Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Windows 8.1 Prof 64Bit und GVU-Trojaner (https://www.trojaner-board.de/147071-windows-8-1-prof-64bit-gvu-trojaner.html)

Ensi Ferrum 01.01.2014 11:00
Windows 8.1 Prof 64Bit und GVU-Trojaner
 
Schönen Guten Morgen und 'n erfolgreiches 2014.

Ich habe mir heute morgen den bekannten GVU-Trojaner eingefangen.
Rechner wurde dann in den abgesicherten Modus mit Eingabeaufforderung gebootet und das FRST-Tool (64-bit) ausgeführt.

FRST.txt:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-12-2013 01
Ran by SYSTEM on MININT-R8V5H4J on 01-01-2014 10:46:50
Running from H:\
Windows 8.1 Pro with Media Center (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-11-08] (NVIDIA Corporation)
HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [ShadowPlay] - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [ProfilerU] - C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek)
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.)
HKLM\...\Run: [Start WingMan Profiler] - C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM-x32\...\Run: [UpdReg] - C:\Windows\Updreg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Sound Blaster Z-Series Control Panel] - C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe [735744 2013-02-27] (Creative Technology Ltd)
HKLM-x32\...\Run: [SystemExplorerAutoStart] - C:\Program Files (x86)\System Explorer\SystemExplorer.exe [2860064 2013-11-30] (Mister Group)
HKU\Ensi\...\Run: [Remote Control Editor] - C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe [1842760 2012-03-22] (Elgato Systems)
HKU\Ensi\...\Run: [SystemExplorerAutoStart] - C:\Program Files (x86)\System Explorer\SystemExplorer.exe [2860064 2013-11-30] (Mister Group)
HKU\Ensi\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [457728 2013-09-30] (Microsoft Corporation)
HKU\Ensi\...\Run: [Media Monkey Remote Server] - C:\Program Files (x86)\MediaMonkey Remote Server\MediaMonkey Remote Server.exe [440320 2013-12-06] (Erlend Dahl)
HKU\Ensi\...\Run: [] - C:\Users\Ensi\AppData\Roaming\okewab [0 2014-01-01] ()
HKU\Ensi\...\Winlogon: [Userinit] C:\Users\Ensi\AppData\Roaming\loadit.exe [595252 2014-01-01] ()
HKU\Ensi\...\Winlogon: [Shell] C:\Users\Ensi\AppData\Roaming\loadit.exe [595252 2014-01-01] () <==== ATTENTION
IFEO\taskmgr.exe: [Debugger] "C:\Program Files (x86)\System Explorer\SystemExplorer.exe"
Startup: C:\Users\Ensi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft\Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Ensi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk
ShortcutTarget: AutoStarter.lnk ->  (No File)
Startup: C:\Users\Ensi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk
ShortcutTarget: ja.lnk -> C:\windows\system32\config\systemprofile\AppData\Roaming\loadit.exe (No File)
Startup: C:\Users\Ensi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemExplorerDisabled ()

==================== Services (Whitelisted) =================

S2 CLHNServiceForPowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [89864 2013-01-22] (CyberLink Corp.)
S2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [112640 2013-07-03] (Creative Technology Ltd)
S2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-01-22] (CyberLink)
S2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [294664 2013-01-22] (CyberLink)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation)
S2 FWPnpService; C:\Program Files (x86)\Fanatec\Fanatec Wheel\FWPnpService.exe [200704 2013-11-15] ()
S3 HideMyIpSRV; C:\Program Files (x86)\Hide My IP\HideMyIpSrv.exe [3587856 2012-12-11] (Hide My IP)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
S2 MySQL; C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe [7599616 2009-08-18] ()
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [18360 2013-11-11] (Overwolf Ltd)
S2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
S2 PinnacleUpdateSvc; C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe [430080 2011-05-09] (PowerUp Software, LLC)
S2 PnkBstrA; C:\WINDOWS\SysWow64\PnkBstrA.exe [76888 2013-10-31] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [697856 2013-11-10] ()
S3 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [821720 2012-11-25] (Mister Group)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation)
S2 Time; C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe [10752 2013-11-08] (Microsoft)
S2 TVService; C:\Program Files (x86)\Team MediaPortal\MediaPortal TV Server\TVService.exe [232448 2013-11-16] (Team MediaPortal)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
S3 KMSServerService; C:\WINDOWS\System32\KMSServer.exe [x]

