Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Windows 8.1 Prof 64Bit und GVU-Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 01.01.2014, 11:00   #1
Ensi Ferrum
 
Windows 8.1 Prof 64Bit und GVU-Trojaner - Standard

Windows 8.1 Prof 64Bit und GVU-Trojaner



Schönen Guten Morgen und 'n erfolgreiches 2014.

Ich habe mir heute morgen den bekannten GVU-Trojaner eingefangen.
Rechner wurde dann in den abgesicherten Modus mit Eingabeaufforderung gebootet und das FRST-Tool (64-bit) ausgeführt.

FRST.txt:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-12-2013 01
Ran by SYSTEM on MININT-R8V5H4J on 01-01-2014 10:46:50
Running from H:\
Windows 8.1 Pro with Media Center (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-11-08] (NVIDIA Corporation)
HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [ShadowPlay] - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [ProfilerU] - C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek)
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.)
HKLM\...\Run: [Start WingMan Profiler] - C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM-x32\...\Run: [UpdReg] - C:\Windows\Updreg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Sound Blaster Z-Series Control Panel] - C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe [735744 2013-02-27] (Creative Technology Ltd)
HKLM-x32\...\Run: [SystemExplorerAutoStart] - C:\Program Files (x86)\System Explorer\SystemExplorer.exe [2860064 2013-11-30] (Mister Group)
HKU\Ensi\...\Run: [Remote Control Editor] - C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe [1842760 2012-03-22] (Elgato Systems)
HKU\Ensi\...\Run: [SystemExplorerAutoStart] - C:\Program Files (x86)\System Explorer\SystemExplorer.exe [2860064 2013-11-30] (Mister Group)
HKU\Ensi\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [457728 2013-09-30] (Microsoft Corporation)
HKU\Ensi\...\Run: [Media Monkey Remote Server] - C:\Program Files (x86)\MediaMonkey Remote Server\MediaMonkey Remote Server.exe [440320 2013-12-06] (Erlend Dahl)
HKU\Ensi\...\Run: [] - C:\Users\Ensi\AppData\Roaming\okewab [0 2014-01-01] ()
HKU\Ensi\...\Winlogon: [Userinit] C:\Users\Ensi\AppData\Roaming\loadit.exe [595252 2014-01-01] ()
HKU\Ensi\...\Winlogon: [Shell] C:\Users\Ensi\AppData\Roaming\loadit.exe [595252 2014-01-01] () <==== ATTENTION 
IFEO\taskmgr.exe: [Debugger] "C:\Program Files (x86)\System Explorer\SystemExplorer.exe"
Startup: C:\Users\Ensi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft\Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Ensi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk
ShortcutTarget: AutoStarter.lnk ->  (No File)
Startup: C:\Users\Ensi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk
ShortcutTarget: ja.lnk -> C:\windows\system32\config\systemprofile\AppData\Roaming\loadit.exe (No File)
Startup: C:\Users\Ensi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemExplorerDisabled ()

==================== Services (Whitelisted) =================

S2 CLHNServiceForPowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [89864 2013-01-22] (CyberLink Corp.)
S2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [112640 2013-07-03] (Creative Technology Ltd)
S2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-01-22] (CyberLink)
S2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [294664 2013-01-22] (CyberLink)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation)
S2 FWPnpService; C:\Program Files (x86)\Fanatec\Fanatec Wheel\FWPnpService.exe [200704 2013-11-15] ()
S3 HideMyIpSRV; C:\Program Files (x86)\Hide My IP\HideMyIpSrv.exe [3587856 2012-12-11] (Hide My IP)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
S2 MySQL; C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe [7599616 2009-08-18] ()
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [18360 2013-11-11] (Overwolf Ltd)
S2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
S2 PinnacleUpdateSvc; C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe [430080 2011-05-09] (PowerUp Software, LLC)
S2 PnkBstrA; C:\WINDOWS\SysWow64\PnkBstrA.exe [76888 2013-10-31] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [697856 2013-11-10] ()
S3 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [821720 2012-11-25] (Mister Group)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation)
S2 Time; C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe [10752 2013-11-08] (Microsoft)
S2 TVService; C:\Program Files (x86)\Team MediaPortal\MediaPortal TV Server\TVService.exe [232448 2013-11-16] (Team MediaPortal)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
S3 KMSServerService; C:\WINDOWS\System32\KMSServer.exe [x]

