Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Win 7: Gen:Trojan.Heur.RP.mu0@aiAj0hpi (Engine A) enteckt

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 27.11.2013, 18:28   #1
Jaaasen
 
Win 7: Gen:Trojan.Heur.RP.mu0@aiAj0hpi (Engine A) enteckt - Standard

Win 7: Gen:Trojan.Heur.RP.mu0@aiAj0hpi (Engine A) enteckt



Verehrte Community,

mein Virenscanner hat oben genannten Virus entdeckt und in die Quarantäne geschoben. Wie solls am besten weiter gehen?

System:
Lenovo Thinkpad T61
OS: Win 7 Home Premium 32 bit
CPU: Intel Core 2 Duo T7100 @ 1.80 GHz
RAM: 2 GB

Sicherheit:
GDATA Internet Security 2014

Hier die Logfile von GDATA:

Code:
ATTFilter
Beim Öffnen der Datei "C:\Windows\System32\WUDFHost.exe" wurde der Virus "Gen:Trojan.Heur.RP.mu0@aiAj0hpi (Engine A)" entdeckt. Zugriff verweigert.
         
Anschließend in Quarantäne geschoben:

Code:
ATTFilter
Eine Kopie der Datei wurde in der Quarantäne angelegt. Zum Entfernen der Originaldatei ist ein Neustart erforderlich.

Datei: C:\Windows\System32\WUDFHost.exe
Virus: Gen:Trojan.Heur.RP.mu0@aiAj0hpi (Engine A)
         
Logfile von Defogger:

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:18 on 27/11/2013 (Tomsk)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
Logfile von FRST:

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-11-2013
Ran by Tomsk (administrator) on APPARAT on 27-11-2013 16:24:51
Running from C:\Users\Tomsk\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Lenovo) C:\Windows\System32\ibmpmsvc.exe
(G Data Software AG) C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe
(UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Intel Corporation) C:\Program Files\Intel\AMT\atchksrv.exe
(G Data Software AG) C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Intel Corporation) C:\Program Files\Intel\AMT\LMS.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\ConversionService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Lenovo) C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
(Intel Corporation) C:\Program Files\Intel\AMT\UNS.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
(LENOVO) C:\Program Files\ThinkVantage\AMSG\Amsg.exe
(Intel Corporation) C:\Program Files\Intel\AMT\atchk.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo.) C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
(Lenovo) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2270504 2011-05-19] (Synaptics Incorporated)
HKLM\...\Run: [cssauth] - C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [3110200 2011-12-13] (Lenovo Group Limited)
HKLM\...\Run: [AMSG] - C:\Program Files\ThinkVantage\AMSG\Amsg.exe [436800 2009-09-03] (LENOVO)
HKLM\...\Run: [PSQLLauncher] - C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe [55120 2010-12-08] (UPEK Inc.)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [PWMTRV] - rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
HKLM\...\Run: [atchk] - C:\Program Files\Intel\AMT\atchk.exe [401408 2009-11-30] (Intel Corporation)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904 2009-08-07] (Intel Corporation)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [TpShocks] - C:\Windows\System32\TpShocks.exe [337256 2011-03-29] (Lenovo.)
HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [G Data AntiVirus Tray] - C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe [1444304 2013-03-22] (G Data Software AG)
HKLM\...\Run: [GDFirewallTray] - C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1854928 2013-03-22] (G Data Software AG)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\program files\g data\internetsecurity\avkkid\avkcks.exe
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll

==================== Internet (Whitelisted) ====================

BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO: IePasswordManagerHelper Class - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
Toolbar: HKLM - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Tomsk\AppData\Roaming\Mozilla\Firefox\Profiles\7aw1kt3n.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Flashblock - C:\Users\Tomsk\AppData\Roaming\Mozilla\Firefox\Profiles\7aw1kt3n.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF Extension: WOT - C:\Users\Tomsk\AppData\Roaming\Mozilla\Firefox\Profiles\7aw1kt3n.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: DownloadHelper - C:\Users\Tomsk\AppData\Roaming\Mozilla\Firefox\Profiles\7aw1kt3n.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: firefox - C:\Users\Tomsk\AppData\Roaming\Mozilla\Firefox\Profiles\7aw1kt3n.default\Extensions\firefox@ghostery.com.xpi
FF Extension: Adblock Plus - C:\Users\Tomsk\AppData\Roaming\Mozilla\Firefox\Profiles\7aw1kt3n.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF HKCU\...\Firefox\Extensions: [{F74D5734-46F5-4B16-96F0-1E7FBF41B750}] - C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension\2.0b12
FF Extension: ThinkVantage Password Manager - C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension\2.0b12

========================== Services (Whitelisted) =================

R2 atchksrv; C:\Program Files\Intel\AMT\atchksrv.exe [176128 2009-11-30] (Intel Corporation)
R2 AVKProxy; C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe [1957840 2013-03-22] (G Data Software AG)
R2 AVKService; C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe [635344 2013-02-25] (G Data Software AG)
R2 AVKWCtl; C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe [2096456 2013-04-24] (G Data Software AG)
R3 GDFwSvc; C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe [2362744 2013-03-22] (G Data Software AG)
R3 GDScan; C:\Program Files\Common Files\G Data\GDScan\GDScan.exe [696808 2013-02-25] (G Data Software AG)
S2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [45496 2011-04-04] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
S3 PwmEWSvc; C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE [1665120 2012-05-16] (Lenovo Group Limited)
R2 TPHKLOAD; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [130920 2011-04-20] (Lenovo Group Limited)
R2 TSSCoreService; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [988472 2011-12-13] (Lenovo)
R2 UNS; C:\Program Files\Intel\AMT\UNS.exe [1458176 2009-11-30] (Intel Corporation)

