Windows 7 - immer wieder aufploppendes Java Update

Piggeldi · 09.02.2014, 16:44

llo zusammen,

Bei mir ploppt seit einiger Zeit immer wieder ein Java Update auf. Beim ersten Mal habe ich auf "Ja" geklickt, als ich gefragt wurde, ob ich es installieren will. Als es dann immer wieder kam, wurde ich misstrauisch und habe dann hier gelesen, dass das anscheinend kein zu unterschätzender Virus ist.

Hier also Die Logfiles:

defogger:

Zitat:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:18 on 09/02/2014 (Anwender)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

FRST:

Zitat:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-02-2014
Ran by Anwender (administrator) on ANWENDER-PC on 09-02-2014 16:17:41
Running from C:\Users\Anwender\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Panda Security) C:\PROGRAM FILES (X86)\PANDA SECURITY\PANDA INTERNET SECURITY 2014\WebProxy.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Spotify Ltd) C:\Users\Anwender\AppData\Roaming\Spotify\spotify.exe
(Spotify Ltd) C:\Users\Anwender\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\ApVxdWin.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Users\Anwender\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Anwender\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Anwender\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Anwender\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Users\Anwender\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\PavBckPT.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
(Valve Corporation) D:\Steam\Steam.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\Iface.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13423688 2013-02-26] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291128 2013-03-06] (Intel Corporation)
HKLM-x32\...\Run: [ISUSScheduler] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [APVXDWIN] - C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\APVXDWIN.EXE [1054688 2013-06-10] (Panda Security, S.L.)
HKLM-x32\...\Run: [SCANINICIO] - C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\Inicio.exe [70432 2012-11-08] (Panda Security, S.L.)
Winlogon\Notify\avldr: C:\Windows\system32\avldr64.dll (On-Access Anti-Malware Scanner Sync)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2993961791-2139576912-1221930130-1000\...\Run: [ISUSPM Startup] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)
HKU\S-1-5-21-2993961791-2139576912-1221930130-1000\...\Run: [Spotify] - C:\Users\Anwender\AppData\Roaming\Spotify\Spotify.exe [6118400 2014-01-13] (Spotify Ltd)
HKU\S-1-5-21-2993961791-2139576912-1221930130-1000\...\Run: [Spotify Web Helper] - C:\Users\Anwender\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-13] (Spotify Ltd)
HKU\S-1-5-21-2993961791-2139576912-1221930130-1000\...\Run: [Dxtory Update Checker 2.0] - C:\Program Files (x86)\ExKode\Dxtory2.0\UpdateChecker.exe [93696 2010-10-17] (Dxtory Software)
HKU\S-1-5-21-2993961791-2139576912-1221930130-1000\...\MountPoints2: {538304a7-491f-11e3-80ce-806e6f6e6963} - E:\Install.exe
HKU\S-1-5-21-2993961791-2139576912-1221930130-1000\...\MountPoints2: {a5272ec9-491b-11e3-97e8-806e6f6e6963} - E:\Run.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [250504 2013-03-15] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [205184 2013-03-15] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x820004752FDDCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class - {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - D:\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 78.42.43.62 82.212.62.62

FireFox:
========
FF ProfilePath: C:\Users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\zv0i53xq.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin - D:\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: @raidcall.en/RCplugin - C:\Users\Anwender\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\zv0i53xq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-26]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
CHR Plugin: (Norton Confidential) - C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.0.0.72_0\npcoplgn.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: ( "name": "",) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: ( "name": "",) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Extension: (Google Wallet) - C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-28]

==================== Services (Whitelisted) =================

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S3 ArcService; D:\Arc\ArcService.exe [88424 2013-10-10] (Perfect World Entertainment Inc)
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [18360 2013-11-11] (Overwolf Ltd)
R2 Panda Software Controller; C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\PsCtrls.exe [177440 2012-11-19] (Panda Security, S.L.)
R2 PAVFNSVR; C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\PavFnSvr.exe [202016 2012-09-21] (Panda Security, S.L.)
R2 PavPrSrv; C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe [62768 2008-02-04] (Panda Security, S.L.)
R2 PAVSRV; C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\pavsrvx86.exe [313664 2011-04-13] (Panda Security, S.L.)
R2 PSHost; c:\program files (x86)\panda security\panda internet security 2014\firewall\PSHOST.EXE [226560 2009-11-26] (Panda Security International)
R2 PSIMSVC; C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\PsImSvc.exe [108288 2008-06-19] (Panda Security S.L.)
R2 PskSvcRetail; C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\PskSvc.exe [28992 2010-08-16] (Panda Security, S.L.)
R2 TPSrv; C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\TPSrvWow.exe [173344 2012-11-16] (Panda Security, S.L.)