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
S3 cthda; C:\Windows\system32\drivers\cthda.sys [1060632 2013-07-03] (Creative Technology Ltd)
S3 cthdb; C:\Windows\system32\DRIVERS\cthdb.sys [34072 2013-07-03] (Creative Technology Ltd)
S3 dvdfab; C:\Windows\System32\drivers\dvdfab.sys [79232 2011-08-15] (Fengtao Software Inc.)
S3 e1cexpress; C:\Windows\system32\DRIVERS\e1c64x64.sys [469264 2013-06-21] (Intel Corporation)
S3 FanatecWheelFilterUsb; C:\Windows\System32\drivers\FWFilterUsb.sys [68272 2013-11-21] (Endor AG)
S3 FWVirtualInputDevice; C:\Windows\System32\drivers\FWVirtualInputDevice.sys [26288 2013-11-21] (Endor AG)
S1 hwinterfacex64; C:\Windows\System32\Drivers\hwinterfacex64.sys [5632 2013-11-18] (Logix4u)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
S3 iDispService; C:\Windows\system32\DRIVERS\idisplayminiport.sys [14248 2012-08-31] (SHAPE Services)
S0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-30] (Microsoft Corporation)
S3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
S3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-08] (Intel Corporation)
S3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S1 networx; C:\Windows\System32\drivers\networx.sys [41976 2013-07-20] (NetFilterSDK.com)
S2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 npusbio; C:\Windows\System32\Drivers\npusbio_x64.sys [38400 2012-07-09] ()
S2 ntk_PowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [83704 2012-09-10] (Cyberlink Corp.)
S3 NVR0Dev; C:\Windows\nvoclk64.sys [39968 2007-09-04] (NVidia Corp.)
S3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2013-03-07] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [9584 2013-03-07] ()
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13480 2013-11-14] ()
S3 SaiHF51A; C:\Windows\system32\DRIVERS\SaiHF51A.sys [175880 2007-05-31] (Saitek)
S3 SaiK0CD0; C:\Windows\system32\DRIVERS\SaiK0CD0.sys [180544 2012-09-20] (Saitek)
S3 SaiMini; C:\Windows\System32\drivers\SaiMini.sys [24680 2012-10-15] (Saitek)
S3 SaiNtBus; C:\Windows\system32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
S3 SaiU0CD0; C:\Windows\System32\drivers\SaiU0CD0.sys [47168 2012-09-20] (Saitek)
S3 SaiUF51A; C:\Windows\system32\DRIVERS\SaiUF51A.sys [34432 2007-05-31] (Saitek)
S3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2013-01-20] (Anchorfree Inc.)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft\Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
S2 {73526619-C24F-470B-9BED-53D455FBB5C6}; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [130320 2013-01-22] (CyberLink Corp.)
S3 WinRing0_1_2_0; \??\D:\--== WINDOWS 8 ==--\Drivers\Logitech\G19\g15sysmon_4.5.0\g15sysmon.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-01 10:46 - 2014-01-01 10:46 - 00000000 ____D C:\FRST
2014-01-01 10:43 - 2014-01-01 10:43 - 00000000 _____ C:\Recovery.txt
2014-01-01 09:44 - 2014-01-01 09:44 - 00595252 _____ C:\Users\Ensi\AppData\Roaming\loadit.exe
2014-01-01 09:42 - 2014-01-01 09:42 - 00001543 _____ C:\Users\Public\Desktop\iLivid.lnk
2014-01-01 09:35 - 2014-01-01 09:35 - 00000000 ____D C:\Users\Ensi\AppData\Roaming\pulauo
2014-01-01 09:34 - 2014-01-01 09:34 - 00000000 ____D C:\Users\Ensi\AppData\Roaming\okewab
2014-01-01 09:20 - 2014-01-01 09:40 - 00000000 ____D C:\Users\Ensi\AppData\Roaming\UseNeXT
2014-01-01 09:20 - 2014-01-01 09:38 - 00000000 ____D C:\Users\Ensi\Documents\UseNeXT
2014-01-01 09:20 - 2014-01-01 09:20 - 00000000 ____D C:\Program Files (x86)\UseNeXT
2013-12-30 23:38 - 2013-12-30 23:38 - 00000000 ____D C:\Program Files (x86)\WinPcap
2013-12-30 23:07 - 2013-12-30 23:07 - 00000000 ____D C:\Program Files\Logitech
2013-12-30 23:01 - 2013-12-30 23:01 - 00000000 ____D C:\Program Files\Logitech Gaming Software
2013-12-30 12:03 - 2013-12-30 12:03 - 00000000 ____D C:\Users\Ensi\AppData\Roaming\InstallShield Installation Information
2013-12-30 12:03 - 2013-12-30 12:03 - 00000000 ____D C:\Users\Ensi\AppData\Roaming\IDMComp
2013-12-30 12:03 - 2013-12-30 12:03 - 00000000 ____D C:\Program Files (x86)\IDM Computer Solutions
2013-12-29 22:11 - 2013-12-30 22:46 - 00000000 ____D C:\Users\Ensi\Documents\LCDHost
2013-12-27 17:48 - 2013-12-27 17:48 - 00000047 _____ C:\Users\Ensi\Documents\mt-x_hook.txt
2013-12-27 17:48 - 2013-12-27 17:48 - 00000007 _____ C:\Users\Ensi\Documents\mt-e_hook.txt
2013-12-27 17:47 - 2013-12-27 17:47 - 00002218 _____ C:\Users\Ensi\Desktop\MegaTrainer eXperience.lnk
2013-12-27 17:47 - 2013-12-27 17:47 - 00002185 _____ C:\Users\Ensi\Desktop\MT-X - Guide.lnk
2013-12-27 17:47 - 2013-12-27 17:47 - 00000000 ____D C:\Program Files (x86)\MegaDev
2013-12-27 15:14 - 2013-12-27 15:14 - 00000000 ____D C:\ProgramData\NuGet
2013-12-27 15:14 - 2013-12-27 15:14 - 00000000 ____D C:\Program Files (x86)\NuGet
2013-12-27 15:08 - 2013-12-27 15:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Web Tools
2013-12-27 15:03 - 2013-12-27 15:03 - 00000000 ____D C:\Users\Ensi\AppData\Roaming\Crytek
2013-12-27 08:04 - 2013-12-27 08:04 - 00000000 ____D C:\Users\Ensi\Downloads\VS2012
2013-12-23 08:41 - 2013-12-23 08:41 - 00001215 _____ C:\Users\Ensi\Documents\BAHN_Fahrplan.ics
