| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Nachweis über Zeitpunkt des Virenbefalls möglich?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.04.2014, 09:40
| #1 |
 |  Nachweis über Zeitpunkt des Virenbefalls möglich? Schönen guten Morgen an alle! Am Wochenende hat mich eine Bekannte gebeten ihren neuen Laptop einzurichten. Den hat sie aufbereitet & neu aufgesetzt von einem Computergebrauchthändler gekauft. Win 7 wurde installiert und für ESET ein Gutschein ausgegeben. Dieses Programm hat sie installiert und wollte noch Avira installieren, wobei sie das nicht hinbekommen hat. Nachdem ich ESET desinstalliert (weil ihr das zu teuer war) und AVIRA installiert habe, wurden gleich mal zwei Virenfunde gemeldet und MBAM fand 59 "unerwünschte" Objekte inklusive Trojanern. jetzt frage ich mir nur, ob der Laptop vorher überhaupt "sauber" vom Händler verkauft wurde oder ob sie es tatsächlich mit 2 / 3 Klicks geschafft hat sich so viel Müll auf die Platte zu ziehen. Ich würde das Ding gerne komplett plattmachen und zum Händler bringen für eine erneute Win7 Installation. Möchte meiner Bekannten aber ersparen nochmals 25 Euro dafür hinzulegen. Kann ich denn nachweisen zu welchem Zeitpunkt die Viren auf den Laptop gelangt sind? Würde mich sehr freuen, wenn Ihr mir einen Tipp geben könntet. DANKE schonmal! Gruß von Tanja |
|
22.04.2014, 09:45
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Nachweis über Zeitpunkt des Virenbefalls möglich? Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht! Zudem bitte auch ein Log mit Farbars Tool machen: Scan mit Farbar's Recovery Scan Tool (FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
 Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
22.04.2014, 20:51
| #3 |
| | Nachweis über Zeitpunkt des Virenbefalls möglich? Hallo cosinus!!
__________________Hier die Logfiles: Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 22.04.2014 Suchlauf-Zeit: 21:10:50 Logdatei: mwbam.txt Administrator: Ja Version: 2.00.1.1004 Malware Datenbank: v2014.04.19.07 Rootkit Datenbank: v2014.03.27.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Chameleon: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: vdDHeSteYa Suchlauf-Art: Benutzerdefinierter Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 358198 Verstrichene Zeit: 1 Std, 2 Min, 5 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Shuriken: Aktiviert PUP: Warnen PUM: Warnen Prozesse: 3 Adware.Adpeak, C:\Program Files\003\xmkysecqun64.exe, 2252, , [4ee55ad2463573c337f560be8c78b14f] PUP.Optional.AdPeak.A, C:\Program Files\003\xmkysecqun64.exe, 2252, , [f93a30fc54274beb3ce8d3988c76c43c] PUP.Optional.SupraSavings.A, C:\Program Files\suprasavings\SecureAssist.exe, 1664, , [8fa484a8067565d19dced89758aaea16] Module: 0 (No malicious items detected) Registrierungsschlüssel: 89 Adware.Adpeak, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\xmkysecqun64, , [4ee55ad2463573c337f560be8c78b14f], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{FB3E1634-45A0-E739-D709-A3BF1FB95E12}, , [e35034f8c5b642f4d05e3510e12045bb], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{FB3E1634-45A0-E739-D709-A3BF1FB95E12}, , [e35034f8c5b642f4d05e3510e12045bb], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{FB3E1634-45A0-E739-D709-A3BF1FB95E12}, , [e35034f8c5b642f4d05e3510e12045bb], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\SaveClicker.SaveClicker, , [e35034f8c5b642f4d05e3510e12045bb], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\SaveClicker.SaveClicker.2.1, , [e35034f8c5b642f4d05e3510e12045bb], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveClicker.SaveClicker, , [e35034f8c5b642f4d05e3510e12045bb], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveClicker.SaveClicker.2.1, , [e35034f8c5b642f4d05e3510e12045bb], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{FB3E1634-45A0-E739-D709-A3BF1FB95E12}, , [e35034f8c5b642f4d05e3510e12045bb], PUP.Optional.MultiPlug.A, HKU\S-1-5-21-1237337929-4086693922-885925713-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FB3E1634-45A0-E739-D709-A3BF1FB95E12}, , [e35034f8c5b642f4d05e3510e12045bb], PUP.Optional.MultiPlug.A, HKU\S-1-5-21-1237337929-4086693922-885925713-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FB3E1634-45A0-E739-D709-A3BF1FB95E12}, , [e35034f8c5b642f4d05e3510e12045bb], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{FB3E1634-45A0-E739-D709-A3BF1FB95E12}, , [e35034f8c5b642f4d05e3510e12045bb], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{FB3E1634-45A0-E739-D709-A3BF1FB95E12}, , [e35034f8c5b642f4d05e3510e12045bb], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{FB3E1634-45A0-E739-D709-A3BF1FB95E12}\INPROCSERVER32, , [e35034f8c5b642f4d05e3510e12045bb], PUP.Optional.AdPeak.A, HKLM\SOFTWARE\CLASSES\APPID\{76A60138-58B3-4e27-85FB-8FEF344A8998}, , [f83b29031b608da96cff8d881fe3ab55], PUP.Optional.AdPeak.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{76A60138-58B3-4E27-85FB-8FEF344A8998}, , [f83b29031b608da96cff8d881fe3ab55], PUP.Optional.AdPeak.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}, , [e251a686a9d2a98df875ca4b20e29d63], PUP.Optional.AdPeak.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{10AD2C61-0898-4348-8600-14A342F22AC3}, , [e251a686a9d2a98df875ca4b20e29d63], PUP.Optional.AdPeak.A, HKU\S-1-5-21-1237337929-4086693922-885925713-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{10AD2C61-0898-4348-8600-14A342F22AC3}, , [e251a686a9d2a98df875ca4b20e29d63], PUP.Optional.Iminent.A, HKU\S-1-5-21-1237337929-4086693922-885925713-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{112BA211-334C-4A90-90EC-2AD1CDAB287C}, , [fc3735f7c1ba9a9c6b75a7a4af536898], PUP.Optional.Iminent.A, HKU\S-1-5-21-1237337929-4086693922-885925713-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{112BA211-334C-4A90-90EC-2AD1CDAB287C}, , [fc3735f7c1ba9a9c6b75a7a4af536898], PUP.Optional.Iminent.A, HKU\S-1-5-21-1237337929-4086693922-885925713-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{1FAFD711-ABF9-4F6A-8130-5166C7371427}, , [d063dc500a718bab01e050fb15eded13], PUP.Optional.Iminent.A, HKU\S-1-5-21-1237337929-4086693922-885925713-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{1FAFD711-ABF9-4F6A-8130-5166C7371427}, , [d063dc500a718bab01e050fb15eded13], PUP.Optional.Iminent.A, HKU\S-1-5-21-1237337929-4086693922-885925713-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}, , [3201b379a0db92a4ea87c388cb3719e7], PUP.Optional.Iminent.A, HKU\S-1-5-21-1237337929-4086693922-885925713-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}, , [3201b379a0db92a4ea87c388cb3719e7], PUP.Optional.Iminent.A, HKU\S-1-5-21-1237337929-4086693922-885925713-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, , [81b2dc50512ad66019c690bb966c718f], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, , [81b2dc50512ad66019c690bb966c718f], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}, , [9c9784a8d4a75bdb55f5b399ba487b85], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, , [db58aa82f982a5913516e96331d17090], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{E96338DC-1468-4918-8EC2-8454BFFC5025}, , [3af90d1f790224126bc39baa8b76a35d], PUP.Optional.AdPeak.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\xmkysecqun64, , [f93a30fc54274beb3ce8d3988c76c43c], PUP.Optional.SaveClicker.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{E2343056-CC08-46AC-B898-BFC7ACF4E755}, , [f34031fb0e6dfd394eb12a7fe81bca36], PUP.Optional.SaveClicker.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}, , [f34031fb0e6dfd394eb12a7fe81bca36], PUP.Optional.SaveClicker.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{9B41579A-1996-42F9-8F84-7B7786818CEF}, , [f34031fb0e6dfd394eb12a7fe81bca36], PUP.Optional.SaveClicker.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}, , [f34031fb0e6dfd394eb12a7fe81bca36], PUP.Optional.SaveClicker.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}, , [f34031fb0e6dfd394eb12a7fe81bca36], PUP.Optional.SaveClicker.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9B41579A-1996-42F9-8F84-7B7786818CEF}, , [f34031fb0e6dfd394eb12a7fe81bca36], PUP.Optional.SaveClicker.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}, , [f34031fb0e6dfd394eb12a7fe81bca36], PUP.Optional.SaveClicker.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{E2343056-CC08-46AC-B898-BFC7ACF4E755}, , [f34031fb0e6dfd394eb12a7fe81bca36], PUP.Optional.Iminent.A, HKLM\SOFTWARE\Iminent, , [2013e74590eba195f136bbc511f1ec14], PUP.Optional.RRSavings.A, HKLM\SOFTWARE\Rr Savings, , [cc67b67683f80333c59b89e2ba4818e8], PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\suprasavings, , [ec4788a4c2b961d55f30f37df909916f], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent, , [2013a884c6b5ed49b1fbe1c911f2dd23], PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\suprasavings, , [b87b36f6fc7f3501d1dc68059e6414ec], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, , [cc6779b38eed171f2dfa057b8d753dc3], PUP.Optional.RRSavings.A, HKLM\SOFTWARE\WOW6432NODE\Rr Savings, , [4fe4b775f289aa8cc59bf17ab44eeb15], PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\SupraSavings, , [b47f7cb0245776c048d5dd91b54d7789], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent, , [e64d4be182f9092d1f8dd8d26c97f20e], PUP.Optional.SupraSavings.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SECUREASSIST, , [8fa484a8067565d19dced89758aaea16], PUP.Optional.SupraSavings.A, HKU\S-1-5-21-1237337929-4086693922-885925713-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SupraSavings, , [74bff7350f6cce686c242b453bc77090], PUP.Optional.RRSavings.A, HKU\S-1-5-21-1237337929-4086693922-885925713-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Rr Savings, , [9a99260616650135cd9a5615fd05f50b], PUP.Optional.SupraSavings.A, HKU\S-1-5-21-1237337929-4086693922-885925713-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Supra Savings, , [a58e7bb19cdf0333750572fdbb4751af], PUP.Optional.SupraSavings.A, HKU\S-1-5-21-1237337929-4086693922-885925713-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\suprasavings, , [c2714ede2b509f97bed3016f976b916f], PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{9863E762-BACC-46E4-8CAA-2A6ADA06B65B}, , [40f3d15b007b4beb8c2f452129d99769], PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{039D611A-7085-4E78-99E1-1BC6F49314C1}, , [40f3d15b007b4beb8c2f452129d99769], PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}, , [40f3d15b007b4beb8c2f452129d99769], PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}, , [40f3d15b007b4beb8c2f452129d99769], PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}, , [40f3d15b007b4beb8c2f452129d99769], PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{37A2ED38-A271-4338-92F0-2597C63AB0D6}, , [40f3d15b007b4beb8c2f452129d99769], PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}, , [40f3d15b007b4beb8c2f452129d99769], PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3F54B9ED-DBB6-4AC2-9136-9598304A4088}, , [40f3d15b007b4beb8c2f452129d99769], PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}, , [40f3d15b007b4beb8c2f452129d99769], PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}, , [40f3d15b007b4beb8c2f452129d99769], PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{60EEBE82-A0B9-4D4B-A227-ECF69CE21BB5}, , [40f3d15b007b4beb8c2f452129d99769], PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{70215BB2-D45B-4D40-A467-32AF0FF8036F}, , [40f3d15b007b4beb8c2f452129d99769], PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{820B6267-576D-4A2D-94C4-980D227A0C4E}, , [40f3d15b007b4beb8c2f452129d99769], PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}, , [40f3d15b007b4beb8c2f452129d99769], PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{9EF718B4-A84D-4E46-B365-7DF81E4CF73E}, , [40f3d15b007b4beb8c2f452129d99769], PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C1F5E799-B218-4C32-B189-3C389BA140BB}, , [40f3d15b007b4beb8c2f452129d99769], PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E8D63DD4-ACE0-47F1-836C-69E60B5366FD}, , [40f3d15b007b4beb8c2f452129d99769], PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F60C9408-3110-4C98-A139-ABE1EE1111DD}, , [40f3d15b007b4beb8c2f452129d99769], PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{039D611A-7085-4E78-99E1-1BC6F49314C1}, , [40f3d15b007b4beb8c2f452129d99769], PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}, , [40f3d15b007b4beb8c2f452129d99769], PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}, , [40f3d15b007b4beb8c2f452129d99769], PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}, , [40f3d15b007b4beb8c2f452129d99769], PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{37A2ED38-A271-4338-92F0-2597C63AB0D6}, , [40f3d15b007b4beb8c2f452129d99769], PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}, , [40f3d15b007b4beb8c2f452129d99769], PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3F54B9ED-DBB6-4AC2-9136-9598304A4088}, , [40f3d15b007b4beb8c2f452129d99769], PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}, , [40f3d15b007b4beb8c2f452129d99769], PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}, , [40f3d15b007b4beb8c2f452129d99769], PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{60EEBE82-A0B9-4D4B-A227-ECF69CE21BB5}, , [40f3d15b007b4beb8c2f452129d99769], PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{70215BB2-D45B-4D40-A467-32AF0FF8036F}, , [40f3d15b007b4beb8c2f452129d99769], PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{820B6267-576D-4A2D-94C4-980D227A0C4E}, , [40f3d15b007b4beb8c2f452129d99769], PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}, , [40f3d15b007b4beb8c2f452129d99769], PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9EF718B4-A84D-4E46-B365-7DF81E4CF73E}, , [40f3d15b007b4beb8c2f452129d99769], PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C1F5E799-B218-4C32-B189-3C389BA140BB}, , [40f3d15b007b4beb8c2f452129d99769], PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E8D63DD4-ACE0-47F1-836C-69E60B5366FD}, , [40f3d15b007b4beb8c2f452129d99769], PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F60C9408-3110-4C98-A139-ABE1EE1111DD}, , [40f3d15b007b4beb8c2f452129d99769], PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{9863E762-BACC-46E4-8CAA-2A6ADA06B65B}, , [40f3d15b007b4beb8c2f452129d99769], Registrierungswerte: 3 PUP.Optional.Iminent.A, HKU\S-1-5-21-1237337929-4086693922-885925713-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, , [81b2dc50512ad66019c690bb966c718f], PUP.Optional.Iminent.A, HKU\S-1-5-21-1237337929-4086693922-885925713-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, , [b38003296615f73f2cb3c08bd82a916f], PUP.Optional.SupraSavings.