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
S3 cthda; C:\Windows\system32\drivers\cthda.sys [1060632 2013-07-03] (Creative Technology Ltd)
S3 cthdb; C:\Windows\system32\DRIVERS\cthdb.sys [34072 2013-07-03] (Creative Technology Ltd)
S3 dvdfab; C:\Windows\System32\drivers\dvdfab.sys [79232 2011-08-15] (Fengtao Software Inc.)
S3 e1cexpress; C:\Windows\system32\DRIVERS\e1c64x64.sys [469264 2013-06-21] (Intel Corporation)
S3 FanatecWheelFilterUsb; C:\Windows\System32\drivers\FWFilterUsb.sys [68272 2013-11-21] (Endor AG)
S3 FWVirtualInputDevice; C:\Windows\System32\drivers\FWVirtualInputDevice.sys [26288 2013-11-21] (Endor AG)
S1 hwinterfacex64; C:\Windows\System32\Drivers\hwinterfacex64.sys [5632 2013-11-18] (Logix4u)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
S3 iDispService; C:\Windows\system32\DRIVERS\idisplayminiport.sys [14248 2012-08-31] (SHAPE Services)
S0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-30] (Microsoft Corporation)
S3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
S3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-08] (Intel Corporation)
S3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S1 networx; C:\Windows\System32\drivers\networx.sys [41976 2013-07-20] (NetFilterSDK.com)
S2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 npusbio; C:\Windows\System32\Drivers\npusbio_x64.sys [38400 2012-07-09] ()
S2 ntk_PowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [83704 2012-09-10] (Cyberlink Corp.)
S3 NVR0Dev; C:\Windows\nvoclk64.sys [39968 2007-09-04] (NVidia Corp.)
S3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2013-03-07] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [9584 2013-03-07] ()
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13480 2013-11-14] ()
S3 SaiHF51A; C:\Windows\system32\DRIVERS\SaiHF51A.sys [175880 2007-05-31] (Saitek)
S3 SaiK0CD0; C:\Windows\system32\DRIVERS\SaiK0CD0.sys [180544 2012-09-20] (Saitek)
S3 SaiMini; C:\Windows\System32\drivers\SaiMini.sys [24680 2012-10-15] (Saitek)
S3 SaiNtBus; C:\Windows\system32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
S3 SaiU0CD0; C:\Windows\System32\drivers\SaiU0CD0.sys [47168 2012-09-20] (Saitek)
S3 SaiUF51A; C:\Windows\system32\DRIVERS\SaiUF51A.sys [34432 2007-05-31] (Saitek)
S3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2013-01-20] (Anchorfree Inc.)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft\Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
S2 {73526619-C24F-470B-9BED-53D455FBB5C6}; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [130320 2013-01-22] (CyberLink Corp.)
S3 WinRing0_1_2_0; \??\D:\--== WINDOWS 8 ==--\Drivers\Logitech\G19\g15sysmon_4.5.0\g15sysmon.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-01 10:46 - 2014-01-01 10:46 - 00000000 ____D C:\FRST
2014-01-01 10:43 - 2014-01-01 10:43 - 00000000 _____ C:\Recovery.txt
2014-01-01 09:44 - 2014-01-01 09:44 - 00595252 _____ C:\Users\Ensi\AppData\Roaming\loadit.exe
2014-01-01 09:42 - 2014-01-01 09:42 - 00001543 _____ C:\Users\Public\Desktop\iLivid.lnk
2014-01-01 09:35 - 2014-01-01 09:35 - 00000000 ____D C:\Users\Ensi\AppData\Roaming\pulauo
2014-01-01 09:34 - 2014-01-01 09:34 - 00000000 ____D C:\Users\Ensi\AppData\Roaming\okewab
2014-01-01 09:20 - 2014-01-01 09:40 - 00000000 ____D C:\Users\Ensi\AppData\Roaming\UseNeXT
2014-01-01 09:20 - 2014-01-01 09:38 - 00000000 ____D C:\Users\Ensi\Documents\UseNeXT
2014-01-01 09:20 - 2014-01-01 09:20 - 00000000 ____D C:\Program Files (x86)\UseNeXT
2013-12-30 23:38 - 2013-12-30 23:38 - 00000000 ____D C:\Program Files (x86)\WinPcap
2013-12-30 23:07 - 2013-12-30 23:07 - 00000000 ____D C:\Program Files\Logitech
2013-12-30 23:01 - 2013-12-30 23:01 - 00000000 ____D C:\Program Files\Logitech Gaming Software
2013-12-30 12:03 - 2013-12-30 12:03 - 00000000 ____D C:\Users\Ensi\AppData\Roaming\InstallShield Installation Information
2013-12-30 12:03 - 2013-12-30 12:03 - 00000000 ____D C:\Users\Ensi\AppData\Roaming\IDMComp
2013-12-30 12:03 - 2013-12-30 12:03 - 00000000 ____D C:\Program Files (x86)\IDM Computer Solutions
2013-12-29 22:11 - 2013-12-30 22:46 - 00000000 ____D C:\Users\Ensi\Documents\LCDHost
2013-12-27 17:48 - 2013-12-27 17:48 - 00000047 _____ C:\Users\Ensi\Documents\mt-x_hook.txt
2013-12-27 17:48 - 2013-12-27 17:48 - 00000007 _____ C:\Users\Ensi\Documents\mt-e_hook.txt
2013-12-27 17:47 - 2013-12-27 17:47 - 00002218 _____ C:\Users\Ensi\Desktop\MegaTrainer eXperience.lnk
2013-12-27 17:47 - 2013-12-27 17:47 - 00002185 _____ C:\Users\Ensi\Desktop\MT-X - Guide.lnk
2013-12-27 17:47 - 2013-12-27 17:47 - 00000000 ____D C:\Program Files (x86)\MegaDev
2013-12-27 15:14 - 2013-12-27 15:14 - 00000000 ____D C:\ProgramData\NuGet
2013-12-27 15:14 - 2013-12-27 15:14 - 00000000 ____D C:\Program Files (x86)\NuGet
2013-12-27 15:08 - 2013-12-27 15:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Web Tools
2013-12-27 15:03 - 2013-12-27 15:03 - 00000000 ____D C:\Users\Ensi\AppData\Roaming\Crytek
2013-12-27 08:04 - 2013-12-27 08:04 - 00000000 ____D C:\Users\Ensi\Downloads\VS2012
2013-12-23 08:41 - 2013-12-23 08:41 - 00001215 _____ C:\Users\Ensi\Documents\BAHN_Fahrplan.ics
