Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Win8 Trojaner eingefangen?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 20.01.2014, 21:16   #1
Ryan918
 
Win8 Trojaner eingefangen? - Standard

Win8 Trojaner eingefangen?



Hallo,
habe mir heute eine Datei ( sog. MOD = Modifikation) für ein Spiel heruntergeladen welche von Kaspersky gleich nach dem Entpacken durch 7zip. als Trojan-Ransom.Win32.Blocker.czff indentifiziert hat. Kaspersky hat diesen laut Meldung sofort gelöscht und eine Sicherungskopie in die Qarantäne erstellt.
Nebenbei:
Ich habe gerade erst extra aus diesem Grund ein Konto hier erstellt und kenne mich daher noch nicht so aus.
Einer daraufhinfolgenden Schnell-Untersuchung zufolge sind keine Schadprogramme mehr auf dem PC.
Ich habe im moment noch die Komplett Untersuchung am laufen...
Was mich während dieser verunsichert:
Der Computer scheint immer mal wieder in kurzen abständen zu ruckeln! Liegt dass nun an der Untersuchung?
Und gibt es noch etwas zu tuen?

Hoffe auf schnelle Hilfe ( Ich mache mir ganz schön Sorgen)

Gruß Ryan918

Alt 20.01.2014, 21:18   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Win8 Trojaner eingefangen? - Standard

Win8 Trojaner eingefangen?



Das kann an der Untersuchung liegen.

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 20.01.2014, 21:28   #3
Ryan918
 
Win8 Trojaner eingefangen? - Standard

Win8 Trojaner eingefangen?



Hallo,
erstmal herzlichen Dank für die schnelle Antwort.
Ich hab sie al als Anhang hinzugefügt, hoffe das passt so!
__________________
Angehängte Dateien
Dateityp: txt FRST.txt (42,9 KB, 166x aufgerufen)
Dateityp: txt Addition.txt (17,4 KB, 136x aufgerufen)

Alt 21.01.2014, 11:17   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Win8 Trojaner eingefangen? - Standard

Win8 Trojaner eingefangen?



Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.


So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 21.01.2014, 15:17   #5
Ryan918
 
Win8 Trojaner eingefangen? - Standard

Win8 Trojaner eingefangen?



Hi,
okay hier also:

FRST.txt

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2014 04
Ran by Nic (administrator) on NICSLAPTOP on 20-01-2014 22:21:24
Running from C:\Users\Nic\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Akamai Technologies, Inc.) C:\Users\Nic\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Nic\AppData\Local\Akamai\netsession_win.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Wistron) C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WButton.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13267016 2013-01-29] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1276488 2013-01-18] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [11733888 2012-12-03] (Motorola Solutions, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-16] (Synaptics Incorporated)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-20] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Service] - C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [258592 2012-11-27] (CyberLink Corp.)
HKLM-x32\...\Run: [HotkeyApp] - C:\Program Files (x86)\Launch Manager\HotkeyApp.exe [320824 2012-08-16] (Wistron)
HKLM-x32\...\Run: [LMgrVolOSD] - C:\Program Files (x86)\Launch Manager\OSD.exe [348960 2012-08-13] (Wistron Corp.)
HKLM-x32\...\Run: [Wbutton] - C:\Program Files (x86)\Launch Manager\Wbutton.exe [388408 2012-08-13] (Wistron Corp.)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\runner_avp.exe [24504 2012-10-04] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3806544 2013-11-29] (LogMeIn Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1815464 2014-01-07] (Valve Corporation)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Nic\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_170_Plugin.exe -update plugin [839560 2013-12-11] (Adobe Systems Incorporated)
MountPoints2: I - "I:\Setup.exe" 
HKU\UpdatusUser\...\Run: [AppLauncher] - C:\Program Files (x86)\Medion MediaPack 3\Ashampoo AppLauncher (Medion)\AppLauncher.exe [969656 2012-08-10] (Ashampoo)
HKU\UpdatusUser\...\Run: [Power2GoExpress8] - NA
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-01-18] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-01-18] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
SearchScopes: HKCU - DefaultScope {A52E9410-439B-4B56-979B-E8DD75BB1959} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKCU - {A52E9410-439B-4B56-979B-E8DD75BB1959} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Nic\AppData\Roaming\Mozilla\Firefox\Profiles\w55zh353.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Battlefield Play4Free - C:\Users\Nic\AppData\Roaming\Mozilla\Firefox\Profiles\w55zh353.default\Extensions\battlefieldplay4free@ea.com [2013-07-03]
FF Extension: GFACE Experience Plugin - C:\Users\Nic\AppData\Roaming\Mozilla\Firefox\Profiles\w55zh353.default\Extensions\cryenginebrowserplugin@crytek.com [2013-09-26]
FF Extension: WOT - C:\Users\Nic\AppData\Roaming\Mozilla\Firefox\Profiles\w55zh353.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-27]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013-02-01]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013-02-01]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013-02-01]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013-02-01]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013-02-01]

==================== Services (Whitelisted) =================

U2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-09] (Kaspersky Lab ZAO)
U2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink)
U2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink)
U2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
U2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
U2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-10-11] (LogMeIn, Inc.)
U3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-12-03] ()
U2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)
U2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-27] ()
U2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [283032 2014-01-20] ()
U2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
U2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [72512 2013-12-09] (IObit)
U3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
U3 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [118560 2012-08-13] (Wistron Corp.)
U2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386160 2012-12-03] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

