Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Bildschirmhintergrund plötzlich schwarz, FRST mit Trojan.generic (https://www.trojaner-board.de/160294-bildschirmhintergrund-ploetzlich-schwarz-frst-trojan-generic.html)

11880 01.11.2014 12:28
Bildschirmhintergrund plötzlich schwarz, FRST mit Trojan.generic
 
Hallo Com.,

Gestern war plötzlich mein Bildschirmhintergrund schwarz und eine Verknüpfung von FRST war auf meinem Desktop. (ohne das ich es dahin gepackt habe).
Ok, habe dann draufgeklickt und es forderte Admin-Rechte. Habe ich bestätigt. Dann meldet Emisoft: Trojan.generic.11964273.
Jetzt befürchte ich, das mein Rechner irgendwie befallen ist und wäre dankbar wenn sich das jemand von euch mal anschauen könnte.
Ich poste mal die Loggs:

FRST
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-10-2014 01
Ran by G (administrator) on G-PC on 01-11-2014 11:22:19
Running from C:\Users\G\Desktop
Loaded Profile: G (Available profiles: G)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Perfect Privacy) C:\Program Files\Perfect Privacy VPN Manager\VPNManagerService.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Users\G\Desktop\Defogger.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [4873248 2014-10-14] (Emsisoft GmbH)
HKLM\...\Run: [KeePass 2 PreLoad] => C:\Program Files\KeePass Password Safe 2\KeePass.exe [2117632 2014-07-06] (Dominik Reichl)
HKU\S-1-5-21-3439212047-603411062-2574308960-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [632328 2014-10-14] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-3439212047-603411062-2574308960-1000\...\Run: [TrueCrypt] => C:\Program Files\TrueCrypt\TrueCrypt.exe [1516496 2014-10-02] (TrueCrypt Foundation)
HKU\S-1-5-21-3439212047-603411062-2574308960-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4826904 2014-10-29] (Piriform Ltd)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-10-01] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB0CCEDD26ADDCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{09E200AA-54E1-4893-8763-640C99D54278}: [NameServer] *
Tcpip\..\Interfaces\{70233F1C-3C57-4CE4-8F78-35B7E3C7A915}: [NameServer] *
Tcpip\..\Interfaces\{870F6CB7-D562-4FB8-95DF-B54DC4E930FF}: [NameServer] *
Tcpip\..\Interfaces\{A6C561AF-D32D-4EBA-9D6C-BEEBF9E53584}: [NameServer] *
Tcpip\..\Interfaces\{B19BC2B4-D3CB-423E-A351-B23F71536C08}: [NameServer] *
Tcpip\..\Interfaces\{CDDC2212-406D-4E93-94D3-AC48E4B4930D}: [NameServer] *

FireFox:
========
FF ProfilePath: C:\Users\G\AppData\Roaming\Mozilla\Firefox\Profiles\xh8dnwap.default
FF DefaultSearchEngine: Startpage HTTPS - Deutsch
FF SelectedSearchEngine: Startpage HTTPS - Deutsch
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\G\AppData\Roaming\Mozilla\Firefox\Profiles\xh8dnwap.default\searchplugins\startpage-https---deutsch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Ghostery - C:\Users\G\AppData\Roaming\Mozilla\Firefox\Profiles\xh8dnwap.default\Extensions\firefox@ghostery.com.xpi [2014-10-01]
FF Extension: NoScript - C:\Users\G\AppData\Roaming\Mozilla\Firefox\Profiles\xh8dnwap.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-10-01]
FF Extension: BetterPrivacy - C:\Users\G\AppData\Roaming\Mozilla\Firefox\Profiles\xh8dnwap.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-10-01]

