Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Nachweis über Zeitpunkt des Virenbefalls möglich?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 22.04.2014, 10:40   #1
tier1304
 
Nachweis über Zeitpunkt des Virenbefalls möglich? - Standard

Nachweis über Zeitpunkt des Virenbefalls möglich?



Schönen guten Morgen an alle!

Am Wochenende hat mich eine Bekannte gebeten ihren neuen Laptop einzurichten. Den hat sie aufbereitet & neu aufgesetzt von einem Computergebrauchthändler gekauft. Win 7 wurde installiert und für ESET ein Gutschein ausgegeben. Dieses Programm hat sie installiert und wollte noch Avira installieren, wobei sie das nicht hinbekommen hat.
Nachdem ich ESET desinstalliert (weil ihr das zu teuer war) und AVIRA installiert habe, wurden gleich mal zwei Virenfunde gemeldet und MBAM fand 59 "unerwünschte" Objekte inklusive Trojanern.
jetzt frage ich mir nur, ob der Laptop vorher überhaupt "sauber" vom Händler verkauft wurde oder ob sie es tatsächlich mit 2 / 3 Klicks geschafft hat sich so viel Müll auf die Platte zu ziehen.

Ich würde das Ding gerne komplett plattmachen und zum Händler bringen für eine erneute Win7 Installation. Möchte meiner Bekannten aber ersparen nochmals 25 Euro dafür hinzulegen.

Kann ich denn nachweisen zu welchem Zeitpunkt die Viren auf den Laptop gelangt sind?

Würde mich sehr freuen, wenn Ihr mir einen Tipp geben könntet. DANKE schonmal!

Gruß von
Tanja

Alt 22.04.2014, 10:45   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Nachweis über Zeitpunkt des Virenbefalls möglich? - Standard

Nachweis über Zeitpunkt des Virenbefalls möglich?



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!




Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 22.04.2014, 21:51   #3
tier1304
 
Nachweis über Zeitpunkt des Virenbefalls möglich? - Standard

Nachweis über Zeitpunkt des Virenbefalls möglich?



Hallo cosinus!!

Hier die Logfiles:


Malwarebytes:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 22.04.2014
Suchlauf-Zeit: 21:10:50
Logdatei: mwbam.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.04.19.07
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: vdDHeSteYa

Suchlauf-Art: Benutzerdefinierter Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 358198
Verstrichene Zeit: 1 Std, 2 Min, 5 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Shuriken: Aktiviert
PUP: Warnen
PUM: Warnen

Prozesse: 3
Adware.Adpeak, C:\Program Files\003\xmkysecqun64.exe, 2252, , [4ee55ad2463573c337f560be8c78b14f]
PUP.Optional.AdPeak.A, C:\Program Files\003\xmkysecqun64.exe, 2252, , [f93a30fc54274beb3ce8d3988c76c43c]
PUP.Optional.SupraSavings.A, C:\Program Files\suprasavings\SecureAssist.exe, 1664, , [8fa484a8067565d19dced89758aaea16]

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 89
Adware.Adpeak, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\xmkysecqun64, , [4ee55ad2463573c337f560be8c78b14f], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{FB3E1634-45A0-E739-D709-A3BF1FB95E12}, , [e35034f8c5b642f4d05e3510e12045bb], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{FB3E1634-45A0-E739-D709-A3BF1FB95E12}, , [e35034f8c5b642f4d05e3510e12045bb], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{FB3E1634-45A0-E739-D709-A3BF1FB95E12}, , [e35034f8c5b642f4d05e3510e12045bb], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\SaveClicker.SaveClicker, , [e35034f8c5b642f4d05e3510e12045bb], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\SaveClicker.SaveClicker.2.1, , [e35034f8c5b642f4d05e3510e12045bb], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveClicker.SaveClicker, , [e35034f8c5b642f4d05e3510e12045bb], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveClicker.SaveClicker.2.1, , [e35034f8c5b642f4d05e3510e12045bb], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{FB3E1634-45A0-E739-D709-A3BF1FB95E12}, , [e35034f8c5b642f4d05e3510e12045bb], 
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-1237337929-4086693922-885925713-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FB3E1634-45A0-E739-D709-A3BF1FB95E12}, , [e35034f8c5b642f4d05e3510e12045bb], 
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-1237337929-4086693922-885925713-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FB3E1634-45A0-E739-D709-A3BF1FB95E12}, , [e35034f8c5b642f4d05e3510e12045bb], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{FB3E1634-45A0-E739-D709-A3BF1FB95E12}, , [e35034f8c5b642f4d05e3510e12045bb], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{FB3E1634-45A0-E739-D709-A3BF1FB95E12}, , [e35034f8c5b642f4d05e3510e12045bb], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{FB3E1634-45A0-E739-D709-A3BF1FB95E12}\INPROCSERVER32, , [e35034f8c5b642f4d05e3510e12045bb], 
PUP.Optional.AdPeak.A, HKLM\SOFTWARE\CLASSES\APPID\{76A60138-58B3-4e27-85FB-8FEF344A8998}, , [f83b29031b608da96cff8d881fe3ab55], 
PUP.Optional.AdPeak.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{76A60138-58B3-4E27-85FB-8FEF344A8998}, , [f83b29031b608da96cff8d881fe3ab55], 
PUP.Optional.AdPeak.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}, , [e251a686a9d2a98df875ca4b20e29d63], 
PUP.Optional.AdPeak.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{10AD2C61-0898-4348-8600-14A342F22AC3}, , [e251a686a9d2a98df875ca4b20e29d63], 
PUP.Optional.AdPeak.A, HKU\S-1-5-21-1237337929-4086693922-885925713-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{10AD2C61-0898-4348-8600-14A342F22AC3}, , [e251a686a9d2a98df875ca4b20e29d63], 
PUP.Optional.Iminent.A, HKU\S-1-5-21-1237337929-4086693922-885925713-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{112BA211-334C-4A90-90EC-2AD1CDAB287C}, , [fc3735f7c1ba9a9c6b75a7a4af536898], 
PUP.Optional.Iminent.A, HKU\S-1-5-21-1237337929-4086693922-885925713-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{112BA211-334C-4A90-90EC-2AD1CDAB287C}, , [fc3735f7c1ba9a9c6b75a7a4af536898], 
PUP.Optional.Iminent.A, HKU\S-1-5-21-1237337929-4086693922-885925713-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{1FAFD711-ABF9-4F6A-8130-5166C7371427}, , [d063dc500a718bab01e050fb15eded13], 
PUP.Optional.Iminent.A, HKU\S-1-5-21-1237337929-4086693922-885925713-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{1FAFD711-ABF9-4F6A-8130-5166C7371427}, , [d063dc500a718bab01e050fb15eded13], 
PUP.Optional.Iminent.A, HKU\S-1-5-21-1237337929-4086693922-885925713-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}, , [3201b379a0db92a4ea87c388cb3719e7], 
PUP.Optional.Iminent.A, HKU\S-1-5-21-1237337929-4086693922-885925713-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}, , [3201b379a0db92a4ea87c388cb3719e7], 
PUP.Optional.Iminent.A, HKU\S-1-5-21-1237337929-4086693922-885925713-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, , [81b2dc50512ad66019c690bb966c718f], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, , [81b2dc50512ad66019c690bb966c718f], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}, , [9c9784a8d4a75bdb55f5b399ba487b85], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, , [db58aa82f982a5913516e96331d17090], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{E96338DC-1468-4918-8EC2-8454BFFC5025}, , [3af90d1f790224126bc39baa8b76a35d], 
PUP.Optional.AdPeak.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\xmkysecqun64, , [f93a30fc54274beb3ce8d3988c76c43c], 
PUP.Optional.SaveClicker.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{E2343056-CC08-46AC-B898-BFC7ACF4E755}, , [f34031fb0e6dfd394eb12a7fe81bca36], 
PUP.Optional.SaveClicker.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}, , [f34031fb0e6dfd394eb12a7fe81bca36], 
PUP.Optional.SaveClicker.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{9B41579A-1996-42F9-8F84-7B7786818CEF}, , [f34031fb0e6dfd394eb12a7fe81bca36], 
PUP.Optional.SaveClicker.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}, , [f34031fb0e6dfd394eb12a7fe81bca36], 
PUP.Optional.SaveClicker.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}, , [f34031fb0e6dfd394eb12a7fe81bca36], 
PUP.Optional.SaveClicker.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9B41579A-1996-42F9-8F84-7B7786818CEF}, , [f34031fb0e6dfd394eb12a7fe81bca36], 
PUP.Optional.SaveClicker.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}, , [f34031fb0e6dfd394eb12a7fe81bca36], 
PUP.Optional.SaveClicker.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{E2343056-CC08-46AC-B898-BFC7ACF4E755}, , [f34031fb0e6dfd394eb12a7fe81bca36], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\Iminent, , [2013e74590eba195f136bbc511f1ec14], 
PUP.Optional.RRSavings.A, HKLM\SOFTWARE\Rr Savings, , [cc67b67683f80333c59b89e2ba4818e8], 
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\suprasavings, , [ec4788a4c2b961d55f30f37df909916f], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent, , [2013a884c6b5ed49b1fbe1c911f2dd23], 
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\suprasavings, , [b87b36f6fc7f3501d1dc68059e6414ec], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, , [cc6779b38eed171f2dfa057b8d753dc3], 
PUP.Optional.RRSavings.A, HKLM\SOFTWARE\WOW6432NODE\Rr Savings, , [4fe4b775f289aa8cc59bf17ab44eeb15], 
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\SupraSavings, , [b47f7cb0245776c048d5dd91b54d7789], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent, , [e64d4be182f9092d1f8dd8d26c97f20e], 
PUP.Optional.SupraSavings.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SECUREASSIST, , [8fa484a8067565d19dced89758aaea16], 
PUP.Optional.SupraSavings.A, HKU\S-1-5-21-1237337929-4086693922-885925713-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SupraSavings, , [74bff7350f6cce686c242b453bc77090], 
PUP.Optional.RRSavings.A, HKU\S-1-5-21-1237337929-4086693922-885925713-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Rr Savings, , [9a99260616650135cd9a5615fd05f50b], 
PUP.Optional.SupraSavings.A, HKU\S-1-5-21-1237337929-4086693922-885925713-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Supra Savings, , [a58e7bb19cdf0333750572fdbb4751af], 
PUP.Optional.SupraSavings.A, HKU\S-1-5-21-1237337929-4086693922-885925713-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\suprasavings, , [c2714ede2b509f97bed3016f976b916f], 
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{9863E762-BACC-46E4-8CAA-2A6ADA06B65B}, , [40f3d15b007b4beb8c2f452129d99769], 
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{039D611A-7085-4E78-99E1-1BC6F49314C1}, , [40f3d15b007b4beb8c2f452129d99769], 
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}, , [40f3d15b007b4beb8c2f452129d99769], 
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}, , [40f3d15b007b4beb8c2f452129d99769], 
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}, , [40f3d15b007b4beb8c2f452129d99769], 
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{37A2ED38-A271-4338-92F0-2597C63AB0D6}, , [40f3d15b007b4beb8c2f452129d99769], 
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}, , [40f3d15b007b4beb8c2f452129d99769], 
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3F54B9ED-DBB6-4AC2-9136-9598304A4088}, , [40f3d15b007b4beb8c2f452129d99769], 
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}, , [40f3d15b007b4beb8c2f452129d99769], 
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}, , [40f3d15b007b4beb8c2f452129d99769], 
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{60EEBE82-A0B9-4D4B-A227-ECF69CE21BB5}, , [40f3d15b007b4beb8c2f452129d99769], 
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{70215BB2-D45B-4D40-A467-32AF0FF8036F}, , [40f3d15b007b4beb8c2f452129d99769], 
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{820B6267-576D-4A2D-94C4-980D227A0C4E}, , [40f3d15b007b4beb8c2f452129d99769], 
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}, , [40f3d15b007b4beb8c2f452129d99769], 
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{9EF718B4-A84D-4E46-B365-7DF81E4CF73E}, , [40f3d15b007b4beb8c2f452129d99769], 
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C1F5E799-B218-4C32-B189-3C389BA140BB}, , [40f3d15b007b4beb8c2f452129d99769], 
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E8D63DD4-ACE0-47F1-836C-69E60B5366FD}, , [40f3d15b007b4beb8c2f452129d99769], 
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F60C9408-3110-4C98-A139-ABE1EE1111DD}, , [40f3d15b007b4beb8c2f452129d99769], 
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{039D611A-7085-4E78-99E1-1BC6F49314C1}, , [40f3d15b007b4beb8c2f452129d99769], 
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}, , [40f3d15b007b4beb8c2f452129d99769], 
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}, , [40f3d15b007b4beb8c2f452129d99769], 
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}, , [40f3d15b007b4beb8c2f452129d99769], 
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{37A2ED38-A271-4338-92F0-2597C63AB0D6}, , [40f3d15b007b4beb8c2f452129d99769], 
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}, , [40f3d15b007b4beb8c2f452129d99769], 
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3F54B9ED-DBB6-4AC2-9136-9598304A4088}, , [40f3d15b007b4beb8c2f452129d99769], 
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}, , [40f3d15b007b4beb8c2f452129d99769], 
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}, , [40f3d15b007b4beb8c2f452129d99769], 
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{60EEBE82-A0B9-4D4B-A227-ECF69CE21BB5}, , [40f3d15b007b4beb8c2f452129d99769], 
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{70215BB2-D45B-4D40-A467-32AF0FF8036F}, , [40f3d15b007b4beb8c2f452129d99769], 
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{820B6267-576D-4A2D-94C4-980D227A0C4E}, , [40f3d15b007b4beb8c2f452129d99769], 
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}, , [40f3d15b007b4beb8c2f452129d99769], 
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9EF718B4-A84D-4E46-B365-7DF81E4CF73E}, , [40f3d15b007b4beb8c2f452129d99769], 
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C1F5E799-B218-4C32-B189-3C389BA140BB}, , [40f3d15b007b4beb8c2f452129d99769], 
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E8D63DD4-ACE0-47F1-836C-69E60B5366FD}, , [40f3d15b007b4beb8c2f452129d99769], 
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F60C9408-3110-4C98-A139-ABE1EE1111DD}, , [40f3d15b007b4beb8c2f452129d99769], 
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{9863E762-BACC-46E4-8CAA-2A6ADA06B65B}, , [40f3d15b007b4beb8c2f452129d99769], 

Registrierungswerte: 3
PUP.Optional.Iminent.A, HKU\S-1-5-21-1237337929-4086693922-885925713-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, , [81b2dc50512ad66019c690bb966c718f], 
PUP.Optional.Iminent.A, HKU\S-1-5-21-1237337929-4086693922-885925713-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, , [b38003296615f73f2cb3c08bd82a916f], 
PUP.Optional.SupraSavings.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SECUREASSIST|ImagePath, C:\Program Files\SupraSavings\SecureAssist.exe, , [8fa484a8067565d19dced89758aaea16]

Registrierungsdaten: 1
Trojan.SProtector, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, c:\progra~2\suppor~1\suppor~1.dll, Gut: (), Schlecht: (c:\progra~2\suppor~1\suppor~1.dll),,[51e265c724577db9404f70e5936eb64a]

Ordner: 6
PUP.Optional.SaveClicker.A, C:\ProgramData\SaveClicker, , [48eb8ca0710ac86e926c3d6c16edee12], 
PUP.Optional.SaveClicker.A, C:\Program Files (x86)\SaveClicker, , [f34031fb0e6dfd394eb12a7fe81bca36], 
PUP.Optional.Iminent.A, C:\Program Files (x86)\IminentToolbar, , [db582b015c1f46f07c5966f8be44639d], 
PUP.Optional.Iminent.A, C:\Users\vdDHeSteYa\AppData\Local\Temp\Iminent, , [033064c8730854e230c7e37b51b16b95], 
PUP.Optional.SupraSavings.A, C:\Program Files\suprasavings, , [40f3d15b007b4beb8c2f452129d99769], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings, , [75be25076a11e551744789dd3ac88878], 