==================== Drivers (Whitelisted) ====================

R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [45912 2013-11-21] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [96344 2013-11-21] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [52056 2013-11-21] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd32.sys [54104 2013-11-21] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [30896 2013-11-23] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [51032 2013-11-21] (G Data Software AG)
R3 NETwLv32; C:\Windows\System32\DRIVERS\NETwLv32.sys [6639616 2010-10-07] (Intel Corporation)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [12560 2009-03-13] (UPEK Inc.)
S3 swmx01; C:\Windows\system32\drivers\swmx01.sys [72576 2007-04-10] (Sierra Wireless Inc.)
S3 SWUMX01; C:\Windows\system32\drivers\swumx01.sys [70656 2007-01-12] (Sierra Wireless Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-27 16:24 - 2013-11-27 16:25 - 00011538 _____ C:\Users\Tomsk\Desktop\FRST.txt
2013-11-27 16:21 - 2013-11-27 16:21 - 00000000 ____D C:\FRST
2013-11-27 16:20 - 2013-11-27 16:20 - 01091793 _____ (Farbar) C:\Users\Tomsk\Desktop\FRST.exe
2013-11-27 16:18 - 2013-11-27 16:18 - 00000472 _____ C:\Users\Tomsk\Desktop\defogger_disable.log
2013-11-27 16:18 - 2013-11-27 16:18 - 00000000 _____ C:\Users\Tomsk\defogger_reenable
2013-11-27 16:15 - 2013-11-27 16:16 - 00050477 _____ C:\Users\Tomsk\Desktop\Defogger.exe
2013-11-26 15:15 - 2013-11-26 15:20 - 00000000 ____D C:\Users\Tomsk\Documents\COMPUTER
2013-11-26 10:09 - 2013-11-26 10:09 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-11-25 19:44 - 2013-11-25 19:44 - 00000000 ____D C:\Users\Tomsk\AppData\Local\mquadr.at
2013-11-25 19:44 - 2013-11-25 19:44 - 00000000 ____D C:\ProgramData\mquadr.at
2013-11-25 19:44 - 2013-05-21 16:20 - 00249824 ____N (mquadr.at software engineering & consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at) C:\Windows\system32\SSDPDiscovery.dll
2013-11-25 19:44 - 2013-05-02 08:09 - 03748672 ____N (mquadr.at software engineering und consulting GmbH) C:\Windows\system32\M2ElevatedCalls.dll
2013-11-25 19:44 - 2013-05-02 08:08 - 00962368 ____N (mquadr.at software engineering) C:\Windows\system32\M2ElevatedNetworkAdapters.dll
2013-11-25 19:44 - 2012-12-03 14:57 - 00238592 ____N (Nicomsoft Ltd.) C:\Windows\system32\WiFiMan.dll
2013-11-25 19:43 - 2013-11-25 21:48 - 00000000 ____D C:\Users\Tomsk\AppData\Local\DTAG
2013-11-25 16:29 - 2013-11-25 16:43 - 00000000 ____D C:\Users\Tomsk\Downloads\AutoCAD_Map_3D_2011_englisch
2013-11-25 15:53 - 2013-11-25 15:54 - 00000306 _____ C:\ProgramData\hpzinstall.log
2013-11-25 15:52 - 2013-11-25 15:52 - 00000000 ____D C:\ProgramData\HP
2013-11-25 15:48 - 2013-11-25 15:48 - 00000000 ___HD C:\ProgramData\CanonBJ
2013-11-25 14:25 - 2013-11-27 09:58 - 00006656 _____ C:\Users\Tomsk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-25 13:50 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2013-11-25 13:50 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2013-11-25 13:50 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2013-11-25 13:50 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2013-11-25 13:45 - 2013-11-25 17:36 - 00000000 ____D C:\Users\Tomsk\AppData\Roaming\Autodesk
2013-11-25 13:45 - 2013-11-25 17:36 - 00000000 ____D C:\ProgramData\Autodesk
2013-11-25 11:54 - 2013-11-25 12:04 - 00000000 ____D C:\Program Files\CCleaner
2013-11-25 11:54 - 2013-11-25 11:54 - 00000972 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-11-25 11:52 - 2013-11-25 11:53 - 04379048 _____ (Piriform Ltd) C:\Users\Tomsk\Downloads\ccsetup407.exe
2013-11-25 11:48 - 2013-11-25 11:48 - 00000000 ____D C:\Users\Tomsk\Documents\DIPLOM
2013-11-25 07:33 - 2013-11-25 07:36 - 00000000 ____D C:\Windows\system32\MRT
2013-11-25 07:33 - 2013-11-07 15:50 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-24 03:01 - 2013-11-24 03:01 - 00287624 _____ C:\Windows\msxml4-KB973688-enu.LOG
2013-11-23 18:28 - 2013-04-17 08:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-11-23 18:28 - 2012-02-11 06:37 - 00317440 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2013-11-23 18:28 - 2011-02-25 06:30 - 02616320 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2013-11-23 04:26 - 2012-07-26 04:20 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2013-11-23 04:26 - 2012-07-26 04:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2013-11-23 04:26 - 2012-07-26 04:20 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2013-11-23 04:26 - 2012-07-26 04:20 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2013-11-23 04:26 - 2012-07-26 03:33 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2013-11-23 04:26 - 2012-07-26 03:32 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2013-11-23 04:26 - 2012-06-02 15:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2013-11-23 04:18 - 2010-02-11 08:10 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\browserchoice.exe
2013-11-23 03:45 - 2013-11-23 03:45 - 00030896 _____ (G Data Software) C:\Windows\system32\Drivers\GRD.sys
2013-11-23 03:45 - 2013-11-23 03:45 - 00016048 _____ (G Data Software) C:\Windows\system32\Drivers\GdPhyMem.sys
2013-11-23 03:40 - 2013-11-23 03:41 - 00007466 _____ C:\Windows\IE11_main.log
2013-11-23 03:38 - 2013-11-23 03:38 - 00294238 _____ C:\Windows\msxml4-KB954430-enu.LOG
2013-11-23 03:38 - 2013-11-23 03:38 - 00000000 ____D C:\Program Files\MSXML 4.0
2013-11-23 03:12 - 2013-11-23 03:12 - 14355968 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 02877952 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-23 03:12 - 2013-11-23 03:12 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-23 03:12 - 2013-11-23 03:12 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-23 03:12 - 2013-11-23 03:12 - 01138176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 00745472 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-23 03:12 - 2013-11-23 03:12 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 00629248 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-23 03:12 - 2013-11-23 03:12 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 00242200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-23 03:12 - 2013-11-23 03:12 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-23 03:12 - 2013-11-23 03:12 - 00137216 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-23 03:12 - 2013-11-23 03:12 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-23 03:12 - 2013-11-23 03:12 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-23 03:12 - 2013-11-23 03:12 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-23 03:12 - 2013-11-23 03:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-23 03:12 - 2013-11-23 03:12 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-23 03:12 - 2013-11-23 03:12 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-23 03:11 - 2013-11-23 03:11 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2013-11-23 03:08 - 2013-11-23 03:08 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-11-23 03:08 - 2013-11-23 03:08 - 02284544 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-11-23 03:08 - 2013-11-23 03:08 - 01988096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-11-23 03:08 - 2013-11-23 03:08 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-11-23 03:08 - 2013-11-23 03:08 - 01158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-11-23 03:08 - 2013-11-23 03:08 - 01080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-11-23 03:08 - 2013-11-23 03:08 - 00906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-11-23 03:08 - 2013-11-23 03:08 - 00604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-11-23 03:08 - 2013-11-23 03:08 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-11-23 03:08 - 2013-11-23 03:08 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-11-23 03:08 - 2013-11-23 03:08 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-11-23 03:08 - 2013-11-23 03:08 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-11-23 03:08 - 2013-11-23 03:08 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-11-23 03:08 - 2013-11-23 03:08 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-11-23 03:08 - 2013-11-23 03:08 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-11-23 03:08 - 2013-11-23 03:08 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-11-23 03:08 - 2013-11-23 03:08 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-11-23 03:08 - 2013-11-23 03:08 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-11-23 03:08 - 2013-11-23 03:08 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-11-23 03:08 - 2013-11-23 03:08 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-11-23 03:08 - 2013-11-23 03:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-11-23 03:08 - 2013-11-23 03:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-11-23 03:08 - 2013-11-23 03:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-11-23 03:08 - 2013-11-23 03:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-11-23 03:08 - 2013-11-23 03:08 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-11-23 03:05 - 2013-11-23 03:05 - 01505280 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-11-23 03:03 - 2013-11-23 03:19 - 00013405 _____ C:\Windows\IE10_main.log
2013-11-22 20:09 - 2013-11-27 14:22 - 00000000 ____D C:\Users\Tomsk\dwhelper
2013-11-22 20:05 - 2013-11-22 20:05 - 00000000 ____D C:\Users\Tomsk\AppData\Roaming\Macromedia
2013-11-22 20:05 - 2013-11-22 20:05 - 00000000 ____D C:\Users\Tomsk\AppData\Local\Macromedia
2013-11-22 20:03 - 2013-11-22 20:04 - 00000000 ____D C:\Users\Tomsk\AppData\Local\Adobe
2013-11-22 19:31 - 2013-11-22 19:31 - 00000000 ____D C:\Users\Tomsk\AppData\Roaming\XnView
2013-11-22 19:30 - 2013-11-22 19:30 - 00000000 ____D C:\Program Files\XnView
2013-11-22 19:18 - 2013-11-22 19:18 - 00000000 ____D C:\Users\Tomsk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2013-11-22 19:18 - 2013-11-22 19:18 - 00000000 ____D C:\Users\Tomsk\AppData\Roaming\IrfanView
2013-11-22 19:18 - 2013-11-22 19:18 - 00000000 ____D C:\Program Files\IrfanView
2013-11-22 19:09 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-22 19:09 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-22 19:09 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-22 19:09 - 2013-09-14 01:48 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-22 19:09 - 2013-09-08 03:07 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-11-22 19:09 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-11-22 19:09 - 2013-07-09 05:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-11-22 19:09 - 2013-07-09 05:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-11-22 19:09 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-11-22 19:09 - 2013-07-03 05:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-11-22 19:09 - 2013-07-03 04:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-11-22 19:09 - 2013-07-03 04:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-11-22 19:09 - 2013-04-12 14:45 - 01211752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2013-11-22 19:09 - 2012-11-22 05:45 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2013-11-22 19:09 - 2012-08-22 18:16 - 00712048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2013-11-22 19:09 - 2012-07-04 20:45 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
2013-11-22 19:08 - 2013-09-25 03:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-22 19:08 - 2013-09-25 03:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-22 19:08 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-22 19:08 - 2013-09-25 02:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-22 19:08 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-22 19:08 - 2013-09-25 02:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-22 19:08 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-22 19:08 - 2013-09-25 01:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-22 19:08 - 2013-09-25 01:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-22 19:08 - 2013-07-04 13:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-22 19:08 - 2013-02-12 04:32 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2013-11-22 19:08 - 2013-01-24 05:47 - 00196328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2013-11-22 19:08 - 2012-11-02 06:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2013-11-22 19:08 - 2011-06-16 05:33 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll
2013-11-22 19:08 - 2011-03-25 03:58 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-11-22 19:08 - 2011-03-25 03:58 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-11-22 19:08 - 2011-03-25 03:58 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-11-22 19:08 - 2011-03-25 03:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-11-22 19:08 - 2011-03-25 03:57 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-11-22 19:08 - 2011-03-25 03:57 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-11-22 19:08 - 2011-03-25 03:57 - 00005888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-11-22 19:08 - 2011-03-11 06:39 - 00148864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2013-11-22 19:08 - 2011-03-11 06:39 - 00143744 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys
2013-11-22 19:08 - 2011-03-11 06:39 - 00117120 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys
2013-11-22 19:08 - 2011-03-11 06:38 - 00332160 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys
2013-11-22 19:08 - 2011-03-11 06:38 - 00080256 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys
2013-11-22 19:08 - 2011-03-11 06:38 - 00022400 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys
2013-11-22 19:08 - 2011-03-11 06:33 - 01699328 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2013-11-22 19:08 - 2011-03-11 06:31 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe
2013-11-22 19:08 - 2011-03-11 05:01 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2013-11-22 19:08 - 2011-02-18 06:39 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\prevhost.exe
2013-11-22 19:07 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-11-22 19:07 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-11-22 19:07 - 2013-08-29 02:50 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-11-22 19:07 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-11-22 19:07 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-11-22 19:07 - 2013-08-28 01:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-11-22 19:07 - 2013-08-01 12:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-11-22 19:07 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-11-22 19:07 - 2013-06-06 05:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-11-22 19:07 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-11-22 19:07 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-11-22 19:07 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-11-22 19:07 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-11-22 19:07 - 2013-05-13 04:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-11-22 19:07 - 2013-05-13 04:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-11-22 19:07 - 2013-05-10 04:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-11-22 19:07 - 2013-04-26 05:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-11-22 19:07 - 2013-04-10 06:18 - 00218984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2013-11-22 19:07 - 2013-03-19 05:53 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-11-22 19:07 - 2013-03-19 05:48 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-11-22 19:07 - 2013-03-19 04:33 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2013-11-22 19:07 - 2013-03-19 03:49 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-11-22 19:07 - 2013-02-15 05:37 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-11-22 19:07 - 2013-02-15 05:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2013-11-22 19:07 - 2013-02-15 04:25 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-11-22 19:07 - 2012-11-01 05:47 - 01389568 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2013-11-22 19:07 - 2012-08-21 21:12 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
2013-11-22 19:07 - 2012-07-06 20:23 - 00393728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2013-11-22 19:07 - 2011-12-30 06:27 - 00478720 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2013-11-22 19:06 - 2013-08-28 02:04 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-11-22 19:06 - 2013-07-25 09:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-11-22 19:06 - 2013-06-04 05:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-11-22 19:06 - 2013-01-03 06:04 - 00187752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2013-11-22 19:06 - 2012-11-30 00:17 - 00420064 _____ C:\Windows\system32\locale.nls
2013-11-22 19:06 - 2012-10-03 17:42 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2013-11-22 19:06 - 2012-10-03 17:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2013-11-22 19:06 - 2012-10-03 17:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2013-11-22 19:06 - 2012-10-03 17:42 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2013-11-22 19:06 - 2012-10-03 17:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2013-11-22 19:06 - 2012-10-03 17:40 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2013-11-22 19:06 - 2012-10-03 16:21 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2013-11-22 19:06 - 2012-08-22 18:16 - 00240496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2013-11-22 19:06 - 2012-08-11 00:56 - 00542208 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2013-11-22 19:06 - 2012-05-05 08:46 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2013-11-22 19:06 - 2012-04-07 12:26 - 02342400 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2013-11-22 19:06 - 2011-05-04 05:34 - 01549312 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2013-11-22 19:06 - 2011-05-04 05:32 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2013-11-22 19:06 - 2011-05-04 05:32 - 00666624 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2013-11-22 19:06 - 2011-05-04 05:32 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2013-11-22 19:06 - 2011-05-04 05:32 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2013-11-22 19:06 - 2011-05-04 05:32 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2013-11-22 19:06 - 2011-05-04 05:28 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2013-11-22 19:06 - 2011-05-04 05:28 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2013-11-22 19:06 - 2011-05-04 05:28 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2013-11-22 19:05 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-22 19:05 - 2013-10-12 03:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-22 19:05 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-22 19:05 - 2013-10-03 02:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-22 19:05 - 2013-08-05 02:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-11-22 19:05 - 2013-07-26 02:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-11-22 19:05 - 2013-07-26 02:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-11-22 19:05 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-11-22 19:05 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-11-22 19:05 - 2013-07-04 10:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-11-22 19:05 - 2012-12-07 13:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2013-11-22 19:05 - 2012-12-07 13:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2013-11-22 19:05 - 2012-12-07 11:46 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2013-11-22 19:05 - 2012-12-07 11:46 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2013-11-22 19:05 - 2012-12-07 11:46 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2013-11-22 19:05 - 2012-12-07 11:46 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2013-11-22 19:05 - 2012-12-07 11:46 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2013-11-22 19:05 - 2012-12-07 11:46 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2013-11-22 19:05 - 2012-12-07 11:46 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2013-11-22 19:05 - 2012-12-07 11:46 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2013-11-22 19:05 - 2012-12-07 11:46 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2013-11-22 19:05 - 2012-12-07 11:46 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2013-11-22 19:05 - 2012-12-07 11:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2013-11-22 19:05 - 2012-12-07 11:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2013-11-22 19:05 - 2012-12-07 11:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2013-11-22 19:05 - 2012-12-07 11:46 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2013-11-22 19:05 - 2012-09-25 23:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2013-11-22 19:05 - 2012-05-01 05:44 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2013-11-22 19:04 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-22 19:04 - 2013-07-19 02:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-11-22 19:04 - 2013-07-12 11:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-11-22 19:04 - 2013-07-09 05:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-11-22 19:04 - 2013-07-09 05:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-11-22 19:04 - 2012-10-09 18:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2013-11-22 19:04 - 2012-10-09 18:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2013-11-22 19:04 - 2012-01-04 09:58 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2013-11-22 19:03 - 2013-08-02 02:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-11-22 19:03 - 2013-08-02 02:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-11-22 19:03 - 2013-08-02 02:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-11-22 19:03 - 2013-08-02 02:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-11-22 19:03 - 2013-08-02 02:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-11-22 19:03 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-11-22 19:03 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-11-22 19:03 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-11-22 19:03 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-11-22 19:03 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-11-22 19:03 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-11-22 19:03 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-11-22 19:03 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-11-22 19:03 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-11-22 19:03 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-11-22 19:03 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-11-22 19:03 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-11-22 19:03 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-11-22 19:03 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-11-22 19:03 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-11-22 19:03 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-11-22 19:03 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-11-22 19:03 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-11-22 19:03 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-11-22 19:03 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-11-22 19:03 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-11-22 19:03 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-11-22 19:03 - 2013-08-02 01:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-11-22 19:03 - 2013-08-02 01:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-11-22 19:03 - 2013-08-02 01:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-11-22 19:03 - 2013-08-02 01:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-11-22 19:03 - 2013-08-02 01:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-11-22 19:03 - 2013-06-25 23:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-11-22 19:03 - 2013-06-15 04:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-11-22 19:03 - 2013-02-27 06:05 - 00101720 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2013-11-22 19:03 - 2013-02-27 05:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2013-11-22 19:03 - 2012-11-28 23:57 - 00047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2013-11-22 19:03 - 2012-11-28 23:57 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2013-11-22 19:03 - 2012-11-28 23:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-11-22 19:03 - 2011-04-22 20:14 - 00027008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2013-11-22 19:03 - 2011-04-09 06:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2013-11-22 13:43 - 2013-11-26 09:41 - 00000000 ____D C:\Users\Tomsk\AppData\Local\Microsoft Games