Chrome:
=======
CHR DefaultSearchKeyword: Default -> startpage.com
CHR DefaultSearchURL: Default -> https://startpage.com/do/search?query={searchTerms}&cat=web&pl=chrome&language=deutsch
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\G\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\G\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-02]
CHR Extension: (Google Docs) - C:\Users\G\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-02]
CHR Extension: (Google Drive) - C:\Users\G\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\G\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-03]
CHR Extension: (YouTube) - C:\Users\G\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-02]
CHR Extension: (Google-Suche) - C:\Users\G\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-02]
CHR Extension: (Google Tabellen) - C:\Users\G\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-02]
CHR Extension: (ScriptBlock) - C:\Users\G\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcdjknjpbnhdoabbngpmfekaecnpajba [2014-10-02]
CHR Extension: (Ghostery) - C:\Users\G\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-10-02]
CHR Extension: (Google Wallet) - C:\Users\G\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-02]
CHR Extension: (Google Mail) - C:\Users\G\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-02]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4816568 2014-10-14] (Emsisoft GmbH)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64624 2014-06-12] (CyberGhost S.R.L)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [32568 2014-08-07] (The OpenVPN Project)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [134664 2014-10-14] (Sandboxie Holdings, LLC)
S3 VMAuthdService; C:\Program Files\VMware\VMware Player\vmware-authd.exe [86744 2014-06-12] (VMware, Inc.)
S3 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [359128 2014-06-12] (VMware, Inc.)
S4 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [722624 2014-02-27] (VMware, Inc.)
S3 VMware NAT Service; C:\Windows\system32\vmnat.exe [437976 2014-06-12] (VMware, Inc.)
R2 VPNManager; C:\Program Files\Perfect Privacy VPN Manager\VPNManagerService.exe [17408 2014-08-16] (Perfect Privacy) [File not signed]
S4 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [58200 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [18552 2014-05-12] (Emsisoft GmbH)
R3 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50200 2013-12-04] (Emsisoft GmbH)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)
R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [43840 2014-02-27] (VMware, Inc.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 OZSCR; C:\Windows\System32\DRIVERS\ozscr.sys [92550 2005-04-21] (O2Micro)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [161288 2014-10-14] (Sandboxie Holdings, LLC)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2013-10-17] (TeamViewer GmbH)
R3 vmkbd; C:\Windows\system32\drivers\VMkbd.sys [26456 2014-06-12] (VMware, Inc.)
R3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [17104 2014-06-12] (VMware, Inc.)
R2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [37456 2014-06-12] (VMware, Inc.)
R2 VMnetuserif; C:\Windows\system32\drivers\vmnetuserif.sys [26968 2014-06-12] (VMware, Inc.)
R2 VMparport; C:\Windows\system32\Drivers\VMparport.sys [24920 2014-06-12] (VMware, Inc.)
S3 vmusb; C:\Windows\System32\DRIVERS\vmusb.sys [32320 2014-02-27] (VMware, Inc.)
R2 vmx86; C:\Windows\system32\Drivers\vmx86.sys [66136 2014-06-12] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [63824 2013-10-08] (VMware, Inc.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-01 11:21 - 2014-11-01 11:21 - 00000464 _____ () C:\Users\G\Desktop\defogger_disable.log
2014-11-01 11:21 - 2014-11-01 11:21 - 00000000 _____ () C:\Users\G\defogger_reenable
2014-11-01 11:20 - 2014-11-01 11:20 - 00380416 _____ () C:\Users\G\Desktop\Gmer-19357.exe
2014-11-01 11:17 - 2014-11-01 11:17 - 01105408 _____ (Farbar) C:\Users\G\Desktop\FRST.exe
2014-11-01 11:17 - 2014-11-01 11:17 - 00050477 _____ () C:\Users\G\Desktop\Defogger.exe
2014-11-01 11:13 - 2014-11-01 11:13 - 00058016 _____ () C:\Users\G\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-01 11:12 - 2014-11-01 11:12 - 00267856 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-01 11:12 - 2014-11-01 11:12 - 00000742 _____ () C:\Windows\PFRO.log
2014-11-01 11:12 - 2014-11-01 11:12 - 00000056 _____ () C:\Windows\setupact.log
2014-11-01 11:12 - 2014-11-01 11:12 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-31 17:21 - 2014-10-31 17:21 - 04977216 _____ (Piriform Ltd) C:\Users\G\Downloads\ccsetup419(4).exe
2014-10-31 16:26 - 2014-10-31 16:26 - 00000034 _____ () C:\Users\G\Documents\*
2014-10-31 15:57 - 2014-10-31 15:57 - 00000025 _____ () C:\Users\G\Documents*
2014-10-30 16:03 - 2014-10-30 17:05 - 00000852 _____ () C:\Users\G\Documents\*
2014-10-30 13:54 - 2014-10-30 13:54 - 04974864 _____ (Piriform Ltd) C:\Users\G\Downloads\ccsetup419(3).exe
2014-10-28 13:23 - 2014-10-28 13:24 - 04974864 _____ (Piriform Ltd) C:\Users\G\Downloads\ccsetup419(2).exe
2014-10-27 11:26 - 2014-10-27 11:26 - 00000057 _____ () C:\Users\G\Documents\Secure VPN.txt
2014-10-27 11:00 - 2014-10-27 11:00 - 00000000 ____D () C:\config_*
2014-10-27 10:59 - 2014-10-27 10:59 - 00258006 _____ () C:\config_*.zip
2014-10-25 17:14 - 2014-10-25 17:14 - 00000099 _____ () C:\Users\G\Documents\u.txt
2014-10-25 14:55 - 2014-10-27 11:49 - 00000216 _____ () C:\Users\G\Documents\*.txt
2014-10-24 14:32 - 2014-10-24 14:32 - 00000339 _____ () C:\Users\G\Documents\*s.txt
2014-10-24 11:04 - 2014-10-24 11:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2014-10-20 15:52 - 2014-10-20 15:52 - 00025160 _____ () C:\Users\G\Documents\*.txt
2014-10-20 13:43 - 2014-10-20 13:43 - 00001061 _____ () C:\Users\Public\Desktop\OpenVPN GUI.lnk
2014-10-20 13:43 - 2014-10-20 13:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2014-10-20 13:43 - 2014-10-20 13:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2014-10-20 13:43 - 2014-10-20 13:43 - 00000000 ____D () C:\Program Files\TAP-Windows
2014-10-20 13:42 - 2014-10-20 13:42 - 01674688 _____ () C:\Users\G\Downloads\openvpn-install-2.3.4-I003-i686.exe
2014-10-19 11:00 - 2014-10-19 11:00 - 00000030 _____ () C:\Users\G\Documents\*
2014-10-18 11:24 - 2014-10-18 11:24 - 00000034 _____ () C:\Users\G\Documents\*
2014-10-18 10:51 - 2014-10-18 10:51 - 00000000 ____D () C:\Users\G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\pidgin-otr
2014-10-18 10:51 - 2014-10-18 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pidgin-otr
2014-10-18 10:51 - 2014-10-18 10:51 - 00000000 ____D () C:\Program Files\pidgin-otr
2014-10-17 15:37 - 2014-10-17 15:37 - 00001898 _____ () C:\Users\G\Documents\*
2014-10-17 14:37 - 2014-10-17 14:37 - 00000586 _____ () C:\Users\G\ *
2014-10-17 13:59 - 2014-10-17 14:02 - 00000000 ____D () C:\Users\G\AppData\Local\CyberGhost
2014-10-17 13:59 - 2014-10-17 13:59 - 00001881 _____ () C:\Users\G\Desktop\CyberGhost 5.lnk
2014-10-17 13:59 - 2014-10-17 13:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5
2014-10-17 13:59 - 2014-10-17 13:59 - 00000000 ____D () C:\Program Files\CyberGhost 5
2014-10-16 14:43 - 2014-10-16 14:44 - 03830776 _____ (Initex ) C:\Users\G\Downloads\*
2014-10-16 14:36 - 2014-10-16 14:36 - 00000079 _____ () C:\Users\G\Documents\ICQ.txt
2014-10-16 13:56 - 2014-10-27 13:31 - 00000000 ____D () C:\Users\G\AppData\Roaming\.purple
2014-10-16 13:50 - 2014-10-16 13:50 - 00000949 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pidgin.lnk
2014-10-16 13:50 - 2014-10-16 13:50 - 00000000 ____D () C:\Program Files\Pidgin
2014-10-16 13:47 - 2014-10-16 13:49 - 32079928 _____ () C:\Users\G\Downloads\pidgin-2.10.9-offline.exe
2014-10-16 13:47 - 2014-10-16 13:47 - 01623752 _____ () C:\Users\G\Downloads\pidgin-otr-4.0.0-1.exe
2014-10-16 11:51 - 2014-10-10 02:44 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-16 11:51 - 2014-10-10 02:44 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-16 11:51 - 2014-10-10 02:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-16 11:50 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 11:50 - 2014-09-29 01:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 11:50 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 11:50 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 11:50 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 11:50 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 11:50 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 11:50 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 11:50 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 11:50 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 11:50 - 2014-09-19 02:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 11:50 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 11:50 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 11:50 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-16 11:50 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 11:50 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 11:50 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 11:50 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 11:50 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 11:50 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 11:50 - 2014-09-19 01:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-16 11:50 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 11:50 - 2014-09-19 01:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 11:50 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 11:50 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 11:50 - 2014-09-19 01:20 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 11:50 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 11:50 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-16 11:50 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 11:50 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 11:50 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 11:50 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 11:48 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 11:48 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 11:48 - 2014-08-19 03:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-16 11:48 - 2014-08-19 03:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-16 11:48 - 2014-08-19 03:41 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-16 11:48 - 2014-08-19 03:40 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-16 11:48 - 2014-08-19 03:40 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-16 11:48 - 2014-08-19 02:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-16 11:48 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 11:48 - 2014-07-17 02:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 11:48 - 2014-07-17 02:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-16 11:48 - 2014-07-17 02:39 - 00919552 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-16 11:48 - 2014-07-17 02:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 11:48 - 2014-07-17 02:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 11:48 - 2014-07-17 02:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-16 11:48 - 2014-07-17 02:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 11:48 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 11:48 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 11:48 - 2014-07-17 02:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 11:48 - 2014-07-17 02:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 11:48 - 2014-07-09 02:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-16 11:48 - 2014-07-09 02:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-16 11:48 - 2014-07-09 02:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-16 11:48 - 2014-07-09 02:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-16 11:48 - 2014-07-09 02:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-16 11:48 - 2014-07-08 23:30 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-16 11:48 - 2014-07-07 02:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-16 11:48 - 2014-07-07 02:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-16 11:48 - 2014-07-07 02:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-16 11:48 - 2014-07-07 02:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-16 11:48 - 2014-07-07 02:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-16 11:48 - 2014-07-07 02:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-16 11:48 - 2014-07-07 02:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-16 11:48 - 2014-07-07 02:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-16 11:48 - 2014-07-07 02:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-16 11:48 - 2014-07-07 02:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-16 11:48 - 2014-07-07 02:40 - 00473600 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-16 11:48 - 2014-07-07 02:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-16 11:48 - 2014-07-07 02:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-16 11:48 - 2014-07-07 02:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-16 11:48 - 2014-07-07 02:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-16 11:48 - 2014-07-07 02:40 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-16 11:48 - 2014-07-07 02:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-16 11:48 - 2014-07-07 02:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-16 11:48 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-16 11:48 - 2014-07-07 02:40 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-16 11:48 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-16 11:48 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-16 11:48 - 2014-07-07 02:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-16 11:48 - 2014-07-07 02:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-16 11:48 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-16 11:48 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-16 11:48 - 2014-07-07 02:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-16 11:48 - 2014-07-07 02:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-10-16 11:48 - 2014-07-07 02:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-16 11:48 - 2014-07-07 02:39 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-16 11:48 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-16 11:48 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-16 11:48 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-16 11:48 - 2014-07-07 02:28 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-16 11:48 - 2014-06-28 01:21 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-16 11:48 - 2014-06-28 01:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-16 11:48 - 2014-06-28 01:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-16 11:48 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 11:48 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 11:48 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 17:48 - 2014-10-15 17:48 - 00000639 _____ () C:\Users\G\Documents\OKT_14.tx
2014-10-14 14:27 - 2014-10-14 14:27 - 09625578 _____ () C:\Users\G\Downloads\CLIP0006.AVI
2014-10-14 12:54 - 2014-10-14 12:54 - 08646824 _____ (CyberGhost S.R.L. ) C:\Users\G\Downloads\CG_5.0.13.17.exe
2014-10-09 15:33 - 2014-10-09 15:33 - 00000000 ____D () C:\Users\G\Desktop\Tor Browser
2014-10-09 15:30 - 2014-10-09 15:32 - 27584890 _____ () C:\Users\G\Downloads\torbrowser-install-3.6.6_de.exe
2014-10-09 15:27 - 2014-10-09 15:27 - 00000000 __SHD () C:\Users\G\AppData\Local\EmieUserList
2014-10-09 15:27 - 2014-10-09 15:27 - 00000000 __SHD () C:\Users\G\AppData\Local\EmieSiteList
2014-10-07 14:22 - 2014-10-20 16:48 - 00000512 _____ () C:\Users\G\Documents\*.txt
2014-10-07 14:10 - 2014-10-07 14:10 - 00000000 ____D () C:\Users\G\Documents\Apowersoft Free Screen Recorder
2014-10-07 13:45 - 2014-10-07 13:45 - 00000000 ____D () C:\Users\G\AppData\Roaming\TechSmith
2014-10-07 13:44 - 2014-10-07 13:44 - 00000000 ____D () C:\Users\G\Documents\Camtasia Studio
2014-10-07 13:42 - 2014-10-07 13:42 - 00001126 _____ () C:\Users\Public\Desktop\Camtasia Studio 8.lnk
2014-10-07 13:42 - 2014-10-07 13:42 - 00000000 ____D () C:\ProgramData\regid.1995-08.com.techsmith
2014-10-07 13:42 - 2014-10-07 13:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2014-10-07 13:42 - 2014-10-07 13:42 - 00000000 ____D () C:\Program Files\QuickTime
2014-10-07 13:42 - 2014-10-07 13:42 - 00000000 ____D () C:\Program Files\Common Files\TechSmith Shared
2014-10-07 13:41 - 2014-10-07 13:43 - 00000000 ____D () C:\ProgramData\TechSmith
2014-10-07 13:41 - 2014-10-07 13:41 - 00000000 ____D () C:\Program Files\TechSmith
2014-10-07 13:40 - 2014-10-07 13:40 - 09318872 _____ (Bandisoft) C:\Users\G\Downloads\bdcamsetup.exe
2014-10-07 13:39 - 2014-10-07 13:39 - 20058760 _____ (DVDVideoSoft Ltd. ) C:\Users\G\Downloads\FreeScreenVideoRecorder2.5.37.922.exe
2014-10-07 13:38 - 2014-10-07 13:38 - 06129000 _____ (APOWERSOFT LIMITED ) C:\Users\G\Downloads\free-screen-recorder-chipde-1.4.0.exe
2014-10-07 09:35 - 2014-10-07 09:32 - 257069928 _____ () C:\Users\G\Documents\camtasiade843.exe
2014-10-06 19:27 - 2014-10-27 12:11 - 00000117 _____ () C:\Users\G\Documents\Email.txt
2014-10-06 18:28 - 2014-10-06 18:28 - 00000020 _____ () C:\Users\G\Documents\*
2014-10-06 15:50 - 2014-10-11 15:05 - 00000000 ____D () C:\Users\G\Documents\Virtual Machines
2014-10-06 15:46 - 2014-11-01 11:20 - 00000000 ____D () C:\Users\G\AppData\Local\VMware
2014-10-06 15:46 - 2014-11-01 11:14 - 00000000 ____D () C:\Users\G\AppData\Roaming\VMware
2014-10-06 15:45 - 2014-06-12 17:22 - 00026456 _____ (VMware, Inc.) C:\Windows\system32\Drivers\VMkbd.sys
2014-10-06 15:45 - 2013-10-08 17:20 - 00063824 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys
2014-10-06 15:45 - 2013-10-08 17:20 - 00063568 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll
2014-10-06 15:44 - 2014-06-12 17:23 - 00359128 _____ (VMware, Inc.) C:\Windows\system32\vmnetdhcp.exe
2014-10-06 15:44 - 2014-06-12 17:22 - 00437976 _____ (VMware, Inc.) C:\Windows\system32\vmnat.exe
2014-10-06 15:44 - 2014-06-12 17:22 - 00026968 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys
2014-10-06 15:43 - 2014-10-06 15:43 - 00002078 _____ () C:\Users\Public\Desktop\VMware Player.lnk
2014-10-06 15:43 - 2014-10-06 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2014-10-06 15:43 - 2014-06-12 17:22 - 00776920 _____ (VMware, Inc.) C:\Windows\system32\vnetlib.dll
2014-10-06 15:43 - 2014-02-27 17:40 - 00043840 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys
2014-10-06 15:43 - 2014-02-27 17:40 - 00032320 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmusb.sys
2014-10-06 15:42 - 2014-10-20 16:37 - 00000000 ____D () C:\ProgramData\VMware
2014-10-06 15:42 - 2014-10-06 15:43 - 00000000 ____D () C:\Program Files\Common Files\VMware
2014-10-06 15:42 - 2014-10-06 15:42 - 00000000 ____D () C:\Program Files\VMware
2014-10-06 15:39 - 2014-10-06 15:39 - 15797030 _____ () C:\Users\G\Downloads\Oracle_VM_VirtualBox_Extension_Pack-4.3.16-95972 (1).gz
2014-10-06 15:38 - 2014-10-06 15:38 - 15797030 _____ () C:\Users\G\Downloads\Oracle_VM_VirtualBox_Extension_Pack-4.3.16-95972.gz
2014-10-06 15:27 - 2014-10-06 15:28 - 98900000 _____ (VMware, Inc.) C:\Users\G\Downloads\VMware-player-6.0.3-1895310.exe
2014-10-05 14:48 - 2014-10-05 14:48 - 00000104 _____ () C:\Users\G\Documents\downloads VM Labchecker anleitungen etc Mega.txt
2014-10-05 13:44 - 2013-10-17 16:32 - 00025088 _____ (TeamViewer GmbH) C:\Windows\system32\Drivers\teamviewervpn.sys
2014-10-05 13:38 - 2014-10-05 13:38 - 00001132 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-10-05 13:38 - 2014-10-05 13:38 - 00001120 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-10-05 13:38 - 2014-10-05 13:38 - 00000000 ____D () C:\Program Files\TeamViewer
2014-10-05 13:37 - 2014-10-05 13:37 - 06626832 _____ (TeamViewer GmbH) C:\Users\G\Downloads\TeamViewer_Setup_de.exe
2014-10-04 16:07 - 2014-10-13 14:58 - 00000182 _____ () C:\Users\G\Documents\*
2014-10-04 13:40 - 2014-10-24 14:51 - 00000600 _____ () C:\Users\G\AppData\Local\PUTTY.RND
2014-10-04 13:26 - 2014-10-04 13:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PP Tunnel Manager
2014-10-04 13:26 - 2014-10-04 13:26 - 00000000 ____D () C:\Program Files\PP Tunnel Manager
2014-10-04 13:26 - 1997-06-06 14:52 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\SPORDER.DLL
2014-10-04 13:25 - 2014-10-04 13:25 - 00671815 _____ (Perfect Privacy ) C:\Users\G\Downloads\PP_TunnelManager_Setup.exe
2014-10-04 13:20 - 2014-10-06 14:59 - 00000000 ____D () C:\Users\G\VirtualBox VMs
2014-10-04 13:17 - 2014-09-29 13:44 - 00011150 _____ () C:\Users\G\Documents\15.5..kdbx
2014-10-04 13:16 - 2014-10-30 17:05 - 00000000 ____D () C:\Users\G\AppData\Roaming\KeePass
2014-10-04 13:15 - 2014-10-04 13:15 - 00040876 _____ () C:\Users\G\Downloads\KeePass-2.27-German.zip
2014-10-04 13:14 - 2014-10-04 13:16 - 00000000 ____D () C:\Program Files\KeePass Password Safe 2
2014-10-04 13:14 - 2014-10-04 13:14 - 00001075 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2014-10-04 13:12 - 2014-10-06 15:36 - 00000000 ____D () C:\Users\G\.VirtualBox
2014-10-04 13:10 - 2014-10-04 13:10 - 00001076 _____ () C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2014-10-04 13:10 - 2014-10-04 13:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2014-10-04 13:10 - 2014-10-04 13:10 - 00000000 ____D () C:\Program Files\Oracle
2014-10-04 13:10 - 2014-09-09 17:34 - 00741488 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2014-10-04 13:10 - 2014-09-09 17:32 - 00105472 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2014-10-03 14:32 - 2014-10-03 14:32 - 00000035 _____ () C:\Users\G\Documents\*
2014-10-03 14:16 - 2014-10-05 13:29 - 00000000 ____D () C:\Users\G\Desktop\Neuer Ordner
2014-10-03 12:38 - 2014-10-20 15:49 - 00000555 _____ () C:\Users\G\Documents\*
2014-10-03 12:28 - 2014-10-31 17:21 - 00000965 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-03 12:28 - 2014-10-31 17:21 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-03 12:28 - 2014-10-03 12:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-10-03 12:25 - 2014-10-03 12:26 - 04965896 _____ (Piriform Ltd) C:\Users\G\Downloads\ccsetup418.exe
2014-10-03 12:10 - 2014-10-03 12:11 - 00000000 ____D () C:\Users\G\AppData\Local\Perfect_Privacy
2014-10-03 12:08 - 2014-10-20 13:30 - 00000000 ____D () C:\Program Files\Perfect Privacy VPN Manager
2014-10-03 12:08 - 2014-10-03 12:08 - 00001108 _____ () C:\Users\Public\Desktop\VPN Manager.lnk
2014-10-03 12:08 - 2014-10-03 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect Privacy VPN
2014-10-03 12:07 - 2014-10-03 12:08 - 04125958 _____ () C:\Users\G\Downloads\Perfect-Privacy-VPN_Setup.exe
2014-10-03 11:50 - 2011-03-11 06:39 - 00143744 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys
2014-10-03 11:50 - 2011-03-11 06:39 - 00117120 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys
2014-10-03 11:50 - 2011-03-11 06:38 - 00332160 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys
2014-10-03 11:50 - 2011-03-11 06:38 - 00080256 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys
2014-10-03 11:50 - 2011-03-11 06:38 - 00022400 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys
2014-10-03 11:50 - 2011-03-11 06:33 - 01699328 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2014-10-03 11:50 - 2011-03-11 06:31 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe
2014-10-03 11:50 - 2011-03-11 05:01 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-10-02 16:40 - 2014-10-02 16:40 - 01835008 _____ () C:\Users\G\Documents\TrueCrypt Rescue Disk.iso
2014-10-02 16:40 - 2014-10-02 16:40 - 00000000 ____D () C:\ProgramData\TrueCrypt
2014-10-02 16:36 - 2014-10-02 16:36 - 00001208 _____ () C:\Users\Public\Desktop\Virtual CloneDrive.lnk
2014-10-02 16:35 - 2014-10-02 16:35 - 01640984 _____ () C:\Users\G\Downloads\SetupVirtualCloneDrive547.exe
2014-10-02 16:35 - 2014-10-02 16:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
2014-10-02 16:35 - 2014-10-02 16:35 - 00000000 ____D () C:\Program Files\Elaborate Bytes
2014-10-02 16:33 - 2014-10-03 03:53 - 00000000 ____D () C:\Users\G\AppData\Roaming\TrueCrypt
2014-10-02 16:32 - 2014-10-02 16:32 - 00231760 _____ (TrueCrypt Foundation) C:\Windows\system32\Drivers\truecrypt.sys
2014-10-02 16:32 - 2014-10-02 16:32 - 00001028 _____ () C:\Users\Public\Desktop\TrueCrypt.lnk
2014-10-02 16:32 - 2014-10-02 16:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt
2014-10-02 16:31 - 2014-10-02 16:33 - 00000000 ____D () C:\Program Files\TrueCrypt
2014-10-02 16:25 - 2014-10-02 16:25 - 15526671 _____ () C:\Users\G\Downloads\Oracle_VM_VirtualBox_Extension_Pack-4.3.16-95972.vbox-extpack.zip
2014-10-02 16:24 - 2014-10-02 16:30 - 1034944512 _____ () C:\Users\G\Desktop\ubuntu-14.04.1-desktop-i386.iso
2014-10-02 16:00 - 2014-10-30 14:13 - 00002121 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-02 16:00 - 2014-10-02 16:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-02 15:59 - 2014-11-01 11:13 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-02 15:59 - 2014-10-31 17:12 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-02 15:59 - 2014-10-02 16:00 - 00000000 ____D () C:\Users\G\AppData\Local\Google
2014-10-02 15:59 - 2014-10-02 16:00 - 00000000 ____D () C:\Program Files\Google
2014-10-02 15:30 - 2014-06-27 02:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-10-02 15:19 - 2014-06-24 03:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-10-02 15:19 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-10-02 15:19 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-10-02 15:19 - 2012-02-11 06:37 - 00317440 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2014-10-02 15:18 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-10-02 15:18 - 2011-02-25 06:30 - 02616320 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2014-10-02 15:15 - 2013-04-10 00:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-10-02 15:10 - 2014-10-02 15:10 - 00000000 ____D () C:\Users\G\AppData\Roaming\Adobe
