GB
2013-09-18 11:10 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2013-09-18 11:10 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\SysWOW64\en-GB
2013-09-18 11:10 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-09-18 11:10 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Defender
2013-09-18 11:10 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Common Files\System
2013-09-18 11:10 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-09-18 11:10 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-09-18 11:10 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\SysWOW64\oobe
2013-09-18 11:09 - 2012-07-26 11:43 - 00000000 ____D C:\Windows\SysWOW64\WCN
2013-09-18 11:09 - 2012-07-26 11:43 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2013-09-18 11:09 - 2012-07-26 11:43 - 00000000 ____D C:\Windows\system32\winrm
2013-09-18 11:09 - 2012-07-26 11:43 - 00000000 ____D C:\Windows\system32\slmgr
2013-09-18 11:09 - 2012-07-26 10:12 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2013-09-18 11:09 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\SysWOW64\MUI
2013-09-18 11:09 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\SysWOW64\Com
2013-09-18 11:09 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\migwiz
2013-09-18 11:09 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\en-GB
2013-09-18 11:09 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\SysWOW64\Dism
2013-09-18 11:09 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\system32\Sysprep
2013-09-18 11:09 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\system32\oobe
2013-09-18 11:07 - 2012-07-26 11:43 - 00000000 ____D C:\Windows\system32\WCN
2013-09-18 11:07 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\MUI
2013-09-18 11:07 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\system32\Dism
2013-09-18 11:06 - 2012-07-26 11:43 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2013-09-18 11:06 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\SystemResetPlatform
2013-09-18 11:06 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\Com
2013-09-18 10:58 - 2013-09-17 20:15 - 00000000 ____D C:\Users\Vetti1204\AppData\Roaming\PerformerSoft
2013-09-18 10:58 - 2013-09-17 20:15 - 00000000 ____D C:\Program Files (x86)\Lizardlink
2013-09-17 20:15 - 2013-09-17 20:15 - 00000000 ____D C:\Users\Vetti1204\AppData\Roaming\SpeedAnalysis3
2013-09-17 20:15 - 2013-09-17 20:15 - 00000000 ____D C:\Users\Vetti1204\AppData\Roaming\7go
2013-09-17 20:14 - 2013-09-17 20:14 - 00001144 _____ C:\Users\Vetti1204\Desktop\SpeedAnalysis.lnk
2013-09-17 20:14 - 2013-09-17 20:14 - 00000000 ____D C:\Users\Vetti1204\AppData\Roaming\File Scout
2013-09-17 20:14 - 2013-09-17 20:14 - 00000000 ____D C:\Users\Vetti1204\AppData\Roaming\Babylon
2013-09-17 20:14 - 2013-09-17 20:14 - 00000000 ____D C:\ProgramData\IBUpdaterService
2013-09-17 20:14 - 2013-09-17 20:14 - 00000000 ____D C:\ProgramData\Babylon
2013-09-17 20:11 - 2013-09-17 20:11 - 00827616 _____ () C:\Users\Vetti1204\Downloads\VideoPerformerSetup.exe
2013-09-17 20:11 - 2013-09-17 20:11 - 00827616 _____ () C:\Users\Vetti1204\Downloads\VideoPerformerSetup(1).exe
2013-09-16 11:53 - 2013-08-25 17:57 - 00000000 ____D C:\Users\Vetti1204\AppData\Local\Microsoft Help
2013-09-16 10:28 - 2013-09-13 15:44 - 00000000 ____D C:\Users\Vetti1204\Desktop\Silo und Brennstoffversorgung
2013-09-12 19:10 - 2013-09-12 19:10 - 00002021 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-09-12 12:15 - 2013-09-12 12:15 - 00032621 _____ C:\Users\Vetti1204\Documents\Wärmeverteilung.sdr
2013-09-11 16:04 - 2013-08-25 17:57 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-11 15:55 - 2013-08-27 13:10 - 00000000 ____D C:\Windows\system32\MRT
2013-09-11 15:52 - 2013-08-27 13:10 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-11 10:01 - 2013-08-25 00:22 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-09 17:53 - 2013-09-09 17:50 - 00000000 ____D C:\Users\Vetti1204\Desktop\#_Kennzahlen - Leistungsdialog

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\Users\Public\AlexaNSISPlugin.2512.dll


Some content of TEMP:
====================
C:\Users\Vetti1204\AppData\Local\Temp\BackupSetup.exe
C:\Users\Vetti1204\AppData\Local\Temp\pricepeep_1.exe
C:\Users\Vetti1204\AppData\Local\Temp\Setup.exe
C:\Users\Vetti1204\AppData\Local\Temp\uninst1.exe
C:\Users\Vetti1204\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-29 11:59

==================== End Of Log ============================
         
--- --- ---



Addition.txt:FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013
Ran by Vetti1204 at 2013-10-08 18:28:48
Running from C:\Users\Vetti1204\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 9.20 (x32)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Adobe Reader X (10.1.8) MUI (x32 Version: 10.1.8)
Alcor Micro USB Card Reader (x32 Version: 3.4.117.01527)
ASUS Instant Connect (x32 Version: 1.2.8)
ASUS InstantOn (x32 Version: 3.0.5)
ASUS LifeFrame3 (x32 Version: 3.1.13)
ASUS Live Update (x32 Version: 3.1.8)
ASUS Power4Gear Hybrid (Version: 2.1.7)
ASUS Screen Saver (Version: 1.0.1)
ASUS Smart Gesture (x32 Version: 1.1.3)
ASUS Splendid Video Enhancement Technology (x32 Version: 2.01.0002)
ASUS Tutor (x32 Version: 1.0.8)
ASUS USB Charger Plus (x32 Version: 2.1.5)
ASUS WebStorage Sync Agent (x32 Version: 1.1.10.123)
ASUS X201 Product Demo (x32 Version: 1.0.0)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.1.0.7)
ATK Package (x32 Version: 1.0.0027)
Broadcom 802.11 Network Adapter (Version: 6.30.59.91)
CCleaner (Version: 4.04)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
DraftSight x64 (Version: 11.0.1258)
Fotogalerie (x32 Version: 16.4.3505.0912)
Galerie de photos (x32 Version: 16.4.3505.0912)
Google Update Helper (x32 Version: 1.3.23.0)
Intel(R) Management Engine Components (x32 Version: 8.1.0.1252)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2875)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
Lightspark 0.5.3-git (x32 Version: 0.5.3-git)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office (x32 Version: 15.0.4420.1017)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft SkyDrive (HKCU Version: 17.0.2015.0811)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (x32 Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (x32 Version: 9.0.30729)
Movie Maker (x32 Version: 16.4.3505.0912)
Mozilla Firefox 24.0 (x86 de) (x32 Version: 24.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MyBitCast 2.0 (x32 Version: 2.0)
PDF24 Creator 5.7.0 (x32)
Photo Common (x32 Version: 16.4.3505.0912)
Photo Gallery (x32 Version: 16.4.3505.0912)
Raccolta foto (x32 Version: 16.4.3505.0912)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6798)
Rossmann Fotowelt Software 4.12.1 (x32 Version: 4.12.1)
Shared C Run-time for x64 (Version: 10.0.0)
SmartDraw 2010 (HKCU)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
VLC media player 2.0.8 (x32 Version: 2.0.8)
Windows Driver Package - ASUS (ATP) Mouse  (01/10/2013 1.0.0.170) (Version: 01/10/2013 1.0.0.170)
Windows Live (x32 Version: 16.4.3505.0912)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912)
Windows Live Essentials (x32 Version: 16.4.3505.0912)
Windows Live Installer (x32 Version: 16.4.3505.0912)
Windows Live Photo Common (x32 Version: 16.4.3505.0912)
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912)
Windows Live SOXE (x32 Version: 16.4.3505.0912)
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912)
Windows Live UX Platform (x32 Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912)
WinFlash (x32 Version: 2.41.1)

==================== Restore Points  =========================

06-10-2013 10:51:21 Windows Update
08-10-2013 14:42:26 WinZip 17.5 wird installiert

==================== Hosts content: ==========================

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0476A34D-6CED-4071-8138-17DA76E4DCF9} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
Task: {2438D0EE-8661-4497-BC3A-83F4C9220C51} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-10-24] (ASUS)
Task: {293CBF78-BDE3-4D71-8A6E-18A271708D4C} - \DealPlyLiveUpdateTaskMachineCore No Task File
Task: {37BBAFAA-EA97-433B-AE72-0536C970D83E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {39284A9D-761F-4139-9536-E0F3D3334838} - \AmiUpdXp No Task File
Task: {4749E87F-CF47-4A34-9381-92A8EBFA1765} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-07-25] (ASUSTeK Computer Inc.)
Task: {48F606F5-E2BF-49BF-9C38-2558E97B2721} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {498112DE-2961-4C44-9990-813E7F154683} - \DealPlyLiveUpdateTaskMachineUA No Task File
Task: {66C21A8C-66CC-44F6-AD93-E097CF3C9449} - System32\Tasks\SDMsgUpdate (TE) => C:\Program Files (x86)\SmartDraw 2010\Messages\SDNotify.exe [2009-07-08] ()
Task: {704D7F30-76A3-46A6-A789-6D4A6B733439} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {7101BCAB-6894-45DE-AA34-7EDBD11A471C} - \DSite No Task File
Task: {8882D26C-2CA1-4EDC-9003-BACDCBDBB3C7} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2012-11-27] (Microsoft Corporation)
Task: {8CC3C6E7-A416-4DAC-B67F-64C5BA3A2A7B} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe
Task: {ACBAB246-2FBE-4141-A600-04A2CACC6D60} - System32\Tasks\Omiga Plus RunAsStdUser => C:\Program Files (x86)\Omiga Plus\omigaplus.exe
Task: {B3FD219E-8BCF-48D3-8A3B-8DDCEC99DC57} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {B624C6C9-D313-4E7F-B9D4-59FF45389D86} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2012-11-29] ()
Task: {D6DA5F42-A44E-4467-93AA-52CE4D18B765} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-11] (Adobe Systems Incorporated)
Task: {DF5DEC72-66AE-4CC7-A98E-570472FB7237} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-01-16] (AsusTek)
Task: {DF774A91-7016-46D2-BE1F-4A10FCFC9D7D} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2012-11-29] (ASUS)
Task: {F9C23992-19AC-4BAA-81EE-C1128C96A5C2} - \Dealply No Task File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\SDMsgUpdate (TE).job => C:\PROGRA~2\SMARTD~1\Messages\SDNotify.exe

==================== Loaded Modules (whitelisted) =============

2013-08-27 18:30 - 2013-08-27 18:30 - 01322496 _____ () C:\Program Files\Dassault Systemes\DraftSight\bin\QtNetwork4.dll
2013-08-27 18:30 - 2013-08-27 18:30 - 00548864 _____ () C:\Program Files\Dassault Systemes\DraftSight\bin\QtXml4.dll
2013-08-27 18:32 - 2013-08-27 18:32 - 03466240 _____ () C:\Program Files\Dassault Systemes\DraftSight\bin\QtCore4.dll
2011-03-17 00:07 - 2011-03-17 00:07 - 04297568 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2012-08-24 18:26 - 2012-08-24 18:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2013-01-25 09:30 - 2012-11-02 09:19 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll
2012-07-26 11:48 - 2012-07-26 11:46 - 00170864 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2013-05-31 18:53 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-08-24 23:05 - 2013-10-02 17:28 - 03279768 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows\system32\Drivers\dxgprooz.sys:changelist

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/08/2013 06:14:17 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: FRST64.exe, Version: 3.3.8.1, Zeitstempel: 0x4f25bafd
Name des fehlerhaften Moduls: FRST64.exe, Version: 3.3.8.1, Zeitstempel: 0x4f25bafd
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000014760
ID des fehlerhaften Prozesses: 0x66c
Startzeit der fehlerhaften Anwendung: 0xFRST64.exe0
Pfad der fehlerhaften Anwendung: FRST64.exe1
Pfad des fehlerhaften Moduls: FRST64.exe2
Berichtskennung: FRST64.exe3
Vollständiger Name des fehlerhaften Pakets: FRST64.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FRST64.exe5

Error: (10/08/2013 04:53:53 PM) (Source: Application Hang) (User: )
Description: Programm wwahost.exe, Version 6.2.9200.16420 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1014

Startzeit: 01cec32a9fa62c96

Endzeit: 4294967295

Anwendungspfad: C:\Windows\system32\wwahost.exe

Berichts-ID: 635d69b8-3029-11e3-be83-74d02bafa194

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Microsoft.WindowsLive.Mail

Error: (10/08/2013 04:53:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Vetti)
Description: Das Paket „microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe“ wurde beendet, da das Anhalten zu lange dauerte.