U3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
U3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [131968 2012-10-30] (Motorola Solutions, Inc.)
U3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1342848 2012-12-03] (Motorola Solutions, Inc.)
U1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
U3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2013-11-29] (LogMeIn Inc.)
U0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-10] (Kaspersky Lab ZAO)
U0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
U1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625760 2013-10-09] (Kaspersky Lab ZAO)
U1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2013-12-10] (Kaspersky Lab ZAO)
U3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2013-10-09] (Kaspersky Lab ZAO)
U3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-10-09] (Kaspersky Lab ZAO)
U1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [50448 2013-04-25] (Kaspersky Lab ZAO)
U1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178448 2013-04-25] (Kaspersky Lab ZAO)
U3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4358776 2012-12-30] (Intel Corporation)
U3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-16] (Synaptics Incorporated)
U3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-16] (Synaptics Incorporated)
U3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-11-29] (Windows (R) Win 7 DDK provider)
U3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-11-29] (Windows (R) Win 7 DDK provider)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-04-25] (Kaspersky Lab ZAO)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-20 22:21 - 2014-01-20 22:23 - 00019869 _____ C:\Users\Nic\Desktop\FRST.txt
2014-01-20 22:21 - 2014-01-20 22:21 - 00000000 ____D C:\FRST
2014-01-20 22:20 - 2014-01-20 22:20 - 02076672 _____ (Farbar) C:\Users\Nic\Desktop\FRST64.exe
2014-01-20 18:33 - 2014-01-20 18:33 - 00000000 ____D C:\Users\Nic\Desktop\ranger
2014-01-19 14:14 - 2014-01-19 14:14 - 00000000 ____D C:\Users\Nic\Desktop\GTA IV SAVES!!!
2014-01-19 14:12 - 2014-01-19 14:13 - 00000000 ____D C:\Users\Nic\Desktop\GV_eflc_tbogt_savedata_db_m26
2014-01-18 00:06 - 2014-01-18 00:06 - 00001283 _____ C:\Users\Nic\Desktop\SteamApps - Verknüpfung.lnk
2014-01-17 23:28 - 2014-01-17 23:28 - 00001874 _____ C:\Users\Nic\Desktop\LaunchGTAIV.exe - Verknüpfung.lnk
2014-01-17 22:23 - 2013-12-07 07:37 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-01-17 22:23 - 2013-12-07 07:37 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-17 22:23 - 2013-12-07 06:15 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-01-17 22:23 - 2013-12-07 06:15 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-17 22:23 - 2013-10-31 06:56 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2014-01-17 22:23 - 2013-10-31 06:56 - 00758784 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2014-01-17 22:23 - 2013-10-31 05:01 - 00550400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2014-01-17 22:23 - 2013-10-31 04:42 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2014-01-17 22:23 - 2013-10-28 06:50 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-01-17 22:23 - 2013-10-28 05:05 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-01-17 22:23 - 2013-10-13 21:49 - 00100696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2014-01-17 22:23 - 2013-08-27 06:21 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-01-17 22:23 - 2013-08-27 06:19 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-01-17 22:23 - 2013-08-26 23:29 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-01-17 22:23 - 2013-08-26 23:28 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2014-01-17 22:19 - 2014-01-17 22:27 - 00000000 ____D C:\Users\Nic\Desktop\LCPDFR Install (ASI Loaders)
2014-01-17 21:21 - 2014-01-18 00:05 - 00000000 ____D C:\Users\Nic\Desktop\vdHmod
2014-01-16 16:44 - 2014-01-16 16:44 - 00000000 ____D C:\Users\Nic\Desktop\schafter
2014-01-16 16:32 - 2014-01-16 16:32 - 00000000 ____D C:\Users\Nic\Desktop\Vapid Cruiser Vector by EKALB
2014-01-16 16:32 - 2014-01-16 16:32 - 00000000 ____D C:\Users\Nic\Desktop\Vapid Cruiser LSPD by EKALB
2014-01-16 16:32 - 2014-01-16 16:32 - 00000000 ____D C:\Users\Nic\Desktop\Bravado Buffalo LSPD by EKALB
2014-01-15 18:44 - 2014-01-15 18:45 - 00000000 ____D C:\Users\Nic\Desktop\speedo
2014-01-15 16:55 - 2014-01-15 16:55 - 00000000 ____D C:\Users\Nic\Desktop\undercover
2014-01-15 16:55 - 2014-01-15 16:55 - 00000000 ____D C:\Users\Nic\Desktop\taxi
2014-01-15 16:54 - 2014-01-15 16:54 - 00000000 ____D C:\Users\Nic\Desktop\buffalo
2014-01-15 16:52 - 2014-01-16 16:20 - 00000000 ____D C:\Users\Nic\Desktop\EFLCMODS
2014-01-15 16:48 - 2014-01-15 16:48 - 00000000 ____D C:\Users\Nic\Desktop\indicator_script_v1
2014-01-11 22:50 - 2014-01-11 22:50 - 00002228 _____ C:\Users\Nic\Desktop\LaunchEFLC.exe - Verknüpfung.lnk
2014-01-11 22:41 - 2014-01-11 22:41 - 00000000 ____D C:\Users\Nic\AppData\Roaming\G17 Media
2014-01-11 18:52 - 2014-01-11 18:52 - 00001199 _____ C:\Users\Public\Desktop\ISO Workshop.lnk
2014-01-11 18:52 - 2014-01-11 18:52 - 00000000 ____D C:\Program Files (x86)\Glorylogic
2014-01-11 18:51 - 2014-01-11 18:51 - 05197469 _____ (Glorylogic                                                  ) C:\Users\Nic\Desktop\isoworkshop_4.5.exe
2014-01-11 18:13 - 2014-01-11 18:47 - 00001592 _____ C:\Windows\setupact.log
2014-01-11 18:13 - 2014-01-11 18:13 - 00000000 _____ C:\Windows\setuperr.log
2014-01-11 16:35 - 2014-01-11 16:35 - 00002399 _____ C:\Users\Public\Desktop\Star Wars Empire at War Forces of Corruption.lnk
2014-01-11 16:31 - 2014-01-11 16:35 - 00096191 _____ C:\Windows\DirectX.log
2014-01-11 16:30 - 2014-01-11 16:30 - 00000000 ____D C:\Users\Nic\AppData\Roaming\InstallShield
2014-01-11 16:30 - 2014-01-11 16:30 - 00000000 ____D C:\ProgramData\InstallShield
2014-01-11 16:28 - 2014-01-20 22:15 - 00284732 _____ C:\Windows\WindowsUpdate.log