2014-10-02 14:13 - 2014-10-02 14:13 - 00000000 ___RD () C:\Sandbox
2014-10-02 14:03 - 2014-10-02 14:03 - 02554924 _____ (Dominik Reichl ) C:\Users\G\Downloads\KeePass-2.27-Setup.exe
2014-10-02 12:32 - 2014-10-02 12:32 - 03830776 _____ (Initex ) C:\Users\G\Downloads\ProxifierSetup.exe
2014-10-02 11:59 - 2012-07-26 04:21 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2014-10-02 11:59 - 2012-07-26 04:20 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2014-10-02 11:59 - 2012-07-26 04:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2014-10-02 11:59 - 2012-07-26 04:20 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2014-10-02 11:59 - 2012-07-26 04:20 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2014-10-02 11:59 - 2012-07-26 03:33 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2014-10-02 11:59 - 2012-07-26 03:32 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2014-10-02 11:59 - 2012-06-02 15:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2014-10-02 11:57 - 2014-06-30 23:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-10-02 11:57 - 2014-06-06 07:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-10-02 11:57 - 2014-03-09 22:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-10-02 11:57 - 2014-03-09 22:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-10-02 11:56 - 2012-03-01 06:46 - 00019824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
2014-10-02 11:56 - 2012-03-01 06:29 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
2014-10-02 11:27 - 2014-10-02 11:27 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-10-02 11:27 - 2014-10-02 11:27 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-10-02 11:27 - 2014-10-02 11:27 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-02 11:27 - 2014-10-02 11:27 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-10-02 11:27 - 2014-10-02 11:27 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-02 11:27 - 2014-10-02 11:27 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-10-02 11:27 - 2014-10-02 11:27 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-10-02 11:27 - 2014-10-02 11:27 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-10-02 11:27 - 2014-10-02 11:27 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-10-02 11:27 - 2014-10-02 11:27 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-10-02 11:27 - 2014-10-02 11:27 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-10-02 11:27 - 2014-10-02 11:27 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-10-02 11:27 - 2014-10-02 11:27 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-10-02 11:27 - 2014-10-02 11:27 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-10-02 11:27 - 2014-10-02 11:27 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-10-02 11:27 - 2014-10-02 11:27 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-10-02 11:27 - 2014-10-02 11:27 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-10-02 11:27 - 2014-10-02 11:27 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-10-02 11:27 - 2014-10-02 11:27 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-10-02 11:27 - 2014-10-02 11:27 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-10-02 11:27 - 2014-10-02 11:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-10-02 11:27 - 2014-10-02 11:27 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-02 11:27 - 2014-10-02 11:27 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-10-02 11:27 - 2014-10-02 11:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-10-02 11:27 - 2014-10-02 11:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-02 11:27 - 2014-10-02 11:27 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-02 11:26 - 2014-10-02 11:26 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-10-02 11:26 - 2014-10-02 11:26 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-10-02 11:26 - 2014-10-02 11:26 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-10-02 11:26 - 2014-10-02 11:26 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-10-02 11:26 - 2014-10-02 11:26 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-10-02 11:26 - 2014-10-02 11:26 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-10-02 11:25 - 2014-10-02 11:25 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2014-10-02 11:23 - 2014-10-02 11:23 - 01158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2014-10-02 11:23 - 2014-10-02 11:23 - 01080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2014-10-02 11:23 - 2014-10-02 11:23 - 00906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-10-02 11:23 - 2014-10-02 11:23 - 00604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-10-02 11:23 - 2014-10-02 11:23 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-10-02 11:23 - 2014-10-02 11:23 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-10-02 11:23 - 2014-10-02 11:23 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-10-02 11:23 - 2014-10-02 11:23 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2014-10-02 11:23 - 2014-10-02 11:23 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2014-10-02 11:23 - 2014-10-02 11:23 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2014-10-02 11:23 - 2014-10-02 11:23 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-10-02 11:23 - 2014-10-02 11:23 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-10-02 11:23 - 2014-10-02 11:23 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-10-02 11:23 - 2014-10-02 11:23 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-10-02 11:23 - 2014-10-02 11:23 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-10-02 11:23 - 2014-10-02 11:23 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-10-02 11:23 - 2014-10-02 11:23 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-10-02 11:23 - 2014-10-02 11:23 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-10-02 11:23 - 2014-10-02 11:23 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-10-02 11:23 - 2014-10-02 11:23 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-10-02 11:22 - 2014-10-02 11:22 - 01505280 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-10-02 11:14 - 2014-10-02 11:14 - 41402448 _____ (Google Inc.) C:\Users\G\Downloads\ChromeStandaloneSetup.exe
2014-10-02 11:09 - 2014-10-02 11:09 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-10-02 11:07 - 2014-10-02 11:07 - 00217972 _____ () C:\Users\G\Downloads\ppConfig_win.zip
2014-10-02 11:06 - 2014-10-20 13:43 - 00000000 ____D () C:\Program Files\OpenVPN
2014-10-02 11:05 - 2014-10-02 11:05 - 01660328 _____ () C:\Users\G\Downloads\openvpn-install-2.3.4-I603-i686.exe
2014-10-02 11:01 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2014-10-02 11:01 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2014-10-02 11:01 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2014-10-02 11:01 - 2013-07-03 04:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-10-02 11:01 - 2013-07-03 04:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2014-10-02 11:01 - 2012-08-22 18:16 - 00712048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2014-10-02 11:01 - 2012-07-04 20:45 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
2014-10-02 11:00 - 2014-07-14 02:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-10-02 11:00 - 2014-06-16 02:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-10-02 11:00 - 2014-06-16 02:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-10-02 11:00 - 2014-06-16 02:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-10-02 11:00 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-10-02 11:00 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-10-02 11:00 - 2013-02-12 04:32 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2014-10-02 11:00 - 2013-01-24 05:47 - 00196328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2014-10-02 11:00 - 2012-11-02 06:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2014-10-02 11:00 - 2011-06-16 05:33 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll
2014-10-02 11:00 - 2011-04-29 03:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2014-10-02 11:00 - 2011-04-29 03:46 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-10-02 11:00 - 2011-04-29 03:46 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-10-02 11:00 - 2011-03-03 06:38 - 00270336 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2014-10-02 11:00 - 2011-03-03 06:38 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2014-10-02 11:00 - 2011-03-03 06:36 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe
2014-10-02 11:00 - 2011-02-18 06:39 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\prevhost.exe
2014-10-02 10:59 - 2014-08-23 02:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-10-02 10:59 - 2014-07-07 02:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-10-02 10:59 - 2014-07-07 02:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-10-02 10:59 - 2014-03-26 15:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-10-02 10:59 - 2014-03-26 15:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-10-02 10:59 - 2014-03-26 15:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-10-02 10:59 - 2014-03-26 15:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-10-02 10:59 - 2014-03-04 10:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-10-02 10:59 - 2014-03-04 10:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-10-02 10:59 - 2014-03-04 10:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-10-02 10:59 - 2014-03-04 10:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-10-02 10:59 - 2014-03-04 10:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-10-02 10:59 - 2014-03-04 10:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-10-02 10:59 - 2014-03-04 10:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-10-02 10:59 - 2014-03-04 10:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-10-02 10:59 - 2014-01-28 03:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-10-02 10:59 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-10-02 10:59 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-10-02 10:59 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-10-02 10:59 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-10-02 10:59 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-10-02 10:59 - 2013-05-10 04:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2014-10-02 10:59 - 2013-03-19 04:33 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2014-10-02 10:59 - 2013-02-15 04:25 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-10-02 10:59 - 2012-08-21 21:12 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
2014-10-02 10:59 - 2011-12-30 06:27 - 00478720 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2014-10-02 10:59 - 2011-08-27 05:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-10-02 10:59 - 2011-08-27 05:26 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll
2014-10-02 10:59 - 2011-08-17 05:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
2014-10-02 10:59 - 2011-08-17 05:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
2014-10-02 10:59 - 2011-07-09 03:30 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2014-10-02 10:59 - 2011-05-24 11:44 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\umpnpmgr.dll
2014-10-02 10:59 - 2011-04-27 03:17 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-10-02 10:59 - 2011-04-27 03:17 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-10-02 10:58 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-02 10:58 - 2014-06-18 02:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-10-02 10:58 - 2014-02-04 03:07 - 00234432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-10-02 10:58 - 2014-02-04 03:07 - 00149440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-10-02 10:58 - 2014-02-04 03:07 - 00027072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-10-02 10:58 - 2014-02-04 03:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-10-02 10:58 - 2013-08-28 01:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2014-10-02 10:58 - 2013-06-06 05:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2014-10-02 10:58 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2014-10-02 10:58 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2014-10-02 10:58 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-10-02 10:58 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-10-02 10:58 - 2013-05-13 04:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2014-10-02 10:58 - 2013-05-13 04:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2014-10-02 10:58 - 2013-04-26 05:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-10-02 10:58 - 2012-10-03 17:42 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2014-10-02 10:58 - 2012-10-03 17:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2014-10-02 10:58 - 2012-10-03 17:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2014-10-02 10:58 - 2012-10-03 17:42 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2014-10-02 10:58 - 2012-10-03 17:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2014-10-02 10:58 - 2012-10-03 17:40 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-10-02 10:58 - 2012-10-03 16:21 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2014-10-02 10:58 - 2012-07-04 22:16 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2014-10-02 10:58 - 2012-07-04 22:14 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2014-10-02 10:58 - 2012-07-04 22:14 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2014-10-02 10:58 - 2012-06-06 06:03 - 00805376 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2014-10-02 10:58 - 2012-05-05 08:46 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-02 10:58 - 2011-10-15 06:38 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2014-10-02 10:58 - 2011-05-04 05:34 - 01549312 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2014-10-02 10:58 - 2011-05-04 05:32 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2014-10-02 10:58 - 2011-05-04 05:32 - 00666624 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2014-10-02 10:58 - 2011-05-04 05:32 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2014-10-02 10:58 - 2011-05-04 05:32 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2014-10-02 10:58 - 2011-05-04 05:32 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2014-10-02 10:58 - 2011-05-04 05:28 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2014-10-02 10:58 - 2011-05-04 05:28 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2014-10-02 10:58 - 2011-05-04 05:28 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2014-10-02 10:58 - 2011-05-03 05:30 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-10-02 10:58 - 2011-02-12 06:35 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOVER.exe
2014-10-02 10:57 - 2014-08-01 12:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-10-02 10:57 - 2014-06-06 10:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-10-02 10:57 - 2014-06-03 10:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-10-02 10:57 - 2014-06-03 10:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-10-02 10:57 - 2014-06-03 10:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-10-02 10:57 - 2014-05-30 08:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-10-02 10:57 - 2014-05-30 08:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-10-02 10:57 - 2014-05-30 08:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-10-02 10:57 - 2014-05-30 08:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-10-02 10:57 - 2014-05-30 07:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-10-02 10:57 - 2014-04-05 03:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-10-02 10:57 - 2014-04-05 03:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-10-02 10:57 - 2014-01-24 03:18 - 01212352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-10-02 10:57 - 2013-11-26 12:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-10-02 10:57 - 2013-10-04 02:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-10-02 10:57 - 2013-10-04 02:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-10-02 10:57 - 2013-07-25 09:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-10-02 10:57 - 2012-12-07 13:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2014-10-02 10:57 - 2012-12-07 13:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2014-10-02 10:57 - 2012-12-07 11:46 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2014-10-02 10:57 - 2012-12-07 11:46 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2014-10-02 10:57 - 2012-12-07 11:46 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2014-10-02 10:57 - 2012-12-07 11:46 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2014-10-02 10:57 - 2012-12-07 11:46 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2014-10-02 10:57 - 2012-12-07 11:46 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2014-10-02 10:57 - 2012-12-07 11:46 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2014-10-02 10:57 - 2012-12-07 11:46 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2014-10-02 10:57 - 2012-12-07 11:46 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2014-10-02 10:57 - 2012-12-07 11:46 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2014-10-02 10:57 - 2012-12-07 11:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2014-10-02 10:57 - 2012-12-07 11:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2014-10-02 10:57 - 2012-12-07 11:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2014-10-02 10:57 - 2012-12-07 11:46 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2014-10-02 10:57 - 2010-12-23 06:54 - 00850944 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
2014-10-02 10:57 - 2010-12-23 06:54 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2014-10-02 10:57 - 2010-12-23 06:50 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax
2014-10-02 10:56 - 2013-08-05 02:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2014-10-02 10:56 - 2013-07-26 02:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-10-02 10:56 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-10-02 10:56 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-10-02 10:56 - 2013-07-04 10:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2014-10-02 10:56 - 2012-09-25 23:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2014-10-02 10:56 - 2012-05-01 05:44 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2014-10-02 10:56 - 2012-04-26 05:45 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\rdpwsx.dll
2014-10-02 10:56 - 2012-04-26 05:41 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\rdrmemptylst.exe
2014-10-02 10:56 - 2012-03-17 08:27 - 00056176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2014-10-02 10:56 - 2011-12-16 08:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll
2014-10-02 10:56 - 2011-11-17 06:35 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2014-10-02 10:56 - 2011-06-15 09:55 - 00319488 _____ (Microsoft Corporation) C:\Windows\system32\odbcjt32.dll
2014-10-02 10:56 - 2011-06-15 09:55 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\odbctrac.dll
2014-10-02 10:56 - 2011-06-15 09:55 - 00122880 _____ (Microsoft Corporation) C:\Windows\system32\odbccp32.dll
2014-10-02 10:56 - 2011-06-15 09:55 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\odbccu32.dll
2014-10-02 10:56 - 2011-06-15 09:55 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\odbccr32.dll
2014-10-02 10:55 - 2014-09-09 22:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-10-02 10:55 - 2014-06-25 02:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-10-02 10:55 - 2014-04-25 03:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-10-02 10:55 - 2014-03-04 10:17 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-10-02 10:55 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-10-02 10:55 - 2013-11-27 02:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-10-02 10:55 - 2013-11-27 02:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-10-02 10:55 - 2013-11-27 02:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-10-02 10:55 - 2013-11-27 02:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-10-02 10:55 - 2013-11-27 02:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-10-02 10:55 - 2013-11-27 02:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-10-02 10:55 - 2013-11-27 02:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-10-02 10:55 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-10-02 10:55 - 2013-10-12 03:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-10-02 10:55 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-10-02 10:55 - 2013-08-02 02:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-10-02 10:55 - 2013-08-02 02:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-10-02 10:55 - 2013-08-02 02:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-10-02 10:55 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-10-02 10:55 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-10-02 10:55 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-10-02 10:55 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-10-02 10:55 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-10-02 10:55 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-10-02 10:55 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-10-02 10:55 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-10-02 10:55 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-10-02 10:55 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-10-02 10:55 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-10-02 10:55 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-10-02 10:55 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-10-02 10:55 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-10-02 10:55 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-10-02 10:55 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-10-02 10:55 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-10-02 10:55 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-10-02 10:55 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-10-02 10:55 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-10-02 10:55 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-10-02 10:55 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-10-02 10:55 - 2013-08-02 01:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-10-02 10:55 - 2013-08-02 01:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-10-02 10:55 - 2013-08-02 01:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-10-02 10:55 - 2013-08-02 01:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-10-02 10:55 - 2013-08-02 01:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-10-02 10:55 - 2013-07-12 11:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2014-10-02 10:55 - 2013-07-09 05:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2014-10-02 10:55 - 2013-06-25 23:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-10-02 10:55 - 2012-11-28 23:57 - 00047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2014-10-02 10:55 - 2012-11-28 23:57 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2014-10-02 10:55 - 2012-11-28 23:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2014-10-02 10:55 - 2012-10-09 18:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2014-10-02 10:55 - 2012-10-09 18:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2014-10-02 10:55 - 2012-05-14 05:33 - 00769024 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-10-02 10:55 - 2012-01-04 09:58 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2014-10-02 10:55 - 2011-03-11 06:33 - 01164288 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2014-10-02 10:55 - 2011-03-11 06:33 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2014-10-02 10:55 - 2011-02-23 05:47 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2014-10-02 10:54 - 2014-04-12 03:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-10-02 10:54 - 2014-04-12 03:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-10-02 10:54 - 2014-04-12 03:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-10-02 10:54 - 2014-04-12 03:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-10-02 10:54 - 2014-04-12 03:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-10-02 10:54 - 2014-04-12 03:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-10-02 10:54 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-10-02 10:54 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-10-02 10:54 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-10-02 10:54 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-10-02 10:54 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-10-02 10:54 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-10-02 10:54 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-10-02 10:54 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-10-02 10:54 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-10-02 10:54 - 2013-07-04 13:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-10-02 10:54 - 2013-02-27 05:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-10-02 10:30 - 2012-02-17 06:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2014-10-02 10:30 - 2012-02-17 05:13 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2014-10-02 10:22 - 2014-05-14 17:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-10-02 10:22 - 2014-05-14 17:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-10-02 10:22 - 2014-05-14 17:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-10-02 10:22 - 2014-05-14 17:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-10-02 10:22 - 2014-05-14 17:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-10-02 10:22 - 2014-05-14 17:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-10-02 10:22 - 2014-05-14 17:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-10-02 10:21 - 2014-05-14 08:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-10-02 10:21 - 2014-05-14 08:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-10-02 02:01 - 2014-10-02 02:01 - 00000000 ____D () C:\Program Files\Microsoft.NET