2013-11-22 00:14 - 2013-11-27 16:18 - 00000000 ____D C:\Users\Tomsk\Documents\G Data
2013-11-22 00:14 - 2013-11-22 00:14 - 00000000 ____D C:\Users\Tomsk\AppData\Roaming\PDF Architect
2013-11-22 00:12 - 2013-11-22 00:12 - 00000970 _____ C:\Users\Tomsk\Desktop\PDF Architect.lnk
2013-11-22 00:12 - 2013-11-22 00:12 - 00000000 ____D C:\Users\Tomsk\Documents\PDF Architect Files
2013-11-22 00:12 - 2013-11-22 00:12 - 00000000 ____D C:\Program Files\PDF Architect
2013-11-22 00:11 - 2013-11-22 00:12 - 00000000 ____D C:\Program Files\PDFCreator
2013-11-22 00:11 - 2013-11-22 00:11 - 00000996 _____ C:\Users\Public\Desktop\PDFCreator.lnk
2013-11-22 00:11 - 2013-11-22 00:11 - 00000000 ____D C:\Users\Tomsk\AppData\Roaming\pdfforge
2013-11-22 00:11 - 2013-04-09 15:13 - 00095416 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2013-11-22 00:11 - 2013-01-09 15:52 - 01070152 _____ (Microsoft Corporation) C:\Windows\system32\MSCOMCTL.OCX
2013-11-22 00:11 - 2012-05-05 11:54 - 00662288 _____ (Microsoft Corporation) C:\Windows\system32\MSCOMCT2.OCX
2013-11-22 00:11 - 2012-05-05 11:54 - 00137000 _____ (Microsoft Corporation) C:\Windows\system32\MSMAPI32.OCX
2013-11-22 00:11 - 2012-05-05 11:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\MSMPIDE.DLL
2013-11-22 00:11 - 1998-07-06 18:56 - 00125712 _____ (Microsoft Corporation) C:\Windows\system32\VB6DE.DLL
2013-11-22 00:11 - 1998-07-06 18:55 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\MSCMCDE.DLL
2013-11-22 00:11 - 1998-07-06 18:55 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\MSCC2DE.DLL
2013-11-21 23:49 - 2013-11-21 23:49 - 00000000 ____D C:\Users\Tomsk\AppData\Roaming\Thunderbird
2013-11-21 23:49 - 2013-11-21 23:49 - 00000000 ____D C:\Users\Tomsk\AppData\Local\Thunderbird
2013-11-21 23:48 - 2013-11-21 23:48 - 00000000 ____D C:\Users\Tomsk\AppData\Roaming\OpenOffice
2013-11-21 23:47 - 2013-11-21 23:47 - 00001074 _____ C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2013-11-21 23:47 - 2013-11-21 23:47 - 00000000 ____D C:\Program Files\OpenOffice 4
2013-11-21 23:45 - 2013-11-21 23:45 - 00000000 ____D C:\Program Files\redist
2013-11-21 23:45 - 2013-11-21 23:45 - 00000000 ____D C:\Program Files\readmes
2013-11-21 23:45 - 2013-11-21 23:45 - 00000000 ____D C:\Program Files\licenses
2013-11-21 23:25 - 2013-11-21 23:25 - 00002039 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2013-11-21 23:25 - 2013-11-21 23:25 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-11-21 22:49 - 2013-11-25 17:39 - 00000000 ____D C:\Users\Tomsk\AppData\Roaming\Winamp
2013-11-21 22:49 - 2013-11-25 14:39 - 00000000 ____D C:\Program Files\Winamp
2013-11-21 22:49 - 2013-11-21 22:49 - 00000000 ____D C:\Program Files\Common Files\PX Storage Engine
2013-11-21 22:45 - 2013-11-27 08:44 - 00000000 ____D C:\Users\Tomsk\AppData\Roaming\vlc
2013-11-21 22:45 - 2013-11-21 22:45 - 00001031 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-11-21 22:44 - 2013-11-21 22:44 - 00000000 ____D C:\Program Files\VideoLAN
2013-11-21 22:39 - 2013-11-22 19:43 - 00000000 ____D C:\Users\Tomsk\AppData\Local\Mozilla
2013-11-21 22:39 - 2013-11-22 06:20 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-21 22:39 - 2013-11-21 22:39 - 00000000 ____D C:\Users\Tomsk\AppData\Roaming\Mozilla
2013-11-21 22:39 - 2013-11-21 22:39 - 00000000 ____D C:\ProgramData\Mozilla
2013-11-21 22:39 - 2013-11-21 22:39 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-21 21:07 - 2013-11-21 21:07 - 00000000 ____D C:\Users\Tomsk\AppData\Roaming\Adobe
2013-11-21 19:19 - 2013-11-21 19:19 - 00000000 ____D C:\Windows\system32\Lang
2013-11-21 19:19 - 2009-09-23 11:50 - 00398336 _____ (Intel(R) Corporation) C:\Windows\system32\TVWizudlg.exe
2013-11-21 19:19 - 2009-09-23 11:49 - 00140288 _____ () C:\Windows\system32\igfxtvcx.dll
2013-11-21 19:19 - 2009-09-23 11:47 - 00121232 _____ C:\Windows\system32\IScrNB.bmp
2013-11-21 18:25 - 2013-11-21 18:25 - 00000000 ____D C:\Windows\system32\x64
2013-11-21 18:25 - 2009-09-23 19:30 - 01002008 _____ (Intel Corporation) C:\Windows\system32\igxpun.exe
2013-11-21 18:11 - 2012-06-02 23:19 - 01933848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-11-21 18:11 - 2012-06-02 23:19 - 00577048 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-11-21 18:11 - 2012-06-02 23:19 - 00053784 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-11-21 18:11 - 2012-06-02 23:19 - 00045080 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2013-11-21 18:11 - 2012-06-02 23:19 - 00035864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2013-11-21 18:11 - 2012-06-02 23:12 - 02422272 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-11-21 18:11 - 2012-06-02 23:12 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-11-21 18:11 - 2012-06-02 15:19 - 00171904 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-11-21 18:11 - 2012-06-02 15:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-11-21 17:28 - 2013-11-21 17:28 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2013-11-21 17:25 - 2013-11-21 17:25 - 00000114 _____ C:\Users\Tomsk\Desktop\Wiederherstellungs-Image erstellen.url
2013-11-21 17:25 - 2013-11-21 17:25 - 00000000 ____D C:\ProgramData\UCRT
2013-11-21 17:24 - 2013-11-21 17:24 - 00001416 _____ C:\Users\Tomsk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-21 17:21 - 2013-11-21 19:55 - 00096344 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys
2013-11-21 17:21 - 2013-11-21 19:55 - 00054104 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd32.sys
2013-11-21 17:21 - 2013-11-21 19:55 - 00051032 _____ (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys
2013-11-21 17:21 - 2013-11-21 19:55 - 00045912 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys
2013-11-21 17:21 - 2013-11-21 19:55 - 00001943 _____ C:\Users\Public\Desktop\G Data InternetSecurity 2014.lnk
2013-11-21 17:21 - 2013-11-21 17:21 - 00052056 _____ (G Data Software AG) C:\Windows\system32\Drivers\PktIcpt.sys
2013-11-21 17:19 - 2013-11-21 18:59 - 00000000 ____D C:\ProgramData\G Data
2013-11-21 17:19 - 2013-11-21 17:19 - 00000000 ____D C:\Program Files\G Data
2013-11-21 17:19 - 2013-11-21 17:19 - 00000000 ____D C:\Program Files\Common Files\G Data
2013-11-21 17:17 - 2013-11-21 17:17 - 00000000 ____D C:\Program Files\Microsoft Office
2013-11-21 17:13 - 2013-11-27 16:18 - 00000000 ____D C:\Users\Tomsk
2013-11-21 17:13 - 2013-11-25 08:08 - 00064024 _____ C:\Users\Tomsk\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-21 17:13 - 2013-11-23 18:52 - 00000000 ____D C:\Users\Tomsk\AppData\Local\VirtualStore
2013-11-21 17:13 - 2013-11-21 17:13 - 00000000 _SHDL C:\Users\Tomsk\Startmenü
2013-11-21 17:13 - 2013-11-21 17:13 - 00000000 _SHDL C:\Users\Tomsk\Netzwerkumgebung
2013-11-21 17:13 - 2013-11-21 17:13 - 00000000 _SHDL C:\Users\Tomsk\Druckumgebung
2013-11-21 17:13 - 2013-11-21 17:13 - 00000000 _SHDL C:\Users\Tomsk\Documents\Eigene Musik
2013-11-21 17:13 - 2013-11-21 17:13 - 00000000 _SHDL C:\Users\Tomsk\Documents\Eigene Bilder
2013-11-21 17:13 - 2013-11-21 17:13 - 00000000 _SHDL C:\Users\Tomsk\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-11-21 17:13 - 2013-11-21 17:13 - 00000000 _SHDL C:\Users\Tomsk\AppData\Local\Verlauf
2013-11-21 17:13 - 2012-08-24 14:49 - 00000000 ____D C:\Users\Tomsk\AppData\Roaming\PwrMgr
2013-11-21 17:13 - 2012-08-24 14:34 - 00000000 ____D C:\Users\Tomsk\AppData\Local\Lenovo
2013-11-21 17:13 - 2012-08-24 14:02 - 00000000 ____D C:\Users\Tomsk\AppData\Roaming\Lenovo
2013-11-21 17:13 - 2012-08-24 13:54 - 00000000 ____D C:\Users\Tomsk\Documents\Bluetooth-Exchange-Ordner
2013-11-21 17:13 - 2012-08-24 13:54 - 00000000 ____D C:\Users\Tomsk\AppData\Local\Broadcom
2013-11-21 17:13 - 2012-08-24 13:50 - 00000000 ____D C:\Users\Tomsk\AppData\Roaming\InstallShield
2013-11-21 17:13 - 2012-08-24 13:49 - 00000000 ____D C:\Users\Tomsk\AppData\Roaming\Intel
2013-11-21 17:13 - 2010-11-20 21:57 - 00000020 ___SH C:\Users\Tomsk\ntuser.ini
2013-11-21 17:13 - 2009-07-14 05:42 - 00000000 ___RD C:\Users\Tomsk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-11-21 17:13 - 2009-07-14 05:37 - 00000000 ___RD C:\Users\Tomsk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-11-21 17:11 - 2013-11-21 17:11 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2013-11-21 17:11 - 2013-11-21 17:11 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2013-11-21 17:11 - 2013-11-21 17:11 - 00000000 _SHDL C:\Users\Default\Startmenü
2013-11-21 17:11 - 2013-11-21 17:11 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2013-11-21 17:11 - 2013-11-21 17:11 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2013-11-21 17:11 - 2013-11-21 17:11 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2013-11-21 17:11 - 2013-11-21 17:11 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2013-11-21 17:11 - 2013-11-21 17:11 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-11-21 17:11 - 2013-11-21 17:11 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2013-11-21 17:11 - 2013-11-21 17:11 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2013-11-21 17:11 - 2013-11-21 17:11 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2013-11-21 17:11 - 2013-11-21 17:11 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-11-21 17:11 - 2013-11-21 17:11 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2013-11-21 17:11 - 2013-11-21 17:11 - 00000000 _SHDL C:\Programme
2013-11-21 17:11 - 2013-11-21 17:11 - 00000000 _SHDL C:\ProgramData\Startmenü
2013-11-21 17:11 - 2013-11-21 17:11 - 00000000 _SHDL C:\ProgramData\Dokumente
2013-11-21 17:11 - 2013-11-21 17:11 - 00000000 __SHD C:\Recovery
2013-11-21 16:59 - 2013-11-27 15:31 - 02001211 _____ C:\Windows\WindowsUpdate.log
2013-11-21 16:59 - 2012-08-24 14:49 - 00000000 ____D C:\Users\Default\AppData\Roaming\PwrMgr
2013-11-21 16:59 - 2012-08-24 14:49 - 00000000 ____D C:\Users\Default User\AppData\Roaming\PwrMgr
2013-11-21 16:59 - 2012-08-24 14:34 - 00000000 ____D C:\Users\Default\AppData\Local\Lenovo
2013-11-21 16:59 - 2012-08-24 14:34 - 00000000 ____D C:\Users\Default User\AppData\Local\Lenovo
2013-11-21 16:59 - 2012-08-24 14:02 - 00000000 ____D C:\Users\Default\AppData\Roaming\Lenovo
2013-11-21 16:59 - 2012-08-24 14:02 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Lenovo
2013-11-21 16:59 - 2012-08-24 13:54 - 00000000 ____D C:\Users\Default\Documents\Bluetooth-Exchange-Ordner
2013-11-21 16:59 - 2012-08-24 13:54 - 00000000 ____D C:\Users\Default\AppData\Local\Broadcom
2013-11-21 16:59 - 2012-08-24 13:54 - 00000000 ____D C:\Users\Default User\Documents\Bluetooth-Exchange-Ordner
2013-11-21 16:59 - 2012-08-24 13:54 - 00000000 ____D C:\Users\Default User\AppData\Local\Broadcom
2013-11-21 16:59 - 2012-08-24 13:50 - 00000000 ____D C:\Users\Default\AppData\Roaming\InstallShield
2013-11-21 16:59 - 2012-08-24 13:50 - 00000000 ____D C:\Users\Default User\AppData\Roaming\InstallShield
2013-11-21 16:59 - 2012-08-24 13:49 - 00000000 ____D C:\Users\Default\AppData\Roaming\Intel
2013-11-21 16:59 - 2012-08-24 13:49 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Intel
2013-11-21 16:59 - 2012-08-24 12:31 - 00057560 _____ C:\Users\Default\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-21 16:59 - 2012-08-24 12:31 - 00057560 _____ C:\Users\Default User\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-21 16:58 - 2013-11-21 16:58 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_tcwbf_01_09_00.Wdf
2013-11-21 16:58 - 2013-11-21 16:58 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUSB_01009.Wdf
2013-11-21 16:58 - 2013-11-21 16:58 - 00000000 ____D C:\Program Files\Protector Suite