2013-12-17 18:14 - 2013-12-17 18:14 - 00000000 ____D C:\Windows\LastGood.Tmp
2013-12-17 18:14 - 2013-12-05 09:42 - 00039200 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvvad64v.sys
2013-12-17 18:14 - 2013-12-05 09:42 - 00032544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-12-15 16:16 - 2013-11-12 00:41 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-12-15 16:16 - 2013-11-12 00:40 - 00249856 _____ (Microsoft Corporation) C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-12-15 16:16 - 2013-11-12 00:27 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2013-12-15 16:16 - 2013-11-12 00:24 - 00840704 _____ (Microsoft Corporation) C:\Windows\System32\WSShared.dll
2013-12-15 16:16 - 2013-11-11 03:48 - 00039768 ____C (Microsoft Corporation) C:\Windows\System32\Drivers\intelpep.sys
2013-12-15 16:16 - 2013-11-09 12:55 - 00325464 ____C (Microsoft Corporation) C:\Windows\System32\Drivers\USBXHCI.SYS
2013-12-15 16:16 - 2013-11-09 07:37 - 01756160 _____ (Microsoft Corporation) C:\Windows\System32\WMPDMC.exe
2013-12-15 16:16 - 2013-11-09 06:56 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPDMC.exe
2013-12-15 16:16 - 2013-11-08 11:26 - 00358896 _____ (Microsoft Corporation) C:\Windows\System32\dcomp.dll
2013-12-15 16:16 - 2013-11-08 06:23 - 00449024 _____ (Microsoft Corporation) C:\Windows\System32\appmgr.dll
2013-12-15 16:16 - 2013-11-08 05:43 - 00254464 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentClient.dll
2013-12-15 16:16 - 2013-11-08 05:42 - 00366080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appmgr.dll
2013-12-15 16:16 - 2013-11-08 05:28 - 13177344 _____ (Microsoft Corporation) C:\Windows\System32\twinui.dll
2013-12-15 16:16 - 2013-11-08 05:26 - 11674624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2013-12-15 16:16 - 2013-11-08 05:16 - 00225792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dcomp.dll
2013-12-15 16:16 - 2013-11-08 05:15 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
2013-12-15 16:16 - 2013-11-08 05:07 - 00115712 _____ (Microsoft Corporation) C:\Windows\System32\winbici.dll
2013-12-15 16:16 - 2013-11-08 04:41 - 01302528 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentServer.dll
2013-12-15 16:16 - 2013-11-08 04:14 - 00922624 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentExtensions.dll
2013-12-15 16:16 - 2013-11-05 15:19 - 00566784 _____ (Microsoft Corporation) C:\Windows\System32\wpncore.dll
2013-12-15 16:16 - 2013-11-05 15:03 - 00637952 _____ (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
2013-12-15 16:16 - 2013-11-05 14:57 - 00479744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2013-12-15 16:16 - 2013-11-05 14:33 - 00584192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
2013-12-15 16:16 - 2013-11-05 14:32 - 00744448 _____ (Microsoft Corporation) C:\Windows\System32\SettingSyncCore.dll
2013-12-15 16:16 - 2013-11-04 18:13 - 01530200 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-12-15 16:16 - 2013-11-04 18:13 - 00382808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-12-15 16:16 - 2013-11-04 14:07 - 01843712 _____ (Microsoft Corporation) C:\Windows\System32\Display.dll
2013-12-15 16:16 - 2013-11-04 12:50 - 02143744 _____ (Microsoft Corporation) C:\Windows\System32\dwmcore.dll
2013-12-15 16:16 - 2013-11-04 11:32 - 02570240 _____ (Microsoft Corporation) C:\Windows\System32\SettingsHandlers.dll
2013-12-15 16:16 - 2013-11-04 03:28 - 01816576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Display.dll
2013-12-15 16:16 - 2013-11-04 02:30 - 01765376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2013-12-15 16:16 - 2013-11-01 12:39 - 00086872 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pdc.sys
2013-12-15 16:16 - 2013-11-01 07:08 - 00747008 _____ (Microsoft Corporation) C:\Windows\System32\wlidcli.dll
2013-12-15 16:16 - 2013-11-01 06:57 - 00544768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlidcli.dll
2013-12-15 16:16 - 2013-10-31 01:58 - 00372568 ____C (Microsoft Corporation) C:\Windows\System32\Drivers\spaceport.sys
2013-12-15 16:16 - 2013-10-31 01:42 - 07399256 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-12-15 16:16 - 2013-10-31 01:33 - 01642016 _____ (Microsoft Corporation) C:\Windows\System32\winload.efi
2013-12-15 16:16 - 2013-10-31 01:33 - 01506680 _____ (Microsoft Corporation) C:\Windows\System32\winload.exe
2013-12-15 16:16 - 2013-10-31 01:33 - 01476184 _____ (Microsoft Corporation) C:\Windows\System32\winresume.efi
2013-12-15 16:16 - 2013-10-31 01:33 - 01345536 _____ (Microsoft Corporation) C:\Windows\System32\winresume.exe
2013-12-15 16:16 - 2013-10-26 02:54 - 00146776 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\SerCx2.sys
2013-12-15 16:16 - 2013-10-24 10:31 - 00030208 _____ (Microsoft Corporation) C:\Windows\System32\CredentialMigrationHandler.dll
2013-12-15 16:16 - 2013-10-24 10:12 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CredentialMigrationHandler.dll
2013-12-15 16:16 - 2013-10-17 12:21 - 02896896 _____ (Microsoft Corporation) C:\Windows\System32\msftedit.dll