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SECUREASSIST|ImagePath, C:\Program Files\SupraSavings\SecureAssist.exe, , [8fa484a8067565d19dced89758aaea16] Registrierungsdaten: 1 Trojan.SProtector, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, c:\progra~2\suppor~1\suppor~1.dll, Gut: (), Schlecht: (c:\progra~2\suppor~1\suppor~1.dll),,[51e265c724577db9404f70e5936eb64a] Ordner: 6 PUP.Optional.SaveClicker.A, C:\ProgramData\SaveClicker, , [48eb8ca0710ac86e926c3d6c16edee12], PUP.Optional.SaveClicker.A, C:\Program Files (x86)\SaveClicker, , [f34031fb0e6dfd394eb12a7fe81bca36], PUP.Optional.Iminent.A, C:\Program Files (x86)\IminentToolbar, , [db582b015c1f46f07c5966f8be44639d], PUP.Optional.Iminent.A, C:\Users\vdDHeSteYa\AppData\Local\Temp\Iminent, , [033064c8730854e230c7e37b51b16b95], PUP.Optional.SupraSavings.A, C:\Program Files\suprasavings, , [40f3d15b007b4beb8c2f452129d99769], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings, , [75be25076a11e551744789dd3ac88878], Dateien: 145 Trojan.SProtector, C:\Program Files (x86)\Supporter\Supporter.dll, , [51e265c724577db9404f70e5936eb64a], Trojan.SProtector, C:\Program Files (x86)\Supporter\SupporterSvc.dll, , [70c33bf16d0e71c5464a43127190f60a], Adware.Adpeak, C:\Program Files\003\xmkysecqun64.exe, , [4ee55ad2463573c337f560be8c78b14f], PUP.Optional.MultiPlug.A, C:\Program Files (x86)\SaveClicker\Nr.x64.dll, , [e35034f8c5b642f4d05e3510e12045bb], PUP.Optional.MultiPlug.A, C:\Program Files (x86)\SaveClicker\Nr.dll, , [e35034f8c5b642f4d05e3510e12045bb], PUP.Optional.AdPeak.A, C:\Program Files (x86)\SupraSavings\2rs3.dll, , [e251a686a9d2a98df875ca4b20e29d63], PUP.Optional.AdPeak.A, C:\Program Files\suprasavings\SecureAssist.dll, , [1a19e7452754f3432052ef4efe02df21], PUP.Optional.MultiPlug.A, C:\ProgramData\SaveClicker\5dG.exe, , [3af90d1f790224126bc39baa8b76a35d], PUP.Optional.AdPeak.A, C:\temp\InstallFilter64.msi, , [f53e101c5b2087af8ce61924639d2ed2], PUP.Optional.SupraSavings.A, C:\temp\t.msi, , [2a0930fc354692a4bf1e68b40cf823dd], PUP.Optional.GenericExt.A, C:\Users\vdDHeSteYa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\68D3B7UO\MinibarChrome[1].exe, , [191a2efec1ba082ee64eab9201ffda26], PUP.Optional.Iminent.A, C:\Users\vdDHeSteYa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\68D3B7UO\MinibarFirefox[1].exe, , [2f044ce09dde53e31aa9a26120e150b0], PUP.Optional.AppsInstall, C:\Users\vdDHeSteYa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLP0PTG8\Avira-AntiVirus[1].exe, , [90a39d8f1368a591c6c8f8c4669d7888], PUP.Optional.Iminent, C:\Users\vdDHeSteYa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLP0PTG8\metro[1].exe, , [6dc6bc707407b97de3cbdb2708f950b0], PUP.Optional.Iminent, C:\Users\vdDHeSteYa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SFFMOEVL\IMinentToolbar[1].exe, , [67cc3defe7941a1c93ed191c2dd35da3], PUP.Optional.Iminent.A, C:\Users\vdDHeSteYa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U2LNN32M\IminentMinibarIE[1].exe, , [8ea53def17642a0c0db67f84d42dde22], PUP.Optional.AppsInstall, C:\Users\vdDHeSteYa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y2M69V1A\Avira-AntiVirus[1].exe, , [6ac970bc87f4c96da7e755670bf805fb], Trojan.SProtector, C:\Users\vdDHeSteYa\AppData\Local\Temp\18be6784_.exe, , [cd664fdde29921151d0fa7a4b0516d93], PUP.Optional.MultiPlug.A, C:\Users\vdDHeSteYa\AppData\Local\Temp\294823_.exe, , [ab889894b3c84fe7f56d46d729db7a86], PUP.Optional.GenericExt.A, C:\Users\vdDHeSteYa\AppData\Local\Temp\igdhbblpcellaljokkpfhcjlagemhgjl17faa\minibarchrome.exe, , [092aca62e299bf7772c22d1001ff2ad6], PUP.Optional.Iminent.A, C:\Users\vdDHeSteYa\AppData\Local\Temp\n7577\Iminent_1712-b2fcad5e.exe, , [2310ec40b3c80f27bd39af8f4ab732ce], PUP.Optional.Rapiddown, C:\Users\vdDHeSteYa\AppData\Local\Temp\n7577\s7577.exe, , [b77c8e9ed3a8063094d6213bc23f57a9], Trojan.Downloader, C:\Users\vdDHeSteYa\AppData\Local\Temp\n7577\saveclicker_1404-9acb73b8.exe, , [3ef585a706754ee83509036a23de659b], PUP.Optional.SupraSavings.A, C:\Windows\Installer\14034e.msi, , [85ae38f4255694a2ac31cd4f54b0b848], PUP.Optional.AdPeak.A, C:\Windows\Installer\158433.msi, , [86adea42fb80cb6b6a0870cdb54bac54], PUP.Optional.AdPeak.A, C:\Windows\SysWOW64\SecureAssist.dll, , [969d0d1f512a221491e18cb11de37888], PUP.Optional.AdPeak.A, C:\Program Files\003\xmkysecqun64.exe, , [f93a30fc54274beb3ce8d3988c76c43c], PUP.Optional.PCPerformer.A, C:\Windows\System32\roboot64.exe, , [2a09fe2eb0cb3afcedfb11673ac89868], PUP.Optional.SaveClicker.A, C:\ProgramData\SaveClicker\5dG.dat, , [48eb8ca0710ac86e926c3d6c16edee12], PUP.Optional.SaveClicker.A, C:\Program Files (x86)\SaveClicker\Nr.tlb, , [f34031fb0e6dfd394eb12a7fe81bca36], PUP.Optional.SaveClicker.A, C:\Program Files (x86)\SaveClicker\Nr.dat, , [f34031fb0e6dfd394eb12a7fe81bca36], PUP.Optional.SupraSavings.A, C:\Program Files\suprasavings\SecureAssist.exe, , [8fa484a8067565d19dced89758aaea16], PUP.Optional.SupraSavings.A, C:\Program Files\suprasavings\Installbat.dll, , [40f3d15b007b4beb8c2f452129d99769], PUP.Optional.SupraSavings.A, C:\Program Files\suprasavings\Installbat64.dll, , [40f3d15b007b4beb8c2f452129d99769], PUP.Optional.SupraSavings.A, C:\Program Files\suprasavings\InstallDLL.dll, , [40f3d15b007b4beb8c2f452129d99769], PUP.Optional.SupraSavings.A, C:\Program Files\suprasavings\InstallDLL64.dll, , [40f3d15b007b4beb8c2f452129d99769], PUP.Optional.SupraSavings.A, C:\Program Files\suprasavings\Microsoft.Deployment.WindowsInstaller.dll, , [40f3d15b007b4beb8c2f452129d99769], PUP.Optional.SupraSavings.A, C:\Program Files\suprasavings\Microsoft.Deployment.WindowsInstaller.xml, , [40f3d15b007b4beb8c2f452129d99769], PUP.Optional.SupraSavings.A, C:\Program Files\suprasavings\PCProxyDLL64.dll, , [40f3d15b007b4beb8c2f452129d99769], PUP.Optional.SupraSavings.A, C:\Program Files\suprasavings\SecureAssist.tlb, , [40f3d15b007b4beb8c2f452129d99769], PUP.Optional.SupraSavings.A, C:\Program Files\suprasavings\SecureAssist64.dll, , [40f3d15b007b4beb8c2f452129d99769], PUP.Optional.SupraSavings.A, C:\Program Files\suprasavings\SecureAssistLSP.exe, , [40f3d15b007b4beb8c2f452129d99769], PUP.Optional.SupraSavings.A, C:\Program Files\suprasavings\SecureAssistLSP.ini, , [40f3d15b007b4beb8c2f452129d99769], PUP.Optional.SupraSavings.A, C:\Program Files\suprasavings\SecureAssistLSP64.exe, , [40f3d15b007b4beb8c2f452129d99769], PUP.Optional.SupraSavings.A, C:\Program Files\suprasavings\uninstaller.exe, , [40f3d15b007b4beb8c2f452129d99769], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\background.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\CustomActionInstall, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\CustomActionUninstall, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_api-utils.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_base64.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_byte-streams.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_collection.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_content.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_cortex.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_cuddlefish.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_deprecate.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_environment.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_errors.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_events.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_file.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_functional.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_heritage.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_hidden-frame.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_light-traits.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_list.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_loader.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_match-pattern.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_memory.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_namespace.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_observer-service.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_plain-text-console.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_preferences-service.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_promise.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_querystring.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_runtime.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_sandbox.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_addonkit_page-mod.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_addonkit_private-browsing.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_addonkit_request.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_addonkit_windows.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_addon_runner.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_system.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_text-streams.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_timer.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_traceback.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_traits.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_unload.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_url.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_uuid.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_window-utils.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_xhr.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_xpcom.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_xul-app.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_bootstrap.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_globals.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_base_self.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_harness-options.json, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_prefs.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_utils_thumbnail.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_content_content-proxy.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_content_content-worker.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_content_loader.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_content_symbiont.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_content_worker.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_dom_events.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_events_assembler.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_event_core.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_event_target.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_icon.png, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_icon64.png, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_install.rdf, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_l10n_core.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_l10n_html.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_l10n_loader.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_l10n_locale.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_l10n_prefs.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_locales.json, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_main.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_privatebrowsing_utils.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_system_events.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_tabs_events.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_tabs_observer.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_tabs_tab.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_tabs_utils.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_traits_core.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_utils_data.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_utils_object.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_utils_registry.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_windows_dom.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_windows_loader.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_windows_observer.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_windows_tabs.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\ff_window_utils.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\icon128.png, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\icon16.png, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\icon32.png, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\icon48.png, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\icon64.png, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\icon8.png, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\iwalyk.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\manifest.json, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\marcopolo.js, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\Microsoft.Deployment.WindowsInstaller.dll, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\Microsoft.Deployment.WindowsInstaller.xml, , [75be25076a11e551744789dd3ac88878], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\SendJson.dll, , [75be25076a11e551744789dd3ac88878], Physische Sektoren: 0 (No malicious items detected) (end) AVIRA: Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Samstag, 19. April 2014 17:53
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Antivirus Free
Seriennummer : 0000149996-AVHOE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : VDDHESTEYA-PC
Versionsinformationen:
BUILD.DAT : 14.0.3.350 56624 Bytes 25.02.2014 11:41:00
AVSCAN.EXE : 14.0.3.332 1058384 Bytes 25.02.2014 09:41:04
AVSCANRC.DLL : 14.0.2.180 62008 Bytes 25.02.2014 09:41:04
LUKE.DLL : 14.0.3.336 65616 Bytes 25.02.2014 09:41:05
AVSCPLR.DLL : 14.0.3.336 124496 Bytes 25.02.2014 09:41:04
AVREG.DLL : 14.0.3.336 250448 Bytes 25.02.2014 09:41:04
avlode.dll : 14.0.3.336 544848 Bytes 25.02.2014 09:41:04
avlode.rdf : 14.0.4.14 63648 Bytes 19.04.2014 15:51:27
VBASE000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 09:41:06
VBASE001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 09:41:06
VBASE002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 09:41:06
VBASE003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 09:41:06
VBASE004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 09:41:06
VBASE005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 09:41:06
VBASE006.VDF : 7.11.139.38 15708672 Bytes 27.03.2014 15:51:50
VBASE007.VDF : 7.11.139.39 2048 Bytes 27.03.2014 15:51:50
VBASE008.VDF : 7.11.139.40 2048 Bytes 27.03.2014 15:51:50
VBASE009.VDF : 7.11.139.41 2048 Bytes 27.03.2014 15:51:51
VBASE010.VDF : 7.11.139.42 2048 Bytes 27.03.2014 15:51:51
VBASE011.VDF : 7.11.139.43 2048 Bytes 27.03.2014 15:51:51
VBASE012.VDF : 7.11.139.44 2048 Bytes 27.03.2014 15:51:51
VBASE013.VDF : 7.11.139.45 2048 Bytes 27.03.2014 15:51:51
VBASE014.VDF : 7.11.139.171 111104 Bytes 28.03.2014 15:51:51
VBASE015.VDF : 7.11.140.23 150016 Bytes 30.03.2014 15:51:51
VBASE016.VDF : 7.11.140.143 222720 Bytes 01.04.2014 15:51:52
VBASE017.VDF : 7.11.140.235 144384 Bytes 03.04.2014 15:51:52
VBASE018.VDF : 7.11.141.81 193536 Bytes 05.04.2014 15:51:52
VBASE019.VDF : 7.11.141.203 241152 Bytes 08.04.2014 15:51:53
VBASE020.VDF : 7.11.142.83 144896 Bytes 10.04.2014 15:51:53
VBASE021.VDF : 7.11.142.221 171008 Bytes 12.04.2014 15:51:53
VBASE022.VDF : 7.11.143.135 247296 Bytes 15.04.2014 15:51:53
VBASE023.VDF : 7.11.143.215 189952 Bytes 16.04.2014 15:51:54
VBASE024.VDF : 7.11.144.67 138752 Bytes 19.04.2014 15:51:54
VBASE025.VDF : 7.11.144.68 2048 Bytes 19.04.2014 15:51:54
VBASE026.VDF : 7.11.144.69 2048 Bytes 19.04.2014 15:51:54
VBASE027.VDF : 7.11.144.70 2048 Bytes 19.04.2014 15:51:54
VBASE028.VDF : 7.11.144.71 2048 Bytes 19.04.2014 15:51:54
VBASE029.VDF : 7.11.144.72 2048 Bytes 19.04.2014 15:51:54
VBASE030.VDF : 7.11.144.73 2048 Bytes 19.04.2014 15:51:54
VBASE031.VDF : 7.11.144.106 141824 Bytes 19.04.2014 15:51:55
Engineversion : 8.3.18.6
AEVDF.DLL : 8.3.0.4 118976 Bytes 19.04.2014 15:51:26
AESCRIPT.DLL : 8.1.4.200 528584 Bytes 19.04.2014 15:51:26
AESCN.DLL : 8.3.0.2 135360 Bytes 19.04.2014 15:51:26
AESBX.DLL : 8.2.20.6 1331575 Bytes 25.02.2014 09:41:04
AERDL.DLL : 8.2.0.138 704888 Bytes 25.02.2014 09:41:04
AEPACK.DLL : 8.4.0.16 778440 Bytes 19.04.2014 15:51:26
AEOFFICE.DLL : 8.3.0.4 205000 Bytes 19.04.2014 15:51:25
AEHEUR.DLL : 8.1.4.1014 6664392 Bytes 19.04.2014 15:51:25
AEHELP.DLL : 8.3.0.0 274808 Bytes 19.04.2014 15:51:21
AEGEN.DLL : 8.1.7.26 450752 Bytes 19.04.2014 15:51:20
AEEXP.DLL : 8.4.1.258 512376 Bytes 19.04.2014 15:51:27
AEEMU.DLL : 8.1.3.2 393587 Bytes 25.02.2014 09:41:04
AECORE.DLL : 8.3.0.6 241864 Bytes 19.04.2014 15:51:20
AEBB.DLL : 8.1.1.4 53619 Bytes 25.02.2014 09:41:04
AVWINLL.DLL : 14.0.3.252 23608 Bytes 25.02.2014 09:41:05
AVPREF.DLL : 14.0.3.252 48696 Bytes 25.02.2014 09:41:04
AVREP.DLL : 14.0.3.252 175672 Bytes 25.02.2014 09:41:04
AVARKT.DLL : 14.0.3.336 256080 Bytes 25.02.2014 09:41:04
AVEVTLOG.DLL : 14.0.3.336 165968 Bytes 25.02.2014 09:41:04
SQLITE3.DLL : 3.7.0.1 394808 Bytes 25.02.2014 09:41:06
AVSMTP.DLL : 14.0.3.252 60472 Bytes 25.02.2014 09:41:04
NETNT.DLL : 14.0.3.252 13368 Bytes 25.02.2014 09:41:05
RCIMAGE.DLL : 14.0.3.260 4979256 Bytes 25.02.2014 09:41:06
RCTEXT.DLL : 14.0.3.282 72760 Bytes 25.02.2014 09:41:06
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Schnelle Systemprüfung
Konfigurationsdatei...................: c:\program files (x86)\avira\antivir desktop\quicksysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Samstag, 19. April 2014 17:53
Der Suchlauf über die Bootsektoren wird begonnen:
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '92' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '118' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '163' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvxdsync.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '44' Modul(e) wurden durchsucht
Modul ist infiziert -> <c:\Program Files (x86)\Supporter\Supporter.dll>
[FUND] Ist das Trojanische Pferd TR/BProtector.A
[WARNUNG] Die Datei wurde ignoriert.
Modul ist infiziert -> <c:\Program Files (x86)\Supporter\SupporterSvc.dll>
[FUND] Enthält Erkennungsmuster der Adware ADWARE/AgentCV.A.2926
[WARNUNG] Die Datei wurde ignoriert.
Durchsuche Prozess 'SecureAssist.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'xmkysecqun64.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '205' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '107' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'sppsvc.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'mscorsvw.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'mscorsvw.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'wuauclt.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '108' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '123' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
c:\Program Files (x86)\Supporter\SupporterSvc.dll
[FUND] Enthält Erkennungsmuster der Adware ADWARE/AgentCV.A.2926
[WARNUNG] Die Datei wurde ignoriert.
c:\Program Files (x86)\Supporter\Supporter.dll
[FUND] Ist das Trojanische Pferd TR/BProtector.A
[WARNUNG] Die Datei wurde ignoriert.