Error: (10/08/2013 01:51:56 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (10/08/2013 01:42:17 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005

Error: (10/07/2013 02:24:30 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005

Error: (10/06/2013 00:50:22 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 24.0.0.5001, Zeitstempel: 0x522fd29f
Name des fehlerhaften Moduls: xul.dll, Version: 24.0.0.5001, Zeitstempel: 0x522fd1a4
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001b72a8
ID des fehlerhaften Prozesses: 0x524
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Vollständiger Name des fehlerhaften Pakets: firefox.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: firefox.exe5

Error: (10/06/2013 00:48:37 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_8_800_168.exe, Version: 11.8.800.168, Zeitstempel: 0x52223bb7
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x6a838482
ID des fehlerhaften Prozesses: 0x13f0
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_11_8_800_168.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_11_8_800_168.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_11_8_800_168.exe2
Berichtskennung: FlashPlayerPlugin_11_8_800_168.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_11_8_800_168.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_11_8_800_168.exe5

Error: (10/06/2013 00:48:35 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_8_800_168.exe, Version: 11.8.800.168, Zeitstempel: 0x52223bb7
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc00001a5
Fehleroffset: 0x012d4fa0
ID des fehlerhaften Prozesses: 0x13f0
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_11_8_800_168.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_11_8_800_168.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_11_8_800_168.exe2
Berichtskennung: FlashPlayerPlugin_11_8_800_168.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_11_8_800_168.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_11_8_800_168.exe5

Error: (10/04/2013 10:50:09 PM) (Source: Application Hang) (User: )
Description: Programm Taskmgr.exe, Version 6.2.9200.16465 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 8d0

Startzeit: 01cec1431ba5e94b

Endzeit: 0

Anwendungspfad: C:\Windows\System32\Taskmgr.exe

Berichts-ID: 6dd4de8b-2d36-11e3-be7f-74d02bafa194

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:


System errors:
=============
Error: (10/08/2013 08:17:27 AM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4

Error: (10/08/2013 08:16:10 AM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "VETTI" auf Transport "NetBT_Tcpip_{DC7CB204-87A5-409E-B70C-7B321532E891}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (10/07/2013 09:53:01 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4

Error: (10/07/2013 09:16:37 PM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "VETTI" auf Transport "NetBT_Tcpip_{DC7CB204-87A5-409E-B70C-7B321532E891}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (10/07/2013 07:46:31 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4

Error: (10/07/2013 05:57:14 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4

Error: (10/07/2013 02:59:37 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4

Error: (10/07/2013 02:24:32 PM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "VETTI" auf Transport "NetBT_Tcpip_{DC7CB204-87A5-409E-B70C-7B321532E891}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (10/07/2013 11:17:00 AM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4

Error: (10/07/2013 09:10:12 AM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4


Microsoft Office Sessions:
=========================
Error: (10/08/2013 06:14:17 PM) (Source: Application Error)(User: )
Description: FRST64.exe3.3.8.14f25bafdFRST64.exe3.3.8.14f25bafdc0000005000000000001476066c01cec4415440febbC:\Users\Vetti1204\Downloads\FRST64.exeC:\Users\Vetti1204\Downloads\FRST64.exeadaa6f11-3034-11e3-be83-74d02bafa194

Error: (10/08/2013 04:53:53 PM) (Source: Application Hang)(User: )
Description: wwahost.exe6.2.9200.16420101401cec32a9fa62c964294967295C:\Windows\system32\wwahost.exe635d69b8-3029-11e3-be83-74d02bafa194microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbweMicrosoft.WindowsLive.Mail

Error: (10/08/2013 04:53:26 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: Vetti)
Description: microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe

Error: (10/08/2013 01:51:56 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Vetti1204\Downloads\SoftonicDownloader_fuer_winzip.exe

Error: (10/08/2013 01:42:17 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005

Error: (10/07/2013 02:24:30 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005

Error: (10/06/2013 00:50:22 PM) (Source: Application Error)(User: )
Description: firefox.exe24.0.0.5001522fd29fxul.dll24.0.0.5001522fd1a4c0000005001b72a852401cec281c5893607C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\xul.dll192c1f12-2e75-11e3-be81-74d02bafa194

Error: (10/06/2013 00:48:37 PM) (Source: Application Error)(User: )
Description: FlashPlayerPlugin_11_8_800_168.exe11.8.800.16852223bb7unknown0.0.0.000000000c00000056a83848213f001cec2819a772d45C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exeunknownda481c96-2e74-11e3-be81-74d02bafa194

Error: (10/06/2013 00:48:35 PM) (Source: Application Error)(User: )
Description: FlashPlayerPlugin_11_8_800_168.exe11.8.800.16852223bb7unknown0.0.0.000000000c00001a5012d4fa013f001cec2819a772d45C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exeunknownd8ec008e-2e74-11e3-be81-74d02bafa194

Error: (10/04/2013 10:50:09 PM) (Source: Application Hang)(User: )
Description: Taskmgr.exe6.2.9200.164658d001cec1431ba5e94b0C:\Windows\System32\Taskmgr.exe6dd4de8b-2d36-11e3-be7f-74d02bafa194


==================== Memory info =========================== 

Percentage of memory in use: 65%
Total physical RAM: 1931.61 MB
Available physical RAM: 662.63 MB
Total Pagefile: 3403.61 MB
Available Pagefile: 1722.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:119.24 GB) (Free:74.09 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:157.55 GB) (Free:155.98 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: F7791DB4)

Partition: GPT Partition Type
==================== End Of Log ============================
         
--- --- ---


Alt 09.10.2013, 12:07   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Zip- Datei in Spam-mail geöffnet - Standard

Zip- Datei in Spam-mail geöffnet



Logs der Virenscanner fehlen. Darum hatte ich auch gebeten und eine ausführlichste Anleitung wie man an diese Logs kommt wurde ebenfalls verlinkt.
__________________
--> Zip- Datei in Spam-mail geöffnet

Alt 09.10.2013, 14:01   #7
vetti
 
Zip- Datei in Spam-mail geöffnet - Standard

Zip- Datei in Spam-mail geöffnet



ja aber die Besipeiel die du gesendet hast treffen bei mir nicht zu. Ich habe alles über windows defender gemacht und finde die Logdatei nicht

Alt 09.10.2013, 17:44   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Zip- Datei in Spam-mail geöffnet - Standard

Zip- Datei in Spam-mail geöffnet



Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.10.2013, 09:56   #9
vetti
 
Zip- Datei in Spam-mail geöffnet - Standard

Zip- Datei in Spam-mail geöffnet



Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.07.0.1005
www.malwarebytes.org

Database version: v2013.10.10.02

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16688
Vetti1204 :: VETTI [administrator]

10.10.2013 10:03:06
mbar-log-2013-10-10 (10-03-06).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 219036
Time elapsed: 25 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 5
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL (Hijack.StartPage) -> Bad: (hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=ST320LT012-9WS14C_S0V0XKJYXXXXS0V0XKJY&ts=1380899831) Good: (hxxp://www.google.com) -> Replace on reboot.
HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL (Hijack.StartPage) -> Bad: (hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=ST320LT012-9WS14C_S0V0XKJYXXXXS0V0XKJY&ts=1380899831) Good: (hxxp://www.google.com) -> Replace on reboot.
HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page (Hijack.StartPage) -> Bad: (hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=ST320LT012-9WS14C_S0V0XKJYXXXXS0V0XKJY&ts=1380899831) Good: (hxxp://www.google.com) -> Replace on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL (Hijack.StartPage) -> Bad: (hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=ST320LT012-9WS14C_S0V0XKJYXXXXS0V0XKJY&ts=1380899831) Good: (hxxp://www.google.com) -> Replace on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page (Hijack.StartPage) -> Bad: (hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=ST320LT012-9WS14C_S0V0XKJYXXXXS0V0XKJY&ts=1380899831) Good: (hxxp://www.google.com) -> Replace on reboot.

Folders Detected: 1
C:\ProgramData\IBUpdaterService (Adware.InstallBrain) -> Delete on reboot.

Files Detected: 4
C:\Users\Vetti1204\Downloads\VideoPerformerSetup(1).exe (Adware.InstallBrain) -> Delete on reboot.
C:\Users\Vetti1204\Downloads\VideoPerformerSetup.exe (Adware.InstallBrain) -> Delete on reboot.
C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgcfg.log (Extension.Mismatch) -> Delete on reboot.
C:\ProgramData\IBUpdaterService\repository.xml (Adware.InstallBrain) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
Ein weiterer Scan ließ sich leider nicht durchführen, da sich mein Rechner immer festgehangen hat

Alt 10.10.2013, 11:20   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Zip- Datei in Spam-mail geöffnet - Standard

Zip- Datei in Spam-mail geöffnet



Adware/Junkware/Toolbars entfernen


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.10.2013, 12:54   #11
vetti
 
Zip- Datei in Spam-mail geöffnet - Icon17

Zip- Datei in Spam-mail geöffnet



Code:
ATTFilter
# AdwCleaner v3.007 - Bericht erstellt am 10/10/2013 um 13:23:48
# Updated 09/10/2013 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : Vetti1204 - VETTI
# Gestartet von : C:\Users\Vetti1204\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\BonanzaDealsLive
Ordner Gelöscht : C:\ProgramData\DSearchLink
Ordner Gelöscht : C:\ProgramData\eSafe
Ordner Gelöscht : C:\Program Files (x86)\BonanzaDealsLive
Ordner Gelöscht : C:\Program Files (x86)\Desk 365
Ordner Gelöscht : C:\Program Files (x86)\Lizardlink
Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup 
Ordner Gelöscht : C:\Program Files (x86)\Omiga Plus
Ordner Gelöscht : C:\Program Files (x86)\optimizer pro
Ordner Gelöscht : C:\Program Files (x86)\WinZipper
Ordner Gelöscht : C:\Program Files (x86)\Common Files\337
Ordner Gelöscht : C:\Users\Vetti1204\AppData\Local\BonanzaDealsLive
Ordner Gelöscht : C:\Users\VETTI1~1\AppData\Local\Temp\Desk365
Ordner Gelöscht : C:\Users\VETTI1~1\AppData\Local\Temp\eIntaller
Ordner Gelöscht : C:\Users\Vetti1204\AppData\Roaming\337
Ordner Gelöscht : C:\Users\Vetti1204\AppData\Roaming\7go
Ordner Gelöscht : C:\Users\Vetti1204\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Vetti1204\AppData\Roaming\Desk 365
Ordner Gelöscht : C:\Users\Vetti1204\AppData\Roaming\file scout
Ordner Gelöscht : C:\Users\Vetti1204\AppData\Roaming\Omiga Plus
Ordner Gelöscht : C:\Users\Vetti1204\AppData\Roaming\PerformerSoft
Ordner Gelöscht : C:\Users\Vetti1204\AppData\Roaming\SpeedAnalysis3
Ordner Gelöscht : C:\Users\Vetti1204\AppData\Roaming\WinZipper
Ordner Gelöscht : C:\Users\Vetti1204\Documents\optimizer pro
Ordner Gelöscht : C:\Users\Vetti1204\AppData\Roaming\Mozilla\Firefox\Profiles\3jtkfm5r.default\Extensions\128
Ordner Gelöscht : C:\Users\Vetti1204\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Ordner Gelöscht : C:\Users\Vetti1204\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjajpkikblccgefaibcafkfbanllpefi
Ordner Gelöscht : C:\Users\Vetti1204\AppData\Local\Google\Chrome\User Data\Default\Extensions\nchpfiddbhbdnagofhkjlaiaejmkdcla
Datei Gelöscht : C:\Users\Vetti1204\AppData\Roaming\Mozilla\Firefox\Profiles\3jtkfm5r.default\Extensions\pricepeep@getpricepeep.com.xpi
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\Vetti1204\AppData\Roaming\speedanalysis.ico
Datei Gelöscht : C:\Users\Vetti1204\Desktop\SpeedAnalysis.lnk
Datei Gelöscht : C:\Users\Vetti1204\AppData\Roaming\Mozilla\Firefox\Profiles\3jtkfm5r.default\invalidprefs.js
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\qvo6.xml
Datei Gelöscht : C:\Users\Vetti1204\AppData\Roaming\Mozilla\Firefox\Profiles\3jtkfm5r.default\searchplugins\searchgol.xml
Datei Gelöscht : C:\Users\Vetti1204\AppData\Roaming\Mozilla\Firefox\Profiles\3jtkfm5r.default\user.js
Datei Gelöscht : C:\Windows\System32\Tasks\Omiga Plus RunAsStdUser

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\Users\Vetti1204\Desktop\Search.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\Users\Vetti1204\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Vetti1204\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\gjajpkikblccgefaibcafkfbanllpefi
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\9e8f88e16aba40
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CF699CA-2174-4ED8-BEC1-BA82095EDCE0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CF699CA-2174-4ED8-BEC1-BA82095EDCE0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A66261FC-B82E-4EC7-9F6D-C2F36B871DF0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FF103732-4528-4322-AA8B-F7849AB7776B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0923E315-2D8B-48CE-A37C-AE9A42F9711C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1A1BBE49-C6F1-40EA-9D2F-262F0AF6DDE3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2022154E-7E3E-4809-871E-1B45A6FC7058}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{292ECB89-350E-45D2-816F-52C15305B144}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{36CC2180-B6BF-4951-9578-6B0C40044AAA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{44A36944-22C6-4A08-BC7C-161F3E540DBF}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6247DD2C-8CF9-4041-A235-93691D71B8B4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{835BED79-DF7E-4096-B355-ED43FA2EA87B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8E863BD6-50DE-47D0-A6F1-3C1F6DB72451}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9DD36F1E-5111-41C5-ADED-A2A11A2FF3E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A2FB8217-E320-434E-BA79-513E357AD54F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A9CEBBF4-9129-479A-9231-E833ED3D3A8F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AFD4D1F9-167C-4884-95AE-B5A9797B0D16}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C47788B1-9604-4D7A-A684-F4D450F2D7D2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{CA3B41D0-D4C1-4808-B248-75DA27238828}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D4A2FF6C-087F-4D40-8DFE-92AAD484BFB8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D88B9D5C-A9CF-4C69-906D-1CCA5D85A2EF}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F83AF01C-AA2F-469F-8BE7-D178FB15FD07}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\DataMngr
[#] Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\filescout
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\InstalledThirdPartyPrograms
Schlüssel Gelöscht : HKCU\Software\performersoft llc
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\Software\Desksvc
Schlüssel Gelöscht : HKLM\Software\omigaplusSvc
Schlüssel Gelöscht : HKLM\Software\qvo6Software
Schlüssel Gelöscht : HKLM\Software\V9
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DomaIQ
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16688


-\\ Mozilla Firefox v24.0 (de)