Dateien: 145
Trojan.SProtector, C:\Program Files (x86)\Supporter\Supporter.dll, , [51e265c724577db9404f70e5936eb64a], 
Trojan.SProtector, C:\Program Files (x86)\Supporter\SupporterSvc.dll, , [70c33bf16d0e71c5464a43127190f60a], 
Adware.Adpeak, C:\Program Files\003\xmkysecqun64.exe, , [4ee55ad2463573c337f560be8c78b14f], 
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\SaveClicker\Nr.x64.dll, , [e35034f8c5b642f4d05e3510e12045bb], 
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\SaveClicker\Nr.dll, , [e35034f8c5b642f4d05e3510e12045bb], 
PUP.Optional.AdPeak.A, C:\Program Files (x86)\SupraSavings\2rs3.dll, , [e251a686a9d2a98df875ca4b20e29d63], 
PUP.Optional.AdPeak.A, C:\Program Files\suprasavings\SecureAssist.dll, , [1a19e7452754f3432052ef4efe02df21], 
PUP.Optional.MultiPlug.A, C:\ProgramData\SaveClicker\5dG.exe, , [3af90d1f790224126bc39baa8b76a35d], 
PUP.Optional.AdPeak.A, C:\temp\InstallFilter64.msi, , [f53e101c5b2087af8ce61924639d2ed2], 
PUP.Optional.SupraSavings.A, C:\temp\t.msi, , [2a0930fc354692a4bf1e68b40cf823dd], 
PUP.Optional.GenericExt.A, C:\Users\vdDHeSteYa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\68D3B7UO\MinibarChrome[1].exe, , [191a2efec1ba082ee64eab9201ffda26], 
PUP.Optional.Iminent.A, C:\Users\vdDHeSteYa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\68D3B7UO\MinibarFirefox[1].exe, , [2f044ce09dde53e31aa9a26120e150b0], 
PUP.Optional.AppsInstall, C:\Users\vdDHeSteYa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLP0PTG8\Avira-AntiVirus[1].exe, , [90a39d8f1368a591c6c8f8c4669d7888], 
PUP.Optional.Iminent, C:\Users\vdDHeSteYa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLP0PTG8\metro[1].exe, , [6dc6bc707407b97de3cbdb2708f950b0], 
PUP.Optional.Iminent, C:\Users\vdDHeSteYa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SFFMOEVL\IMinentToolbar[1].exe, , [67cc3defe7941a1c93ed191c2dd35da3], 
PUP.Optional.Iminent.A, C:\Users\vdDHeSteYa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U2LNN32M\IminentMinibarIE[1].exe, , [8ea53def17642a0c0db67f84d42dde22], 
PUP.Optional.AppsInstall, C:\Users\vdDHeSteYa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y2M69V1A\Avira-AntiVirus[1].exe, , [6ac970bc87f4c96da7e755670bf805fb], 
Trojan.SProtector, C:\Users\vdDHeSteYa\AppData\Local\Temp\18be6784_.exe, , [cd664fdde29921151d0fa7a4b0516d93], 
PUP.Optional.MultiPlug.A, C:\Users\vdDHeSteYa\AppData\Local\Temp\294823_.exe, , [ab889894b3c84fe7f56d46d729db7a86], 
PUP.Optional.GenericExt.A, C:\Users\vdDHeSteYa\AppData\Local\Temp\igdhbblpcellaljokkpfhcjlagemhgjl17faa\minibarchrome.exe, , [092aca62e299bf7772c22d1001ff2ad6], 
PUP.Optional.Iminent.A, C:\Users\vdDHeSteYa\AppData\Local\Temp\n7577\Iminent_1712-b2fcad5e.exe, , [2310ec40b3c80f27bd39af8f4ab732ce], 
PUP.Optional.Rapiddown, C:\Users\vdDHeSteYa\AppData\Local\Temp\n7577\s7577.exe, , [b77c8e9ed3a8063094d6213bc23f57a9], 
Trojan.Downloader, C:\Users\vdDHeSteYa\AppData\Local\Temp\n7577\saveclicker_1404-9acb73b8.exe, , [3ef585a706754ee83509036a23de659b], 
PUP.Optional.SupraSavings.A, C:\Windows\Installer\14034e.msi, , [85ae38f4255694a2ac31cd4f54b0b848], 
PUP.Optional.AdPeak.A, C:\Windows\Installer\158433.msi, , [86adea42fb80cb6b6a0870cdb54bac54], 
PUP.Optional.AdPeak.A, C:\Windows\SysWOW64\SecureAssist.dll, , [969d0d1f512a221491e18cb11de37888], 
PUP.Optional.AdPeak.A, C:\Program Files\003\xmkysecqun64.exe, , [f93a30fc54274beb3ce8d3988c76c43c], 
PUP.Optional.PCPerformer.A, C:\Windows\System32\roboot64.exe, , [2a09fe2eb0cb3afcedfb11673ac89868], 
PUP.Optional.SaveClicker.A, C:\ProgramData\SaveClicker\5dG.dat, , [48eb8ca0710ac86e926c3d6c16edee12], 
PUP.Optional.SaveClicker.A, C:\Program Files (x86)\SaveClicker\Nr.tlb, , [f34031fb0e6dfd394eb12a7fe81bca36], 
PUP.Optional.SaveClicker.A, C:\Program Files (x86)\SaveClicker\Nr.dat, , [f34031fb0e6dfd394eb12a7fe81bca36], 
PUP.Optional.SupraSavings.A, C:\Program Files\suprasavings\SecureAssist.exe, , [8fa484a8067565d19dced89758aaea16], 
PUP.Optional.SupraSavings.A, C:\Program Files\suprasavings\Installbat.dll, , [40f3d15b007b4beb8c2f452129d99769], 
PUP.Optional.SupraSavings.A, C:\Program Files\suprasavings\Installbat64.dll, , [40f3d15b007b4beb8c2f452129d99769], 
PUP.Optional.SupraSavings.A, C:\Program Files\suprasavings\InstallDLL.dll, , [40f3d15b007b4beb8c2f452129d99769], 
PUP.Optional.SupraSavings.A, C:\Program Files\suprasavings\InstallDLL64.dll, , [40f3d15b007b4beb8c2f452129d99769], 
PUP.Optional.SupraSavings.A, C:\Program Files\suprasavings\Microsoft.Deployment.WindowsInstaller.dll, , [40f3d15b007b4beb8c2f452129d99769], 
PUP.Optional.SupraSavings.A, C:\Program Files\suprasavings\Microsoft.Deployment.WindowsInstaller.xml, , [40f3d15b007b4beb8c2f452129d99769], 
PUP.Optional.SupraSavings.A, C:\Program Files\suprasavings\PCProxyDLL64.dll, , [40f3d15b007b4beb8c2f452129d99769], 
PUP.Optional.SupraSavings.A, C:\Program Files\suprasavings\SecureAssist.tlb, , [40f3d15b007b4beb8c2f452129d99769], 
PUP.Optional.SupraSavings.A, C:\Program Files\suprasavings\SecureAssist64.dll, , [40f3d15b007b4beb8c2f452129d99769], 
PUP.Optional.SupraSavings.A, C:\Program Files\suprasavings\SecureAssistLSP.exe, , [40f3d15b007b4beb8c2f452129d99769], 
PUP.Optional.SupraSavings.A, C:\Program Files\suprasavings\SecureAssistLSP.ini, , [40f3d15b007b4beb8c2f452129d99769], 
PUP.Optional.SupraSavings.A, C:\Program Files\suprasavings\SecureAssistLSP64.exe, , [40f3d15b007b4beb8c2f452129d99769], 
PUP.Optional.SupraSavings.A, C:\Program Files\suprasavings\uninstaller.exe, , [40f3d15b007b4beb8c2f452129d99769], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\background.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\CustomActionInstall, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\CustomActionUninstall, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_api-utils.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_base64.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_byte-streams.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_collection.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_content.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_cortex.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_cuddlefish.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_deprecate.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_environment.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_errors.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_events.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_file.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_functional.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_heritage.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_hidden-frame.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_light-traits.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_list.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_loader.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_match-pattern.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_memory.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_namespace.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_observer-service.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_plain-text-console.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_preferences-service.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_promise.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_querystring.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_runtime.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_sandbox.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_addonkit_page-mod.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_addonkit_private-browsing.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_addonkit_request.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_addonkit_windows.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_addon_runner.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_system.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_text-streams.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_timer.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_traceback.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_traits.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_unload.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_url.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_uuid.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_window-utils.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_xhr.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_xpcom.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_xul-app.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_bootstrap.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_globals.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_self.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_harness-options.json, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_prefs.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_utils_thumbnail.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_content_content-proxy.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_content_content-worker.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_content_loader.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_content_symbiont.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_content_worker.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_dom_events.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_events_assembler.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_event_core.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_event_target.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_icon.png, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_icon64.png, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_install.rdf, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_l10n_core.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_l10n_html.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_l10n_loader.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_l10n_locale.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_l10n_prefs.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_locales.json, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_main.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_privatebrowsing_utils.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_system_events.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_tabs_events.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_tabs_observer.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_tabs_tab.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_tabs_utils.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_traits_core.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_utils_data.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_utils_object.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_utils_registry.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_windows_dom.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_windows_loader.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_windows_observer.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_windows_tabs.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_window_utils.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\icon128.png, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\icon16.png, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\icon32.png, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\icon48.png, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\icon64.png, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\icon8.png, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\iwalyk.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\manifest.json, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\marcopolo.js, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\Microsoft.Deployment.WindowsInstaller.dll, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\Microsoft.Deployment.WindowsInstaller.xml, , [75be25076a11e551744789dd3ac88878], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\SendJson.dll, , [75be25076a11e551744789dd3ac88878], 

Physische Sektoren: 0
(No malicious items detected)


(end)
         

AVIRA:

Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Samstag, 19. April 2014  17:53


Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira Antivirus Free
Seriennummer   : 0000149996-AVHOE-0000001
Plattform      : Windows 7 Home Premium
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : VDDHESTEYA-PC

Versionsinformationen:
BUILD.DAT      : 14.0.3.350     56624 Bytes  25.02.2014 11:41:00
AVSCAN.EXE     : 14.0.3.332   1058384 Bytes  25.02.2014 09:41:04
AVSCANRC.DLL   : 14.0.2.180     62008 Bytes  25.02.2014 09:41:04
LUKE.DLL       : 14.0.3.336     65616 Bytes  25.02.2014 09:41:05
AVSCPLR.DLL    : 14.0.3.336    124496 Bytes  25.02.2014 09:41:04
AVREG.DLL      : 14.0.3.336    250448 Bytes  25.02.2014 09:41:04
avlode.dll     : 14.0.3.336    544848 Bytes  25.02.2014 09:41:04
avlode.rdf     : 14.0.4.14      63648 Bytes  19.04.2014 15:51:27
VBASE000.VDF   : 7.11.70.0   66736640 Bytes  04.04.2013 09:41:06
VBASE001.VDF   : 7.11.74.226  2201600 Bytes  30.04.2013 09:41:06
VBASE002.VDF   : 7.11.80.60   2751488 Bytes  28.05.2013 09:41:06
VBASE003.VDF   : 7.11.85.214  2162688 Bytes  21.06.2013 09:41:06
VBASE004.VDF   : 7.11.91.176  3903488 Bytes  23.07.2013 09:41:06
VBASE005.VDF   : 7.11.98.186  6822912 Bytes  29.08.2013 09:41:06
VBASE006.VDF   : 7.11.139.38 15708672 Bytes  27.03.2014 15:51:50
VBASE007.VDF   : 7.11.139.39     2048 Bytes  27.03.2014 15:51:50
VBASE008.VDF   : 7.11.139.40     2048 Bytes  27.03.2014 15:51:50
VBASE009.VDF   : 7.11.139.41     2048 Bytes  27.03.2014 15:51:51
VBASE010.VDF   : 7.11.139.42     2048 Bytes  27.03.2014 15:51:51
VBASE011.VDF   : 7.11.139.43     2048 Bytes  27.03.2014 15:51:51
VBASE012.VDF   : 7.11.139.44     2048 Bytes  27.03.2014 15:51:51
VBASE013.VDF   : 7.11.139.45     2048 Bytes  27.03.2014 15:51:51
VBASE014.VDF   : 7.11.139.171   111104 Bytes  28.03.2014 15:51:51
VBASE015.VDF   : 7.11.140.23   150016 Bytes  30.03.2014 15:51:51
VBASE016.VDF   : 7.11.140.143   222720 Bytes  01.04.2014 15:51:52
VBASE017.VDF   : 7.11.140.235   144384 Bytes  03.04.2014 15:51:52
VBASE018.VDF   : 7.11.141.81   193536 Bytes  05.04.2014 15:51:52
VBASE019.VDF   : 7.11.141.203   241152 Bytes  08.04.2014 15:51:53
VBASE020.VDF   : 7.11.142.83   144896 Bytes  10.04.2014 15:51:53
VBASE021.VDF   : 7.11.142.221   171008 Bytes  12.04.2014 15:51:53
VBASE022.VDF   : 7.11.143.135   247296 Bytes  15.04.2014 15:51:53
VBASE023.VDF   : 7.11.143.215   189952 Bytes  16.04.2014 15:51:54
VBASE024.VDF   : 7.11.144.67   138752 Bytes  19.04.2014 15:51:54
VBASE025.VDF   : 7.11.144.68     2048 Bytes  19.04.2014 15:51:54
VBASE026.VDF   : 7.11.144.69     2048 Bytes  19.04.2014 15:51:54
VBASE027.VDF   : 7.11.144.70     2048 Bytes  19.04.2014 15:51:54
VBASE028.VDF   : 7.11.144.71     2048 Bytes  19.04.2014 15:51:54
VBASE029.VDF   : 7.11.144.72     2048 Bytes  19.04.2014 15:51:54
VBASE030.VDF   : 7.11.144.73     2048 Bytes  19.04.2014 15:51:54
VBASE031.VDF   : 7.11.144.106   141824 Bytes  19.04.2014 15:51:55
Engineversion  : 8.3.18.6  
AEVDF.DLL      : 8.3.0.4       118976 Bytes  19.04.2014 15:51:26
AESCRIPT.DLL   : 8.1.4.200     528584 Bytes  19.04.2014 15:51:26
AESCN.DLL      : 8.3.0.2       135360 Bytes  19.04.2014 15:51:26
AESBX.DLL      : 8.2.20.6     1331575 Bytes  25.02.2014 09:41:04
AERDL.DLL      : 8.2.0.138     704888 Bytes  25.02.2014 09:41:04
AEPACK.DLL     : 8.4.0.16      778440 Bytes  19.04.2014 15:51:26
AEOFFICE.DLL   : 8.3.0.4       205000 Bytes  19.04.2014 15:51:25
AEHEUR.DLL     : 8.1.4.1014   6664392 Bytes  19.04.2014 15:51:25
AEHELP.DLL     : 8.3.0.0       274808 Bytes  19.04.2014 15:51:21
AEGEN.DLL      : 8.1.7.26      450752 Bytes  19.04.2014 15:51:20
AEEXP.DLL      : 8.4.1.258     512376 Bytes  19.04.2014 15:51:27
AEEMU.DLL      : 8.1.3.2       393587 Bytes  25.02.2014 09:41:04
AECORE.DLL     : 8.3.0.6       241864 Bytes  19.04.2014 15:51:20
AEBB.DLL       : 8.1.1.4        53619 Bytes  25.02.2014 09:41:04
AVWINLL.DLL    : 14.0.3.252     23608 Bytes  25.02.2014 09:41:05
AVPREF.DLL     : 14.0.3.252     48696 Bytes  25.02.2014 09:41:04
AVREP.DLL      : 14.0.3.252    175672 Bytes  25.02.2014 09:41:04
AVARKT.DLL     : 14.0.3.336    256080 Bytes  25.02.2014 09:41:04
AVEVTLOG.DLL   : 14.0.3.336    165968 Bytes  25.02.2014 09:41:04
SQLITE3.DLL    : 3.7.0.1       394808 Bytes  25.02.2014 09:41:06
AVSMTP.DLL     : 14.0.3.252     60472 Bytes  25.02.2014 09:41:04
NETNT.DLL      : 14.0.3.252     13368 Bytes  25.02.2014 09:41:05
RCIMAGE.DLL    : 14.0.3.260   4979256 Bytes  25.02.2014 09:41:06
RCTEXT.DLL     : 14.0.3.282     72760 Bytes  25.02.2014 09:41:06

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Schnelle Systemprüfung
Konfigurationsdatei...................: c:\program files (x86)\avira\antivir desktop\quicksysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Samstag, 19. April 2014  17:53

Der Suchlauf über die Bootsektoren wird begonnen:

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '92' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '118' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '163' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvxdsync.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '44' Modul(e) wurden durchsucht
  Modul ist infiziert -> <c:\Program Files (x86)\Supporter\Supporter.dll>
  [FUND]      Ist das Trojanische Pferd TR/BProtector.A
  [WARNUNG]   Die Datei wurde ignoriert.
  Modul ist infiziert -> <c:\Program Files (x86)\Supporter\SupporterSvc.dll>
  [FUND]      Enthält Erkennungsmuster der Adware ADWARE/AgentCV.A.2926
  [WARNUNG]   Die Datei wurde ignoriert.
Durchsuche Prozess 'SecureAssist.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'xmkysecqun64.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '205' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '107' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'sppsvc.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'mscorsvw.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'mscorsvw.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'wuauclt.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '108' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '123' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
c:\Program Files (x86)\Supporter\SupporterSvc.dll
  [FUND]      Enthält Erkennungsmuster der Adware ADWARE/AgentCV.A.2926
  [WARNUNG]   Die Datei wurde ignoriert.
c:\Program Files (x86)\Supporter\Supporter.dll
  [FUND]      Ist das Trojanische Pferd TR/BProtector.A
  [WARNUNG]   Die Datei wurde ignoriert.