2013-12-17 18:14 - 2013-12-17 18:14 - 00000000 ____D C:\Windows\LastGood.Tmp
2013-12-17 18:14 - 2013-12-05 09:42 - 00039200 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvvad64v.sys
2013-12-17 18:14 - 2013-12-05 09:42 - 00032544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-12-15 16:16 - 2013-11-12 00:41 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-12-15 16:16 - 2013-11-12 00:40 - 00249856 _____ (Microsoft Corporation) C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-12-15 16:16 - 2013-11-12 00:27 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2013-12-15 16:16 - 2013-11-12 00:24 - 00840704 _____ (Microsoft Corporation) C:\Windows\System32\WSShared.dll
2013-12-15 16:16 - 2013-11-11 03:48 - 00039768 ____C (Microsoft Corporation) C:\Windows\System32\Drivers\intelpep.sys
2013-12-15 16:16 - 2013-11-09 12:55 - 00325464 ____C (Microsoft Corporation) C:\Windows\System32\Drivers\USBXHCI.SYS
2013-12-15 16:16 - 2013-11-09 07:37 - 01756160 _____ (Microsoft Corporation) C:\Windows\System32\WMPDMC.exe
2013-12-15 16:16 - 2013-11-09 06:56 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPDMC.exe
2013-12-15 16:16 - 2013-11-08 11:26 - 00358896 _____ (Microsoft Corporation) C:\Windows\System32\dcomp.dll
2013-12-15 16:16 - 2013-11-08 06:23 - 00449024 _____ (Microsoft Corporation) C:\Windows\System32\appmgr.dll
2013-12-15 16:16 - 2013-11-08 05:43 - 00254464 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentClient.dll
2013-12-15 16:16 - 2013-11-08 05:42 - 00366080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appmgr.dll
2013-12-15 16:16 - 2013-11-08 05:28 - 13177344 _____ (Microsoft Corporation) C:\Windows\System32\twinui.dll
2013-12-15 16:16 - 2013-11-08 05:26 - 11674624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2013-12-15 16:16 - 2013-11-08 05:16 - 00225792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dcomp.dll
2013-12-15 16:16 - 2013-11-08 05:15 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
2013-12-15 16:16 - 2013-11-08 05:07 - 00115712 _____ (Microsoft Corporation) C:\Windows\System32\winbici.dll
2013-12-15 16:16 - 2013-11-08 04:41 - 01302528 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentServer.dll
2013-12-15 16:16 - 2013-11-08 04:14 - 00922624 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentExtensions.dll
2013-12-15 16:16 - 2013-11-05 15:19 - 00566784 _____ (Microsoft Corporation) C:\Windows\System32\wpncore.dll
2013-12-15 16:16 - 2013-11-05 15:03 - 00637952 _____ (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
2013-12-15 16:16 - 2013-11-05 14:57 - 00479744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2013-12-15 16:16 - 2013-11-05 14:33 - 00584192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
2013-12-15 16:16 - 2013-11-05 14:32 - 00744448 _____ (Microsoft Corporation) C:\Windows\System32\SettingSyncCore.dll
2013-12-15 16:16 - 2013-11-04 18:13 - 01530200 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-12-15 16:16 - 2013-11-04 18:13 - 00382808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-12-15 16:16 - 2013-11-04 14:07 - 01843712 _____ (Microsoft Corporation) C:\Windows\System32\Display.dll
2013-12-15 16:16 - 2013-11-04 12:50 - 02143744 _____ (Microsoft Corporation) C:\Windows\System32\dwmcore.dll
2013-12-15 16:16 - 2013-11-04 11:32 - 02570240 _____ (Microsoft Corporation) C:\Windows\System32\SettingsHandlers.dll
2013-12-15 16:16 - 2013-11-04 03:28 - 01816576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Display.dll
2013-12-15 16:16 - 2013-11-04 02:30 - 01765376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2013-12-15 16:16 - 2013-11-01 12:39 - 00086872 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pdc.sys
2013-12-15 16:16 - 2013-11-01 07:08 - 00747008 _____ (Microsoft Corporation) C:\Windows\System32\wlidcli.dll
2013-12-15 16:16 - 2013-11-01 06:57 - 00544768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlidcli.dll
2013-12-15 16:16 - 2013-10-31 01:58 - 00372568 ____C (Microsoft Corporation) C:\Windows\System32\Drivers\spaceport.sys
2013-12-15 16:16 - 2013-10-31 01:42 - 07399256 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-12-15 16:16 - 2013-10-31 01:33 - 01642016 _____ (Microsoft Corporation) C:\Windows\System32\winload.efi
2013-12-15 16:16 - 2013-10-31 01:33 - 01506680 _____ (Microsoft Corporation) C:\Windows\System32\winload.exe
2013-12-15 16:16 - 2013-10-31 01:33 - 01476184 _____ (Microsoft Corporation) C:\Windows\System32\winresume.efi
2013-12-15 16:16 - 2013-10-31 01:33 - 01345536 _____ (Microsoft Corporation) C:\Windows\System32\winresume.exe
2013-12-15 16:16 - 2013-10-26 02:54 - 00146776 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\SerCx2.sys
2013-12-15 16:16 - 2013-10-24 10:31 - 00030208 _____ (Microsoft Corporation) C:\Windows\System32\CredentialMigrationHandler.dll
2013-12-15 16:16 - 2013-10-24 10:12 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CredentialMigrationHandler.dll
2013-12-15 16:16 - 2013-10-17 12:21 - 02896896 _____ (Microsoft Corporation) C:\Windows\System32\msftedit.dll