[ Datei : C:\Users\Vetti1204\AppData\Roaming\Mozilla\Firefox\Profiles\3jtkfm5r.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.crossrider.bic", "1418546ec626f049e16e2201be23b94f");
Zeile gelöscht : user_pref("extensions.delta.admin", false);
Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.dfltLng", "de");
Zeile gelöscht : user_pref("extensions.delta.excTlbr", false);
Zeile gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Zeile gelöscht : user_pref("extensions.delta.id", "b8aaeff1000000000000de85de56cacc");
Zeile gelöscht : user_pref("extensions.delta.instlDay", "15982");
Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.delta.newTab", false);
Zeile gelöscht : user_pref("extensions.delta.prdct", "delta");
Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Zeile gelöscht : user_pref("extensions.delta.rvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.24.6");
Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.24.623:01:13");
Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.24.6");
Zeile gelöscht : user_pref("extensions.delta_i.babExt", "");
Zeile gelöscht : user_pref("extensions.delta_i.babTrack", "affID=120524&tsp=5025");
Zeile gelöscht : user_pref("extensions.delta_i.srcExt", "ss");
Zeile gelöscht : user_pref("extensions.searchgol.admin", false);
Zeile gelöscht : user_pref("extensions.searchgol.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.searchgol.appId", "{4277F7CF-0000-46CF-BA49-D624465C4BAB}");
Zeile gelöscht : user_pref("extensions.searchgol.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.searchgol.dfltLng", "de");
Zeile gelöscht : user_pref("extensions.searchgol.excTlbr", false);
Zeile gelöscht : user_pref("extensions.searchgol.ffxUnstlRst", false);
Zeile gelöscht : user_pref("extensions.searchgol.id", "b8aaeff1000000000000de85de56cacc");
Zeile gelöscht : user_pref("extensions.searchgol.instlDay", "15982");
Zeile gelöscht : user_pref("extensions.searchgol.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.searchgol.newTab", false);
Zeile gelöscht : user_pref("extensions.searchgol.prdct", "searchgol");
Zeile gelöscht : user_pref("extensions.searchgol.prtnrId", "searchgol");
Zeile gelöscht : user_pref("extensions.searchgol.rvrt", "false");
Zeile gelöscht : user_pref("extensions.searchgol.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.searchgol.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.searchgol.tlbrSrchUrl", "");
Zeile gelöscht : user_pref("extensions.searchgol.vrsn", "1.8.16.19");
Zeile gelöscht : user_pref("extensions.searchgol.vrsnTs", "1.8.16.1917:17:50");
Zeile gelöscht : user_pref("extensions.searchgol.vrsni", "1.8.16.19");

-\\ Google Chrome v

[ Datei : C:\Users\Vetti1204\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [32816 octets] - [02/09/2013 18:49:55]
AdwCleaner[R1].txt - [19460 octets] - [10/10/2013 13:21:59]
AdwCleaner[S0].txt - [30196 octets] - [02/09/2013 18:51:47]
AdwCleaner[S1].txt - [17104 octets] - [10/10/2013 13:23:48]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [17165 octets] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Windows 8 x64
Ran by Vetti1204 on 10.10.2013 at 13:30:48,27
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3734775389-2830244704-707604587-1001\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\WebCakeUpdater
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\omigaplussvc



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Vetti1204\AppData\Roaming\mozilla\firefox\profiles\3jtkfm5r.default\minidumps [10 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10.10.2013 at 13:44:18,31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Vetti1204 (administrator) on VETTI on 10-10-2013 13:48:55
Running from C:\Users\Vetti1204\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Dassault Systèmes) C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Windows\system32\hkcmd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Windows\system32\igfxtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
() C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(Intel Corporation) C:\Windows\system32\igfxpers.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Farbar) C:\Users\Vetti1204\Downloads\FRST64(1).exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe

==================== Registry (Whitelisted) ==================

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Adobe Reader Synchronizer] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe [1272704 2013-09-03] (Adobe Systems Incorporated)
HKCU\...\Run: [SkyDrive] - C:\Users\Vetti1204\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-08-28] (Microsoft Corporation)
HKCU\...\Runonce: [Uninstall C:\Users\Vetti1204\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Vetti1204\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office 2010\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4851760 2013-09-15] (AVG Technologies CZ, s.r.o.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKCU - URL hxxp://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss_Btisdt7&mntrId=B8AADE85DE56CACC&affID=125035&tsp=5025
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office 2010\Office14\URLREDIR.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Vetti1204\AppData\Roaming\Mozilla\Firefox\Profiles\3jtkfm5r.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 - C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll ( )
FF SearchPlugin: C:\Users\Vetti1204\AppData\Roaming\Mozilla\Firefox\Profiles\3jtkfm5r.default\searchplugins\amazon.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: 7go - C:\Users\Vetti1204\AppData\Roaming\Mozilla\Firefox\Profiles\3jtkfm5r.default\Extensions\7go@7go.com.xpi
FF Extension: abb - C:\Users\Vetti1204\AppData\Roaming\Mozilla\Firefox\Profiles\3jtkfm5r.default\Extensions\abb@amazon.com.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKCU\...\Firefox\Extensions: [lyrix@lyrixeeker.co] - C:\Program Files (x86)\LyriXeeker\128.xpi

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [epojlgbehpaeekopencdagbdamnkppci] - C:\Program Files (x86)\LyriXeeker\128.crx

==================== Services (Whitelisted) =================

R3 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3538480 2013-09-03] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-22] (AVG Technologies CZ, s.r.o.)
R2 DraftSight API Service; C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [123392 2013-08-30] (Dassault Systèmes)
R3 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R3 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office 2010\Office14\GROOVE.EXE [30785672 2012-09-20] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
S2 vToolbarUpdater15.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [x]

==================== Drivers (Whitelisted) ====================

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-01-16] (ASUS Corporation)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20912 2012-10-26] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [147768 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [241464 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192824 2013-09-02] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-08] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [252728 2013-07-24] (AVG Technologies CZ, s.r.o.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6835784 2013-05-31] (Broadcom Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [92376 2013-10-10] (MalwareBytes)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [92376 2013-10-10] (MalwareBytes)
U0 msahci; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-10 13:48 - 2013-10-10 13:48 - 00041504 _____ C:\Users\Vetti1204\Desktop\FRST.txt
2013-10-10 13:46 - 2013-10-10 13:46 - 01954124 _____ (Farbar) C:\Users\Vetti1204\Downloads\FRST64(1).exe
2013-10-10 13:44 - 2013-10-10 13:44 - 00001294 _____ C:\Users\Vetti1204\Desktop\JRT.txt
2013-10-10 13:30 - 2013-10-10 13:30 - 00000000 ____D C:\Windows\ERUNT
2013-10-10 13:19 - 2013-10-10 13:19 - 01048960 _____ C:\Users\Vetti1204\Downloads\adwcleaner.exe
2013-10-10 13:19 - 2013-10-10 13:19 - 01032220 _____ (Thisisu) C:\Users\Vetti1204\Downloads\JRT.exe
2013-10-10 10:42 - 2013-10-10 10:42 - 00092376 _____ (MalwareBytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-10-10 10:01 - 2013-10-10 10:42 - 00000000 ____D C:\Users\Vetti1204\Desktop\mbar
2013-10-10 10:00 - 2013-10-10 10:01 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Vetti1204\Desktop\mbar-1.07.0.1005.exe
2013-10-10 09:51 - 2013-10-10 09:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-08 19:48 - 2013-10-08 19:48 - 00000000 ____D C:\Users\Vetti1204\AppData\Roaming\AVG2014
2013-10-08 19:47 - 2013-10-08 19:47 - 00000983 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-10-08 19:46 - 2013-10-08 19:48 - 00000000 ____D C:\ProgramData\AVG2014
2013-10-08 19:46 - 2013-10-08 19:46 - 00000000 ___HD C:\$AVG
2013-10-08 19:46 - 2013-10-08 19:46 - 00000000 ____D C:\Program Files (x86)\AVG
2013-10-08 19:39 - 2013-10-08 20:01 - 00000000 ____D C:\Users\Vetti1204\AppData\Local\Avg2014
2013-10-08 19:37 - 2013-10-08 19:37 - 04425448 _____ (AVG Technologies) C:\Users\Vetti1204\Downloads\avg_free_stb_all_2014_4116.exe
2013-10-08 18:16 - 2013-10-08 18:30 - 00023645 _____ C:\Users\Vetti1204\Downloads\Addition.txt
2013-10-08 18:13 - 2013-10-08 18:13 - 01954124 _____ (Farbar) C:\Users\Vetti1204\Downloads\FRST64.exe
2013-10-08 18:13 - 2013-10-08 18:13 - 00000000 ____D C:\FRST
2013-10-08 18:12 - 2013-10-08 18:12 - 01087213 _____ (Farbar) C:\Users\Vetti1204\Downloads\FRST(1).exe
2013-10-08 18:01 - 2013-10-08 18:01 - 01087213 _____ (Farbar) C:\Users\Vetti1204\Downloads\FRST.exe
2013-10-06 12:45 - 2013-10-10 10:51 - 00007980 _____ C:\Windows\PFRO.log
2013-10-06 12:40 - 2013-10-06 12:40 - 00000000 ____D C:\Users\Vetti1204\AppData\Roaming\337 Wallpaper
2013-10-04 22:58 - 2013-10-04 22:58 - 00181296 _____ C:\Users\Vetti1204\Downloads\Setup.exe
2013-10-04 17:16 - 2013-10-06 12:36 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals
2013-10-04 17:15 - 2013-10-04 17:17 - 25842736 _____ (Microsoft Corporation) C:\Users\Vetti1204\Downloads\Media-Player.exe
2013-10-04 17:15 - 2013-10-04 17:15 - 00598424 _____ C:\Users\Vetti1204\Downloads\Media-Player(1).exe
2013-10-04 17:13 - 2013-10-04 17:19 - 00001805 _____ C:\Windows\wmsetup.log
2013-10-04 17:11 - 2013-10-04 17:13 - 25842736 _____ (Microsoft Corporation) C:\Users\Vetti1204\Downloads\wmp11-windowsxp-x86-DE-DE.exe
2013-10-03 20:26 - 2013-10-03 20:26 - 00000000 _____ C:\Windows\setuperr.log
2013-10-03 20:26 - 2013-10-03 20:26 - 00000000 _____ C:\Windows\setupact.log
2013-10-02 13:15 - 2013-10-02 13:15 - 00000000 ____D C:\ProgramData\HP
2013-09-20 10:41 - 2013-09-20 10:41 - 00029977 _____ C:\Users\Vetti1204\Downloads\webacc.htm
2013-09-19 13:12 - 2013-09-19 13:12 - 00000000 ____D C:\Users\Vetti1204\AppData\Local\CrashRpt
2013-09-19 13:08 - 2013-09-19 13:08 - 00000000 ____D C:\Users\Vetti1204\Documents\My Drawings
2013-09-19 13:06 - 2013-09-19 13:06 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared
2013-09-19 13:04 - 2013-09-19 13:08 - 00000000 ____D C:\Users\Vetti1204\AppData\Roaming\DraftSight
2013-09-19 13:04 - 2013-09-19 13:04 - 00002761 _____ C:\Users\Public\Desktop\DraftSight x64.lnk
2013-09-19 13:03 - 2013-09-19 13:03 - 00000000 ____D C:\ProgramData\Dassault Systemes
2013-09-19 13:03 - 2013-09-19 13:03 - 00000000 ____D C:\Program Files\Dassault Systemes
2013-09-19 12:52 - 2013-09-19 12:58 - 138710880 _____ (Microsoft Corporation) C:\Users\Vetti1204\Downloads\DraftSight64.exe
2013-09-18 11:12 - 2013-09-18 11:12 - 00501440 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-17 20:15 - 2013-10-10 13:23 - 00000601 _____ C:\Users\Vetti1204\Desktop\Search.lnk
2013-09-13 15:44 - 2013-09-16 10:28 - 00000000 ____D C:\Users\Vetti1204\Desktop\Silo und Brennstoffversorgung
2013-09-12 19:10 - 2013-09-12 19:10 - 00002021 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-09-12 12:15 - 2013-09-12 12:15 - 00032621 _____ C:\Users\Vetti1204\Documents\Wärmeverteilung.sdr
2013-09-11 15:42 - 2013-08-16 07:41 - 00058200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys
2013-09-11 15:42 - 2013-08-16 07:39 - 02371728 _____ (Microsoft Corporation) C:\Windows\system32\WSService.dll
2013-09-11 15:42 - 2013-08-16 07:39 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-09-11 15:42 - 2013-08-16 07:32 - 00209200 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2013-09-11 15:42 - 2013-08-16 07:22 - 04917760 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2013-09-11 15:42 - 2013-08-16 07:22 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-09-11 15:42 - 2013-08-16 07:21 - 03275776 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-09-11 15:42 - 2013-08-16 07:21 - 01621504 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-09-11 15:42 - 2013-08-16 07:21 - 01164288 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2013-09-11 15:42 - 2013-08-16 07:21 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-09-11 15:42 - 2013-08-16 07:21 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2013-09-11 15:42 - 2013-08-16 07:21 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2013-09-11 15:42 - 2013-08-16 07:21 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2013-09-11 15:42 - 2013-08-16 07:21 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\WSClient.dll
2013-09-11 15:42 - 2013-08-16 07:21 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2013-09-11 15:42 - 2013-08-16 07:21 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\WSSync.dll
2013-09-11 15:42 - 2013-08-16 07:21 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2013-09-11 15:42 - 2013-08-16 07:21 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-09-11 15:42 - 2013-08-16 07:21 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-09-11 15:42 - 2013-08-16 07:21 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\sppc.dll
2013-09-11 15:42 - 2013-08-16 07:21 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-09-11 15:42 - 2013-08-16 07:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\setupcln.dll
2013-09-11 15:42 - 2013-08-16 07:21 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2013-09-11 15:42 - 2013-08-16 07:21 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2013-09-11 15:42 - 2013-08-16 07:20 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2013-09-11 15:42 - 2013-08-16 00:43 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-09-11 15:42 - 2013-08-16 00:43 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2013-09-11 15:42 - 2013-08-16 00:43 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSClient.dll
2013-09-11 15:42 - 2013-08-16 00:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSSync.dll
2013-09-11 15:42 - 2013-08-16 00:43 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2013-09-11 15:42 - 2013-08-16 00:43 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-09-11 15:42 - 2013-08-16 00:43 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-09-11 15:42 - 2013-08-16 00:43 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-09-11 15:42 - 2013-08-16 00:43 - 00083968 _____ C:\Windows\SysWOW64\OEMLicense.dll
2013-09-11 15:42 - 2013-08-16 00:43 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-09-11 15:42 - 2013-08-16 00:43 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2013-09-11 15:42 - 2013-08-16 00:42 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppc.dll
2013-09-11 15:42 - 2013-08-16 00:42 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupcln.dll
2013-09-11 15:41 - 2013-08-21 06:11 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-11 15:41 - 2013-08-21 06:11 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-11 15:41 - 2013-08-21 06:11 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-11 15:41 - 2013-08-21 04:05 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-11 15:40 - 2013-08-21 06:12 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-11 15:40 - 2013-08-21 06:12 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-11 15:40 - 2013-08-21 06:11 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-11 15:40 - 2013-08-21 06:11 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-11 15:40 - 2013-08-21 06:11 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-09-11 15:40 - 2013-08-21 06:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-11 15:40 - 2013-08-21 06:11 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-11 15:40 - 2013-08-21 06:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-11 15:40 - 2013-08-21 06:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-11 15:40 - 2013-08-21 06:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2013-09-11 15:40 - 2013-08-21 06:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-11 15:40 - 2013-08-21 06:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-11 15:40 - 2013-08-21 04:34 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-11 15:40 - 2013-08-21 04:06 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-11 15:40 - 2013-08-21 04:06 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-11 15:40 - 2013-08-21 04:06 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-09-11 15:40 - 2013-08-21 04:05 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-11 15:40 - 2013-08-21 04:05 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-11 15:40 - 2013-08-21 04:05 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-11 15:40 - 2013-08-21 04:05 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-11 15:40 - 2013-08-21 04:05 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-11 15:40 - 2013-08-21 04:05 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-11 15:40 - 2013-08-21 04:05 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-11 15:40 - 2013-08-21 04:05 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-11 15:40 - 2013-08-21 04:05 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-11 15:40 - 2013-08-21 03:43 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-11 15:40 - 2013-08-21 01:52 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2013-09-11 15:40 - 2013-08-07 07:15 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2013-09-11 15:40 - 2013-08-03 06:30 - 04038144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-11 15:40 - 2013-07-09 10:04 - 00120144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpioclx.sys
2013-09-11 15:40 - 2013-07-09 08:18 - 00439488 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2013-09-11 15:40 - 2013-07-09 06:25 - 00385768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2013-09-11 15:40 - 2013-07-09 05:57 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LocationApi.dll
2013-09-11 15:40 - 2013-07-09 00:46 - 00543744 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
2013-09-11 15:40 - 2013-07-09 00:46 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2013-09-11 15:40 - 2013-07-09 00:46 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Wwanadvui.dll
2013-09-11 15:40 - 2013-07-09 00:45 - 00312832 _____ (Microsoft Corporation) C:\Windows\system32\LocationApi.dll
2013-09-11 15:40 - 2013-07-06 02:16 - 01025024 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2013-09-11 15:40 - 2013-07-03 02:23 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2013-09-11 15:40 - 2013-07-03 02:23 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll
2013-09-11 15:40 - 2013-07-03 02:22 - 02839552 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2013-09-11 15:40 - 2013-07-03 02:22 - 01300480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-09-11 15:40 - 2013-07-03 02:11 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2013-09-11 15:40 - 2013-07-03 02:11 - 00268800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2013-09-11 15:40 - 2013-07-03 02:10 - 02273792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2013-09-11 15:40 - 2013-07-02 00:08 - 00387583 _____ C:\Windows\system32\ApnDatabase.xml
2013-09-11 15:40 - 2013-07-01 00:30 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\openfiles.exe
2013-09-11 15:40 - 2013-07-01 00:29 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\openfiles.exe
2013-09-11 15:40 - 2013-06-29 08:15 - 00195416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2013-09-11 15:40 - 2013-06-29 08:15 - 00125784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2013-09-11 15:40 - 2013-06-29 07:43 - 00327512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2013-09-11 15:40 - 2013-06-29 03:12 - 01022464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-09-11 15:40 - 2013-06-26 05:01 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2013-09-11 15:40 - 2013-06-26 04:59 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys
2013-09-11 15:40 - 2013-06-25 00:54 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-09-11 15:40 - 2013-06-25 00:54 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2013-09-11 15:40 - 2013-06-25 00:54 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2013-09-11 15:40 - 2013-06-19 07:36 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\winmmbase.dll
2013-09-11 15:40 - 2013-06-19 07:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\winmm.dll
2013-09-11 15:40 - 2013-06-19 00:38 - 00160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmmbase.dll
2013-09-11 15:40 - 2013-06-19 00:38 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll
2013-09-11 15:40 - 2013-06-12 01:43 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2013-09-11 15:40 - 2013-06-12 01:26 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2013-09-11 15:40 - 2013-06-10 23:17 - 00096512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2013-09-11 15:40 - 2013-06-10 21:16 - 00888832 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-09-11 15:40 - 2013-06-10 21:15 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-09-11 15:40 - 2013-06-10 21:15 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2013-09-11 15:40 - 2013-06-10 21:15 - 00381952 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-09-11 15:40 - 2013-06-10 21:10 - 00702464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-09-11 15:40 - 2013-06-10 21:10 - 00245248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-09-11 15:40 - 2013-06-06 10:03 - 00119040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS

==================== One Month Modified Files and Folders =======

2013-10-10 13:48 - 2013-10-10 13:48 - 00041504 _____ C:\Users\Vetti1204\Desktop\FRST.txt
2013-10-10 13:46 - 2013-10-10 13:46 - 01954124 _____ (Farbar) C:\Users\Vetti1204\Downloads\FRST64(1).exe
2013-10-10 13:44 - 2013-10-10 13:44 - 00001294 _____ C:\Users\Vetti1204\Desktop\JRT.txt
2013-10-10 13:41 - 2013-08-25 06:29 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3734775389-2830244704-707604587-1001
2013-10-10 13:30 - 2013-10-10 13:30 - 00000000 ____D C:\Windows\ERUNT
2013-10-10 13:30 - 2012-08-03 01:02 - 00753134 _____ C:\Windows\system32\perfh007.dat
2013-10-10 13:30 - 2012-08-03 01:02 - 00155826 _____ C:\Windows\system32\perfc007.dat
2013-10-10 13:30 - 2012-07-26 09:28 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-10 13:27 - 2013-08-25 06:24 - 00000062 _____ C:\Users\Vetti1204\AppData\Roaming\sp_data.sys
2013-10-10 13:27 - 2013-05-31 19:02 - 00003542 _____ C:\Windows\System32\Tasks\ASUS Touchpad Launcher (x64)
2013-10-10 13:27 - 2013-05-31 19:02 - 00003052 _____ C:\Windows\System32\Tasks\ASUS P4G
2013-10-10 13:27 - 2013-05-31 19:02 - 00003004 _____ C:\Windows\System32\Tasks\ASUS Splendid ColorU
2013-10-10 13:27 - 2013-05-31 19:02 - 00002988 _____ C:\Windows\System32\Tasks\ASUS Splendid ACMON
2013-10-10 13:27 - 2013-05-31 19:00 - 00003024 _____ C:\Windows\System32\Tasks\ASUS USB Charger Plus
2013-10-10 13:27 - 2013-05-31 18:59 - 00003114 _____ C:\Windows\System32\Tasks\ASUS Live Update
2013-10-10 13:26 - 2013-08-25 18:43 - 00000484 _____ C:\Windows\Tasks\SDMsgUpdate (TE).job
2013-10-10 13:26 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-10 13:25 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-10-10 13:24 - 2013-09-02 18:49 - 00000000 ____D C:\AdwCleaner
2013-10-10 13:23 - 2013-09-17 20:15 - 00000601 _____ C:\Users\Vetti1204\Desktop\Search.lnk
2013-10-10 13:23 - 2013-08-25 06:23 - 00001005 _____ C:\Users\Vetti1204\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-10-10 13:23 - 2013-08-24 23:05 - 00001051 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-10-10 13:19 - 2013-10-10 13:19 - 01048960 _____ C:\Users\Vetti1204\Downloads\adwcleaner.exe
2013-10-10 13:19 - 2013-10-10 13:19 - 01032220 _____ (Thisisu) C:\Users\Vetti1204\Downloads\JRT.exe
2013-10-10 13:00 - 2013-08-25 00:22 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-10 13:00 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru
2013-10-10 12:52 - 2013-09-08 11:40 - 01634009 _____ C:\Windows\WindowsUpdate.log
2013-10-10 11:28 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-10-10 10:51 - 2013-10-06 12:45 - 00007980 _____ C:\Windows\PFRO.log
2013-10-10 10:42 - 2013-10-10 10:42 - 00092376 _____ (MalwareBytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-10-10 10:42 - 2013-10-10 10:01 - 00000000 ____D C:\Users\Vetti1204\Desktop\mbar
2013-10-10 10:36 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\security
2013-10-10 10:01 - 2013-10-10 10:00 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Vetti1204\Desktop\mbar-1.07.0.1005.exe
2013-10-10 09:51 - 2013-10-10 09:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-10 09:43 - 2013-08-24 23:35 - 00000000 ____D C:\ProgramData\MFAData
2013-10-08 20:01 - 2013-10-08 19:39 - 00000000 ____D C:\Users\Vetti1204\AppData\Local\Avg2014
2013-10-08 20:01 - 2013-08-25 00:22 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-08 19:53 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
2013-10-08 19:48 - 2013-10-08 19:48 - 00000000 ____D C:\Users\Vetti1204\AppData\Roaming\AVG2014
2013-10-08 19:48 - 2013-10-08 19:46 - 00000000 ____D C:\ProgramData\AVG2014
2013-10-08 19:47 - 2013-10-08 19:47 - 00000983 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-10-08 19:47 - 2012-07-26 10:12 - 00000000 ___HD C:\Windows\ELAMBKUP
2013-10-08 19:46 - 2013-10-08 19:46 - 00000000 ___HD C:\$AVG
2013-10-08 19:46 - 2013-10-08 19:46 - 00000000 ____D C:\Program Files (x86)\AVG
2013-10-08 19:38 - 2013-08-25 06:21 - 00000000 ____D C:\Users\Vetti1204
2013-10-08 19:37 - 2013-10-08 19:37 - 04425448 _____ (AVG Technologies) C:\Users\Vetti1204\Downloads\avg_free_stb_all_2014_4116.exe
2013-10-08 18:30 - 2013-10-08 18:16 - 00023645 _____ C:\Users\Vetti1204\Downloads\Addition.txt
2013-10-08 18:13 - 2013-10-08 18:13 - 01954124 _____ (Farbar) C:\Users\Vetti1204\Downloads\FRST64.exe
2013-10-08 18:13 - 2013-10-08 18:13 - 00000000 ____D C:\FRST
2013-10-08 18:12 - 2013-10-08 18:12 - 01087213 _____ (Farbar) C:\Users\Vetti1204\Downloads\FRST(1).exe
2013-10-08 18:01 - 2013-10-08 18:01 - 01087213 _____ (Farbar) C:\Users\Vetti1204\Downloads\FRST.exe
2013-10-08 16:49 - 2013-08-24 23:19 - 00000000 ____D C:\ProgramData\WinZip
2013-10-06 12:40 - 2013-10-06 12:40 - 00000000 ____D C:\Users\Vetti1204\AppData\Roaming\337 Wallpaper
2013-10-06 12:39 - 2013-08-25 06:23 - 00000000 ___RD C:\Users\Vetti1204\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-06 12:36 - 2013-10-04 17:16 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals
2013-10-04 22:58 - 2013-10-04 22:58 - 00181296 _____ C:\Users\Vetti1204\Downloads\Setup.exe
2013-10-04 17:19 - 2013-10-04 17:13 - 00001805 _____ C:\Windows\wmsetup.log
2013-10-04 17:17 - 2013-10-04 17:15 - 25842736 _____ (Microsoft Corporation) C:\Users\Vetti1204\Downloads\Media-Player.exe
2013-10-04 17:15 - 2013-10-04 17:15 - 00598424 _____ C:\Users\Vetti1204\Downloads\Media-Player(1).exe
2013-10-04 17:13 - 2013-10-04 17:11 - 25842736 _____ (Microsoft Corporation) C:\Users\Vetti1204\Downloads\wmp11-windowsxp-x86-DE-DE.exe
2013-10-03 20:26 - 2013-10-03 20:26 - 00000000 _____ C:\Windows\setuperr.log
2013-10-03 20:26 - 2013-10-03 20:26 - 00000000 _____ C:\Windows\setupact.log
2013-10-02 17:29 - 2013-08-24 23:05 - 00000000 ____D C:\Users\Vetti1204\AppData\Local\Mozilla
2013-10-02 17:29 - 2013-08-24 23:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-02 13:20 - 2013-08-25 06:21 - 00000000 ____D C:\Users\Vetti1204\AppData\Local\Packages
2013-10-02 13:15 - 2013-10-02 13:15 - 00000000 ____D C:\ProgramData\HP
2013-09-30 17:30 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-09-26 19:39 - 2013-08-28 08:32 - 00000000 ___RD C:\Users\Vetti1204\SkyDrive
2013-09-20 10:41 - 2013-09-20 10:41 - 00029977 _____ C:\Users\Vetti1204\Downloads\webacc.htm
2013-09-19 13:33 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache
2013-09-19 13:27 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\WinStore
2013-09-19 13:27 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-09-19 13:12 - 2013-09-19 13:12 - 00000000 ____D C:\Users\Vetti1204\AppData\Local\CrashRpt
2013-09-19 13:08 - 2013-09-19 13:08 - 00000000 ____D C:\Users\Vetti1204\Documents\My Drawings
2013-09-19 13:08 - 2013-09-19 13:04 - 00000000 ____D C:\Users\Vetti1204\AppData\Roaming\DraftSight
2013-09-19 13:06 - 2013-09-19 13:06 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared
2013-09-19 13:04 - 2013-09-19 13:04 - 00002761 _____ C:\Users\Public\Desktop\DraftSight x64.lnk
2013-09-19 13:03 - 2013-09-19 13:03 - 00000000 ____D C:\ProgramData\Dassault Systemes
2013-09-19 13:03 - 2013-09-19 13:03 - 00000000 ____D C:\Program Files\Dassault Systemes
2013-09-19 12:58 - 2013-09-19 12:52 - 138710880 _____ (Microsoft Corporation) C:\Users\Vetti1204\Downloads\DraftSight64.exe
2013-09-19 01:26 - 2013-08-28 07:15 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-19 01:26 - 2013-08-28 07:15 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-18 11:12 - 2013-09-18 11:12 - 00501440 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-18 11:10 - 2012-07-26 11:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-09-18 11:10 - 2012-07-26 11:43 - 00000000 ____D C:\Windows\SysWOW64\winrm
2013-09-18 11:10 - 2012-07-26 11:43 - 00000000 ____D C:\Windows\SysWOW64\sysprep
2013-09-18 11:10 - 2012-07-26 11:43 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2013-09-18 11:10 - 2012-07-26 11:43 - 00000000 ____D C:\Windows\en-GB
2013-09-18 11:10 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2013-09-18 11:10 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\SysWOW64\en-GB
2013-09-18 11:10 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-09-18 11:10 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Defender
2013-09-18 11:10 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Common Files\System
2013-09-18 11:10 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-09-18 11:10 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-09-18 11:10 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\SysWOW64\oobe
2013-09-18 11:09 - 2012-07-26 11:43 - 00000000 ____D C:\Windows\SysWOW64\WCN
2013-09-18 11:09 - 2012-07-26 11:43 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2013-09-18 11:09 - 2012-07-26 11:43 - 00000000 ____D C:\Windows\system32\winrm
2013-09-18 11:09 - 2012-07-26 11:43 - 00000000 ____D C:\Windows\system32\slmgr
2013-09-18 11:09 - 2012-07-26 10:12 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2013-09-18 11:09 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\SysWOW64\MUI
2013-09-18 11:09 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\SysWOW64\Com
2013-09-18 11:09 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\migwiz
2013-09-18 11:09 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\en-GB
2013-09-18 11:09 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\SysWOW64\Dism
2013-09-18 11:09 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\system32\Sysprep
2013-09-18 11:09 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\system32\oobe
2013-09-18 11:07 - 2012-07-26 11:43 - 00000000 ____D C:\Windows\system32\WCN
2013-09-18 11:07 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\MUI
2013-09-18 11:07 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\system32\Dism
2013-09-18 11:06 - 2012-07-26 11:43 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2013-09-18 11:06 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\SystemResetPlatform
2013-09-18 11:06 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\Com
2013-09-16 11:53 - 2013-08-25 17:57 - 00000000 ____D C:\Users\Vetti1204\AppData\Local\Microsoft Help
2013-09-16 10:28 - 2013-09-13 15:44 - 00000000 ____D C:\Users\Vetti1204\Desktop\Silo und Brennstoffversorgung
2013-09-12 19:10 - 2013-09-12 19:10 - 00002021 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-09-12 12:15 - 2013-09-12 12:15 - 00032621 _____ C:\Users\Vetti1204\Documents\Wärmeverteilung.sdr
2013-09-11 16:04 - 2013-08-25 17:57 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-11 15:55 - 2013-08-27 13:10 - 00000000 ____D C:\Windows\system32\MRT
2013-09-11 15:52 - 2013-08-27 13:10 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\Users\Public\AlexaNSISPlugin.2512.dll