Ende des Suchlaufs: Samstag, 19. April 2014 17:59
Benötigte Zeit: 05:50 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
0 Verzeichnisse wurden überprüft
1741 Dateien wurden geprüft
4 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
1737 Dateien ohne Befall
2 Archive wurden durchsucht
4 Warnungen
0 Hinweise
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2014 Ran by vdDHeSteYa (administrator) on VDDHESTEYA-PC on 22-04-2014 21:23:46 Running from C:\Users\vdDHeSteYa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLP0PTG8 Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (SecureAssist) C:\Program Files\SupraSavings\SecureAssist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe () C:\Program Files\003\xmkysecqun64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Farbar) C:\Users\vdDHeSteYa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLP0PTG8\FRST64[1].exe ==================== Registry (Whitelisted) ================== HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG) AppInit_DLLs: C:\PROGRA~2\SUPPOR~1\SUPPOR~2.DLL => C:\Program Files (x86)\Supporter\Supporter_x64.dll [4621312 2014-04-17] () AppInit_DLLs-x32: c:\progra~2\suppor~1\suppor~1.dll => C:\Program Files (x86)\Supporter\Supporter.dll [4378112 2014-04-17] () IFEO\DatamngrCoordinator.exe: [Debugger] tasklist.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD8B978418E59CF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de URLSearchHook: HKCU - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: SaveClicker - {FB3E1634-45A0-E739-D709-A3BF1FB95E12} - C:\Program Files (x86)\SaveClicker\Nr.x64.dll () BHO-x32: 2rs3 - {10AD2C61-0898-4348-8600-14A342F22AC3} - C:\Program Files (x86)\SupraSavings\2rs3.dll () BHO-x32: No Name - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: SaveClicker - {FB3E1634-45A0-E739-D709-A3BF1FB95E12} - C:\Program Files (x86)\SaveClicker\Nr.dll () Winsock: Catalog9 01 C:\Windows\SysWOW64\SecureAssist.dll [295080] (SecureAssist) Winsock: Catalog9 02 C:\Windows\SysWOW64\SecureAssist.dll [295080] (SecureAssist) Winsock: Catalog9 03 C:\Windows\SysWOW64\SecureAssist.dll [295080] (SecureAssist) Winsock: Catalog9 04 C:\Windows\SysWOW64\SecureAssist.dll [295080] (SecureAssist) Winsock: Catalog9 15 C:\Windows\SysWOW64\SecureAssist.dll [295080] (SecureAssist) Winsock: Catalog9-x64 01 C:\Windows\system32\SecureAssist64.dll [338120] (SecureAssist) Winsock: Catalog9-x64 02 C:\Windows\system32\SecureAssist64.dll [338120] (SecureAssist) Winsock: Catalog9-x64 03 C:\Windows\system32\SecureAssist64.dll [338120] (SecureAssist) Winsock: Catalog9-x64 04 C:\Windows\system32\SecureAssist64.dll [338120] (SecureAssist) Winsock: Catalog9-x64 15 C:\Windows\system32\SecureAssist64.dll [338120] (SecureAssist) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR Extension: (SaveClicker) - C:\Users\vdDHeSteYa\AppData\Local\Google\Chrome\User Data\Default\Extensions\iogpddcklcnjhioiaadiajaboepegdal [2014-04-17] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG) R2 be0fb33b; C:\Program Files (x86)\Supporter\SupporterSvc.dll [178000 2014-04-17] () R2 SecureAssist; C:\Program Files\SupraSavings\SecureAssist.exe [1558032 2014-03-12] (SecureAssist) R2 xmkysecqun64; C:\Program Files\003\xmkysecqun64.exe [706560 2014-04-17] () ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-22] (Malwarebytes Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-22 21:23 - 2014-04-22 21:23 - 00000000 ____D () C:\FRST 2014-04-22 21:22 - 2014-04-22 21:22 - 02061312 _____ (Farbar) C:\Users\vdDHeSteYa\Downloads\FRST64.exe 2014-04-22 21:10 - 2014-04-22 21:10 - 00035013 _____ () C:\Users\vdDHeSteYa\Documents\mwbam.txt 2014-04-22 19:40 - 2014-04-22 19:40 - 00020636 _____ () C:\Users\vdDHeSteYa\Documents\AVSCAN-20140419-175301-7E690C72.LOG 2014-04-19 18:01 - 2014-04-22 19:40 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-19 18:01 - 2014-04-19 18:01 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-19 18:01 - 2014-04-19 18:01 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-19 18:01 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-19 18:01 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-19 18:01 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-19 18:00 - 2014-04-19 18:00 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\vdDHeSteYa\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-19 17:51 - 2014-04-19 17:51 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Roaming\Avira 2014-04-19 17:50 - 2014-04-19 17:50 - 00002073 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2014-04-19 17:50 - 2014-04-19 17:50 - 00000000 ____D () C:\ProgramData\Avira 2014-04-19 17:50 - 2014-04-19 17:50 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-04-19 17:50 - 2014-02-25 11:41 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-04-19 17:50 - 2014-02-25 11:41 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-04-19 17:50 - 2014-02-25 11:41 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2014-04-19 17:48 - 2014-04-19 17:48 - 138607664 _____ () C:\Users\vdDHeSteYa\Downloads\avira_free_antivirus_de_14.0.3.350.exe 2014-04-19 17:33 - 2014-04-19 17:33 - 00003556 _____ () C:\Windows\System32\Tasks\CreateChoiceProcessTask 2014-04-19 17:33 - 2014-04-19 17:33 - 00001757 _____ () C:\Users\Public\Desktop\Browserwahl.lnk 2014-04-19 17:20 - 2012-07-26 06:55 - 00785512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys 2014-04-19 17:20 - 2012-07-26 06:55 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys 2014-04-19 17:20 - 2012-07-26 04:36 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll 2014-04-19 17:20 - 2012-06-02 16:35 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf 2014-04-19 17:14 - 2010-02-23 10:16 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\browserchoice.exe 2014-04-19 16:56 - 2012-07-26 05:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll 2014-04-19 16:56 - 2012-07-26 05:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe 2014-04-19 16:56 - 2012-07-26 05:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll 2014-04-19 16:56 - 2012-07-26 05:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll 2014-04-19 16:56 - 2012-07-26 05:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll 2014-04-19 16:56 - 2012-07-26 04:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys 2014-04-19 16:56 - 2012-07-26 04:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys 2014-04-19 16:56 - 2012-06-02 16:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf 2014-04-19 16:47 - 2013-10-12 04:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll 2014-04-19 16:47 - 2013-10-12 04:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2014-04-19 16:47 - 2013-10-12 04:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL 2014-04-19 16:47 - 2013-10-12 04:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll 2014-04-19 16:47 - 2013-10-12 04:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL 2014-04-19 16:47 - 2012-06-06 08:02 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll 2014-04-19 16:47 - 2012-06-06 07:03 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll 2014-04-19 16:43 - 2012-03-01 08:46 - 00023408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys 2014-04-19 16:43 - 2012-03-01 08:38 - 00220672 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2014-04-19 16:43 - 2012-03-01 08:33 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll 2014-04-19 16:43 - 2012-03-01 08:28 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll 2014-04-19 16:43 - 2012-03-01 07:37 - 00172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2014-04-19 16:43 - 2012-03-01 07:33 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll 2014-04-19 16:43 - 2012-03-01 07:29 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll 2014-04-17 07:18 - 2014-03-12 16:00 - 00338120 _____ (SecureAssist) C:\Windows\system32\SecureAssist64.dll 2014-04-17 07:18 - 2014-03-12 16:00 - 00295080 _____ (SecureAssist) C:\Windows\SysWOW64\SecureAssist.dll 2014-04-17 07:17 - 2014-04-22 19:39 - 00003132 _____ () C:\Windows\System32\Tasks\System Speedup 2014-04-17 07:17 - 2014-04-22 19:38 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Roaming\System Speedup 2014-04-17 07:17 - 2014-04-19 16:47 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Roaming\systweak 2014-04-17 07:17 - 2014-04-17 07:23 - 00000302 _____ () C:\Windows\Tasks\System Speedup_UPDATES.job 2014-04-17 07:17 - 2014-04-17 07:23 - 00000294 _____ () C:\Windows\Tasks\System Speedup_DEFAULT.job 2014-04-17 07:17 - 2014-04-17 07:17 - 00003064 _____ () C:\Windows\System32\Tasks\System Speedup_UPDATES 2014-04-17 07:17 - 2014-04-17 07:17 - 00002908 _____ () C:\Windows\System32\Tasks\System Speedup_DEFAULT 2014-04-17 07:17 - 2014-04-17 07:17 - 00001081 _____ () C:\Users\Public\Desktop\System Speedup.lnk 2014-04-17 07:17 - 2014-04-17 07:17 - 00000000 ____D () C:\Program Files (x86)\Supporter 2014-04-17 07:17 - 2013-12-13 17:53 - 00019544 _____ (System Speedup) C:\Windows\system32\roboot64.exe 2014-04-17 07:16 - 2014-04-19 16:43 - 00000000 ____D () C:\Program Files (x86)\IminentToolbar 2014-04-17 07:16 - 2014-04-17 07:17 - 00000000 ____D () C:\Program Files (x86)\System Speedup 2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\Torch 2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\Packages 2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\Google 2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\Comodo 2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch 2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google 2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo 2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\HomeGroupUser$ 2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Gast\AppData\Local\Torch 2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google 2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo 2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Gast 2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch 2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo 2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Administrator 2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\ProgramData\SaveClicker 2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\ProgramData\a408305a3ffb7129 2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Program Files (x86)\SupraSavings 2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Program Files (x86)\SaveClicker 2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-04-17 07:15 - 2014-04-17 07:18 - 00000000 ____D () C:\Program Files\suprasavings 2014-04-17 07:15 - 2014-04-17 07:15 - 00000000 ____D () C:\Program Files\003 2014-04-17 07:12 - 2014-04-17 07:12 - 00002765 _____ () C:\Users\vdDHeSteYa\Desktop\Continue Avira-AntiVirus.lnk 2014-04-17 07:11 - 2011-11-19 16:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-04-17 07:11 - 2011-11-19 16:01 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-04-17 00:46 - 2014-04-17 00:46 - 00000000 ___HD () C:\Tools 2014-04-16 17:54 - 2012-02-17 08:38 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll 2014-04-16 17:54 - 2012-02-17 07:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll 2014-04-16 17:54 - 2012-02-17 06:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2014-04-16 17:54 - 2012-02-17 06:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys 2014-04-16 17:49 - 2012-06-03 00:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-04-16 17:49 - 2012-06-03 00:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-04-16 17:49 - 2012-06-03 00:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-04-16 17:49 - 2012-06-03 00:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-04-16 17:48 - 2012-06-03 00:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-04-16 17:48 - 2012-06-03 00:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-04-16 17:48 - 2012-06-03 00:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-04-16 17:48 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-04-16 17:48 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-04-16 17:43 - 2014-04-22 21:16 - 00003970 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5C497AA6-8DA4-4F51-9231-255D2BE41896} 2014-04-16 17:39 - 2014-04-16 17:39 - 00000000 ____D () C:\Users\vdDHeSteYa\Desktop\Acronis installieren 2014-04-16 17:39 - 2014-04-16 17:39 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Roaming\ESET 2014-04-16 17:39 - 2014-04-16 17:39 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\VirtualStore 2014-04-16 17:39 - 2014-04-16 17:39 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\ESET 2014-04-16 17:35 - 2014-04-16 17:39 - 00001446 _____ () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-04-16 17:35 - 2014-04-16 17:39 - 00001412 _____ () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2014-04-16 17:35 - 2014-04-16 17:39 - 00000000 ___RD () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-16 17:35 - 2014-04-16 17:39 - 00000000 ___RD () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Vorlagen 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Startmenü 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Netzwerkumgebung 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Lokale Einstellungen 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Eigene Dateien 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Druckumgebung 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Documents\Eigene Musik 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Documents\Eigene Bilder 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\AppData\Local\Verlauf 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\AppData\Local\Anwendungsdaten 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Anwendungsdaten 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Vorlagen 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Startmenü 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Druckumgebung 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Programme 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\ProgramData\Vorlagen 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\ProgramData\Startmenü 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\ProgramData\Favoriten 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\ProgramData\Dokumente 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Dokumente und Einstellungen 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 __SHD () C:\Recovery 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 ____D () C:\Users\vdDHeSteYa 2014-04-16 17:35 - 2013-07-18 15:09 - 00057560 _____ () C:\Users\vdDHeSteYa\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-16 17:35 - 2013-07-18 15:09 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\Windows Live 2014-04-16 17:35 - 2010-11-21 04:50 - 00000020 ___SH () C:\Users\vdDHeSteYa\ntuser.ini 2014-04-16 17:35 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-04-16 17:35 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-04-16 16:30 - 2014-04-22 21:17 - 01171471 _____ () C:\Windows\WindowsUpdate.log 2014-04-16 14:59 - 2014-04-16 14:59 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-04-16 14:58 - 2014-04-16 14:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_cvusbdrv_01009.Wdf 2014-04-16 14:58 - 2010-07-27 02:25 - 00043048 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\cvusbdrv.sys 2014-04-16 14:58 - 2010-07-07 00:45 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll 2014-04-16 14:54 - 2013-01-15 06:58 - 06382880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll 2014-04-16 14:54 - 2013-01-15 06:58 - 03460896 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll 2014-04-16 14:54 - 2013-01-15 06:58 - 02558240 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll 2014-04-16 14:54 - 2013-01-15 06:58 - 00997664 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll 2014-04-16 14:54 - 2013-01-15 06:58 - 00884512 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe 2014-04-16 14:54 - 2013-01-15 06:58 - 00118560 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll 2014-04-16 14:54 - 2013-01-15 06:58 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll 2014-04-16 14:54 - 2013-01-15 06:58 - 00055584 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll 2014-04-16 14:53 - 2014-04-16 14:53 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2014-04-16 14:53 - 2014-04-16 14:53 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-04-16 14:53 - 2013-01-19 07:55 - 26931488 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2014-04-16 14:53 - 2013-01-19 07:55 - 20450080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2014-04-16 14:53 - 2013-01-19 07:55 - 15052728 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll 2014-04-16 14:53 - 2013-01-19 07:55 - 12641480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2014-04-16 14:53 - 2013-01-19 07:55 - 11012384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2014-04-16 14:53 - 2013-01-19 07:55 - 07564040 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2014-04-16 14:53 - 2013-01-19 07:55 - 06262608 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2014-04-16 14:53 - 2013-01-19 07:55 - 00061216 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll 2014-04-16 14:53 - 2013-01-19 07:55 - 00053024 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll 2014-04-16 14:53 - 2013-01-19 07:55 - 00017266 _____ () C:\Windows\system32\nvinfo.pb 2014-04-16 14:52 - 2013-01-19 07:55 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2014-04-16 14:52 - 2013-01-19 07:55 - 18054672 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2014-04-16 14:52 - 2013-01-19 07:55 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2014-04-16 14:52 - 2013-01-19 07:55 - 15129448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll 2014-04-16 14:52 - 2013-01-19 07:55 - 09390760 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2014-04-16 14:52 - 2013-01-19 07:55 - 07932256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2014-04-16 14:52 - 2013-01-19 07:55 - 02904352 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2014-04-16 14:52 - 2013-01-19 07:55 - 02826040 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll 2014-04-16 14:52 - 2013-01-19 07:55 - 02720544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2014-04-16 14:52 - 2013-01-19 07:55 - 02505144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2014-04-16 14:52 - 2013-01-19 07:55 - 02344736 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll 2014-04-16 14:52 - 2013-01-19 07:55 - 01985824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll 2014-04-16 14:52 - 2013-01-19 07:55 - 01814304 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco64.dll 2014-04-16 14:52 - 2013-01-19 07:55 - 01510176 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco64.dll 2014-04-16 14:52 - 2012-01-24 00:44 - 08616960 _____ (Intel Corporation) C:\Windows\system32\Drivers\NETwNs64.sys 2014-04-16 14:52 - 2010-05-19 07:32 - 02750464 _____ (Intel Corporation) C:\Windows\system32\NETwNr64.dll 2014-04-16 14:52 - 2010-05-19 07:30 - 00799232 _____ (Intel Corporation) C:\Windows\system32\NETwNc64.dll 2014-04-16 14:50 - 2013-07-18 15:09 - 00057560 _____ () C:\Users\Default\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-16 14:50 - 2013-07-18 15:09 - 00057560 _____ () C:\Users\Default User\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-16 14:50 - 2013-07-18 15:09 - 00000000 ____D () C:\Users\Default\AppData\Local\Windows Live 2014-04-16 14:50 - 2013-07-18 15:09 - 00000000 ____D () C:\Users\Default User\AppData\Local\Windows Live ==================== One Month Modified Files and Folders ======= 2014-04-22 21:23 - 2014-04-22 21:23 - 00000000 ____D () C:\FRST 2014-04-22 21:22 - 2014-04-22 21:22 - 02061312 _____ (Farbar) C:\Users\vdDHeSteYa\Downloads\FRST64.exe 2014-04-22 21:17 - 2014-04-16 16:30 - 01171471 _____ () C:\Windows\WindowsUpdate.log 2014-04-22 21:16 - 2014-04-16 17:43 - 00003970 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5C497AA6-8DA4-4F51-9231-255D2BE41896} 2014-04-22 21:10 - 2014-04-22 21:10 - 00035013 _____ () C:\Users\vdDHeSteYa\Documents\mwbam.txt 2014-04-22 20:35 - 2009-07-14 06:45 - 00016640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-22 20:35 - 2009-07-14 06:45 - 00016640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-22 19:40 - 2014-04-22 19:40 - 00020636 _____ () C:\Users\vdDHeSteYa\Documents\AVSCAN-20140419-175301-7E690C72.LOG 2014-04-22 19:40 - 2014-04-19 18:01 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-22 19:39 - 2014-04-17 07:17 - 00003132 _____ () C:\Windows\System32\Tasks\System Speedup 2014-04-22 19:38 - 2014-04-17 07:17 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Roaming\System Speedup 2014-04-22 19:38 - 2010-11-21 08:50 - 00696870 _____ () C:\Windows\system32\perfh007.dat 2014-04-22 19:38 - 2010-11-21 08:50 - 00148134 _____ () C:\Windows\system32\perfc007.dat 2014-04-22 19:38 - 2009-07-14 07:13 - 01612484 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-22 19:34 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-22 19:34 - 2009-07-14 06:51 - 00036940 _____ () C:\Windows\setupact.log 2014-04-22 19:33 - 2010-11-21 05:47 - 00108776 _____ () C:\Windows\PFRO.log 2014-04-19 18:01 - 2014-04-19 18:01 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-19 18:01 - 2014-04-19 18:01 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-19 18:00 - 2014-04-19 18:00 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\vdDHeSteYa\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-19 17:51 - 2014-04-19 17:51 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Roaming\Avira 2014-04-19 17:50 - 2014-04-19 17:50 - 00002073 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2014-04-19 17:50 - 2014-04-19 17:50 - 00000000 ____D () C:\ProgramData\Avira 2014-04-19 17:50 - 2014-04-19 17:50 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-04-19 17:48 - 2014-04-19 17:48 - 138607664 _____ () C:\Users\vdDHeSteYa\Downloads\avira_free_antivirus_de_14.0.3.350.exe 2014-04-19 17:33 - 2014-04-19 17:33 - 00003556 _____ () C:\Windows\System32\Tasks\CreateChoiceProcessTask 2014-04-19 17:33 - 2014-04-19 17:33 - 00001757 _____ () C:\Users\Public\Desktop\Browserwahl.lnk 2014-04-19 