2013-12-15 16:16 - 2013-10-17 11:36 - 02266624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2013-12-15 16:16 - 2013-10-05 15:21 - 02140888 _____ (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-12-15 16:16 - 2013-10-05 15:21 - 00516496 _____ (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-12-15 16:16 - 2013-10-05 13:05 - 01765384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-12-15 16:16 - 2013-10-05 13:05 - 00406400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-12-12 21:09 - 2013-12-12 21:09 - 00002717 _____ C:\Users\Public\Desktop\Fanatec Wheel Property Page.lnk
2013-12-12 20:00 - 2013-12-12 20:00 - 00000000 ____D C:\ProgramData\PowerUp Software
2013-12-12 19:25 - 2014-01-01 09:46 - 00119296 _____ C:\Windows\SysWOW64\zlib.dll
2013-12-12 19:25 - 2013-12-12 19:25 - 00000000 ____D C:\Program Files (x86)\PowerUp Software
2013-12-12 19:25 - 2009-09-21 11:22 - 01227264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dx8vb.dll
2013-12-12 19:25 - 2008-04-13 19:11 - 00619008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dx7vb.dll
2013-12-12 19:25 - 2008-01-13 19:59 - 00036864 _____ C:\Windows\SysWOW64\dxinputdll.dll
2013-12-12 19:25 - 2008-01-13 16:36 - 00091632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dsofile.dll
2013-12-12 19:25 - 2007-12-26 22:33 - 00608448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COMCTL32.OCX
2013-12-12 19:25 - 2007-04-11 10:11 - 00511328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capicom.dll
2013-12-12 19:25 - 2004-03-09 18:45 - 00212240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RICHTX32.OCX
2013-12-12 19:25 - 2003-01-26 13:41 - 00040960 _____ (vbAccelerator) C:\Windows\SysWOW64\SSubTmr6.dll
2013-12-12 19:25 - 2002-08-09 11:18 - 00045056 ____N (Microsoft) C:\Windows\SysWOW64\NTSVC.ocx
2013-12-12 19:25 - 2001-04-05 06:43 - 00094208 ___RS (Microsoft Corporation) C:\Windows\SysWOW64\msstkprp.dll
2013-12-12 19:25 - 2000-12-06 02:00 - 00109248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswinsck.ocx
2013-12-12 19:25 - 2000-04-03 20:52 - 00164144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comct232.ocx
2013-12-12 19:25 - 1999-05-17 13:55 - 00057344 ____N () C:\Windows\SysWOW64\ADsSecurity.dll
2013-12-12 19:24 - 2013-12-12 19:24 - 00000000 ____D C:\ProgramData\SmartTechnology
2013-12-12 19:19 - 2013-11-23 04:32 - 04105728 _____ (Microsoft Corporation) C:\Windows\System32\SyncEngine.dll
2013-12-12 19:19 - 2013-11-23 04:10 - 00568832 _____ (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
2013-12-12 19:14 - 2013-11-23 05:34 - 00393216 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-12-12 19:14 - 2013-11-23 05:13 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-12 19:14 - 2013-10-19 09:53 - 00075360 _____ (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2013-12-12 19:14 - 2013-10-19 08:14 - 00070680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-12 18:58 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-12-12 18:58 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-12 18:58 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-12-12 18:58 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-12-12 18:58 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-12 18:58 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-12-12 18:58 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-12 18:58 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-12-12 18:58 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-12-12 18:58 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-12 18:58 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-12 18:58 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-12-12 18:58 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-12-12 18:58 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-12-12 18:58 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-12 18:58 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-12 18:58 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-12 18:58 - 2013-11-09 07:34 - 00615936 _____ (Microsoft Corporation) C:\Windows\System32\MDMAgent.exe
2013-12-12 18:58 - 2013-11-09 07:34 - 00287744 _____ (Microsoft Corporation) C:\Windows\System32\mdmregistration.dll
2013-12-12 18:58 - 2013-11-09 06:52 - 00240128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mdmregistration.dll
2013-12-12 18:58 - 2013-11-08 08:21 - 04191744 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-12-12 18:58 - 2013-10-15 09:54 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\scrrun.dll
2013-12-12 18:58 - 2013-10-15 09:03 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-06 15:53 - 2013-12-31 21:16 - 00000000 ____D C:\Users\Ensi\AppData\Roaming\MediaMonkey Remote
2013-12-06 15:53 - 2013-12-06 15:53 - 00000000 ____D C:\Program Files (x86)\MediaMonkey Remote Server
2013-12-06 14:11 - 2013-12-30 11:38 - 00000000 ____D C:\Users\Ensi\AppData\Roaming\MediaMonkey
2013-12-06 14:11 - 2013-12-06 14:11 - 00000000 ____D C:\ProgramData\MediaMonkey
2013-12-06 13:59 - 2013-12-13 19:13 - 00000000 ____D C:\Program Files (x86)\MediaMonkey
2013-12-06 13:59 - 2013-12-06 14:10 - 00000000 ____D C:\Users\Ensi\AppData\Local\MediaMonkey