==================== One Month Modified Files and Folders =======

2013-11-27 16:25 - 2013-11-27 16:24 - 00011538 _____ C:\Users\Tomsk\Desktop\FRST.txt
2013-11-27 16:21 - 2013-11-27 16:21 - 00000000 ____D C:\FRST
2013-11-27 16:20 - 2013-11-27 16:20 - 01091793 _____ (Farbar) C:\Users\Tomsk\Desktop\FRST.exe
2013-11-27 16:18 - 2013-11-27 16:18 - 00000472 _____ C:\Users\Tomsk\Desktop\defogger_disable.log
2013-11-27 16:18 - 2013-11-27 16:18 - 00000000 _____ C:\Users\Tomsk\defogger_reenable
2013-11-27 16:18 - 2013-11-22 00:14 - 00000000 ____D C:\Users\Tomsk\Documents\G Data
2013-11-27 16:18 - 2013-11-21 17:13 - 00000000 ____D C:\Users\Tomsk
2013-11-27 16:16 - 2013-11-27 16:15 - 00050477 _____ C:\Users\Tomsk\Desktop\Defogger.exe
2013-11-27 15:31 - 2013-11-21 16:59 - 02001211 _____ C:\Windows\WindowsUpdate.log
2013-11-27 15:22 - 2009-07-14 05:34 - 00016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-27 15:22 - 2009-07-14 05:34 - 00016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-27 14:38 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
2013-11-27 14:22 - 2013-11-22 20:09 - 00000000 ____D C:\Users\Tomsk\dwhelper
2013-11-27 13:20 - 2012-08-24 15:17 - 00018750 _____ C:\Windows\setupact.log
2013-11-27 13:20 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-27 10:13 - 2010-11-20 22:01 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-27 09:58 - 2013-11-25 14:25 - 00006656 _____ C:\Users\Tomsk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-27 08:44 - 2013-11-21 22:45 - 00000000 ____D C:\Users\Tomsk\AppData\Roaming\vlc
2013-11-27 07:37 - 2009-07-14 03:37 - 00000000 __RHD C:\Users\Public\Libraries
2013-11-26 15:20 - 2013-11-26 15:15 - 00000000 ____D C:\Users\Tomsk\Documents\COMPUTER
2013-11-26 10:09 - 2013-11-26 10:09 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-11-26 09:41 - 2013-11-22 13:43 - 00000000 ____D C:\Users\Tomsk\AppData\Local\Microsoft Games
2013-11-26 08:14 - 2010-11-20 22:48 - 00035080 _____ C:\Windows\PFRO.log
2013-11-25 21:48 - 2013-11-25 19:43 - 00000000 ____D C:\Users\Tomsk\AppData\Local\DTAG
2013-11-25 19:44 - 2013-11-25 19:44 - 00000000 ____D C:\Users\Tomsk\AppData\Local\mquadr.at
2013-11-25 19:44 - 2013-11-25 19:44 - 00000000 ____D C:\ProgramData\mquadr.at
2013-11-25 17:39 - 2013-11-21 22:49 - 00000000 ____D C:\Users\Tomsk\AppData\Roaming\Winamp
2013-11-25 17:36 - 2013-11-25 13:45 - 00000000 ____D C:\Users\Tomsk\AppData\Roaming\Autodesk
2013-11-25 17:36 - 2013-11-25 13:45 - 00000000 ____D C:\ProgramData\Autodesk
2013-11-25 16:43 - 2013-11-25 16:29 - 00000000 ____D C:\Users\Tomsk\Downloads\AutoCAD_Map_3D_2011_englisch
2013-11-25 15:54 - 2013-11-25 15:53 - 00000306 _____ C:\ProgramData\hpzinstall.log
2013-11-25 15:52 - 2013-11-25 15:52 - 00000000 ____D C:\ProgramData\HP
2013-11-25 15:48 - 2013-11-25 15:48 - 00000000 ___HD C:\ProgramData\CanonBJ
2013-11-25 14:39 - 2013-11-21 22:49 - 00000000 ____D C:\Program Files\Winamp
2013-11-25 12:04 - 2013-11-25 11:54 - 00000000 ____D C:\Program Files\CCleaner
2013-11-25 11:54 - 2013-11-25 11:54 - 00000972 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-11-25 11:53 - 2013-11-25 11:52 - 04379048 _____ (Piriform Ltd) C:\Users\Tomsk\Downloads\ccsetup407.exe
2013-11-25 11:48 - 2013-11-25 11:48 - 00000000 ____D C:\Users\Tomsk\Documents\DIPLOM
2013-11-25 08:08 - 2013-11-21 17:13 - 00064024 _____ C:\Users\Tomsk\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-25 07:36 - 2013-11-25 07:33 - 00000000 ____D C:\Windows\system32\MRT
2013-11-24 03:01 - 2013-11-24 03:01 - 00287624 _____ C:\Windows\msxml4-KB973688-enu.LOG
2013-11-23 18:52 - 2013-11-21 17:13 - 00000000 ____D C:\Users\Tomsk\AppData\Local\VirtualStore
2013-11-23 08:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2013-11-23 06:43 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-11-23 06:29 - 2009-07-14 05:33 - 00295200 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-23 06:25 - 2011-04-12 02:38 - 00000000 ____D C:\Program Files\Windows Journal
2013-11-23 06:25 - 2011-04-12 02:29 - 00000000 ____D C:\Windows\system32\Drivers\de-DE
2013-11-23 06:25 - 2009-07-14 05:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-11-23 06:25 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\zh-TW
2013-11-23 06:25 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\zh-HK
2013-11-23 06:25 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\zh-CN
2013-11-23 06:25 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\tr-TR
2013-11-23 06:25 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\sv-SE
2013-11-23 06:25 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\ru-RU
2013-11-23 06:25 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\pt-PT
2013-11-23 06:25 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\pt-BR
2013-11-23 06:25 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\pl-PL
2013-11-23 06:25 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\nl-NL
2013-11-23 06:25 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\nb-NO
2013-11-23 06:25 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\ko-KR
2013-11-23 06:25 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\ja-JP
2013-11-23 06:25 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\it-IT
2013-11-23 06:25 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\hu-HU
2013-11-23 06:25 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\fr-FR
2013-11-23 06:25 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\fi-FI
2013-11-23 06:25 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\el-GR
2013-11-23 06:25 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-11-23 03:45 - 2013-11-23 03:45 - 00030896 _____ (G Data Software) C:\Windows\system32\Drivers\GRD.sys
2013-11-23 03:45 - 2013-11-23 03:45 - 00016048 _____ (G Data Software) C:\Windows\system32\Drivers\GdPhyMem.sys
2013-11-23 03:41 - 2013-11-23 03:40 - 00007466 _____ C:\Windows\IE11_main.log
2013-11-23 03:38 - 2013-11-23 03:38 - 00294238 _____ C:\Windows\msxml4-KB954430-enu.LOG
2013-11-23 03:38 - 2013-11-23 03:38 - 00000000 ____D C:\Program Files\MSXML 4.0
2013-11-23 03:19 - 2013-11-23 03:03 - 00013405 _____ C:\Windows\IE10_main.log
2013-11-23 03:12 - 2013-11-23 03:12 - 14355968 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 02877952 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-23 03:12 - 2013-11-23 03:12 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-23 03:12 - 2013-11-23 03:12 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-23 03:12 - 2013-11-23 03:12 - 01138176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 00745472 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-23 03:12 - 2013-11-23 03:12 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 00629248 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-23 03:12 - 2013-11-23 03:12 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 00242200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-23 03:12 - 2013-11-23 03:12 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-23 03:12 - 2013-11-23 03:12 - 00137216 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-23 03:12 - 2013-11-23 03:12 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-23 03:12 - 2013-11-23 03:12 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-23 03:12 - 2013-11-23 03:12 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-23 03:12 - 2013-11-23 03:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-23 03:12 - 2013-11-23 03:12 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-23 03:12 - 2013-11-23 03:12 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-23 03:12 - 2013-11-23 03:12 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-23 03:11 - 2013-11-23 03:11 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2013-11-23 03:08 - 2013-11-23 03:08 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-11-23 03:08 - 2013-11-23 03:08 - 02284544 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-11-23 03:08 - 2013-11-23 03:08 - 01988096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-11-23 03:08 - 2013-11-23 03:08 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-11-23 03:08 - 2013-11-23 03:08 - 01158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-11-23 03:08 - 2013-11-23 03:08 - 01080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-11-23 03:08 - 2013-11-23 03:08 - 00906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-11-23 03:08 - 2013-11-23 03:08 - 00604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-11-23 03:08 - 2013-11-23 03:08 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-11-23 03:08 - 2013-11-23 03:08 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-11-23 03:08 - 2013-11-23 03:08 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-11-23 03:08 - 2013-11-23 03:08 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-11-23 03:08 - 2013-11-23 03:08 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-11-23 03:08 - 2013-11-23 03:08 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-11-23 03:08 - 2013-11-23 03:08 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-11-23 03:08 - 2013-11-23 03:08 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-11-23 03:08 - 2013-11-23 03:08 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-11-23 03:08 - 2013-11-23 03:08 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-11-23 03:08 - 2013-11-23 03:08 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-11-23 03:08 - 2013-11-23 03:08 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-11-23 03:08 - 2013-11-23 03:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-11-23 03:08 - 2013-11-23 03:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-11-23 03:08 - 2013-11-23 03:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-11-23 03:08 - 2013-11-23 03:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-11-23 03:08 - 2013-11-23 03:08 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-11-23 03:05 - 2013-11-23 03:05 - 01505280 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-11-22 20:05 - 2013-11-22 20:05 - 00000000 ____D C:\Users\Tomsk\AppData\Roaming\Macromedia
2013-11-22 20:05 - 2013-11-22 20:05 - 00000000 ____D C:\Users\Tomsk\AppData\Local\Macromedia
2013-11-22 20:04 - 2013-11-22 20:03 - 00000000 ____D C:\Users\Tomsk\AppData\Local\Adobe
2013-11-22 20:04 - 2012-08-24 12:23 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-11-22 20:04 - 2012-08-24 12:23 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-11-22 19:43 - 2013-11-21 22:39 - 00000000 ____D C:\Users\Tomsk\AppData\Local\Mozilla
2013-11-22 19:31 - 2013-11-22 19:31 - 00000000 ____D C:\Users\Tomsk\AppData\Roaming\XnView
2013-11-22 19:30 - 2013-11-22 19:30 - 00000000 ____D C:\Program Files\XnView
2013-11-22 19:18 - 2013-11-22 19:18 - 00000000 ____D C:\Users\Tomsk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2013-11-22 19:18 - 2013-11-22 19:18 - 00000000 ____D C:\Users\Tomsk\AppData\Roaming\IrfanView
2013-11-22 19:18 - 2013-11-22 19:18 - 00000000 ____D C:\Program Files\IrfanView
2013-11-22 13:37 - 2012-08-24 13:59 - 00000000 ____D C:\ProgramData\Lenovo
2013-11-22 06:20 - 2013-11-21 22:39 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-22 00:14 - 2013-11-22 00:14 - 00000000 ____D C:\Users\Tomsk\AppData\Roaming\PDF Architect
2013-11-22 00:12 - 2013-11-22 00:12 - 00000970 _____ C:\Users\Tomsk\Desktop\PDF Architect.lnk
2013-11-22 00:12 - 2013-11-22 00:12 - 00000000 ____D C:\Users\Tomsk\Documents\PDF Architect Files
2013-11-22 00:12 - 2013-11-22 00:12 - 00000000 ____D C:\Program Files\PDF Architect
2013-11-22 00:12 - 2013-11-22 00:11 - 00000000 ____D C:\Program Files\PDFCreator
2013-11-22 00:11 - 2013-11-22 00:11 - 00000996 _____ C:\Users\Public\Desktop\PDFCreator.lnk
2013-11-22 00:11 - 2013-11-22 00:11 - 00000000 ____D C:\Users\Tomsk\AppData\Roaming\pdfforge
2013-11-21 23:49 - 2013-11-21 23:49 - 00000000 ____D C:\Users\Tomsk\AppData\Roaming\Thunderbird
2013-11-21 23:49 - 2013-11-21 23:49 - 00000000 ____D C:\Users\Tomsk\AppData\Local\Thunderbird
2013-11-21 23:48 - 2013-11-21 23:48 - 00000000 ____D C:\Users\Tomsk\AppData\Roaming\OpenOffice
2013-11-21 23:47 - 2013-11-21 23:47 - 00001074 _____ C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2013-11-21 23:47 - 2013-11-21 23:47 - 00000000 ____D C:\Program Files\OpenOffice 4
2013-11-21 23:45 - 2013-11-21 23:45 - 00000000 ____D C:\Program Files\redist
2013-11-21 23:45 - 2013-11-21 23:45 - 00000000 ____D C:\Program Files\readmes
2013-11-21 23:45 - 2013-11-21 23:45 - 00000000 ____D C:\Program Files\licenses
2013-11-21 23:25 - 2013-11-21 23:25 - 00002039 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2013-11-21 23:25 - 2013-11-21 23:25 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-11-21 22:49 - 2013-11-21 22:49 - 00000000 ____D C:\Program Files\Common Files\PX Storage Engine
2013-11-21 22:45 - 2013-11-21 22:45 - 00001031 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-11-21 22:44 - 2013-11-21 22:44 - 00000000 ____D C:\Program Files\VideoLAN
2013-11-21 22:39 - 2013-11-21 22:39 - 00000000 ____D C:\Users\Tomsk\AppData\Roaming\Mozilla
2013-11-21 22:39 - 2013-11-21 22:39 - 00000000 ____D C:\ProgramData\Mozilla
2013-11-21 22:39 - 2013-11-21 22:39 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-21 21:07 - 2013-11-21 21:07 - 00000000 ____D C:\Users\Tomsk\AppData\Roaming\Adobe
2013-11-21 19:55 - 2013-11-21 17:21 - 00096344 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys
2013-11-21 19:55 - 2013-11-21 17:21 - 00054104 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd32.sys
2013-11-21 19:55 - 2013-11-21 17:21 - 00051032 _____ (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys
2013-11-21 19:55 - 2013-11-21 17:21 - 00045912 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys
2013-11-21 19:55 - 2013-11-21 17:21 - 00001943 _____ C:\Users\Public\Desktop\G Data InternetSecurity 2014.lnk
2013-11-21 19:19 - 2013-11-21 19:19 - 00000000 ____D C:\Windows\system32\Lang
2013-11-21 19:19 - 2012-08-24 13:48 - 00000000 ____D C:\Program Files\Intel
2013-11-21 18:59 - 2013-11-21 17:19 - 00000000 ____D C:\ProgramData\G Data
2013-11-21 18:25 - 2013-11-21 18:25 - 00000000 ____D C:\Windows\system32\x64
2013-11-21 17:28 - 2013-11-21 17:28 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2013-11-21 17:25 - 2013-11-21 17:25 - 00000114 _____ C:\Users\Tomsk\Desktop\Wiederherstellungs-Image erstellen.url
2013-11-21 17:25 - 2013-11-21 17:25 - 00000000 ____D C:\ProgramData\UCRT
2013-11-21 17:25 - 2009-07-14 05:52 - 00000000 ____D C:\Windows\system32\WinBioDatabase
2013-11-21 17:24 - 2013-11-21 17:24 - 00001416 _____ C:\Users\Tomsk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-21 17:21 - 2013-11-21 17:21 - 00052056 _____ (G Data Software AG) C:\Windows\system32\Drivers\PktIcpt.sys
2013-11-21 17:19 - 2013-11-21 17:19 - 00000000 ____D C:\Program Files\G Data
2013-11-21 17:19 - 2013-11-21 17:19 - 00000000 ____D C:\Program Files\Common Files\G Data
2013-11-21 17:19 - 2012-08-24 12:23 - 00001912 _____ C:\Windows\epplauncher.mif
2013-11-21 17:17 - 2013-11-21 17:17 - 00000000 ____D C:\Program Files\Microsoft Office
2013-11-21 17:17 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-11-21 17:16 - 2009-07-14 05:52 - 00000000 ____D C:\Windows\system32\restore
2013-11-21 17:13 - 2013-11-21 17:13 - 00000000 _SHDL C:\Users\Tomsk\Startmenü
2013-11-21 17:13 - 2013-11-21 17:13 - 00000000 _SHDL C:\Users\Tomsk\Netzwerkumgebung
2013-11-21 17:13 - 2013-11-21 17:13 - 00000000 _SHDL C:\Users\Tomsk\Druckumgebung
2013-11-21 17:13 - 2013-11-21 17:13 - 00000000 _SHDL C:\Users\Tomsk\Documents\Eigene Musik
2013-11-21 17:13 - 2013-11-21 17:13 - 00000000 _SHDL C:\Users\Tomsk\Documents\Eigene Bilder
2013-11-21 17:13 - 2013-11-21 17:13 - 00000000 _SHDL C:\Users\Tomsk\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-11-21 17:13 - 2013-11-21 17:13 - 00000000 _SHDL C:\Users\Tomsk\AppData\Local\Verlauf
2013-11-21 17:11 - 2013-11-21 17:11 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2013-11-21 17:11 - 2013-11-21 17:11 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2013-11-21 17:11 - 2013-11-21 17:11 - 00000000 _SHDL C:\Users\Default\Startmenü
2013-11-21 17:11 - 2013-11-21 17:11 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2013-11-21 17:11 - 2013-11-21 17:11 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2013-11-21 17:11 - 2013-11-21 17:11 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2013-11-21 17:11 - 2013-11-21 17:11 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2013-11-21 17:11 - 2013-11-21 17:11 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-11-21 17:11 - 2013-11-21 17:11 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2013-11-21 17:11 - 2013-11-21 17:11 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2013-11-21 17:11 - 2013-11-21 17:11 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2013-11-21 17:11 - 2013-11-21 17:11 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-11-21 17:11 - 2013-11-21 17:11 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2013-11-21 17:11 - 2013-11-21 17:11 - 00000000 _SHDL C:\Programme
2013-11-21 17:11 - 2013-11-21 17:11 - 00000000 _SHDL C:\ProgramData\Startmenü
2013-11-21 17:11 - 2013-11-21 17:11 - 00000000 _SHDL C:\ProgramData\Dokumente
2013-11-21 17:11 - 2013-11-21 17:11 - 00000000 __SHD C:\Recovery
2013-11-21 17:11 - 2012-08-24 22:13 - 00000000 ____D C:\Windows\Panther
2013-11-21 17:11 - 2010-11-20 21:57 - 00000000 ____D C:\Users\Administrator
2013-11-21 17:11 - 2009-07-14 03:37 - 00000000 __RHD C:\Users\Default
2013-11-21 17:11 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\Recovery
2013-11-21 17:11 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Windows NT
2013-11-21 16:59 - 2012-08-24 12:17 - 00003652 _____ C:\Windows\TSSysprep.log
2013-11-21 16:58 - 2013-11-21 16:58 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_tcwbf_01_09_00.Wdf
2013-11-21 16:58 - 2013-11-21 16:58 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUSB_01009.Wdf
2013-11-21 16:58 - 2013-11-21 16:58 - 00000000 ____D C:\Program Files\Protector Suite
2013-11-21 16:58 - 2012-08-24 13:51 - 00000000 ____D C:\Program Files\Analog Devices
2013-11-21 16:58 - 2009-07-14 05:52 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2013-11-21 16:56 - 2009-07-14 05:34 - 00003806 _____ C:\Windows\DtcInstall.log
2013-11-11 05:50 - 2012-08-24 12:39 - 00230048 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-07 15:50 - 2013-11-25 07:33 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-21 18:56