2014-01-10 16:52 - 2014-01-16 13:28 - 00001224 _____ C:\Windows\PFRO.log
2014-01-10 00:21 - 2014-01-10 00:22 - 04645232 _____ (Piriform Ltd) C:\Users\Nic\Downloads\ccsetup409.exe
2014-01-07 12:27 - 2014-01-07 17:02 - 00002368 _____ C:\Users\Nic\Desktop\Petroglyph EaW Launcher.lnk
2014-01-07 12:22 - 2014-01-07 17:02 - 00002368 _____ C:\Users\UpdatusUser\Desktop\Petroglyph EaW Launcher.lnk
2014-01-07 12:22 - 2014-01-07 17:02 - 00002368 _____ C:\Users\Gast\Desktop\Petroglyph EaW Launcher.lnk
2014-01-07 12:18 - 2014-01-07 12:18 - 00000000 ____D C:\Windows\uninstall
2014-01-07 12:17 - 2014-01-07 12:17 - 00000000 ____D C:\Users\Nic\Documents\EaW-Mappack_4_setup
2014-01-07 12:17 - 2014-01-07 12:17 - 00000000 ____D C:\Users\Nic\Documents\EaW-Mappack_3_setup
2014-01-07 12:08 - 2014-01-11 16:36 - 00000000 ____D C:\Users\Nic\AppData\Roaming\Petroglyph
2014-01-07 12:07 - 2014-01-07 12:07 - 00098304 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt.dll
2014-01-06 13:12 - 2014-01-06 13:25 - 00000000 ____D C:\Users\Nic\AppData\Local\Thomas_Grandjean_aka_Agen
2014-01-05 18:36 - 2014-01-05 18:36 - 00000875 _____ C:\Users\Public\Desktop\VLC media player.lnk
2014-01-05 18:35 - 2014-01-05 18:35 - 00004608 _____ C:\Users\Nic\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-04 20:27 - 2014-01-04 20:27 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-04 20:27 - 2014-01-04 20:27 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-04 20:27 - 2014-01-04 20:27 - 00000000 ____D C:\Users\Gast\AppData\Local\Power2Go8
2014-01-04 20:26 - 2014-01-04 20:26 - 00001442 _____ C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-04 20:26 - 2014-01-04 20:26 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Adobe
2014-01-04 20:25 - 2014-01-04 20:27 - 00000000 ____D C:\Users\Gast
2014-01-04 20:25 - 2014-01-04 20:26 - 00000000 ____D C:\Users\Gast\AppData\Local\Packages
2014-01-04 20:25 - 2014-01-04 20:25 - 00000020 ___SH C:\Users\Gast\ntuser.ini
2014-01-04 20:25 - 2014-01-04 20:25 - 00000000 _SHDL C:\Users\Gast\Vorlagen
2014-01-04 20:25 - 2014-01-04 20:25 - 00000000 _SHDL C:\Users\Gast\Startmenü
2014-01-04 20:25 - 2014-01-04 20:25 - 00000000 _SHDL C:\Users\Gast\Netzwerkumgebung
2014-01-04 20:25 - 2014-01-04 20:25 - 00000000 _SHDL C:\Users\Gast\Lokale Einstellungen
2014-01-04 20:25 - 2014-01-04 20:25 - 00000000 _SHDL C:\Users\Gast\Eigene Dateien
2014-01-04 20:25 - 2014-01-04 20:25 - 00000000 _SHDL C:\Users\Gast\Druckumgebung
2014-01-04 20:25 - 2014-01-04 20:25 - 00000000 _SHDL C:\Users\Gast\Documents\Eigene Musik
2014-01-04 20:25 - 2014-01-04 20:25 - 00000000 _SHDL C:\Users\Gast\Documents\Eigene Bilder
2014-01-04 20:25 - 2014-01-04 20:25 - 00000000 _SHDL C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-04 20:25 - 2014-01-04 20:25 - 00000000 _SHDL C:\Users\Gast\AppData\Local\Verlauf
2014-01-04 20:25 - 2014-01-04 20:25 - 00000000 _SHDL C:\Users\Gast\AppData\Local\Anwendungsdaten
2014-01-04 20:25 - 2014-01-04 20:25 - 00000000 _SHDL C:\Users\Gast\Anwendungsdaten
2014-01-04 20:25 - 2014-01-04 20:25 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Intel
2014-01-04 20:25 - 2014-01-04 20:25 - 00000000 ____D C:\Users\Gast\AppData\Local\VirtualStore
2014-01-04 20:25 - 2013-08-22 16:31 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-01-04 20:25 - 2013-07-30 10:50 - 00002124 _____ C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2014-01-04 20:25 - 2013-06-19 19:01 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-01-04 20:25 - 2012-11-18 11:22 - 00001711 _____ C:\Users\Gast\Desktop\Kindersicherung einrichten.lnk
2014-01-04 20:25 - 2012-08-11 05:24 - 00001217 _____ C:\Users\Gast\Desktop\ALDI Foto.lnk
2014-01-04 20:25 - 2012-08-11 05:22 - 00001275 _____ C:\Users\Gast\Desktop\Medion Services.lnk
2014-01-04 20:25 - 2012-08-05 13:12 - 00001809 _____ C:\Users\Gast\Desktop\ALDI Talk.lnk
2014-01-04 20:25 - 2012-08-05 13:11 - 00001153 _____ C:\Users\Gast\Desktop\ALDI Süd Reisen.lnk
2014-01-04 20:25 - 2012-08-05 13:11 - 00001025 _____ C:\Users\Gast\Desktop\ALDI Süd Startseite.lnk
2014-01-04 20:25 - 2012-08-05 13:10 - 00001895 _____ C:\Users\Gast\Desktop\ALDI Süd Blumen Service.lnk
2014-01-04 20:25 - 2012-07-26 09:13 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-04 20:25 - 2012-07-26 09:13 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-12-29 16:32 - 2014-01-20 15:51 - 00168111 _____ C:\MyXML.xml
2013-12-29 16:32 - 2013-12-29 16:32 - 00002057 _____ C:\Users\Public\Desktop\Start Menu 8.lnk
2013-12-29 16:31 - 2013-12-29 16:32 - 07039808 _____ (IObit                                                       ) C:\Users\Nic\Downloads\startmenu-setup.exe
2013-12-28 22:30 - 2013-12-28 22:30 - 34003228 _____ (G17 Media) C:\Users\Nic\Desktop\LCPDFR1.0.Installer.exe
2013-12-27 12:16 - 2013-12-27 10:27 - 00840264 _____ C:\Windows\SysWOW64\pbsvc_pg.exe
2013-12-27 11:48 - 2013-12-27 11:48 - 00000000 ____D C:\Users\Nic\Documents\My Games
2013-12-27 11:43 - 2013-12-27 12:16 - 00000000 ____D C:\Users\Nic\Documents\America's Army
2013-12-27 11:43 - 2013-12-27 11:43 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2013-12-27 11:43 - 2013-12-27 11:43 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2013-12-27 11:43 - 2013-12-27 11:43 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2013-12-27 11:43 - 2013-12-27 11:43 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2013-12-27 11:43 - 2013-12-27 11:43 - 00000000 ____D C:\Program Files (x86)\OpenAL
2013-12-23 21:20 - 2013-12-23 21:20 - 00578888 _____ C:\Users\Nic\Desktop\focvista64.exe
2013-12-23 21:16 - 2014-01-11 16:32 - 00000000 ____D C:\Program Files (x86)\LucasArts
2013-12-22 13:40 - 2013-12-22 13:53 - 00001119 _____ C:\Users\Nic\Desktop\SMG.txt
2013-12-21 18:58 - 2014-01-04 16:20 - 00000000 ____D C:\Users\Nic\AppData\Local\Akamai
2013-12-21 18:58 - 2013-12-21 18:58 - 00000000 ____D C:\AeriaGames
2013-12-21 15:55 - 2013-12-21 15:56 - 01211636 _____ C:\Users\Nic\Desktop\Trift shop.wav