==================== One Month Modified Files and Folders =======

2014-01-01 10:46 - 2014-01-01 10:46 - 00000000 ____D C:\FRST
2014-01-01 10:43 - 2014-01-01 10:43 - 00000000 _____ C:\Recovery.txt
2014-01-01 10:42 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-01 10:40 - 2013-10-20 10:20 - 00000000 ____D C:\users\Ensi
2014-01-01 10:39 - 2012-10-31 13:47 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-01 09:46 - 2013-12-12 19:25 - 00119296 _____ C:\Windows\SysWOW64\zlib.dll
2014-01-01 09:44 - 2014-01-01 09:44 - 00595252 _____ C:\Users\Ensi\AppData\Roaming\loadit.exe
2014-01-01 09:44 - 2013-11-28 01:23 - 00003024 _____ C:\Windows\System32\Tasks\MSIAfterburner
2014-01-01 09:42 - 2014-01-01 09:42 - 00001543 _____ C:\Users\Public\Desktop\iLivid.lnk
2014-01-01 09:41 - 2012-11-01 09:44 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{6196C6D3-8C88-4701-B569-A5F8B9EE86BA}
2014-01-01 09:40 - 2014-01-01 09:20 - 00000000 ____D C:\Users\Ensi\AppData\Roaming\UseNeXT
2014-01-01 09:38 - 2014-01-01 09:20 - 00000000 ____D C:\Users\Ensi\Documents\UseNeXT
2014-01-01 09:35 - 2014-01-01 09:35 - 00000000 ____D C:\Users\Ensi\AppData\Roaming\pulauo
2014-01-01 09:34 - 2014-01-01 09:34 - 00000000 ____D C:\Users\Ensi\AppData\Roaming\okewab
2014-01-01 09:27 - 2013-10-20 10:15 - 01630661 _____ C:\Windows\WindowsUpdate.log
2014-01-01 09:20 - 2014-01-01 09:20 - 00000000 ____D C:\Program Files (x86)\UseNeXT
2014-01-01 09:18 - 2013-07-10 17:51 - 00000000 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for TURBINCHEN-Ensi Turbinchen
2014-01-01 09:08 - 2013-10-20 11:55 - 00000000 __RDO C:\Users\Ensi\SkyDrive
2014-01-01 09:07 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\System32\sru
2013-12-31 21:16 - 2013-12-06 15:53 - 00000000 ____D C:\Users\Ensi\AppData\Roaming\MediaMonkey Remote
2013-12-31 18:35 - 2013-10-30 18:45 - 00000000 ____D C:\Users\Ensi\AppData\Local\dxhr
2013-12-31 12:44 - 2012-10-31 16:57 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-12-31 12:19 - 2012-10-31 13:30 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-751427061-3682948814-280702160-1001
2013-12-31 12:11 - 2012-10-31 16:57 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-12-31 12:08 - 2012-10-31 15:04 - 00000000 ____D C:\Program Files (x86)\Origin
2013-12-31 12:07 - 2013-07-04 19:46 - 00003854 _____ C:\Windows\System32\Tasks\G19_Sys
2013-12-31 11:59 - 2013-09-29 20:05 - 00005064 _____ C:\Windows\PFRO.log
2013-12-31 11:59 - 2012-12-21 19:49 - 774415239 _____ C:\Windows\MEMORY.DMP
2013-12-31 11:46 - 2012-11-04 02:03 - 00000000 ____D C:\Users\Ensi\AppData\Roaming\Notepad++
2013-12-31 11:46 - 2012-11-04 02:03 - 00000000 ____D C:\Program Files (x86)\Notepad++
2013-12-30 23:38 - 2013-12-30 23:38 - 00000000 ____D C:\Program Files (x86)\WinPcap
2013-12-30 23:07 - 2013-12-30 23:07 - 00000000 ____D C:\Program Files\Logitech
2013-12-30 23:01 - 2013-12-30 23:01 - 00000000 ____D C:\Program Files\Logitech Gaming Software
2013-12-30 22:48 - 2013-08-22 14:25 - 00524288 ___SH C:\Windows\System32\config\BBI
2013-12-30 22:47 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\Help
2013-12-30 22:46 - 2013-12-29 22:11 - 00000000 ____D C:\Users\Ensi\Documents\LCDHost
2013-12-30 22:33 - 2013-11-03 19:56 - 00691488 _____ C:\Windows\System32\perfh007.dat
2013-12-30 22:33 - 2013-11-03 19:56 - 00136678 _____ C:\Windows\System32\perfc007.dat
2013-12-30 22:33 - 2013-09-30 05:14 - 01630600 _____ C:\Windows\System32\PerfStringBackup.INI
2013-12-30 12:03 - 2013-12-30 12:03 - 00000000 ____D C:\Users\Ensi\AppData\Roaming\InstallShield Installation Information
2013-12-30 12:03 - 2013-12-30 12:03 - 00000000 ____D C:\Users\Ensi\AppData\Roaming\IDMComp
2013-12-30 12:03 - 2013-12-30 12:03 - 00000000 ____D C:\Program Files (x86)\IDM Computer Solutions
2013-12-30 12:02 - 2012-11-16 22:46 - 00000000 ____D C:\Users\Ensi\AppData\Local\Downloaded Installations
2013-12-30 11:38 - 2013-12-06 14:11 - 00000000 ____D C:\Users\Ensi\AppData\Roaming\MediaMonkey
2013-12-27 18:35 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness
2013-12-27 17:48 - 2013-12-27 17:48 - 00000047 _____ C:\Users\Ensi\Documents\mt-x_hook.txt
2013-12-27 17:48 - 2013-12-27 17:48 - 00000007 _____ C:\Users\Ensi\Documents\mt-e_hook.txt
2013-12-27 17:47 - 2013-12-27 17:47 - 00002218 _____ C:\Users\Ensi\Desktop\MegaTrainer eXperience.lnk
2013-12-27 17:47 - 2013-12-27 17:47 - 00002185 _____ C:\Users\Ensi\Desktop\MT-X - Guide.lnk
2013-12-27 17:47 - 2013-12-27 17:47 - 00000000 ____D C:\Program Files (x86)\MegaDev
2013-12-27 15:21 - 2012-11-25 16:09 - 00000000 ____D C:\Users\Ensi\Documents\Visual Studio 2012
2013-12-27 15:17 - 2012-11-25 15:54 - 00000000 ____D C:\ProgramData\Package Cache