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-01 11:21 - 2014-10-01 12:24 - 00000000 ____D () C:\Users\G
2014-11-01 11:19 - 2014-10-01 12:18 - 00856259 _____ () C:\Windows\WindowsUpdate.log
2014-11-01 11:17 - 2014-10-01 14:05 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2014-11-01 11:17 - 2014-10-01 12:29 - 01626438 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-01 11:16 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-11-01 11:13 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-01 11:13 - 2009-07-14 05:34 - 00016640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-01 11:13 - 2009-07-14 05:34 - 00016640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-28 06:35 - 2014-10-01 12:44 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-24 14:13 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-10-24 11:02 - 2014-10-01 14:01 - 00001580 _____ () C:\Windows\Sandboxie.ini
2014-10-17 15:04 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-17 14:02 - 2014-10-01 12:24 - 00000000 ____D () C:\Users\G\AppData\Local\VirtualStore
2014-10-16 15:16 - 2014-10-01 12:47 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-16 15:16 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-10-16 15:14 - 2014-10-01 12:43 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 15:11 - 2014-10-01 12:43 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-03 12:31 - 2014-10-01 22:15 - 00000000 ____D () C:\Windows\Panther
2014-10-02 15:49 - 2009-07-14 08:50 - 00000000 ____D () C:\Program Files\Windows Journal
2014-10-02 15:49 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\System
2014-10-02 15:00 - 2009-07-27 17:21 - 00000000 ____D () C:\Windows\system32\Drivers\de-DE
2014-10-02 14:59 - 2009-07-14 05:52 - 00000000 ____D () C:\Program Files\Windows Defender
2014-10-02 14:59 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\zh-TW
2014-10-02 14:59 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-10-02 14:59 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\zh-CN
2014-10-02 14:59 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-10-02 14:59 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\sv-SE
2014-10-02 14:59 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\ru-RU
2014-10-02 14:59 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\pt-PT
2014-10-02 14:59 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\pt-BR
2014-10-02 14:59 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\pl-PL
2014-10-02 14:59 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\nl-NL
2014-10-02 14:59 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\nb-NO
2014-10-02 14:59 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\ko-KR
2014-10-02 14:59 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\ja-JP
2014-10-02 14:59 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\it-IT
2014-10-02 14:59 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\hu-HU
2014-10-02 14:59 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\fr-FR
2014-10-02 14:59 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\fi-FI
2014-10-02 14:59 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\el-GR

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-27 12:50

==================== End Of Log ============================
Add

Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 30-10-2014 01
Ran by G at 2014-11-01 11:23:08
Running from C:\Users\G\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Camtasia Studio 8 (HKLM\...\{FB05EAA3-D938-4EDA-9A38-88543E52680C}) (Version: 8.4.3.1792 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft GmbH)
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
KeePass Password Safe 2.27 (HKLM\...\KeePassPasswordSafe2_is1) (Version: 2.27 - Dominik Reichl)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 de) (HKLM\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
OpenVPN 2.3.4-I003  (HKLM\...\OpenVPN) (Version: 2.3.4-I003 - )
Oracle VM VirtualBox 4.3.16 (HKLM\...\{346795FE-9B53-48C0-A8E7-CC54B7EF7C1F}) (Version: 4.3.16 - Oracle Corporation)
Pidgin (HKLM\...\Pidgin) (Version: 2.10.9 - )
pidgin-otr 4.0.0-1 (HKLM\...\pidgin-otr) (Version: 4.0.0-1 - Cypherpunks CA)
PP Tunnel Manager version 1.6 (HKLM\...\{B6661DC2-DFEC-4D8A-B00D-CB6C104B7BF4}_is1) (Version: 1.6 - Perfect Privacy)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
Sandboxie 4.14 (32-bit) (HKLM\...\Sandboxie) (Version: 4.14 - Sandboxie Holdings, LLC)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
tools-windows (Version: 9.6.2.1895310 - VMware, Inc.) Hidden
TrueCrypt (HKLM\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
VirtualCloneDrive (HKLM\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
VMware Player (HKLM\...\VMware_Player) (Version: 6.0.3 - VMware, Inc)
VMware Player (Version: 6.0.3 - VMware, Inc.) Hidden
VPN Manager 1.6.69.0 (HKLM\...\VPN Manager) (Version: 1.6.69.0 - Perfect-Privacy)
WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 1.12.1 (32-bit) (HKLM\...\Wireshark) (Version: 1.12.1 - The Wireshark developer community, hxxp://www.wireshark.org)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

16-10-2014 14:07:26 Windows Update
24-10-2014 10:09:00 Windows Update
28-10-2014 12:23:39 Windows Update
01-11-2014 10:18:40 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {7A40D747-CCC8-420C-9D35-00CA922A2B50} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-29] (Piriform Ltd)
Task: {A397DA8A-3DB7-435A-BD2E-772B1EFB2516} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-02] (Google Inc.)
Task: {FFA09D31-9E1A-4ECB-AD13-C609BB670C39} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-02] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-10-01 14:05 - 2014-10-06 13:59 - 00775400 _____ () C:\Program Files\Emsisoft Anti-Malware\fw32.dll
2014-10-23 20:19 - 2014-10-23 20:19 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-10-01 12:37 - 2014-09-24 06:09 - 03715184 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-11-01 11:17 - 2014-11-01 11:17 - 00050477 _____ () C:\Users\G\Desktop\Defogger.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: CGVPNCliService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: rpcapd => 3
MSCONFIG\Services: Spooler => 2
MSCONFIG\Services: TeamViewer9 => 2
MSCONFIG\Services: TermService => 3
MSCONFIG\Services: VMAuthdService => 3
MSCONFIG\Services: VMnetDHCP => 3
MSCONFIG\Services: VMUSBArbService => 3
MSCONFIG\Services: VMware NAT Service => 3
MSCONFIG\Services: VPNManager => 2
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 5\CyberGhost.EXE" /autostart
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

========================= Accounts: ==========================

Administrator (S-1-5-21-3439212047-603411062-2574308960-500 - Administrator - Disabled)
G (S-1-5-21-3439212047-603411062-2574308960-1000 - Administrator - Enabled) => C:\Users\G
Gast (S-1-5-21-3439212047-603411062-2574308960-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3439212047-603411062-2574308960-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: E:\
Description: WPD-Dateisystem-Volumetreiber
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Microsoft
Service: WUDFRd
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Intel(R) 82567LM-Gigabit-Netzwerkverbindung
Description: Intel(R) 82567LM-Gigabit-Netzwerkverbindung
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: e1yexpress
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TeamViewer VPN Adapter
Description: TeamViewer VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TeamViewer GmbH
Service: teamviewervpn
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (10/31/2014 05:24:57 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T9600 @ 2.80GHz
Percentage of memory in use: 38%
Total physical RAM: 3035.85 MB
Available physical RAM: 1862.68 MB
Total Pagefile: 6069.99 MB
Available Pagefile: 4362.26 MB
Total Virtual: 2047.88 MB
Available Virtual: 1912.36 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:401.8 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 3779E46C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 3.6 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

11880 01.11.2014 12:30
Hier ist noch Gmer, hat nicht gepasst.