Some content of TEMP:
====================
C:\Users\Vetti1204\AppData\Local\Temp\BackupSetup.exe
C:\Users\Vetti1204\AppData\Local\Temp\pricepeep_1.exe
C:\Users\Vetti1204\AppData\Local\Temp\Quarantine.exe
C:\Users\Vetti1204\AppData\Local\Temp\Setup.exe
C:\Users\Vetti1204\AppData\Local\Temp\uninst1.exe
C:\Users\Vetti1204\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-10 12:22

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013
Ran by Vetti1204 at 2013-10-10 13:49:51
Running from C:\Users\Vetti1204\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

7-Zip 9.20 (x32)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader X (10.1.8) MUI (x32 Version: 10.1.8)
Alcor Micro USB Card Reader (x32 Version: 3.4.117.01527)
ASUS Instant Connect (x32 Version: 1.2.8)
ASUS InstantOn (x32 Version: 3.0.5)
ASUS LifeFrame3 (x32 Version: 3.1.13)
ASUS Live Update (x32 Version: 3.1.8)
ASUS Power4Gear Hybrid (Version: 2.1.7)
ASUS Screen Saver (Version: 1.0.1)
ASUS Smart Gesture (x32 Version: 1.1.3)
ASUS Splendid Video Enhancement Technology (x32 Version: 2.01.0002)
ASUS Tutor (x32 Version: 1.0.8)
ASUS USB Charger Plus (x32 Version: 2.1.5)
ASUS WebStorage Sync Agent (x32 Version: 1.1.10.123)
ASUS X201 Product Demo (x32 Version: 1.0.0)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.1.0.7)
ATK Package (x32 Version: 1.0.0027)
AVG 2014 (Version: 14.0.3609)
AVG 2014 (Version: 14.0.4142)
AVG 2014 (Version: 2014.0.4142)
Broadcom 802.11 Network Adapter (Version: 6.30.59.91)
CCleaner (Version: 4.04)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
DraftSight x64 (Version: 11.0.1258)
Fotogalerie (x32 Version: 16.4.3505.0912)
Galerie de photos (x32 Version: 16.4.3505.0912)
Intel(R) Management Engine Components (x32 Version: 8.1.0.1252)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2875)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
Lightspark 0.5.3-git (x32 Version: 0.5.3-git)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office (x32 Version: 15.0.4420.1017)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft SkyDrive (HKCU Version: 17.0.2015.0811)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (x32 Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (x32 Version: 9.0.30729)
Movie Maker (x32 Version: 16.4.3505.0912)
Mozilla Firefox 24.0 (x86 de) (x32 Version: 24.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MyBitCast 2.0 (x32 Version: 2.0)
PDF24 Creator 5.7.0 (x32)
Photo Common (x32 Version: 16.4.3505.0912)
Photo Gallery (x32 Version: 16.4.3505.0912)
Raccolta foto (x32 Version: 16.4.3505.0912)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6798)
Rossmann Fotowelt Software 4.12.1 (x32 Version: 4.12.1)
Shared C Run-time for x64 (Version: 10.0.0)
SmartDraw 2010 (HKCU)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1)
Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1)
VLC media player 2.0.8 (x32 Version: 2.0.8)
Windows Driver Package - ASUS (ATP) Mouse  (01/10/2013 1.0.0.170) (Version: 01/10/2013 1.0.0.170)
Windows Live (x32 Version: 16.4.3505.0912)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912)
Windows Live Essentials (x32 Version: 16.4.3505.0912)
Windows Live Installer (x32 Version: 16.4.3505.0912)
Windows Live Photo Common (x32 Version: 16.4.3505.0912)
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912)
Windows Live SOXE (x32 Version: 16.4.3505.0912)
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912)
Windows Live UX Platform (x32 Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912)
WinFlash (x32 Version: 2.41.1)

==================== Restore Points  =========================

06-10-2013 10:51:21 Windows Update
08-10-2013 14:42:26 WinZip 17.5 wird installiert
10-10-2013 08:33:17 Malwarebytes Anti-Rootkit Restore Point

==================== Hosts content: ==========================

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0476A34D-6CED-4071-8138-17DA76E4DCF9} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
Task: {2438D0EE-8661-4497-BC3A-83F4C9220C51} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-10-24] (ASUS)
Task: {293CBF78-BDE3-4D71-8A6E-18A271708D4C} - \DealPlyLiveUpdateTaskMachineCore No Task File
Task: {37BBAFAA-EA97-433B-AE72-0536C970D83E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {39284A9D-761F-4139-9536-E0F3D3334838} - \AmiUpdXp No Task File
Task: {4749E87F-CF47-4A34-9381-92A8EBFA1765} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-07-25] (ASUSTeK Computer Inc.)
Task: {48F606F5-E2BF-49BF-9C38-2558E97B2721} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {498112DE-2961-4C44-9990-813E7F154683} - \DealPlyLiveUpdateTaskMachineUA No Task File
Task: {66C21A8C-66CC-44F6-AD93-E097CF3C9449} - System32\Tasks\SDMsgUpdate (TE) => C:\Program Files (x86)\SmartDraw 2010\Messages\SDNotify.exe [2009-07-08] ()
Task: {704D7F30-76A3-46A6-A789-6D4A6B733439} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {7101BCAB-6894-45DE-AA34-7EDBD11A471C} - \DSite No Task File
Task: {8882D26C-2CA1-4EDC-9003-BACDCBDBB3C7} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2012-11-27] (Microsoft Corporation)
Task: {8CC3C6E7-A416-4DAC-B67F-64C5BA3A2A7B} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe
Task: {ACBAB246-2FBE-4141-A600-04A2CACC6D60} - \Omiga Plus RunAsStdUser No Task File
Task: {B3FD219E-8BCF-48D3-8A3B-8DDCEC99DC57} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {B624C6C9-D313-4E7F-B9D4-59FF45389D86} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2012-11-29] ()
Task: {D6DA5F42-A44E-4467-93AA-52CE4D18B765} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: {DF5DEC72-66AE-4CC7-A98E-570472FB7237} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-01-16] (AsusTek)
Task: {DF774A91-7016-46D2-BE1F-4A10FCFC9D7D} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2012-11-29] (ASUS)
Task: {F9C23992-19AC-4BAA-81EE-C1128C96A5C2} - \Dealply No Task File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\SDMsgUpdate (TE).job => C:\PROGRA~2\SMARTD~1\Messages\SDNotify.exe

==================== Loaded Modules (whitelisted) =============

2013-08-27 18:30 - 2013-08-27 18:30 - 01322496 _____ () C:\Program Files\Dassault Systemes\DraftSight\bin\QtNetwork4.dll
2013-08-27 18:30 - 2013-08-27 18:30 - 00548864 _____ () C:\Program Files\Dassault Systemes\DraftSight\bin\QtXml4.dll
2013-08-27 18:32 - 2013-08-27 18:32 - 03466240 _____ () C:\Program Files\Dassault Systemes\DraftSight\bin\QtCore4.dll
2012-07-26 11:48 - 2012-07-26 11:46 - 00170864 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-08-24 18:26 - 2012-08-24 18:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2013-01-25 09:30 - 2012-11-02 09:19 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll
2011-03-17 00:07 - 2011-03-17 00:07 - 04297568 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-05-31 18:53 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-08-24 23:05 - 2013-10-02 17:28 - 03279768 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows\system32\Drivers\dxgprooz.sys:changelist

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 58%
Total physical RAM: 1931.61 MB
Available physical RAM: 801.27 MB
Total Pagefile: 3339.61 MB
Available Pagefile: 2024.58 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:119.24 GB) (Free:72.5 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:157.55 GB) (Free:155.98 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: F7791DB4)

Partition: GPT Partition Type
==================== End Of Log ============================
         

Alt 10.10.2013, 15:11   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Zip- Datei in Spam-mail geöffnet - Standard

Zip- Datei in Spam-mail geöffnet



Hm...bitte adwCleaner und JRT nochmal neu runterladen und ausführen
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.10.2013, 16:30   #13
vetti
 
Zip- Datei in Spam-mail geöffnet - Standard

Zip- Datei in Spam-mail geöffnet



Code:
ATTFilter
# AdwCleaner v3.007 - Bericht erstellt am 10/10/2013 um 17:11:08
# Updated 09/10/2013 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : Vetti1204 - VETTI
# Gestartet von : C:\Users\Vetti1204\Downloads\adwcleaner(1).exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Vetti1204\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjajpkikblccgefaibcafkfbanllpefi

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16688


-\\ Mozilla Firefox v24.0 (de)

[ Datei : C:\Users\Vetti1204\AppData\Roaming\Mozilla\Firefox\Profiles\3jtkfm5r.default\prefs.js ]