==================== Drivers (Whitelisted) ====================

S3 AD851X64; C:\Windows\System32\DRIVERS\AD851X64.SYS [41472 2005-11-21] (Infineon Technologies AG)
R2 AmFSM; C:\Windows\System32\DRIVERS\amm6460.sys [71432 2012-03-26] (Panda Security, S.L.)
R2 APPFLT; C:\Windows\system32\Drivers\APPFLT64.SYS [129096 2011-01-31] (Panda Security, S.L.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21584 2013-02-19] ()
R2 ComFiltr; C:\Windows\system32\DRIVERS\COMFiltr.sys [15928 2014-01-20] ()
R2 DSAFLT; C:\Windows\system32\Drivers\DSAFLT64.SYS [82952 2009-09-25] (Panda Security, S.L.)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [490256 2013-01-23] (Intel Corporation)
R2 FNETMON; C:\Windows\system32\Drivers\fnetm64.SYS [31752 2009-09-25] (Panda Security, S.L.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [31136 2013-12-09] (REALiX(tm))
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-01-31] (Intel Corporation)
R2 IDSFLT; C:\Windows\system32\Drivers\IDSFLT64.SYS [78920 2010-09-09] (Panda Security, S.L.)
R2 NETFLTDI; C:\Windows\system32\Drivers\NETTDI64.SYS [170504 2009-09-25] (Panda Security, S.L.)
R3 NETIMFLT01060044; C:\Windows\System32\DRIVERS\n64i1644.sys [216648 2010-09-01] (Panda Security, S.L.)
R0 pavboot; C:\Windows\System32\Drivers\pavboot64.sys [30792 2010-06-22] (Panda Security, S.L.)
R1 ShldFlt; C:\Windows\System32\DRIVERS\ShldFlt.sys [48136 2009-10-27] (Panda Security, S.L.)
R1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [21072 2013-03-27] ()
R2 WNMFLT; C:\Windows\system32\Drivers\WNMFLT64.SYS [74760 2009-09-25] (Panda Security, S.L.)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
R4 IOMap; \??\C:\Windows\system32\drivers\IOMap64.sys [X]
R3 PavTPK.sys; \??\C:\Windows\system32\PavTPK.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-02-09 16:17 - 2014-02-09 16:17 - 00015551 _____ () C:\Users\Anwender\Desktop\FRST.txt
2014-02-09 16:04 - 2014-02-09 16:04 - 00019774 _____ () C:\Users\Anwender\Downloads\Addition.txt
2014-02-09 16:03 - 2014-02-09 16:17 - 00000000 ____D () C:\FRST
2014-02-09 16:03 - 2014-02-09 16:04 - 00041437 _____ () C:\Users\Anwender\Downloads\FRST.txt
2014-02-09 16:02 - 2014-02-09 16:02 - 02170368 _____ (Farbar) C:\Users\Anwender\Desktop\FRST64.exe
2014-02-09 16:01 - 2014-02-09 16:01 - 00050477 _____ () C:\Users\Anwender\Desktop\Defogger.exe
2014-02-09 16:01 - 2014-02-09 16:01 - 00000478 _____ () C:\Users\Anwender\Downloads\defogger_disable.log
2014-02-09 16:01 - 2014-02-09 16:01 - 00000000 _____ () C:\Users\Anwender\defogger_reenable
2014-02-06 19:52 - 2014-02-06 20:09 - 00000000 ____D () C:\Users\Anwender\AppData\Local\Dxtory Software
2014-02-06 19:52 - 2014-02-06 19:52 - 00001121 _____ () C:\Users\Anwender\Desktop\Dxtory.lnk
2014-02-06 19:52 - 2014-02-06 19:52 - 00000000 ____D () C:\Program Files (x86)\ExKode
2014-02-06 19:52 - 2013-02-15 22:44 - 08300544 _____ (Dxtory Software) C:\Windows\SysWOW64\DxtoryCodec.dll
2014-02-06 19:52 - 2013-02-15 22:44 - 08043008 _____ (Dxtory Software) C:\Windows\system32\DxtoryCodec.dll
2014-02-06 19:51 - 2014-02-06 19:51 - 03874080 _____ (ExKode Co. Ltd. ) C:\Users\Anwender\Downloads\DxtorySetup2.0.126.exe
2014-02-02 18:23 - 2014-02-05 19:06 - 00000000 ____D () C:\Users\Anwender\Desktop\bewerbung
2014-02-02 12:14 - 2014-02-02 12:14 - 00000000 ____D () C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVEMon
2014-02-02 12:14 - 2014-02-02 12:14 - 00000000 ____D () C:\Users\Anwender\AppData\Roaming\EVEMon
2014-02-02 12:14 - 2014-02-02 12:14 - 00000000 ____D () C:\Program Files (x86)\EVEMon
2014-02-02 12:12 - 2014-02-02 12:13 - 04964669 _____ (battleclinic.com) C:\Users\Anwender\Downloads\EVEMon-install-1.8.5.4162.exe
2014-01-31 21:14 - 2014-01-31 21:14 - 00000000 ____D () C:\Users\Anwender\Documents\EVE
2014-01-31 20:20 - 2014-01-31 20:20 - 00000576 _____ () C:\Users\Anwender\Desktop\EVE.lnk
2014-01-31 20:20 - 2014-01-31 20:20 - 00000000 ____D () C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVE
2014-01-31 19:43 - 2014-01-31 19:43 - 00000000 ____D () C:\Users\Anwender\AppData\Local\CCP
2014-01-31 19:42 - 2014-01-31 19:42 - 04467064 _____ (CCP hf.) C:\Users\Anwender\Downloads\EVE_Online_Installer_710875.exe
2014-01-30 19:49 - 2014-01-30 19:49 - 00000963 _____ () C:\Users\Public\Desktop\FTL.lnk
2014-01-30 19:49 - 2014-01-30 19:49 - 00000000 ____D () C:\Program Files (x86)\FTL
2014-01-30 19:48 - 2014-01-30 19:48 - 158282489 _____ (Subset Games ) C:\Users\Anwender\Downloads\FTL_v1.03.3_Install.exe
2014-01-28 22:09 - 2014-01-28 22:09 - 00000000 ____D () C:\Users\Anwender\AppData\Local\Daedalic Entertainment GmbH
2014-01-28 18:14 - 2014-01-28 18:17 - 00000000 ____D () C:\ProgramData\sangFroidData
2014-01-28 18:14 - 2014-01-28 18:14 - 00000000 ____D () C:\Users\Anwender\AppData\Local\3DVIA
2014-01-24 00:48 - 2014-01-24 00:48 - 00000000 ____D () C:\Panda Software
2014-01-22 19:06 - 2014-01-22 20:42 - 00021983 _____ () C:\Users\Anwender\Desktop\Reflexion.odt
2014-01-21 14:34 - 2014-02-04 21:02 - 00000080 _____ () C:\Windows\system32\Drivers\etc\NetLoc.wlt.bck
2014-01-21 14:34 - 2014-02-04 21:02 - 00000080 _____ () C:\Windows\system32\Drivers\etc\NetLoc.wlt
2014-01-21 14:32 - 2014-02-09 13:02 - 00000120 _____ () C:\Windows\system32\Drivers\etc\NetAdapt.cfg.bck
2014-01-21 14:32 - 2014-02-09 13:02 - 00000120 _____ () C:\Windows\system32\Drivers\etc\NetAdapt.cfg
2014-01-21 14:32 - 2014-02-09 11:02 - 00000252 _____ () C:\Windows\system32\Drivers\etc\IdsFlt.cfg.bck
2014-01-21 14:32 - 2014-02-09 11:02 - 00000252 _____ () C:\Windows\system32\Drivers\etc\IdsFlt.cfg
2014-01-21 14:32 - 2014-02-09 11:02 - 00000068 _____ () C:\Windows\system32\Drivers\etc\NetFlt.cfg.bck
2014-01-21 14:32 - 2014-02-09 11:02 - 00000068 _____ () C:\Windows\system32\Drivers\etc\NetFlt.cfg
2014-01-21 14:32 - 2014-02-09 11:02 - 00000056 _____ () C:\Windows\system32\Drivers\etc\DsaFlt.cfg.bck
2014-01-21 14:32 - 2014-02-09 11:02 - 00000056 _____ () C:\Windows\system32\Drivers\etc\DsaFlt.cfg
2014-01-21 14:32 - 2014-02-09 11:01 - 00000076 _____ () C:\Windows\system32\Drivers\etc\NetAR.wlt.bck
2014-01-21 14:32 - 2014-02-09 11:01 - 00000076 _____ () C:\Windows\system32\Drivers\etc\NetAR.wlt
2014-01-21 14:32 - 2014-02-04 21:02 - 00000056 _____ () C:\Windows\system32\Drivers\etc\WnmFlt.cfg.bck
2014-01-21 14:32 - 2014-02-04 21:02 - 00000056 _____ () C:\Windows\system32\Drivers\etc\WnmFlt.cfg
2014-01-20 18:34 - 2014-02-09 15:10 - 00008627 _____ () C:\Windows\SysWOW64\PAV_FOG.OPC
2014-01-20 17:51 - 2014-01-20 17:51 - 00000000 ____D () C:\Users\Anwender\AppData\Local\Panda Security
2014-01-20 17:50 - 2014-02-09 16:17 - 00287688 _____ () C:\Windows\system32\Drivers\APPFCONT.DAT.bck