==================== One Month Modified Files and Folders =======

2014-01-20 22:23 - 2014-01-20 22:21 - 00019869 _____ C:\Users\Nic\Desktop\FRST.txt
2014-01-20 22:21 - 2014-01-20 22:21 - 00000000 ____D C:\FRST
2014-01-20 22:20 - 2014-01-20 22:20 - 02076672 _____ (Farbar) C:\Users\Nic\Desktop\FRST64.exe
2014-01-20 22:15 - 2014-01-11 16:28 - 00284732 _____ C:\Windows\WindowsUpdate.log
2014-01-20 22:00 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\sru
2014-01-20 21:43 - 2013-04-25 13:11 - 00000000 ____D C:\Users\Nic\AppData\Roaming\Skype
2014-01-20 21:42 - 2013-05-28 12:36 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-20 21:03 - 2013-02-01 09:20 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2014-01-20 18:33 - 2014-01-20 18:33 - 00000000 ____D C:\Users\Nic\Desktop\ranger
2014-01-20 17:27 - 2013-05-05 00:44 - 00283032 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2014-01-20 17:27 - 2013-05-05 00:39 - 00283032 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2014-01-20 16:01 - 2013-05-05 00:39 - 00283032 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2014-01-20 15:52 - 2013-04-25 13:03 - 00000000 ____D C:\Users\Nic\Documents\Youcam
2014-01-20 15:51 - 2013-12-29 16:32 - 00168111 _____ C:\MyXML.xml
2014-01-20 15:50 - 2012-07-26 08:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-20 00:42 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2014-01-19 14:14 - 2014-01-19 14:14 - 00000000 ____D C:\Users\Nic\Desktop\GTA IV SAVES!!!
2014-01-19 14:13 - 2014-01-19 14:12 - 00000000 ____D C:\Users\Nic\Desktop\GV_eflc_tbogt_savedata_db_m26
2014-01-18 18:51 - 2013-08-22 15:37 - 00000000 ____D C:\Windows\system32\MRT
2014-01-18 18:49 - 2013-02-01 06:09 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-18 18:49 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\WinStore
2014-01-18 00:06 - 2014-01-18 00:06 - 00001283 _____ C:\Users\Nic\Desktop\SteamApps - Verknüpfung.lnk
2014-01-18 00:05 - 2014-01-17 21:21 - 00000000 ____D C:\Users\Nic\Desktop\vdHmod
2014-01-17 23:28 - 2014-01-17 23:28 - 00001874 _____ C:\Users\Nic\Desktop\LaunchGTAIV.exe - Verknüpfung.lnk
2014-01-17 22:27 - 2014-01-17 22:19 - 00000000 ____D C:\Users\Nic\Desktop\LCPDFR Install (ASI Loaders)
2014-01-17 22:09 - 2013-02-01 05:06 - 00754172 _____ C:\Windows\system32\perfh007.dat
2014-01-17 22:09 - 2013-02-01 05:06 - 00156362 _____ C:\Windows\system32\perfc007.dat
2014-01-17 22:09 - 2012-07-26 08:28 - 01748838 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-17 21:45 - 2013-09-04 14:59 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-17 21:08 - 2013-04-26 18:10 - 00000000 ____D C:\Users\Nic\AppData\Local\LogMeIn Hamachi
2014-01-16 16:44 - 2014-01-16 16:44 - 00000000 ____D C:\Users\Nic\Desktop\schafter
2014-01-16 16:32 - 2014-01-16 16:32 - 00000000 ____D C:\Users\Nic\Desktop\Vapid Cruiser Vector by EKALB
2014-01-16 16:32 - 2014-01-16 16:32 - 00000000 ____D C:\Users\Nic\Desktop\Vapid Cruiser LSPD by EKALB
2014-01-16 16:32 - 2014-01-16 16:32 - 00000000 ____D C:\Users\Nic\Desktop\Bravado Buffalo LSPD by EKALB
2014-01-16 16:20 - 2014-01-15 16:52 - 00000000 ____D C:\Users\Nic\Desktop\EFLCMODS
2014-01-16 13:28 - 2014-01-10 16:52 - 00001224 _____ C:\Windows\PFRO.log
2014-01-15 18:45 - 2014-01-15 18:44 - 00000000 ____D C:\Users\Nic\Desktop\speedo
2014-01-15 16:56 - 2013-07-30 10:44 - 00000000 ____D C:\Program Files\Microsoft Office 15
2014-01-15 16:55 - 2014-01-15 16:55 - 00000000 ____D C:\Users\Nic\Desktop\undercover
2014-01-15 16:55 - 2014-01-15 16:55 - 00000000 ____D C:\Users\Nic\Desktop\taxi
2014-01-15 16:54 - 2014-01-15 16:54 - 00000000 ____D C:\Users\Nic\Desktop\buffalo
2014-01-15 16:48 - 2014-01-15 16:48 - 00000000 ____D C:\Users\Nic\Desktop\indicator_script_v1