17:30 - 2013-07-18 14:39 - 01589650 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-04-19 16:47 - 2014-04-17 07:17 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Roaming\systweak 2014-04-19 16:43 - 2014-04-17 07:16 - 00000000 ____D () C:\Program Files (x86)\IminentToolbar 2014-04-17 07:23 - 2014-04-17 07:17 - 00000302 _____ () C:\Windows\Tasks\System Speedup_UPDATES.job 2014-04-17 07:23 - 2014-04-17 07:17 - 00000294 _____ () C:\Windows\Tasks\System Speedup_DEFAULT.job 2014-04-17 07:18 - 2014-04-17 07:15 - 00000000 ____D () C:\Program Files\suprasavings 2014-04-17 07:18 - 2014-03-21 12:27 - 00005552 _____ () C:\Windows\system32\SecureAssist.ini 2014-04-17 07:18 - 2014-03-21 12:27 - 00002504 _____ () C:\Windows\SysWOW64\SecureAssistOff.ini 2014-04-17 07:18 - 2014-03-21 12:27 - 00002504 _____ () C:\Windows\system32\SecureAssistOff.ini 2014-04-17 07:17 - 2014-04-17 07:17 - 00003064 _____ () C:\Windows\System32\Tasks\System Speedup_UPDATES 2014-04-17 07:17 - 2014-04-17 07:17 - 00002908 _____ () C:\Windows\System32\Tasks\System Speedup_DEFAULT 2014-04-17 07:17 - 2014-04-17 07:17 - 00001081 _____ () C:\Users\Public\Desktop\System Speedup.lnk 2014-04-17 07:17 - 2014-04-17 07:17 - 00000000 ____D () C:\Program Files (x86)\Supporter 2014-04-17 07:17 - 2014-04-17 07:16 - 00000000 ____D () C:\Program Files (x86)\System Speedup 2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\Torch 2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\Packages 2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\Google 2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\Comodo 2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch 2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google 2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo 2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\HomeGroupUser$ 2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Gast\AppData\Local\Torch 2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google 2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo 2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Gast 2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch 2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo 2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Administrator 2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\ProgramData\SaveClicker 2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\ProgramData\a408305a3ffb7129 2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Program Files (x86)\SupraSavings 2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Program Files (x86)\SaveClicker 2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-04-17 07:15 - 2014-04-17 07:15 - 00000000 ____D () C:\Program Files\003 2014-04-17 07:12 - 2014-04-17 07:12 - 00002765 _____ () C:\Users\vdDHeSteYa\Desktop\Continue Avira-AntiVirus.lnk 2014-04-17 00:47 - 2009-07-14 07:38 - 00029696 ___SH () C:\Windows\system32\config\BCD-Template.LOG 2014-04-17 00:47 - 2009-07-14 07:32 - 00032768 _____ () C:\Windows\system32\config\BCD-Template 2014-04-17 00:46 - 2014-04-17 00:46 - 00000000 ___HD () C:\Tools 2014-04-17 00:46 - 2013-07-19 00:07 - 00000000 ___HD () C:\RPKTools 2014-04-16 18:25 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2014-04-16 17:52 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-04-16 17:49 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries 2014-04-16 17:39 - 2014-04-16 17:39 - 00000000 ____D () C:\Users\vdDHeSteYa\Desktop\Acronis installieren 2014-04-16 17:39 - 2014-04-16 17:39 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Roaming\ESET 2014-04-16 17:39 - 2014-04-16 17:39 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\VirtualStore 2014-04-16 17:39 - 2014-04-16 17:39 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\ESET 2014-04-16 17:39 - 2014-04-16 17:35 - 00001446 _____ () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-04-16 17:39 - 2014-04-16 17:35 - 00001412 _____ () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2014-04-16 17:39 - 2014-04-16 17:35 - 00000000 ___RD () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-16 17:39 - 2014-04-16 17:35 - 00000000 ___RD () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Vorlagen 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Startmenü 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Netzwerkumgebung 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Lokale Einstellungen 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Eigene Dateien 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Druckumgebung 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Documents\Eigene Musik 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Documents\Eigene Bilder 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\AppData\Local\Verlauf 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\AppData\Local\Anwendungsdaten 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Anwendungsdaten 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Vorlagen 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Startmenü 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Druckumgebung 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Programme 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\ProgramData\Vorlagen 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\ProgramData\Startmenü 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\ProgramData\Favoriten 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\ProgramData\Dokumente 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Dokumente und Einstellungen 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 __SHD () C:\Recovery 2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 ____D () C:\Users\vdDHeSteYa 2014-04-16 17:35 - 2013-07-19 00:07 - 00000000 ____D () C:\Windows\Panther 2014-04-16 17:35 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\restore 2014-04-16 17:35 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default 2014-04-16 17:35 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Recovery 2014-04-16 17:35 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Windows NT 2014-04-16 16:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-04-16 16:07 - 2013-07-18 14:12 - 00005949 _____ () C:\Windows\TSSysprep.log 2014-04-16 16:07 - 2009-07-14 06:46 - 00004822 _____ () C:\Windows\DtcInstall.log 2014-04-16 15:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\sysprep 2014-04-16 14:59 - 2014-04-16 14:59 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-04-16 14:58 - 2014-04-16 14:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_cvusbdrv_01009.Wdf 2014-04-16 14:53 - 2014-04-16 14:53 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2014-04-16 14:53 - 2014-04-16 14:53 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-04-16 14:53 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help 2014-04-03 09:51 - 2014-04-19 18:01 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-04-19 18:01 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2014-04-19 18:01 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-31 09:35 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe Some content of TEMP: ==================== C:\Users\vdDHeSteYa\AppData\Local\Temp\18be6784_.exe C:\Users\vdDHeSteYa\AppData\Local\Temp\294823_.exe C:\Users\vdDHeSteYa\AppData\Local\Temp\avgnt.exe C:\Users\vdDHeSteYa\AppData\Local\Temp\SpOrder.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-18 14:08 ==================== End Of Log ============================ --- --- --- --- --- --- Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-04-2014
Ran by vdDHeSteYa at 2014-04-22 21:24:10
Running from C:\Users\vdDHeSteYa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLP0PTG8
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Disabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 311.03 (Version: 311.03 - NVIDIA Corporation) Hidden
SaveClicker (HKLM-x32\...\{E96338DC-1468-4918-8EC2-8454BFFC5025}) (Version: 4.3.0.1548 - SaveClicker) <==== ATTENTION
Supporter 1.80 (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{be0fb33b}) (Version: - SaveClicker) <==== ATTENTION
suprasavings (HKLM\...\suprasavings) (Version: 2.0.1 - suprasavings) <==== ATTENTION
SupraSavings (Version: 1.0.0.0 - SupraSavings) Hidden <==== ATTENTION
SupraSavings (x32 Version: 1.0.0.0 - SupraSavings) Hidden <==== ATTENTION
System Speedup (HKLM-x32\...\System Speedup_is1) (Version: 2.1 - systemspeedup.com)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
==================== Restore Points =========================
16-04-2014 15:35:49 ESET Smart Security wurde installiert
16-04-2014 15:48:34 Windows Update
16-04-2014 15:54:56 Windows Update
19-04-2014 14:42:50 Windows Update
19-04-2014 16:29:33 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {ADFB217B-DABE-444A-BDDC-0DE36F39C2D8} - System32\Tasks\System Speedup => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe [2013-12-13] (System Speedup)
Task: {C558E00C-72B2-4756-937D-9B9AC5B7393E} - System32\Tasks\System Speedup_UPDATES => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe [2013-12-13] (System Speedup)
Task: {D05B3068-FDFA-4C57-8767-89988BC23C58} - System32\Tasks\Microsoft\Windows\SetupSQMTask => C:\Windows\SYSTEM32\OOBE\SETUPSQM.EXE [2009-07-14] (Microsoft Corporation)
Task: {FCADAE58-2A7B-4F25-BBD5-5086085CB106} - System32\Tasks\System Speedup_DEFAULT => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe [2013-12-13] (System Speedup)
Task: C:\Windows\Tasks\System Speedup_DEFAULT.job => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe
Task: C:\Windows\Tasks\System Speedup_UPDATES.job => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe
==================== Loaded Modules (whitelisted) =============
2014-04-17 07:17 - 2014-04-17 07:17 - 04621312 _____ () C:\Program Files (x86)\Supporter\Supporter_x64.dll
2014-03-21 12:55 - 2014-03-21 12:55 - 00162816 _____ () c:\program files\suprasavings\pcproxydll64.dll
2014-04-17 07:15 - 2014-04-17 07:15 - 00706560 _____ () C:\Program Files\003\xmkysecqun64.exe
2014-04-16 14:54 - 2013-01-15 06:58 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-04-17 07:16 - 2013-04-17 07:16 - 00406016 _____ () C:\Program Files (x86)\SaveClicker\Nr.x64.dll
2014-04-19 17:50 - 2014-02-25 11:41 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-04-17 07:17 - 2014-04-17 07:17 - 04378112 _____ () C:\Program Files (x86)\Supporter\Supporter.dll
2014-04-17 07:17 - 2014-04-17 07:17 - 00178000 _____ () C:\Program Files (x86)\Supporter\SupporterSvc.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SecureAssist => ""="service"
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/22/2014 07:44:28 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7601.17514, Zeitstempel: 0x4ce79912
Name des fehlerhaften Moduls: Nr.dll, Version: 1.8.0.0, Zeitstempel: 0x53465ab6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001de94
ID des fehlerhaften Prozesses: 0xd64
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3
Error: (04/22/2014 07:43:48 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7601.17514, Zeitstempel: 0x4ce79912
Name des fehlerhaften Moduls: Nr.dll, Version: 1.8.0.0, Zeitstempel: 0x53465ab6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001de94
ID des fehlerhaften Prozesses: 0xc34
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3
Error: (04/22/2014 07:36:05 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/19/2014 05:41:01 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error: (04/19/2014 05:41:01 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error: (04/19/2014 05:41:01 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error: (04/19/2014 05:41:01 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error: (04/19/2014 05:41:01 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error: (04/19/2014 05:41:01 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error: (04/19/2014 05:41:01 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
System errors:
=============
Error: (04/22/2014 07:34:32 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 19.04.2014 um 18:30:02 unerwartet heruntergefahren.
Error: (04/17/2014 07:18:32 AM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Installer" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (04/17/2014 07:18:22 AM) (Source: Service Control Manager) (User: )
Description: Dienst "SecureAssist" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (04/17/2014 07:16:32 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (04/17/2014 07:16:23 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SProtection" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (04/16/2014 05:37:56 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "ESET Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Microsoft Office Sessions:
=========================
Error: (04/22/2014 07:44:28 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.7601.175144ce79912Nr.dll1.8.0.053465ab6c00000050001de94d6401cf5e5282665ac8C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\SaveClicker\Nr.dllc02f762c-ca45-11e3-a134-0024d67500f8
Error: (04/22/2014 07:43:48 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.7601.175144ce79912Nr.dll1.8.0.053465ab6c00000050001de94c3401cf5e52695c0107C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\SaveClicker\Nr.dlla8536b2d-ca45-11e3-a134-0024d67500f8
Error: (04/22/2014 07:36:05 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/19/2014 05:41:01 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (04/19/2014 05:41:01 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (04/19/2014 05:41:01 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (04/19/2014 05:41:01 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (04/19/2014 05:41:01 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (04/19/2014 05:41:01 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (04/19/2014 05:41:01 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
|
|
22.04.2014, 21:03
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nachweis über Zeitpunkt des Virenbefalls möglich? Adware/Junkware/Toolbars entfernen 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
22.04.2014, 22:19
| #5 |
| | Nachweis über Zeitpunkt des Virenbefalls möglich? zu 1: AdwCleaner Code:
ATTFilter # AdwCleaner v3.201 - Bericht erstellt am 22/04/2014 um 22:45:26
# Aktualisiert 22/04/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : vdDHeSteYa - VDDHESTEYA-PC
# Gestartet von : C:\Users\vdDHeSteYa\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : SECUREASSIST
Dienst Gelöscht : xmkysecqun64
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Speedup
Ordner Gelöscht : C:\Program Files (x86)\IminentToolbar
[!] Ordner Gelöscht : C:\Program Files (x86)\Supporter
Ordner Gelöscht : C:\Program Files (x86)\SupraSavings
Ordner Gelöscht : C:\Program Files (x86)\System Speedup
Ordner Gelöscht : C:\Program Files\003
Ordner Gelöscht : C:\Program Files\SupraSavings
Ordner Gelöscht : C:\Users\vdDHeSteYa\AppData\Local\torch
Ordner Gelöscht : C:\Users\VDDHES~1\AppData\Local\Temp\Iminent
Ordner Gelöscht : C:\Users\vdDHeSteYa\AppData\LocalLow\IminentToolbar
Ordner Gelöscht : C:\Users\vdDHeSteYa\AppData\Roaming\System Speedup
Ordner Gelöscht : C:\Users\vdDHeSteYa\AppData\Roaming\Systweak
Datei Gelöscht : C:\Windows\SysWOW64\SecureAssist.dll
Datei Gelöscht : C:\Windows\SysWOW64\SecureAssist.ini
Datei Gelöscht : C:\Windows\SysWOW64\SecureAssistOff.ini
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Windows\System32\SecureAssist.ini
Datei Gelöscht : C:\Windows\System32\SecureAssist64.dll
Datei Gelöscht : C:\Windows\System32\SecureAssistOff.ini
Datei Gelöscht : C:\Windows\Tasks\System Speedup_DEFAULT.job
Datei Gelöscht : C:\Windows\System32\Tasks\System Speedup_DEFAULT
Datei Gelöscht : C:\Windows\Tasks\System Speedup_UPDATES.job
Datei Gelöscht : C:\Windows\System32\Tasks\System Speedup_UPDATES
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IMinentToolbar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IMinentToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{be0fb33b}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10AD2C61-0898-4348-8600-14A342F22AC3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{112BA211-334C-4A90-90EC-2AD1CDAB287C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1FAFD711-ABF9-4F6A-8130-5166C7371427}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{112BA211-334C-4A90-90EC-2AD1CDAB287C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1FAFD711-ABF9-4F6A-8130-5166C7371427}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\RegisteredApplicationsEx
Schlüssel Gelöscht : HKCU\Software\suprasavings
Schlüssel Gelöscht : HKCU\Software\System Speedup
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Rr Savings
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\suprasavings
Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\Software\Rr Savings
Schlüssel Gelöscht : HKLM\Software\suprasavings
Schlüssel Gelöscht : HKLM\Software\System Speedup
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Speedup_is1
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Iminent
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Rr Savings
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\suprasavings
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\suprasavings
Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\suppor~1\suppor~1.dll
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SUPPOR~1\SUPPOR~2.DLL
***** [ Browser ] *****
-\\ Internet Explorer v8.0.7601.17514
*************************
AdwCleaner[R0].txt - [6793 octets] - [22/04/2014 22:41:36]
AdwCleaner[S0].txt - [6428 octets] - [22/04/2014 22:45:26]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6488 octets] ##########
zu 2. JRT Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by vdDHeSteYa on 22.04.2014 at 23:03:43,96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB3E1634-45A0-E739-D709-A3BF1FB95E12}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB3E1634-45A0-E739-D709-A3BF1FB95E12}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FB3E1634-45A0-E739-D709-A3BF1FB95E12}
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.04.2014 at 23:07:58,88
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
zu 3. FRST log FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2014
Ran by vdDHeSteYa (administrator) on VDDHESTEYA-PC on 22-04-2014 23:10:36
Running from C:\Users\vdDHeSteYa\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
==================== Registry (Whitelisted) ==================
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
IFEO\DatamngrCoordinator.exe: [Debugger] tasklist.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD8B978418E59CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: SaveClicker - {FB3E1634-45A0-E739-D709-A3BF1FB95E12} - C:\Program Files (x86)\SaveClicker\Nr.x64.dll ()
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (SaveClicker) - C:\Users\vdDHeSteYa\AppData\Local\Google\Chrome\User Data\Default\Extensions\iogpddcklcnjhioiaadiajaboepegdal [2014-04-17]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
S2 be0fb33b; "C:\Windows\system32\rundll32.exe" "c:\progra~2\suppor~1\SupporterSvc.dll",service
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-22] (Malwarebytes Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-22 23:10 - 2014-04-22 23:10 - 00004458 _____ () C:\Users\vdDHeSteYa\Desktop\FRST.txt
2014-04-22 23:07 - 2014-04-22 23:07 - 00001057 _____ () C:\Users\vdDHeSteYa\Desktop\JRT.txt
2014-04-22 22:54 - 2014-04-22 22:54 - 00000000 ____D () C:\Windows\ERUNT
2014-04-22 22:53 - 2014-04-22 22:53 - 00006600 _____ () C:\Users\vdDHeSteYa\Documents\AdwCleaner[S0].txt
2014-04-22 22:52 - 2014-04-22 22:52 - 01016261 _____ (Thisisu) C:\Users\vdDHeSteYa\Desktop\JRT.exe
2014-04-22 22:41 - 2014-04-22 22:45 - 00000000 ____D () C:\AdwCleaner
2014-04-22 22:38 - 2014-04-22 22:38 - 01345471 _____ () C:\Users\vdDHeSteYa\Desktop\adwcleaner.exe
2014-04-22 21:35 - 2014-04-22 21:35 - 00232298 _____ () C:\Users\vdDHeSteYa\Documents\Ereignisse.txt
2014-04-22 21:23 - 2014-04-22 23:10 - 00000000 ____D () C:\FRST
2014-04-22 21:22 - 2014-04-22 21:22 - 02061312 _____ (Farbar) C:\Users\vdDHeSteYa\Desktop\FRST64.exe
2014-04-22 21:10 - 2014-04-22 21:10 - 00035013 _____ () C:\Users\vdDHeSteYa\Documents\mwbam.txt
2014-04-22 19:40 - 2014-04-22 19:40 - 00020636 _____ () C:\Users\vdDHeSteYa\Documents\AVSCAN-20140419-175301-7E690C72.LOG
2014-04-19 18:01 - 2014-04-22 19:40 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-19 18:01 - 2014-04-19 18:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-19 18:01 - 2014-04-19 18:01 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-04-19 18:01 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-19 18:01 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-19 18:01 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-19 18:00 - 2014-04-19 18:00 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\vdDHeSteYa\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-19 17:51 - 2014-04-19 17:51 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Roaming\Avira
2014-04-19 17:50 - 2014-04-19 17:50 - 00002073 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-04-19 17:50 - 2014-04-19 17:50 - 00000000 ____D () C:\ProgramData\Avira
2014-04-19 17:50 - 2014-04-19 17:50 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-04-19 17:50 - 2014-02-25 11:41 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-04-19 17:50 - 2014-02-25 11:41 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-04-19 17:50 - 2014-02-25 11:41 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-04-19 17:48 - 2014-04-19 17:48 - 138607664 _____ () C:\Users\vdDHeSteYa\Downloads\avira_free_antivirus_de_14.0.3.350.exe
2014-04-19 17:33 - 2014-04-19 17:33 - 00003556 _____ () C:\Windows\System32\Tasks\CreateChoiceProcessTask
2014-04-19 17:33 - 2014-04-19 17:33 - 00001757 _____ () C:\Users\Public\Desktop\Browserwahl.lnk
2014-04-19 17:20 - 2012-07-26 06:55 - 00785512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-04-19 17:20 - 2012-07-26 06:55 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2014-04-19 17:20 - 2012-07-26 04:36 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2014-04-19 17:20 - 2012-06-02 16:35 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2014-04-19 17:14 - 2010-02-23 10:16 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\browserchoice.exe