Ende des Suchlaufs: Samstag, 19. April 2014  17:59
Benötigte Zeit: 05:50 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

      0 Verzeichnisse wurden überprüft
   1741 Dateien wurden geprüft
      4 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      0 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
   1737 Dateien ohne Befall
      2 Archive wurden durchsucht
      4 Warnungen
      0 Hinweise
         
...und die files von FRST


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2014
Ran by vdDHeSteYa (administrator) on VDDHESTEYA-PC on 22-04-2014 21:23:46
Running from C:\Users\vdDHeSteYa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLP0PTG8
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(SecureAssist) C:\Program Files\SupraSavings\SecureAssist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Program Files\003\xmkysecqun64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Farbar) C:\Users\vdDHeSteYa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLP0PTG8\FRST64[1].exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
AppInit_DLLs: C:\PROGRA~2\SUPPOR~1\SUPPOR~2.DLL => C:\Program Files (x86)\Supporter\Supporter_x64.dll [4621312 2014-04-17] ()
AppInit_DLLs-x32: c:\progra~2\suppor~1\suppor~1.dll => C:\Program Files (x86)\Supporter\Supporter.dll [4378112 2014-04-17] ()
IFEO\DatamngrCoordinator.exe: [Debugger] tasklist.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD8B978418E59CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
URLSearchHook: HKCU - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: SaveClicker - {FB3E1634-45A0-E739-D709-A3BF1FB95E12} - C:\Program Files (x86)\SaveClicker\Nr.x64.dll ()
BHO-x32: 2rs3 - {10AD2C61-0898-4348-8600-14A342F22AC3} - C:\Program Files (x86)\SupraSavings\2rs3.dll ()
BHO-x32: No Name - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} -  No File
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: SaveClicker - {FB3E1634-45A0-E739-D709-A3BF1FB95E12} - C:\Program Files (x86)\SaveClicker\Nr.dll ()
Winsock: Catalog9 01 C:\Windows\SysWOW64\SecureAssist.dll [295080] (SecureAssist)
Winsock: Catalog9 02 C:\Windows\SysWOW64\SecureAssist.dll [295080] (SecureAssist)
Winsock: Catalog9 03 C:\Windows\SysWOW64\SecureAssist.dll [295080] (SecureAssist)
Winsock: Catalog9 04 C:\Windows\SysWOW64\SecureAssist.dll [295080] (SecureAssist)
Winsock: Catalog9 15 C:\Windows\SysWOW64\SecureAssist.dll [295080] (SecureAssist)
Winsock: Catalog9-x64 01 C:\Windows\system32\SecureAssist64.dll [338120] (SecureAssist)
Winsock: Catalog9-x64 02 C:\Windows\system32\SecureAssist64.dll [338120] (SecureAssist)
Winsock: Catalog9-x64 03 C:\Windows\system32\SecureAssist64.dll [338120] (SecureAssist)
Winsock: Catalog9-x64 04 C:\Windows\system32\SecureAssist64.dll [338120] (SecureAssist)
Winsock: Catalog9-x64 15 C:\Windows\system32\SecureAssist64.dll [338120] (SecureAssist)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (SaveClicker) - C:\Users\vdDHeSteYa\AppData\Local\Google\Chrome\User Data\Default\Extensions\iogpddcklcnjhioiaadiajaboepegdal [2014-04-17]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 be0fb33b; C:\Program Files (x86)\Supporter\SupporterSvc.dll [178000 2014-04-17] ()
R2 SecureAssist; C:\Program Files\SupraSavings\SecureAssist.exe [1558032 2014-03-12] (SecureAssist)
R2 xmkysecqun64; C:\Program Files\003\xmkysecqun64.exe [706560 2014-04-17] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-22] (Malwarebytes Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-22 21:23 - 2014-04-22 21:23 - 00000000 ____D () C:\FRST
2014-04-22 21:22 - 2014-04-22 21:22 - 02061312 _____ (Farbar) C:\Users\vdDHeSteYa\Downloads\FRST64.exe
2014-04-22 21:10 - 2014-04-22 21:10 - 00035013 _____ () C:\Users\vdDHeSteYa\Documents\mwbam.txt
2014-04-22 19:40 - 2014-04-22 19:40 - 00020636 _____ () C:\Users\vdDHeSteYa\Documents\AVSCAN-20140419-175301-7E690C72.LOG
2014-04-19 18:01 - 2014-04-22 19:40 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-19 18:01 - 2014-04-19 18:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-19 18:01 - 2014-04-19 18:01 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-19 18:01 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-19 18:01 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-19 18:01 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-19 18:00 - 2014-04-19 18:00 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\vdDHeSteYa\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-19 17:51 - 2014-04-19 17:51 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Roaming\Avira
2014-04-19 17:50 - 2014-04-19 17:50 - 00002073 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-04-19 17:50 - 2014-04-19 17:50 - 00000000 ____D () C:\ProgramData\Avira
2014-04-19 17:50 - 2014-04-19 17:50 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-04-19 17:50 - 2014-02-25 11:41 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-04-19 17:50 - 2014-02-25 11:41 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-04-19 17:50 - 2014-02-25 11:41 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-04-19 17:48 - 2014-04-19 17:48 - 138607664 _____ () C:\Users\vdDHeSteYa\Downloads\avira_free_antivirus_de_14.0.3.350.exe
2014-04-19 17:33 - 2014-04-19 17:33 - 00003556 _____ () C:\Windows\System32\Tasks\CreateChoiceProcessTask
2014-04-19 17:33 - 2014-04-19 17:33 - 00001757 _____ () C:\Users\Public\Desktop\Browserwahl.lnk
2014-04-19 17:20 - 2012-07-26 06:55 - 00785512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-04-19 17:20 - 2012-07-26 06:55 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2014-04-19 17:20 - 2012-07-26 04:36 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2014-04-19 17:20 - 2012-06-02 16:35 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2014-04-19 17:14 - 2010-02-23 10:16 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\browserchoice.exe
2014-04-19 16:56 - 2012-07-26 05:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2014-04-19 16:56 - 2012-07-26 05:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2014-04-19 16:56 - 2012-07-26 05:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2014-04-19 16:56 - 2012-07-26 05:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2014-04-19 16:56 - 2012-07-26 05:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2014-04-19 16:56 - 2012-07-26 04:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2014-04-19 16:56 - 2012-07-26 04:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2014-04-19 16:56 - 2012-06-02 16:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2014-04-19 16:47 - 2013-10-12 04:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-04-19 16:47 - 2013-10-12 04:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-04-19 16:47 - 2013-10-12 04:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-04-19 16:47 - 2013-10-12 04:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2014-04-19 16:47 - 2013-10-12 04:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2014-04-19 16:47 - 2012-06-06 08:02 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2014-04-19 16:47 - 2012-06-06 07:03 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2014-04-19 16:43 - 2012-03-01 08:46 - 00023408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
2014-04-19 16:43 - 2012-03-01 08:38 - 00220672 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-04-19 16:43 - 2012-03-01 08:33 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-04-19 16:43 - 2012-03-01 08:28 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
2014-04-19 16:43 - 2012-03-01 07:37 - 00172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-04-19 16:43 - 2012-03-01 07:33 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-04-19 16:43 - 2012-03-01 07:29 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2014-04-17 07:18 - 2014-03-12 16:00 - 00338120 _____ (SecureAssist) C:\Windows\system32\SecureAssist64.dll
2014-04-17 07:18 - 2014-03-12 16:00 - 00295080 _____ (SecureAssist) C:\Windows\SysWOW64\SecureAssist.dll
2014-04-17 07:17 - 2014-04-22 19:39 - 00003132 _____ () C:\Windows\System32\Tasks\System Speedup
2014-04-17 07:17 - 2014-04-22 19:38 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Roaming\System Speedup
2014-04-17 07:17 - 2014-04-19 16:47 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Roaming\systweak
2014-04-17 07:17 - 2014-04-17 07:23 - 00000302 _____ () C:\Windows\Tasks\System Speedup_UPDATES.job
2014-04-17 07:17 - 2014-04-17 07:23 - 00000294 _____ () C:\Windows\Tasks\System Speedup_DEFAULT.job
2014-04-17 07:17 - 2014-04-17 07:17 - 00003064 _____ () C:\Windows\System32\Tasks\System Speedup_UPDATES
2014-04-17 07:17 - 2014-04-17 07:17 - 00002908 _____ () C:\Windows\System32\Tasks\System Speedup_DEFAULT
2014-04-17 07:17 - 2014-04-17 07:17 - 00001081 _____ () C:\Users\Public\Desktop\System Speedup.lnk
2014-04-17 07:17 - 2014-04-17 07:17 - 00000000 ____D () C:\Program Files (x86)\Supporter
2014-04-17 07:17 - 2013-12-13 17:53 - 00019544 _____ (System Speedup) C:\Windows\system32\roboot64.exe
2014-04-17 07:16 - 2014-04-19 16:43 - 00000000 ____D () C:\Program Files (x86)\IminentToolbar
2014-04-17 07:16 - 2014-04-17 07:17 - 00000000 ____D () C:\Program Files (x86)\System Speedup
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\Torch
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\Packages
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\Google
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\Comodo
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Gast\AppData\Local\Torch
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Gast
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Administrator
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\ProgramData\SaveClicker
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\ProgramData\a408305a3ffb7129
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Program Files (x86)\SupraSavings
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Program Files (x86)\SaveClicker
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-17 07:15 - 2014-04-17 07:18 - 00000000 ____D () C:\Program Files\suprasavings
2014-04-17 07:15 - 2014-04-17 07:15 - 00000000 ____D () C:\Program Files\003
2014-04-17 07:12 - 2014-04-17 07:12 - 00002765 _____ () C:\Users\vdDHeSteYa\Desktop\Continue Avira-AntiVirus.lnk
2014-04-17 07:11 - 2011-11-19 16:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-04-17 07:11 - 2011-11-19 16:01 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-04-17 00:46 - 2014-04-17 00:46 - 00000000 ___HD () C:\Tools
2014-04-16 17:54 - 2012-02-17 08:38 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2014-04-16 17:54 - 2012-02-17 07:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2014-04-16 17:54 - 2012-02-17 06:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-04-16 17:54 - 2012-02-17 06:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2014-04-16 17:49 - 2012-06-03 00:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-04-16 17:49 - 2012-06-03 00:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-04-16 17:49 - 2012-06-03 00:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-04-16 17:49 - 2012-06-03 00:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-04-16 17:48 - 2012-06-03 00:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-04-16 17:48 - 2012-06-03 00:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-04-16 17:48 - 2012-06-03 00:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-04-16 17:48 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-04-16 17:48 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-04-16 17:43 - 2014-04-22 21:16 - 00003970 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5C497AA6-8DA4-4F51-9231-255D2BE41896}
2014-04-16 17:39 - 2014-04-16 17:39 - 00000000 ____D () C:\Users\vdDHeSteYa\Desktop\Acronis installieren
2014-04-16 17:39 - 2014-04-16 17:39 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Roaming\ESET
2014-04-16 17:39 - 2014-04-16 17:39 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\VirtualStore
2014-04-16 17:39 - 2014-04-16 17:39 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\ESET
2014-04-16 17:35 - 2014-04-16 17:39 - 00001446 _____ () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-16 17:35 - 2014-04-16 17:39 - 00001412 _____ () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-04-16 17:35 - 2014-04-16 17:39 - 00000000 ___RD () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-16 17:35 - 2014-04-16 17:39 - 00000000 ___RD () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Vorlagen
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Startmenü
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Netzwerkumgebung
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Lokale Einstellungen
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Eigene Dateien
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Druckumgebung
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Documents\Eigene Musik
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Documents\Eigene Bilder
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\AppData\Local\Verlauf
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\AppData\Local\Anwendungsdaten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Anwendungsdaten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Programme
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\ProgramData\Favoriten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 __SHD () C:\Recovery
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 ____D () C:\Users\vdDHeSteYa
2014-04-16 17:35 - 2013-07-18 15:09 - 00057560 _____ () C:\Users\vdDHeSteYa\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-16 17:35 - 2013-07-18 15:09 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\Windows Live
2014-04-16 17:35 - 2010-11-21 04:50 - 00000020 ___SH () C:\Users\vdDHeSteYa\ntuser.ini
2014-04-16 17:35 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-04-16 17:35 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-04-16 16:30 - 2014-04-22 21:17 - 01171471 _____ () C:\Windows\WindowsUpdate.log
2014-04-16 14:59 - 2014-04-16 14:59 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-16 14:58 - 2014-04-16 14:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_cvusbdrv_01009.Wdf
2014-04-16 14:58 - 2010-07-27 02:25 - 00043048 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\cvusbdrv.sys
2014-04-16 14:58 - 2010-07-07 00:45 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2014-04-16 14:54 - 2013-01-15 06:58 - 06382880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-04-16 14:54 - 2013-01-15 06:58 - 03460896 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-04-16 14:54 - 2013-01-15 06:58 - 02558240 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-04-16 14:54 - 2013-01-15 06:58 - 00997664 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2014-04-16 14:54 - 2013-01-15 06:58 - 00884512 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-04-16 14:54 - 2013-01-15 06:58 - 00118560 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-04-16 14:54 - 2013-01-15 06:58 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-04-16 14:54 - 2013-01-15 06:58 - 00055584 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2014-04-16 14:53 - 2014-04-16 14:53 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-04-16 14:53 - 2014-04-16 14:53 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-04-16 14:53 - 2013-01-19 07:55 - 26931488 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-04-16 14:53 - 2013-01-19 07:55 - 20450080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-04-16 14:53 - 2013-01-19 07:55 - 15052728 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-04-16 14:53 - 2013-01-19 07:55 - 12641480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-04-16 14:53 - 2013-01-19 07:55 - 11012384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-04-16 14:53 - 2013-01-19 07:55 - 07564040 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-04-16 14:53 - 2013-01-19 07:55 - 06262608 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-04-16 14:53 - 2013-01-19 07:55 - 00061216 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-04-16 14:53 - 2013-01-19 07:55 - 00053024 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-04-16 14:53 - 2013-01-19 07:55 - 00017266 _____ () C:\Windows\system32\nvinfo.pb
2014-04-16 14:52 - 2013-01-19 07:55 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 18054672 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 15129448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 09390760 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 07932256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 02904352 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 02826040 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 02720544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 02505144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 02344736 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 01985824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 01814304 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco64.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 01510176 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco64.dll
2014-04-16 14:52 - 2012-01-24 00:44 - 08616960 _____ (Intel Corporation) C:\Windows\system32\Drivers\NETwNs64.sys
2014-04-16 14:52 - 2010-05-19 07:32 - 02750464 _____ (Intel Corporation) C:\Windows\system32\NETwNr64.dll
2014-04-16 14:52 - 2010-05-19 07:30 - 00799232 _____ (Intel Corporation) C:\Windows\system32\NETwNc64.dll
2014-04-16 14:50 - 2013-07-18 15:09 - 00057560 _____ () C:\Users\Default\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-16 14:50 - 2013-07-18 15:09 - 00057560 _____ () C:\Users\Default User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-16 14:50 - 2013-07-18 15:09 - 00000000 ____D () C:\Users\Default\AppData\Local\Windows Live
2014-04-16 14:50 - 2013-07-18 15:09 - 00000000 ____D () C:\Users\Default User\AppData\Local\Windows Live

==================== One Month Modified Files and Folders =======

2014-04-22 21:23 - 2014-04-22 21:23 - 00000000 ____D () C:\FRST
2014-04-22 21:22 - 2014-04-22 21:22 - 02061312 _____ (Farbar) C:\Users\vdDHeSteYa\Downloads\FRST64.exe
2014-04-22 21:17 - 2014-04-16 16:30 - 01171471 _____ () C:\Windows\WindowsUpdate.log
2014-04-22 21:16 - 2014-04-16 17:43 - 00003970 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5C497AA6-8DA4-4F51-9231-255D2BE41896}
2014-04-22 21:10 - 2014-04-22 21:10 - 00035013 _____ () C:\Users\vdDHeSteYa\Documents\mwbam.txt
2014-04-22 20:35 - 2009-07-14 06:45 - 00016640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-22 20:35 - 2009-07-14 06:45 - 00016640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-22 19:40 - 2014-04-22 19:40 - 00020636 _____ () C:\Users\vdDHeSteYa\Documents\AVSCAN-20140419-175301-7E690C72.LOG
2014-04-22 19:40 - 2014-04-19 18:01 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-22 19:39 - 2014-04-17 07:17 - 00003132 _____ () C:\Windows\System32\Tasks\System Speedup
2014-04-22 19:38 - 2014-04-17 07:17 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Roaming\System Speedup
2014-04-22 19:38 - 2010-11-21 08:50 - 00696870 _____ () C:\Windows\system32\perfh007.dat
2014-04-22 19:38 - 2010-11-21 08:50 - 00148134 _____ () C:\Windows\system32\perfc007.dat
2014-04-22 19:38 - 2009-07-14 07:13 - 01612484 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-22 19:34 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-22 19:34 - 2009-07-14 06:51 - 00036940 _____ () C:\Windows\setupact.log
2014-04-22 19:33 - 2010-11-21 05:47 - 00108776 _____ () C:\Windows\PFRO.log
2014-04-19 18:01 - 2014-04-19 18:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-19 18:01 - 2014-04-19 18:01 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-19 18:00 - 2014-04-19 18:00 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\vdDHeSteYa\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-19 17:51 - 2014-04-19 17:51 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Roaming\Avira
2014-04-19 17:50 - 2014-04-19 17:50 - 00002073 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-04-19 17:50 - 2014-04-19 17:50 - 00000000 ____D () C:\ProgramData\Avira
2014-04-19 17:50 - 2014-04-19 17:50 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-04-19 17:48 - 2014-04-19 17:48 - 138607664 _____ () C:\Users\vdDHeSteYa\Downloads\avira_free_antivirus_de_14.0.3.350.exe
2014-04-19 17:33 - 2014-04-19 17:33 - 00003556 _____ () C:\Windows\System32\Tasks\CreateChoiceProcessTask
2014-04-19 17:33 - 2014-04-19 17:33 - 00001757 _____ () C:\Users\Public\Desktop\Browserwahl.lnk
2014-04-19 17:30 - 2013-07-18 14:39 - 01589650 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-04-19 16:47 - 2014-04-17 07:17 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Roaming\systweak
2014-04-19 16:43 - 2014-04-17 07:16 - 00000000 ____D () C:\Program Files (x86)\IminentToolbar
2014-04-17 07:23 - 2014-04-17 07:17 - 00000302 _____ () C:\Windows\Tasks\System Speedup_UPDATES.job
2014-04-17 07:23 - 2014-04-17 07:17 - 00000294 _____ () C:\Windows\Tasks\System Speedup_DEFAULT.job
2014-04-17 07:18 - 2014-04-17 07:15 - 00000000 ____D () C:\Program Files\suprasavings
2014-04-17 07:18 - 2014-03-21 12:27 - 00005552 _____ () C:\Windows\system32\SecureAssist.ini
2014-04-17 07:18 - 2014-03-21 12:27 - 00002504 _____ () C:\Windows\SysWOW64\SecureAssistOff.ini
2014-04-17 07:18 - 2014-03-21 12:27 - 00002504 _____ () C:\Windows\system32\SecureAssistOff.ini
2014-04-17 07:17 - 2014-04-17 07:17 - 00003064 _____ () C:\Windows\System32\Tasks\System Speedup_UPDATES
2014-04-17 07:17 - 2014-04-17 07:17 - 00002908 _____ () C:\Windows\System32\Tasks\System Speedup_DEFAULT
2014-04-17 07:17 - 2014-04-17 07:17 - 00001081 _____ () C:\Users\Public\Desktop\System Speedup.lnk
2014-04-17 07:17 - 2014-04-17 07:17 - 00000000 ____D () C:\Program Files (x86)\Supporter
2014-04-17 07:17 - 2014-04-17 07:16 - 00000000 ____D () C:\Program Files (x86)\System Speedup
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\Torch
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\Packages
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\Google
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\Comodo
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Gast\AppData\Local\Torch
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Gast
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Administrator
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\ProgramData\SaveClicker
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\ProgramData\a408305a3ffb7129
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Program Files (x86)\SupraSavings
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Program Files (x86)\SaveClicker
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-17 07:15 - 2014-04-17 07:15 - 00000000 ____D () C:\Program Files\003
2014-04-17 07:12 - 2014-04-17 07:12 - 00002765 _____ () C:\Users\vdDHeSteYa\Desktop\Continue Avira-AntiVirus.lnk
2014-04-17 00:47 - 2009-07-14 07:38 - 00029696 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2014-04-17 00:47 - 2009-07-14 07:32 - 00032768 _____ () C:\Windows\system32\config\BCD-Template
2014-04-17 00:46 - 2014-04-17 00:46 - 00000000 ___HD () C:\Tools
2014-04-17 00:46 - 2013-07-19 00:07 - 00000000 ___HD () C:\RPKTools
2014-04-16 18:25 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-04-16 17:52 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-16 17:49 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-04-16 17:39 - 2014-04-16 17:39 - 00000000 ____D () C:\Users\vdDHeSteYa\Desktop\Acronis installieren
2014-04-16 17:39 - 2014-04-16 17:39 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Roaming\ESET
2014-04-16 17:39 - 2014-04-16 17:39 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\VirtualStore
2014-04-16 17:39 - 2014-04-16 17:39 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\ESET
2014-04-16 17:39 - 2014-04-16 17:35 - 00001446 _____ () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-16 17:39 - 2014-04-16 17:35 - 00001412 _____ () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-04-16 17:39 - 2014-04-16 17:35 - 00000000 ___RD () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-16 17:39 - 2014-04-16 17:35 - 00000000 ___RD () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Vorlagen
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Startmenü
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Netzwerkumgebung
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Lokale Einstellungen
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Eigene Dateien
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Druckumgebung
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Documents\Eigene Musik
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Documents\Eigene Bilder
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\AppData\Local\Verlauf
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\AppData\Local\Anwendungsdaten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Anwendungsdaten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Programme
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\ProgramData\Favoriten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 __SHD () C:\Recovery
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 ____D () C:\Users\vdDHeSteYa
2014-04-16 17:35 - 2013-07-19 00:07 - 00000000 ____D () C:\Windows\Panther
2014-04-16 17:35 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\restore
2014-04-16 17:35 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-04-16 17:35 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Recovery
2014-04-16 17:35 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Windows NT
2014-04-16 16:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-16 16:07 - 2013-07-18 14:12 - 00005949 _____ () C:\Windows\TSSysprep.log
2014-04-16 16:07 - 2009-07-14 06:46 - 00004822 _____ () C:\Windows\DtcInstall.log
2014-04-16 15:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-04-16 14:59 - 2014-04-16 14:59 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-16 14:58 - 2014-04-16 14:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_cvusbdrv_01009.Wdf
2014-04-16 14:53 - 2014-04-16 14:53 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-04-16 14:53 - 2014-04-16 14:53 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-04-16 14:53 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help
2014-04-03 09:51 - 2014-04-19 18:01 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-19 18:01 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-19 18:01 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-31 09:35 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\vdDHeSteYa\AppData\Local\Temp\18be6784_.exe
C:\Users\vdDHeSteYa\AppData\Local\Temp\294823_.exe
C:\Users\vdDHeSteYa\AppData\Local\Temp\avgnt.exe
C:\Users\vdDHeSteYa\AppData\Local\Temp\SpOrder.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-18 14:08