2013-12-15 16:16 - 2013-10-17 11:36 - 02266624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2013-12-15 16:16 - 2013-10-05 15:21 - 02140888 _____ (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-12-15 16:16 - 2013-10-05 15:21 - 00516496 _____ (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-12-15 16:16 - 2013-10-05 13:05 - 01765384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-12-15 16:16 - 2013-10-05 13:05 - 00406400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-12-12 21:09 - 2013-12-12 21:09 - 00002717 _____ C:\Users\Public\Desktop\Fanatec Wheel Property Page.lnk
2013-12-12 20:00 - 2013-12-12 20:00 - 00000000 ____D C:\ProgramData\PowerUp Software
2013-12-12 19:25 - 2014-01-01 09:46 - 00119296 _____ C:\Windows\SysWOW64\zlib.dll
2013-12-12 19:25 - 2013-12-12 19:25 - 00000000 ____D C:\Program Files (x86)\PowerUp Software
2013-12-12 19:25 - 2009-09-21 11:22 - 01227264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dx8vb.dll
2013-12-12 19:25 - 2008-04-13 19:11 - 00619008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dx7vb.dll
2013-12-12 19:25 - 2008-01-13 19:59 - 00036864 _____ C:\Windows\SysWOW64\dxinputdll.dll
2013-12-12 19:25 - 2008-01-13 16:36 - 00091632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dsofile.dll
2013-12-12 19:25 - 2007-12-26 22:33 - 00608448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COMCTL32.OCX
2013-12-12 19:25 - 2007-04-11 10:11 - 00511328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capicom.dll
2013-12-12 19:25 - 2004-03-09 18:45 - 00212240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RICHTX32.OCX
2013-12-12 19:25 - 2003-01-26 13:41 - 00040960 _____ (vbAccelerator) C:\Windows\SysWOW64\SSubTmr6.dll
2013-12-12 19:25 - 2002-08-09 11:18 - 00045056 ____N (Microsoft) C:\Windows\SysWOW64\NTSVC.ocx
2013-12-12 19:25 - 2001-04-05 06:43 - 00094208 ___RS (Microsoft Corporation) C:\Windows\SysWOW64\msstkprp.dll
2013-12-12 19:25 - 2000-12-06 02:00 - 00109248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswinsck.ocx
2013-12-12 19:25 - 2000-04-03 20:52 - 00164144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comct232.ocx
2013-12-12 19:25 - 1999-05-17 13:55 - 00057344 ____N () C:\Windows\SysWOW64\ADsSecurity.dll
2013-12-12 19:24 - 2013-12-12 19:24 - 00000000 ____D C:\ProgramData\SmartTechnology
2013-12-12 19:19 - 2013-11-23 04:32 - 04105728 _____ (Microsoft Corporation) C:\Windows\System32\SyncEngine.dll
2013-12-12 19:19 - 2013-11-23 04:10 - 00568832 _____ (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
2013-12-12 19:14 - 2013-11-23 05:34 - 00393216 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-12-12 19:14 - 2013-11-23 05:13 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-12 19:14 - 2013-10-19 09:53 - 00075360 _____ (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2013-12-12 19:14 - 2013-10-19 08:14 - 00070680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-12 18:58 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-12-12 18:58 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-12 18:58 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-12-12 18:58 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-12-12 18:58 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-12 18:58 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-12-12 18:58 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-12 18:58 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-12-12 18:58 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-12-12 18:58 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-12 18:58 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-12 18:58 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-12-12 18:58 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-12-12 18:58 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-12-12 18:58 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-12 18:58 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-12 18:58 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-12 18:58 - 2013-11-09 07:34 - 00615936 _____ (Microsoft Corporation) C:\Windows\System32\MDMAgent.exe
2013-12-12 18:58 - 2013-11-09 07:34 - 00287744 _____ (Microsoft Corporation) C:\Windows\System32\mdmregistration.dll
2013-12-12 18:58 - 2013-11-09 06:52 - 00240128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mdmregistration.dll
2013-12-12 18:58 - 2013-11-08 08:21 - 04191744 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-12-12 18:58 - 2013-10-15 09:54 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\scrrun.dll
2013-12-12 18:58 - 2013-10-15 09:03 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-06 15:53 - 2013-12-31 21:16 - 00000000 ____D C:\Users\Ensi\AppData\Roaming\MediaMonkey Remote
2013-12-06 15:53 - 2013-12-06 15:53 - 00000000 ____D C:\Program Files (x86)\MediaMonkey Remote Server
2013-12-06 14:11 - 2013-12-30 11:38 - 00000000 ____D C:\Users\Ensi\AppData\Roaming\MediaMonkey
2013-12-06 14:11 - 2013-12-06 14:11 - 00000000 ____D C:\ProgramData\MediaMonkey
2013-12-06 13:59 - 2013-12-13 19:13 - 00000000 ____D C:\Program Files (x86)\MediaMonkey
2013-12-06 13:59 - 2013-12-06 14:10 - 00000000 ____D C:\Users\Ensi\AppData\Local\MediaMonkey