2014-04-19 16:56 - 2012-07-26 05:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2014-04-19 16:56 - 2012-07-26 05:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2014-04-19 16:56 - 2012-07-26 05:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2014-04-19 16:56 - 2012-07-26 05:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2014-04-19 16:56 - 2012-07-26 05:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2014-04-19 16:56 - 2012-07-26 04:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2014-04-19 16:56 - 2012-07-26 04:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2014-04-19 16:56 - 2012-06-02 16:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2014-04-19 16:47 - 2013-10-12 04:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-04-19 16:47 - 2013-10-12 04:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-04-19 16:47 - 2013-10-12 04:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-04-19 16:47 - 2013-10-12 04:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2014-04-19 16:47 - 2013-10-12 04:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2014-04-19 16:47 - 2012-06-06 08:02 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2014-04-19 16:47 - 2012-06-06 07:03 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2014-04-19 16:43 - 2012-03-01 08:46 - 00023408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
2014-04-19 16:43 - 2012-03-01 08:38 - 00220672 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-04-19 16:43 - 2012-03-01 08:33 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-04-19 16:43 - 2012-03-01 08:28 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
2014-04-19 16:43 - 2012-03-01 07:37 - 00172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-04-19 16:43 - 2012-03-01 07:33 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-04-19 16:43 - 2012-03-01 07:29 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2014-04-17 07:17 - 2014-04-22 19:39 - 00003132 _____ () C:\Windows\System32\Tasks\System Speedup
2014-04-17 07:17 - 2014-04-17 07:17 - 00001081 _____ () C:\Users\Public\Desktop\System Speedup.lnk
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\Packages
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\Google
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\Comodo
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Gast\AppData\Local\Torch
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Gast
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Administrator
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\ProgramData\SaveClicker
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\ProgramData\a408305a3ffb7129
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Program Files (x86)\SaveClicker
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-17 07:12 - 2014-04-17 07:12 - 00002765 _____ () C:\Users\vdDHeSteYa\Desktop\Continue Avira-AntiVirus.lnk
2014-04-17 07:11 - 2011-11-19 16:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-04-17 07:11 - 2011-11-19 16:01 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-04-17 00:46 - 2014-04-17 00:46 - 00000000 ___HD () C:\Tools
2014-04-16 17:54 - 2012-02-17 08:38 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2014-04-16 17:54 - 2012-02-17 07:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2014-04-16 17:54 - 2012-02-17 06:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-04-16 17:54 - 2012-02-17 06:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2014-04-16 17:49 - 2012-06-03 00:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-04-16 17:49 - 2012-06-03 00:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-04-16 17:49 - 2012-06-03 00:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-04-16 17:49 - 2012-06-03 00:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-04-16 17:48 - 2012-06-03 00:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-04-16 17:48 - 2012-06-03 00:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-04-16 17:48 - 2012-06-03 00:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-04-16 17:48 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-04-16 17:48 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-04-16 17:43 - 2014-04-22 21:16 - 00003970 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5C497AA6-8DA4-4F51-9231-255D2BE41896}
2014-04-16 17:39 - 2014-04-16 17:39 - 00000000 ____D () C:\Users\vdDHeSteYa\Desktop\Acronis installieren
2014-04-16 17:39 - 2014-04-16 17:39 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Roaming\ESET
2014-04-16 17:39 - 2014-04-16 17:39 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\VirtualStore
2014-04-16 17:39 - 2014-04-16 17:39 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\ESET
2014-04-16 17:35 - 2014-04-16 17:39 - 00001446 _____ () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-16 17:35 - 2014-04-16 17:39 - 00001412 _____ () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-04-16 17:35 - 2014-04-16 17:39 - 00000000 ___RD () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-16 17:35 - 2014-04-16 17:39 - 00000000 ___RD () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Vorlagen
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Startmenü
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Netzwerkumgebung
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Lokale Einstellungen
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Eigene Dateien
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Druckumgebung
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Documents\Eigene Musik
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Documents\Eigene Bilder
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\AppData\Local\Verlauf
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\AppData\Local\Anwendungsdaten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Anwendungsdaten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Programme
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\ProgramData\Favoriten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 __SHD () C:\Recovery
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 ____D () C:\Users\vdDHeSteYa
2014-04-16 17:35 - 2013-07-18 15:09 - 00057560 _____ () C:\Users\vdDHeSteYa\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-16 17:35 - 2013-07-18 15:09 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\Windows Live
2014-04-16 17:35 - 2010-11-21 04:50 - 00000020 ___SH () C:\Users\vdDHeSteYa\ntuser.ini
2014-04-16 17:35 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-04-16 17:35 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-04-16 16:30 - 2014-04-22 23:09 - 01222797 _____ () C:\Windows\WindowsUpdate.log
2014-04-16 14:59 - 2014-04-16 14:59 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-16 14:58 - 2014-04-16 14:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_cvusbdrv_01009.Wdf
2014-04-16 14:58 - 2010-07-27 02:25 - 00043048 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\cvusbdrv.sys
2014-04-16 14:58 - 2010-07-07 00:45 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2014-04-16 14:54 - 2013-01-15 06:58 - 06382880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-04-16 14:54 - 2013-01-15 06:58 - 03460896 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-04-16 14:54 - 2013-01-15 06:58 - 02558240 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-04-16 14:54 - 2013-01-15 06:58 - 00997664 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2014-04-16 14:54 - 2013-01-15 06:58 - 00884512 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-04-16 14:54 - 2013-01-15 06:58 - 00118560 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-04-16 14:54 - 2013-01-15 06:58 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-04-16 14:54 - 2013-01-15 06:58 - 00055584 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2014-04-16 14:53 - 2014-04-16 14:53 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-04-16 14:53 - 2014-04-16 14:53 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-04-16 14:53 - 2013-01-19 07:55 - 26931488 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-04-16 14:53 - 2013-01-19 07:55 - 20450080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-04-16 14:53 - 2013-01-19 07:55 - 15052728 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-04-16 14:53 - 2013-01-19 07:55 - 12641480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-04-16 14:53 - 2013-01-19 07:55 - 11012384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-04-16 14:53 - 2013-01-19 07:55 - 07564040 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-04-16 14:53 - 2013-01-19 07:55 - 06262608 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-04-16 14:53 - 2013-01-19 07:55 - 00061216 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-04-16 14:53 - 2013-01-19 07:55 - 00053024 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-04-16 14:53 - 2013-01-19 07:55 - 00017266 _____ () C:\Windows\system32\nvinfo.pb
2014-04-16 14:52 - 2013-01-19 07:55 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 18054672 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 15129448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 09390760 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 07932256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 02904352 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 02826040 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 02720544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 02505144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 02344736 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 01985824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 01814304 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco64.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 01510176 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco64.dll
2014-04-16 14:52 - 2012-01-24 00:44 - 08616960 _____ (Intel Corporation) C:\Windows\system32\Drivers\NETwNs64.sys
2014-04-16 14:52 - 2010-05-19 07:32 - 02750464 _____ (Intel Corporation) C:\Windows\system32\NETwNr64.dll
2014-04-16 14:52 - 2010-05-19 07:30 - 00799232 _____ (Intel Corporation) C:\Windows\system32\NETwNc64.dll
2014-04-16 14:50 - 2013-07-18 15:09 - 00057560 _____ () C:\Users\Default\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-16 14:50 - 2013-07-18 15:09 - 00057560 _____ () C:\Users\Default User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-16 14:50 - 2013-07-18 15:09 - 00000000 ____D () C:\Users\Default\AppData\Local\Windows Live
2014-04-16 14:50 - 2013-07-18 15:09 - 00000000 ____D () C:\Users\Default User\AppData\Local\Windows Live
==================== One Month Modified Files and Folders =======
2014-04-22 23:10 - 2014-04-22 23:10 - 00004458 _____ () C:\Users\vdDHeSteYa\Desktop\FRST.txt
2014-04-22 23:10 - 2014-04-22 21:23 - 00000000 ____D () C:\FRST
2014-04-22 23:10 - 2014-04-16 16:30 - 01222797 _____ () C:\Windows\WindowsUpdate.log
2014-04-22 23:08 - 2010-11-21 08:50 - 00696870 _____ () C:\Windows\system32\perfh007.dat
2014-04-22 23:08 - 2010-11-21 08:50 - 00148134 _____ () C:\Windows\system32\perfc007.dat
2014-04-22 23:08 - 2009-07-14 07:13 - 01612484 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-22 23:07 - 2014-04-22 23:07 - 00001057 _____ () C:\Users\vdDHeSteYa\Desktop\JRT.txt
2014-04-22 23:01 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-22 23:01 - 2009-07-14 06:51 - 00037052 _____ () C:\Windows\setupact.log
2014-04-22 23:00 - 2009-07-14 06:45 - 00016640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-22 23:00 - 2009-07-14 06:45 - 00016640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-22 22:54 - 2014-04-22 22:54 - 00000000 ____D () C:\Windows\ERUNT
2014-04-22 22:53 - 2014-04-22 22:53 - 00006600 _____ () C:\Users\vdDHeSteYa\Documents\AdwCleaner[S0].txt
2014-04-22 22:52 - 2014-04-22 22:52 - 01016261 _____ (Thisisu) C:\Users\vdDHeSteYa\Desktop\JRT.exe
2014-04-22 22:46 - 2010-11-21 05:47 - 00109172 _____ () C:\Windows\PFRO.log
2014-04-22 22:45 - 2014-04-22 22:41 - 00000000 ____D () C:\AdwCleaner
2014-04-22 22:38 - 2014-04-22 22:38 - 01345471 _____ () C:\Users\vdDHeSteYa\Desktop\adwcleaner.exe
2014-04-22 21:35 - 2014-04-22 21:35 - 00232298 _____ () C:\Users\vdDHeSteYa\Documents\Ereignisse.txt
2014-04-22 21:22 - 2014-04-22 21:22 - 02061312 _____ (Farbar) C:\Users\vdDHeSteYa\Desktop\FRST64.exe
2014-04-22 21:16 - 2014-04-16 17:43 - 00003970 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5C497AA6-8DA4-4F51-9231-255D2BE41896}
2014-04-22 21:10 - 2014-04-22 21:10 - 00035013 _____ () C:\Users\vdDHeSteYa\Documents\mwbam.txt
2014-04-22 19:40 - 2014-04-22 19:40 - 00020636 _____ () C:\Users\vdDHeSteYa\Documents\AVSCAN-20140419-175301-7E690C72.LOG
2014-04-22 19:40 - 2014-04-19 18:01 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-22 19:39 - 2014-04-17 07:17 - 00003132 _____ () C:\Windows\System32\Tasks\System Speedup
2014-04-19 18:01 - 2014-04-19 18:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-19 18:01 - 2014-04-19 18:01 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-04-19 18:00 - 2014-04-19 18:00 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\vdDHeSteYa\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-19 17:51 - 2014-04-19 17:51 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Roaming\Avira
2014-04-19 17:50 - 2014-04-19 17:50 - 00002073 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-04-19 17:50 - 2014-04-19 17:50 - 00000000 ____D () C:\ProgramData\Avira
2014-04-19 17:50 - 2014-04-19 17:50 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-04-19 17:48 - 2014-04-19 17:48 - 138607664 _____ () C:\Users\vdDHeSteYa\Downloads\avira_free_antivirus_de_14.0.3.350.exe
2014-04-19 17:33 - 2014-04-19 17:33 - 00003556 _____ () C:\Windows\System32\Tasks\CreateChoiceProcessTask
2014-04-19 17:33 - 2014-04-19 17:33 - 00001757 _____ () C:\Users\Public\Desktop\Browserwahl.lnk
2014-04-19 17:30 - 2013-07-18 14:39 - 01589650 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-04-17 07:17 - 2014-04-17 07:17 - 00001081 _____ () C:\Users\Public\Desktop\System Speedup.lnk
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\Packages
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\Google
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\Comodo
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Gast\AppData\Local\Torch
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Gast
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Administrator
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\ProgramData\SaveClicker
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\ProgramData\a408305a3ffb7129
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Program Files (x86)\SaveClicker
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-17 07:12 - 2014-04-17 07:12 - 00002765 _____ () C:\Users\vdDHeSteYa\Desktop\Continue Avira-AntiVirus.lnk
2014-04-17 00:47 - 2009-07-14 07:38 - 00029696 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2014-04-17 00:47 - 2009-07-14 07:32 - 00032768 _____ () C:\Windows\system32\config\BCD-Template
2014-04-17 00:46 - 2014-04-17 00:46 - 00000000 ___HD () C:\Tools
2014-04-17 00:46 - 2013-07-19 00:07 - 00000000 ___HD () C:\RPKTools
2014-04-16 18:25 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-04-16 17:52 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-16 17:49 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-04-16 17:39 - 2014-04-16 17:39 - 00000000 ____D () C:\Users\vdDHeSteYa\Desktop\Acronis installieren
2014-04-16 17:39 - 2014-04-16 17:39 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Roaming\ESET
2014-04-16 17:39 - 2014-04-16 17:39 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\VirtualStore
2014-04-16 17:39 - 2014-04-16 17:39 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\ESET
2014-04-16 17:39 - 2014-04-16 17:35 - 00001446 _____ () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-16 17:39 - 2014-04-16 17:35 - 00001412 _____ () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-04-16 17:39 - 2014-04-16 17:35 - 00000000 ___RD () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-16 17:39 - 2014-04-16 17:35 - 00000000 ___RD () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Vorlagen
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Startmenü
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Netzwerkumgebung
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Lokale Einstellungen
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Eigene Dateien
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Druckumgebung
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Documents\Eigene Musik
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Documents\Eigene Bilder
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\AppData\Local\Verlauf
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\AppData\Local\Anwendungsdaten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Anwendungsdaten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Programme
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\ProgramData\Favoriten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 __SHD () C:\Recovery
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 ____D () C:\Users\vdDHeSteYa
2014-04-16 17:35 - 2013-07-19 00:07 - 00000000 ____D () C:\Windows\Panther
2014-04-16 17:35 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\restore
2014-04-16 17:35 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-04-16 17:35 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Recovery
2014-04-16 17:35 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Windows NT
2014-04-16 16:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-16 16:07 - 2013-07-18 14:12 - 00005949 _____ () C:\Windows\TSSysprep.log
2014-04-16 16:07 - 2009-07-14 06:46 - 00004822 _____ () C:\Windows\DtcInstall.log
2014-04-16 15:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-04-16 14:59 - 2014-04-16 14:59 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-16 14:58 - 2014-04-16 14:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_cvusbdrv_01009.Wdf
2014-04-16 14:53 - 2014-04-16 14:53 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-04-16 14:53 - 2014-04-16 14:53 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-04-16 14:53 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help
2014-04-03 09:51 - 2014-04-19 18:01 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-19 18:01 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-19 18:01 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-31 09:35 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
Some content of TEMP:
====================
C:\Users\vdDHeSteYa\AppData\Local\Temp\18be6784_.exe
C:\Users\vdDHeSteYa\AppData\Local\Temp\294823_.exe
C:\Users\vdDHeSteYa\AppData\Local\Temp\avgnt.exe
C:\Users\vdDHeSteYa\AppData\Local\Temp\Quarantine.exe
C:\Users\vdDHeSteYa\AppData\Local\Temp\SpOrder.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-18 14:08
==================== End Of Log ============================
--- --- --- |
|
22.04.2014, 22:51
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nachweis über Zeitpunkt des Virenbefalls möglich? Bitte auch ein neues addition.txt Log 
__________________ --> Nachweis über Zeitpunkt des Virenbefalls möglich? |
|
23.04.2014, 05:58
| #7 |
| | Nachweis über Zeitpunkt des Virenbefalls möglich? Guten Morgen! und hier die Addition... Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-04-2014
Ran by vdDHeSteYa at 2014-04-23 06:53:11
Running from C:\Users\vdDHeSteYa\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Disabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 311.03 (Version: 311.03 - NVIDIA Corporation) Hidden
SaveClicker (HKLM-x32\...\{E96338DC-1468-4918-8EC2-8454BFFC5025}) (Version: 4.3.0.1548 - SaveClicker) <==== ATTENTION
SupraSavings (Version: 1.0.0.0 - SupraSavings) Hidden <==== ATTENTION
SupraSavings (x32 Version: 1.0.0.0 - SupraSavings) Hidden <==== ATTENTION
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
==================== Restore Points =========================
16-04-2014 15:35:49 ESET Smart Security wurde installiert
16-04-2014 15:48:34 Windows Update
16-04-2014 15:54:56 Windows Update
19-04-2014 14:42:50 Windows Update
19-04-2014 16:29:33 Windows Update
22-04-2014 21:30:07 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {ADFB217B-DABE-444A-BDDC-0DE36F39C2D8} - System32\Tasks\System Speedup => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe
Task: {C558E00C-72B2-4756-937D-9B9AC5B7393E} - \System Speedup_UPDATES No Task File <==== ATTENTION
Task: {FCADAE58-2A7B-4F25-BBD5-5086085CB106} - \System Speedup_DEFAULT No Task File <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2014-04-16 14:54 - 2013-01-15 06:58 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-04-19 17:50 - 2014-02-25 11:41 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SecureAssist => ""="service"
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/23/2014 06:48:48 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/23/2014 06:45:49 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/23/2014 06:43:21 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: sched.exe, Version: 14.0.3.336, Zeitstempel: 0x52fcd5fd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x735471fc
ID des fehlerhaften Prozesses: 0x424
Startzeit der fehlerhaften Anwendung: 0xsched.exe0
Pfad der fehlerhaften Anwendung: sched.exe1
Pfad des fehlerhaften Moduls: sched.exe2
Berichtskennung: sched.exe3
Error: (04/23/2014 06:40:14 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/22/2014 11:39:59 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error: (04/22/2014 11:39:26 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error: (04/22/2014 11:39:25 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error: (04/22/2014 11:39:24 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error: (04/22/2014 11:37:40 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error: (04/22/2014 11:30:07 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.