2014-01-20 17:50 - 2014-02-09 16:17 - 00287688 _____ () C:\Windows\system32\Drivers\APPFCONT.DAT
2014-01-20 17:50 - 2014-02-09 11:02 - 00303044 _____ () C:\Windows\system32\Drivers\etc\DsaFlt.rls.bck
2014-01-20 17:50 - 2014-02-09 11:02 - 00303044 _____ () C:\Windows\system32\Drivers\etc\DsaFlt.rls
2014-01-20 17:50 - 2014-02-09 11:02 - 00001132 _____ () C:\Windows\system32\Drivers\APPFLTR.CFG.bck
2014-01-20 17:50 - 2014-02-09 11:02 - 00001132 _____ () C:\Windows\system32\Drivers\APPFLTR.CFG
2014-01-20 17:50 - 2014-01-20 17:50 - 00015928 _____ () C:\Windows\system32\Drivers\COMFiltr.sys
2014-01-20 17:50 - 2014-01-20 17:50 - 00002532 _____ () C:\Users\Public\Desktop\Remote-Zugriff installieren.lnk
2014-01-20 17:50 - 2014-01-20 17:50 - 00002251 _____ () C:\Users\Public\Desktop\Panda Internet Security 2014.lnk
2014-01-20 17:50 - 2014-01-20 17:50 - 00000274 _____ () C:\Windows\system32\PavCPL64.dat
2014-01-20 17:50 - 2014-01-20 17:50 - 00000000 ____D () C:\ProgramData\Backup
2014-01-20 17:50 - 2011-01-31 16:41 - 00129096 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\APPFLT64.SYS
2014-01-20 17:50 - 2010-09-09 16:23 - 00078920 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\idsflt64.sys
2014-01-20 17:50 - 2010-06-22 18:20 - 00030792 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\pavboot64.sys
2014-01-20 17:50 - 2009-09-25 14:54 - 00170504 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\NETTDI64.SYS
2014-01-20 17:50 - 2009-09-25 14:54 - 00082952 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\dsaflt64.sys
2014-01-20 17:50 - 2009-09-25 14:54 - 00074760 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\wnmflt64.sys
2014-01-20 17:50 - 2009-09-25 14:54 - 00031752 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\fnetm64.sys
2014-01-20 17:49 - 2014-01-20 17:50 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2014-01-20 17:49 - 2014-01-20 17:49 - 00000000 ____D () C:\Windows\SysWOW64\PAV
2014-01-20 17:49 - 2014-01-20 17:49 - 00000000 ____D () C:\Users\Anwender\AppData\Roaming\Panda Security
2014-01-20 17:49 - 2014-01-20 17:49 - 00000000 ____D () C:\ProgramData\Panda Security
2014-01-20 17:49 - 2012-11-20 12:20 - 00545056 _____ (Panda Security, S.L.) C:\Windows\SysWOW64\PavSHookWow.dll
2014-01-20 17:49 - 2012-11-16 12:08 - 00837920 _____ (Panda Security, S.L.) C:\Windows\system32\PavSHook64.dll
2014-01-20 17:49 - 2012-05-22 15:54 - 00087328 _____ (Panda Security, S.L.) C:\Windows\SysWOW64\PavLspHookWow.dll
2014-01-20 17:49 - 2012-05-22 15:52 - 00117024 _____ (Panda Security, S.L.) C:\Windows\system32\PavLspHook64.dll
2014-01-20 17:49 - 2012-04-20 13:42 - 00024064 _____ (Panda Security, S.L.) C:\Windows\system32\sysHelper64.dll
2014-01-20 17:49 - 2012-03-26 18:57 - 00071432 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\amm6460.sys
2014-01-20 17:49 - 2010-09-01 11:09 - 00216648 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\n64i1644.sys
2014-01-20 17:49 - 2010-06-21 17:02 - 00323392 _____ (Panda Security, S.L.) C:\Windows\system32\TpUtil64.dll
2014-01-20 17:49 - 2010-06-21 17:02 - 00202048 _____ (Panda Security, S.L.) C:\Windows\SysWOW64\TpUtilWow.dll
2014-01-20 17:49 - 2010-06-21 17:01 - 00090944 _____ (Panda Security, S.L.) C:\Windows\system32\PavIpc64.dll
2014-01-20 17:49 - 2010-06-21 17:01 - 00066880 _____ (Panda Security, S.L.) C:\Windows\SysWOW64\PavIpcWow.dll