==================== One Month Modified Files and Folders =======

2014-01-01 10:46 - 2014-01-01 10:46 - 00000000 ____D C:\FRST
2014-01-01 10:43 - 2014-01-01 10:43 - 00000000 _____ C:\Recovery.txt
2014-01-01 10:42 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-01 10:40 - 2013-10-20 10:20 - 00000000 ____D C:\users\Ensi
2014-01-01 10:39 - 2012-10-31 13:47 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-01 09:46 - 2013-12-12 19:25 - 00119296 _____ C:\Windows\SysWOW64\zlib.dll
2014-01-01 09:44 - 2014-01-01 09:44 - 00595252 _____ C:\Users\Ensi\AppData\Roaming\loadit.exe
2014-01-01 09:44 - 2013-11-28 01:23 - 00003024 _____ C:\Windows\System32\Tasks\MSIAfterburner
2014-01-01 09:42 - 2014-01-01 09:42 - 00001543 _____ C:\Users\Public\Desktop\iLivid.lnk
2014-01-01 09:41 - 2012-11-01 09:44 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{6196C6D3-8C88-4701-B569-A5F8B9EE86BA}
2014-01-01 09:40 - 2014-01-01 09:20 - 00000000 ____D C:\Users\Ensi\AppData\Roaming\UseNeXT
2014-01-01 09:38 - 2014-01-01 09:20 - 00000000 ____D C:\Users\Ensi\Documents\UseNeXT
2014-01-01 09:35 - 2014-01-01 09:35 - 00000000 ____D C:\Users\Ensi\AppData\Roaming\pulauo
2014-01-01 09:34 - 2014-01-01 09:34 - 00000000 ____D C:\Users\Ensi\AppData\Roaming\okewab
2014-01-01 09:27 - 2013-10-20 10:15 - 01630661 _____ C:\Windows\WindowsUpdate.log
2014-01-01 09:20 - 2014-01-01 09:20 - 00000000 ____D C:\Program Files (x86)\UseNeXT
2014-01-01 09:18 - 2013-07-10 17:51 - 00000000 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for TURBINCHEN-Ensi Turbinchen
2014-01-01 09:08 - 2013-10-20 11:55 - 00000000 __RDO C:\Users\Ensi\SkyDrive
2014-01-01 09:07 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\System32\sru
2013-12-31 21:16 - 2013-12-06 15:53 - 00000000 ____D C:\Users\Ensi\AppData\Roaming\MediaMonkey Remote
2013-12-31 18:35 - 2013-10-30 18:45 - 00000000 ____D C:\Users\Ensi\AppData\Local\dxhr
2013-12-31 12:44 - 2012-10-31 16:57 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-12-31 12:19 - 2012-10-31 13:30 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-751427061-3682948814-280702160-1001
2013-12-31 12:11 - 2012-10-31 16:57 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-12-31 12:08 - 2012-10-31 15:04 - 00000000 ____D C:\Program Files (x86)\Origin
2013-12-31 12:07 - 2013-07-04 19:46 - 00003854 _____ C:\Windows\System32\Tasks\G19_Sys
2013-12-31 11:59 - 2013-09-29 20:05 - 00005064 _____ C:\Windows\PFRO.log
2013-12-31 11:59 - 2012-12-21 19:49 - 774415239 _____ C:\Windows\MEMORY.DMP
2013-12-31 11:46 - 2012-11-04 02:03 - 00000000 ____D C:\Users\Ensi\AppData\Roaming\Notepad++
2013-12-31 11:46 - 2012-11-04 02:03 - 00000000 ____D C:\Program Files (x86)\Notepad++
2013-12-30 23:38 - 2013-12-30 23:38 - 00000000 ____D C:\Program Files (x86)\WinPcap
2013-12-30 23:07 - 2013-12-30 23:07 - 00000000 ____D C:\Program Files\Logitech
2013-12-30 23:01 - 2013-12-30 23:01 - 00000000 ____D C:\Program Files\Logitech Gaming Software
2013-12-30 22:48 - 2013-08-22 14:25 - 00524288 ___SH C:\Windows\System32\config\BBI
2013-12-30 22:47 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\Help