-\\ Google Chrome v

[ Datei : C:\Users\Vetti1204\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [32816 octets] - [02/09/2013 18:49:55]
AdwCleaner[R1].txt - [19460 octets] - [10/10/2013 13:21:59]
AdwCleaner[R2].txt - [1276 octets] - [10/10/2013 17:10:09]
AdwCleaner[S0].txt - [30196 octets] - [02/09/2013 18:51:47]
AdwCleaner[S1].txt - [17522 octets] - [10/10/2013 13:23:48]
AdwCleaner[S2].txt - [1197 octets] - [10/10/2013 17:11:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1257 octets] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Windows 8 x64
Ran by Vetti1204 on 10.10.2013 at 17:20:48,72
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Vetti1204\AppData\Roaming\mozilla\firefox\profiles\3jtkfm5r.default\minidumps [2 files]



~~~ Chrome

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Google\Chrome\Extensions\epojlgbehpaeekopencdagbdamnkppci



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10.10.2013 at 17:25:55,94
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Hast du jetzt schon was herausbekommen? Danke schonmal !

Alt 11.10.2013, 01:40   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Zip- Datei in Spam-mail geöffnet - Standard

Zip- Datei in Spam-mail geöffnet



Bitte frische FRST-Log
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.10.2013, 09:50   #15
vetti
 
Zip- Datei in Spam-mail geöffnet - Standard

Zip- Datei in Spam-mail geöffnet




FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Vetti1204 (administrator) on VETTI on 11-10-2013 10:46:33
Running from C:\Users\Vetti1204\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Dassault Systèmes) C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Windows\system32\hkcmd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Windows\system32\igfxtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
() C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Windows\system32\igfxpers.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\system32\wwahost.exe
(Microsoft Corporation) C:\Windows\system32\wwahost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Microsoft Corporation) C:\Windows\system32\backgroundTaskHost.exe
(Microsoft Corporation) C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Farbar) C:\Users\Vetti1204\Downloads\FRST64(1).exe

==================== Registry (Whitelisted) ==================

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Adobe Reader Synchronizer] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe [1272704 2013-09-03] (Adobe Systems Incorporated)
HKCU\...\Run: [SkyDrive] - C:\Users\Vetti1204\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-08-28] (Microsoft Corporation)
HKCU\...\Runonce: [Uninstall C:\Users\Vetti1204\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Vetti1204\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office 2010\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4851760 2013-09-15] (AVG Technologies CZ, s.r.o.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKCU - URL hxxp://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss_Btisdt7&mntrId=B8AADE85DE56CACC&affID=125035&tsp=5025
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office 2010\Office14\URLREDIR.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Vetti1204\AppData\Roaming\Mozilla\Firefox\Profiles\3jtkfm5r.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 - C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll ( )
FF SearchPlugin: C:\Users\Vetti1204\AppData\Roaming\Mozilla\Firefox\Profiles\3jtkfm5r.default\searchplugins\amazon.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: 7go - C:\Users\Vetti1204\AppData\Roaming\Mozilla\Firefox\Profiles\3jtkfm5r.default\Extensions\7go@7go.com.xpi
FF Extension: abb - C:\Users\Vetti1204\AppData\Roaming\Mozilla\Firefox\Profiles\3jtkfm5r.default\Extensions\abb@amazon.com.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKCU\...\Firefox\Extensions: [lyrix@lyrixeeker.co] - C:\Program Files (x86)\LyriXeeker\128.xpi

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [epojlgbehpaeekopencdagbdamnkppci] - C:\Program Files (x86)\LyriXeeker\128.crx

==================== Services (Whitelisted) =================

R3 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3538480 2013-09-03] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-22] (AVG Technologies CZ, s.r.o.)
R2 DraftSight API Service; C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [123392 2013-08-30] (Dassault Systèmes)
R3 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R3 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office 2010\Office14\GROOVE.EXE [30785672 2012-09-20] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
S2 vToolbarUpdater15.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [x]

==================== Drivers (Whitelisted) ====================

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-01-16] (ASUS Corporation)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20912 2012-10-26] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [147768 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [241464 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192824 2013-09-02] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-08] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [252728 2013-07-24] (AVG Technologies CZ, s.r.o.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6835784 2013-05-31] (Broadcom Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [92376 2013-10-10] (MalwareBytes)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [92376 2013-10-10] (MalwareBytes)
U0 msahci; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-10 17:25 - 2013-10-10 17:26 - 00000926 _____ C:\Users\Vetti1204\Desktop\JRT.txt
2013-10-10 17:06 - 2013-10-10 17:06 - 01048960 _____ C:\Users\Vetti1204\Downloads\adwcleaner(1).exe
2013-10-10 17:06 - 2013-10-10 17:06 - 01032220 _____ (Thisisu) C:\Users\Vetti1204\Downloads\JRT(1).exe
2013-10-10 13:51 - 2013-10-10 13:51 - 00013720 _____ C:\Users\Vetti1204\Desktop\Addition.txt
2013-10-10 13:48 - 2013-10-10 13:51 - 00041741 _____ C:\Users\Vetti1204\Desktop\FRST.txt
2013-10-10 13:46 - 2013-10-10 13:46 - 01954124 _____ (Farbar) C:\Users\Vetti1204\Downloads\FRST64(1).exe
2013-10-10 13:30 - 2013-10-10 13:30 - 00000000 ____D C:\Windows\ERUNT
2013-10-10 13:19 - 2013-10-10 13:19 - 01048960 _____ C:\Users\Vetti1204\Downloads\adwcleaner.exe
2013-10-10 13:19 - 2013-10-10 13:19 - 01032220 _____ (Thisisu) C:\Users\Vetti1204\Downloads\JRT.exe
2013-10-10 10:42 - 2013-10-10 10:42 - 00092376 _____ (MalwareBytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-10-10 10:01 - 2013-10-10 10:42 - 00000000 ____D C:\Users\Vetti1204\Desktop\mbar
2013-10-10 10:00 - 2013-10-10 10:01 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Vetti1204\Desktop\mbar-1.07.0.1005.exe
2013-10-10 09:51 - 2013-10-10 09:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-08 19:48 - 2013-10-08 19:48 - 00000000 ____D C:\Users\Vetti1204\AppData\Roaming\AVG2014
2013-10-08 19:47 - 2013-10-08 19:47 - 00000983 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-10-08 19:46 - 2013-10-08 19:48 - 00000000 ____D C:\ProgramData\AVG2014
2013-10-08 19:46 - 2013-10-08 19:46 - 00000000 ___HD C:\$AVG
2013-10-08 19:46 - 2013-10-08 19:46 - 00000000 ____D C:\Program Files (x86)\AVG
2013-10-08 19:39 - 2013-10-08 20:01 - 00000000 ____D C:\Users\Vetti1204\AppData\Local\Avg2014
2013-10-08 19:37 - 2013-10-08 19:37 - 04425448 _____ (AVG Technologies) C:\Users\Vetti1204\Downloads\avg_free_stb_all_2014_4116.exe
2013-10-08 18:16 - 2013-10-10 13:50 - 00013720 _____ C:\Users\Vetti1204\Downloads\Addition.txt
2013-10-08 18:13 - 2013-10-08 18:13 - 01954124 _____ (Farbar) C:\Users\Vetti1204\Downloads\FRST64.exe
2013-10-08 18:13 - 2013-10-08 18:13 - 00000000 ____D C:\FRST
2013-10-08 18:12 - 2013-10-08 18:12 - 01087213 _____ (Farbar) C:\Users\Vetti1204\Downloads\FRST(1).exe
2013-10-08 18:01 - 2013-10-08 18:01 - 01087213 _____ (Farbar) C:\Users\Vetti1204\Downloads\FRST.exe
2013-10-06 12:45 - 2013-10-10 10:51 - 00007980 _____ C:\Windows\PFRO.log
2013-10-06 12:40 - 2013-10-06 12:40 - 00000000 ____D C:\Users\Vetti1204\AppData\Roaming\337 Wallpaper
2013-10-04 22:58 - 2013-10-04 22:58 - 00181296 _____ C:\Users\Vetti1204\Downloads\Setup.exe
2013-10-04 17:16 - 2013-10-06 12:36 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals
2013-10-04 17:15 - 2013-10-04 17:17 - 25842736 _____ (Microsoft Corporation) C:\Users\Vetti1204\Downloads\Media-Player.exe
2013-10-04 17:15 - 2013-10-04 17:15 - 00598424 _____ C:\Users\Vetti1204\Downloads\Media-Player(1).exe
2013-10-04 17:13 - 2013-10-04 17:19 - 00001805 _____ C:\Windows\wmsetup.log
2013-10-04 17:11 - 2013-10-04 17:13 - 25842736 _____ (Microsoft Corporation) C:\Users\Vetti1204\Downloads\wmp11-windowsxp-x86-DE-DE.exe
2013-10-03 20:26 - 2013-10-03 20:26 - 00000000 _____ C:\Windows\setuperr.log
2013-10-03 20:26 - 2013-10-03 20:26 - 00000000 _____ C:\Windows\setupact.log
2013-10-02 13:15 - 2013-10-02 13:15 - 00000000 ____D C:\ProgramData\HP
2013-09-20 10:41 - 2013-09-20 10:41 - 00029977 _____ C:\Users\Vetti1204\Downloads\webacc.htm
2013-09-19 13:12 - 2013-09-19 13:12 - 00000000 ____D C:\Users\Vetti1204\AppData\Local\CrashRpt
2013-09-19 13:08 - 2013-09-19 13:08 - 00000000 ____D C:\Users\Vetti1204\Documents\My Drawings
2013-09-19 13:06 - 2013-09-19 13:06 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared
2013-09-19 13:04 - 2013-09-19 13:08 - 00000000 ____D C:\Users\Vetti1204\AppData\Roaming\DraftSight
2013-09-19 13:04 - 2013-09-19 13:04 - 00002761 _____ C:\Users\Public\Desktop\DraftSight x64.lnk
2013-09-19 13:03 - 2013-09-19 13:03 - 00000000 ____D C:\ProgramData\Dassault Systemes
2013-09-19 13:03 - 2013-09-19 13:03 - 00000000 ____D C:\Program Files\Dassault Systemes
2013-09-19 12:52 - 2013-09-19 12:58 - 138710880 _____ (Microsoft Corporation) C:\Users\Vetti1204\Downloads\DraftSight64.exe
2013-09-18 11:12 - 2013-09-18 11:12 - 00501440 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-17 20:15 - 2013-10-10 13:23 - 00000601 _____ C:\Users\Vetti1204\Desktop\Search.lnk
2013-09-13 15:44 - 2013-09-16 10:28 - 00000000 ____D C:\Users\Vetti1204\Desktop\Silo und Brennstoffversorgung
2013-09-12 19:10 - 2013-09-12 19:10 - 00002021 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-09-12 12:15 - 2013-09-12 12:15 - 00032621 _____ C:\Users\Vetti1204\Documents\Wärmeverteilung.sdr
2013-09-11 15:42 - 2013-08-16 07:41 - 00058200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys
2013-09-11 15:42 - 2013-08-16 07:39 - 02371728 _____ (Microsoft Corporation) C:\Windows\system32\WSService.dll
2013-09-11 15:42 - 2013-08-16 07:39 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-09-11 15:42 - 2013-08-16 07:32 - 00209200 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2013-09-11 15:42 - 2013-08-16 07:22 - 04917760 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2013-09-11 15:42 - 2013-08-16 07:22 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-09-11 15:42 - 2013-08-16 07:21 - 03275776 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-09-11 15:42 - 2013-08-16 07:21 - 01621504 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-09-11 15:42 - 2013-08-16 07:21 - 01164288 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2013-09-11 15:42 - 2013-08-16 07:21 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-09-11 15:42 - 2013-08-16 07:21 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2013-09-11 15:42 - 2013-08-16 07:21 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2013-09-11 15:42 - 2013-08-16 07:21 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2013-09-11 15:42 - 2013-08-16 07:21 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\WSClient.dll
2013-09-11 15:42 - 2013-08-16 07:21 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2013-09-11 15:42 - 2013-08-16 07:21 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\WSSync.dll
2013-09-11 15:42 - 2013-08-16 07:21 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2013-09-11 15:42 - 2013-08-16 07:21 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-09-11 15:42 - 2013-08-16 07:21 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-09-11 15:42 - 2013-08-16 07:21 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\sppc.dll
2013-09-11 15:42 - 2013-08-16 07:21 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-09-11 15:42 - 2013-08-16 07:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\setupcln.dll
2013-09-11 15:42 - 2013-08-16 07:21 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2013-09-11 15:42 - 2013-08-16 07:21 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2013-09-11 15:42 - 2013-08-16 07:20 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2013-09-11 15:42 - 2013-08-16 00:43 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-09-11 15:42 - 2013-08-16 00:43 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2013-09-11 15:42 - 2013-08-16 00:43 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSClient.dll
2013-09-11 15:42 - 2013-08-16 00:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSSync.dll
2013-09-11 15:42 - 2013-08-16 00:43 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2013-09-11 15:42 - 2013-08-16 00:43 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-09-11 15:42 - 2013-08-16 00:43 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-09-11 15:42 - 2013-08-16 00:43 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-09-11 15:42 - 2013-08-16 00:43 - 00083968 _____ C:\Windows\SysWOW64\OEMLicense.dll
2013-09-11 15:42 - 2013-08-16 00:43 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-09-11 15:42 - 2013-08-16 00:43 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2013-09-11 15:42 - 2013-08-16 00:42 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppc.dll
2013-09-11 15:42 - 2013-08-16 00:42 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupcln.dll