Gmer

Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-11-01 11:36:19
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000BPVT-00HXZT1 rev.01.01A01 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\G\AppData\Local\Temp\pxldqpog.sys


---- Kernel code sections - GMER 2.1 ----

.text          ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                          82A46A35 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                            82A80392 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- User code sections - GMER 2.1 ----

.text          C:\Windows\system32\notepad.exe[1008] ntdll.dll!NtCreateFile                                      77155608 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\system32\notepad.exe[1008] ntdll.dll!NtCreateFile + 4                                  7715560C 2 Bytes  [7C, 71] {JL 0x73}
.text          C:\Windows\system32\notepad.exe[1008] ntdll.dll!NtDeleteValueKey                                  77155888 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\system32\notepad.exe[1008] ntdll.dll!NtDeleteValueKey + 4                              7715588C 2 Bytes  [82, 71]
.text          C:\Windows\system32\notepad.exe[1008] ntdll.dll!NtOpenFile                                        77155D18 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\system32\notepad.exe[1008] ntdll.dll!NtOpenFile + 4                                    77155D1C 2 Bytes  [79, 71] {JNS 0x73}
.text          C:\Windows\system32\notepad.exe[1008] ntdll.dll!NtOpenProcess                                    77155DC8 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\system32\notepad.exe[1008] ntdll.dll!NtOpenProcess + 4                                77155DCC 2 Bytes  [7F, 71] {JG 0x73}
.text          C:\Windows\system32\notepad.exe[1008] ntdll.dll!NtSetContextThread                                771565A8 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\system32\notepad.exe[1008] ntdll.dll!NtSetContextThread + 4                            771565AC 2 Bytes  [73, 71] {JAE 0x73}
.text          C:\Windows\system32\notepad.exe[1008] ntdll.dll!NtSetInformationFile                              77156678 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\system32\notepad.exe[1008] ntdll.dll!NtSetInformationFile + 4                          7715667C 2 Bytes  [76, 71] {JBE 0x73}
.text          C:\Windows\system32\notepad.exe[1008] ntdll.dll!NtSetValueKey                                    77156848 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\system32\notepad.exe[1008] ntdll.dll!NtSetValueKey + 4                                7715684C 2 Bytes  [85, 71]
.text          C:\Windows\system32\notepad.exe[1008] kernel32.dll!CreateProcessInternalW                        76F50852 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\system32\notepad.exe[1008] kernel32.dll!CreateProcessInternalW + 4                    76F50856 2 Bytes  [70, 71] {JO 0x73}
.text          C:\Windows\system32\notepad.exe[1008] ADVAPI32.dll!CreateServiceW                                76BF70C4 6 Bytes  JMP 7189000A
.text          C:\Windows\system32\notepad.exe[1008] ADVAPI32.dll!CreateServiceA                                76C13264 6 Bytes  JMP 718C000A
.text          C:\Windows\system32\notepad.exe[1008] USER32.dll!SendMessageA                                    758DAD60 6 Bytes  JMP 7198000A
.text          C:\Windows\system32\notepad.exe[1008] USER32.dll!PostMessageA                                    758DB446 6 Bytes  JMP 7192000A
.text          C:\Windows\system32\notepad.exe[1008] USER32.dll!PostMessageW                                    758E447B 6 Bytes  JMP 718F000A
.text          C:\Windows\system32\notepad.exe[1008] USER32.dll!SendMessageW                                    758E5539 6 Bytes  JMP 7195000A
.text          C:\Windows\system32\notepad.exe[1008] USER32.dll!mouse_event                                      758F6209 6 Bytes  JMP 71A1000A
.text          C:\Windows\system32\notepad.exe[1008] USER32.dll!SendInput                                        75907019 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\system32\notepad.exe[1008] USER32.dll!SendInput + 4                                    7590701D 2 Bytes  [9A, 71]
.text          C:\Windows\system32\notepad.exe[1008] USER32.dll!keybd_event                                      7592EC3B 6 Bytes  JMP 719E000A
.text          C:\Windows\system32\taskhost.exe[1964] ntdll.dll!NtCreateFile                                    77155608 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\system32\taskhost.exe[1964] ntdll.dll!NtCreateFile + 4                                7715560C 2 Bytes  [82, 71]
.text          C:\Windows\system32\taskhost.exe[1964] ntdll.dll!NtDeleteValueKey                                77155888 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\system32\taskhost.exe[1964] ntdll.dll!NtDeleteValueKey + 4                            7715588C 2 Bytes  [88, 71]
.text          C:\Windows\system32\taskhost.exe[1964] ntdll.dll!NtOpenFile                                      77155D18 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\system32\taskhost.exe[1964] ntdll.dll!NtOpenFile + 4                                  77155D1C 2 Bytes  [7F, 71] {JG 0x73}
.text          C:\Windows\system32\taskhost.exe[1964] ntdll.dll!NtOpenProcess                                    77155DC8 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\system32\taskhost.exe[1964] ntdll.dll!NtOpenProcess + 4                                77155DCC 2 Bytes  [85, 71]
.text          C:\Windows\system32\taskhost.exe[1964] ntdll.dll!NtSetContextThread                              771565A8 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\system32\taskhost.exe[1964] ntdll.dll!NtSetContextThread + 4                          771565AC 2 Bytes  [79, 71] {JNS 0x73}
.text          C:\Windows\system32\taskhost.exe[1964] ntdll.dll!NtSetInformationFile                            77156678 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\system32\taskhost.exe[1964] ntdll.dll!NtSetInformationFile + 4                        7715667C 2 Bytes  [7C, 71] {JL 0x73}
.text          C:\Windows\system32\taskhost.exe[1964] ntdll.dll!NtSetValueKey                                    77156848 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\system32\taskhost.exe[1964] ntdll.dll!NtSetValueKey + 4                                7715684C 2 Bytes  [8B, 71]
.text          C:\Windows\system32\taskhost.exe[1964] kernel32.dll!CreateProcessInternalW                        76F50852 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\system32\taskhost.exe[1964] kernel32.dll!CreateProcessInternalW + 4                    76F50856 2 Bytes  [76, 71] {JBE 0x73}
.text          C:\Windows\system32\taskhost.exe[1964] USER32.dll!SendMessageA                                    758DAD60 6 Bytes  JMP 719E000A
.text          C:\Windows\system32\taskhost.exe[1964] USER32.dll!PostMessageA                                    758DB446 6 Bytes  JMP 7198000A
.text          C:\Windows\system32\taskhost.exe[1964] USER32.dll!PostMessageW                                    758E447B 6 Bytes  JMP 7195000A
.text          C:\Windows\system32\taskhost.exe[1964] USER32.dll!SendMessageW                                    758E5539 6 Bytes  JMP 719B000A
.text          C:\Windows\system32\taskhost.exe[1964] USER32.dll!mouse_event                                    758F6209 6 Bytes  JMP 71A7000A
.text          C:\Windows\system32\taskhost.exe[1964] USER32.dll!SendInput                                      75907019 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\system32\taskhost.exe[1964] USER32.dll!SendInput + 4                                  7590701D 2 Bytes  [A0, 71]
.text          C:\Windows\system32\taskhost.exe[1964] USER32.dll!keybd_event                                    7592EC3B 6 Bytes  JMP 71A4000A
.text          C:\Windows\system32\taskhost.exe[1964] ADVAPI32.dll!CreateServiceW                                76BF70C4 6 Bytes  JMP 718F000A
.text          C:\Windows\system32\taskhost.exe[1964] ADVAPI32.dll!CreateServiceA                                76C13264 6 Bytes  JMP 7192000A
.text          C:\Windows\system32\Dwm.exe[2696] ntdll.dll!NtCreateFile                                          77155608 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\system32\Dwm.exe[2696] ntdll.dll!NtCreateFile + 4                                      7715560C 2 Bytes  [82, 71]
.text          C:\Windows\system32\Dwm.exe[2696] ntdll.dll!NtDeleteValueKey                                      77155888 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\system32\Dwm.exe[2696] ntdll.dll!NtDeleteValueKey + 4                                  7715588C 2 Bytes  [88, 71]
.text          C:\Windows\system32\Dwm.exe[2696] ntdll.dll!NtOpenFile                                            77155D18 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\system32\Dwm.exe[2696] ntdll.dll!NtOpenFile + 4                                        77155D1C 2 Bytes  [7F, 71] {JG 0x73}
.text          C:\Windows\system32\Dwm.exe[2696] ntdll.dll!NtOpenProcess                                        77155DC8 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\system32\Dwm.exe[2696] ntdll.dll!NtOpenProcess + 4                                    77155DCC 2 Bytes  [85, 71]
.text          C:\Windows\system32\Dwm.exe[2696] ntdll.dll!NtSetContextThread                                    771565A8 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\system32\Dwm.exe[2696] ntdll.dll!NtSetContextThread + 4                                771565AC 2 Bytes  [79, 71] {JNS 0x73}
.text          C:\Windows\system32\Dwm.exe[2696] ntdll.dll!NtSetInformationFile                                  77156678 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\system32\Dwm.exe[2696] ntdll.dll!NtSetInformationFile + 4                              7715667C 2 Bytes  [7C, 71] {JL 0x73}
.text          C:\Windows\system32\Dwm.exe[2696] ntdll.dll!NtSetValueKey                                        77156848 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\system32\Dwm.exe[2696] ntdll.dll!NtSetValueKey + 4                                    7715684C 2 Bytes  [8B, 71]
.text          C:\Windows\system32\Dwm.exe[2696] kernel32.dll!CreateProcessInternalW                            76F50852 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\system32\Dwm.exe[2696] kernel32.dll!CreateProcessInternalW + 4                        76F50856 2 Bytes  [76, 71] {JBE 0x73}
.text          C:\Windows\system32\Dwm.exe[2696] USER32.dll!SendMessageA                                        758DAD60 6 Bytes  JMP 719E000A
.text          C:\Windows\system32\Dwm.exe[2696] USER32.dll!PostMessageA                                        758DB446 6 Bytes  JMP 7198000A
.text          C:\Windows\system32\Dwm.exe[2696] USER32.dll!PostMessageW                                        758E447B 6 Bytes  JMP 7195000A
.text          C:\Windows\system32\Dwm.exe[2696] USER32.dll!SendMessageW                                        758E5539 6 Bytes  JMP 719B000A
.text          C:\Windows\system32\Dwm.exe[2696] USER32.dll!mouse_event                                          758F6209 6 Bytes  JMP 71A7000A
.text          C:\Windows\system32\Dwm.exe[2696] USER32.dll!SendInput                                            75907019 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\system32\Dwm.exe[2696] USER32.dll!SendInput + 4                                        7590701D 2 Bytes  [A0, 71]
.text          C:\Windows\system32\Dwm.exe[2696] USER32.dll!keybd_event                                          7592EC3B 6 Bytes  JMP 71A4000A
.text          C:\Windows\system32\Dwm.exe[2696] ADVAPI32.dll!CreateServiceW                                    76BF70C4 6 Bytes  JMP 718F000A
.text          C:\Windows\system32\Dwm.exe[2696] ADVAPI32.dll!CreateServiceA                                    76C13264 6 Bytes  JMP 7192000A
.text          C:\Windows\Explorer.EXE[2724] ntdll.dll!NtCreateFile                                              77155608 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\Explorer.EXE[2724] ntdll.dll!NtCreateFile + 4                                          7715560C 2 Bytes  [82, 71]
.text          C:\Windows\Explorer.EXE[2724] ntdll.dll!NtDeleteValueKey                                          77155888 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\Explorer.EXE[2724] ntdll.dll!NtDeleteValueKey + 4                                      7715588C 2 Bytes  [88, 71]
.text          C:\Windows\Explorer.EXE[2724] ntdll.dll!NtOpenFile                                                77155D18 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\Explorer.EXE[2724] ntdll.dll!NtOpenFile + 4                                            77155D1C 2 Bytes  [7F, 71] {JG 0x73}
.text          C:\Windows\Explorer.EXE[2724] ntdll.dll!NtOpenProcess                                            77155DC8 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\Explorer.EXE[2724] ntdll.dll!NtOpenProcess + 4                                        77155DCC 2 Bytes  [85, 71]
.text          C:\Windows\Explorer.EXE[2724] ntdll.dll!NtSetContextThread                                        771565A8 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\Explorer.EXE[2724] ntdll.dll!NtSetContextThread + 4                                    771565AC 2 Bytes  [79, 71] {JNS 0x73}
.text          C:\Windows\Explorer.EXE[2724] ntdll.dll!NtSetInformationFile                                      77156678 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\Explorer.EXE[2724] ntdll.dll!NtSetInformationFile + 4                                  7715667C 2 Bytes  [7C, 71] {JL 0x73}
.text          C:\Windows\Explorer.EXE[2724] ntdll.dll!NtSetValueKey                                            77156848 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\Explorer.EXE[2724] ntdll.dll!NtSetValueKey + 4                                        7715684C 2 Bytes  [8B, 71]
.text          C:\Windows\Explorer.EXE[2724] kernel32.dll!CreateProcessInternalW                                76F50852 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\Explorer.EXE[2724] kernel32.dll!CreateProcessInternalW + 4                            76F50856 2 Bytes  [76, 71] {JBE 0x73}
.text          C:\Windows\Explorer.EXE[2724] ADVAPI32.dll!CreateServiceW                                        76BF70C4 6 Bytes  JMP 718F000A
.text          C:\Windows\Explorer.EXE[2724] ADVAPI32.dll!CreateServiceA                                        76C13264 6 Bytes  JMP 7192000A
.text          C:\Windows\Explorer.EXE[2724] USER32.dll!SendMessageA                                            758DAD60 6 Bytes  JMP 719E000A
.text          C:\Windows\Explorer.EXE[2724] USER32.dll!PostMessageA                                            758DB446 6 Bytes  JMP 7198000A
.text          C:\Windows\Explorer.EXE[2724] USER32.dll!PostMessageW                                            758E447B 6 Bytes  JMP 7195000A
.text          C:\Windows\Explorer.EXE[2724] USER32.dll!SendMessageW                                            758E5539 6 Bytes  JMP 719B000A
.text          C:\Windows\Explorer.EXE[2724] USER32.dll!mouse_event                                              758F6209 6 Bytes  JMP 71A7000A
.text          C:\Windows\Explorer.EXE[2724] USER32.dll!SendInput                                                75907019 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\Explorer.EXE[2724] USER32.dll!SendInput + 4                                            7590701D 2 Bytes  [A0, 71]
.text          C:\Windows\Explorer.EXE[2724] USER32.dll!keybd_event                                              7592EC3B 6 Bytes  JMP 71A4000A
.text          C:\Windows\Explorer.EXE[2724] WS2_32.dll!WSALookupServiceBeginW                                  76CC575A 6 Bytes  JMP 715C000A
.text          C:\Windows\Explorer.EXE[2724] WS2_32.dll!connect                                                  76CC6BDD 6 Bytes  JMP 7165000A
.text          C:\Windows\Explorer.EXE[2724] WS2_32.dll!listen                                                  76CCB001 6 Bytes  JMP 715F000A
.text          C:\Windows\Explorer.EXE[2724] WS2_32.dll!WSAConnect                                              76CCCC3F 6 Bytes  JMP 7162000A
.text          C:\Program Files\Sandboxie\SbieCtrl.exe[2844] ntdll.dll!NtCreateFile                              77155608 3 Bytes  [FF, 25, 1E]
.text          C:\Program Files\Sandboxie\SbieCtrl.exe[2844] ntdll.dll!NtCreateFile + 4                          7715560C 2 Bytes  [76, 71] {JBE 0x73}
.text          C:\Program Files\Sandboxie\SbieCtrl.exe[2844] ntdll.dll!NtDeleteValueKey                          77155888 3 Bytes  [FF, 25, 1E]
.text          C:\Program Files\Sandboxie\SbieCtrl.exe[2844] ntdll.dll!NtDeleteValueKey + 4                      7715588C 2 Bytes  [7C, 71] {JL 0x73}
.text          C:\Program Files\Sandboxie\SbieCtrl.exe[2844] ntdll.dll!NtOpenFile                                77155D18 3 Bytes  [FF, 25, 1E]
.text          C:\Program Files\Sandboxie\SbieCtrl.exe[2844] ntdll.dll!NtOpenFile + 4                            77155D1C 2 Bytes  [73, 71] {JAE 0x73}
.text          C:\Program Files\Sandboxie\SbieCtrl.exe[2844] ntdll.dll!NtOpenProcess                            77155DC8 3 Bytes  [FF, 25, 1E]
.text          C:\Program Files\Sandboxie\SbieCtrl.exe[2844] ntdll.dll!NtOpenProcess + 4                        77155DCC 2 Bytes  [79, 71] {JNS 0x73}
.text          C:\Program Files\Sandboxie\SbieCtrl.exe[2844] ntdll.dll!NtSetContextThread                        771565A8 3 Bytes  [FF, 25, 1E]
.text          C:\Program Files\Sandboxie\SbieCtrl.exe[2844] ntdll.dll!NtSetContextThread + 4                    771565AC 2 Bytes  [6D, 71]
.text          C:\Program Files\Sandboxie\SbieCtrl.exe[2844] ntdll.dll!NtSetInformationFile                      77156678 3 Bytes  [FF, 25, 1E]
.text          C:\Program Files\Sandboxie\SbieCtrl.exe[2844] ntdll.dll!NtSetInformationFile + 4                  7715667C 2 Bytes  [70, 71] {JO 0x73}
.text          C:\Program Files\Sandboxie\SbieCtrl.exe[2844] ntdll.dll!NtSetValueKey                            77156848 3 Bytes  [FF, 25, 1E]
.text          C:\Program Files\Sandboxie\SbieCtrl.exe[2844] ntdll.dll!NtSetValueKey + 4                        7715684C 2 Bytes  [7F, 71] {JG 0x73}
.text          C:\Program Files\Sandboxie\SbieCtrl.exe[2844] kernel32.dll!CreateProcessInternalW                76F50852 3 Bytes  [FF, 25, 1E]
.text          C:\Program Files\Sandboxie\SbieCtrl.exe[2844] kernel32.dll!CreateProcessInternalW + 4            76F50856 2 Bytes  [6A, 71] {PUSH 0x71}
.text          C:\Program Files\Sandboxie\SbieCtrl.exe[2844] USER32.dll!SendMessageA                            758DAD60 6 Bytes  JMP 7192000A
.text          C:\Program Files\Sandboxie\SbieCtrl.exe[2844] USER32.dll!PostMessageA                            758DB446 6 Bytes  JMP 718C000A
.text          C:\Program Files\Sandboxie\SbieCtrl.exe[2844] USER32.dll!PostMessageW                            758E447B 6 Bytes  JMP 7189000A
.text          C:\Program Files\Sandboxie\SbieCtrl.exe[2844] USER32.dll!SendMessageW                            758E5539 6 Bytes  JMP 718F000A
.text          C:\Program Files\Sandboxie\SbieCtrl.exe[2844] USER32.dll!mouse_event                              758F6209 6 Bytes  JMP 719B000A
.text          C:\Program Files\Sandboxie\SbieCtrl.exe[2844] USER32.dll!SendInput                                75907019 3 Bytes  [FF, 25, 1E]
.text          C:\Program Files\Sandboxie\SbieCtrl.exe[2844] USER32.dll!SendInput + 4                            7590701D 2 Bytes  [94, 71]
.text          C:\Program Files\Sandboxie\SbieCtrl.exe[2844] USER32.dll!keybd_event                              7592EC3B 6 Bytes  JMP 7198000A
.text          C:\Program Files\Sandboxie\SbieCtrl.exe[2844] advapi32.DLL!CreateServiceW                        76BF70C4 6 Bytes  JMP 7183000A
.text          C:\Program Files\Sandboxie\SbieCtrl.exe[2844] advapi32.DLL!CreateServiceA                        76C13264 6 Bytes  JMP 7186000A
.text          C:\Program Files\TrueCrypt\TrueCrypt.exe[2856] ntdll.dll!NtCreateFile                            77155608 3 Bytes  [FF, 25, 1E]
.text          C:\Program Files\TrueCrypt\TrueCrypt.exe[2856] ntdll.dll!NtCreateFile + 4                        7715560C 2 Bytes  [82, 71]
.text          C:\Program Files\TrueCrypt\TrueCrypt.exe[2856] ntdll.dll!NtDeleteValueKey                        77155888 3 Bytes  [FF, 25, 1E]
.text          C:\Program Files\TrueCrypt\TrueCrypt.exe[2856] ntdll.dll!NtDeleteValueKey + 4                    7715588C 2 Bytes  [88, 71]
.text          C:\Program Files\TrueCrypt\TrueCrypt.exe[2856] ntdll.dll!NtOpenFile                              77155D18 3 Bytes  [FF, 25, 1E]
.text          C:\Program Files\TrueCrypt\TrueCrypt.exe[2856] ntdll.dll!NtOpenFile + 4                          77155D1C 2 Bytes  [7F, 71] {JG 0x73}
.text          C:\Program Files\TrueCrypt\TrueCrypt.exe[2856] ntdll.dll!NtOpenProcess                            77155DC8 3 Bytes  [FF, 25, 1E]
.text          C:\Program Files\TrueCrypt\TrueCrypt.exe[2856] ntdll.dll!NtOpenProcess + 4                        77155DCC 2 Bytes  [85, 71]
.text          C:\Program Files\TrueCrypt\TrueCrypt.exe[2856] ntdll.dll!NtSetContextThread                      771565A8 3 Bytes  [FF, 25, 1E]
.text          C:\Program Files\TrueCrypt\TrueCrypt.exe[2856] ntdll.dll!NtSetContextThread + 4                  771565AC 2 Bytes  [79, 71] {JNS 0x73}
.text          C:\Program Files\TrueCrypt\TrueCrypt.exe[2856] ntdll.dll!NtSetInformationFile                    77156678 3 Bytes  [FF, 25, 1E]
.text          C:\Program Files\TrueCrypt\TrueCrypt.exe[2856] ntdll.dll!NtSetInformationFile + 4                7715667C 2 Bytes  [7C, 71] {JL 0x73}
.text          C:\Program Files\TrueCrypt\TrueCrypt.exe[2856] ntdll.dll!NtSetValueKey                            77156848 3 Bytes  [FF, 25, 1E]
.text          C:\Program Files\TrueCrypt\TrueCrypt.exe[2856] ntdll.dll!NtSetValueKey + 4                        7715684C 2 Bytes  [8B, 71]
.text          C:\Program Files\TrueCrypt\TrueCrypt.exe[2856] kernel32.dll!CreateProcessInternalW                76F50852 3 Bytes  [FF, 25, 1E]
.text          C:\Program Files\TrueCrypt\TrueCrypt.exe[2856] kernel32.dll!CreateProcessInternalW + 4            76F50856 2 Bytes  [76, 71] {JBE 0x73}
.text          C:\Program Files\TrueCrypt\TrueCrypt.exe[2856] ADVAPI32.dll!CreateServiceW                        76BF70C4 6 Bytes  JMP 718F000A
.text          C:\Program Files\TrueCrypt\TrueCrypt.exe[2856] ADVAPI32.dll!CreateServiceA                        76C13264 6 Bytes  JMP 7192000A
.text          C:\Program Files\TrueCrypt\TrueCrypt.exe[2856] USER32.dll!SendMessageA                            758DAD60 6 Bytes  JMP 719E000A
.text          C:\Program Files\TrueCrypt\TrueCrypt.exe[2856] USER32.dll!PostMessageA                            758DB446 6 Bytes  JMP 7198000A
.text          C:\Program Files\TrueCrypt\TrueCrypt.exe[2856] USER32.dll!PostMessageW                            758E447B 6 Bytes  JMP 7195000A
.text          C:\Program Files\TrueCrypt\TrueCrypt.exe[2856] USER32.dll!SendMessageW                            758E5539 6 Bytes  JMP 719B000A
.text          C:\Program Files\TrueCrypt\TrueCrypt.exe[2856] USER32.dll!mouse_event                            758F6209 6 Bytes  JMP 71A7000A
.text          C:\Program Files\TrueCrypt\TrueCrypt.exe[2856] USER32.dll!SendInput                              75907019 3 Bytes  [FF, 25, 1E]
.text          C:\Program Files\TrueCrypt\TrueCrypt.exe[2856] USER32.dll!SendInput + 4                          7590701D 2 Bytes  [A0, 71]
.text          C:\Program Files\TrueCrypt\TrueCrypt.exe[2856] USER32.dll!keybd_event                            7592EC3B 6 Bytes  JMP 71A4000A
.text          C:\Windows\system32\notepad.exe[2944] ntdll.dll!NtCreateFile                                      77155608 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\system32\notepad.exe[2944] ntdll.dll!NtCreateFile + 4                                  7715560C 2 Bytes  [7C, 71] {JL 0x73}
.text          C:\Windows\system32\notepad.exe[2944] ntdll.dll!NtDeleteValueKey                                  77155888 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\system32\notepad.exe[2944] ntdll.dll!NtDeleteValueKey + 4                              7715588C 2 Bytes  [82, 71]
.text          C:\Windows\system32\notepad.exe[2944] ntdll.dll!NtOpenFile                                        77155D18 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\system32\notepad.exe[2944] ntdll.dll!NtOpenFile + 4                                    77155D1C 2 Bytes  [79, 71] {JNS 0x73}
.text          C:\Windows\system32\notepad.exe[2944] ntdll.dll!NtOpenProcess                                    77155DC8 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\system32\notepad.exe[2944] ntdll.dll!NtOpenProcess + 4                                77155DCC 2 Bytes  [7F, 71] {JG 0x73}
.text          C:\Windows\system32\notepad.exe[2944] ntdll.dll!NtSetContextThread                                771565A8 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\system32\notepad.exe[2944] ntdll.dll!NtSetContextThread + 4                            771565AC 2 Bytes  [73, 71] {JAE 0x73}
.text          C:\Windows\system32\notepad.exe[2944] ntdll.dll!NtSetInformationFile                              77156678 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\system32\notepad.exe[2944] ntdll.dll!NtSetInformationFile + 4                          7715667C 2 Bytes  [76, 71] {JBE 0x73}
.text          C:\Windows\system32\notepad.exe[2944] ntdll.dll!NtSetValueKey                                    77156848 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\system32\notepad.exe[2944] ntdll.dll!NtSetValueKey + 4                                7715684C 2 Bytes  [85, 71]
.text          C:\Windows\system32\notepad.exe[2944] kernel32.dll!CreateProcessInternalW                        76F50852 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\system32\notepad.exe[2944] kernel32.dll!CreateProcessInternalW + 4                    76F50856 2 Bytes  [70, 71] {JO 0x73}
.text          C:\Windows\system32\notepad.exe[2944] ADVAPI32.dll!CreateServiceW                                76BF70C4 6 Bytes  JMP 7189000A
.text          C:\Windows\system32\notepad.exe[2944] ADVAPI32.dll!CreateServiceA                                76C13264 6 Bytes  JMP 718C000A
.text          C:\Windows\system32\notepad.exe[2944] USER32.dll!SendMessageA                                    758DAD60 6 Bytes  JMP 7198000A
.text          C:\Windows\system32\notepad.exe[2944] USER32.dll!PostMessageA                                    758DB446 6 Bytes  JMP 7192000A
.text          C:\Windows\system32\notepad.exe[2944] USER32.dll!PostMessageW                                    758E447B 6 Bytes  JMP 718F000A
.text          C:\Windows\system32\notepad.exe[2944] USER32.dll!SendMessageW                                    758E5539 6 Bytes  JMP 7195000A
.text          C:\Windows\system32\notepad.exe[2944] USER32.dll!mouse_event                                      758F6209 6 Bytes  JMP 71A1000A
.text          C:\Windows\system32\notepad.exe[2944] USER32.dll!SendInput                                        75907019 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\system32\notepad.exe[2944] USER32.dll!SendInput + 4                                    7590701D 2 Bytes  [9A, 71]
.text          C:\Windows\system32\notepad.exe[2944] USER32.dll!keybd_event                                      7592EC3B 6 Bytes  JMP 719E000A
.text          C:\Users\G\Desktop\Gmer-19357.exe[3560] ntdll.dll!NtCreateFile                                    77155608 3 Bytes  [FF, 25, 1E]
.text          C:\Users\G\Desktop\Gmer-19357.exe[3560] ntdll.dll!NtCreateFile + 4                                7715560C 2 Bytes  [82, 71]
.text          C:\Users\G\Desktop\Gmer-19357.exe[3560] ntdll.dll!NtDeleteValueKey                                77155888 3 Bytes  [FF, 25, 1E]
.text          C:\Users\G\Desktop\Gmer-19357.exe[3560] ntdll.dll!NtDeleteValueKey + 4                            7715588C 2 Bytes  [88, 71]
.text          C:\Users\G\Desktop\Gmer-19357.exe[3560] ntdll.dll!NtOpenFile                                      77155D18 3 Bytes  [FF, 25, 1E]
.text          C:\Users\G\Desktop\Gmer-19357.exe[3560] ntdll.dll!NtOpenFile + 4                                  77155D1C 2 Bytes  [7F, 71] {JG 0x73}
.text          C:\Users\G\Desktop\Gmer-19357.exe[3560] ntdll.dll!NtOpenProcess                                  77155DC8 3 Bytes  [FF, 25, 1E]
.text          C:\Users\G\Desktop\Gmer-19357.exe[3560] ntdll.dll!NtOpenProcess + 4                              77155DCC 2 Bytes  [85, 71]
.text          C:\Users\G\Desktop\Gmer-19357.exe[3560] ntdll.dll!NtSetContextThread                              771565A8 3 Bytes  [FF, 25, 1E]
.text          C:\Users\G\Desktop\Gmer-19357.exe[3560] ntdll.dll!NtSetContextThread + 4                          771565AC 2 Bytes  [79, 71] {JNS 0x73}
.text          C:\Users\G\Desktop\Gmer-19357.exe[3560] ntdll.dll!NtSetInformationFile                            77156678 3 Bytes  [FF, 25, 1E]
.text          C:\Users\G\Desktop\Gmer-19357.exe[3560] ntdll.dll!NtSetInformationFile + 4                        7715667C 2 Bytes  [7C, 71] {JL 0x73}
.text          C:\Users\G\Desktop\Gmer-19357.exe[3560] ntdll.dll!NtSetValueKey                                  77156848 3 Bytes  [FF, 25, 1E]
.text          C:\Users\G\Desktop\Gmer-19357.exe[3560] ntdll.dll!NtSetValueKey + 4                              7715684C 2 Bytes  [8B, 71]
.text          C:\Users\G\Desktop\Gmer-19357.exe[3560] kernel32.dll!CreateProcessInternalW                      76F50852 3 Bytes  [FF, 25, 1E]
.text          C:\Users\G\Desktop\Gmer-19357.exe[3560] kernel32.dll!CreateProcessInternalW + 4                  76F50856 2 Bytes  [76, 71] {JBE 0x73}
.text          C:\Users\G\Desktop\Gmer-19357.exe[3560] USER32.dll!SendMessageA                                  758DAD60 6 Bytes  JMP 719E000A
.text          C:\Users\G\Desktop\Gmer-19357.exe[3560] USER32.dll!PostMessageA                                  758DB446 6 Bytes  JMP 7198000A
.text          C:\Users\G\Desktop\Gmer-19357.exe[3560] USER32.dll!PostMessageW                                  758E447B 6 Bytes  JMP 7195000A
.text          C:\Users\G\Desktop\Gmer-19357.exe[3560] USER32.dll!SendMessageW                                  758E5539 6 Bytes  JMP 719B000A
.text          C:\Users\G\Desktop\Gmer-19357.exe[3560] USER32.dll!mouse_event                                    758F6209 6 Bytes  JMP 71A7000A
.text          C:\Users\G\Desktop\Gmer-19357.exe[3560] USER32.dll!SendInput                                      75907019 3 Bytes  [FF, 25, 1E]
.text          C:\Users\G\Desktop\Gmer-19357.exe[3560] USER32.dll!SendInput + 4                                  7590701D 2 Bytes  [A0, 71]
.text          C:\Users\G\Desktop\Gmer-19357.exe[3560] USER32.dll!keybd_event                                    7592EC3B 6 Bytes  JMP 71A4000A
.text          C:\Users\G\Desktop\Gmer-19357.exe[3560] ADVAPI32.dll!CreateServiceW                              76BF70C4 6 Bytes  JMP 718F000A
.text          C:\Users\G\Desktop\Gmer-19357.exe[3560] ADVAPI32.dll!CreateServiceA                              76C13264 6 Bytes  JMP 7192000A
.text          C:\Program Files\Mozilla Firefox\firefox.exe[3692] ntdll.dll!NtCreateFile                        77155608 3 Bytes  [FF, 25, 1E]
.text          C:\Program Files\Mozilla Firefox\firefox.exe[3692] ntdll.dll!NtCreateFile + 4                    7715560C 2 Bytes  [82, 71]
.text          C:\Program Files\Mozilla Firefox\firefox.exe[3692] ntdll.dll!NtDeleteValueKey                    77155888 3 Bytes  [FF, 25, 1E]
.text          C:\Program Files\Mozilla Firefox\firefox.exe[3692] ntdll.dll!NtDeleteValueKey + 4                7715588C 2 Bytes  [88, 71]
.text          C:\Program Files\Mozilla Firefox\firefox.exe[3692] ntdll.dll!NtFlushBuffersFile                  77155998 5 Bytes  JMP 5DC4EB90 C:\Program Files\Mozilla Firefox\xul.dll
.text          C:\Program Files\Mozilla Firefox\firefox.exe[3692] ntdll.dll!NtOpenFile                          77155D18 3 Bytes  [FF, 25, 1E]
.text          C:\Program Files\Mozilla Firefox\firefox.exe[3692] ntdll.dll!NtOpenFile + 4                      77155D1C 2 Bytes  [7F, 71] {JG 0x73}
.text          C:\Program Files\Mozilla Firefox\firefox.exe[3692] ntdll.dll!NtOpenProcess                        77155DC8 3 Bytes  [FF, 25, 1E]
.text          C:\Program Files\Mozilla Firefox\firefox.exe[3692] ntdll.dll!NtOpenProcess + 4                    77155DCC 2 Bytes  [85, 71]
.text          C:\Program Files\Mozilla Firefox\firefox.exe[3692] ntdll.dll!NtQueryFullAttributesFile            77156028 5 Bytes  JMP 5DC69C70 C:\Program Files\Mozilla Firefox\xul.dll
.text          C:\Program Files\Mozilla Firefox\firefox.exe[3692] ntdll.dll!NtReadFile                          771562F8 5 Bytes  JMP 5DC4EC80 C:\Program Files\Mozilla Firefox\xul.dll
.text          C:\Program Files\Mozilla Firefox\firefox.exe[3692] ntdll.dll!NtReadFileScatter                    77156308 5 Bytes  JMP 5E564CE1 C:\Program Files\Mozilla Firefox\xul.dll
.text          C:\Program Files\Mozilla Firefox\firefox.exe[3692] ntdll.dll!NtSetContextThread                  771565A8 3 Bytes  [FF, 25, 1E]
.text          C:\Program Files\Mozilla Firefox\firefox.exe[3692] ntdll.dll!NtSetContextThread + 4              771565AC 2 Bytes  [79, 71] {JNS 0x73}
.text          C:\Program Files\Mozilla Firefox\firefox.exe[3692] ntdll.dll!NtSetInformationFile                77156678 3 Bytes  [FF, 25, 1E]
.text          C:\Program Files\Mozilla Firefox\firefox.exe[3692] ntdll.dll!NtSetInformationFile + 4            7715667C 2 Bytes  [7C, 71] {JL 0x73}
.text          C:\Program Files\Mozilla Firefox\firefox.exe[3692] ntdll.dll!NtSetValueKey                        77156848 3 Bytes  [FF, 25, 1E]
.text          C:\Program Files\Mozilla Firefox\firefox.exe[3692] ntdll.dll!NtSetValueKey + 4                    7715684C 2 Bytes  [8B, 71]
.text          C:\Program Files\Mozilla Firefox\firefox.exe[3692] ntdll.dll!NtWriteFile                          77156AA8 5 Bytes  JMP 5DC6ACB0 C:\Program Files\Mozilla Firefox\xul.dll
.text          C:\Program Files\Mozilla Firefox\firefox.exe[3692] ntdll.dll!NtWriteFileGather                    77156AB8 5 Bytes  JMP 5E564C90 C:\Program Files\Mozilla Firefox\xul.dll
.text          C:\Program Files\Mozilla Firefox\firefox.exe[3692] ntdll.dll!LdrLoadDll                          771722AE 5 Bytes  JMP 60BD1F42 C:\Program Files\Mozilla Firefox\mozglue.dll
.text          C:\Program Files\Mozilla Firefox\firefox.exe[3692] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D  76F494E6 7 Bytes  JMP 5E4D1CEB C:\Program Files\Mozilla Firefox\xul.dll
.text          C:\Program Files\Mozilla Firefox\firefox.exe[3692] kernel32.dll!QueryPerformanceCounter + 13      76F4C4E5 7 Bytes  JMP 5E4D1D0E C:\Program Files\Mozilla Firefox\xul.dll
.text          C:\Program Files\Mozilla Firefox\firefox.exe[3692] kernel32.dll!LoadAppInitDlls + 355            76F4F5A6 7 Bytes  JMP 5DC66A9C C:\Program Files\Mozilla Firefox\xul.dll
.text          C:\Program Files\Mozilla Firefox\firefox.exe[3692] kernel32.dll!CreateProcessInternalW            76F50852 3 Bytes  [FF, 25, 1E]
.text          C:\Program Files\Mozilla Firefox\firefox.exe[3692] kernel32.dll!CreateProcessInternalW + 4        76F50856 2 Bytes  [76, 71] {JBE 0x73}
.text          C:\Program Files\Mozilla Firefox\firefox.exe[3692] USER32.dll!SendMessageA                        758DAD60 6 Bytes  JMP 719E000A
.text          C:\Program Files\Mozilla Firefox\firefox.exe[3692] USER32.dll!PostMessageA                        758DB446 6 Bytes  JMP 7198000A
.text          C:\Program Files\Mozilla Firefox\firefox.exe[3692] USER32.dll!PostMessageW                        758E447B 6 Bytes  JMP 7195000A
.text          C:\Program Files\Mozilla Firefox\firefox.exe[3692] USER32.dll!GetWindowInfo                      758E4B5E 5 Bytes  JMP 5E3D78E5 C:\Program Files\Mozilla Firefox\xul.dll
.text          C:\Program Files\Mozilla Firefox\firefox.exe[3692] USER32.dll!SendMessageW                        758E5539 6 Bytes  JMP 719B000A
.text          C:\Program Files\Mozilla Firefox\firefox.exe[3692] USER32.dll!mouse_event                        758F6209 6 Bytes  JMP 71A7000A
.text          C:\Program Files\Mozilla Firefox\firefox.exe[3692] USER32.dll!SendInput                          75907019 3 Bytes  [FF, 25, 1E]
.text          C:\Program Files\Mozilla Firefox\firefox.exe[3692] USER32.dll!SendInput + 4                      7590701D 2 Bytes  [A0, 71]
.text          C:\Program Files\Mozilla Firefox\firefox.exe[3692] USER32.dll!keybd_event                        7592EC3B 6 Bytes  JMP 71A4000A
.text          C:\Program Files\Mozilla Firefox\firefox.exe[3692] GDI32.dll!GetViewportOrgEx + 26C              76C7884B 7 Bytes  JMP 5E4D1C6C C:\Program Files\Mozilla Firefox\xul.dll
.text          C:\Program Files\Mozilla Firefox\firefox.exe[3692] ADVAPI32.dll!CreateServiceW                    76BF70C4 6 Bytes  JMP 718F000A
.text          C:\Program Files\Mozilla Firefox\firefox.exe[3692] ADVAPI32.dll!CreateServiceA                    76C13264 6 Bytes  JMP 7192000A
.text          C:\Program Files\Mozilla Firefox\firefox.exe[3692] WS2_32.dll!WSALookupServiceBeginW              76CC575A 6 Bytes  JMP 716B000A
.text          C:\Program Files\Mozilla Firefox\firefox.exe[3692] WS2_32.dll!connect                            76CC6BDD 6 Bytes  JMP 7174000A
.text          C:\Program Files\Mozilla Firefox\firefox.exe[3692] WS2_32.dll!listen                              76CCB001 6 Bytes  JMP 716E000A
.text          C:\Program Files\Mozilla Firefox\firefox.exe[3692] WS2_32.dll!WSAConnect                          76CCCC3F 6 Bytes  JMP 7171000A