2014-01-13 01:47 - 2013-06-02 20:06 - 00000000 ____D C:\Users\Nic\AppData\Roaming\vlc
2014-01-11 22:50 - 2014-01-11 22:50 - 00002228 _____ C:\Users\Nic\Desktop\LaunchEFLC.exe - Verknüpfung.lnk
2014-01-11 22:41 - 2014-01-11 22:41 - 00000000 ____D C:\Users\Nic\AppData\Roaming\G17 Media
2014-01-11 18:52 - 2014-01-11 18:52 - 00001199 _____ C:\Users\Public\Desktop\ISO Workshop.lnk
2014-01-11 18:52 - 2014-01-11 18:52 - 00000000 ____D C:\Program Files (x86)\Glorylogic
2014-01-11 18:51 - 2014-01-11 18:51 - 05197469 _____ (Glorylogic                                                  ) C:\Users\Nic\Desktop\isoworkshop_4.5.exe
2014-01-11 18:47 - 2014-01-11 18:13 - 00001592 _____ C:\Windows\setupact.log
2014-01-11 18:13 - 2014-01-11 18:13 - 00000000 _____ C:\Windows\setuperr.log
2014-01-11 18:13 - 2013-04-25 16:36 - 00000000 ____D C:\Users\Nic\Filme
2014-01-11 16:36 - 2014-01-07 12:08 - 00000000 ____D C:\Users\Nic\AppData\Roaming\Petroglyph
2014-01-11 16:35 - 2014-01-11 16:35 - 00002399 _____ C:\Users\Public\Desktop\Star Wars Empire at War Forces of Corruption.lnk
2014-01-11 16:35 - 2014-01-11 16:31 - 00096191 _____ C:\Windows\DirectX.log
2014-01-11 16:32 - 2013-12-23 21:16 - 00000000 ____D C:\Program Files (x86)\LucasArts
2014-01-11 16:32 - 2013-02-01 07:57 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2014-01-11 16:30 - 2014-01-11 16:30 - 00000000 ____D C:\Users\Nic\AppData\Roaming\InstallShield
2014-01-11 16:30 - 2014-01-11 16:30 - 00000000 ____D C:\ProgramData\InstallShield
2014-01-10 00:22 - 2014-01-10 00:21 - 04645232 _____ (Piriform Ltd) C:\Users\Nic\Downloads\ccsetup409.exe
2014-01-10 00:22 - 2013-04-26 18:07 - 00000000 ____D C:\Program Files\CCleaner
2014-01-09 15:58 - 2013-05-05 00:17 - 00000000 ____D C:\Program Files (x86)\APB Reloaded
2014-01-09 09:02 - 2013-10-02 19:51 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-09 09:02 - 2013-10-02 19:51 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-07 17:02 - 2014-01-07 12:27 - 00002368 _____ C:\Users\Nic\Desktop\Petroglyph EaW Launcher.lnk
2014-01-07 17:02 - 2014-01-07 12:22 - 00002368 _____ C:\Users\UpdatusUser\Desktop\Petroglyph EaW Launcher.lnk
2014-01-07 17:02 - 2014-01-07 12:22 - 00002368 _____ C:\Users\Gast\Desktop\Petroglyph EaW Launcher.lnk
2014-01-07 12:25 - 2013-04-25 17:31 - 00000000 ____D C:\Users\Nic\Desktop\GAMES
2014-01-07 12:18 - 2014-01-07 12:18 - 00000000 ____D C:\Windows\uninstall
2014-01-07 12:17 - 2014-01-07 12:17 - 00000000 ____D C:\Users\Nic\Documents\EaW-Mappack_4_setup
2014-01-07 12:17 - 2014-01-07 12:17 - 00000000 ____D C:\Users\Nic\Documents\EaW-Mappack_3_setup
2014-01-07 12:07 - 2014-01-07 12:07 - 00098304 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt.dll
2014-01-06 13:25 - 2014-01-06 13:12 - 00000000 ____D C:\Users\Nic\AppData\Local\Thomas_Grandjean_aka_Agen
2014-01-05 18:36 - 2014-01-05 18:36 - 00000875 _____ C:\Users\Public\Desktop\VLC media player.lnk
2014-01-05 18:35 - 2014-01-05 18:35 - 00004608 _____ C:\Users\Nic\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-04 20:27 - 2014-01-04 20:27 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-04 20:27 - 2014-01-04 20:27 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-04 20:27 - 2014-01-04 20:27 - 00000000 ____D C:\Users\Gast\AppData\Local\Power2Go8
2014-01-04 20:27 - 2014-01-04 20:25 - 00000000 ____D C:\Users\Gast
2014-01-04 20:26 - 2014-01-04 20:26 - 00001442 _____ C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-04 20:26 - 2014-01-04 20:26 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Adobe
2014-01-04 20:26 - 2014-01-04 20:25 - 00000000 ____D C:\Users\Gast\AppData\Local\Packages