2013-09-11 15:41 - 2013-08-21 06:11 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-11 15:41 - 2013-08-21 06:11 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-11 15:41 - 2013-08-21 06:11 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-11 15:41 - 2013-08-21 04:05 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-11 15:40 - 2013-08-21 06:12 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-11 15:40 - 2013-08-21 06:12 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-11 15:40 - 2013-08-21 06:11 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-11 15:40 - 2013-08-21 06:11 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-11 15:40 - 2013-08-21 06:11 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-09-11 15:40 - 2013-08-21 06:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-11 15:40 - 2013-08-21 06:11 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-11 15:40 - 2013-08-21 06:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-11 15:40 - 2013-08-21 06:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-11 15:40 - 2013-08-21 06:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2013-09-11 15:40 - 2013-08-21 06:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-11 15:40 - 2013-08-21 06:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-11 15:40 - 2013-08-21 04:34 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-11 15:40 - 2013-08-21 04:06 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-11 15:40 - 2013-08-21 04:06 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-11 15:40 - 2013-08-21 04:06 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-09-11 15:40 - 2013-08-21 04:05 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-11 15:40 - 2013-08-21 04:05 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-11 15:40 - 2013-08-21 04:05 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-11 15:40 - 2013-08-21 04:05 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-11 15:40 - 2013-08-21 04:05 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-11 15:40 - 2013-08-21 04:05 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-11 15:40 - 2013-08-21 04:05 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-11 15:40 - 2013-08-21 04:05 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-11 15:40 - 2013-08-21 04:05 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-11 15:40 - 2013-08-21 03:43 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-11 15:40 - 2013-08-21 01:52 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2013-09-11 15:40 - 2013-08-07 07:15 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2013-09-11 15:40 - 2013-08-03 06:30 - 04038144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-11 15:40 - 2013-07-09 10:04 - 00120144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpioclx.sys
2013-09-11 15:40 - 2013-07-09 08:18 - 00439488 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2013-09-11 15:40 - 2013-07-09 06:25 - 00385768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2013-09-11 15:40 - 2013-07-09 05:57 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LocationApi.dll
2013-09-11 15:40 - 2013-07-09 00:46 - 00543744 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
2013-09-11 15:40 - 2013-07-09 00:46 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2013-09-11 15:40 - 2013-07-09 00:46 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Wwanadvui.dll
2013-09-11 15:40 - 2013-07-09 00:45 - 00312832 _____ (Microsoft Corporation) C:\Windows\system32\LocationApi.dll
2013-09-11 15:40 - 2013-07-06 02:16 - 01025024 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2013-09-11 15:40 - 2013-07-03 02:23 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2013-09-11 15:40 - 2013-07-03 02:23 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll
2013-09-11 15:40 - 2013-07-03 02:22 - 02839552 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2013-09-11 15:40 - 2013-07-03 02:22 - 01300480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-09-11 15:40 - 2013-07-03 02:11 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2013-09-11 15:40 - 2013-07-03 02:11 - 00268800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2013-09-11 15:40 - 2013-07-03 02:10 - 02273792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2013-09-11 15:40 - 2013-07-02 00:08 - 00387583 _____ C:\Windows\system32\ApnDatabase.xml
2013-09-11 15:40 - 2013-07-01 00:30 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\openfiles.exe
2013-09-11 15:40 - 2013-07-01 00:29 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\openfiles.exe
2013-09-11 15:40 - 2013-06-29 08:15 - 00195416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2013-09-11 15:40 - 2013-06-29 08:15 - 00125784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2013-09-11 15:40 - 2013-06-29 07:43 - 00327512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2013-09-11 15:40 - 2013-06-29 03:12 - 01022464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-09-11 15:40 - 2013-06-26 05:01 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2013-09-11 15:40 - 2013-06-26 04:59 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys
2013-09-11 15:40 - 2013-06-25 00:54 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-09-11 15:40 - 2013-06-25 00:54 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2013-09-11 15:40 - 2013-06-25 00:54 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2013-09-11 15:40 - 2013-06-19 07:36 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\winmmbase.dll
2013-09-11 15:40 - 2013-06-19 07:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\winmm.dll
2013-09-11 15:40 - 2013-06-19 00:38 - 00160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmmbase.dll
2013-09-11 15:40 - 2013-06-19 00:38 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll
2013-09-11 15:40 - 2013-06-12 01:43 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2013-09-11 15:40 - 2013-06-12 01:26 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2013-09-11 15:40 - 2013-06-10 23:17 - 00096512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2013-09-11 15:40 - 2013-06-10 21:16 - 00888832 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-09-11 15:40 - 2013-06-10 21:15 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-09-11 15:40 - 2013-06-10 21:15 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2013-09-11 15:40 - 2013-06-10 21:15 - 00381952 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-09-11 15:40 - 2013-06-10 21:10 - 00702464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-09-11 15:40 - 2013-06-10 21:10 - 00245248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-09-11 15:40 - 2013-06-06 10:03 - 00119040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS

==================== One Month Modified Files and Folders =======

2013-10-11 10:47 - 2013-09-08 11:40 - 01360140 _____ C:\Windows\WindowsUpdate.log
2013-10-11 10:44 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru
2013-10-11 10:44 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-10-11 08:00 - 2013-08-25 00:22 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-11 06:57 - 2013-08-25 17:57 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-10 18:08 - 2013-08-24 23:35 - 00000000 ____D C:\ProgramData\MFAData
2013-10-10 17:27 - 2012-08-03 01:02 - 00753134 _____ C:\Windows\system32\perfh007.dat
2013-10-10 17:27 - 2012-08-03 01:02 - 00155826 _____ C:\Windows\system32\perfc007.dat
2013-10-10 17:27 - 2012-07-26 09:28 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-10 17:26 - 2013-10-10 17:25 - 00000926 _____ C:\Users\Vetti1204\Desktop\JRT.txt
2013-10-10 17:22 - 2013-08-25 06:24 - 00000062 _____ C:\Users\Vetti1204\AppData\Roaming\sp_data.sys
2013-10-10 17:22 - 2013-05-31 19:02 - 00003542 _____ C:\Windows\System32\Tasks\ASUS Touchpad Launcher (x64)
2013-10-10 17:22 - 2013-05-31 19:02 - 00003052 _____ C:\Windows\System32\Tasks\ASUS P4G
2013-10-10 17:22 - 2013-05-31 19:02 - 00003004 _____ C:\Windows\System32\Tasks\ASUS Splendid ColorU
2013-10-10 17:22 - 2013-05-31 19:02 - 00002988 _____ C:\Windows\System32\Tasks\ASUS Splendid ACMON
2013-10-10 17:22 - 2013-05-31 19:00 - 00003024 _____ C:\Windows\System32\Tasks\ASUS USB Charger Plus
2013-10-10 17:22 - 2013-05-31 18:59 - 00003114 _____ C:\Windows\System32\Tasks\ASUS Live Update
2013-10-10 17:20 - 2013-08-25 18:43 - 00000484 _____ C:\Windows\Tasks\SDMsgUpdate (TE).job
2013-10-10 17:20 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-10 17:19 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-10-10 17:11 - 2013-09-02 18:49 - 00000000 ____D C:\AdwCleaner
2013-10-10 17:06 - 2013-10-10 17:06 - 01048960 _____ C:\Users\Vetti1204\Downloads\adwcleaner(1).exe
2013-10-10 17:06 - 2013-10-10 17:06 - 01032220 _____ (Thisisu) C:\Users\Vetti1204\Downloads\JRT(1).exe
2013-10-10 15:04 - 2013-08-25 06:29 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3734775389-2830244704-707604587-1001
2013-10-10 13:51 - 2013-10-10 13:51 - 00013720 _____ C:\Users\Vetti1204\Desktop\Addition.txt
2013-10-10 13:51 - 2013-10-10 13:48 - 00041741 _____ C:\Users\Vetti1204\Desktop\FRST.txt
2013-10-10 13:50 - 2013-10-08 18:16 - 00013720 _____ C:\Users\Vetti1204\Downloads\Addition.txt
2013-10-10 13:46 - 2013-10-10 13:46 - 01954124 _____ (Farbar) C:\Users\Vetti1204\Downloads\FRST64(1).exe
2013-10-10 13:30 - 2013-10-10 13:30 - 00000000 ____D C:\Windows\ERUNT
2013-10-10 13:23 - 2013-09-17 20:15 - 00000601 _____ C:\Users\Vetti1204\Desktop\Search.lnk
2013-10-10 13:23 - 2013-08-25 06:23 - 00001005 _____ C:\Users\Vetti1204\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-10-10 13:23 - 2013-08-24 23:05 - 00001051 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-10-10 13:19 - 2013-10-10 13:19 - 01048960 _____ C:\Users\Vetti1204\Downloads\adwcleaner.exe
2013-10-10 13:19 - 2013-10-10 13:19 - 01032220 _____ (Thisisu) C:\Users\Vetti1204\Downloads\JRT.exe
2013-10-10 10:51 - 2013-10-06 12:45 - 00007980 _____ C:\Windows\PFRO.log
2013-10-10 10:42 - 2013-10-10 10:42 - 00092376 _____ (MalwareBytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-10-10 10:42 - 2013-10-10 10:01 - 00000000 ____D C:\Users\Vetti1204\Desktop\mbar
2013-10-10 10:36 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\security
2013-10-10 10:01 - 2013-10-10 10:00 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Vetti1204\Desktop\mbar-1.07.0.1005.exe
2013-10-10 09:51 - 2013-10-10 09:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-08 20:01 - 2013-10-08 19:39 - 00000000 ____D C:\Users\Vetti1204\AppData\Local\Avg2014
2013-10-08 20:01 - 2013-08-25 00:22 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-08 19:53 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
2013-10-08 19:48 - 2013-10-08 19:48 - 00000000 ____D C:\Users\Vetti1204\AppData\Roaming\AVG2014
2013-10-08 19:48 - 2013-10-08 19:46 - 00000000 ____D C:\ProgramData\AVG2014
2013-10-08 19:47 - 2013-10-08 19:47 - 00000983 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-10-08 19:47 - 2012-07-26 10:12 - 00000000 ___HD C:\Windows\ELAMBKUP
2013-10-08 19:46 - 2013-10-08 19:46 - 00000000 ___HD C:\$AVG
2013-10-08 19:46 - 2013-10-08 19:46 - 00000000 ____D C:\Program Files (x86)\AVG
2013-10-08 19:38 - 2013-08-25 06:21 - 00000000 ____D C:\Users\Vetti1204
2013-10-08 19:37 - 2013-10-08 19:37 - 04425448 _____ (AVG Technologies) C:\Users\Vetti1204\Downloads\avg_free_stb_all_2014_4116.exe
2013-10-08 18:13 - 2013-10-08 18:13 - 01954124 _____ (Farbar) C:\Users\Vetti1204\Downloads\FRST64.exe
2013-10-08 18:13 - 2013-10-08 18:13 - 00000000 ____D C:\FRST
2013-10-08 18:12 - 2013-10-08 18:12 - 01087213 _____ (Farbar) C:\Users\Vetti1204\Downloads\FRST(1).exe
2013-10-08 18:01 - 2013-10-08 18:01 - 01087213 _____ (Farbar) C:\Users\Vetti1204\Downloads\FRST.exe
2013-10-08 16:49 - 2013-08-24 23:19 - 00000000 ____D C:\ProgramData\WinZip
2013-10-06 12:40 - 2013-10-06 12:40 - 00000000 ____D C:\Users\Vetti1204\AppData\Roaming\337 Wallpaper
2013-10-06 12:39 - 2013-08-25 06:23 - 00000000 ___RD C:\Users\Vetti1204\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-06 12:36 - 2013-10-04 17:16 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals
2013-10-04 22:58 - 2013-10-04 22:58 - 00181296 _____ C:\Users\Vetti1204\Downloads\Setup.exe
2013-10-04 17:19 - 2013-10-04 17:13 - 00001805 _____ C:\Windows\wmsetup.log
2013-10-04 17:17 - 2013-10-04 17:15 - 25842736 _____ (Microsoft Corporation) C:\Users\Vetti1204\Downloads\Media-Player.exe
2013-10-04 17:15 - 2013-10-04 17:15 - 00598424 _____ C:\Users\Vetti1204\Downloads\Media-Player(1).exe
2013-10-04 17:13 - 2013-10-04 17:11 - 25842736 _____ (Microsoft Corporation) C:\Users\Vetti1204\Downloads\wmp11-windowsxp-x86-DE-DE.exe
2013-10-03 20:26 - 2013-10-03 20:26 - 00000000 _____ C:\Windows\setuperr.log
2013-10-03 20:26 - 2013-10-03 20:26 - 00000000 _____ C:\Windows\setupact.log
2013-10-02 17:29 - 2013-08-24 23:05 - 00000000 ____D C:\Users\Vetti1204\AppData\Local\Mozilla
2013-10-02 17:29 - 2013-08-24 23:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-02 13:20 - 2013-08-25 06:21 - 00000000 ____D C:\Users\Vetti1204\AppData\Local\Packages
2013-10-02 13:15 - 2013-10-02 13:15 - 00000000 ____D C:\ProgramData\HP
2013-09-30 17:30 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-09-26 19:39 - 2013-08-28 08:32 - 00000000 ___RD C:\Users\Vetti1204\SkyDrive
2013-09-20 10:41 - 2013-09-20 10:41 - 00029977 _____ C:\Users\Vetti1204\Downloads\webacc.htm
2013-09-19 13:33 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache
2013-09-19 13:27 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\WinStore
2013-09-19 13:27 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-09-19 13:12 - 2013-09-19 13:12 - 00000000 ____D C:\Users\Vetti1204\AppData\Local\CrashRpt
2013-09-19 13:08 - 2013-09-19 13:08 - 00000000 ____D C:\Users\Vetti1204\Documents\My Drawings
2013-09-19 13:08 - 2013-09-19 13:04 - 00000000 ____D C:\Users\Vetti1204\AppData\Roaming\DraftSight
2013-09-19 13:06 - 2013-09-19 13:06 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared
2013-09-19 13:04 - 2013-09-19 13:04 - 00002761 _____ C:\Users\Public\Desktop\DraftSight x64.lnk
2013-09-19 13:03 - 2013-09-19 13:03 - 00000000 ____D C:\ProgramData\Dassault Systemes
2013-09-19 13:03 - 2013-09-19 13:03 - 00000000 ____D C:\Program Files\Dassault Systemes
2013-09-19 12:58 - 2013-09-19 12:52 - 138710880 _____ (Microsoft Corporation) C:\Users\Vetti1204\Downloads\DraftSight64.exe
2013-09-19 01:26 - 2013-08-28 07:15 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-19 01:26 - 2013-08-28 07:15 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-18 11:12 - 2013-09-18 11:12 - 00501440 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-18 11:10 - 2012-07-26 11:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-09-18 11:10 - 2012-07-26 11:43 - 00000000 ____D C:\Windows\SysWOW64\winrm
2013-09-18 11:10 - 2012-07-26 11:43 - 00000000 ____D C:\Windows\SysWOW64\sysprep
2013-09-18 11:10 - 2012-07-26 11:43 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2013-09-18 11:10 - 2012-07-26 11:43 - 00000000 ____D C:\Windows\en-GB
2013-09-18 11:10 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2013-09-18 11:10 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\SysWOW64\en-GB
2013-09-18 11:10 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-09-18 11:10 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Defender
2013-09-18 11:10 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Common Files\System
2013-09-18 11:10 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-09-18 11:10 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-09-18 11:10 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\SysWOW64\oobe
2013-09-18 11:09 - 2012-07-26 11:43 - 00000000 ____D C:\Windows\SysWOW64\WCN
2013-09-18 11:09 - 2012-07-26 11:43 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2013-09-18 11:09 - 2012-07-26 11:43 - 00000000 ____D C:\Windows\system32\winrm