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                          VMkbd.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                          VMkbd.sys

Device          \Driver\usbhub \Device\00000083                                                                  hcmon.sys
Device          \Driver\usbhub \Device\00000084                                                                  hcmon.sys
Device          \Driver\usbhub \Device\00000085                                                                  hcmon.sys
Device          \Driver\usbhub \Device\00000086                                                                  hcmon.sys
Device          \Driver\usbhub \Device\00000087                                                                  hcmon.sys
Device          \Driver\usbuhci \Device\USBFDO-0                                                                  hcmon.sys
Device          \Driver\usbuhci \Device\USBFDO-1                                                                  hcmon.sys
Device          \Driver\usbuhci \Device\USBFDO-2                                                                  hcmon.sys
Device          \Driver\usbehci \Device\USBFDO-3                                                                  hcmon.sys
Device          \Driver\usbuhci \Device\USBFDO-4                                                                  hcmon.sys
Device          \Driver\usbuhci \Device\USBFDO-5                                                                  hcmon.sys
Device          \Driver\usbuhci \Device\USBFDO-6                                                                  hcmon.sys
Device          \Driver\usbehci \Device\USBFDO-7                                                                  hcmon.sys

AttachedDevice  \FileSystem\fastfat \Fat                                                                          fltmgr.sys

---- Registry - GMER 2.1 ----

Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active               
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@2E238BA9      55

---- Disk sectors - GMER 2.1 ----

Disk            \Device\Harddisk0\DR0                                                                            unknown MBR code

---- EOF - GMER 2.1 ----
Möchte mich schon mal im Voraus bedanken.

LG

schrauber 01.11.2014 13:08
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

11880 01.11.2014 14:43
Danke für die schnelle Antwort.

Habe Combofix durchlaufen lassen. Jetzt hat sich zusätzlich noch die Anordnung der Symbole auf dem Desktop und in der Task-Leiste verändert.
Weiß nicht ob das an Combofix liegt, wollte es aber noch mitteilen.
...
Code:
ComboFix 14-10-29.01 - G 01.11.2014  14:20:45.2.2 - x86
Microsoft Windows 7 Ultimate  6.1.7601.1.1252.49.1031.18.3036.1959 [GMT 1:00]
ausgeführt von:: c:\users\G\Desktop\ComboFix.exe
AV: Emsisoft Anti-Malware *Disabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
SP: Emsisoft Anti-Malware *Disabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infizierte Kopie von c:\windows\system32\userinit.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\erdnt\cache\userinit.exe wurde wiederhergestellt
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-10-01 bis 2014-11-01  ))))))))))))))))))))))))))))))
.
.
2014-11-01 13:25 . 2014-11-01 13:25        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-11-01 10:19 . 2014-10-14 20:13        8901368        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{6E50CA2A-7D85-41EF-B3E6-A025491D0FEA}\mpengine.dll
2014-10-27 10:00 . 2014-10-27 10:00        --------        d-----w-        C:\config_dokta1976
2014-10-20 12:43 . 2014-10-20 12:43        --------        d-----w-        c:\program files\TAP-Windows
2014-10-18 09:51 . 2014-10-18 09:51        --------        d-----w-        c:\program files\pidgin-otr
2014-10-17 12:59 . 2014-10-17 13:02        --------        d-----w-        c:\users\G\AppData\Local\CyberGhost
2014-10-17 12:59 . 2014-10-17 12:59        --------        d-----w-        c:\program files\CyberGhost 5
2014-10-16 12:56 . 2014-10-27 12:31        --------        d-----w-        c:\users\G\AppData\Roaming\.purple
2014-10-16 12:50 . 2014-10-16 12:50        --------        d-----w-        c:\program files\Pidgin
2014-10-16 10:51 . 2014-10-10 01:44        230912        ----a-w-        c:\windows\system32\generaltel.dll
2014-10-16 10:51 . 2014-10-10 01:44        396288        ----a-w-        c:\windows\system32\aepdu.dll
2014-10-16 10:51 . 2014-10-10 01:39        302592        ----a-w-        c:\windows\system32\aeinv.dll
2014-10-16 10:48 . 2014-06-18 22:23        156824        ----a-w-        c:\windows\system32\mscorier.dll
2014-10-15 13:57 . 2014-10-15 13:57        --------        d-----w-        c:\users\G\AppData\Roaming\Wireshark
2014-10-14 14:11 . 2014-10-14 14:12        --------        d-----w-        c:\program files\WinPcap
2014-10-14 14:11 . 2014-10-14 14:28        --------        d-----w-        c:\program files\Wireshark
2014-10-11 12:41 . 2014-11-01 10:23        --------        d-----w-        C:\FRST
2014-10-09 14:27 . 2014-10-09 14:27        --------        d-sh--w-        c:\users\G\AppData\Local\EmieUserList
2014-10-09 14:27 . 2014-10-09 14:27        --------        d-sh--w-        c:\users\G\AppData\Local\EmieSiteList
2014-10-07 12:45 . 2014-10-07 12:45        --------        d-----w-        c:\users\G\AppData\Roaming\TechSmith
2014-10-07 12:42 . 2014-10-07 12:42        --------        d-----w-        c:\programdata\regid.1995-08.com.techsmith
2014-10-07 12:42 . 2014-10-07 12:42        --------        d-----w-        c:\program files\QuickTime
2014-10-07 12:42 . 2014-10-07 12:42        --------        d-----w-        c:\program files\Common Files\TechSmith Shared
2014-10-07 12:41 . 2014-10-07 12:43        --------        d-----w-        c:\programdata\TechSmith
2014-10-07 12:41 . 2014-10-07 12:41        --------        d-----w-        c:\program files\TechSmith
2014-10-06 14:46 . 2014-11-01 10:20        --------        d-----w-        c:\users\G\AppData\Local\VMware
2014-10-06 14:46 . 2014-11-01 10:14        --------        d-----w-        c:\users\G\AppData\Roaming\VMware
2014-10-06 14:45 . 2013-10-08 16:20        63568        ----a-w-        c:\windows\system32\vsocklib.dll
2014-10-06 14:45 . 2013-10-08 16:20        63824        ----a-w-        c:\windows\system32\drivers\vsock.sys
2014-10-06 14:45 . 2014-06-12 16:22        26456        ----a-w-        c:\windows\system32\drivers\VMkbd.sys
2014-10-06 14:44 . 2014-06-12 16:23        359128        ----a-w-        c:\windows\system32\vmnetdhcp.exe
2014-10-06 14:44 . 2014-06-12 16:22        437976        ----a-w-        c:\windows\system32\vmnat.exe
2014-10-06 14:44 . 2014-06-12 16:22        26968        ----a-w-        c:\windows\system32\drivers\vmnetuserif.sys
2014-10-06 14:43 . 2014-06-12 16:22        776920        ----a-w-        c:\windows\system32\vnetlib.dll
2014-10-06 14:43 . 2014-02-27 16:40        43840        ----a-w-        c:\windows\system32\drivers\hcmon.sys
2014-10-06 14:43 . 2014-02-27 16:40        32320        ----a-w-        c:\windows\system32\drivers\vmusb.sys
2014-10-06 14:42 . 2014-10-20 15:37        --------        d-----w-        c:\programdata\VMware
2014-10-06 14:42 . 2014-10-06 14:43        --------        d-----w-        c:\program files\Common Files\VMware
2014-10-06 14:42 . 2014-10-06 14:42        --------        d-----w-        c:\program files\VMware
2014-10-05 12:44 . 2013-10-17 15:32        25088        ----a-w-        c:\windows\system32\drivers\teamviewervpn.sys
2014-10-05 12:38 . 2014-10-05 12:38        --------        d-----w-        c:\program files\TeamViewer
2014-10-04 12:26 . 1997-06-06 13:52        11264        ----a-w-        c:\windows\system32\SPORDER.DLL
2014-10-04 12:26 . 2014-10-04 12:26        --------        d-----w-        c:\program files\PP Tunnel Manager
2014-10-04 12:20 . 2014-10-06 13:59        --------        d-----w-        c:\users\G\VirtualBox VMs
2014-10-04 12:16 . 2014-10-30 16:05        --------        d-----w-        c:\users\G\AppData\Roaming\KeePass
2014-10-04 12:14 . 2014-10-04 12:16        --------        d-----w-        c:\program files\KeePass Password Safe 2
2014-10-04 12:12 . 2014-10-06 14:36        --------        d-----w-        c:\users\G\.VirtualBox
2014-10-04 12:10 . 2014-09-09 16:34        741488        ----a-w-        c:\windows\system32\drivers\VBoxDrv.sys
2014-10-04 12:10 . 2014-10-04 12:10        --------        dc----w-        c:\windows\system32\DRVSTORE
2014-10-04 12:10 . 2014-09-09 16:32        105472        ----a-w-        c:\windows\system32\drivers\VBoxUSBMon.sys
2014-10-04 12:10 . 2014-10-04 12:10        --------        d-----w-        c:\program files\Oracle
2014-10-03 11:28 . 2014-10-31 16:21        --------        d-----w-        c:\program files\CCleaner
2014-10-03 11:10 . 2014-10-03 11:11        --------        d-----w-        c:\users\G\AppData\Local\Perfect_Privacy
2014-10-03 11:08 . 2014-10-20 12:30        --------        d-----w-        c:\program files\Perfect Privacy VPN Manager
2014-10-03 10:50 . 2011-03-11 05:33        1699328        ----a-w-        c:\windows\system32\esent.dll
2014-10-03 10:50 . 2011-03-11 05:39        143744        ----a-w-        c:\windows\system32\drivers\nvstor.sys
2014-10-03 10:50 . 2011-03-11 05:38        332160        ----a-w-        c:\windows\system32\drivers\iaStorV.sys
2014-10-03 10:50 . 2011-03-11 05:38        80256        ----a-w-        c:\windows\system32\drivers\amdsata.sys
2014-10-03 10:50 . 2011-03-11 05:39        117120        ----a-w-        c:\windows\system32\drivers\nvraid.sys
2014-10-03 10:50 . 2011-03-11 05:38        22400        ----a-w-        c:\windows\system32\drivers\amdxata.sys
2014-10-03 10:50 . 2011-03-11 05:31        74240        ----a-w-        c:\windows\system32\fsutil.exe
2014-10-02 15:40 . 2014-10-02 15:40        --------        d-----w-        c:\programdata\TrueCrypt
2014-10-02 15:35 . 2014-10-02 15:35        --------        d-----w-        c:\program files\Elaborate Bytes
2014-10-02 15:33 . 2014-10-03 02:53        --------        d-----w-        c:\users\G\AppData\Roaming\TrueCrypt
2014-10-02 15:32 . 2014-10-02 15:32        231760        ----a-w-        c:\windows\system32\drivers\truecrypt.sys
2014-10-02 15:31 . 2014-10-02 15:33        --------        d-----w-        c:\program files\TrueCrypt
2014-10-02 14:59 . 2014-10-02 15:00        --------        d-----w-        c:\program files\Google
2014-10-02 14:59 . 2014-10-02 15:00        --------        d-----w-        c:\users\G\AppData\Local\Google
2014-10-02 14:30 . 2014-06-27 01:45        2285056        ----a-w-        c:\windows\system32\msmpeg2vdec.dll
2014-10-02 14:19 . 2013-11-23 18:26        417792        ----a-w-        c:\windows\system32\WMPhoto.dll
2014-10-02 14:19 . 2012-02-11 05:37        317440        ----a-w-        c:\windows\system32\spoolsv.exe
2014-10-02 14:19 . 2014-02-04 02:04        1230336        ----a-w-        c:\windows\system32\WindowsCodecs.dll
2014-10-02 14:19 . 2014-06-24 02:59        1987584        ----a-w-        c:\windows\system32\d3d10warp.dll
2014-10-02 14:18 . 2013-11-26 08:16        3419136        ----a-w-        c:\windows\system32\d2d1.dll
2014-10-02 14:18 . 2011-02-25 05:30        2616320        ----a-w-        c:\windows\explorer.exe
2014-10-02 14:15 . 2013-04-09 23:34        1247744        ----a-w-        c:\windows\system32\DWrite.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-28 05:35 . 2014-10-01 11:44        229000        ------w-        c:\windows\system32\MpSigStub.exe
2014-10-27 09:59 . 2014-10-27 09:59        258006        ----a-w-        C:\config_dokta1976.zip
2014-10-02 10:27 . 2014-10-02 10:27        86016        ----a-w-        c:\windows\system32\iesysprep.dll
2014-10-02 10:27 . 2014-10-02 10:27        74240        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2014-10-02 10:27 . 2014-10-02 10:27        71680        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe
2014-10-02 10:27 . 2014-10-02 10:27        645120        ----a-w-        c:\windows\system32\jsIntl.dll
2014-10-02 10:27 . 2014-10-02 10:27        62464        ----a-w-        c:\windows\system32\tdc.ocx
2014-10-02 10:27 . 2014-10-02 10:27        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2014-10-02 10:27 . 2014-10-02 10:27        36352        ----a-w-        c:\windows\system32\imgutil.dll
2014-10-02 10:27 . 2014-10-02 10:27        337408        ----a-w-        c:\windows\system32\html.iec
2014-10-02 10:27 . 2014-10-02 10:27        24576        ----a-w-        c:\windows\system32\licmgr10.dll
2014-10-02 10:27 . 2014-10-02 10:27        194048        ----a-w-        c:\windows\system32\elshyph.dll
2014-10-02 10:27 . 2014-10-02 10:27        182272        ----a-w-        c:\windows\system32\msls31.dll
2014-10-02 10:27 . 2014-10-02 10:27        151552        ----a-w-        c:\windows\system32\iexpress.exe
2014-10-02 10:27 . 2014-10-02 10:27        139264        ----a-w-        c:\windows\system32\wextract.exe
2014-10-02 10:27 . 2014-10-02 10:27        13312        ----a-w-        c:\windows\system32\mshta.exe
2014-10-02 10:27 . 2014-10-02 10:27        111616        ----a-w-        c:\windows\system32\IEAdvpack.dll
2014-10-02 10:26 . 2014-10-02 10:26        69632        ----a-w-        c:\windows\system32\smss.exe
2014-10-02 10:26 . 2014-10-02 10:26        640512        ----a-w-        c:\windows\system32\advapi32.dll
2014-10-02 10:26 . 2014-10-02 10:26        619520        ----a-w-        c:\windows\system32\tdh.dll
2014-10-02 10:26 . 2014-10-02 10:26        38912        ----a-w-        c:\windows\system32\csrsrv.dll
2014-10-02 10:26 . 2014-10-02 10:26        1289096        ----a-w-        c:\windows\system32\ntdll.dll
2014-10-02 10:26 . 2014-10-02 10:26        231424        ----a-w-        c:\windows\system32\mswsock.dll
2014-10-02 10:25 . 2014-10-02 10:25        49152        ----a-w-        c:\windows\system32\taskhost.exe
2014-10-02 10:23 . 2014-10-02 10:23        9728        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-10-02 10:23 . 2014-10-02 10:23        906240        ----a-w-        c:\windows\system32\FntCache.dll
2014-10-02 10:23 . 2014-10-02 10:23        604160        ----a-w-        c:\windows\system32\d3d10level9.dll
2014-10-02 10:23 . 2014-10-02 10:23        5632        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-10-02 10:23 . 2014-10-02 10:23        5632        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-10-02 10:23 . 2014-10-02 10:23        4096        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-10-02 10:23 . 2014-10-02 10:23        364544        ----a-w-        c:\windows\system32\XpsGdiConverter.dll
2014-10-02 10:23 . 2014-10-02 10:23        3584        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-10-02 10:23 . 2014-10-02 10:23        3072        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-10-02 10:23 . 2014-10-02 10:23        3072        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-10-02 10:23 . 2014-10-02 10:23        293376        ----a-w-        c:\windows\system32\dxgi.dll
2014-10-02 10:23 . 2014-10-02 10:23        2560        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-10-02 10:23 . 2014-10-02 10:23        249856        ----a-w-        c:\windows\system32\d3d10_1core.dll
2014-10-02 10:23 . 2014-10-02 10:23        220160        ----a-w-        c:\windows\system32\d3d10core.dll
2014-10-02 10:23 . 2014-10-02 10:23        207872        ----a-w-        c:\windows\system32\WindowsCodecsExt.dll
2014-10-02 10:23 . 2014-10-02 10:23        187392        ----a-w-        c:\windows\system32\UIAnimation.dll
2014-10-02 10:23 . 2014-10-02 10:23        161792        ----a-w-        c:\windows\system32\d3d10_1.dll
2014-10-02 10:23 . 2014-10-02 10:23        1158144        ----a-w-        c:\windows\system32\XpsPrint.dll
2014-10-02 10:23 . 2014-10-02 10:23        1080832        ----a-w-        c:\windows\system32\d3d10.dll
2014-10-02 10:23 . 2014-10-02 10:23        10752        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-10-02 10:22 . 2014-10-02 10:22        1505280        ----a-w-        c:\windows\system32\d3d11.dll
2014-10-01 12:50 . 2009-07-14 02:05        152576        ----a-w-        c:\windows\system32\msclmd.dll
2014-09-25 01:40 . 2014-10-02 09:58        519680        ----a-w-        c:\windows\system32\qdvd.dll
2014-09-09 21:47 . 2014-10-02 09:55        2048        ----a-w-        c:\windows\system32\tzres.dll
2014-09-09 16:32 . 2014-09-09 16:32        175976        ----a-w-        c:\windows\system32\VBoxNetFltNobj.dll
2014-09-09 16:32 . 2014-09-09 16:32        127584        ----a-w-        c:\windows\system32\drivers\VBoxNetFlt.sys
2014-09-09 16:32 . 2014-09-09 16:32        117272        ----a-w-        c:\windows\system32\drivers\VBoxNetAdp.sys
2014-08-23 01:46 . 2014-10-02 09:59        305152        ----a-w-        c:\windows\system32\gdi32.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2014-10-14 632328]
"TrueCrypt"="c:\program files\TrueCrypt\TrueCrypt.exe" [2014-10-02 1516496]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2014-10-29 4826904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"emsisoft anti-malware"="c:\program files\emsisoft anti-malware\a2guard.exe" [2014-10-14 4873248]
"KeePass 2 PreLoad"="c:\program files\KeePass Password Safe 2\KeePass.exe" [2014-07-06 2117632]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2014-10-01 280576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
2014-10-29 16:18        4826904        ----a-w-        c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CyberGhost]
2014-06-12 07:02        404080        ----a-w-        c:\program files\CyberGhost 5\CyberGhost.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2013-03-10 17:08        88984        ----a-w-        c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
.
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2014-01-22 88576]
R3 e1yexpress;Intel(R) Gigabit-Netzwerkverbindungstreiber;c:\windows\system32\DRIVERS\e1y6032.sys [2009-07-13 214016]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-09-19 108032]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2014-01-22 184192]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2013-10-17 25088]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [2014-09-12 4799760]
R4 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2014-02-27 722624]
S0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2005-11-14 34176]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2013-10-08 71888]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2013-10-08 63824]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [2013-03-28 22056]
S1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [2013-09-30 38248]
S1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [2014-05-12 18552]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2014-09-09 741488]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2014-09-09 105472]
S2 a2AntiMalware;Emsisoft Protection Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2014-10-14 4816568]
S2 CGVPNCliService;CyberGhost 5 Client Service;c:\program files\CyberGhost 5\Service.exe [2014-06-12 64624]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2013-03-01 36600]
S2 VPNManager;Perfect Privacy VPN Manager;c:\program files\Perfect Privacy VPN Manager\VPNManagerService.exe [2014-08-16 17408]
S3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2014-05-12 58200]
S3 cleanhlp;cleanhlp;c:\program files\Emsisoft Anti-Malware\cleanhlp32.sys [2013-12-04 50200]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\DRIVERS\ozscr.sys [2005-04-21 92550]
S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2007-04-25 31232]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2014-09-09 117272]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2014-09-09 127584]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-30 13:13        1089352        ----a-w-        c:\program files\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-10-02 14:59]
.
2014-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-10-02 14:59]
.
.
------- Zusätzlicher Suchlauf -------
.
LSP: %windir%\system32\vsocklib.dll
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{09E200AA-54E1-4893-8763-640C99D54278}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{70233F1C-3C57-4CE4-8F78-35B7E3C7A915}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{870F6CB7-D562-4FB8-95DF-B54DC4E930FF}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{A6C561AF-D32D-4EBA-9D6C-BEEBF9E53584}: NameServer = 208.67.222.222,213.73.91.35
TCP: Interfaces\{B19BC2B4-D3CB-423E-A351-B23F71536C08}: NameServer = 213.73.91.35,208.67.220.220
TCP: Interfaces\{CDDC2212-406D-4E93-94D3-AC48E4B4930D}: NameServer = 208.67.222.222,213.73.91.35
FF - ProfilePath - c:\users\G\AppData\Roaming\Mozilla\Firefox\Profiles\xh8dnwap.default\
FF - prefs.js: browser.search.selectedEngine - Startpage HTTPS - Deutsch
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(308)
c:\windows\system32\dhcpcsvc.DLL
c:\windows\system32\dhcpcsvc6.DLL
c:\windows\system32\wlanutil.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Sandboxie\SbieSvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-11-01  14:34:51 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-11-01 13:34
ComboFix2.txt  2014-11-01 13:07
.
Vor Suchlauf: 10 Verzeichnis(se), 430.911.258.624 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 430.942.158.848 Bytes frei
.
- - End Of File - - CD7FE4D42AC7503DF98273DCB8CA4A98
B7310D12FF8857D5B67EAA63423EDB33