2013-12-27 15:14 - 2013-12-27 15:14 - 00000000 ____D C:\ProgramData\NuGet
2013-12-27 15:14 - 2013-12-27 15:14 - 00000000 ____D C:\Program Files (x86)\NuGet
2013-12-27 15:09 - 2013-12-27 15:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Web Tools
2013-12-27 15:03 - 2013-12-27 15:03 - 00000000 ____D C:\Users\Ensi\AppData\Roaming\Crytek
2013-12-27 08:04 - 2013-12-27 08:04 - 00000000 ____D C:\Users\Ensi\Downloads\VS2012
2013-12-26 20:15 - 2013-08-22 15:46 - 00350874 _____ C:\Windows\setupact.log
2013-12-24 11:00 - 2012-11-03 16:50 - 00000826 _____ C:\Users\Public\FW-FFB.log
2013-12-24 11:00 - 2012-11-03 16:50 - 00000528 _____ C:\Users\Public\FW-Error.log
2013-12-23 23:51 - 2013-01-03 08:17 - 00000000 ____D C:\Users\Ensi\AppData\Local\Paint.NET
2013-12-23 08:41 - 2013-12-23 08:41 - 00001215 _____ C:\Users\Ensi\Documents\BAHN_Fahrplan.ics
2013-12-22 20:42 - 2013-06-02 13:41 - 00000000 ____D C:\Users\Ensi\AppData\Roaming\FanaLEDs
2013-12-22 20:41 - 2013-06-02 13:41 - 00000000 ____D C:\Program Files (x86)\FanaLEDs
2013-12-20 11:21 - 2013-10-25 19:26 - 00000000 ____D C:\Users\Ensi\Valley
2013-12-20 11:20 - 2012-10-31 13:55 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-18 22:57 - 2013-07-10 13:17 - 00000000 ____D C:\Windows\System32\MRT
2013-12-18 22:56 - 2012-12-13 01:42 - 90708896 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-12-17 18:14 - 2013-12-17 18:14 - 00000000 ____D C:\Windows\LastGood.Tmp
2013-12-16 19:55 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\rescache
2013-12-16 04:05 - 2013-08-22 16:36 - 00000000 ___RD C:\Windows\ToastData
2013-12-16 04:05 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\WinStore
2013-12-16 04:05 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\MediaViewer
2013-12-16 04:05 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\FileManager
2013-12-16 04:05 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\Camera
2013-12-13 21:53 - 2013-09-13 11:36 - 00000000 ____D C:\Users\Ensi\AppData\Local\Arma 3
2013-12-13 19:13 - 2013-12-06 13:59 - 00000000 ____D C:\Program Files (x86)\MediaMonkey
2013-12-12 21:09 - 2013-12-12 21:09 - 00002717 _____ C:\Users\Public\Desktop\Fanatec Wheel Property Page.lnk
2013-12-12 21:09 - 2012-11-03 16:50 - 00313653 _____ C:\Windows\System32\FwCspSetup.log
2013-12-12 20:00 - 2013-12-12 20:00 - 00000000 ____D C:\ProgramData\PowerUp Software
2013-12-12 20:00 - 2013-08-22 15:44 - 00495440 _____ C:\Windows\System32\FNTCACHE.DAT
2013-12-12 19:57 - 2012-11-19 16:35 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-12 19:42 - 2012-11-03 10:07 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2013-12-12 19:41 - 2013-10-25 18:23 - 00000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2013-12-12 19:25 - 2013-12-12 19:25 - 00000000 ____D C:\Program Files (x86)\PowerUp Software
2013-12-12 19:24 - 2013-12-12 19:24 - 00000000 ____D C:\ProgramData\SmartTechnology
2013-12-12 19:23 - 2012-10-31 14:10 - 00000000 ____D C:\Program Files\SmartTechnology
2013-12-12 19:07 - 2012-10-31 13:55 - 00000000 ____D C:\Users\Ensi\AppData\Roaming\Logishrd
2013-12-10 03:13 - 2013-10-29 17:54 - 01100248 _____ (NVIDIA Corporation) C:\Windows\System32\nvspcap64.dll
2013-12-10 03:13 - 2013-10-29 17:54 - 00982232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2013-12-06 17:52 - 2013-03-03 15:00 - 00000000 ____D C:\Users\Ensi\AppData\Roaming\vlc
2013-12-06 15:54 - 2012-10-31 13:19 - 00000000 ____D C:\Users\Ensi\AppData\Local\Packages
2013-12-06 15:53 - 2013-12-06 15:53 - 00000000 ____D C:\Program Files (x86)\MediaMonkey Remote Server
2013-12-06 14:11 - 2013-12-06 14:11 - 00000000 ____D C:\ProgramData\MediaMonkey
2013-12-06 14:10 - 2013-12-06 13:59 - 00000000 ____D C:\Users\Ensi\AppData\Local\MediaMonkey
2013-12-05 09:42 - 2013-12-17 18:14 - 00039200 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvvad64v.sys
2013-12-05 09:42 - 2013-12-17 18:14 - 00032544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-12-05 09:42 - 2013-08-07 09:28 - 00035104 _____ (NVIDIA Corporation) C:\Windows\System32\nvaudcap64v.dll
2013-12-04 16:32 - 2012-11-13 17:53 - 00000000 ____D C:\Program Files (x86)\System Explorer
2013-12-04 01:05 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-04 01:05 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-02 19:53 - 2013-01-25 13:38 - 00000000 ____D C:\Users\Ensi\AppData\Local\NVIDIA
2013-12-02 19:47 - 2013-10-20 10:15 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-12-02 19:47 - 2013-08-15 08:15 - 00000000 ____D C:\Users\Ensi\AppData\Local\NVIDIA Corporation
2013-12-02 19:46 - 2013-10-20 10:15 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-12-02 19:46 - 2013-10-20 10:15 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation

Some content of TEMP:
====================
C:\Users\Ensi\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Ensi\AppData\Local\Temp\npp.6.5.1.Installer.exe
C:\Users\Ensi\AppData\Local\Temp\npp.6.5.2.Installer.exe
C:\Users\Ensi\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Ensi\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Ensi\AppData\Local\Temp\nvStInst.exe
C:\Users\Ensi\AppData\Local\Temp\sonarinst.exe
C:\Users\Ensi\AppData\Local\Temp\uninstall-temp.exe
C:\Users\Ensi\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Ensi\AppData\Local\Temp\{408E1E47-10A9-4D6B-A61E-5ED8196AC485}-30.0.1599.101_chrome_installer.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-12-17 18:15:57
Restore point made on: 2013-12-19 22:54:25
Restore point made on: 2013-12-27 07:42:16
Restore point made on: 2013-12-27 07:44:47
Restore point made on: 2013-12-27 07:56:55
Restore point made on: 2013-12-27 08:20:13
Restore point made on: 2013-12-27 11:38:27
Restore point made on: 2013-12-30 12:02:56
Restore point made on: 2014-01-01 10:42:00

==================== Memory info =========================== 

Percentage of memory in use: 12%
Total physical RAM: 8159.13 MB
Available physical RAM: 7125.49 MB
Total Pagefile: 8159.13 MB
Available Pagefile: 7147.75 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB

==================== Drives ================================

Drive c: (Win8) (Fixed) (Total:347.12 GB) (Free:242.52 GB) NTFS
Drive d: (MISC) (Fixed) (Total:465.76 GB) (Free:133.99 GB) NTFS
Drive e: (VAULT) (Fixed) (Total:931.51 GB) (Free:134.11 GB) NTFS
Drive f: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (THRASH) (Fixed) (Total:931.51 GB) (Free:182.37 GB) NTFS
Drive h: (TEST_TOOLS) (Removable) (Total:3.61 GB) (Free:0.65 GB) NTFS
Drive i: (TV Rec) (Fixed) (Total:496.71 GB) (Free:71.53 GB) NTFS
Drive j: (Falcon4.0) (Fixed) (Total:87.59 GB) (Free:84.58 GB) NTFS
Drive l: (PC-WELT_IT-Wisse) (CDROM) (Total:3.47 GB) (Free:0 GB) CDFS
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.49 GB) NTFS
Drive y: (MEDIA) (Fixed) (Total:931.51 GB) (Free:275.64 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 2B7ECA76)
Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 466 GB) (Disk ID: 02CD0FA5)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 932 GB) (Disk ID: 0FCD5502)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: EA49EF8C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=497 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=88 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=347 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 8C0DA820)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (MBR Code: Windows 7 or 8) (Size: 4 GB) (Disk ID: 256227CD)
Partition 1: (Active) - (Size=4 GB) - (Type=07 NTFS)


LastRegBack: 2013-12-31 12:18

==================== End Of Log ============================
         
Wie geht es nun weiter?
Danke schon mal im vorraus.

Alt 01.01.2014, 12:13   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8.1 Prof 64Bit und GVU-Trojaner - Standard

Windows 8.1 Prof 64Bit und GVU-Trojaner



hi,

Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKU\Ensi\...\Run: [] - C:\Users\Ensi\AppData\Roaming\okewab [0 2014-01-01] ()
HKU\Ensi\...\Winlogon: [Userinit] C:\Users\Ensi\AppData\Roaming\loadit.exe [595252 2014-01-01] ()
HKU\Ensi\...\Winlogon: [Shell] C:\Users\Ensi\AppData\Roaming\loadit.exe [595252 2014-01-01] () <==== ATTENTION 
Startup: C:\Users\Ensi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk
ShortcutTarget: AutoStarter.lnk ->  (No File)
Startup: C:\Users\Ensi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk
ShortcutTarget: ja.lnk -> C:\windows\system32\config\systemprofile\AppData\Roaming\loadit.exe (No File)
Startup: C:\Users\Ensi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemExplorerDisabled ()
C:\Users\Ensi\AppData\Roaming\okewab
C:\Users\Ensi\AppData\Roaming\loadit.exe
         
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.


Rechner normal starten
__________________

__________________

Alt 01.01.2014, 12:27   #3
Ensi Ferrum
 
Windows 8.1 Prof 64Bit und GVU-Trojaner - Standard

Windows 8.1 Prof 64Bit und GVU-Trojaner



Rechner startet eben neu,
Desktop seh ich nun wieder.