System Error:
Falscher Parameter.
.
System errors:
=============
Error: (04/23/2014 06:49:48 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet:
%%16405
Error: (04/23/2014 06:48:14 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Supporter erreicht.
Error: (04/23/2014 06:46:11 AM) (Source: WudfUsbccidDriver) (User: NT-AUTORITÄT)
Description: 2759910920x0
Error: (04/23/2014 06:46:10 AM) (Source: WudfUsbccidDriver) (User: NT-AUTORITÄT)
Description: 898630110x0
Error: (04/23/2014 06:46:11 AM) (Source: SCardSvr) (User: )
Description: Der E/A-Vorgang wurde wegen eines Threadendes oder einer Anwendungsanforderung abgebrochen.Broadcom Corp Contacted SmartCard 0GET_STATEXX XX XX XX
Error: (04/23/2014 06:46:02 AM) (Source: WudfUsbccidDriver) (User: NT-AUTORITÄT)
Description: 26992190x0
Error: (04/23/2014 06:46:01 AM) (Source: WudfUsbccidDriver) (User: NT-AUTORITÄT)
Description: 2334830100x0
Error: (04/23/2014 06:46:02 AM) (Source: SCardSvr) (User: )
Description: Der E/A-Vorgang wurde wegen eines Threadendes oder einer Anwendungsanforderung abgebrochen.Broadcom Corp Contacted SmartCard 0GET_STATEXX XX XX XX
Error: (04/23/2014 06:45:26 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Supporter erreicht.
Error: (04/23/2014 06:43:27 AM) (Source: Service Control Manager) (User: )
Description: Dienst "Avira Planer" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.
Microsoft Office Sessions:
=========================
Error: (04/23/2014 06:48:48 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/23/2014 06:45:49 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/23/2014 06:43:21 AM) (Source: Application Error)(User: )
Description: sched.exe14.0.3.33652fcd5fdunknown0.0.0.000000000c0000005735471fc42401cf5eae8e10a3e9C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exeunknowncbc452ea-caa1-11e3-a2de-0024d67500f8
Error: (04/23/2014 06:40:14 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/22/2014 11:39:59 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (04/22/2014 11:39:26 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (04/22/2014 11:39:25 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (04/22/2014 11:39:24 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (04/22/2014 11:37:40 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (04/22/2014 11:30:07 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.
System Error:
Falscher Parameter.
==================== Memory info ===========================
Percentage of memory in use: 35%
Total physical RAM: 4083.91 MB
Available physical RAM: 2615.8 MB
Total Pagefile: 8166 MB
Available Pagefile: 6798.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:66.53 GB) (Free:39.25 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 75 GB) (Disk ID: 28696454)
Partition 1: (Active) - (Size=8 GB) - (Type=27)
Partition 2: (Not Active) - (Size=67 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
23.04.2014, 09:39
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nachweis über Zeitpunkt des Virenbefalls möglich? Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 be0fb33b; "C:\Windows\system32\rundll32.exe" "c:\progra~2\suppor~1\SupporterSvc.dll",service
Task: {ADFB217B-DABE-444A-BDDC-0DE36F39C2D8} - System32\Tasks\System Speedup => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe
Task: {C558E00C-72B2-4756-937D-9B9AC5B7393E} - \System Speedup_UPDATES No Task File <==== ATTENTION
Task: {FCADAE58-2A7B-4F25-BBD5-5086085CB106} - \System Speedup_DEFAULT No Task File <==== ATTENTION
C:\Program Files (x86)\System Speedup
C:\Users\vdDHeSteYa\AppData\Local\Temp\18be6784_.exe
C:\Users\vdDHeSteYa\AppData\Local\Temp\294823_.exe
C:\Users\vdDHeSteYa\AppData\Local\Temp\SpOrder.dll
C:\ProgramData\SaveClicker
C:\ProgramData\a408305a3ffb7129
C:\Program Files (x86)\SaveClicker
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.04.2014, 11:31
| #9 |
| | Nachweis über Zeitpunkt des Virenbefalls möglich? Fixlog Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-04-2014
Ran by vdDHeSteYa at 2014-04-23 12:29:29 Run:1
Running from C:\Users\vdDHeSteYa\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 be0fb33b; "C:\Windows\system32\rundll32.exe" "c:\progra~2\suppor~1\SupporterSvc.dll",service
Task: {ADFB217B-DABE-444A-BDDC-0DE36F39C2D8} - System32\Tasks\System Speedup => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe
Task: {C558E00C-72B2-4756-937D-9B9AC5B7393E} - \System Speedup_UPDATES No Task File <==== ATTENTION
Task: {FCADAE58-2A7B-4F25-BBD5-5086085CB106} - \System Speedup_DEFAULT No Task File <==== ATTENTION
C:\Program Files (x86)\System Speedup
C:\Users\vdDHeSteYa\AppData\Local\Temp\18be6784_.exe
C:\Users\vdDHeSteYa\AppData\Local\Temp\294823_.exe
C:\Users\vdDHeSteYa\AppData\Local\Temp\SpOrder.dll
C:\ProgramData\SaveClicker
C:\ProgramData\a408305a3ffb7129
C:\Program Files (x86)\SaveClicker
*****************
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
be0fb33b => Service deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{ADFB217B-DABE-444A-BDDC-0DE36F39C2D8} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ADFB217B-DABE-444A-BDDC-0DE36F39C2D8} => Key deleted successfully.
C:\Windows\System32\Tasks\System Speedup => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System Speedup => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C558E00C-72B2-4756-937D-9B9AC5B7393E} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C558E00C-72B2-4756-937D-9B9AC5B7393E} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System Speedup_UPDATES => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FCADAE58-2A7B-4F25-BBD5-5086085CB106} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FCADAE58-2A7B-4F25-BBD5-5086085CB106} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System Speedup_DEFAULT => Key deleted successfully.
"C:\Program Files (x86)\System Speedup" => File/Directory not found.
C:\Users\vdDHeSteYa\AppData\Local\Temp\18be6784_.exe => Moved successfully.
C:\Users\vdDHeSteYa\AppData\Local\Temp\294823_.exe => Moved successfully.
C:\Users\vdDHeSteYa\AppData\Local\Temp\SpOrder.dll => Moved successfully.
C:\ProgramData\SaveClicker => Moved successfully.
C:\ProgramData\a408305a3ffb7129 => Moved successfully.
C:\Program Files (x86)\SaveClicker => Moved successfully.
==== End of Fixlog ====
|
|
23.04.2014, 12:09
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nachweis über Zeitpunkt des Virenbefalls möglich? Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Scan klicken
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.04.2014, 12:30
| #11 |
| | Nachweis über Zeitpunkt des Virenbefalls möglich?FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2014
Ran by vdDHeSteYa (administrator) on VDDHESTEYA-PC on 23-04-2014 13:18:44
Running from C:\Users\vdDHeSteYa\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
==================== Registry (Whitelisted) ==================
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
IFEO\DatamngrCoordinator.exe: [Debugger] tasklist.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7A610843B05ECF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: SaveClicker - {FB3E1634-45A0-E739-D709-A3BF1FB95E12} - C:\Program Files (x86)\SaveClicker\Nr.x64.dll No File
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (SaveClicker) - C:\Users\vdDHeSteYa\AppData\Local\Google\Chrome\User Data\Default\Extensions\iogpddcklcnjhioiaadiajaboepegdal [2014-04-17]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-22] (Malwarebytes Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-23 06:53 - 2014-04-23 06:54 - 00015218 _____ () C:\Users\vdDHeSteYa\Desktop\Addition.txt
2014-04-23 06:53 - 2014-04-23 06:53 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-04-23 06:50 - 2014-04-23 06:50 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Roaming\Adobe
2014-04-23 00:03 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-04-22 23:57 - 2014-04-22 23:57 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-22 23:57 - 2014-04-22 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-22 23:57 - 2014-04-22 23:57 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-22 23:57 - 2014-04-22 23:57 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-22 23:57 - 2014-04-22 23:57 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-04-22 23:57 - 2014-04-22 23:57 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-04-22 23:57 - 2014-04-22 23:57 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-04-22 23:57 - 2014-04-22 23:57 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-04-22 23:57 - 2014-04-22 23:57 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-04-22 23:57 - 2014-04-22 23:57 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-04-22 23:57 - 2014-04-22 23:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-22 23:56 - 2014-04-22 23:56 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-04-22 23:56 - 2014-04-22 23:56 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-04-22 23:56 - 2014-04-22 23:56 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-04-22 23:56 - 2014-04-22 23:56 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-04-22 23:56 - 2014-04-22 23:56 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-04-22 23:56 - 2014-04-22 23:56 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-04-22 23:56 - 2014-04-22 23:56 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-04-22 23:56 - 2014-04-22 23:56 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2014-04-22 23:56 - 2014-04-22 23:56 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2014-04-22 23:55 - 2014-04-22 23:55 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-04-22 23:55 - 2014-04-22 23:55 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-04-22 23:55 - 2014-04-22 23:55 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-04-22 23:49 - 2014-04-23 00:04 - 00017084 _____ () C:\Windows\IE11_main.log
2014-04-22 23:49 - 2014-04-22 23:49 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-04-22 23:49 - 2014-04-22 23:49 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2014-04-22 23:10 - 2014-04-23 13:18 - 00004277 _____ () C:\Users\vdDHeSteYa\Desktop\FRST.txt
2014-04-22 23:07 - 2014-04-22 23:07 - 00001057 _____ () C:\Users\vdDHeSteYa\Desktop\JRT.txt
2014-04-22 22:54 - 2014-04-22 22:54 - 00000000 ____D () C:\Windows\ERUNT
2014-04-22 22:53 - 2014-04-22 22:53 - 00006600 _____ () C:\Users\vdDHeSteYa\Documents\AdwCleaner[S0].txt
2014-04-22 22:52 - 2014-04-22 22:52 - 01016261 _____ (Thisisu) C:\Users\vdDHeSteYa\Desktop\JRT.exe
2014-04-22 22:41 - 2014-04-22 22:45 - 00000000 ____D () C:\AdwCleaner
2014-04-22 22:38 - 2014-04-22 22:38 - 01345471 _____ () C:\Users\vdDHeSteYa\Desktop\adwcleaner.exe
2014-04-22 21:35 - 2014-04-22 21:35 - 00232298 _____ () C:\Users\vdDHeSteYa\Documents\Ereignisse.txt
2014-04-22 21:23 - 2014-04-23 13:18 - 00000000 ____D () C:\FRST
2014-04-22 21:22 - 2014-04-22 21:22 - 02061312 _____ (Farbar) C:\Users\vdDHeSteYa\Desktop\FRST64.exe
2014-04-22 21:10 - 2014-04-22 21:10 - 00035013 _____ () C:\Users\vdDHeSteYa\Documents\mwbam.txt
2014-04-22 19:40 - 2014-04-22 19:40 - 00020636 _____ () C:\Users\vdDHeSteYa\Documents\AVSCAN-20140419-175301-7E690C72.LOG
2014-04-19 18:01 - 2014-04-22 19:40 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-19 18:01 - 2014-04-19 18:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-19 18:01 - 2014-04-19 18:01 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-04-19 18:01 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-19 18:01 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-19 18:01 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-19 18:00 - 2014-04-19 18:00 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\vdDHeSteYa\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-19 17:51 - 2014-04-19 17:51 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Roaming\Avira
2014-04-19 17:50 - 2014-04-19 17:50 - 00002073 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-04-19 17:50 - 2014-04-19 17:50 - 00000000 ____D () C:\ProgramData\Avira
2014-04-19 17:50 - 2014-04-19 17:50 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-04-19 17:50 - 2014-02-25 11:41 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-04-19 17:50 - 2014-02-25 11:41 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-04-19 17:50 - 2014-02-25 11:41 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-04-19 17:48 - 2014-04-19 17:48 - 138607664 _____ () C:\Users\vdDHeSteYa\Downloads\avira_free_antivirus_de_14.0.3.350.exe
2014-04-19 17:33 - 2014-04-19 17:33 - 00003556 _____ () C:\Windows\System32\Tasks\CreateChoiceProcessTask
2014-04-19 17:33 - 2014-04-19 17:33 - 00001757 _____ () C:\Users\Public\Desktop\Browserwahl.lnk
2014-04-19 17:20 - 2012-07-26 06:55 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2014-04-19 17:20 - 2012-07-26 04:36 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2014-04-19 17:20 - 2012-06-02 16:35 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2014-04-19 17:14 - 2010-02-23 10:16 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\browserchoice.exe
2014-04-19 17:11 - 2013-07-04 14:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2014-04-19 17:11 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2014-04-19 17:11 - 2011-06-15 12:02 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\odbctrac.dll
2014-04-19 17:11 - 2011-06-15 12:02 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\odbccp32.dll
2014-04-19 17:11 - 2011-06-15 12:02 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\odbccu32.dll
2014-04-19 17:11 - 2011-06-15 12:02 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\odbccr32.dll
2014-04-19 17:11 - 2011-06-15 10:55 - 00319488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbcjt32.dll
2014-04-19 17:11 - 2011-06-15 10:55 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbctrac.dll
2014-04-19 17:11 - 2011-06-15 10:55 - 00122880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccp32.dll
2014-04-19 17:11 - 2011-06-15 10:55 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccu32.dll
2014-04-19 17:11 - 2011-06-15 10:55 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccr32.dll
2014-04-19 17:10 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-04-19 17:10 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-04-19 17:10 - 2013-02-15 08:08 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-04-19 17:10 - 2013-02-15 08:06 - 03717632 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-04-19 17:10 - 2013-02-15 08:02 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-04-19 17:10 - 2013-02-15 06:37 - 03217408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-04-19 17:10 - 2013-02-15 06:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-04-19 17:10 - 2013-02-15 05:25 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-04-19 17:10 - 2011-04-09 08:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-04-19 17:10 - 2011-04-09 07:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-04-19 17:09 - 2013-02-27 08:02 - 00111448 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-04-19 17:09 - 2013-02-27 07:48 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-04-19 17:09 - 2013-02-27 07:47 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-04-19 17:09 - 2013-02-27 06:49 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-04-19 17:09 - 2011-10-26 07:25 - 01572864 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-04-19 17:09 - 2011-10-26 07:25 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-04-19 17:09 - 2011-10-26 06:32 - 01328128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-04-19 17:09 - 2011-10-26 06:32 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-04-19 17:09 - 2010-12-23 12:42 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
2014-04-19 17:09 - 2010-12-23 12:42 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2014-04-19 17:09 - 2010-12-23 12:36 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax
2014-04-19 17:09 - 2010-12-23 07:54 - 00850944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sbe.dll
2014-04-19 17:09 - 2010-12-23 07:54 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2014-04-19 17:09 - 2010-12-23 07:50 - 00199680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mpg2splt.ax
2014-04-19 17:08 - 2013-10-05 22:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-04-19 17:08 - 2013-10-05 21:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-04-19 17:08 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-04-19 17:08 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2014-04-19 17:08 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-04-19 17:08 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2014-04-19 17:08 - 2013-04-12 16:45 - 01656680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-19 17:08 - 2011-11-17 08:35 - 00395776 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2014-04-19 17:08 - 2011-11-17 07:35 - 00314880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2014-04-19 17:08 - 2011-07-09 04:46 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2014-04-19 17:08 - 2011-04-27 04:40 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-04-19 17:08 - 2011-04-27 04:39 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-04-19 17:07 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-04-19 17:07 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-04-19 17:07 - 2013-11-12 04:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-04-19 17:07 - 2013-11-12 04:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-04-19 17:07 - 2013-10-19 04:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-04-19 17:07 - 2013-10-19 03:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-04-19 17:01 - 2013-12-06 04:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-04-19 17:01 - 2013-12-06 04:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-04-19 17:01 - 2013-12-06 04:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-04-19 17:01 - 2013-12-06 04:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-04-19 17:00 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-04-19 17:00 - 2013-10-04 04:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-04-19 17:00 - 2013-10-04 03:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-04-19 17:00 - 2013-09-28 03:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-04-19 17:00 - 2013-06-06 07:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2014-04-19 17:00 - 2013-06-06 07:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2014-04-19 17:00 - 2013-06-06 07:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2014-04-19 17:00 - 2013-06-06 07:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-04-19 17:00 - 2013-06-06 06:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2014-04-19 17:00 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2014-04-19 17:00 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2014-04-19 17:00 - 2013-06-06 05:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-04-19 17:00 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2014-04-19 17:00 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2014-04-19 17:00 - 2011-03-11 08:34 - 01395712 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2014-04-19 17:00 - 2011-03-11 08:34 - 01359872 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2014-04-19 17:00 - 2011-03-11 07:33 - 01164288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2014-04-19 17:00 - 2011-03-11 07:33 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2014-04-19 16:59 - 2013-11-27 03:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-04-19 16:59 - 2013-11-27 03:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-04-19 16:59 - 2013-11-27 03:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-04-19 16:59 - 2013-11-27 03:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-04-19 16:59 - 2013-11-27 03:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-04-19 16:59 - 2013-11-27 03:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-04-19 16:59 - 2013-09-25 04:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-04-19 16:59 - 2013-09-25 04:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-04-19 16:59 - 2013-09-25 04:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-04-19 16:59 - 2013-09-25 04:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-04-19 16:59 - 2013-09-25 04:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-04-19 16:59 - 2013-09-25 04:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-04-19 16:59 - 2013-09-25 04:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-04-19 16:59 - 2013-09-25 04:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-04-19 16:59 - 2013-09-25 03:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-04-19 16:59 - 2013-09-25 03:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-04-19 16:59 - 2013-09-25 03:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-04-19 16:59 - 2013-09-25 03:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-04-19 16:59 - 2013-09-25 03:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-04-19 16:59 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-04-19 16:59 - 2013-07-04 14:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-04-19 16:58 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2014-04-19 16:58 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2014-04-19 16:58 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-04-19 16:58 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-04-19 16:58 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2014-04-19 16:58 - 2013-07-12 12:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2014-04-19 16:58 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-04-19 16:58 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-04-19 16:58 - 2013-07-03 06:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-04-19 16:58 - 2013-07-03 06:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2014-04-19 16:58 - 2013-06-26 00:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-04-19 16:58 - 2013-02-12 06:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2014-04-19 16:58 - 2012-11-01 07:43 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-04-19 16:58 - 2012-11-01 06:47 - 01389568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-04-19 16:58 - 2012-04-26 07:41 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-04-19 16:58 - 2012-04-26 07:41 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\rdpwsx.dll