2014-01-04 20:25 - 2014-01-04 20:25 - 00000020 ___SH C:\Users\Gast\ntuser.ini
2014-01-04 20:25 - 2014-01-04 20:25 - 00000000 _SHDL C:\Users\Gast\Vorlagen
2014-01-04 20:25 - 2014-01-04 20:25 - 00000000 _SHDL C:\Users\Gast\Startmenü
2014-01-04 20:25 - 2014-01-04 20:25 - 00000000 _SHDL C:\Users\Gast\Netzwerkumgebung
2014-01-04 20:25 - 2014-01-04 20:25 - 00000000 _SHDL C:\Users\Gast\Lokale Einstellungen
2014-01-04 20:25 - 2014-01-04 20:25 - 00000000 _SHDL C:\Users\Gast\Eigene Dateien
2014-01-04 20:25 - 2014-01-04 20:25 - 00000000 _SHDL C:\Users\Gast\Druckumgebung
2014-01-04 20:25 - 2014-01-04 20:25 - 00000000 _SHDL C:\Users\Gast\Documents\Eigene Musik
2014-01-04 20:25 - 2014-01-04 20:25 - 00000000 _SHDL C:\Users\Gast\Documents\Eigene Bilder
2014-01-04 20:25 - 2014-01-04 20:25 - 00000000 _SHDL C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-04 20:25 - 2014-01-04 20:25 - 00000000 _SHDL C:\Users\Gast\AppData\Local\Verlauf
2014-01-04 20:25 - 2014-01-04 20:25 - 00000000 _SHDL C:\Users\Gast\AppData\Local\Anwendungsdaten
2014-01-04 20:25 - 2014-01-04 20:25 - 00000000 _SHDL C:\Users\Gast\Anwendungsdaten
2014-01-04 20:25 - 2014-01-04 20:25 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Intel
2014-01-04 20:25 - 2014-01-04 20:25 - 00000000 ____D C:\Users\Gast\AppData\Local\VirtualStore
2014-01-04 16:20 - 2013-12-21 18:58 - 00000000 ____D C:\Users\Nic\AppData\Local\Akamai
2014-01-04 13:56 - 2013-09-06 15:52 - 00000000 ____D C:\Program Files (x86)\Origin
2014-01-04 13:55 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\NDF
2014-01-03 14:39 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-12-29 16:32 - 2013-12-29 16:32 - 00002057 _____ C:\Users\Public\Desktop\Start Menu 8.lnk
2013-12-29 16:32 - 2013-12-29 16:31 - 07039808 _____ (IObit                                                       ) C:\Users\Nic\Downloads\startmenu-setup.exe
2013-12-29 16:32 - 2013-05-07 14:41 - 00003156 _____ C:\Windows\System32\Tasks\StartMenuAutoupdate
2013-12-28 22:30 - 2013-12-28 22:30 - 34003228 _____ (G17 Media) C:\Users\Nic\Desktop\LCPDFR1.0.Installer.exe
2013-12-27 12:44 - 2013-05-05 00:39 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2013-12-27 12:16 - 2013-12-27 11:43 - 00000000 ____D C:\Users\Nic\Documents\America's Army
2013-12-27 11:49 - 2013-04-25 15:25 - 00000000 ____D C:\Users\Nic\AppData\Local\PunkBuster
2013-12-27 11:48 - 2013-12-27 11:48 - 00000000 ____D C:\Users\Nic\Documents\My Games
2013-12-27 11:43 - 2013-12-27 11:43 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2013-12-27 11:43 - 2013-12-27 11:43 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2013-12-27 11:43 - 2013-12-27 11:43 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2013-12-27 11:43 - 2013-12-27 11:43 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2013-12-27 11:43 - 2013-12-27 11:43 - 00000000 ____D C:\Program Files (x86)\OpenAL
2013-12-27 10:27 - 2013-12-27 12:16 - 00840264 _____ C:\Windows\SysWOW64\pbsvc_pg.exe
2013-12-26 23:23 - 2013-02-01 07:52 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-26 23:23 - 2013-02-01 07:52 - 00000000 ____D C:\ProgramData\Skype
2013-12-26 23:18 - 2013-10-25 21:42 - 00000000 ____D C:\Users\Nic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-12-23 21:20 - 2013-12-23 21:20 - 00578888 _____ C:\Users\Nic\Desktop\focvista64.exe
2013-12-22 13:53 - 2013-12-22 13:40 - 00001119 _____ C:\Users\Nic\Desktop\SMG.txt
2013-12-22 13:30 - 2013-05-17 21:57 - 00000000 ____D C:\Users\Nic\Documents\Bandicam
2013-12-21 18:58 - 2013-12-21 18:58 - 00000000 ____D C:\AeriaGames
2013-12-21 15:56 - 2013-12-21 15:55 - 01211636 _____ C:\Users\Nic\Desktop\Trift shop.wav
2013-12-21 14:07 - 2013-04-25 19:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