==================== End Of Log ============================
         
Logfile Addition:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-11-2013
Ran by Tomsk at 2013-11-27 16:26:33
Running from C:\Users\Tomsk\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: G Data InternetSecurity 2014 (Enabled - Up to date) {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
AS: G Data InternetSecurity 2014 (Enabled - Up to date) {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G Data Personal Firewall (Enabled) {018C0191-29AD-04E8-101F-264FDF37B3ED}

==================== Installed Programs ======================

Adobe Flash Player 11 ActiveX (Version: 11.3.300.265)
Adobe Flash Player 11 Plugin (Version: 11.9.900.152)
Adobe Reader X (10.1.8) - Deutsch (Version: 10.1.8)
Anzeige am Bildschirm (Version: 6.42.00)
CCleaner (Version: 4.07)
Client Security - Password Manager (Version: 8.30.0052.00)
Dienstprogramm "ThinkPad UltraNav" (Version: 2.13.0)
Energie-Manager (Version: 6.32)
G Data InternetSecurity 2014 (Version: 24.0.2.3)
Intel PROSet Wireless
Intel(R) Active Management Technology Device Software
Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.1930)
Intel(R) PROSet/Wireless WiFi-Software (Version: 13.04.0000)
Intel(R) TV Wizard
Intel® Matrix Storage Manager
IrfanView (remove only) (Version: 4.36)
Lenovo Auto Scroll Utility (Version: 1.00)
Lenovo Patch Utility (Version: 1.3.0.9)
Lenovo System Interface Driver (Version: 1.05)
Message Center (Version: 2.01g)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Office (Version: 15.0.4454.1510)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Mozilla Firefox 25.0.1 (x86 de) (Version: 25.0.1)
Mozilla Maintenance Service (Version: 24.1.1)
Mozilla Thunderbird 24.1.1 (x86 de) (Version: 24.1.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NVIDIA Drivers
OpenOffice 4.0.1 (Version: 4.01.9714)
PDF Architect (Version: 1.1.83.9982)
PDFCreator (Version: 1.7.1)
Sierra Wireless HSDPA MiniCard (Version: 7.0.2.1300)
Sierra Wireless MC57xx Package for Access Connections (Version: 6.30.0.3)
SoundMAX (Version: 6.10.1.7255)
ThinkPad Bluetooth with Enhanced Data Rate Software (Version: 6.2.1.3100)
ThinkPad FullScreen Magnifier (Version: 2.30)
ThinkPad Power Management Driver (Version: 1.55)
ThinkPad UltraNav Driver (Version: 15.3.8.0)
ThinkVantage Active Protection System (Version: 1.75)
ThinkVantage Fingerprint Software (Version: 5.9.4.6882)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (Version: 3)
VLC media player 2.1.1 (Version: 2.1.1)
Winamp (Version: 5.66 )
Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (04/08/2010 6.3.5.430) (Version: 04/08/2010 6.3.5.430)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800)
XnView 2.11 (Version: 2.11)

==================== Restore Points  =========================

25-11-2013 16:22:52 DirectX wurde installiert

==================== Hosts content: ==========================

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {267CDBAE-730F-4417-8101-56801CD7BA30} - System32\Tasks\PMTask => C:\Program Files\ThinkPad\Utilities\PWMIDTSV.EXE [2012-05-16] (Lenovo Group Limited)
Task: {8DD30E97-9CFB-4636-95F5-8BF50B61AB08} - System32\Tasks\Microsoft\Windows\SetupSQMTask => C:\Windows\System32\oobe\setupsqm.exe [2010-11-20] (Microsoft Corporation)
Task: {F0A4850A-4054-4A76-B41B-2CABF8698050} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe

==================== Loaded Modules (whitelisted) =============

2011-01-24 11:35 - 2011-01-24 11:35 - 00132384 _____ () C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll
2012-08-24 13:45 - 2011-05-19 20:05 - 00066856 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
2012-08-24 14:29 - 2012-05-16 05:32 - 00094208 _____ () C:\Program Files\ThinkPad\Utilities\GR\PWMRT32V.DLL
2013-11-21 23:25 - 2013-11-18 19:02 - 03008624 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll
2013-11-21 23:25 - 2013-11-18 19:02 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2013-11-21 23:25 - 2013-11-18 19:02 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll
2013-11-21 22:39 - 2013-11-13 04:39 - 03363952 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: TouchChip Fingerprint Coprocessor (WBF advanced mode)
Description: TouchChip Fingerprint Coprocessor (WBF advanced mode)
Class Guid: {53d29ef7-377c-4d14-864b-eb3a85769359}
Manufacturer: UPEK
Service: WUDFRd
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (11/27/2013 01:20:40 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/27/2013 01:20:30 PM) (Source: LMS) (User: NT-AUTORITÄT)
Description: LMS Service cannot connect to HECI driver

Error: (11/27/2013 07:36:02 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/27/2013 07:35:13 AM) (Source: LMS) (User: NT-AUTORITÄT)
Description: LMS Service cannot connect to HECI driver

Error: (11/26/2013 08:15:35 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/26/2013 08:15:08 AM) (Source: LMS) (User: NT-AUTORITÄT)
Description: LMS Service cannot connect to HECI driver

Error: (11/25/2013 05:36:27 PM) (Source: MsiInstaller) (User: Apparat)
Description: Product: AutoCAD Map 3D 2011 -- Error 1308. Source file not found: C:\Users\Tomsk\Downloads\AutoCAD_Map_3D_2011_englisch\x86\acad\Program Files\Root\Common Files Folder\Autodesk Shared\AdLM\R1\en-US\Webdepot\LTU.png.  Verify that the file exists and that you can access it.