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---


Addition.txt

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-04-2014
Ran by vdDHeSteYa at 2014-04-22 21:24:10
Running from C:\Users\vdDHeSteYa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLP0PTG8
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 311.03 (Version: 311.03 - NVIDIA Corporation) Hidden
SaveClicker (HKLM-x32\...\{E96338DC-1468-4918-8EC2-8454BFFC5025}) (Version: 4.3.0.1548 - SaveClicker) <==== ATTENTION
Supporter 1.80 (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{be0fb33b}) (Version:  - SaveClicker) <==== ATTENTION
suprasavings (HKLM\...\suprasavings) (Version: 2.0.1 - suprasavings) <==== ATTENTION
SupraSavings (Version: 1.0.0.0 - SupraSavings) Hidden <==== ATTENTION
SupraSavings (x32 Version: 1.0.0.0 - SupraSavings) Hidden <==== ATTENTION
System Speedup (HKLM-x32\...\System Speedup_is1) (Version: 2.1 - systemspeedup.com)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

16-04-2014 15:35:49 ESET Smart Security wurde installiert
16-04-2014 15:48:34 Windows Update
16-04-2014 15:54:56 Windows Update
19-04-2014 14:42:50 Windows Update
19-04-2014 16:29:33 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {ADFB217B-DABE-444A-BDDC-0DE36F39C2D8} - System32\Tasks\System Speedup => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe [2013-12-13] (System Speedup)
Task: {C558E00C-72B2-4756-937D-9B9AC5B7393E} - System32\Tasks\System Speedup_UPDATES => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe [2013-12-13] (System Speedup)
Task: {D05B3068-FDFA-4C57-8767-89988BC23C58} - System32\Tasks\Microsoft\Windows\SetupSQMTask => C:\Windows\SYSTEM32\OOBE\SETUPSQM.EXE [2009-07-14] (Microsoft Corporation)
Task: {FCADAE58-2A7B-4F25-BBD5-5086085CB106} - System32\Tasks\System Speedup_DEFAULT => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe [2013-12-13] (System Speedup)
Task: C:\Windows\Tasks\System Speedup_DEFAULT.job => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe
Task: C:\Windows\Tasks\System Speedup_UPDATES.job => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe

==================== Loaded Modules (whitelisted) =============

2014-04-17 07:17 - 2014-04-17 07:17 - 04621312 _____ () C:\Program Files (x86)\Supporter\Supporter_x64.dll
2014-03-21 12:55 - 2014-03-21 12:55 - 00162816 _____ () c:\program files\suprasavings\pcproxydll64.dll
2014-04-17 07:15 - 2014-04-17 07:15 - 00706560 _____ () C:\Program Files\003\xmkysecqun64.exe
2014-04-16 14:54 - 2013-01-15 06:58 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-04-17 07:16 - 2013-04-17 07:16 - 00406016 _____ () C:\Program Files (x86)\SaveClicker\Nr.x64.dll
2014-04-19 17:50 - 2014-02-25 11:41 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-04-17 07:17 - 2014-04-17 07:17 - 04378112 _____ () C:\Program Files (x86)\Supporter\Supporter.dll
2014-04-17 07:17 - 2014-04-17 07:17 - 00178000 _____ () C:\Program Files (x86)\Supporter\SupporterSvc.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SecureAssist => ""="service"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/22/2014 07:44:28 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7601.17514, Zeitstempel: 0x4ce79912
Name des fehlerhaften Moduls: Nr.dll, Version: 1.8.0.0, Zeitstempel: 0x53465ab6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001de94
ID des fehlerhaften Prozesses: 0xd64
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (04/22/2014 07:43:48 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7601.17514, Zeitstempel: 0x4ce79912
Name des fehlerhaften Moduls: Nr.dll, Version: 1.8.0.0, Zeitstempel: 0x53465ab6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001de94
ID des fehlerhaften Prozesses: 0xc34
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (04/22/2014 07:36:05 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/19/2014 05:41:01 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (04/19/2014 05:41:01 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (04/19/2014 05:41:01 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (04/19/2014 05:41:01 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (04/19/2014 05:41:01 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (04/19/2014 05:41:01 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (04/19/2014 05:41:01 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.


System errors:
=============
Error: (04/22/2014 07:34:32 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎19.‎04.‎2014 um 18:30:02 unerwartet heruntergefahren.

Error: (04/17/2014 07:18:32 AM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Installer" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (04/17/2014 07:18:22 AM) (Source: Service Control Manager) (User: )
Description: Dienst "SecureAssist" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/17/2014 07:16:32 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/17/2014 07:16:23 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SProtection" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (04/16/2014 05:37:56 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "ESET Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.


Microsoft Office Sessions:
=========================
Error: (04/22/2014 07:44:28 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.7601.175144ce79912Nr.dll1.8.0.053465ab6c00000050001de94d6401cf5e5282665ac8C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\SaveClicker\Nr.dllc02f762c-ca45-11e3-a134-0024d67500f8

Error: (04/22/2014 07:43:48 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.7601.175144ce79912Nr.dll1.8.0.053465ab6c00000050001de94c3401cf5e52695c0107C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\SaveClicker\Nr.dlla8536b2d-ca45-11e3-a134-0024d67500f8

Error: (04/22/2014 07:36:05 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/19/2014 05:41:01 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (04/19/2014 05:41:01 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (04/19/2014 05:41:01 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (04/19/2014 05:41:01 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (04/19/2014 05:41:01 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (04/19/2014 05:41:01 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (04/19/2014 05:41:01 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
         
DANKE!!!
__________________

Alt 22.04.2014, 22:03   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Nachweis über Zeitpunkt des Virenbefalls möglich? - Standard

Nachweis über Zeitpunkt des Virenbefalls möglich?



Adware/Junkware/Toolbars entfernen


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.04.2014, 23:19   #5
tier1304
 
Nachweis über Zeitpunkt des Virenbefalls möglich? - Standard

Nachweis über Zeitpunkt des Virenbefalls möglich?



zu 1: AdwCleaner
Code:
ATTFilter
# AdwCleaner v3.201 - Bericht erstellt am 22/04/2014 um 22:45:26
# Aktualisiert 22/04/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : vdDHeSteYa - VDDHESTEYA-PC
# Gestartet von : C:\Users\vdDHeSteYa\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : SECUREASSIST
Dienst Gelöscht : xmkysecqun64

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Speedup
Ordner Gelöscht : C:\Program Files (x86)\IminentToolbar
[!] Ordner Gelöscht : C:\Program Files (x86)\Supporter
Ordner Gelöscht : C:\Program Files (x86)\SupraSavings
Ordner Gelöscht : C:\Program Files (x86)\System Speedup
Ordner Gelöscht : C:\Program Files\003
Ordner Gelöscht : C:\Program Files\SupraSavings
Ordner Gelöscht : C:\Users\vdDHeSteYa\AppData\Local\torch
Ordner Gelöscht : C:\Users\VDDHES~1\AppData\Local\Temp\Iminent
Ordner Gelöscht : C:\Users\vdDHeSteYa\AppData\LocalLow\IminentToolbar
Ordner Gelöscht : C:\Users\vdDHeSteYa\AppData\Roaming\System Speedup
Ordner Gelöscht : C:\Users\vdDHeSteYa\AppData\Roaming\Systweak
Datei Gelöscht : C:\Windows\SysWOW64\SecureAssist.dll
Datei Gelöscht : C:\Windows\SysWOW64\SecureAssist.ini
Datei Gelöscht : C:\Windows\SysWOW64\SecureAssistOff.ini
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Windows\System32\SecureAssist.ini
Datei Gelöscht : C:\Windows\System32\SecureAssist64.dll
Datei Gelöscht : C:\Windows\System32\SecureAssistOff.ini
Datei Gelöscht : C:\Windows\Tasks\System Speedup_DEFAULT.job
Datei Gelöscht : C:\Windows\System32\Tasks\System Speedup_DEFAULT
Datei Gelöscht : C:\Windows\Tasks\System Speedup_UPDATES.job
Datei Gelöscht : C:\Windows\System32\Tasks\System Speedup_UPDATES

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IMinentToolbar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IMinentToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{be0fb33b}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10AD2C61-0898-4348-8600-14A342F22AC3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{112BA211-334C-4A90-90EC-2AD1CDAB287C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1FAFD711-ABF9-4F6A-8130-5166C7371427}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{112BA211-334C-4A90-90EC-2AD1CDAB287C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1FAFD711-ABF9-4F6A-8130-5166C7371427}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\RegisteredApplicationsEx
Schlüssel Gelöscht : HKCU\Software\suprasavings
Schlüssel Gelöscht : HKCU\Software\System Speedup
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Rr Savings
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\suprasavings
Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\Software\Rr Savings
Schlüssel Gelöscht : HKLM\Software\suprasavings
Schlüssel Gelöscht : HKLM\Software\System Speedup
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Speedup_is1
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Iminent
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Rr Savings
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\suprasavings
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\suprasavings
Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\suppor~1\suppor~1.dll
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SUPPOR~1\SUPPOR~2.DLL

***** [ Browser ] *****

-\\ Internet Explorer v8.0.7601.17514


*************************

AdwCleaner[R0].txt - [6793 octets] - [22/04/2014 22:41:36]
AdwCleaner[S0].txt - [6428 octets] - [22/04/2014 22:45:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6488 octets] ##########
         

zu 2. JRT
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by vdDHeSteYa on 22.04.2014 at 23:03:43,96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB3E1634-45A0-E739-D709-A3BF1FB95E12}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB3E1634-45A0-E739-D709-A3BF1FB95E12}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FB3E1634-45A0-E739-D709-A3BF1FB95E12}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.04.2014 at 23:07:58,88
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

zu 3. FRST log

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2014
Ran by vdDHeSteYa (administrator) on VDDHESTEYA-PC on 22-04-2014 23:10:36
Running from C:\Users\vdDHeSteYa\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
IFEO\DatamngrCoordinator.exe: [Debugger] tasklist.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD8B978418E59CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: SaveClicker - {FB3E1634-45A0-E739-D709-A3BF1FB95E12} - C:\Program Files (x86)\SaveClicker\Nr.x64.dll ()
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (SaveClicker) - C:\Users\vdDHeSteYa\AppData\Local\Google\Chrome\User Data\Default\Extensions\iogpddcklcnjhioiaadiajaboepegdal [2014-04-17]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
S2 be0fb33b; "C:\Windows\system32\rundll32.exe" "c:\progra~2\suppor~1\SupporterSvc.dll",service