schrauber 02.11.2014 08:02
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

11880 02.11.2014 12:24
Hallo,

habe alles gemacht.
Kannst Du mir vielleicht sagen, welche Viren/Trojaner etc ich mir eingefangen habe?
Interessiert mich, da ich die auch gerne erkennen würde in nem Logg.
Mein Bildschirmhintergrund ist immer noch schwarz. (Ich weiß das ich das manuell ändern könnte, dachte aber, wenn der Virus oä gefunden wird, das sich das selbst wieder zurück stellt)

MBam ist ohne Fund.
MIt ADWcleaner komme ich iwie nicht klar. Das Programm startet zwar, aber dann passiert nichts mehr. Habe fast eine Stunde gewartet und dann abgebrochen->auf Bericht geklickt, das ist das Log.

Code:
# AdwCleaner v4.002 - Bericht erstellt am 02/11/2014 um 11:05:21
# Aktualisiert 27/10/2014 von Xplode
# Datenbank : 2014-10-26.6
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (32 bits)
# Benutzername : G - G-PC
# Gestartet von : C:\Users\G\Desktop\AdwCleaner_4.002.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Mozilla Firefox v32.0.3 (x86 de)


-\\ Google Chrome v38.0.2125.111


*************************

AdwCleaner[R0].txt - [775 octets] - [02/11/2014 11:05:21]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [834 octets] ##########
JRT

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.5 (10.31.2014:1)
OS: Windows 7 Ultimate x86
Ran by G on 02.11.2014 at 12:05:24,26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.11.2014 at 12:13:51,22
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

schrauber 02.11.2014 18:09
Zitat:
Infizierte Kopie von c:\windows\system32\userinit.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\erdnt\cache\userinit.exe wurde wiederhergestellt
Nur als Beispiel :)
Malware und Adware.

Das frische FRST log fehlt noch. Ändere den Hintergrund bitte, geht das?

11880 06.11.2014 21:33
Mh. Der Bildschirmhintergrund lässt sich gar nicht mehr ändern. Wenn ich die Einstellung verändere, übernimmt er das nicht.

Hier noch das fehlende Logg.

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-11-2014
Ran by G (administrator) on G-PC on 06-11-2014 21:15:13
Running from C:\Users\G\Desktop
Loaded Profile: G (Available profiles: G)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [4873248 2014-10-14] (Emsisoft GmbH)
HKLM\...\Run: [KeePass 2 PreLoad] => C:\Program Files\KeePass Password Safe 2\KeePass.exe [2117632 2014-07-06] (Dominik Reichl)
HKU\S-1-5-21-3439212047-603411062-2574308960-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [632328 2014-10-14] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-3439212047-603411062-2574308960-1000\...\Run: [TrueCrypt] => C:\Program Files\TrueCrypt\TrueCrypt.exe [1516496 2014-10-02] (TrueCrypt Foundation)
HKU\S-1-5-21-3439212047-603411062-2574308960-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4826904 2014-10-29] (Piriform Ltd)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-10-01] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB0CCEDD26ADDCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3439212047-603411062-2574308960-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{09E200AA-54E1-4893-8763-640C99D54278}: [NameServer] *
Tcpip\..\Interfaces\{70233F1C-3C57-4CE4-8F78-35B7E3C7A915}: [NameServer] *
Tcpip\..\Interfaces\{870F6CB7-D562-4FB8-95DF-B54DC4E930FF}: [NameServer] *
Tcpip\..\Interfaces\{A6C561AF-D32D-4EBA-9D6C-BEEBF9E53584}: [NameServer] *
Tcpip\..\Interfaces\{B19BC2B4-D3CB-423E-A351-B23F71536C08}: [NameServer] *
Tcpip\..\Interfaces\{CDDC2212-406D-4E93-94D3-AC48E4B4930D}: [NameServer] *

FireFox:
========
FF ProfilePath: C:\Users\G\AppData\Roaming\Mozilla\Firefox\Profiles\xh8dnwap.default
FF DefaultSearchEngine: Startpage HTTPS - Deutsch
FF SelectedSearchEngine: Startpage HTTPS - Deutsch
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\G\AppData\Roaming\Mozilla\Firefox\Profiles\xh8dnwap.default\searchplugins\startpage-https---deutsch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Ghostery - C:\Users\G\AppData\Roaming\Mozilla\Firefox\Profiles\xh8dnwap.default\Extensions\firefox@ghostery.com.xpi [2014-10-01]
FF Extension: NoScript - C:\Users\G\AppData\Roaming\Mozilla\Firefox\Profiles\xh8dnwap.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-10-01]
FF Extension: BetterPrivacy - C:\Users\G\AppData\Roaming\Mozilla\Firefox\Profiles\xh8dnwap.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-10-01]