2014-04-19 16:58 - 2012-04-26 07:34 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\rdrmemptylst.exe
2014-04-19 16:58 - 2011-03-03 08:24 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2014-04-19 16:58 - 2011-03-03 08:24 - 00183296 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2014-04-19 16:58 - 2011-03-03 08:21 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe
2014-04-19 16:58 - 2011-03-03 07:38 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2014-04-19 16:58 - 2011-03-03 07:36 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnscacheugc.exe
2014-04-19 16:56 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-04-19 16:56 - 2012-11-02 07:59 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2014-04-19 16:56 - 2012-11-02 07:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2014-04-19 16:56 - 2012-07-26 05:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2014-04-19 16:56 - 2012-07-26 05:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2014-04-19 16:56 - 2012-07-26 05:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2014-04-19 16:56 - 2012-07-26 05:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2014-04-19 16:56 - 2012-07-26 05:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2014-04-19 16:56 - 2012-07-26 04:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2014-04-19 16:56 - 2012-07-26 04:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2014-04-19 16:56 - 2012-06-02 16:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2014-04-19 16:56 - 2012-04-28 05:55 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-04-19 16:56 - 2011-08-17 07:26 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
2014-04-19 16:56 - 2011-08-17 07:25 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
2014-04-19 16:56 - 2011-08-17 06:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2014-04-19 16:56 - 2011-08-17 06:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2014-04-19 16:56 - 2011-04-29 05:06 - 00467456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2014-04-19 16:56 - 2011-04-29 05:05 - 00410112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-04-19 16:56 - 2011-04-29 05:05 - 00168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-04-19 16:53 - 2012-08-11 02:56 - 00715776 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-04-19 16:53 - 2012-08-11 01:56 - 00542208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-04-19 16:53 - 2012-03-17 09:58 - 00075120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2014-04-19 16:52 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-04-19 16:52 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-04-19 16:52 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-04-19 16:52 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2014-04-19 16:52 - 2012-09-26 00:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2014-04-19 16:52 - 2012-09-26 00:46 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2014-04-19 16:52 - 2011-02-05 19:10 - 00642944 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-04-19 16:52 - 2011-02-05 19:10 - 00020352 _____ (Microsoft Corporation) C:\Windows\system32\kdusb.dll
2014-04-19 16:52 - 2011-02-05 19:10 - 00019328 _____ (Microsoft Corporation) C:\Windows\system32\kd1394.dll
2014-04-19 16:52 - 2011-02-05 19:10 - 00017792 _____ (Microsoft Corporation) C:\Windows\system32\kdcom.dll
2014-04-19 16:52 - 2011-02-05 19:06 - 00605552 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-04-19 16:52 - 2011-02-05 19:06 - 00566208 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-04-19 16:52 - 2011-02-05 19:06 - 00518672 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-04-19 16:51 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-04-19 16:51 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-04-19 16:51 - 2013-10-03 04:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-04-19 16:51 - 2013-10-03 04:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-04-19 16:51 - 2013-04-26 07:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-04-19 16:51 - 2013-04-26 06:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2014-04-19 16:51 - 2012-11-23 05:13 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2014-04-19 16:50 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-19 16:50 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-19 16:50 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-19 16:50 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-19 16:50 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-19 16:50 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-19 16:50 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-19 16:50 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-19 16:50 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-19 16:50 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-19 16:50 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-19 16:50 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-04-19 16:50 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-04-19 16:50 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-04-19 16:50 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-04-19 16:50 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2014-04-19 16:50 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2014-04-19 16:50 - 2013-07-20 12:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-04-19 16:50 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-04-19 16:50 - 2013-01-03 08:00 - 00288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-04-19 16:50 - 2012-08-22 20:12 - 00376688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-04-19 16:50 - 2012-07-05 00:16 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2014-04-19 16:50 - 2012-07-05 00:13 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2014-04-19 16:50 - 2012-07-05 00:13 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2014-04-19 16:50 - 2012-07-04 23:16 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2014-04-19 16:50 - 2012-07-04 23:14 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2014-04-19 16:50 - 2011-05-24 13:42 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\umpnpmgr.dll
2014-04-19 16:50 - 2011-05-24 12:40 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devobj.dll
2014-04-19 16:50 - 2011-05-24 12:40 - 00044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devrtl.dll
2014-04-19 16:50 - 2011-05-24 12:39 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cfgmgr32.dll
2014-04-19 16:50 - 2011-05-24 12:37 - 00252928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
2014-04-19 16:49 - 2013-05-13 07:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2014-04-19 16:49 - 2013-05-13 05:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2014-04-19 16:49 - 2013-05-13 05:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2014-04-19 16:49 - 2013-05-13 05:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2014-04-19 16:49 - 2011-12-16 10:46 - 00634880 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll
2014-04-19 16:49 - 2011-12-16 09:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2014-04-19 16:49 - 2011-05-03 07:29 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-04-19 16:49 - 2011-05-03 06:30 - 00741376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2014-04-19 16:49 - 2011-02-12 13:34 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOVER.exe
2014-04-19 16:48 - 2013-10-12 04:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-04-19 16:48 - 2013-10-12 04:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-04-19 16:48 - 2013-10-12 04:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2014-04-19 16:48 - 2013-10-12 04:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-04-19 16:48 - 2013-10-12 03:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-04-19 16:48 - 2013-10-12 03:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-04-19 16:48 - 2013-10-12 03:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2014-04-19 16:48 - 2013-10-12 03:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-04-19 16:48 - 2013-08-01 14:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-04-19 16:48 - 2013-04-10 08:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-04-19 16:48 - 2012-05-14 07:26 - 00956928 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-04-19 16:48 - 2011-10-15 08:31 - 00723456 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2014-04-19 16:48 - 2011-10-15 07:38 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2014-04-19 16:48 - 2011-08-27 07:37 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-04-19 16:48 - 2011-08-27 07:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll
2014-04-19 16:48 - 2011-08-27 06:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-04-19 16:48 - 2011-08-27 06:26 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2014-04-19 16:48 - 2011-02-23 06:55 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2014-04-19 16:48 - 2011-02-03 13:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-04-19 16:47 - 2013-10-12 04:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-04-19 16:47 - 2013-10-12 04:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-04-19 16:47 - 2013-10-12 04:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-04-19 16:47 - 2013-10-12 04:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2014-04-19 16:47 - 2013-10-12 04:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2014-04-19 16:47 - 2012-06-06 08:02 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2014-04-19 16:47 - 2012-06-06 07:03 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2014-04-19 16:43 - 2012-03-01 08:46 - 00023408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
2014-04-19 16:43 - 2012-03-01 08:28 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
2014-04-19 16:43 - 2012-03-01 07:29 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2014-04-17 07:17 - 2014-04-17 07:17 - 00001081 _____ () C:\Users\Public\Desktop\System Speedup.lnk
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\Packages
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\Google
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\Comodo
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Gast\AppData\Local\Torch
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Gast
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Administrator
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-17 07:12 - 2014-04-17 07:12 - 00002765 _____ () C:\Users\vdDHeSteYa\Desktop\Continue Avira-AntiVirus.lnk
2014-04-17 07:11 - 2011-11-19 16:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-04-17 07:11 - 2011-11-19 16:01 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-04-17 00:46 - 2014-04-17 00:46 - 00000000 ___HD () C:\Tools
2014-04-16 17:54 - 2012-02-17 08:38 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2014-04-16 17:54 - 2012-02-17 07:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2014-04-16 17:54 - 2012-02-17 06:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2014-04-16 17:49 - 2012-06-03 00:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-04-16 17:49 - 2012-06-03 00:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-04-16 17:49 - 2012-06-03 00:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-04-16 17:49 - 2012-06-03 00:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-04-16 17:48 - 2012-06-03 00:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-04-16 17:48 - 2012-06-03 00:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-04-16 17:48 - 2012-06-03 00:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-04-16 17:48 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-04-16 17:48 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-04-16 17:43 - 2014-04-23 13:05 - 00003970 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5C497AA6-8DA4-4F51-9231-255D2BE41896}
2014-04-16 17:39 - 2014-04-16 17:39 - 00000000 ____D () C:\Users\vdDHeSteYa\Desktop\Acronis installieren
2014-04-16 17:39 - 2014-04-16 17:39 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Roaming\ESET
2014-04-16 17:39 - 2014-04-16 17:39 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\VirtualStore
2014-04-16 17:39 - 2014-04-16 17:39 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\ESET
2014-04-16 17:35 - 2014-04-23 06:50 - 00001416 _____ () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-16 17:35 - 2014-04-23 06:50 - 00000000 ___RD () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-16 17:35 - 2014-04-23 06:50 - 00000000 ___RD () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Vorlagen
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Startmenü
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Netzwerkumgebung
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Lokale Einstellungen
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Eigene Dateien
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Druckumgebung
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Documents\Eigene Musik
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Documents\Eigene Bilder
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\AppData\Local\Verlauf
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\AppData\Local\Anwendungsdaten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Anwendungsdaten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Programme
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\ProgramData\Favoriten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 __SHD () C:\Recovery
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 ____D () C:\Users\vdDHeSteYa
2014-04-16 17:35 - 2013-07-18 15:09 - 00057560 _____ () C:\Users\vdDHeSteYa\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-16 17:35 - 2013-07-18 15:09 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\Windows Live
2014-04-16 17:35 - 2010-11-21 04:50 - 00000020 ___SH () C:\Users\vdDHeSteYa\ntuser.ini
2014-04-16 17:35 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-04-16 17:35 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-04-16 16:30 - 2014-04-23 13:17 - 01725279 _____ () C:\Windows\WindowsUpdate.log
2014-04-16 14:59 - 2014-04-16 14:59 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-16 14:58 - 2014-04-16 14:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_cvusbdrv_01009.Wdf
2014-04-16 14:58 - 2010-07-27 02:25 - 00043048 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\cvusbdrv.sys
2014-04-16 14:58 - 2010-07-07 00:45 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2014-04-16 14:54 - 2013-01-15 06:58 - 06382880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-04-16 14:54 - 2013-01-15 06:58 - 03460896 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-04-16 14:54 - 2013-01-15 06:58 - 02558240 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-04-16 14:54 - 2013-01-15 06:58 - 00997664 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2014-04-16 14:54 - 2013-01-15 06:58 - 00884512 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-04-16 14:54 - 2013-01-15 06:58 - 00118560 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-04-16 14:54 - 2013-01-15 06:58 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-04-16 14:54 - 2013-01-15 06:58 - 00055584 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2014-04-16 14:53 - 2014-04-16 14:53 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-04-16 14:53 - 2014-04-16 14:53 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-04-16 14:53 - 2013-01-19 07:55 - 26931488 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-04-16 14:53 - 2013-01-19 07:55 - 20450080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-04-16 14:53 - 2013-01-19 07:55 - 15052728 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-04-16 14:53 - 2013-01-19 07:55 - 12641480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-04-16 14:53 - 2013-01-19 07:55 - 11012384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-04-16 14:53 - 2013-01-19 07:55 - 07564040 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-04-16 14:53 - 2013-01-19 07:55 - 06262608 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-04-16 14:53 - 2013-01-19 07:55 - 00061216 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-04-16 14:53 - 2013-01-19 07:55 - 00053024 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-04-16 14:53 - 2013-01-19 07:55 - 00017266 _____ () C:\Windows\system32\nvinfo.pb
2014-04-16 14:52 - 2013-01-19 07:55 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 18054672 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 15129448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 09390760 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 07932256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 02904352 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 02826040 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 02720544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 02505144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 02344736 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 01985824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 01814304 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco64.dll
2014-04-16 14:52 - 2013-01-19 07:55 - 01510176 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco64.dll
2014-04-16 14:52 - 2012-01-24 00:44 - 08616960 _____ (Intel Corporation) C:\Windows\system32\Drivers\NETwNs64.sys
2014-04-16 14:52 - 2010-05-19 07:32 - 02750464 _____ (Intel Corporation) C:\Windows\system32\NETwNr64.dll
2014-04-16 14:52 - 2010-05-19 07:30 - 00799232 _____ (Intel Corporation) C:\Windows\system32\NETwNc64.dll
2014-04-16 14:50 - 2013-07-18 15:09 - 00057560 _____ () C:\Users\Default\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-16 14:50 - 2013-07-18 15:09 - 00057560 _____ () C:\Users\Default User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-16 14:50 - 2013-07-18 15:09 - 00000000 ____D () C:\Users\Default\AppData\Local\Windows Live
2014-04-16 14:50 - 2013-07-18 15:09 - 00000000 ____D () C:\Users\Default User\AppData\Local\Windows Live
==================== One Month Modified Files and Folders =======
2014-04-23 13:18 - 2014-04-22 23:10 - 00004277 _____ () C:\Users\vdDHeSteYa\Desktop\FRST.txt
2014-04-23 13:18 - 2014-04-22 21:23 - 00000000 ____D () C:\FRST
2014-04-23 13:17 - 2014-04-16 16:30 - 01725279 _____ () C:\Windows\WindowsUpdate.log
2014-04-23 13:17 - 2009-07-14 06:45 - 00016640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-23 13:17 - 2009-07-14 06:45 - 00016640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-23 13:05 - 2014-04-16 17:43 - 00003970 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5C497AA6-8DA4-4F51-9231-255D2BE41896}
2014-04-23 12:19 - 2010-11-21 08:50 - 00696870 _____ () C:\Windows\system32\perfh007.dat
2014-04-23 12:19 - 2010-11-21 08:50 - 00148134 _____ () C:\Windows\system32\perfc007.dat
2014-04-23 12:19 - 2009-07-14 07:13 - 01612484 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-23 12:14 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-23 12:14 - 2009-07-14 06:51 - 00037276 _____ () C:\Windows\setupact.log
2014-04-23 06:54 - 2014-04-23 06:53 - 00015218 _____ () C:\Users\vdDHeSteYa\Desktop\Addition.txt
2014-04-23 06:53 - 2014-04-23 06:53 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-04-23 06:50 - 2014-04-23 06:50 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Roaming\Adobe