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-22] (Malwarebytes Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-22 23:10 - 2014-04-22 23:10 - 00004458 _____ () C:\Users\vdDHeSteYa\Desktop\FRST.txt
2014-04-22 23:07 - 2014-04-22 23:07 - 00001057 _____ () C:\Users\vdDHeSteYa\Desktop\JRT.txt
2014-04-22 22:54 - 2014-04-22 22:54 - 00000000 ____D () C:\Windows\ERUNT
2014-04-22 22:53 - 2014-04-22 22:53 - 00006600 _____ () C:\Users\vdDHeSteYa\Documents\AdwCleaner[S0].txt
2014-04-22 22:52 - 2014-04-22 22:52 - 01016261 _____ (Thisisu) C:\Users\vdDHeSteYa\Desktop\JRT.exe
2014-04-22 22:41 - 2014-04-22 22:45 - 00000000 ____D () C:\AdwCleaner
2014-04-22 22:38 - 2014-04-22 22:38 - 01345471 _____ () C:\Users\vdDHeSteYa\Desktop\adwcleaner.exe
2014-04-22 21:35 - 2014-04-22 21:35 - 00232298 _____ () C:\Users\vdDHeSteYa\Documents\Ereignisse.txt
2014-04-22 21:23 - 2014-04-22 23:10 - 00000000 ____D () C:\FRST
2014-04-22 21:22 - 2014-04-22 21:22 - 02061312 _____ (Farbar) C:\Users\vdDHeSteYa\Desktop\FRST64.exe
2014-04-22 21:10 - 2014-04-22 21:10 - 00035013 _____ () C:\Users\vdDHeSteYa\Documents\mwbam.txt
2014-04-22 19:40 - 2014-04-22 19:40 - 00020636 _____ () C:\Users\vdDHeSteYa\Documents\AVSCAN-20140419-175301-7E690C72.LOG
2014-04-19 18:01 - 2014-04-22 19:40 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-19 18:01 - 2014-04-19 18:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-19 18:01 - 2014-04-19 18:01 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-19 18:01 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-19 18:01 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-19 18:01 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-19 18:00 - 2014-04-19 18:00 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\vdDHeSteYa\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-19 17:51 - 2014-04-19 17:51 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Roaming\Avira
2014-04-19 17:50 - 2014-04-19 17:50 - 00002073 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-04-19 17:50 - 2014-04-19 17:50 - 00000000 ____D () C:\ProgramData\Avira
2014-04-19 17:50 - 2014-04-19 17:50 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-04-19 17:50 - 2014-02-25 11:41 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-04-19 17:50 - 2014-02-25 11:41 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-04-19 17:50 - 2014-02-25 11:41 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-04-19 17:48 - 2014-04-19 17:48 - 138607664 _____ () C:\Users\vdDHeSteYa\Downloads\avira_free_antivirus_de_14.0.3.350.exe
2014-04-19 17:33 - 2014-04-19 17:33 - 00003556 _____ () C:\Windows\System32\Tasks\CreateChoiceProcessTask
2014-04-19 17:33 - 2014-04-19 17:33 - 00001757 _____ () C:\Users\Public\Desktop\Browserwahl.lnk
2014-04-19 17:20 - 2012-07-26 06:55 - 00785512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-04-19 17:20 - 2012-07-26 06:55 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2014-04-19 17:20 - 2012-07-26 04:36 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2014-04-19 17:20 - 2012-06-02 16:35 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2014-04-19 17:14 - 2010-02-23 10:16 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\browserchoice.exe
2014-04-19 16:56 - 2012-07-26 05:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2014-04-19 16:56 - 2012-07-26 05:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2014-04-19 16:56 - 2012-07-26 05:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2014-04-19 16:56 - 2012-07-26 05:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2014-04-19 16:56 - 2012-07-26 05:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2014-04-19 16:56 - 2012-07-26 04:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2014-04-19 16:56 - 2012-07-26 04:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2014-04-19 16:56 - 2012-06-02 16:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2014-04-19 16:47 - 2013-10-12 04:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-04-19 16:47 - 2013-10-12 04:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-04-19 16:47 - 2013-10-12 04:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-04-19 16:47 - 2013-10-12 04:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2014-04-19 16:47 - 2013-10-12 04:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2014-04-19 16:47 - 2012-06-06 08:02 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2014-04-19 16:47 - 2012-06-06 07:03 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2014-04-19 16:43 - 2012-03-01 08:46 - 00023408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
2014-04-19 16:43 - 2012-03-01 08:38 - 00220672 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-04-19 16:43 - 2012-03-01 08:33 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-04-19 16:43 - 2012-03-01 08:28 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
2014-04-19 16:43 - 2012-03-01 07:37 - 00172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-04-19 16:43 - 2012-03-01 07:33 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-04-19 16:43 - 2012-03-01 07:29 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2014-04-17 07:17 - 2014-04-22 19:39 - 00003132 _____ () C:\Windows\System32\Tasks\System Speedup
2014-04-17 07:17 - 2014-04-17 07:17 - 00001081 _____ () C:\Users\Public\Desktop\System Speedup.lnk
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\Packages
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\Google
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\Comodo
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Gast\AppData\Local\Torch
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Gast
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Administrator
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\ProgramData\SaveClicker
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\ProgramData\a408305a3ffb7129
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Program Files (x86)\SaveClicker
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-17 07:12 - 2014-04-17 07:12 - 00002765 _____ () C:\Users\vdDHeSteYa\Desktop\Continue Avira-AntiVirus.lnk
2014-04-17 07:11 - 2011-11-19 16:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-04-17 07:11 - 2011-11-19 16:01 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-04-17 00:46 - 2014-04-17 00:46 - 00000000 ___HD () C:\Tools
2014-04-16 17:54 - 2012-02-17 08:38 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2014-04-16 17:54 - 2012-02-17 07:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2014-04-16 17:54 - 2012-02-17 06:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-04-16 17:54 - 2012-02-17 06:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2014-04-16 17:49 - 2012-06-03 00:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-04-16 17:49 - 2012-06-03 00:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-04-16 17:49 - 2012-06-03 00:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-04-16 17:49 - 2012-06-03 00:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-04-16 17:48 - 2012-06-03 00:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-04-16 17:48 - 2012-06-03 00:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-04-16 17:48 - 2012-06-03 00:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-04-16 17:48 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-04-16 17:48 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-04-16 17:43 - 2014-04-22 21:16 - 00003970 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5C497AA6-8DA4-4F51-9231-255D2BE41896}
2014-04-16 17:39 - 2014-04-16 17:39 - 00000000 ____D () C:\Users\vdDHeSteYa\Desktop\Acronis installieren
2014-04-16 17:39 - 2014-04-16 17:39 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Roaming\ESET
2014-04-16 17:39 - 2014-04-16 17:39 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\VirtualStore
2014-04-16 17:39 - 2014-04-16 17:39 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\ESET
2014-04-16 17:35 - 2014-04-16 17:39 - 00001446 _____ () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-16 17:35 - 2014-04-16 17:39 - 00001412 _____ () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-04-16 17:35 - 2014-04-16 17:39 - 00000000 ___RD () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-16 17:35 - 2014-04-16 17:39 - 00000000 ___RD () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Vorlagen
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Startmenü
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Netzwerkumgebung
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Lokale Einstellungen
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Eigene Dateien
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Druckumgebung
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Documents\Eigene Musik
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Documents\Eigene Bilder
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\AppData\Local\Verlauf
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\AppData\Local\Anwendungsdaten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Anwendungsdaten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Programme
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\ProgramData\Favoriten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 __SHD () C:\Recovery
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 ____D () C:\Users\vdDHeSteYa
2014-04-16 17:35 - 2013-07-18 15:09 - 00057560 _____ () C:\Users\vdDHeSteYa\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-16 17:35 - 2013-07-18 15:09 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\Windows Live
2014-04-16 17:35 - 2010-11-21 04:50 - 00000020 ___SH () C:\Users\vdDHeSteYa\ntuser.ini
2014-04-16 17:35 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-04-16 17:35 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-04-16 16:30 - 2014-04-22 23:09 - 01222797 _____ () C:\Windows\WindowsUpdate.log
2014-04-16 14:59 - 2014-04-16 14:59 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-16 14:58 - 2014-04-16 14:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_cvusbdrv_01009.Wdf
2014-04-16 14:58 - 2010-07-27 02:25 - 00043048 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\cvusbdrv.sys
2014-04-16 14:58 - 2010-07-07 00:45 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2014-04-16 14:54 - 2013-01-15 06:58 - 06382880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-04-16 14:54 - 2013-01-15 06:58 - 03460896 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-04-16 14:54 - 2013-01-15 06:58 - 02558240 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-04-16 14:54 - 2013-01-15 06:58 - 00997664 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2014-04-16 14:54 - 2013-01-15 06:58 - 00884512 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-04-16 14:54 - 2013-01-15 06:58 - 00118560 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-04-16 14:54 - 2013-01-15 06:58 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-04-16 14:54 - 2013-01-15 06:58 - 00055584 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2014-04-16 14:53 - 2014-04-16 14:53 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-04-16 14:53 - 2014-04-16 14:53 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-04-16 14:53 - 2013-01-19 07:55 - 26931488 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-04-16 14:53 - 2013-01-19 07:55 - 20450080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-04-16 14:53 - 2013-01-19 07:55 - 15052728 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-04-16 14:53 - 2013-01-19 07:55 - 12641480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-04-16 14:53 - 2013-01-19 07:55 - 11012384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-04-16 14:53 - 2013-01-19 07:55 - 07564040 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-04-16 14:53 - 2013-01-19 07:55 - 06262608 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-04-16 14:53 - 2013-01-19 07:55 - 00061216 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-04-16 14:53 - 2013-01-19 07:55 - 00053024 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-04-16 14:53 - 2013-01-19 07:55 - 00017266 _____ () C:\Windows\system32\nvinfo.pb
2014-04-16 14:52 - 2013-01-19 07:55 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 18054672 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 15129448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 09390760 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 07932256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 02904352 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 02826040 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 02720544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 02505144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 02344736 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 01985824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 01814304 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco64.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 01510176 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco64.dll
2014-04-16 14:52 - 2012-01-24 00:44 - 08616960 _____ (Intel Corporation) C:\Windows\system32\Drivers\NETwNs64.sys
2014-04-16 14:52 - 2010-05-19 07:32 - 02750464 _____ (Intel Corporation) C:\Windows\system32\NETwNr64.dll
2014-04-16 14:52 - 2010-05-19 07:30 - 00799232 _____ (Intel Corporation) C:\Windows\system32\NETwNc64.dll
2014-04-16 14:50 - 2013-07-18 15:09 - 00057560 _____ () C:\Users\Default\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-16 14:50 - 2013-07-18 15:09 - 00057560 _____ () C:\Users\Default User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-16 14:50 - 2013-07-18 15:09 - 00000000 ____D () C:\Users\Default\AppData\Local\Windows Live
2014-04-16 14:50 - 2013-07-18 15:09 - 00000000 ____D () C:\Users\Default User\AppData\Local\Windows Live

==================== One Month Modified Files and Folders =======

2014-04-22 23:10 - 2014-04-22 23:10 - 00004458 _____ () C:\Users\vdDHeSteYa\Desktop\FRST.txt
2014-04-22 23:10 - 2014-04-22 21:23 - 00000000 ____D () C:\FRST
2014-04-22 23:10 - 2014-04-16 16:30 - 01222797 _____ () C:\Windows\WindowsUpdate.log
2014-04-22 23:08 - 2010-11-21 08:50 - 00696870 _____ () C:\Windows\system32\perfh007.dat
2014-04-22 23:08 - 2010-11-21 08:50 - 00148134 _____ () C:\Windows\system32\perfc007.dat
2014-04-22 23:08 - 2009-07-14 07:13 - 01612484 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-22 23:07 - 2014-04-22 23:07 - 00001057 _____ () C:\Users\vdDHeSteYa\Desktop\JRT.txt
2014-04-22 23:01 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-22 23:01 - 2009-07-14 06:51 - 00037052 _____ () C:\Windows\setupact.log
2014-04-22 23:00 - 2009-07-14 06:45 - 00016640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-22 23:00 - 2009-07-14 06:45 - 00016640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-22 22:54 - 2014-04-22 22:54 - 00000000 ____D () C:\Windows\ERUNT
2014-04-22 22:53 - 2014-04-22 22:53 - 00006600 _____ () C:\Users\vdDHeSteYa\Documents\AdwCleaner[S0].txt
2014-04-22 22:52 - 2014-04-22 22:52 - 01016261 _____ (Thisisu) C:\Users\vdDHeSteYa\Desktop\JRT.exe
2014-04-22 22:46 - 2010-11-21 05:47 - 00109172 _____ () C:\Windows\PFRO.log
2014-04-22 22:45 - 2014-04-22 22:41 - 00000000 ____D () C:\AdwCleaner
2014-04-22 22:38 - 2014-04-22 22:38 - 01345471 _____ () C:\Users\vdDHeSteYa\Desktop\adwcleaner.exe
2014-04-22 21:35 - 2014-04-22 21:35 - 00232298 _____ () C:\Users\vdDHeSteYa\Documents\Ereignisse.txt
2014-04-22 21:22 - 2014-04-22 21:22 - 02061312 _____ (Farbar) C:\Users\vdDHeSteYa\Desktop\FRST64.exe
2014-04-22 21:16 - 2014-04-16 17:43 - 00003970 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5C497AA6-8DA4-4F51-9231-255D2BE41896}
2014-04-22 21:10 - 2014-04-22 21:10 - 00035013 _____ () C:\Users\vdDHeSteYa\Documents\mwbam.txt
2014-04-22 19:40 - 2014-04-22 19:40 - 00020636 _____ () C:\Users\vdDHeSteYa\Documents\AVSCAN-20140419-175301-7E690C72.LOG
2014-04-22 19:40 - 2014-04-19 18:01 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-22 19:39 - 2014-04-17 07:17 - 00003132 _____ () C:\Windows\System32\Tasks\System Speedup
2014-04-19 18:01 - 2014-04-19 18:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-19 18:01 - 2014-04-19 18:01 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-19 18:00 - 2014-04-19 18:00 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\vdDHeSteYa\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-19 17:51 - 2014-04-19 17:51 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Roaming\Avira
2014-04-19 17:50 - 2014-04-19 17:50 - 00002073 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-04-19 17:50 - 2014-04-19 17:50 - 00000000 ____D () C:\ProgramData\Avira
2014-04-19 17:50 - 2014-04-19 17:50 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-04-19 17:48 - 2014-04-19 17:48 - 138607664 _____ () C:\Users\vdDHeSteYa\Downloads\avira_free_antivirus_de_14.0.3.350.exe
2014-04-19 17:33 - 2014-04-19 17:33 - 00003556 _____ () C:\Windows\System32\Tasks\CreateChoiceProcessTask
2014-04-19 17:33 - 2014-04-19 17:33 - 00001757 _____ () C:\Users\Public\Desktop\Browserwahl.lnk
2014-04-19 17:30 - 2013-07-18 14:39 - 01589650 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-04-17 07:17 - 2014-04-17 07:17 - 00001081 _____ () C:\Users\Public\Desktop\System Speedup.lnk
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\Packages
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\Google
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\Comodo
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Gast\AppData\Local\Torch
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Gast
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Administrator
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\ProgramData\SaveClicker
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\ProgramData\a408305a3ffb7129
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Program Files (x86)\SaveClicker
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-17 07:12 - 2014-04-17 07:12 - 00002765 _____ () C:\Users\vdDHeSteYa\Desktop\Continue Avira-AntiVirus.lnk
2014-04-17 00:47 - 2009-07-14 07:38 - 00029696 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2014-04-17 00:47 - 2009-07-14 07:32 - 00032768 _____ () C:\Windows\system32\config\BCD-Template
2014-04-17 00:46 - 2014-04-17 00:46 - 00000000 ___HD () C:\Tools
2014-04-17 00:46 - 2013-07-19 00:07 - 00000000 ___HD () C:\RPKTools
2014-04-16 18:25 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-04-16 17:52 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-16 17:49 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-04-16 17:39 - 2014-04-16 17:39 - 00000000 ____D () C:\Users\vdDHeSteYa\Desktop\Acronis installieren
2014-04-16 17:39 - 2014-04-16 17:39 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Roaming\ESET
2014-04-16 17:39 - 2014-04-16 17:39 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\VirtualStore
2014-04-16 17:39 - 2014-04-16 17:39 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\ESET
2014-04-16 17:39 - 2014-04-16 17:35 - 00001446 _____ () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-16 17:39 - 2014-04-16 17:35 - 00001412 _____ () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-04-16 17:39 - 2014-04-16 17:35 - 00000000 ___RD () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-16 17:39 - 2014-04-16 17:35 - 00000000 ___RD () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Vorlagen
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Startmenü
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Netzwerkumgebung
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Lokale Einstellungen
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Eigene Dateien
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Druckumgebung
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Documents\Eigene Musik
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Documents\Eigene Bilder
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\AppData\Local\Verlauf
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\AppData\Local\Anwendungsdaten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Anwendungsdaten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Programme
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\ProgramData\Favoriten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 __SHD () C:\Recovery
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 ____D () C:\Users\vdDHeSteYa
2014-04-16 17:35 - 2013-07-19 00:07 - 00000000 ____D () C:\Windows\Panther
2014-04-16 17:35 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\restore
2014-04-16 17:35 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-04-16 17:35 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Recovery
2014-04-16 17:35 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Windows NT
2014-04-16 16:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-16 16:07 - 2013-07-18 14:12 - 00005949 _____ () C:\Windows\TSSysprep.log
2014-04-16 16:07 - 2009-07-14 06:46 - 00004822 _____ () C:\Windows\DtcInstall.log
2014-04-16 15:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-04-16 14:59 - 2014-04-16 14:59 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-16 14:58 - 2014-04-16 14:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_cvusbdrv_01009.Wdf
2014-04-16 14:53 - 2014-04-16 14:53 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-04-16 14:53 - 2014-04-16 14:53 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-04-16 14:53 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help
2014-04-03 09:51 - 2014-04-19 18:01 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-19 18:01 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-19 18:01 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-31 09:35 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\vdDHeSteYa\AppData\Local\Temp\18be6784_.exe
C:\Users\vdDHeSteYa\AppData\Local\Temp\294823_.exe
C:\Users\vdDHeSteYa\AppData\Local\Temp\avgnt.exe
C:\Users\vdDHeSteYa\AppData\Local\Temp\Quarantine.exe
C:\Users\vdDHeSteYa\AppData\Local\Temp\SpOrder.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-18 14:08

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Alt 22.04.2014, 23:51   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Nachweis über Zeitpunkt des Virenbefalls möglich? - Standard

Nachweis über Zeitpunkt des Virenbefalls möglich?



Bitte auch ein neues addition.txt Log

__________________
--> Nachweis über Zeitpunkt des Virenbefalls möglich?

Alt 23.04.2014, 06:58   #7
tier1304
 
Nachweis über Zeitpunkt des Virenbefalls möglich? - Standard

Nachweis über Zeitpunkt des Virenbefalls möglich?



Guten Morgen!
und hier die Addition...

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-04-2014
Ran by vdDHeSteYa at 2014-04-23 06:53:11
Running from C:\Users\vdDHeSteYa\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 311.03 (Version: 311.03 - NVIDIA Corporation) Hidden
SaveClicker (HKLM-x32\...\{E96338DC-1468-4918-8EC2-8454BFFC5025}) (Version: 4.3.0.1548 - SaveClicker) <==== ATTENTION
SupraSavings (Version: 1.0.0.0 - SupraSavings) Hidden <==== ATTENTION
SupraSavings (x32 Version: 1.0.0.0 - SupraSavings) Hidden <==== ATTENTION
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

16-04-2014 15:35:49 ESET Smart Security wurde installiert
16-04-2014 15:48:34 Windows Update
16-04-2014 15:54:56 Windows Update
19-04-2014 14:42:50 Windows Update
19-04-2014 16:29:33 Windows Update
22-04-2014 21:30:07 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {ADFB217B-DABE-444A-BDDC-0DE36F39C2D8} - System32\Tasks\System Speedup => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe
Task: {C558E00C-72B2-4756-937D-9B9AC5B7393E} - \System Speedup_UPDATES No Task File <==== ATTENTION
Task: {FCADAE58-2A7B-4F25-BBD5-5086085CB106} - \System Speedup_DEFAULT No Task File <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2014-04-16 14:54 - 2013-01-15 06:58 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-04-19 17:50 - 2014-02-25 11:41 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SecureAssist => ""="service"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/23/2014 06:48:48 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/23/2014 06:45:49 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/23/2014 06:43:21 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: sched.exe, Version: 14.0.3.336, Zeitstempel: 0x52fcd5fd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x735471fc
ID des fehlerhaften Prozesses: 0x424
Startzeit der fehlerhaften Anwendung: 0xsched.exe0
Pfad der fehlerhaften Anwendung: sched.exe1
Pfad des fehlerhaften Moduls: sched.exe2
Berichtskennung: sched.exe3

Error: (04/23/2014 06:40:14 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/22/2014 11:39:59 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (04/22/2014 11:39:26 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (04/22/2014 11:39:25 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (04/22/2014 11:39:24 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (04/22/2014 11:37:40 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (04/22/2014 11:30:07 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Falscher Parameter.
.


System errors:
=============
Error: (04/23/2014 06:49:48 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet: 
%%16405

Error: (04/23/2014 06:48:14 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Supporter erreicht.

Error: (04/23/2014 06:46:11 AM) (Source: WudfUsbccidDriver) (User: NT-AUTORITÄT)
Description: 2759910920x0

Error: (04/23/2014 06:46:10 AM) (Source: WudfUsbccidDriver) (User: NT-AUTORITÄT)
Description: 898630110x0

Error: (04/23/2014 06:46:11 AM) (Source: SCardSvr) (User: )
Description: Der E/A-Vorgang wurde wegen eines Threadendes oder einer Anwendungsanforderung abgebrochen.Broadcom Corp Contacted SmartCard 0GET_STATEXX XX XX XX

Error: (04/23/2014 06:46:02 AM) (Source: WudfUsbccidDriver) (User: NT-AUTORITÄT)
Description: 26992190x0

Error: (04/23/2014 06:46:01 AM) (Source: WudfUsbccidDriver) (User: NT-AUTORITÄT)
Description: 2334830100x0

Error: (04/23/2014 06:46:02 AM) (Source: SCardSvr) (User: )
Description: Der E/A-Vorgang wurde wegen eines Threadendes oder einer Anwendungsanforderung abgebrochen.Broadcom Corp Contacted SmartCard 0GET_STATEXX XX XX XX

Error: (04/23/2014 06:45:26 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Supporter erreicht.