Some content of TEMP:
====================
C:\Users\Nic\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\Nic\AppData\Local\Temp\drm_dyndata_7410004.dll
C:\Users\Nic\AppData\Local\Temp\_is43A8.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-17 20:20

==================== End Of Log ============================
         
--- --- ---


Und die Addition.txt:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2014 04
Ran by Nic at 2014-01-20 22:23:44
Running from C:\Users\Nic\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Internet Security (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU Version:  - Akamai Technologies, Inc)
America's Army: Proving Grounds Beta (x32 Version:  - )
ArmA 2 Free Uninstall (x32 Version:  - )
ArtMoney SE v7.41 (x32 Version: 7.41 - System SoftLab)
Ashampoo AppLauncher (Medion) v.1.0.0 (x32 Version: 1.0.0 - Ashampoo GmbH & Co. KG)
Bandicam (x32 Version: 1.8.7.347 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (x32 Version:  - Bandisoft.com)
Battlefield 3™ (x32 Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ (x32 Version: 1.0.0.1 - Electronic Arts)
Battlefield Play4Free (x32 Version:  - EA Digital illusions)
CCleaner (Version: 4.09 - Piriform)
CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415 - CyberLink Corp.) Hidden
CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3718_45957 - CyberLink Corp.) Hidden
CyberLink PhotoDirector 3 (x32 Version: 3.0.3618 - CyberLink Corp.) Hidden
CyberLink PhotoNow (x32 Version: 1.1.7717 - CyberLink Corp.)
CyberLink PhotoNow (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (x32 Version: 8.0.0.1920 - CyberLink Corp.) Hidden
CyberLink PowerDirector (Version: 9.0.0.3815c - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (x32 Version: 10.0.4915.02 - CyberLink Corp.) Hidden
CyberLink PowerDVD Copy 1.5 (x32 Version: 1.5.2715b - CyberLink Corp.) Hidden
CyberLink PowerRecover (Version: 5.7.0.0913 - CyberLink Corp.) Hidden
CyberLink PowerRecover (x32 Version: 5.7.0.0913 - CyberLink Corp.)
CyberLink YouCam 5 (x32 Version: 5.0.1930 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Home Theater v4 (x32 Version: 7.2.8000.17 - Dolby Laboratories Inc)
Empire at War Mappack 2.00  (x32 Version: 2.00 - Petroglyph Games Inc.)
ESN Sonar (x32 Version: 0.70.4 - ESN Social Software AB)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Grand Theft Auto IV (x32 Version:  - Rockstar North)
Grand Theft Auto: Episodes from Liberty City (x32 Version:  - Rockstar North / Toronto)
GTA IV Vehicle Mod Installer v1.5 (x32 Version:  - MobileD2)
Intel(R) Management Engine Components (x32 Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2963 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 15.6.0.0519 - Intel Corporation) Hidden
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (Version: 2.6.1212.0302 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software Driver (Version: 15.06.0000.0133 - Intel Corporation) Hidden
Intel(R) Rapid Storage Technology (x32 Version: 11.7.0.1013 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149 - Intel Corporation)
Intel(R) WiDi (Version: 3.5.41.0 - Intel Corporation)
Intel® PROSet/Wireless Software (x32 Version: 15.6.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 15.06.0000.0090 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
ISO Workshop 4.5 (x32 Version:  - Glorylogic)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab)
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab) Hidden
Launch Manager (x32 Version: 1.5.1.8 - Wistron Corp.)
LCPD First Response (x32 Version: 1.0 - G17 Media)
Left 4 Dead 2 (x32 Version:  - Valve)
LogMeIn Hamachi (x32 Version: 2.2.0.109 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.109 - LogMeIn, Inc.) Hidden
Mediathek (x32 Version: 1.4.0 - Medion)
Medion Home Cinema 10 (x32 Version: 10.0 - CyberLink Corp.)
Medion Home Cinema 10 (x32 Version: 10.1924 - CyberLink Corp.) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office 365 Home Premium - de-de (Version: 15.0.4551.1512 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU Version: 16.4.6012.0828 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (x32 Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Need for Speed(TM) Hot Pursuit (x32 Version: 1.0.0.0 - Electronic Arts)
Need for Speed™ Most Wanted (x32 Version:  - )
Need for Speed™ The Run (x32 Version: 1.1.0.0 - Electronic Arts)
Need For Speed™ World (x32 Version: 1.0.0.1398 - Electronic Arts)
NVIDIA Grafiktreiber 311.06 (Version: 311.06 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.11.3 (Version: 1.11.3 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.1031 (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Systemsteuerung 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
OpenAL (x32 Version:  - )
Origin (x32 Version: 9.3.2.2730 - Electronic Arts, Inc.)
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PlanetSide 2 (2) (HKCU Version:  - Sony Online Entertainment)
PunkBuster Services (x32 Version: 0.993 - Even Balance, Inc.)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (x32 Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6833 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
Star Wars Empire at War (x32 Version: 1.0 - LucasArts)
Star Wars Empire at War Forces of Corruption (x32 Version: 1.0 - LucasArts)
Start Menu 8 (x32 Version: 1.4.0.0 - IObit)
Steam (x32 Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (Version: 16.2.10.5 - Synaptics Incorporated)
System Requirements Lab CYRI (x32 Version: 6.0.8.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKCU Version: 3.0.13 - TeamSpeak Systems GmbH)
VLC media player 2.1.2 (Version: 2.1.2 - VideoLAN)
Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

27-12-2013 10:40:43 DirectX wurde installiert
06-01-2014 19:29:27 Geplanter Prüfpunkt
11-01-2014 15:34:30 DirectX wurde installiert
18-01-2014 17:46:34 Windows Update

==================== Hosts content: ==========================

2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {07A18649-E09B-4AF8-B1D7-99AC490242C3} - System32\Tasks\StartMenuAutoupdate => C:\Program Files (x86)\IObit\Start Menu 8\AutoUpdate.exe [2013-12-09] (IObit)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2179A488-9F13-474A-B0DB-CC8BFDBA73F8} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-01-15] (Microsoft Corporation)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {3763096E-DDD7-4121-86C7-F87E70379944} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {4A4120A5-2219-460B-8A0D-9AB900077023} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {9BC69F5F-77BC-4BAC-9651-0B346EA4A320} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-16] (Synaptics Incorporated)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {B9947B91-AB1F-4DBB-AA7C-C009C262FD6E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {ED02164C-3B18-4C47-BA99-C23308DE35F9} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-10-31] (Microsoft Corporation)
Task: {F3426C5C-C960-4468-B58E-80DF70B7FB10} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-02-01 08:53 - 2013-01-02 15:55 - 00175008 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2013-02-01 07:43 - 2013-01-16 21:27 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-08-17 22:39 - 2013-04-25 13:17 - 01310136 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll
2013-05-07 14:41 - 2013-12-09 16:10 - 00348992 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madExcept_.bpl
2013-05-07 14:41 - 2013-12-09 16:10 - 00183616 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madBasic_.bpl
2013-05-07 14:41 - 2013-12-09 16:10 - 00051008 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madDisAsm_.bpl
2013-12-29 16:32 - 2013-12-09 16:10 - 00089920 _____ () C:\Program Files (x86)\IObit\Start Menu 8\NTFSScan.dll
2013-09-02 14:20 - 2013-12-09 16:10 - 00039744 _____ () C:\Program Files (x86)\IObit\Start Menu 8\pri.dll
2013-09-02 14:20 - 2013-12-09 16:11 - 00041280 _____ () C:\Program Files (x86)\IObit\Start Menu 8\winkey.dll
2013-02-01 08:02 - 2012-06-08 04:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2012-08-17 22:38 - 2012-08-17 22:38 - 00479160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
2013-08-24 11:46 - 2013-08-24 11:46 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\e1703d2acd816693ae5e6f42cb057951\PSIClient.ni.dll
2013-02-01 08:10 - 2012-06-25 09:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-12-20 16:59 - 2013-12-20 16:59 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Faulty Device Manager Devices =============