Defender macht nun 'n vollständigen Scan,
Stinger lass ich danach noch d'rüber rennen.

THX für die schnelle Hilfe.

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-12-2013 01
Ran by SYSTEM at 2014-01-01 12:22:10 Run:1
Running from H:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
HKU\Ensi\...\Run: [] - C:\Users\Ensi\AppData\Roaming\okewab [0 2014-01-01] ()
HKU\Ensi\...\Winlogon: [Userinit] C:\Users\Ensi\AppData\Roaming\loadit.exe [595252 2014-01-01] ()
HKU\Ensi\...\Winlogon: [Shell] C:\Users\Ensi\AppData\Roaming\loadit.exe [595252 2014-01-01] () <==== ATTENTION 
Startup: C:\Users\Ensi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk
ShortcutTarget: AutoStarter.lnk ->  (No File)
Startup: C:\Users\Ensi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk
ShortcutTarget: ja.lnk -> C:\windows\system32\config\systemprofile\AppData\Roaming\loadit.exe (No File)
Startup: C:\Users\Ensi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemExplorerDisabled ()
C:\Users\Ensi\AppData\Roaming\okewab
C:\Users\Ensi\AppData\Roaming\loadit.exe
         
*****************

HKU\Ensi\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.
HKU\Ensi\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => Value deleted successfully.
HKU\Ensi\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\Users\Ensi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk => Moved successfully.
ShortcutTarget: AutoStarter.lnk ->  (No File) not found.
C:\Users\Ensi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk => Moved successfully.
C:\windows\system32\config\systemprofile\AppData\Roaming\loadit.exe not found.
"C:\Users\Ensi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemExplorerDisabled" => Could not move.
C:\Users\Ensi\AppData\Roaming\okewab => Moved successfully.
C:\Users\Ensi\AppData\Roaming\loadit.exe => Moved successfully.

==== End of Fixlog ====
         
__________________

Alt 02.01.2014, 08:53   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8.1 Prof 64Bit und GVU-Trojaner - Standard

Windows 8.1 Prof 64Bit und GVU-Trojaner



Ab jetzt alles im normalen Modus:


Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Windows 8.1 Prof 64Bit und GVU-Trojaner
.dll, adobe, association, computer, defender, desktop, dll, explorer, gvu-trojaner, installation, kmspico, launch, loadit.exe, microsoft, monitor, nvbackend, nvidia, performance, registry, remote control, rundll, scan, server, server.exe, software, sound, svchost.exe, system, tcp, windows, windows 8.1, winlogon, winlogon.exe




Ähnliche Themen: Windows 8.1 Prof 64Bit und GVU-Trojaner


  1. Win7 Prof 64bit in Gefahr?: Win32/DownloadSponsor & OpenCandy sowie Java Cache 6.0 multiple threats
    Log-Analyse und Auswertung - 21.10.2013 (1)
  2. Windows 8 64bit GVU-Trojaner
    Log-Analyse und Auswertung - 27.08.2013 (9)
  3. GVU Trojaner Windows 7 64bit
    Log-Analyse und Auswertung - 03.06.2013 (13)
  4. BKA-Trojaner V. 1.15 - Windows 7 64bit
    Log-Analyse und Auswertung - 25.09.2012 (10)
  5. GVU Trojaner auf Windows 7 64bit
    Log-Analyse und Auswertung - 24.09.2012 (1)
  6. GVU 2.07 Trojaner, Windows 7, 64bit
    Log-Analyse und Auswertung - 17.09.2012 (4)
  7. GVU-Trojaner 2.07 / Windows 7 64bit
    Log-Analyse und Auswertung - 06.09.2012 (13)
  8. GVU-Trojaner 2.07 auf Windows 7 (64bit)
    Log-Analyse und Auswertung - 30.08.2012 (12)
  9. GVU Trojaner - Windows XP Prof.
    Log-Analyse und Auswertung - 24.08.2012 (8)
  10. Windows 7 (64bit): BKA-Trojaner v. 2.07
    Plagegeister aller Art und deren Bekämpfung - 07.08.2012 (16)
  11. GVU Trojaner eingefangen, Windows 7 prof. 64 bit
    Plagegeister aller Art und deren Bekämpfung - 07.08.2012 (16)
  12. gvu trojaner 2.07 auf windows 7 64bit
    Log-Analyse und Auswertung - 30.07.2012 (3)
  13. AKM Trojaner Windows XP Prof.
    Log-Analyse und Auswertung - 24.06.2012 (1)
  14. Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner)
    Plagegeister aller Art und deren Bekämpfung - 07.05.2012 (19)
  15. Microsoft Windows XP Prof Ver 2002 Verschlüsselungs-Trojaner 4096Bit
    Log-Analyse und Auswertung - 04.05.2012 (5)
  16. Windows XP Prof. Installation
    Alles rund um Windows - 23.07.2006 (8)
  17. Windows XP Prof Benutzerverwaltung
    Alles rund um Windows - 18.02.2003 (4)

Zum Thema Windows 8.1 Prof 64Bit und GVU-Trojaner - Schönen Guten Morgen und 'n erfolgreiches 2014. Ich habe mir heute morgen den bekannten GVU-Trojaner eingefangen. Rechner wurde dann in den abgesicherten Modus mit Eingabeaufforderung gebootet und das FRST-Tool (64-bit) - Windows 8.1 Prof 64Bit und GVU-Trojaner...
Archiv
Du betrachtest: Windows 8.1 Prof 64Bit und GVU-Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.