2013-12-30 22:46 - 2013-12-29 22:11 - 00000000 ____D C:\Users\Ensi\Documents\LCDHost
2013-12-30 22:33 - 2013-11-03 19:56 - 00691488 _____ C:\Windows\System32\perfh007.dat
2013-12-30 22:33 - 2013-11-03 19:56 - 00136678 _____ C:\Windows\System32\perfc007.dat
2013-12-30 22:33 - 2013-09-30 05:14 - 01630600 _____ C:\Windows\System32\PerfStringBackup.INI
2013-12-30 12:03 - 2013-12-30 12:03 - 00000000 ____D C:\Users\Ensi\AppData\Roaming\InstallShield Installation Information
2013-12-30 12:03 - 2013-12-30 12:03 - 00000000 ____D C:\Users\Ensi\AppData\Roaming\IDMComp
2013-12-30 12:03 - 2013-12-30 12:03 - 00000000 ____D C:\Program Files (x86)\IDM Computer Solutions
2013-12-30 12:02 - 2012-11-16 22:46 - 00000000 ____D C:\Users\Ensi\AppData\Local\Downloaded Installations
2013-12-30 11:38 - 2013-12-06 14:11 - 00000000 ____D C:\Users\Ensi\AppData\Roaming\MediaMonkey
2013-12-27 18:35 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness
2013-12-27 17:48 - 2013-12-27 17:48 - 00000047 _____ C:\Users\Ensi\Documents\mt-x_hook.txt
2013-12-27 17:48 - 2013-12-27 17:48 - 00000007 _____ C:\Users\Ensi\Documents\mt-e_hook.txt
2013-12-27 17:47 - 2013-12-27 17:47 - 00002218 _____ C:\Users\Ensi\Desktop\MegaTrainer eXperience.lnk
2013-12-27 17:47 - 2013-12-27 17:47 - 00002185 _____ C:\Users\Ensi\Desktop\MT-X - Guide.lnk
2013-12-27 17:47 - 2013-12-27 17:47 - 00000000 ____D C:\Program Files (x86)\MegaDev
2013-12-27 15:21 - 2012-11-25 16:09 - 00000000 ____D C:\Users\Ensi\Documents\Visual Studio 2012
2013-12-27 15:17 - 2012-11-25 15:54 - 00000000 ____D C:\ProgramData\Package Cache
2013-12-27 15:14 - 2013-12-27 15:14 - 00000000 ____D C:\ProgramData\NuGet
2013-12-27 15:14 - 2013-12-27 15:14 - 00000000 ____D C:\Program Files (x86)\NuGet
2013-12-27 15:09 - 2013-12-27 15:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Web Tools
2013-12-27 15:03 - 2013-12-27 15:03 - 00000000 ____D C:\Users\Ensi\AppData\Roaming\Crytek
2013-12-27 08:04 - 2013-12-27 08:04 - 00000000 ____D C:\Users\Ensi\Downloads\VS2012
2013-12-26 20:15 - 2013-08-22 15:46 - 00350874 _____ C:\Windows\setupact.log
2013-12-24 11:00 - 2012-11-03 16:50 - 00000826 _____ C:\Users\Public\FW-FFB.log
2013-12-24 11:00 - 2012-11-03 16:50 - 00000528 _____ C:\Users\Public\FW-Error.log
2013-12-23 23:51 - 2013-01-03 08:17 - 00000000 ____D C:\Users\Ensi\AppData\Local\Paint.NET
2013-12-23 08:41 - 2013-12-23 08:41 - 00001215 _____ C:\Users\Ensi\Documents\BAHN_Fahrplan.ics
2013-12-22 20:42 - 2013-06-02 13:41 - 00000000 ____D C:\Users\Ensi\AppData\Roaming\FanaLEDs
2013-12-22 20:41 - 2013-06-02 13:41 - 00000000 ____D C:\Program Files (x86)\FanaLEDs
2013-12-20 11:21 - 2013-10-25 19:26 - 00000000 ____D C:\Users\Ensi\Valley
2013-12-20 11:20 - 2012-10-31 13:55 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-18 22:57 - 2013-07-10 13:17 - 00000000 ____D C:\Windows\System32\MRT
2013-12-18 22:56 - 2012-12-13 01:42 - 90708896 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-12-17 18:14 - 2013-12-17 18:14 - 00000000 ____D C:\Windows\LastGood.Tmp
2013-12-16 19:55 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\rescache
2013-12-16 04:05 - 2013-08-22 16:36 - 00000000 ___RD C:\Windows\ToastData