Error: (11/25/2013 05:36:26 PM) (Source: MsiInstaller) (User: Apparat)
Description: Product: AutoCAD Map 3D 2011 -- Error 1308. Source file not found: C:\Users\Tomsk\Downloads\AutoCAD_Map_3D_2011_englisch\x86\acad\Program Files\Root\Common Files Folder\Autodesk Shared\AdLM\R1\en-US\Webdepot\LTU.png.  Verify that the file exists and that you can access it.

Error: (11/25/2013 05:36:25 PM) (Source: MsiInstaller) (User: Apparat)
Description: Product: AutoCAD Map 3D 2011 -- Error 1308. Source file not found: C:\Users\Tomsk\Downloads\AutoCAD_Map_3D_2011_englisch\x86\acad\Program Files\Root\Common Files Folder\Autodesk Shared\AdLM\R1\en-US\Webdepot\LTU.png.  Verify that the file exists and that you can access it.

Error: (11/25/2013 05:36:25 PM) (Source: MsiInstaller) (User: Apparat)
Description: Product: AutoCAD Map 3D 2011 -- Error 1308. Source file not found: C:\Users\Tomsk\Downloads\AutoCAD_Map_3D_2011_englisch\x86\acad\Program Files\Root\Common Files Folder\Autodesk Shared\AdLM\R1\en-US\Webdepot\LTU.png.  Verify that the file exists and that you can access it.


System errors:
=============
Error: (11/27/2013 01:20:19 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Display Driver Service" ist vom Dienst "nvlddmkm" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (11/27/2013 07:35:02 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Display Driver Service" ist vom Dienst "nvlddmkm" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (11/26/2013 01:07:45 PM) (Source: Microsoft-Windows-Diagnostics-Networking) (User: NT-AUTORITÄT)
Description: Ein Fehler ist aufgetreten. Die Reparaturphase des Vorgangs konnte nicht abgeschlossen werden. Es wurde ein Windows-Fehlerbericht generiert. [2147942487]

Error: (11/26/2013 08:15:01 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Display Driver Service" ist vom Dienst "nvlddmkm" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (11/25/2013 02:10:49 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Display Driver Service" ist vom Dienst "nvlddmkm" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (11/25/2013 10:47:08 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Display Driver Service" ist vom Dienst "nvlddmkm" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (11/25/2013 10:41:21 AM) (Source: DCOM) (User: )
Description: 1053GDFwSvc-Service{1DED95CA-C567-464A-B405-087EDDF0B095}

Error: (11/25/2013 10:41:21 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "G Data Personal Firewall" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (11/25/2013 10:41:21 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst G Data Personal Firewall erreicht.

Error: (11/25/2013 10:14:41 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst VaultSvc erreicht.


Microsoft Office Sessions:
=========================
Error: (11/27/2013 01:20:40 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/27/2013 01:20:30 PM) (Source: LMS)(User: NT-AUTORITÄT)
Description: LMS Service cannot connect to HECI driver

Error: (11/27/2013 07:36:02 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/27/2013 07:35:13 AM) (Source: LMS)(User: NT-AUTORITÄT)
Description: LMS Service cannot connect to HECI driver

Error: (11/26/2013 08:15:35 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/26/2013 08:15:08 AM) (Source: LMS)(User: NT-AUTORITÄT)
Description: LMS Service cannot connect to HECI driver

Error: (11/25/2013 05:36:27 PM) (Source: MsiInstaller)(User: Apparat)
Description: Product: AutoCAD Map 3D 2011 -- Error 1308. Source file not found: C:\Users\Tomsk\Downloads\AutoCAD_Map_3D_2011_englisch\x86\acad\Program Files\Root\Common Files Folder\Autodesk Shared\AdLM\R1\en-US\Webdepot\LTU.png.  Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (11/25/2013 05:36:26 PM) (Source: MsiInstaller)(User: Apparat)
Description: Product: AutoCAD Map 3D 2011 -- Error 1308. Source file not found: C:\Users\Tomsk\Downloads\AutoCAD_Map_3D_2011_englisch\x86\acad\Program Files\Root\Common Files Folder\Autodesk Shared\AdLM\R1\en-US\Webdepot\LTU.png.  Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (11/25/2013 05:36:25 PM) (Source: MsiInstaller)(User: Apparat)
Description: Product: AutoCAD Map 3D 2011 -- Error 1308. Source file not found: C:\Users\Tomsk\Downloads\AutoCAD_Map_3D_2011_englisch\x86\acad\Program Files\Root\Common Files Folder\Autodesk Shared\AdLM\R1\en-US\Webdepot\LTU.png.  Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (11/25/2013 05:36:25 PM) (Source: MsiInstaller)(User: Apparat)
Description: Product: AutoCAD Map 3D 2011 -- Error 1308. Source file not found: C:\Users\Tomsk\Downloads\AutoCAD_Map_3D_2011_englisch\x86\acad\Program Files\Root\Common Files Folder\Autodesk Shared\AdLM\R1\en-US\Webdepot\LTU.png.  Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)


==================== Memory info =========================== 

Percentage of memory in use: 55%
Total physical RAM: 2006.3 MB
Available physical RAM: 894.2 MB
Total Pagefile: 4012.59 MB
Available Pagefile: 2290.88 MB
Total Virtual: 2047.88 MB
Available Virtual: 1899.49 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:63.93 GB) (Free:36.71 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 75 GB) (Disk ID: 0A7034EB)
Partition 1: (Not Active) - (Size=11 GB) - (Type=27)
Partition 2: (Active) - (Size=64 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Logfile von GMER:

Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-11-27 17:50:25
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 HITACHI_ rev.BBBZ 74,53GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Tomsk\AppData\Local\Temp\kwddrpow.sys


---- Kernel code sections - GMER 2.1 ----

.text           ntoskrnl.exe!ZwRollbackEnlistment + 1409                                                         82C469A5 1 Byte  [06]
.text           ntoskrnl.exe!KiDispatchInterrupt + 5A2                                                           82C66512 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                          Wdf01000.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                          Tppwr32v.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                          Wdf01000.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                          Tppwr32v.sys

Device          \Driver\SynTP \Device\00000070                                                                   Tppwr32v.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002268ef072f                      
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002268ef072f (not active ControlSet)  

---- EOF - GMER 2.1 ----
         
Wäre super, wenn sich das jemand mal anschauen könnte.



Vielen Dank,

Jaaasen.


P.S.: GDATA hat einen weiteren Fund gemeldet:

Code:
ATTFilter
*** Prozess ***

Prozess: 4420
Dateiname: erunt.exe
Pfad: c:\windows\erunt.exe

Herausgeber: Unbekannter Herausgeber
Erstelldatum: 02/22/13 15:05:21
Änderungsdatum: 02/22/13 02:04:50

Gestartet von: cmd.exe
Herausgeber: Microsoft Windows


*** Aktionen ***

Ein Packer wurde auf die Programmdatei angewandt. Möglicherweise um schädliche Inhalte zu verbergen.
Das Programm hat in Dateien oder Ordnern geschrieben die genutzt werden können um das System zu gefährden.
Das Programm hat Werte in der System-Registrierung verändert die genutzt werden können um das System zu gefährden.


*** Quarantäne ***

Folgende Dateien wurden in Quarantäne verschoben:
C:\FRST\Hives\Users\00000001\NTUSER.DAT
C:\Windows\ERUNT.exe

Folgende Registry Einträge wurden gelöscht:
\REGISTRY\MACHINE\SECURITY


YGLRtuLAcnJycmJi0HJycnJiYuBy0nLSYmJwKnRyQicnJga3cnJycmJicCwnJycnJgZocnJycmJigCsnJycnJgaZcnKQKxZtKwnJcnJwp3JycHhycnJyYmJwmXJycnJiYnC6crFeY7ZycrFeY7ZyYmJwjnJyAAA
Version der Regeln: 4.3.15
OS: Windows 6.1 Service Pack 1.0 Build: 7601 - Workstation 32bit OS
Version der dll: 30732

ERUNT.exe  C:\FRST\HIVES silent sysreg curuser /noconfirmdelete /noprogresswindow
C:\Windows\system32\cmd.exe /c ERUNT.exe C:\FRST\HIVES silent sysreg curuser /noconfirmdelete /noprogresswindow
         
Soll das in einem neuen Thread behandelt werden?

Alt 27.11.2013, 18:43   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Win 7: Gen:Trojan.Heur.RP.mu0@aiAj0hpi (Engine A) enteckt - Standard

Win 7: Gen:Trojan.Heur.RP.mu0@aiAj0hpi (Engine A) enteckt



Hi,

lass die angemeckerte datei bitte mal bei www.virustotal.com scannen.
__________________

__________________

Alt 27.11.2013, 20:04   #3
Jaaasen
 
Win 7: Gen:Trojan.Heur.RP.mu0@aiAj0hpi (Engine A) enteckt - Standard

Win 7: Gen:Trojan.Heur.RP.mu0@aiAj0hpi (Engine A) enteckt



Hi,

danke, dass du mich deiner annimmst.

Hab die Datei dort, wo du geschrieben hast, gescannt...ich hoffe mal, dass das die richtigen codes sind?!

File detail:

Code:
ATTFilter
 PE signature block
Copyright
© Microsoft Corporation. Alle Rechte vorbehalten.