Name: Intel(R) Centrino(R) Wireless Bluetooth(R) 4.0 + High Speed Adapter
Description: Intel(R) Centrino(R) Wireless Bluetooth(R) 4.0 + High Speed Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Intel Corporation
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Could not start eventlog service, could not read events.

Der angeforderte Dienst wurde bereits gestartet.

Sie erhalten weitere Hilfe, wenn Sie NET HELPMSG 2182 eingeben.


==================== Memory info =========================== 

Percentage of memory in use: 31%
Total physical RAM: 8054.97 MB
Available physical RAM: 5502.95 MB
Total Pagefile: 11638.97 MB
Available Pagefile: 6097.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:869.8 GB) (Free:488.26 GB) NTFS
Drive d: (Recover) (Fixed) (Total:60 GB) (Free:38.64 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: CEAAD2D8)

Partition: GPT Partition Type
==================== End Of Log ============================
         
Übrigens hat auch die Volltändige Untersuchung durch Kaspersky keine Funde mehr gehabt.


Alt 22.01.2014, 09:31   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Win8 Trojaner eingefangen? - Standard

Win8 Trojaner eingefangen?



sauber
__________________
--> Win8 Trojaner eingefangen?

Alt 26.01.2014, 21:13   #7
Ryan918
 
Win8 Trojaner eingefangen? - Standard

Win8 Trojaner eingefangen?



Hallo,
verspätet aber trotzdem: Danke für deine Hilfe.

Alt 27.01.2014, 15:12   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Win8 Trojaner eingefangen? - Standard

Win8 Trojaner eingefangen?



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Win8 Trojaner eingefangen?
computer, datei, eingefangen, entpacken, erstell, folge, folgende, gelöscht, gen, heute, kaspersky, komplett, konto, kurze, meldung, modifikation, ruckel, schadprogramme, schei, schnelle, schön, sofort, sorge, spiel, trojaner, win, win8 trojaner



Ähnliche Themen: Win8 Trojaner eingefangen?


  1. Win7 und Win8.1 sfc kann defekte Dateien nicht reparieren / Win8.1 abgesicherter Modus nicht startbar?
    Alles rund um Windows - 11.10.2015 (27)
  2. Win8.1, 64bit ...BKA(GVU,...)-Trojaner...kann Laptop ganz normal benutzen.
    Log-Analyse und Auswertung - 25.07.2015 (13)
  3. win8.1 tablet mit unbekanntem wiederkehrenden Trojaner infiziert
    Log-Analyse und Auswertung - 01.07.2015 (12)
  4. Win8: Laptop vermutlich durch Trojaner lahmgelegt
    Plagegeister aller Art und deren Bekämpfung - 29.05.2015 (12)
  5. Win8.1, G-Data findet Trojaner GenericKD.2194715 - kann nicht gelöscht werden
    Plagegeister aller Art und deren Bekämpfung - 18.03.2015 (10)
  6. NetSpeedMonitor Win7/Win8 Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 06.03.2015 (5)
  7. Win8.1 black scrren -> wscript.exe beendet -> Win8.1 fährt hoch
    Log-Analyse und Auswertung - 14.02.2015 (3)
  8. Win8.1: Trojaner gefunden, nicht sicher ob entfernt
    Plagegeister aller Art und deren Bekämpfung - 03.02.2015 (17)
  9. Trojaner vor einiger Zeit eingefagen, jetzt treten verstärkt Probleme auf / Win8.1
    Plagegeister aller Art und deren Bekämpfung - 21.11.2014 (7)
  10. Upgrade von Win8 auf 8.1
    Alles rund um Windows - 09.10.2014 (3)
  11. (mehrere) Trojanermeldung(en) AVG (Win8.1) : "Trojaner: Dropper.Generic2.ANGG.dropper"
    Log-Analyse und Auswertung - 11.07.2014 (3)
  12. GVU Trojaner Win8
    Plagegeister aller Art und deren Bekämpfung - 05.03.2014 (7)
  13. QVO6-Virus eingefangen mit Win8
    Log-Analyse und Auswertung - 11.10.2013 (3)
  14. GVU Trojaner Win8 abges. Modus blockiert
    Log-Analyse und Auswertung - 10.09.2013 (12)
  15. GVU Trojaner auf Win8
    Plagegeister aller Art und deren Bekämpfung - 18.07.2013 (17)
  16. Win8 64Bit GVU-Trojaner nicht vollständig entfernt
    Plagegeister aller Art und deren Bekämpfung - 06.06.2013 (11)
  17. GVU Trojaner auf Laptop mit Win8 64 bit
    Plagegeister aller Art und deren Bekämpfung - 09.03.2013 (4)

Zum Thema Win8 Trojaner eingefangen? - Hallo, habe mir heute eine Datei ( sog. MOD = Modifikation) für ein Spiel heruntergeladen welche von Kaspersky gleich nach dem Entpacken durch 7zip. als Trojan-Ransom.Win32.Blocker.czff indentifiziert hat. Kaspersky hat - Win8 Trojaner eingefangen?...
Archiv
Du betrachtest: Win8 Trojaner eingefangen? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.