2014-04-23 06:50 - 2014-04-16 17:35 - 00001416 _____ () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-23 06:50 - 2014-04-16 17:35 - 00000000 ___RD () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-23 06:50 - 2014-04-16 17:35 - 00000000 ___RD () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-23 06:44 - 2009-07-14 06:45 - 00274464 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-23 06:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-23 06:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-04-23 06:40 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-04-23 06:40 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-04-23 06:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
2014-04-23 06:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2014-04-23 06:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-04-23 06:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-04-23 06:39 - 2010-11-21 09:00 - 00000000 ____D () C:\Program Files\Windows Journal
2014-04-23 00:04 - 2014-04-22 23:49 - 00017084 _____ () C:\Windows\IE11_main.log
2014-04-22 23:57 - 2014-04-22 23:57 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-22 23:57 - 2014-04-22 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-22 23:57 - 2014-04-22 23:57 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-22 23:57 - 2014-04-22 23:57 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-22 23:57 - 2014-04-22 23:57 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-04-22 23:57 - 2014-04-22 23:57 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-04-22 23:57 - 2014-04-22 23:57 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-04-22 23:57 - 2014-04-22 23:57 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-04-22 23:57 - 2014-04-22 23:57 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-04-22 23:57 - 2014-04-22 23:57 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-04-22 23:57 - 2014-04-22 23:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-04-22 23:57 - 2014-04-22 23:57 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-04-22 23:57 - 2014-04-22 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-22 23:56 - 2014-04-22 23:56 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-04-22 23:56 - 2014-04-22 23:56 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-04-22 23:56 - 2014-04-22 23:56 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-04-22 23:56 - 2014-04-22 23:56 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-04-22 23:56 - 2014-04-22 23:56 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-04-22 23:56 - 2014-04-22 23:56 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-04-22 23:56 - 2014-04-22 23:56 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-04-22 23:56 - 2014-04-22 23:56 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2014-04-22 23:56 - 2014-04-22 23:56 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2014-04-22 23:55 - 2014-04-22 23:55 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-04-22 23:55 - 2014-04-22 23:55 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-04-22 23:55 - 2014-04-22 23:55 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-04-22 23:51 - 2014-04-22 23:51 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-04-22 23:49 - 2014-04-22 23:49 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-04-22 23:49 - 2014-04-22 23:49 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2014-04-22 23:07 - 2014-04-22 23:07 - 00001057 _____ () C:\Users\vdDHeSteYa\Desktop\JRT.txt
2014-04-22 22:54 - 2014-04-22 22:54 - 00000000 ____D () C:\Windows\ERUNT
2014-04-22 22:53 - 2014-04-22 22:53 - 00006600 _____ () C:\Users\vdDHeSteYa\Documents\AdwCleaner[S0].txt
2014-04-22 22:52 - 2014-04-22 22:52 - 01016261 _____ (Thisisu) C:\Users\vdDHeSteYa\Desktop\JRT.exe
2014-04-22 22:46 - 2010-11-21 05:47 - 00109172 _____ () C:\Windows\PFRO.log
2014-04-22 22:45 - 2014-04-22 22:41 - 00000000 ____D () C:\AdwCleaner
2014-04-22 22:38 - 2014-04-22 22:38 - 01345471 _____ () C:\Users\vdDHeSteYa\Desktop\adwcleaner.exe
2014-04-22 21:35 - 2014-04-22 21:35 - 00232298 _____ () C:\Users\vdDHeSteYa\Documents\Ereignisse.txt
2014-04-22 21:22 - 2014-04-22 21:22 - 02061312 _____ (Farbar) C:\Users\vdDHeSteYa\Desktop\FRST64.exe
2014-04-22 21:10 - 2014-04-22 21:10 - 00035013 _____ () C:\Users\vdDHeSteYa\Documents\mwbam.txt
2014-04-22 19:40 - 2014-04-22 19:40 - 00020636 _____ () C:\Users\vdDHeSteYa\Documents\AVSCAN-20140419-175301-7E690C72.LOG
2014-04-22 19:40 - 2014-04-19 18:01 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-19 18:01 - 2014-04-19 18:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-19 18:01 - 2014-04-19 18:01 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-04-19 18:00 - 2014-04-19 18:00 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\vdDHeSteYa\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-19 17:51 - 2014-04-19 17:51 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Roaming\Avira
2014-04-19 17:50 - 2014-04-19 17:50 - 00002073 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-04-19 17:50 - 2014-04-19 17:50 - 00000000 ____D () C:\ProgramData\Avira
2014-04-19 17:50 - 2014-04-19 17:50 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-04-19 17:48 - 2014-04-19 17:48 - 138607664 _____ () C:\Users\vdDHeSteYa\Downloads\avira_free_antivirus_de_14.0.3.350.exe
2014-04-19 17:33 - 2014-04-19 17:33 - 00003556 _____ () C:\Windows\System32\Tasks\CreateChoiceProcessTask
2014-04-19 17:33 - 2014-04-19 17:33 - 00001757 _____ () C:\Users\Public\Desktop\Browserwahl.lnk
2014-04-19 17:30 - 2013-07-18 14:39 - 01589650 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-04-17 07:17 - 2014-04-17 07:17 - 00001081 _____ () C:\Users\Public\Desktop\System Speedup.lnk
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\Packages
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\Google
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\Comodo
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Gast\AppData\Local\Torch
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Gast
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Users\Administrator
2014-04-17 07:16 - 2014-04-17 07:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-17 07:12 - 2014-04-17 07:12 - 00002765 _____ () C:\Users\vdDHeSteYa\Desktop\Continue Avira-AntiVirus.lnk
2014-04-17 00:47 - 2009-07-14 07:38 - 00029696 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2014-04-17 00:47 - 2009-07-14 07:32 - 00032768 _____ () C:\Windows\system32\config\BCD-Template
2014-04-17 00:46 - 2014-04-17 00:46 - 00000000 ___HD () C:\Tools
2014-04-17 00:46 - 2013-07-19 00:07 - 00000000 ___HD () C:\RPKTools
2014-04-16 18:25 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-04-16 17:52 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-16 17:49 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-04-16 17:39 - 2014-04-16 17:39 - 00000000 ____D () C:\Users\vdDHeSteYa\Desktop\Acronis installieren
2014-04-16 17:39 - 2014-04-16 17:39 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Roaming\ESET
2014-04-16 17:39 - 2014-04-16 17:39 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\VirtualStore
2014-04-16 17:39 - 2014-04-16 17:39 - 00000000 ____D () C:\Users\vdDHeSteYa\AppData\Local\ESET
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Vorlagen
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Startmenü
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Netzwerkumgebung
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Lokale Einstellungen
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Eigene Dateien
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Druckumgebung
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Documents\Eigene Musik
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Documents\Eigene Bilder
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\AppData\Local\Verlauf
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\AppData\Local\Anwendungsdaten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\vdDHeSteYa\Anwendungsdaten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Programme
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\ProgramData\Favoriten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 __SHD () C:\Recovery
2014-04-16 17:35 - 2014-04-16 17:35 - 00000000 ____D () C:\Users\vdDHeSteYa
2014-04-16 17:35 - 2013-07-19 00:07 - 00000000 ____D () C:\Windows\Panther
2014-04-16 17:35 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\restore
2014-04-16 17:35 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-04-16 17:35 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Recovery
2014-04-16 17:35 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Windows NT
2014-04-16 16:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-16 16:07 - 2013-07-18 14:12 - 00005949 _____ () C:\Windows\TSSysprep.log
2014-04-16 16:07 - 2009-07-14 06:46 - 00004822 _____ () C:\Windows\DtcInstall.log
2014-04-16 15:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-04-16 14:59 - 2014-04-16 14:59 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-16 14:58 - 2014-04-16 14:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_cvusbdrv_01009.Wdf
2014-04-16 14:53 - 2014-04-16 14:53 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-04-16 14:53 - 2014-04-16 14:53 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-04-16 14:53 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help
2014-04-03 09:51 - 2014-04-19 18:01 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-19 18:01 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-19 18:01 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-31 09:35 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
Some content of TEMP:
====================
C:\Users\vdDHeSteYa\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-18 14:08
==================== End Of Log ============================
|
|
23.04.2014, 12:31
| #12 |
| | Nachweis über Zeitpunkt des Virenbefalls möglich? und hier noch die Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-04-2014
Ran by vdDHeSteYa at 2014-04-23 13:19:28
Running from C:\Users\vdDHeSteYa\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 311.03 (Version: 311.03 - NVIDIA Corporation) Hidden
SaveClicker (HKLM-x32\...\{E96338DC-1468-4918-8EC2-8454BFFC5025}) (Version: 4.3.0.1548 - SaveClicker) <==== ATTENTION
SupraSavings (Version: 1.0.0.0 - SupraSavings) Hidden <==== ATTENTION
SupraSavings (x32 Version: 1.0.0.0 - SupraSavings) Hidden <==== ATTENTION
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
==================== Restore Points =========================
16-04-2014 15:35:49 ESET Smart Security wurde installiert
16-04-2014 15:48:34 Windows Update
16-04-2014 15:54:56 Windows Update
19-04-2014 14:42:50 Windows Update
19-04-2014 16:29:33 Windows Update
22-04-2014 21:30:07 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
==================== Loaded Modules (whitelisted) =============
2014-04-16 14:54 - 2013-01-15 06:58 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-04-19 17:50 - 2014-02-25 11:41 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SecureAssist => ""="service"
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
Name: SDA-Standard konformer SD-Hostcontroller
Description: SDA-Standard konformer SD-Hostcontroller
Class Guid: {a0a588a4-c46f-4b37-b7ea-c82fe89870c6}
Manufacturer: SDA-Standard konformer SD-Hostcontrollerhersteller
Service: sdbus
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
==================== Event log errors: =========================
Application errors:
==================
Error: (04/23/2014 00:16:00 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/23/2014 06:48:48 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/23/2014 06:45:49 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/23/2014 06:43:21 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: sched.exe, Version: 14.0.3.336, Zeitstempel: 0x52fcd5fd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x735471fc
ID des fehlerhaften Prozesses: 0x424
Startzeit der fehlerhaften Anwendung: 0xsched.exe0
Pfad der fehlerhaften Anwendung: sched.exe1
Pfad des fehlerhaften Moduls: sched.exe2
Berichtskennung: sched.exe3
Error: (04/23/2014 06:40:14 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/22/2014 11:39:59 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error: (04/22/2014 11:39:26 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error: (04/22/2014 11:39:25 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error: (04/22/2014 11:39:24 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error: (04/22/2014 11:37:40 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
System errors:
=============
Error: (04/23/2014 00:30:03 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (04/23/2014 00:15:07 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Supporter erreicht.
Error: (04/23/2014 06:49:48 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet:
%%16405
Error: (04/23/2014 06:48:14 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Supporter erreicht.
Error: (04/23/2014 06:46:11 AM) (Source: WudfUsbccidDriver) (User: NT-AUTORITÄT)
Description: 2759910920x0
Error: (04/23/2014 06:46:10 AM) (Source: WudfUsbccidDriver) (User: NT-AUTORITÄT)
Description: 898630110x0
Error: (04/23/2014 06:46:11 AM) (Source: SCardSvr) (User: )
Description: Der E/A-Vorgang wurde wegen eines Threadendes oder einer Anwendungsanforderung abgebrochen.Broadcom Corp Contacted SmartCard 0GET_STATEXX XX XX XX
Error: (04/23/2014 06:46:02 AM) (Source: WudfUsbccidDriver) (User: NT-AUTORITÄT)
Description: 26992190x0
Error: (04/23/2014 06:46:01 AM) (Source: WudfUsbccidDriver) (User: NT-AUTORITÄT)
Description: 2334830100x0
Error: (04/23/2014 06:46:02 AM) (Source: SCardSvr) (User: )
Description: Der E/A-Vorgang wurde wegen eines Threadendes oder einer Anwendungsanforderung abgebrochen.Broadcom Corp Contacted SmartCard 0GET_STATEXX XX XX XX
Microsoft Office Sessions:
=========================
Error: (04/23/2014 00:16:00 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/23/2014 06:48:48 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/23/2014 06:45:49 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/23/2014 06:43:21 AM) (Source: Application Error)(User: )
Description: sched.exe14.0.3.33652fcd5fdunknown0.0.0.000000000c0000005735471fc42401cf5eae8e10a3e9C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exeunknowncbc452ea-caa1-11e3-a2de-0024d67500f8
Error: (04/23/2014 06:40:14 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/22/2014 11:39:59 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (04/22/2014 11:39:26 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (04/22/2014 11:39:25 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (04/22/2014 11:39:24 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (04/22/2014 11:37:40 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
==================== Memory info ===========================
Percentage of memory in use: 23%
Total physical RAM: 4083.91 MB
Available physical RAM: 3104.75 MB
Total Pagefile: 8166 MB
Available Pagefile: 7025.9 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:66.53 GB) (Free:38.57 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 75 GB) (Disk ID: 28696454)
Partition 1: (Active) - (Size=8 GB) - (Type=27)
Partition 2: (Not Active) - (Size=67 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
23.04.2014, 12:40
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nachweis über Zeitpunkt des Virenbefalls möglich? Okay, dann bitte Kontrollscans mit MBAM und ESET bitte: Downloade Dir bitte  Malwarebytes Anti-Malware
ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.04.2014, 13:43
| #14 |
| | Nachweis über Zeitpunkt des Virenbefalls möglich? Leider immernoch Funde... MBAM Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 23.04.2014 Suchlauf-Zeit: 14:02:31 Logdatei: mbam.txt Administrator: Ja Version: 2.00.1.1004 Malware Datenbank: v2014.04.23.05 Rootkit Datenbank: v2014.03.27.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Chameleon: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: vdDHeSteYa Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 255256 Verstrichene Zeit: 13 Min, 44 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Shuriken: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 12 PUP.Optional.AdPeak.A, HKLM\SOFTWARE\CLASSES\APPID\{76A60138-58B3-4e27-85FB-8FEF344A8998}, In Quarantäne, [6799946c8e7212ee0d448097d72b36ca], PUP.Optional.AdPeak.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{76A60138-58B3-4E27-85FB-8FEF344A8998}, In Quarantäne, [6799946c8e7212ee0d448097d72b36ca], PUP.Optional.SupraSavings.A, HKU\S-1-5-21-1237337929-4086693922-885925713-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Supra Savings, Löschen bei Neustart, [738d837d34cc09f7a8851b57f60c837d], PUP.Optional.SaveClicker.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{FB3E1634-45A0-E739-D709-A3BF1FB95E12}, In Quarantäne, [27d92bd580801de3f50a73bccc384eb2], PUP.Optional.SaveClicker.A, HKLM\SOFTWARE\CLASSES\CLSID\{FB3E1634-45A0-E739-D709-A3BF1FB95E12}, In Quarantäne, [27d92bd580801de3f50a73bccc384eb2], PUP.Optional.SaveClicker.A, HKLM\SOFTWARE\CLASSES\SaveClicker.SaveClicker, In Quarantäne, [27d92bd580801de3f50a73bccc384eb2], PUP.Optional.SaveClicker.A, HKLM\SOFTWARE\CLASSES\SaveClicker.SaveClicker.2.1, In Quarantäne, [27d92bd580801de3f50a73bccc384eb2], PUP.Optional.SaveClicker.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveClicker.SaveClicker, In Quarantäne, [27d92bd580801de3f50a73bccc384eb2], PUP.Optional.SaveClicker.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveClicker.SaveClicker.2.1, In Quarantäne, [27d92bd580801de3f50a73bccc384eb2], PUP.Optional.SaveClicker.A, HKU\S-1-5-21-1237337929-4086693922-885925713-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FB3E1634-45A0-E739-D709-A3BF1FB95E12}, Löschen bei Neustart, [27d92bd580801de3f50a73bccc384eb2], PUP.Optional.SaveClicker.A, HKU\S-1-5-21-1237337929-4086693922-885925713-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FB3E1634-45A0-E739-D709-A3BF1FB95E12}, Löschen bei Neustart, [27d92bd580801de3f50a73bccc384eb2], PUP.Optional.SaveClicker.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{FB3E1634-45A0-E739-D709-A3BF1FB95E12}, In Quarantäne, [27d92bd580801de3f50a73bccc384eb2], Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 8 PUP.Optional.AdPeak.A, C:\temp\InstallFilter64.msi, In Quarantäne, [af510ef233cd34cce48f320b3bc5e917], PUP.Optional.SupraSavings.A, C:\temp\t.msi, In Quarantäne, [6d93da2654ac22de1de22cf361a3d12f], PUP.Optional.GenericExt.A, C:\Users\vdDHeSteYa\AppData\Local\Temp\igdhbblpcellaljokkpfhcjlagemhgjl17faa\minibarchrome.exe, In Quarantäne, [3fc1e719be42c53bef46033a0ff1ec14], PUP.Optional.Iminent.A, C:\Users\vdDHeSteYa\AppData\Local\Temp\n7577\Iminent_1712-b2fcad5e.exe, In Quarantäne, [c43cb7495aa6817f72f5f54a629f09f7], PUP.Optional.Rapiddown, C:\Users\vdDHeSteYa\AppData\Local\Temp\n7577\s7577.exe, In Quarantäne, [e61abd43c937bc444d8d302c20e16e92], Trojan.Downloader, C:\Users\vdDHeSteYa\AppData\Local\Temp\n7577\saveclicker_1404-9acb73b8.exe, In Quarantäne, [7a86cc34887841bfc3f090ddc23fa25e], PUP.Optional.SupraSavings.A, C:\Windows\Installer\14034e.msi, In Quarantäne, [2bd56e9299678f716b94f12e14f05fa1], PUP.Optional.AdPeak.A, C:\Windows\Installer\158433.msi, In Quarantäne, [11ef3dc33dc330d06112b48908f8b44c], Physische Sektoren: 0 (No malicious items detected) (end) ESET Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=b857063646e6ad4eb4f700442f9628fe
# engine=17994
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-23 12:39:05
# local_time=2014-04-23 02:39:05 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 6365 4939081 0 0
# compatibility_mode=5893 16776574 100 94 28719 149886595 0 0
# scanned=117638
# found=5
# cleaned=0
# scan_time=1728
sh=297AB44B22D59DC00DA6E7138A6F57CAAA379D74 ft=1 fh=a263ea30718c1c6d vn="a variant of Win64/Adware.Adpeak.C application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\003\xmkysecqun64.exe.vir"
sh=74135421B91DD36AC4D1955592D11427CA5A0917 ft=1 fh=c71c001181831fcd vn="a variant of Win32/AdWare.MultiPlug.T application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\SaveClicker\Nr.dll"
sh=20222DC1C4154036A726D081E885FBF83463480E ft=1 fh=c71c00118bb9fbcf vn="a variant of Win64/Adware.MultiPlug.B application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\SaveClicker\Nr.x64.dll"
sh=F046FA1061CD97D07A33C8006C9C9D00B71693D0 ft=1 fh=c71c00110bb25d14 vn="a variant of Win32/AdWare.MultiPlug.T application" ac=I fn="C:\FRST\Quarantine\C\ProgramData\SaveClicker\5dG.exe"
sh=915EA4C1EECE963C0085706435439ACB93928119 ft=1 fh=b445b622a737489e vn="a variant of Win32/AdWare.MultiPlug.R application" ac=I fn="C:\FRST\Quarantine\C\Users\vdDHeSteYa\AppData\Local\Temp\294823_.exe.xBAD"
|
|
23.04.2014, 14:29
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nachweis über Zeitpunkt des Virenbefalls möglich? Nur Reste und ein paar isolierte Elemente. TFC - Temp File Cleaner Lade dir  TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
Sieht soweit ok aus  Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ist aber nur optional. Um Usertracking zu verhindern kann man gut die Firefox-Erweiterung Ghostery verwenden. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
Linear-Darstellung