Error: (04/23/2014 06:43:27 AM) (Source: Service Control Manager) (User: )
Description: Dienst "Avira Planer" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (04/23/2014 06:48:48 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/23/2014 06:45:49 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/23/2014 06:43:21 AM) (Source: Application Error)(User: )
Description: sched.exe14.0.3.33652fcd5fdunknown0.0.0.000000000c0000005735471fc42401cf5eae8e10a3e9C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exeunknowncbc452ea-caa1-11e3-a2de-0024d67500f8

Error: (04/23/2014 06:40:14 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/22/2014 11:39:59 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (04/22/2014 11:39:26 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (04/22/2014 11:39:25 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (04/22/2014 11:39:24 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (04/22/2014 11:37:40 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (04/22/2014 11:30:07 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Falscher Parameter.


==================== Memory info =========================== 

Percentage of memory in use: 35%
Total physical RAM: 4083.91 MB
Available physical RAM: 2615.8 MB
Total Pagefile: 8166 MB
Available Pagefile: 6798.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:66.53 GB) (Free:39.25 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 75 GB) (Disk ID: 28696454)
Partition 1: (Active) - (Size=8 GB) - (Type=27)
Partition 2: (Not Active) - (Size=67 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 23.04.2014, 10:39   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Nachweis über Zeitpunkt des Virenbefalls möglich? - Standard

Nachweis über Zeitpunkt des Virenbefalls möglich?



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 be0fb33b; "C:\Windows\system32\rundll32.exe" "c:\progra~2\suppor~1\SupporterSvc.dll",service
Task: {ADFB217B-DABE-444A-BDDC-0DE36F39C2D8} - System32\Tasks\System Speedup => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe
Task: {C558E00C-72B2-4756-937D-9B9AC5B7393E} - \System Speedup_UPDATES No Task File <==== ATTENTION
Task: {FCADAE58-2A7B-4F25-BBD5-5086085CB106} - \System Speedup_DEFAULT No Task File <==== ATTENTION
C:\Program Files (x86)\System Speedup
C:\Users\vdDHeSteYa\AppData\Local\Temp\18be6784_.exe
C:\Users\vdDHeSteYa\AppData\Local\Temp\294823_.exe
C:\Users\vdDHeSteYa\AppData\Local\Temp\SpOrder.dll
C:\ProgramData\SaveClicker
C:\ProgramData\a408305a3ffb7129
C:\Program Files (x86)\SaveClicker
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 23.04.2014, 12:31   #9
tier1304
 
Nachweis über Zeitpunkt des Virenbefalls möglich? - Standard

Nachweis über Zeitpunkt des Virenbefalls möglich?



Fixlog

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-04-2014
Ran by vdDHeSteYa at 2014-04-23 12:29:29 Run:1
Running from C:\Users\vdDHeSteYa\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 be0fb33b; "C:\Windows\system32\rundll32.exe" "c:\progra~2\suppor~1\SupporterSvc.dll",service
Task: {ADFB217B-DABE-444A-BDDC-0DE36F39C2D8} - System32\Tasks\System Speedup => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe
Task: {C558E00C-72B2-4756-937D-9B9AC5B7393E} - \System Speedup_UPDATES No Task File <==== ATTENTION
Task: {FCADAE58-2A7B-4F25-BBD5-5086085CB106} - \System Speedup_DEFAULT No Task File <==== ATTENTION
C:\Program Files (x86)\System Speedup
C:\Users\vdDHeSteYa\AppData\Local\Temp\18be6784_.exe
C:\Users\vdDHeSteYa\AppData\Local\Temp\294823_.exe
C:\Users\vdDHeSteYa\AppData\Local\Temp\SpOrder.dll
C:\ProgramData\SaveClicker
C:\ProgramData\a408305a3ffb7129
C:\Program Files (x86)\SaveClicker
*****************

HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
be0fb33b => Service deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{ADFB217B-DABE-444A-BDDC-0DE36F39C2D8} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ADFB217B-DABE-444A-BDDC-0DE36F39C2D8} => Key deleted successfully.
C:\Windows\System32\Tasks\System Speedup => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System Speedup => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C558E00C-72B2-4756-937D-9B9AC5B7393E} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C558E00C-72B2-4756-937D-9B9AC5B7393E} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System Speedup_UPDATES => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FCADAE58-2A7B-4F25-BBD5-5086085CB106} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FCADAE58-2A7B-4F25-BBD5-5086085CB106} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System Speedup_DEFAULT => Key deleted successfully.
"C:\Program Files (x86)\System Speedup" => File/Directory not found.
C:\Users\vdDHeSteYa\AppData\Local\Temp\18be6784_.exe => Moved successfully.
C:\Users\vdDHeSteYa\AppData\Local\Temp\294823_.exe => Moved successfully.
C:\Users\vdDHeSteYa\AppData\Local\Temp\SpOrder.dll => Moved successfully.
C:\ProgramData\SaveClicker => Moved successfully.
C:\ProgramData\a408305a3ffb7129 => Moved successfully.
C:\Program Files (x86)\SaveClicker => Moved successfully.

==== End of Fixlog ====
         

Alt 23.04.2014, 13:09   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Nachweis über Zeitpunkt des Virenbefalls möglich? - Standard

Nachweis über Zeitpunkt des Virenbefalls möglich?



Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Scan klicken

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 23.04.2014, 13:30   #11
tier1304
 
Nachweis über Zeitpunkt des Virenbefalls möglich? - Standard

Nachweis über Zeitpunkt des Virenbefalls möglich?




FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2014
Ran by vdDHeSteYa (administrator) on VDDHESTEYA-PC on 23-04-2014 13:18:44
Running from C:\Users\vdDHeSteYa\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
IFEO\DatamngrCoordinator.exe: [Debugger] tasklist.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7A610843B05ECF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: SaveClicker - {FB3E1634-45A0-E739-D709-A3BF1FB95E12} - C:\Program Files (x86)\SaveClicker\Nr.x64.dll No File
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (SaveClicker) - C:\Users\vdDHeSteYa\AppData\Local\Google\Chrome\User Data\Default\Extensions\iogpddcklcnjhioiaadiajaboepegdal [2014-04-17]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-22] (Malwarebytes Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-23 06:53 - 2014-04-23 06:54 - 00015218 _____ () C:\Users\vdDHeSteYa\Desktop\Addition.txt
2014-04-23 06:53 - 2014-04-23 06:53 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-04-23 06:50 - 2014-04-23 06:50 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Roaming\Adobe
2014-04-23 00:03 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-04-22 23:57 - 2014-04-22 23:57 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-22 23:57 - 2014-04-22 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-22 23:57 - 2014-04-22 23:57 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-22 23:57 - 2014-04-22 23:57 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-22 23:57 - 2014-04-22 23:57 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-04-22 23:57 - 2014-04-22 23:57 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-04-22 23:57 - 2014-04-22 23:57 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-04-22 23:57 - 2014-04-22 23:57 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-04-22 23:57 - 2014-04-22 23:57 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-04-22 23:57 - 2014-04-22 23:57 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-04-22 23:57 - 2014-04-22 23:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-22 23:56 - 2014-04-22 23:56 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-04-22 23:56 - 2014-04-22 23:56 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-04-22 23:56 - 2014-04-22 23:56 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-04-22 23:56 - 2014-04-22 23:56 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-04-22 23:56 - 2014-04-22 23:56 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-04-22 23:56 - 2014-04-22 23:56 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-04-22 23:56 - 2014-04-22 23:56 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-04-22 23:56 - 2014-04-22 23:56 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2014-04-22 23:56 - 2014-04-22 23:56 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2014-04-22 23:55 - 2014-04-22 23:55 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-04-22 23:55 - 2014-04-22 23:55 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-04-22 23:55 - 2014-04-22 23:55 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-04-22 23:49 - 2014-04-23 00:04 - 00017084 _____ () C:\Windows\IE11_main.log
2014-04-22 23:49 - 2014-04-22 23:49 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-04-22 23:49 - 2014-04-22 23:49 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2014-04-22 23:10 - 2014-04-23 13:18 - 00004277 _____ () C:\Users\vdDHeSteYa\Desktop\FRST.txt
2014-04-22 23:07 - 2014-04-22 23:07 - 00001057 _____ () C:\Users\vdDHeSteYa\Desktop\JRT.txt
2014-04-22 22:54 - 2014-04-22 22:54 - 00000000 ____D () C:\Windows\ERUNT
2014-04-22 22:53 - 2014-04-22 22:53 - 00006600 _____ () C:\Users\vdDHeSteYa\Documents\AdwCleaner[S0].txt
2014-04-22 22:52 - 2014-04-22 22:52 - 01016261 _____ (Thisisu) C:\Users\vdDHeSteYa\Desktop\JRT.exe
2014-04-22 22:41 - 2014-04-22 22:45 - 00000000 ____D () C:\AdwCleaner
2014-04-22 22:38 - 2014-04-22 22:38 - 01345471 _____ () C:\Users\vdDHeSteYa\Desktop\adwcleaner.exe
2014-04-22 21:35 - 2014-04-22 21:35 - 00232298 _____ () C:\Users\vdDHeSteYa\Documents\Ereignisse.txt
2014-04-22 21:23 - 2014-04-23 13:18 - 00000000 ____D () C:\FRST
2014-04-22 21:22 - 2014-04-22 21:22 - 02061312 _____ (Farbar) C:\Users\vdDHeSteYa\Desktop\FRST64.exe
2014-04-22 21:10 - 2014-04-22 21:10 - 00035013 _____ () C:\Users\vdDHeSteYa\Documents\mwbam.txt
2014-04-22 19:40 - 2014-04-22 19:40 - 00020636 _____ () C:\Users\vdDHeSteYa\Documents\AVSCAN-20140419-175301-7E690C72.LOG
2014-04-19 18:01 - 2014-04-22 19:40 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-19 18:01 - 2014-04-19 18:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-19 18:01 - 2014-04-19 18:01 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-19 18:01 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-19 18:01 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-19 18:01 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-19 18:00 - 2014-04-19 18:00 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\vdDHeSteYa\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-19 17:51 - 2014-04-19 17:51 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Roaming\Avira
2014-04-19 17:50 - 2014-04-19 17:50 - 00002073 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-04-19 17:50 - 2014-04-19 17:50 - 00000000 ____D () C:\ProgramData\Avira
2014-04-19 17:50 - 2014-04-19 17:50 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-04-19 17:50 - 2014-02-25 11:41 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-04-19 17:50 - 2014-02-25 11:41 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-04-19 17:50 - 2014-02-25 11:41 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-04-19 17:48 - 2014-04-19 17:48 - 138607664 _____ () C:\Users\vdDHeSteYa\Downloads\avira_free_antivirus_de_14.0.3.350.exe
2014-04-19 17:33 - 2014-04-19 17:33 - 00003556 _____ () C:\Windows\System32\Tasks\CreateChoiceProcessTask
2014-04-19 17:33 - 2014-04-19 17:33 - 00001757 _____ () C:\Users\Public\Desktop\Browserwahl.lnk
2014-04-19 17:20 - 2012-07-26 06:55 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2014-04-19 17:20 - 2012-07-26 04:36 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2014-04-19 17:20 - 2012-06-02 16:35 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2014-04-19 17:14 - 2010-02-23 10:16 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\browserchoice.exe
2014-04-19 17:11 - 2013-07-04 14:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2014-04-19 17:11 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2014-04-19 17:11 - 2011-06-15 12:02 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\odbctrac.dll
2014-04-19 17:11 - 2011-06-15 12:02 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\odbccp32.dll
2014-04-19 17:11 - 2011-06-15 12:02 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\odbccu32.dll
2014-04-19 17:11 - 2011-06-15 12:02 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\odbccr32.dll
2014-04-19 17:11 - 2011-06-15 10:55 - 00319488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbcjt32.dll
2014-04-19 17:11 - 2011-06-15 10:55 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbctrac.dll
2014-04-19 17:11 - 2011-06-15 10:55 - 00122880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccp32.dll
2014-04-19 17:11 - 2011-06-15 10:55 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccu32.dll
2014-04-19 17:11 - 2011-06-15 10:55 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccr32.dll
2014-04-19 17:10 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-04-19 17:10 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-04-19 17:10 - 2013-02-15 08:08 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-04-19 17:10 - 2013-02-15 08:06 - 03717632 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-04-19 17:10 - 2013-02-15 08:02 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-04-19 17:10 - 2013-02-15 06:37 - 03217408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-04-19 17:10 - 2013-02-15 06:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-04-19 17:10 - 2013-02-15 05:25 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-04-19 17:10 - 2011-04-09 08:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-04-19 17:10 - 2011-04-09 07:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-04-19 17:09 - 2013-02-27 08:02 - 00111448 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-04-19 17:09 - 2013-02-27 07:48 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-04-19 17:09 - 2013-02-27 07:47 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-04-19 17:09 - 2013-02-27 06:49 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-04-19 17:09 - 2011-10-26 07:25 - 01572864 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-04-19 17:09 - 2011-10-26 07:25 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-04-19 17:09 - 2011-10-26 06:32 - 01328128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-04-19 17:09 - 2011-10-26 06:32 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-04-19 17:09 - 2010-12-23 12:42 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
2014-04-19 17:09 - 2010-12-23 12:42 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2014-04-19 17:09 - 2010-12-23 12:36 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax
2014-04-19 17:09 - 2010-12-23 07:54 - 00850944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sbe.dll
2014-04-19 17:09 - 2010-12-23 07:54 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2014-04-19 17:09 - 2010-12-23 07:50 - 00199680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mpg2splt.ax
2014-04-19 17:08 - 2013-10-05 22:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-04-19 17:08 - 2013-10-05 21:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-04-19 17:08 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-04-19 17:08 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2014-04-19 17:08 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-04-19 17:08 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2014-04-19 17:08 - 2013-04-12 16:45 - 01656680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-19 17:08 - 2011-11-17 08:35 - 00395776 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2014-04-19 17:08 - 2011-11-17 07:35 - 00314880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2014-04-19 17:08 - 2011-07-09 04:46 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2014-04-19 17:08 - 2011-04-27 04:40 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-04-19 17:08 - 2011-04-27 04:39 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-04-19 17:07 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-04-19 17:07 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-04-19 17:07 - 2013-11-12 04:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-04-19 17:07 - 2013-11-12 04:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-04-19 17:07 - 2013-10-19 04:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-04-19 17:07 - 2013-10-19 03:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-04-19 17:01 - 2013-12-06 04:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-04-19 17:01 - 2013-12-06 04:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-04-19 17:01 - 2013-12-06 04:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-04-19 17:01 - 2013-12-06 04:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-04-19 17:00 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-04-19 17:00 - 2013-10-04 04:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-04-19 17:00 - 2013-10-04 03:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-04-19 17:00 - 2013-09-28 03:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-04-19 17:00 - 2013-06-06 07:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2014-04-19 17:00 - 2013-06-06 07:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2014-04-19 17:00 - 2013-06-06 07:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2014-04-19 17:00 - 2013-06-06 07:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-04-19 17:00 - 2013-06-06 06:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2014-04-19 17:00 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2014-04-19 17:00 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2014-04-19 17:00 - 2013-06-06 05:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-04-19 17:00 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2014-04-19 17:00 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2014-04-19 17:00 - 2011-03-11 08:34 - 01395712 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2014-04-19 17:00 - 2011-03-11 08:34 - 01359872 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2014-04-19 17:00 - 2011-03-11 07:33 - 01164288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2014-04-19 17:00 - 2011-03-11 07:33 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2014-04-19 16:59 - 2013-11-27 03:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-04-19 16:59 - 2013-11-27 03:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-04-19 16:59 - 2013-11-27 03:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-04-19 16:59 - 2013-11-27 03:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-04-19 16:59 - 2013-11-27 03:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-04-19 16:59 - 2013-11-27 03:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-04-19 16:59 - 2013-09-25 04:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-04-19 16:59 - 2013-09-25 04:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-04-19 16:59 - 2013-09-25 04:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-04-19 16:59 - 2013-09-25 04:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-04-19 16:59 - 2013-09-25 04:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-04-19 16:59 - 2013-09-25 04:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-04-19 16:59 - 2013-09-25 04:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-04-19 16:59 - 2013-09-25 04:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-04-19 16:59 - 2013-09-25 03:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-04-19 16:59 - 2013-09-25 03:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-04-19 16:59 - 2013-09-25 03:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-04-19 16:59 - 2013-09-25 03:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-04-19 16:59 - 2013-09-25 03:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-04-19 16:59 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-04-19 16:59 - 2013-07-04 14:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-04-19 16:58 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2014-04-19 16:58 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2014-04-19 16:58 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-04-19 16:58 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-04-19 16:58 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2014-04-19 16:58 - 2013-07-12 12:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2014-04-19 16:58 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-04-19 16:58 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-04-19 16:58 - 2013-07-03 06:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-04-19 16:58 - 2013-07-03 06:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2014-04-19 16:58 - 2013-06-26 00:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-04-19 16:58 - 2013-02-12 06:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2014-04-19 16:58 - 2012-11-01 07:43 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-04-19 16:58 - 2012-11-01 06:47 - 01389568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-04-19 16:58 - 2012-04-26 07:41 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-04-19 16:58 - 2012-04-26 07:41 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\rdpwsx.dll
2014-04-19 16:58 - 2012-04-26 07:34 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\rdrmemptylst.exe
2014-04-19 16:58 - 2011-03-03 08:24 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2014-04-19 16:58 - 2011-03-03 08:24 - 00183296 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2014-04-19 16:58 - 2011-03-03 08:21 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe
2014-04-19 16:58 - 2011-03-03 07:38 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2014-04-19 16:58 - 2011-03-03 07:36 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnscacheugc.exe
2014-04-19 16:56 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-04-19 16:56 - 2012-11-02 07:59 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2014-04-19 16:56 - 2012-11-02 07:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2014-04-19 16:56 - 2012-07-26 05:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2014-04-19 16:56 - 2012-07-26 05:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2014-04-19 16:56 - 2012-07-26 05:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2014-04-19 16:56 - 2012-07-26 05:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2014-04-19 16:56 - 2012-07-26 05:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2014-04-19 16:56 - 2012-07-26 04:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2014-04-19 16:56 - 2012-07-26 04:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2014-04-19 16:56 - 2012-06-02 16:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2014-04-19 16:56 - 2012-04-28 05:55 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-04-19 16:56 - 2011-08-17 07:26 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
2014-04-19 16:56 - 2011-08-17 07:25 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
2014-04-19 16:56 - 2011-08-17 06:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2014-04-19 16:56 - 2011-08-17 06:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2014-04-19 16:56 - 2011-04-29 05:06 - 00467456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2014-04-19 16:56 - 2011-04-29 05:05 - 00410112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-04-19 16:56 - 2011-04-29 05:05 - 00168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-04-19 16:53 - 2012-08-11 02:56 - 00715776 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-04-19 16:53 - 2012-08-11 01:56 - 00542208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-04-19 16:53 - 2012-03-17 09:58 - 00075120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2014-04-19 16:52 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-04-19 16:52 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-04-19 16:52 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-04-19 16:52 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2014-04-19 16:52 - 2012-09-26 00:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2014-04-19 16:52 - 2012-09-26 00:46 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2014-04-19 16:52 - 2011-02-05 19:10 - 00642944 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-04-19 16:52 - 2011-02-05 19:10 - 00020352 _____ (Microsoft Corporation) C:\Windows\system32\kdusb.dll
2014-04-19 16:52 - 2011-02-05 19:10 - 00019328 _____ (Microsoft Corporation) C:\Windows\system32\kd1394.dll
2014-04-19 16:52 - 2011-02-05 19:10 - 00017792 _____ (Microsoft Corporation) C:\Windows\system32\kdcom.dll
2014-04-19 16:52 - 2011-02-05 19:06 - 00605552 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-04-19 16:52 - 2011-02-05 19:06 - 00566208 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-04-19 16:52 - 2011-02-05 19:06 - 00518672 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-04-19 16:51 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-04-19 16:51 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-04-19 16:51 - 2013-10-03 04:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-04-19 16:51 - 2013-10-03 04:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-04-19 16:51 - 2013-04-26 07:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-04-19 16:51 - 2013-04-26 06:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2014-04-19 16:51 - 2012-11-23 05:13 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2014-04-19 16:50 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-19 16:50 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-19 16:50 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-19 16:50 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-19 16:50 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-19 16:50 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-19 16:50 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-19 16:50 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-19 16:50 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-19 16:50 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-19 16:50 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-19 16:50 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-04-19 16:50 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-04-19 16:50 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-04-19 16:50 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-04-19 16:50 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2014-04-19 16:50 - 2013-07-20 12:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-04-19 16:50 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-04-19 16:50 - 2013-01-03 08:00 - 00288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-04-19 16:50 - 2012-08-22 20:12 - 00376688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-04-19 16:50 - 2012-07-05 00:16 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2014-04-19 16:50 - 2012-07-05 00:13 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2014-04-19 16:50 - 2012-07-05 00:13 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2014-04-19 16:50 - 2012-07-04 23:16 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2014-04-19 16:50 - 2012-07-04 23:14 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2014-04-19 16:50 - 2011-05-24 13:42 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\umpnpmgr.dll
2014-04-19 16:50 - 2011-05-24 12:40 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devobj.dll
2014-04-19 16:50 - 2011-05-24 12:40 - 00044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devrtl.dll
2014-04-19 16:50 - 2011-05-24 12:39 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cfgmgr32.dll
2014-04-19 16:50 - 2011-05-24 12:37 - 00252928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
2014-04-19 16:49 - 2013-05-13 07:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2014-04-19 16:49 - 2013-05-13 05:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2014-04-19 16:49 - 2013-05-13 05:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2014-04-19 16:49 - 2013-05-13 05:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2014-04-19 16:49 - 2011-12-16 10:46 - 00634880 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll
2014-04-19 16:49 - 2011-12-16 09:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2014-04-19 16:49 - 2011-05-03 07:29 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-04-19 16:49 - 2011-05-03 06:30 - 00741376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2014-04-19 16:49 - 2011-02-12 13:34 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOVER.exe
2014-04-19 16:48 - 2013-10-12 04:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-04-19 16:48 - 2013-10-12 04:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-04-19 16:48 - 2013-10-12 04:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2014-04-19 16:48 - 2013-10-12 04:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-04-19 16:48 - 2013-10-12 03:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-04-19 16:48 - 2013-10-12 03:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-04-19 16:48 - 2013-10-12 03:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2014-04-19 16:48 - 2013-10-12 03:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-04-19 16:48 - 2013-08-01 14:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-04-19 16:48 - 2013-04-10 08:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-04-19 16:48 - 2012-05-14 07:26 - 00956928 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-04-19 16:48 - 2011-10-15 08:31 - 00723456 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2014-04-19 16:48 - 2011-10-15 07:38 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2014-04-19 16:48 - 2011-08-27 07:37 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-04-19 16:48 - 2011-08-27 07:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll
2014-04-19 16:48 - 2011-08-27 06:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-04-19 16:48 - 2011-08-27 06:26 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2014-04-19 16:48 - 2011-02-23 06:55 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2014-04-19 16:48 - 2011-02-03 13:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-04-19 16:47 - 2013-10-12 04:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-04-19 16:47 - 2013-10-12 04:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-04-19 16:47 - 2013-10-12 04:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-04-19 16:47 - 2013-10-12 04:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2014-04-19 16:47 - 2013-10-12 04:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2014-04-19 16:47 - 2012-06-06 08:02 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2014-04-19 16:47 - 2012-06-06 07:03 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2014-04-19 16:43 - 2012-03-01 08:46 - 00023408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
2014-04-19 16:43 - 2012-03-01 08:28 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
2014-04-19 16:43 - 2012-03-01 07:29 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2014-04-17 07:17 - 2014-04-17 07:17 - 00001081 _____ () C:\Users\Public\Desktop\System Speedup.lnk
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\Packages
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\Google
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\Comodo
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Gast\AppData\Local\Torch
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Gast
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Administrator
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-17 07:12 - 2014-04-17 07:12 - 00002765 _____ () C:\Users\vdDHeSteYa\Desktop\Continue Avira-AntiVirus.lnk
2014-04-17 07:11 - 2011-11-19 16:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-04-17 07:11 - 2011-11-19 16:01 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-04-17 00:46 - 2014-04-17 00:46 - 00000000 ___HD () C:\Tools
2014-04-16 17:54 - 2012-02-17 08:38 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2014-04-16 17:54 - 2012-02-17 07:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2014-04-16 17:54 - 2012-02-17 06:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2014-04-16 17:49 - 2012-06-03 00:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-04-16 17:49 - 2012-06-03 00:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-04-16 17:49 - 2012-06-03 00:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-04-16 17:49 - 2012-06-03 00:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-04-16 17:48 - 2012-06-03 00:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-04-16 17:48 - 2012-06-03 00:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-04-16 17:48 - 2012-06-03 00:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-04-16 17:48 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-04-16 17:48 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-04-16 17:43 - 2014-04-23 13:05 - 00003970 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5C497AA6-8DA4-4F51-9231-255D2BE41896}
2014-04-16 17:39 - 2014-04-16 17:39 - 00000000 ____D () C:\Users\vdDHeSteYa\Desktop\Acronis installieren
2014-04-16 17:39 - 2014-04-16 17:39 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Roaming\ESET
2014-04-16 17:39 - 2014-04-16 17:39 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\VirtualStore
2014-04-16 17:39 - 2014-04-16 17:39 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\ESET
2014-04-16 17:35 - 2014-04-23 06:50 - 00001416 _____ () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-16 17:35 - 2014-04-23 06:50 - 00000000 ___RD () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-16 17:35 - 2014-04-23 06:50 - 00000000 ___RD () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Vorlagen
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Startmenü
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Netzwerkumgebung
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Lokale Einstellungen
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Eigene Dateien
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Druckumgebung
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Documents\Eigene Musik
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Documents\Eigene Bilder
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\AppData\Local\Verlauf
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\AppData\Local\Anwendungsdaten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Anwendungsdaten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Programme
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\ProgramData\Favoriten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 __SHD () C:\Recovery
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 ____D () C:\Users\vdDHeSteYa
2014-04-16 17:35 - 2013-07-18 15:09 - 00057560 _____ () C:\Users\vdDHeSteYa\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-16 17:35 - 2013-07-18 15:09 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\Windows Live
2014-04-16 17:35 - 2010-11-21 04:50 - 00000020 ___SH () C:\Users\vdDHeSteYa\ntuser.ini
2014-04-16 17:35 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-04-16 17:35 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-04-16 16:30 - 2014-04-23 13:17 - 01725279 _____ () C:\Windows\WindowsUpdate.log
2014-04-16 14:59 - 2014-04-16 14:59 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-16 14:58 - 2014-04-16 14:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_cvusbdrv_01009.Wdf
2014-04-16 14:58 - 2010-07-27 02:25 - 00043048 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\cvusbdrv.sys
2014-04-16 14:58 - 2010-07-07 00:45 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2014-04-16 14:54 - 2013-01-15 06:58 - 06382880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-04-16 14:54 - 2013-01-15 06:58 - 03460896 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-04-16 14:54 - 2013-01-15 06:58 - 02558240 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-04-16 14:54 - 2013-01-15 06:58 - 00997664 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2014-04-16 14:54 - 2013-01-15 06:58 - 00884512 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-04-16 14:54 - 2013-01-15 06:58 - 00118560 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-04-16 14:54 - 2013-01-15 06:58 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-04-16 14:54 - 2013-01-15 06:58 - 00055584 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2014-04-16 14:53 - 2014-04-16 14:53 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-04-16 14:53 - 2014-04-16 14:53 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-04-16 14:53 - 2013-01-19 07:55 - 26931488 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-04-16 14:53 - 2013-01-19 07:55 - 20450080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-04-16 14:53 - 2013-01-19 07:55 - 15052728 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-04-16 14:53 - 2013-01-19 07:55 - 12641480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-04-16 14:53 - 2013-01-19 07:55 - 11012384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-04-16 14:53 - 2013-01-19 07:55 - 07564040 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-04-16 14:53 - 2013-01-19 07:55 - 06262608 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-04-16 14:53 - 2013-01-19 07:55 - 00061216 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-04-16 14:53 - 2013-01-19 07:55 - 00053024 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-04-16 14:53 - 2013-01-19 07:55 - 00017266 _____ () C:\Windows\system32\nvinfo.pb
2014-04-16 14:52 - 2013-01-19 07:55 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 18054672 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 15129448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 09390760 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 07932256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 02904352 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 02826040 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 02720544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 02505144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 02344736 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 01985824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 01814304 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco64.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 01510176 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco64.dll
2014-04-16 14:52 - 2012-01-24 00:44 - 08616960 _____ (Intel Corporation) C:\Windows\system32\Drivers\NETwNs64.sys
2014-04-16 14:52 - 2010-05-19 07:32 - 02750464 _____ (Intel Corporation) C:\Windows\system32\NETwNr64.dll
2014-04-16 14:52 - 2010-05-19 07:30 - 00799232 _____ (Intel Corporation) C:\Windows\system32\NETwNc64.dll
2014-04-16 14:50 - 2013-07-18 15:09 - 00057560 _____ () C:\Users\Default\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-16 14:50 - 2013-07-18 15:09 - 00057560 _____ () C:\Users\Default User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-16 14:50 - 2013-07-18 15:09 - 00000000 ____D () C:\Users\Default\AppData\Local\Windows Live
2014-04-16 14:50 - 2013-07-18 15:09 - 00000000 ____D () C:\Users\Default User\AppData\Local\Windows Live