2013-12-16 04:05 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\WinStore
2013-12-16 04:05 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\MediaViewer
2013-12-16 04:05 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\FileManager
2013-12-16 04:05 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\Camera
2013-12-13 21:53 - 2013-09-13 11:36 - 00000000 ____D C:\Users\Ensi\AppData\Local\Arma 3
2013-12-13 19:13 - 2013-12-06 13:59 - 00000000 ____D C:\Program Files (x86)\MediaMonkey
2013-12-12 21:09 - 2013-12-12 21:09 - 00002717 _____ C:\Users\Public\Desktop\Fanatec Wheel Property Page.lnk
2013-12-12 21:09 - 2012-11-03 16:50 - 00313653 _____ C:\Windows\System32\FwCspSetup.log
2013-12-12 20:00 - 2013-12-12 20:00 - 00000000 ____D C:\ProgramData\PowerUp Software
2013-12-12 20:00 - 2013-08-22 15:44 - 00495440 _____ C:\Windows\System32\FNTCACHE.DAT
2013-12-12 19:57 - 2012-11-19 16:35 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-12 19:42 - 2012-11-03 10:07 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2013-12-12 19:41 - 2013-10-25 18:23 - 00000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2013-12-12 19:25 - 2013-12-12 19:25 - 00000000 ____D C:\Program Files (x86)\PowerUp Software
2013-12-12 19:24 - 2013-12-12 19:24 - 00000000 ____D C:\ProgramData\SmartTechnology
2013-12-12 19:23 - 2012-10-31 14:10 - 00000000 ____D C:\Program Files\SmartTechnology
2013-12-12 19:07 - 2012-10-31 13:55 - 00000000 ____D C:\Users\Ensi\AppData\Roaming\Logishrd
2013-12-10 03:13 - 2013-10-29 17:54 - 01100248 _____ (NVIDIA Corporation) C:\Windows\System32\nvspcap64.dll
2013-12-10 03:13 - 2013-10-29 17:54 - 00982232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2013-12-06 17:52 - 2013-03-03 15:00 - 00000000 ____D C:\Users\Ensi\AppData\Roaming\vlc
2013-12-06 15:54 - 2012-10-31 13:19 - 00000000 ____D C:\Users\Ensi\AppData\Local\Packages
2013-12-06 15:53 - 2013-12-06 15:53 - 00000000 ____D C:\Program Files (x86)\MediaMonkey Remote Server
2013-12-06 14:11 - 2013-12-06 14:11 - 00000000 ____D C:\ProgramData\MediaMonkey
2013-12-06 14:10 - 2013-12-06 13:59 - 00000000 ____D C:\Users\Ensi\AppData\Local\MediaMonkey
2013-12-05 09:42 - 2013-12-17 18:14 - 00039200 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvvad64v.sys
2013-12-05 09:42 - 2013-12-17 18:14 - 00032544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-12-05 09:42 - 2013-08-07 09:28 - 00035104 _____ (NVIDIA Corporation) C:\Windows\System32\nvaudcap64v.dll
2013-12-04 16:32 - 2012-11-13 17:53 - 00000000 ____D C:\Program Files (x86)\System Explorer
2013-12-04 01:05 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-04 01:05 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-02 19:53 - 2013-01-25 13:38 - 00000000 ____D C:\Users\Ensi\AppData\Local\NVIDIA
2013-12-02 19:47 - 2013-10-20 10:15 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-12-02 19:47 - 2013-08-15 08:15 - 00000000 ____D C:\Users\Ensi\AppData\Local\NVIDIA Corporation
2013-12-02 19:46 - 2013-10-20 10:15 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-12-02 19:46 - 2013-10-20 10:15 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation

Some content of TEMP:
====================
C:\Users\Ensi\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Ensi\AppData\Local\Temp\npp.6.5.1.Installer.exe
C:\Users\Ensi\AppData\Local\Temp\npp.6.5.2.Installer.exe
C:\Users\Ensi\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Ensi\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Ensi\AppData\Local\Temp\nvStInst.exe
C:\Users\Ensi\AppData\Local\Temp\sonarinst.exe
C:\Users\Ensi\AppData\Local\Temp\uninstall-temp.exe
C:\Users\Ensi\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Ensi\AppData\Local\Temp\{408E1E47-10A9-4D6B-A61E-5ED8196AC485}-30.0.1599.101_chrome_installer.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-12-17 18:15:57
Restore point made on: 2013-12-19 22:54:25
Restore point made on: 2013-12-27 07:42:16
Restore point made on: 2013-12-27 07:44:47
Restore point made on: 2013-12-27 07:56:55
Restore point made on: 2013-12-27 08:20:13
Restore point made on: 2013-12-27 11:38:27
Restore point made on: 2013-12-30 12:02:56
Restore point made on: 2014-01-01 10:42:00

==================== Memory info ===========================

Percentage of memory in use: 12%
Total physical RAM: 8159.13 MB
Available physical RAM: 7125.49 MB
Total Pagefile: 8159.13 MB
Available Pagefile: 7147.75 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB

==================== Drives ================================

Drive c: (Win8) (Fixed) (Total:347.12 GB) (Free:242.52 GB) NTFS
Drive d: (MISC) (Fixed) (Total:465.76 GB) (Free:133.99 GB) NTFS
Drive e: (VAULT) (Fixed) (Total:931.51 GB) (Free:134.11 GB) NTFS
Drive f: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (THRASH) (Fixed) (Total:931.51 GB) (Free:182.37 GB) NTFS
Drive h: (TEST_TOOLS) (Removable) (Total:3.61 GB) (Free:0.65 GB) NTFS
Drive i: (TV Rec) (Fixed) (Total:496.71 GB) (Free:71.53 GB) NTFS
Drive j: (Falcon4.0) (Fixed) (Total:87.59 GB) (Free:84.58 GB) NTFS
Drive l: (PC-WELT_IT-Wisse) (CDROM) (Total:3.47 GB) (Free:0 GB) CDFS
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.49 GB) NTFS
Drive y: (MEDIA) (Fixed) (Total:931.51 GB) (Free:275.64 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 2B7ECA76)
Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 466 GB) (Disk ID: 02CD0FA5)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 932 GB) (Disk ID: 0FCD5502)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: EA49EF8C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=497 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=88 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=347 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 8C0DA820)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (MBR Code: Windows 7 or 8) (Size: 4 GB) (Disk ID: 256227CD)
Partition 1: (Active) - (Size=4 GB) - (Type=07 NTFS)


LastRegBack: 2013-12-31 12:18

==================== End Of Log ============================
Wie geht es nun weiter?
Danke schon mal im vorraus.

schrauber 01.01.2014 12:13
hi,

Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\Ensi\...\Run: [] - C:\Users\Ensi\AppData\Roaming\okewab [0 2014-01-01] ()
HKU\Ensi\...\Winlogon: [Userinit] C:\Users\Ensi\AppData\Roaming\loadit.exe [595252 2014-01-01] ()
HKU\Ensi\...\Winlogon: [Shell] C:\Users\Ensi\AppData\Roaming\loadit.exe [595252 2014-01-01] () <==== ATTENTION
Startup: C:\Users\Ensi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk
ShortcutTarget: AutoStarter.lnk ->  (No File)
Startup: C:\Users\Ensi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk
ShortcutTarget: ja.lnk -> C:\windows\system32\config\systemprofile\AppData\Roaming\loadit.exe (No File)
Startup: C:\Users\Ensi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemExplorerDisabled ()
C:\Users\Ensi\AppData\Roaming\okewab
C:\Users\Ensi\AppData\Roaming\loadit.exe
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.


Rechner normal starten :)

Ensi Ferrum 01.01.2014 12:27
Rechner startet eben neu,
Desktop seh ich nun wieder.

Defender macht nun 'n vollständigen Scan,
Stinger lass ich danach noch d'rüber rennen.

THX für die schnelle Hilfe.

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-12-2013 01
Ran by SYSTEM at 2014-01-01 12:22:10 Run:1
Running from H:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
HKU\Ensi\...\Run: [] - C:\Users\Ensi\AppData\Roaming\okewab [0 2014-01-01] ()
HKU\Ensi\...\Winlogon: [Userinit] C:\Users\Ensi\AppData\Roaming\loadit.exe [595252 2014-01-01] ()
HKU\Ensi\...\Winlogon: [Shell] C:\Users\Ensi\AppData\Roaming\loadit.exe [595252 2014-01-01] () <==== ATTENTION
Startup: C:\Users\Ensi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk
ShortcutTarget: AutoStarter.lnk ->  (No File)
Startup: C:\Users\Ensi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk
ShortcutTarget: ja.lnk -> C:\windows\system32\config\systemprofile\AppData\Roaming\loadit.exe (No File)
Startup: C:\Users\Ensi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemExplorerDisabled ()
C:\Users\Ensi\AppData\Roaming\okewab
C:\Users\Ensi\AppData\Roaming\loadit.exe
       
*****************

HKU\Ensi\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.
HKU\Ensi\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => Value deleted successfully.
HKU\Ensi\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\Users\Ensi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk => Moved successfully.
ShortcutTarget: AutoStarter.lnk ->  (No File) not found.
C:\Users\Ensi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk => Moved successfully.
C:\windows\system32\config\systemprofile\AppData\Roaming\loadit.exe not found.
"C:\Users\Ensi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemExplorerDisabled" => Could not move.
C:\Users\Ensi\AppData\Roaming\okewab => Moved successfully.
C:\Users\Ensi\AppData\Roaming\loadit.exe => Moved successfully.

==== End of Fixlog ====

schrauber 02.01.2014 08:53
Ab jetzt alles im normalen Modus:


Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Alle Zeitangaben in WEZ +1. Es ist jetzt 07:55 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129