2013-09-18 11:09 - 2012-07-26 11:43 - 00000000 ____D C:\Windows\system32\slmgr
2013-09-18 11:09 - 2012-07-26 10:12 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2013-09-18 11:09 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\SysWOW64\MUI
2013-09-18 11:09 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\SysWOW64\Com
2013-09-18 11:09 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\migwiz
2013-09-18 11:09 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\en-GB
2013-09-18 11:09 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\SysWOW64\Dism
2013-09-18 11:09 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\system32\Sysprep
2013-09-18 11:09 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\system32\oobe
2013-09-18 11:07 - 2012-07-26 11:43 - 00000000 ____D C:\Windows\system32\WCN
2013-09-18 11:07 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\MUI
2013-09-18 11:07 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\system32\Dism
2013-09-18 11:06 - 2012-07-26 11:43 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2013-09-18 11:06 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\SystemResetPlatform
2013-09-18 11:06 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\Com
2013-09-16 11:53 - 2013-08-25 17:57 - 00000000 ____D C:\Users\Vetti1204\AppData\Local\Microsoft Help
2013-09-16 10:28 - 2013-09-13 15:44 - 00000000 ____D C:\Users\Vetti1204\Desktop\Silo und Brennstoffversorgung
2013-09-12 19:10 - 2013-09-12 19:10 - 00002021 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-09-12 12:15 - 2013-09-12 12:15 - 00032621 _____ C:\Users\Vetti1204\Documents\Wärmeverteilung.sdr
2013-09-11 15:55 - 2013-08-27 13:10 - 00000000 ____D C:\Windows\system32\MRT
2013-09-11 15:52 - 2013-08-27 13:10 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\Users\Public\AlexaNSISPlugin.2512.dll


Some content of TEMP:
====================
C:\Users\Vetti1204\AppData\Local\Temp\BackupSetup.exe
C:\Users\Vetti1204\AppData\Local\Temp\pricepeep_1.exe
C:\Users\Vetti1204\AppData\Local\Temp\Quarantine.exe
C:\Users\Vetti1204\AppData\Local\Temp\Setup.exe
C:\Users\Vetti1204\AppData\Local\Temp\uninst1.exe
C:\Users\Vetti1204\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-10 12:22

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013
Ran by Vetti1204 at 2013-10-11 10:48:29
Running from C:\Users\Vetti1204\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

7-Zip 9.20 (x32)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader X (10.1.8) MUI (x32 Version: 10.1.8)
Alcor Micro USB Card Reader (x32 Version: 3.4.117.01527)
ASUS Instant Connect (x32 Version: 1.2.8)
ASUS InstantOn (x32 Version: 3.0.5)
ASUS LifeFrame3 (x32 Version: 3.1.13)
ASUS Live Update (x32 Version: 3.1.8)
ASUS Power4Gear Hybrid (Version: 2.1.7)
ASUS Screen Saver (Version: 1.0.1)
ASUS Smart Gesture (x32 Version: 1.1.3)
ASUS Splendid Video Enhancement Technology (x32 Version: 2.01.0002)
ASUS Tutor (x32 Version: 1.0.8)
ASUS USB Charger Plus (x32 Version: 2.1.5)
ASUS WebStorage Sync Agent (x32 Version: 1.1.10.123)
ASUS X201 Product Demo (x32 Version: 1.0.0)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.1.0.7)
ATK Package (x32 Version: 1.0.0027)
AVG 2014 (Version: 14.0.3609)
AVG 2014 (Version: 14.0.4142)
AVG 2014 (Version: 2014.0.4142)
Broadcom 802.11 Network Adapter (Version: 6.30.59.91)
CCleaner (Version: 4.04)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
DraftSight x64 (Version: 11.0.1258)
Fotogalerie (x32 Version: 16.4.3505.0912)
Galerie de photos (x32 Version: 16.4.3505.0912)
Intel(R) Management Engine Components (x32 Version: 8.1.0.1252)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2875)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
Lightspark 0.5.3-git (x32 Version: 0.5.3-git)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office (x32 Version: 15.0.4420.1017)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft SkyDrive (HKCU Version: 17.0.2015.0811)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (x32 Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (x32 Version: 9.0.30729)
Movie Maker (x32 Version: 16.4.3505.0912)
Mozilla Firefox 24.0 (x86 de) (x32 Version: 24.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MyBitCast 2.0 (x32 Version: 2.0)
PDF24 Creator 5.7.0 (x32)
Photo Common (x32 Version: 16.4.3505.0912)
Photo Gallery (x32 Version: 16.4.3505.0912)
Raccolta foto (x32 Version: 16.4.3505.0912)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6798)
Rossmann Fotowelt Software 4.12.1 (x32 Version: 4.12.1)
Shared C Run-time for x64 (Version: 10.0.0)
SmartDraw 2010 (HKCU)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1)
Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1)
VLC media player 2.0.8 (x32 Version: 2.0.8)
Windows Driver Package - ASUS (ATP) Mouse  (01/10/2013 1.0.0.170) (Version: 01/10/2013 1.0.0.170)
Windows Live (x32 Version: 16.4.3505.0912)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912)
Windows Live Essentials (x32 Version: 16.4.3505.0912)
Windows Live Installer (x32 Version: 16.4.3505.0912)
Windows Live Photo Common (x32 Version: 16.4.3505.0912)
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912)
Windows Live SOXE (x32 Version: 16.4.3505.0912)
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912)
Windows Live UX Platform (x32 Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912)
WinFlash (x32 Version: 2.41.1)

==================== Restore Points  =========================

06-10-2013 10:51:21 Windows Update
08-10-2013 14:42:26 WinZip 17.5 wird installiert
10-10-2013 08:33:17 Malwarebytes Anti-Rootkit Restore Point

==================== Hosts content: ==========================

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0476A34D-6CED-4071-8138-17DA76E4DCF9} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
Task: {2438D0EE-8661-4497-BC3A-83F4C9220C51} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-10-24] (ASUS)
Task: {293CBF78-BDE3-4D71-8A6E-18A271708D4C} - \DealPlyLiveUpdateTaskMachineCore No Task File
Task: {37BBAFAA-EA97-433B-AE72-0536C970D83E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {39284A9D-761F-4139-9536-E0F3D3334838} - \AmiUpdXp No Task File
Task: {4749E87F-CF47-4A34-9381-92A8EBFA1765} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-07-25] (ASUSTeK Computer Inc.)
Task: {48F606F5-E2BF-49BF-9C38-2558E97B2721} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {498112DE-2961-4C44-9990-813E7F154683} - \DealPlyLiveUpdateTaskMachineUA No Task File
Task: {66C21A8C-66CC-44F6-AD93-E097CF3C9449} - System32\Tasks\SDMsgUpdate (TE) => C:\Program Files (x86)\SmartDraw 2010\Messages\SDNotify.exe [2009-07-08] ()
Task: {704D7F30-76A3-46A6-A789-6D4A6B733439} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {7101BCAB-6894-45DE-AA34-7EDBD11A471C} - \DSite No Task File
Task: {8882D26C-2CA1-4EDC-9003-BACDCBDBB3C7} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2012-11-27] (Microsoft Corporation)
Task: {8CC3C6E7-A416-4DAC-B67F-64C5BA3A2A7B} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe
Task: {ACBAB246-2FBE-4141-A600-04A2CACC6D60} - \Omiga Plus RunAsStdUser No Task File
Task: {B3FD219E-8BCF-48D3-8A3B-8DDCEC99DC57} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {B624C6C9-D313-4E7F-B9D4-59FF45389D86} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2012-11-29] ()
Task: {D6DA5F42-A44E-4467-93AA-52CE4D18B765} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: {DF5DEC72-66AE-4CC7-A98E-570472FB7237} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-01-16] (AsusTek)
Task: {DF774A91-7016-46D2-BE1F-4A10FCFC9D7D} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2012-11-29] (ASUS)
Task: {F9C23992-19AC-4BAA-81EE-C1128C96A5C2} - \Dealply No Task File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\SDMsgUpdate (TE).job => C:\PROGRA~2\SMARTD~1\Messages\SDNotify.exe

==================== Loaded Modules (whitelisted) =============

2011-03-17 00:07 - 2011-03-17 00:07 - 04297568 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2012-08-24 18:26 - 2012-08-24 18:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2013-01-25 09:30 - 2012-11-02 09:19 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll
2013-08-29 11:05 - 2013-08-29 11:05 - 01061888 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.App640a3541#\a4aef785d3ce787535cf39a1a67f6b48\Windows.ApplicationModel.ni.dll
2013-08-29 11:05 - 2013-08-29 11:05 - 01121792 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Storage\937d81c961078049761a9c1e9abb6ef4\Windows.Storage.ni.dll
2013-08-29 11:05 - 2013-08-29 11:05 - 00295936 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\14050be959443e89237e6c9136ea8e5e\Windows.Foundation.ni.dll
2013-05-31 18:53 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-08-24 23:05 - 2013-10-02 17:28 - 03279768 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows\system32\Drivers\dxgprooz.sys:changelist

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/10/2013 01:57:34 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Vetti)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2144927151. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (10/10/2013 01:57:22 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 24.0.0.5001, Zeitstempel: 0x522fd29f
Name des fehlerhaften Moduls: xul.dll, Version: 24.0.0.5001, Zeitstempel: 0x522fd1a4
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001b72a8
ID des fehlerhaften Prozesses: 0xa98
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Vollständiger Name des fehlerhaften Pakets: firefox.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: firefox.exe5

Error: (10/10/2013 01:56:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Vetti)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2144927151. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.


System errors:
=============
Error: (10/11/2013 08:28:26 AM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4

Error: (10/10/2013 09:35:31 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4

Error: (10/10/2013 06:12:28 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4

Error: (10/10/2013 05:52:51 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4

Error: (10/10/2013 05:20:13 PM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "VETTI" auf Transport "NetBT_Tcpip_{DC7CB204-87A5-409E-B70C-7B321532E891}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (10/10/2013 05:20:10 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "vToolbarUpdater15.5.0" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (10/10/2013 05:12:22 PM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "VETTI" auf Transport "NetBT_Tcpip_{DC7CB204-87A5-409E-B70C-7B321532E891}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (10/10/2013 05:12:19 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "vToolbarUpdater15.5.0" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (10/10/2013 03:04:20 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4

Error: (10/10/2013 01:59:15 PM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "VETTI" auf Transport "NetBT_Tcpip_{DC7CB204-87A5-409E-B70C-7B321532E891}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.


Microsoft Office Sessions:
=========================
Error: (10/10/2013 01:57:34 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: Vetti)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927151

Error: (10/10/2013 01:57:22 PM) (Source: Application Error)(User: )
Description: firefox.exe24.0.0.5001522fd29fxul.dll24.0.0.5001522fd1a4c0000005001b72a8a9801cec5ae383eff39C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\xul.dll1eca58b2-31a3-11e3-be87-74d02bafa194

Error: (10/10/2013 01:56:51 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: Vetti)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927151


==================== Memory info =========================== 

Percentage of memory in use: 73%
Total physical RAM: 1931.61 MB
Available physical RAM: 520.87 MB
Total Pagefile: 3339.61 MB
Available Pagefile: 1223.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:119.24 GB) (Free:70.91 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:157.55 GB) (Free:155.98 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: F7791DB4)

Partition: GPT Partition Type
==================== End Of Log ============================
         

Antwort

Themen zu Zip- Datei in Spam-mail geöffnet
adware.installbrain, ahnung, anhang, compu, datei, eingefangen, extension.mismatch, fenster, frage, gefangen, hijack.startpage, hintergrund, keine ahnung, lieben, nichts, reagiert, schwarzes, spam-mail, spioniert, stunde, vieren, wieder weg, win32/matsnu.l, zahlungsaufforderung, öffnen



Ähnliche Themen: Zip- Datei in Spam-mail geöffnet


  1. DHL Spam Mail auf dem Smartphone geöffnet
    Smartphone, Tablet & Handy Security - 05.06.2015 (8)
  2. Telekom Spam Mail (zip Datei) geöffnet - Verdacht auf Trojaner
    Log-Analyse und Auswertung - 26.01.2015 (21)
  3. Mail mit .rft-Datei geöffnet
    Plagegeister aller Art und deren Bekämpfung - 02.10.2014 (2)
  4. Android: ELSTER-Spam-Mail geöffnet (angebliche Mail v. Finanzamt)
    Plagegeister aller Art und deren Bekämpfung - 24.09.2014 (3)
  5. ELSTER Spam-Mail geöffnet (angebliche Mail v. Finanzamt)
    Smartphone, Tablet & Handy Security - 23.09.2014 (5)
  6. Windows 7: Spam-Mail geöffnet, bin ich infiziert?
    Log-Analyse und Auswertung - 25.06.2014 (9)
  7. Frau hat Link in SPAM-Mail geöffnet
    Log-Analyse und Auswertung - 08.06.2014 (5)
  8. Telekom Mail und Zip Datei geöffnet
    Mülltonne - 04.06.2014 (0)
  9. Amazon Spam Mail geöffnet
    Plagegeister aller Art und deren Bekämpfung - 01.05.2014 (7)
  10. Spam-Mail erhalten und Anhang geöffnet
    Plagegeister aller Art und deren Bekämpfung - 18.04.2014 (1)
  11. Zip-Datei von Spam-Mail geöffnet und nun verdacht auf Schadsoftware.
    Plagegeister aller Art und deren Bekämpfung - 15.03.2014 (8)
  12. Spam-Mail und Anhang geöffnet
    Plagegeister aller Art und deren Bekämpfung - 12.09.2013 (3)
  13. Spam Mail von Elektroshop Wagner geöffnet
    Log-Analyse und Auswertung - 25.08.2013 (28)
  14. spam mail geöffnet :-(
    Log-Analyse und Auswertung - 23.08.2013 (3)
  15. Anhang von Spam Mail geöffnet
    Plagegeister aller Art und deren Bekämpfung - 01.07.2013 (3)
  16. MAC: Abmahnungs-E-Mail (Spam) erhalten, Zip Datei geöffnet, Trojaner, veränderte Zugriffsrechte
    Alles rund um Mac OSX & Linux - 24.06.2013 (6)
  17. spam-mail von linkedin geöffnet
    Überwachung, Datenschutz und Spam - 21.04.2013 (1)

Zum Thema Zip- Datei in Spam-mail geöffnet - Hallo ihr Lieben , dummerweise habe ich heut( vor ca. einer Stunde -und dafür könnt ich mich schlagen- auf eine Spam-mail mit einer Zip-Datei im Anhang reagiert, in der ich - Zip- Datei in Spam-mail geöffnet...
Archiv
Du betrachtest: Zip- Datei in Spam-mail geöffnet auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.