==================== One Month Modified Files and Folders =======

2014-04-23 13:18 - 2014-04-22 23:10 - 00004277 _____ () C:\Users\vdDHeSteYa\Desktop\FRST.txt
2014-04-23 13:18 - 2014-04-22 21:23 - 00000000 ____D () C:\FRST
2014-04-23 13:17 - 2014-04-16 16:30 - 01725279 _____ () C:\Windows\WindowsUpdate.log
2014-04-23 13:17 - 2009-07-14 06:45 - 00016640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-23 13:17 - 2009-07-14 06:45 - 00016640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-23 13:05 - 2014-04-16 17:43 - 00003970 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5C497AA6-8DA4-4F51-9231-255D2BE41896}
2014-04-23 12:19 - 2010-11-21 08:50 - 00696870 _____ () C:\Windows\system32\perfh007.dat
2014-04-23 12:19 - 2010-11-21 08:50 - 00148134 _____ () C:\Windows\system32\perfc007.dat
2014-04-23 12:19 - 2009-07-14 07:13 - 01612484 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-23 12:14 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-23 12:14 - 2009-07-14 06:51 - 00037276 _____ () C:\Windows\setupact.log
2014-04-23 06:54 - 2014-04-23 06:53 - 00015218 _____ () C:\Users\vdDHeSteYa\Desktop\Addition.txt
2014-04-23 06:53 - 2014-04-23 06:53 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-04-23 06:50 - 2014-04-23 06:50 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Roaming\Adobe
2014-04-23 06:50 - 2014-04-16 17:35 - 00001416 _____ () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-23 06:50 - 2014-04-16 17:35 - 00000000 ___RD () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-23 06:50 - 2014-04-16 17:35 - 00000000 ___RD () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-23 06:44 - 2009-07-14 06:45 - 00274464 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-23 06:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-23 06:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-04-23 06:40 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-04-23 06:40 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-04-23 06:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
2014-04-23 06:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2014-04-23 06:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-04-23 06:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-04-23 06:39 - 2010-11-21 09:00 - 00000000 ____D () C:\Program Files\Windows Journal
2014-04-23 00:04 - 2014-04-22 23:49 - 00017084 _____ () C:\Windows\IE11_main.log
2014-04-22 23:57 - 2014-04-22 23:57 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-22 23:57 - 2014-04-22 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-22 23:57 - 2014-04-22 23:57 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-22 23:57 - 2014-04-22 23:57 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-22 23:57 - 2014-04-22 23:57 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-04-22 23:57 - 2014-04-22 23:57 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-04-22 23:57 - 2014-04-22 23:57 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-04-22 23:57 - 2014-04-22 23:57 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-04-22 23:57 - 2014-04-22 23:57 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-04-22 23:57 - 2014-04-22 23:57 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-04-22 23:57 - 2014-04-22 23:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-22 23:56 - 2014-04-22 23:56 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-04-22 23:56 - 2014-04-22 23:56 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-04-22 23:56 - 2014-04-22 23:56 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-04-22 23:56 - 2014-04-22 23:56 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-04-22 23:56 - 2014-04-22 23:56 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-04-22 23:56 - 2014-04-22 23:56 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-04-22 23:56 - 2014-04-22 23:56 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-04-22 23:56 - 2014-04-22 23:56 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2014-04-22 23:56 - 2014-04-22 23:56 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2014-04-22 23:55 - 2014-04-22 23:55 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-04-22 23:55 - 2014-04-22 23:55 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-04-22 23:55 - 2014-04-22 23:55 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-04-22 23:49 - 2014-04-22 23:49 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-04-22 23:49 - 2014-04-22 23:49 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2014-04-22 23:07 - 2014-04-22 23:07 - 00001057 _____ () C:\Users\vdDHeSteYa\Desktop\JRT.txt
2014-04-22 22:54 - 2014-04-22 22:54 - 00000000 ____D () C:\Windows\ERUNT
2014-04-22 22:53 - 2014-04-22 22:53 - 00006600 _____ () C:\Users\vdDHeSteYa\Documents\AdwCleaner[S0].txt
2014-04-22 22:52 - 2014-04-22 22:52 - 01016261 _____ (Thisisu) C:\Users\vdDHeSteYa\Desktop\JRT.exe
2014-04-22 22:46 - 2010-11-21 05:47 - 00109172 _____ () C:\Windows\PFRO.log
2014-04-22 22:45 - 2014-04-22 22:41 - 00000000 ____D () C:\AdwCleaner
2014-04-22 22:38 - 2014-04-22 22:38 - 01345471 _____ () C:\Users\vdDHeSteYa\Desktop\adwcleaner.exe
2014-04-22 21:35 - 2014-04-22 21:35 - 00232298 _____ () C:\Users\vdDHeSteYa\Documents\Ereignisse.txt
2014-04-22 21:22 - 2014-04-22 21:22 - 02061312 _____ (Farbar) C:\Users\vdDHeSteYa\Desktop\FRST64.exe
2014-04-22 21:10 - 2014-04-22 21:10 - 00035013 _____ () C:\Users\vdDHeSteYa\Documents\mwbam.txt
2014-04-22 19:40 - 2014-04-22 19:40 - 00020636 _____ () C:\Users\vdDHeSteYa\Documents\AVSCAN-20140419-175301-7E690C72.LOG
2014-04-22 19:40 - 2014-04-19 18:01 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-19 18:01 - 2014-04-19 18:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-19 18:01 - 2014-04-19 18:01 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-19 18:00 - 2014-04-19 18:00 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\vdDHeSteYa\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-19 17:51 - 2014-04-19 17:51 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Roaming\Avira
2014-04-19 17:50 - 2014-04-19 17:50 - 00002073 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-04-19 17:50 - 2014-04-19 17:50 - 00000000 ____D () C:\ProgramData\Avira
2014-04-19 17:50 - 2014-04-19 17:50 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-04-19 17:48 - 2014-04-19 17:48 - 138607664 _____ () C:\Users\vdDHeSteYa\Downloads\avira_free_antivirus_de_14.0.3.350.exe
2014-04-19 17:33 - 2014-04-19 17:33 - 00003556 _____ () C:\Windows\System32\Tasks\CreateChoiceProcessTask
2014-04-19 17:33 - 2014-04-19 17:33 - 00001757 _____ () C:\Users\Public\Desktop\Browserwahl.lnk
2014-04-19 17:30 - 2013-07-18 14:39 - 01589650 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-04-17 07:17 - 2014-04-17 07:17 - 00001081 _____ () C:\Users\Public\Desktop\System Speedup.lnk
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\Packages
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\Google
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\Comodo
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Gast\AppData\Local\Torch
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Gast
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Administrator
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-17 07:12 - 2014-04-17 07:12 - 00002765 _____ () C:\Users\vdDHeSteYa\Desktop\Continue Avira-AntiVirus.lnk
2014-04-17 00:47 - 2009-07-14 07:38 - 00029696 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2014-04-17 00:47 - 2009-07-14 07:32 - 00032768 _____ () C:\Windows\system32\config\BCD-Template
2014-04-17 00:46 - 2014-04-17 00:46 - 00000000 ___HD () C:\Tools
2014-04-17 00:46 - 2013-07-19 00:07 - 00000000 ___HD () C:\RPKTools
2014-04-16 18:25 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-04-16 17:52 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-16 17:49 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-04-16 17:39 - 2014-04-16 17:39 - 00000000 ____D () C:\Users\vdDHeSteYa\Desktop\Acronis installieren
2014-04-16 17:39 - 2014-04-16 17:39 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Roaming\ESET
2014-04-16 17:39 - 2014-04-16 17:39 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\VirtualStore
2014-04-16 17:39 - 2014-04-16 17:39 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\ESET
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Vorlagen
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Startmenü
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Netzwerkumgebung
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Lokale Einstellungen
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Eigene Dateien
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Druckumgebung
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Documents\Eigene Musik
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Documents\Eigene Bilder
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\AppData\Local\Verlauf
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\AppData\Local\Anwendungsdaten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Anwendungsdaten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Programme
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\ProgramData\Favoriten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 __SHD () C:\Recovery
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 ____D () C:\Users\vdDHeSteYa
2014-04-16 17:35 - 2013-07-19 00:07 - 00000000 ____D () C:\Windows\Panther
2014-04-16 17:35 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\restore
2014-04-16 17:35 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-04-16 17:35 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Recovery
2014-04-16 17:35 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Windows NT
2014-04-16 16:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-16 16:07 - 2013-07-18 14:12 - 00005949 _____ () C:\Windows\TSSysprep.log
2014-04-16 16:07 - 2009-07-14 06:46 - 00004822 _____ () C:\Windows\DtcInstall.log
2014-04-16 15:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-04-16 14:59 - 2014-04-16 14:59 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-16 14:58 - 2014-04-16 14:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_cvusbdrv_01009.Wdf
2014-04-16 14:53 - 2014-04-16 14:53 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-04-16 14:53 - 2014-04-16 14:53 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-04-16 14:53 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help
2014-04-03 09:51 - 2014-04-19 18:01 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-19 18:01 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-19 18:01 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-31 09:35 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\vdDHeSteYa\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-18 14:08