Publisher Microsoft Corporation
Product Betriebssystem Microsoft® Windows®
Original name WUDFHost.exe.mui
Internal name WUDFHost.exe
File version 6.2.9200.16384 (win8_rtm.120725-1247)
Description Windows Driver Foundation - Benutzermodus-Treiberframework-Hostprozess
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Link date 1:00 AM 1/1/1970
Number of sections 1
PE sections
Name Virtual address Virtual size Raw size Entropy MD5
.rsrc 4096 4096 1536 3.84 ed48f456a389b79481b44cb9c704b377
Number of PE resources by type
MUI 1
RT_VERSION 1
Number of PE resources by language
GERMAN 2
ExifTool file metadata
SubsystemVersion
5.1

InitializedDataSize
1536

ImageVersion
6.2

ProductName
Betriebssystem Microsoft Windows

FileVersionNumber
6.2.9200.16384

UninitializedDataSize
0

LanguageCode
German

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
10.1

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
6.2.9200.16384 (win8_rtm.120725-1247)

TimeStamp
0000:00:00 00:00:00

FileType
Win32 DLL

PEType
PE32

InternalName
WUDFHost.exe

ProductVersion
6.2.9200.16384

FileDescription
Windows Driver Foundation - Benutzermodus-Treiberframework-Hostprozess

OSVersion
6.2

OriginalFilename
WUDFHost.exe.mui

LegalCopyright
Microsoft Corporation. Alle Rechte vorbehalten.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
0

FileSubtype
0

ProductVersionNumber
6.2.9200.16384

EntryPoint
0x0000

ObjectFileType
Executable application
         
Relationship:

Code:
ATTFilter
CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
840f7fb849f5887a49ba18c13b2da920 trustedinstaller.exe
773212b2aaa24c1e31f10246b15b276c trustedinstaller.exe
2c49b175aee1d4364b91b531417fe583 trustedinstaller.exe
c54dd83f674f98791f56ccef236112d1 vmware-converter.exe
41a4c781d2286208d397d72099304133 trustedinstaller.exe
         
Zusätzliche Informationen:

Code:
ATTFilter
 File identification
MD5 b1fc76600751ede155695b075d07ae8a
SHA1 1681fda53a3943a86b0a0167dd65e6d6049fbeff
SHA256 a8773a138070b7a1a79e246fafbd2157ddff0829041a9b8d4caee1ad991ce4ef
ssdeep
24:e9GSmQ+YskCwQGXC4/qpZW0blAgyXQeNw3h4pwjcf23U9WPNMh:KmIs3VGXC4qpZWglAWQw3fwfEKqG

File size 2.0 KB ( 2048 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID 	Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
VirusTotal metadata
First submission 2012-12-29 16:49:08 UTC ( vor 11 Monate )
Last submission 2013-11-27 18:44:23 UTC ( vor 9 Minuten )
Dateinamen 	3a7c1b4ad8cbc24b8ee658351a3f13ba.tmp
72657ce29acbfc4095a9dcef876d5441.tmp
6e16af7cb114394db68b426acb57f425.tmp
17a3320362fd1c43a49bc17098473bfc.tmp
834b6d3eb4759e49aaf6a9933a53d657.tmp
19542e02862a0e43a6186d9c0f5b96c0.tmp
2c2530b075ca584c970b7211c76292d9.tmp
af90c60383d3924983081e16ccd23a67.tmp
91873ab99796bd4bb7f1bf570e92cc0a.tmp
fb5ec2b5cd5bc14d958b826559e04d96.tmp
65b90923b5b3d747ab2edf7d836c4506.tmp
b499cf070a319d468d66e099977b8de1.tmp
2cafa8dff098144a9417be09651b1d1a.tmp
09d5fe288332f9468f307f2fce0a4076.tmp
WUDFHost.exe
8e90ffba6e84d543901ad557468db075.tmp
589dddc058aacc4dbddaf8a0560fb01b.tmp
a467c32256141949bc24c1c4f8a0583f.tmp
8a49a5c4309c8444b015796cd105b8e3.tmp
c1369bd50962ac4ab1b1e2f4d0a9b976.tmp
18f1f387ffc614478a05d46619ed7203.tmp
89440043659b5345b400ac4e1fac3aea.tmp
6afbb896325c3741ad7c9730c32bba64.tmp
4bac87f95d92794f8b57c47b11e75d84.tmp
204ef70d5e1375468dd2e733ce543f9e.tmp
         
__________________

Alt 28.11.2013, 13:14   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Win 7: Gen:Trojan.Heur.RP.mu0@aiAj0hpi (Engine A) enteckt - Standard

Win 7: Gen:Trojan.Heur.RP.mu0@aiAj0hpi (Engine A) enteckt



Wieviele der 46 Scanner haben eine Bedrohung gefunden?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 28.11.2013, 15:06   #5
Jaaasen
 
Win 7: Gen:Trojan.Heur.RP.mu0@aiAj0hpi (Engine A) enteckt - Standard

Win 7: Gen:Trojan.Heur.RP.mu0@aiAj0hpi (Engine A) enteckt



Hi Schrauber,

Virustotalt zeigt, dass keiner von 48 Scannern einen Fund gemeldet hat. Ich habe die 1. Seite als pdf mal angehängt...


Alt 29.11.2013, 08:43   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Win 7: Gen:Trojan.Heur.RP.mu0@aiAj0hpi (Engine A) enteckt - Standard

Win 7: Gen:Trojan.Heur.RP.mu0@aiAj0hpi (Engine A) enteckt



das ist ein Fehlalarm von deinem AV Programm.
__________________
--> Win 7: Gen:Trojan.Heur.RP.mu0@aiAj0hpi (Engine A) enteckt

Alt 29.11.2013, 11:05   #7
Jaaasen
 
Win 7: Gen:Trojan.Heur.RP.mu0@aiAj0hpi (Engine A) enteckt - Standard

Win 7: Gen:Trojan.Heur.RP.mu0@aiAj0hpi (Engine A) enteckt



ok, dann bin ich ja beruhigt...soll ich die Datei dann in der Quarantäne lassen, oder kann/soll ich die wiederherstellen?

Gruß,

Jaaasen.

Alt 30.11.2013, 14:01   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Win 7: Gen:Trojan.Heur.RP.mu0@aiAj0hpi (Engine A) enteckt - Standard

Win 7: Gen:Trojan.Heur.RP.mu0@aiAj0hpi (Engine A) enteckt



Wiederherstellen, und das AV sollte eine Funktion haben zum Einsenden
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 01.12.2013, 16:32   #9
Jaaasen
 
Win 7: Gen:Trojan.Heur.RP.mu0@aiAj0hpi (Engine A) enteckt - Standard

Win 7: Gen:Trojan.Heur.RP.mu0@aiAj0hpi (Engine A) enteckt



GData lässt mich aber nich wiederherstellen...Erst kommt ne Meldeung, dass die Datei immer noch virusbehaftet ist, wenn ich aber trotzdem weiter mache, sagt er "Die Datei kann nicht zurückbewegt werden".

Alt 02.12.2013, 10:40   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Win 7: Gen:Trojan.Heur.RP.mu0@aiAj0hpi (Engine A) enteckt - Standard

Win 7: Gen:Trojan.Heur.RP.mu0@aiAj0hpi (Engine A) enteckt



Dann schick sie zuerst ein
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 02.12.2013, 12:26   #11
Jaaasen
 
Win 7: Gen:Trojan.Heur.RP.mu0@aiAj0hpi (Engine A) enteckt - Standard

Win 7: Gen:Trojan.Heur.RP.mu0@aiAj0hpi (Engine A) enteckt



Gesagt, getan...mal sehen, was passiert

Alt 03.12.2013, 09:11   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Win 7: Gen:Trojan.Heur.RP.mu0@aiAj0hpi (Engine A) enteckt - Standard

Win 7: Gen:Trojan.Heur.RP.mu0@aiAj0hpi (Engine A) enteckt



hehe
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Win 7: Gen:Trojan.Heur.RP.mu0@aiAj0hpi (Engine A) enteckt
adblock, adobe, antivirus, bildschirm, browser, ccsetup, converter, coprocessor, entfernen, explorer, firefox, flash player, home, internet, logfile, mozilla, msiinstaller, neustart, prozess, registry, required, rundll, scan, security, services.exe, sierra, software, super, svchost.exe, temp, virus, windows




Ähnliche Themen: Win 7: Gen:Trojan.Heur.RP.mu0@aiAj0hpi (Engine A) enteckt


  1. W 8.1,Trojaner kann von mir nicht entfernt werden.Virus: Trojan.GenericKD.1673711 (Engine A),Virus: Win32.Trojan.Pirpi.A (Engine B)
    Plagegeister aller Art und deren Bekämpfung - 21.08.2014 (3)
  2. [Win XP] botnet: ntp-muliplier; desinfect: Trojan.Script.Iframer, Trojan.Heur.TP, Win.Trojan.Iniduoh, Win.Trojan.Ramnit
    Log-Analyse und Auswertung - 08.02.2014 (16)
  3. Trojan.Heur.FU & Trojan.Heur.AutoIT.1 & Banker.d Worm
    Plagegeister aller Art und deren Bekämpfung - 07.01.2014 (34)
  4. Windows7:Kapersky findet HEUR:Trojan.Win32.generic und Trojan.Downloader.Win32MultiDL (Arbeitspc!)
    Log-Analyse und Auswertung - 15.11.2013 (9)
  5. Win32:Malware-gen [Engine B] und Trojan.GenericKDZ.18343 [Engine A] u.a.
    Log-Analyse und Auswertung - 02.11.2013 (24)
  6. Gen:Trojan.Heur.LP.sz4aaqOrUbbi und Win32.Trojan.Agent.000000
    Plagegeister aller Art und deren Bekämpfung - 18.05.2013 (4)
  7. Gen:Trojan.Heur.GM.0000036090 (Engine A) in spotify.exe
    Plagegeister aller Art und deren Bekämpfung - 24.03.2012 (1)
  8. Infizierte Webseite: Trojan.JS.Agent.EUZ (Engine A), HTML:ImgHack-A [Trj] (Engine B)
    Log-Analyse und Auswertung - 31.01.2012 (1)
  9. Gen: Trojan.Heur.GM.01E0000002 und Trojan.Generic.4033639 von BitDefender Internet Security 2011 gef
    Plagegeister aller Art und deren Bekämpfung - 22.04.2011 (1)
  10. gen.trojan.heur!ik exploit.java.agent!ik trojan.bat.drive by!ik....
    Plagegeister aller Art und deren Bekämpfung - 24.02.2011 (3)
  11. Trojan.Script.23483 (Engine A)
    Plagegeister aller Art und deren Bekämpfung - 09.01.2011 (25)
  12. Trojan.FakeAv.KSP (Engine A)
    Antiviren-, Firewall- und andere Schutzprogramme - 03.03.2010 (3)
  13. Entfernung Trojan.Heur.Vundo.cu4@d4CKyXk sowie Trojan.Tdss.153
    Plagegeister aller Art und deren Bekämpfung - 17.01.2010 (1)
  14. trojan.Win32.Tdss.why (Engine A)
    Plagegeister aller Art und deren Bekämpfung - 30.04.2009 (7)
  15. Win32: Trojan-Gen Delphi Engine B
    Plagegeister aller Art und deren Bekämpfung - 23.10.2008 (2)
  16. Trojan-Spy.HTML.Fraud.gen (Engine A) in outlook.pst
    Plagegeister aller Art und deren Bekämpfung - 20.06.2008 (5)
  17. Trojan-Spy.Win32.Goldun.oz[KAV-Engine]
    Plagegeister aller Art und deren Bekämpfung - 24.04.2007 (7)

Zum Thema Win 7: Gen:Trojan.Heur.RP.mu0@aiAj0hpi (Engine A) enteckt - Verehrte Community, mein Virenscanner hat oben genannten Virus entdeckt und in die Quarantäne geschoben. Wie solls am besten weiter gehen? System: Lenovo Thinkpad T61 OS: Win 7 Home Premium 32 - Win 7: Gen:Trojan.Heur.RP.mu0@aiAj0hpi (Engine A) enteckt...
Archiv
Du betrachtest: Win 7: Gen:Trojan.Heur.RP.mu0@aiAj0hpi (Engine A) enteckt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.