Chrome:
=======
CHR DefaultSearchKeyword: Default -> startpage.com
CHR DefaultSearchURL: Default -> https://startpage.com/do/search?query={searchTerms}&cat=web&pl=chrome&language=deutsch
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\G\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\G\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-02]
CHR Extension: (Google Docs) - C:\Users\G\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-02]
CHR Extension: (Google Drive) - C:\Users\G\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\G\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-03]
CHR Extension: (YouTube) - C:\Users\G\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-02]
CHR Extension: (Google-Suche) - C:\Users\G\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-02]
CHR Extension: (Google Tabellen) - C:\Users\G\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-02]
CHR Extension: (ScriptBlock) - C:\Users\G\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcdjknjpbnhdoabbngpmfekaecnpajba [2014-10-02]
CHR Extension: (Ghostery) - C:\Users\G\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-10-02]
CHR Extension: (Google Wallet) - C:\Users\G\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-02]
CHR Extension: (Google Mail) - C:\Users\G\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-02]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4816568 2014-10-14] (Emsisoft GmbH)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [134664 2014-10-14] (Sandboxie Holdings, LLC)
S3 VMAuthdService; C:\Program Files\VMware\VMware Player\vmware-authd.exe [86744 2014-06-12] (VMware, Inc.)
S3 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [359128 2014-06-12] (VMware, Inc.)
S4 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [722624 2014-02-27] (VMware, Inc.)
S3 VMware NAT Service; C:\Windows\system32\vmnat.exe [437976 2014-06-12] (VMware, Inc.)
S4 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [58200 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [18552 2014-05-12] (Emsisoft GmbH)
R3 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50200 2013-12-04] (Emsisoft GmbH)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)
R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [43840 2014-02-27] (VMware, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-11-06] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 OZSCR; C:\Windows\System32\DRIVERS\ozscr.sys [92550 2005-04-21] (O2Micro)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [161288 2014-10-14] (Sandboxie Holdings, LLC)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2013-10-17] (TeamViewer GmbH)
R3 vmkbd; C:\Windows\system32\drivers\VMkbd.sys [26456 2014-06-12] (VMware, Inc.)
R3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [17104 2014-06-12] (VMware, Inc.)
R2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [37456 2014-06-12] (VMware, Inc.)
R2 VMnetuserif; C:\Windows\system32\drivers\vmnetuserif.sys [26968 2014-06-12] (VMware, Inc.)
R2 VMparport; C:\Windows\system32\Drivers\VMparport.sys [24920 2014-06-12] (VMware, Inc.)
S3 vmusb; C:\Windows\System32\DRIVERS\vmusb.sys [32320 2014-02-27] (VMware, Inc.)
R2 vmx86; C:\Windows\system32\Drivers\vmx86.sys [66136 2014-06-12] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [63824 2013-10-08] (VMware, Inc.)
S3 catchme; \??\C:\Users\G\AppData\Local\Temp\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-06 13:53 - 2014-11-06 14:14 - 00000462 _____ () C:\Users\G\Documents\*
2014-11-06 13:07 - 2014-11-06 13:07 - 00000000 ____D () C:\Users\G\Desktop\Tor Browser2
2014-11-06 13:05 - 2014-11-06 13:06 - 08646824 _____ (CyberGhost S.R.L. ) C:\Users\G\Downloads\CG_5.0.13.17(1).exe
2014-11-06 12:59 - 2014-11-06 13:01 - 34622988 _____ () C:\Users\G\Downloads\torbrowser-install-4.0.1_de.exe
2014-11-04 13:22 - 2014-11-04 13:22 - 00000000 ____D () C:\Users\G\Desktop\FRST-OlderVersion
2014-11-02 12:13 - 2014-11-02 12:13 - 00000617 _____ () C:\Users\G\Desktop\JRT.txt
2014-11-02 12:05 - 2014-11-02 12:05 - 00000000 ____D () C:\Windows\ERUNT
2014-11-02 11:04 - 2014-11-05 14:44 - 00000000 ____D () C:\AdwCleaner
2014-11-02 10:51 - 2014-11-06 21:15 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-02 10:51 - 2014-11-02 10:51 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-02 10:51 - 2014-11-02 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-02 10:51 - 2014-11-02 10:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-02 10:51 - 2014-11-02 10:51 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-11-02 10:51 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-02 10:51 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-02 10:51 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-02 10:49 - 2014-11-02 10:50 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\G\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-02 10:49 - 2014-11-02 10:50 - 01706359 _____ (Thisisu) C:\Users\G\Desktop\JRT.exe
2014-11-02 10:49 - 2014-11-02 10:49 - 01998336 _____ () C:\Users\G\Desktop\AdwCleaner_4.002.exe
2014-11-01 14:34 - 2014-11-01 14:34 - 00020211 _____ () C:\ComboFix.txt
2014-11-01 13:55 - 2014-11-01 14:35 - 00000000 ____D () C:\Qoobox
2014-11-01 13:55 - 2014-11-01 14:28 - 00000000 ____D () C:\Windows\erdnt
2014-11-01 13:55 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-01 13:55 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-01 13:55 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-01 13:55 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-01 13:55 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-01 13:55 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-01 13:55 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-01 13:55 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-01 13:39 - 2014-11-01 13:41 - 05591672 ____R (Swearware) C:\Users\G\Desktop\ComboFix.exe
2014-11-01 11:36 - 2014-11-01 11:36 - 00041072 _____ () C:\Users\G\Desktop\Gmer_logg_1.11.14.log
2014-11-01 11:21 - 2014-11-01 11:21 - 00000464 _____ () C:\Users\G\Desktop\defogger_disable.log
2014-11-01 11:21 - 2014-11-01 11:21 - 00000000 _____ () C:\Users\G\defogger_reenable
2014-11-01 11:20 - 2014-11-01 11:20 - 00380416 _____ () C:\Users\G\Desktop\Gmer-19357.exe
2014-11-01 11:17 - 2014-11-04 13:22 - 01106432 _____ (Farbar) C:\Users\G\Desktop\FRST.exe
2014-11-01 11:17 - 2014-11-01 11:17 - 00050477 _____ () C:\Users\G\Desktop\Defogger.exe
2014-10-31 17:21 - 2014-10-31 17:21 - 04977216 _____ (Piriform Ltd) C:\Users\G\Downloads\ccsetup419(4).exe
2014-10-31 16:26 - 2014-10-31 16:26 - 00000034 _____ () C:\Users\G\Documents\*
2014-10-31 15:57 - 2014-10-31 15:57 - 00000025 _____ () C:\Users\G\Documents\*
2014-10-30 16:03 - 2014-10-30 17:05 - 00000852 _____ () C:\Users\G\Documents\*
2014-10-30 13:54 - 2014-10-30 13:54 - 04974864 _____ (Piriform Ltd) C:\Users\G\Downloads\ccsetup419(3).exe
2014-10-28 13:23 - 2014-10-28 13:24 - 04974864 _____ (Piriform Ltd) C:\Users\G\Downloads\ccsetup419(2).exe
2014-10-27 11:26 - 2014-10-27 11:26 - 00000057 _____ () C:\Users\G\Documents\*
2014-10-27 11:00 - 2014-10-27 11:00 - 00000000 ____D () C:\config_*
2014-10-27 10:59 - 2014-10-27 10:59 - 00258006 _____ () C:\config_*6.zip
2014-10-27 10:50 - 2014-10-27 10:50 - 04974864 _____ (Piriform Ltd) C:\Users\G\Downloads\ccsetup419(1).exe
2014-10-25 17:14 - 2014-10-25 17:14 - 00000099 _____ () C:\Users\G\Documents\u.txt
2014-10-25 17:12 - 2014-10-25 17:12 - 04974864 _____ (Piriform Ltd) C:\Users\G\Downloads\ccsetup419.exe
2014-10-25 14:55 - 2014-10-27 11:49 - 00000216 _____ () C:\Users\G\Documents*
2014-10-24 14:32 - 2014-10-24 14:32 - 00000339 _____ () C:\Users\G\Documents\*
2014-10-24 11:04 - 2014-10-24 11:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2014-10-20 15:52 - 2014-10-20 15:52 - 00025160 _____ () C:\Users\G\Documents\Invalide Test.txt
2014-10-20 13:43 - 2014-10-20 13:43 - 00001061 _____ () C:\Users\Public\Desktop\*
2014-10-19 11:00 - 2014-10-19 11:00 - 00000030 _____ () C:\Users\G\Documents*
2014-10-18 11:24 - 2014-10-18 11:24 - 00000034 _____ () C:\Users\G\Documents\*
2014-10-18 10:51 - 2014-10-18 10:51 - 00000000 ____D () C:\Users\G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\*
2014-10-18 10:51 - 2014-10-18 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\*
2014-10-18 10:51 - 2014-10-18 10:51 - 00000000 ____D () C:\Program Files\*
2014-10-17 15:37 - 2014-10-17 15:37 - 00001898 _____ () C:\Users\G\Documents\
2014-10-16 14:36 - 2014-10-16 14:36 - 00000079 _____ () C:\Users\G\Documents\ICQ.txt
2014-10-16 13:56 - 2014-11-05 17:37 - 00000000 ____D () C:\Users\G\AppData\Roaming\.purple
2014-10-16 13:50 - 2014-10-16 13:50 - 00000949 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs*
2014-10-16 13:50 - 2014-10-16 13:50 - 00000000 ____D () C:\Program Files*
2014-10-16 13:47 - 2014-10-16 13:49 - 32079928 _____ () C:\Users\G\Downloads\*
2014-10-16 13:47 - 2014-10-16 13:47 - 01623752 _____ () C:\Users\G\Downloads\*
2014-10-16 11:51 - 2014-10-10 02:44 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-16 11:51 - 2014-10-10 02:44 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-16 11:51 - 2014-10-10 02:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-16 11:50 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 11:50 - 2014-09-29 01:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 11:50 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 11:50 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 11:50 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 11:50 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 11:50 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 11:50 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 11:50 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 11:50 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 11:50 - 2014-09-19 02:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 11:50 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 11:50 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 11:50 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-16 11:50 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 11:50 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 11:50 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 11:50 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 11:50 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 11:50 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 11:50 - 2014-09-19 01:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-16 11:50 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 11:50 - 2014-09-19 01:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 11:50 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 11:50 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 11:50 - 2014-09-19 01:20 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 11:50 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 11:50 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-16 11:50 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 11:50 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 11:50 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 11:50 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 11:48 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 11:48 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 11:48 - 2014-08-19 03:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-16 11:48 - 2014-08-19 03:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-16 11:48 - 2014-08-19 03:41 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-16 11:48 - 2014-08-19 03:40 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-16 11:48 - 2014-08-19 03:40 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-16 11:48 - 2014-08-19 02:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-16 11:48 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 11:48 - 2014-07-17 02:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 11:48 - 2014-07-17 02:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-16 11:48 - 2014-07-17 02:39 - 00919552 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-16 11:48 - 2014-07-17 02:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 11:48 - 2014-07-17 02:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 11:48 - 2014-07-17 02:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-16 11:48 - 2014-07-17 02:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 11:48 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 11:48 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 11:48 - 2014-07-17 02:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 11:48 - 2014-07-17 02:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 11:48 - 2014-07-09 02:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-16 11:48 - 2014-07-09 02:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-16 11:48 - 2014-07-09 02:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-16 11:48 - 2014-07-09 02:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-16 11:48 - 2014-07-09 02:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-16 11:48 - 2014-07-08 23:30 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-16 11:48 - 2014-07-07 02:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-16 11:48 - 2014-07-07 02:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-16 11:48 - 2014-07-07 02:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-16 11:48 - 2014-07-07 02:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-16 11:48 - 2014-07-07 02:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-16 11:48 - 2014-07-07 02:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-16 11:48 - 2014-07-07 02:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-16 11:48 - 2014-07-07 02:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-16 11:48 - 2014-07-07 02:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-16 11:48 - 2014-07-07 02:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-16 11:48 - 2014-07-07 02:40 - 00473600 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-16 11:48 - 2014-07-07 02:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-16 11:48 - 2014-07-07 02:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-16 11:48 - 2014-07-07 02:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-16 11:48 - 2014-07-07 02:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-16 11:48 - 2014-07-07 02:40 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-16 11:48 - 2014-07-07 02:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-16 11:48 - 2014-07-07 02:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-16 11:48 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-16 11:48 - 2014-07-07 02:40 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-16 11:48 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-16 11:48 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-16 11:48 - 2014-07-07 02:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-16 11:48 - 2014-07-07 02:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-16 11:48 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-16 11:48 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-16 11:48 - 2014-07-07 02:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-16 11:48 - 2014-07-07 02:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-10-16 11:48 - 2014-07-07 02:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-16 11:48 - 2014-07-07 02:39 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-16 11:48 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-16 11:48 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-16 11:48 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-16 11:48 - 2014-07-07 02:28 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-16 11:48 - 2014-06-28 01:21 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-16 11:48 - 2014-06-28 01:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-16 11:48 - 2014-06-28 01:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-16 11:48 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 11:48 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 11:48 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 17:48 - 2014-10-15 17:48 - 00000639 _____ () C:\Users\G\Documents\*
2014-10-15 14:57 - 2014-10-15 14:57 - 00000000 ____D () C:\Users\G\AppData\Roaming\Wireshark
2014-10-14 17:49 - 2014-10-16 12:20 - 00000252 _____ () C:\Users\G\Documents*
2014-10-14 17:27 - 2014-10-14 17:27 - 00000019 _____ () C:\Users\G\Documents\*
2014-10-14 15:28 - 2014-10-14 15:28 - 00001983 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark 2 Preview.lnk
2014-10-14 15:12 - 2014-10-14 15:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2014-10-14 15:11 - 2014-10-14 15:28 - 00000000 ____D () C:\Program Files\Wireshark
2014-10-14 15:11 - 2014-10-14 15:12 - 00000000 ____D () C:\Program Files\WinPcap
2014-10-14 15:11 - 2014-10-14 15:11 - 00001688 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2014-10-14 14:58 - 2014-10-14 15:02 - 28424840 _____ (Wireshark development team) C:\Users\G\Downloads\Wireshark-win32-1.12.1.exe
2014-10-14 14:27 - 2014-10-14 14:27 - 09625578 _____ () C:\Users\G\Downloads\CLIP0006.AVI
2014-10-11 13:44 - 2014-10-11 13:44 - 00028974 _____ () C:\Users\G\Desktop\Shortcut.txt
2014-10-11 13:43 - 2014-11-01 11:23 - 00011073 _____ () C:\Users\G\Desktop\Addition.txt
2014-10-11 13:41 - 2014-11-06 21:15 - 00011835 _____ () C:\Users\G\Desktop\FRST.txt
2014-10-11 13:41 - 2014-11-06 21:15 - 00000000 ____D () C:\FRST
2014-10-09 15:33 - 2014-10-09 15:33 - 00000000 ____D () C:\Users\G\Desktop\Tor Browser
2014-10-09 15:30 - 2014-10-09 15:32 - 27584890 _____ () C:\Users\G\Downloads\torbrowser-install-3.6.6_de.exe
2014-10-09 15:27 - 2014-10-09 15:27 - 00000000 __SHD () C:\Users\G\AppData\Local\EmieUserList
2014-10-09 15:27 - 2014-10-09 15:27 - 00000000 __SHD () C:\Users\G\AppData\Local\EmieSiteList
2014-10-07 14:22 - 2014-10-20 16:48 - 00000512 _____ () C:\Users\G\Documents\
2014-10-07 14:10 - 2014-10-07 14:10 - 00000000 ____D () C:\Users\G\Documents\Apowersoft Free Screen Recorder
2014-10-07 13:45 - 2014-10-07 13:45 - 00000000 ____D () C:\Users\G\AppData\Roaming\TechSmith
2014-10-07 13:44 - 2014-10-07 13:44 - 00000000 ____D () C:\Users\G\Documents\Camtasia Studio
2014-10-07 13:42 - 2014-10-07 13:42 - 00001126 _____ () C:\Users\Public\Desktop\Camtasia Studio 8.lnk
2014-10-07 13:42 - 2014-10-07 13:42 - 00000000 ____D () C:\ProgramData\regid.1995-08.com.techsmith
2014-10-07 13:42 - 2014-10-07 13:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2014-10-07 13:42 - 2014-10-07 13:42 - 00000000 ____D () C:\Program Files\QuickTime
2014-10-07 13:42 - 2014-10-07 13:42 - 00000000 ____D () C:\Program Files\Common Files\TechSmith Shared
2014-10-07 13:41 - 2014-10-07 13:43 - 00000000 ____D () C:\ProgramData\TechSmith
2014-10-07 13:41 - 2014-10-07 13:41 - 00000000 ____D () C:\Program Files\TechSmith
2014-10-07 13:40 - 2014-10-07 13:40 - 09318872 _____ (Bandisoft) C:\Users\G\Downloads\bdcamsetup.exe
2014-10-07 13:39 - 2014-10-07 13:39 - 20058760 _____ (DVDVideoSoft Ltd. ) C:\Users\G\Downloads\FreeScreenVideoRecorder2.5.37.922.exe
2014-10-07 13:38 - 2014-10-07 13:38 - 06129000 _____ (APOWERSOFT LIMITED ) C:\Users\G\Downloads\free-screen-recorder-chipde-1.4.0.exe
2014-10-07 09:35 - 2014-10-07 09:32 - 257069928 _____ () C:\Users\G\Documents\camtasiade843.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-06 21:12 - 2014-10-02 15:59 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-06 20:56 - 2014-10-01 14:05 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2014-11-06 20:56 - 2009-07-14 05:34 - 00016640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-06 20:56 - 2009-07-14 05:34 - 00016640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-06 19:36 - 2014-10-01 12:29 - 01626438 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-06 19:04 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-11-06 18:57 - 2014-10-01 12:18 - 00986005 ____N () C:\Windows\WindowsUpdate.log
2014-11-06 18:54 - 2014-10-02 15:59 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-06 18:53 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-05 14:37 - 2014-10-01 14:01 - 00001628 _____ () C:\Windows\Sandboxie.ini
2014-11-01 14:28 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2014-11-01 14:07 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2014-11-01 14:07 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2014-11-01 13:16 - 2014-10-06 19:27 - 00000147 _____ () C:\Users\G\Documents\Email.txt
2014-11-01 11:21 - 2014-10-01 12:24 - 00000000 ____D () C:\Users\G
2014-11-01 11:20 - 2014-10-06 15:46 - 00000000 ____D () C:\Users\G\AppData\Local\VMware
2014-11-01 11:14 - 2014-10-06 15:46 - 00000000 ____D () C:\Users\G\AppData\Roaming\VMware
2014-10-31 17:21 - 2014-10-03 12:28 - 00000965 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-31 17:21 - 2014-10-03 12:28 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-30 17:05 - 2014-10-04 13:16 - 00000000 ____D () C:\Users\G\AppData\Roaming\KeePass
2014-10-30 14:13 - 2014-10-02 16:00 - 00002121 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-28 06:35 - 2014-10-01 12:44 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-24 14:51 - 2014-10-04 13:40 - 00000600 _____ () C:\Users\G\AppData\Local\PUTTY.RND
2014-10-24 14:13 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-10-20 16:37 - 2014-10-06 15:42 - 00000000 ____D () C:\ProgramData\VMware
2014-10-20 15:49 - 2014-10-03 12:38 - 00000555 _____ () C:\Users\G\Documents\*
2014-10-17 15:04 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-17 14:02 - 2014-10-01 12:24 - 00000000 ____D () C:\Users\G\AppData\Local\VirtualStore
2014-10-16 15:16 - 2014-10-01 12:47 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-16 15:16 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-10-16 15:14 - 2014-10-01 12:43 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 15:11 - 2014-10-01 12:43 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-13 14:58 - 2014-10-04 16:07 - 00000182 _____ () C:\Users\G\Documents*
2014-10-11 15:05 - 2014-10-06 15:50 - 00000000 ____D () C:\Users\G\Documents\Virtual Machines

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-06 11:32

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 07.11.2014 19:23
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3439212047-603411062-2574308960-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Tcpip\..\Interfaces\{09E200AA-54E1-4893-8763-640C99D54278}: [NameServer] *
Tcpip\..\Interfaces\{70233F1C-3C57-4CE4-8F78-35B7E3C7A915}: [NameServer] *
Tcpip\..\Interfaces\{870F6CB7-D562-4FB8-95DF-B54DC4E930FF}: [NameServer] *
Tcpip\..\Interfaces\{A6C561AF-D32D-4EBA-9D6C-BEEBF9E53584}: [NameServer] *
Tcpip\..\Interfaces\{B19BC2B4-D3CB-423E-A351-B23F71536C08}: [NameServer] *
Tcpip\..\Interfaces\{CDDC2212-406D-4E93-94D3-AC48E4B4930D}: [NameServer] *
FF DefaultSearchEngine: Startpage HTTPS - Deutsch
FF SelectedSearchEngine: Startpage HTTPS - Deutsch
S4 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






http://www.deeprybka.trojaner-board....r/wraioneu.PNG
  • Lade Dir bitte Windows Repair - All in one von tweaking.com hier herunter und installiere es.
  • Deaktiviere bitte (wenn möglich) Dein Antivirusprogramm.
  • Bedenke, dass die einzelnen Reparaturen einige Zeit benötigen. Starte keine anderen Anwendungen in dieser Zeit.
  • Starte das Programm und führe die Punkte 1-5 durch. (Siehe Bildanleitung)
  • Achte darauf, dass bei Dir die Häkchen so gesetzt sind wie unter Punkt 4.
  • Setze auch ein Häkchen bei "Restart/Shutdown System" und klicke "Restart System" an bevor Du Punkt 5 durchführst.
http://deeprybka.trojaner-board.de/b...srepair271.png





ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

11880 11.11.2014 15:25
Hallo,

habe alles gemacht.
Jedoch kommt mir alles noch nicht so ´normal´ vor.
Sämtliche Unterordner sind plötzlich auf meinem Desktop. (nach Neustart des Rechners, beim runterfahren war der Desktop noch normal.
Ich habe mich entschlossen, mein System neu aufzusetzen.
Erst mit DBAN, dann WIN7 neu aufspielen.

Danke Dir trotzdem für Deine Mühe bis hierhin.

Nette Grüße

schrauber 12.11.2014 10:42
ok.


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:29 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58