==================== End Of Log ============================
         
--- --- ---

Alt 23.04.2014, 13:31   #12
tier1304
 
Nachweis über Zeitpunkt des Virenbefalls möglich? - Standard

Nachweis über Zeitpunkt des Virenbefalls möglich?



und hier noch die Addition

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-04-2014
Ran by vdDHeSteYa at 2014-04-23 13:19:28
Running from C:\Users\vdDHeSteYa\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 311.03 (Version: 311.03 - NVIDIA Corporation) Hidden
SaveClicker (HKLM-x32\...\{E96338DC-1468-4918-8EC2-8454BFFC5025}) (Version: 4.3.0.1548 - SaveClicker) <==== ATTENTION
SupraSavings (Version: 1.0.0.0 - SupraSavings) Hidden <==== ATTENTION
SupraSavings (x32 Version: 1.0.0.0 - SupraSavings) Hidden <==== ATTENTION
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

16-04-2014 15:35:49 ESET Smart Security wurde installiert
16-04-2014 15:48:34 Windows Update
16-04-2014 15:54:56 Windows Update
19-04-2014 14:42:50 Windows Update
19-04-2014 16:29:33 Windows Update
22-04-2014 21:30:07 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============


==================== Loaded Modules (whitelisted) =============

2014-04-16 14:54 - 2013-01-15 06:58 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-04-19 17:50 - 2014-02-25 11:41 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SecureAssist => ""="service"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: SDA-Standard konformer SD-Hostcontroller
Description: SDA-Standard konformer SD-Hostcontroller
Class Guid: {a0a588a4-c46f-4b37-b7ea-c82fe89870c6}
Manufacturer: SDA-Standard konformer SD-Hostcontrollerhersteller
Service: sdbus
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (04/23/2014 00:16:00 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/23/2014 06:48:48 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/23/2014 06:45:49 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/23/2014 06:43:21 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: sched.exe, Version: 14.0.3.336, Zeitstempel: 0x52fcd5fd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x735471fc
ID des fehlerhaften Prozesses: 0x424
Startzeit der fehlerhaften Anwendung: 0xsched.exe0
Pfad der fehlerhaften Anwendung: sched.exe1
Pfad des fehlerhaften Moduls: sched.exe2
Berichtskennung: sched.exe3

Error: (04/23/2014 06:40:14 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/22/2014 11:39:59 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (04/22/2014 11:39:26 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (04/22/2014 11:39:25 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (04/22/2014 11:39:24 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (04/22/2014 11:37:40 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.


System errors:
=============
Error: (04/23/2014 00:30:03 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (04/23/2014 00:15:07 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Supporter erreicht.

Error: (04/23/2014 06:49:48 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet: 
%%16405

Error: (04/23/2014 06:48:14 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Supporter erreicht.

Error: (04/23/2014 06:46:11 AM) (Source: WudfUsbccidDriver) (User: NT-AUTORITÄT)
Description: 2759910920x0

Error: (04/23/2014 06:46:10 AM) (Source: WudfUsbccidDriver) (User: NT-AUTORITÄT)
Description: 898630110x0

Error: (04/23/2014 06:46:11 AM) (Source: SCardSvr) (User: )
Description: Der E/A-Vorgang wurde wegen eines Threadendes oder einer Anwendungsanforderung abgebrochen.Broadcom Corp Contacted SmartCard 0GET_STATEXX XX XX XX

Error: (04/23/2014 06:46:02 AM) (Source: WudfUsbccidDriver) (User: NT-AUTORITÄT)
Description: 26992190x0

Error: (04/23/2014 06:46:01 AM) (Source: WudfUsbccidDriver) (User: NT-AUTORITÄT)
Description: 2334830100x0

Error: (04/23/2014 06:46:02 AM) (Source: SCardSvr) (User: )
Description: Der E/A-Vorgang wurde wegen eines Threadendes oder einer Anwendungsanforderung abgebrochen.Broadcom Corp Contacted SmartCard 0GET_STATEXX XX XX XX


Microsoft Office Sessions:
=========================
Error: (04/23/2014 00:16:00 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/23/2014 06:48:48 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/23/2014 06:45:49 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/23/2014 06:43:21 AM) (Source: Application Error)(User: )
Description: sched.exe14.0.3.33652fcd5fdunknown0.0.0.000000000c0000005735471fc42401cf5eae8e10a3e9C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exeunknowncbc452ea-caa1-11e3-a2de-0024d67500f8

Error: (04/23/2014 06:40:14 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/22/2014 11:39:59 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (04/22/2014 11:39:26 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (04/22/2014 11:39:25 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (04/22/2014 11:39:24 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (04/22/2014 11:37:40 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.


==================== Memory info =========================== 

Percentage of memory in use: 23%
Total physical RAM: 4083.91 MB
Available physical RAM: 3104.75 MB
Total Pagefile: 8166 MB
Available Pagefile: 7025.9 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:66.53 GB) (Free:38.57 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 75 GB) (Disk ID: 28696454)
Partition 1: (Active) - (Size=8 GB) - (Type=27)
Partition 2: (Not Active) - (Size=67 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 23.04.2014, 13:40   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Nachweis über Zeitpunkt des Virenbefalls möglich? - Standard

Nachweis über Zeitpunkt des Virenbefalls möglich?



Okay, dann bitte Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 23.04.2014, 14:43   #14
tier1304
 
Nachweis über Zeitpunkt des Virenbefalls möglich? - Standard

Nachweis über Zeitpunkt des Virenbefalls möglich?



Leider immernoch Funde...

MBAM

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 23.04.2014
Suchlauf-Zeit: 14:02:31
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.04.23.05
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: vdDHeSteYa

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 255256
Verstrichene Zeit: 13 Min, 44 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 12
PUP.Optional.AdPeak.A, HKLM\SOFTWARE\CLASSES\APPID\{76A60138-58B3-4e27-85FB-8FEF344A8998}, In Quarantäne, [6799946c8e7212ee0d448097d72b36ca], 
PUP.Optional.AdPeak.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{76A60138-58B3-4E27-85FB-8FEF344A8998}, In Quarantäne, [6799946c8e7212ee0d448097d72b36ca], 
PUP.Optional.SupraSavings.A, HKU\S-1-5-21-1237337929-4086693922-885925713-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Supra Savings, Löschen bei Neustart, [738d837d34cc09f7a8851b57f60c837d], 
PUP.Optional.SaveClicker.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{FB3E1634-45A0-E739-D709-A3BF1FB95E12}, In Quarantäne, [27d92bd580801de3f50a73bccc384eb2], 
PUP.Optional.SaveClicker.A, HKLM\SOFTWARE\CLASSES\CLSID\{FB3E1634-45A0-E739-D709-A3BF1FB95E12}, In Quarantäne, [27d92bd580801de3f50a73bccc384eb2], 
PUP.Optional.SaveClicker.A, HKLM\SOFTWARE\CLASSES\SaveClicker.SaveClicker, In Quarantäne, [27d92bd580801de3f50a73bccc384eb2], 
PUP.Optional.SaveClicker.A, HKLM\SOFTWARE\CLASSES\SaveClicker.SaveClicker.2.1, In Quarantäne, [27d92bd580801de3f50a73bccc384eb2], 
PUP.Optional.SaveClicker.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveClicker.SaveClicker, In Quarantäne, [27d92bd580801de3f50a73bccc384eb2], 
PUP.Optional.SaveClicker.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveClicker.SaveClicker.2.1, In Quarantäne, [27d92bd580801de3f50a73bccc384eb2], 
PUP.Optional.SaveClicker.A, HKU\S-1-5-21-1237337929-4086693922-885925713-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FB3E1634-45A0-E739-D709-A3BF1FB95E12}, Löschen bei Neustart, [27d92bd580801de3f50a73bccc384eb2], 
PUP.Optional.SaveClicker.A, HKU\S-1-5-21-1237337929-4086693922-885925713-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FB3E1634-45A0-E739-D709-A3BF1FB95E12}, Löschen bei Neustart, [27d92bd580801de3f50a73bccc384eb2], 
PUP.Optional.SaveClicker.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{FB3E1634-45A0-E739-D709-A3BF1FB95E12}, In Quarantäne, [27d92bd580801de3f50a73bccc384eb2], 

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 8
PUP.Optional.AdPeak.A, C:\temp\InstallFilter64.msi, In Quarantäne, [af510ef233cd34cce48f320b3bc5e917], 
PUP.Optional.SupraSavings.A, C:\temp\t.msi, In Quarantäne, [6d93da2654ac22de1de22cf361a3d12f], 
PUP.Optional.GenericExt.A, C:\Users\vdDHeSteYa\AppData\Local\Temp\igdhbblpcellaljokkpfhcjlagemhgjl17faa\minibarchrome.exe, In Quarantäne, [3fc1e719be42c53bef46033a0ff1ec14], 
PUP.Optional.Iminent.A, C:\Users\vdDHeSteYa\AppData\Local\Temp\n7577\Iminent_1712-b2fcad5e.exe, In Quarantäne, [c43cb7495aa6817f72f5f54a629f09f7], 
PUP.Optional.Rapiddown, C:\Users\vdDHeSteYa\AppData\Local\Temp\n7577\s7577.exe, In Quarantäne, [e61abd43c937bc444d8d302c20e16e92], 
Trojan.Downloader, C:\Users\vdDHeSteYa\AppData\Local\Temp\n7577\saveclicker_1404-9acb73b8.exe, In Quarantäne, [7a86cc34887841bfc3f090ddc23fa25e], 
PUP.Optional.SupraSavings.A, C:\Windows\Installer\14034e.msi, In Quarantäne, [2bd56e9299678f716b94f12e14f05fa1], 
PUP.Optional.AdPeak.A, C:\Windows\Installer\158433.msi, In Quarantäne, [11ef3dc33dc330d06112b48908f8b44c], 

Physische Sektoren: 0
(No malicious items detected)


(end)
         

ESET

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=b857063646e6ad4eb4f700442f9628fe
# engine=17994
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-23 12:39:05
# local_time=2014-04-23 02:39:05 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 6365 4939081 0 0
# compatibility_mode=5893 16776574 100 94 28719 149886595 0 0
# scanned=117638
# found=5
# cleaned=0
# scan_time=1728
sh=297AB44B22D59DC00DA6E7138A6F57CAAA379D74 ft=1 fh=a263ea30718c1c6d vn="a variant of Win64/Adware.Adpeak.C application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\003\xmkysecqun64.exe.vir"
sh=74135421B91DD36AC4D1955592D11427CA5A0917 ft=1 fh=c71c001181831fcd vn="a variant of Win32/AdWare.MultiPlug.T application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\SaveClicker\Nr.dll"
sh=20222DC1C4154036A726D081E885FBF83463480E ft=1 fh=c71c00118bb9fbcf vn="a variant of Win64/Adware.MultiPlug.B application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\SaveClicker\Nr.x64.dll"
sh=F046FA1061CD97D07A33C8006C9C9D00B71693D0 ft=1 fh=c71c00110bb25d14 vn="a variant of Win32/AdWare.MultiPlug.T application" ac=I fn="C:\FRST\Quarantine\C\ProgramData\SaveClicker\5dG.exe"
sh=915EA4C1EECE963C0085706435439ACB93928119 ft=1 fh=b445b622a737489e vn="a variant of Win32/AdWare.MultiPlug.R application" ac=I fn="C:\FRST\Quarantine\C\Users\vdDHeSteYa\AppData\Local\Temp\294823_.exe.xBAD"
         

Alt 23.04.2014, 15:29   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Nachweis über Zeitpunkt des Virenbefalls möglich? - Standard

Nachweis über Zeitpunkt des Virenbefalls möglich?



Nur Reste und ein paar isolierte Elemente.

TFC - Temp File Cleaner

Lade dir TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
  • Öffne die TFC.exe.
    Vista und Win 7 User mit Rechtsklick "als Administrator starten".
  • Schließe alle anderen Programme.
  • Drücke auf den Button Start.
  • Falls du zu einem Neustart aufgefordert wirst, bestätige diesen.




Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ist aber nur optional. Um Usertracking zu verhindern kann man gut die Firefox-Erweiterung Ghostery verwenden.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Nachweis über Zeitpunkt des Virenbefalls möglich?
adware.adpeak, adware/agentcv.a.2926, avira, frage, neuen, pup.optional.adpeak.a, pup.optional.appsinstall, pup.optional.genericext.a, pup.optional.iminent, pup.optional.iminent.a, pup.optional.multiplug.a, pup.optional.pcperformer.a, pup.optional.rapiddown, pup.optional.rrsavings.a, pup.optional.saveclicker.a, pup.optional.suprasavings.a, sauber, tr/bprotector.a, trojan.downloader, trojan.sprotector, trojaner, unerwünschte, woche, überhaupt



Ähnliche Themen: Nachweis über Zeitpunkt des Virenbefalls möglich?


  1. Herunterfahren nicht möglich, Versuch über "ausführen" legt alles lahm, nun keine Aktionen mehr möglich
    Plagegeister aller Art und deren Bekämpfung - 10.02.2015 (13)
  2. Yahoo Community smart bar deinstalllieren ( über Systemsteuerung nicht möglich )
    Plagegeister aller Art und deren Bekämpfung - 23.10.2014 (1)
  3. Thunderbird 24.6.0 friert PC ein - Neustart nur über Powerknopf möglich
    Log-Analyse und Auswertung - 07.07.2014 (31)
  4. Thunderbird 24.6.0 friert PC ein - Neustart nur über Powerknopf möglich
    Alles rund um Windows - 04.07.2014 (14)
  5. Update-Zeitpunkt von avast! Antivirus selbst wählen?
    Antiviren-, Firewall- und andere Schutzprogramme - 26.10.2013 (4)
  6. GVU virus - reboot über CD ROM nicht möglich
    Plagegeister aller Art und deren Bekämpfung - 11.07.2013 (26)
  7. Vikin Mahnung Online GmbH Trojaner auch über HTC möglich?
    Log-Analyse und Auswertung - 16.06.2013 (1)
  8. PWS:Win32/Zbot.gen!AJ - keine Entfernung über MSE möglich
    Log-Analyse und Auswertung - 14.04.2013 (9)
  9. Verschlüsselungstrojaner: System auf früheren Zeitpunkt wiederhergestellt, aber Dateien weg!
    Plagegeister aller Art und deren Bekämpfung - 13.06.2012 (1)
  10. Nachweis für Datenklau über WLAN (Backtrack)
    Plagegeister aller Art und deren Bekämpfung - 01.02.2010 (1)
  11. Internetbrowser-->weiße Seiten ab unbestimmten Zeitpunkt
    Log-Analyse und Auswertung - 08.11.2009 (0)
  12. URL ZONE: Sichere Datensicherung über USB-Stick möglich?
    Plagegeister aller Art und deren Bekämpfung - 02.11.2009 (2)
  13. Hilft eine Systemwiederherstellung(von einem früheren Zeitpunkt) gegen Spywarebefall?
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (4)
  14. HjJackThis Log-File Post aufgrund eines virenbefalls
    Mülltonne - 21.03.2008 (0)
  15. Über 20 unterschiedliche Trojaner! Rettung noch möglich?
    Plagegeister aller Art und deren Bekämpfung - 13.01.2008 (3)
  16. Emailversand nur noch über SSH-Tunnel möglich
    Netzwerk und Hardware - 18.02.2006 (4)
  17. internet über kabel,dialerattacke möglich?
    Plagegeister aller Art und deren Bekämpfung - 15.03.2003 (3)

Zum Thema Nachweis über Zeitpunkt des Virenbefalls möglich? - Schönen guten Morgen an alle! Am Wochenende hat mich eine Bekannte gebeten ihren neuen Laptop einzurichten. Den hat sie aufbereitet & neu aufgesetzt von einem Computergebrauchthändler gekauft. Win 7 wurde - Nachweis über Zeitpunkt des Virenbefalls möglich?...
Archiv
Du betrachtest: Nachweis über Zeitpunkt des Virenbefalls möglich? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.