2014-01-20 17:49 - 2010-03-24 12:56 - 00064768 _____ (On-Access Anti-Malware Scanner Sync) C:\Windows\system32\avldr64.dll
2014-01-20 17:49 - 2009-10-27 12:07 - 00048136 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\ShldFlt.sys
2014-01-20 17:49 - 2009-08-10 13:46 - 00025344 _____ (Panda Security, S.L.) C:\Windows\SysWOW64\sysHelper32.dll
2014-01-20 17:49 - 2007-03-15 19:38 - 00046640 _____ (Panda Software) C:\Windows\system32\pavcpl64.cpl
2014-01-20 17:49 - 2003-10-22 18:23 - 00446464 _____ (eHelp Corporation.) C:\Windows\SysWOW64\HHActiveX.dll
2014-01-20 14:13 - 2014-01-20 14:13 - 00000000 ____D () C:\Users\Anwender\AppData\Roaming\TheBannerSaga
2014-01-20 13:44 - 2014-01-20 13:44 - 00297832 _____ () C:\Windows\Minidump\012014-32510-01.dmp
2014-01-16 22:47 - 2014-01-16 22:53 - 00000000 ____D () C:\Users\Anwender\Documents\Reus
2014-01-16 22:46 - 2014-01-16 22:46 - 00001010 _____ () C:\Users\Public\Desktop\Ultima VI.lnk
2014-01-16 22:46 - 2014-01-16 22:46 - 00001010 _____ () C:\Users\Public\Desktop\Ultima V.lnk
2014-01-16 22:46 - 2014-01-16 22:46 - 00001010 _____ () C:\Users\Public\Desktop\Ultima IV.lnk
2014-01-16 22:46 - 2014-01-16 22:46 - 00000663 _____ () C:\Users\Public\Desktop\King of Dragon Pass.lnk
2014-01-16 22:46 - 2014-01-16 22:46 - 00000554 _____ () C:\Users\Public\Desktop\Reus.lnk
2014-01-16 22:45 - 2014-01-16 22:45 - 20886688 _____ (GOG.com ) C:\Users\Anwender\Downloads\setup_ultima456_2.0.0.19.exe
2014-01-16 22:42 - 2014-01-16 22:45 - 392955488 _____ (GOG.com ) C:\Users\Anwender\Downloads\setup_reus_2.2.0.15.exe
2014-01-16 22:42 - 2014-01-16 22:44 - 216591280 _____ (GOG.com ) C:\Users\Anwender\Downloads\setup_kodp_2.0.0.12.exe
2014-01-16 14:31 - 2014-01-16 14:31 - 00297824 _____ () C:\Windows\Minidump\011614-47034-01.dmp
2014-01-15 19:35 - 2014-01-15 19:35 - 00000000 ____D () C:\Users\Anwender\AppData\Roaming\TheBannerSagaFactions
2014-01-15 16:17 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 16:17 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 16:17 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 16:17 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 16:17 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 16:17 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 16:17 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 16:17 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 16:17 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-14 18:08 - 2014-01-16 19:54 - 00018812 _____ () C:\Users\Anwender\Desktop\Bericht Praktikum.odt
2014-01-13 22:17 - 2014-01-20 13:44 - 598491525 _____ () C:\Windows\MEMORY.DMP
2014-01-13 22:17 - 2014-01-20 13:44 - 00000000 ____D () C:\Windows\Minidump
2014-01-12 16:03 - 2014-01-12 16:05 - 00000000 ____D () C:\Program Files (x86)\RaidCall
2014-01-12 16:03 - 2014-01-12 16:03 - 00001035 _____ () C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Start Menu\RaidCall.lnk
2014-01-12 16:03 - 2014-01-12 16:03 - 00001011 _____ () C:\Users\UpdatusUser\Desktop\RaidCall.lnk
2014-01-12 16:03 - 2014-01-12 16:03 - 00001011 _____ () C:\Users\Anwender\Desktop\RaidCall.lnk
2014-01-12 16:03 - 2014-01-12 16:03 - 00000000 ____D () C:\Users\Anwender\AppData\Roaming\raidcall
2014-01-12 16:03 - 2014-01-12 16:03 - 00000000 ____D () C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RaidCall
2014-01-12 16:01 - 2014-01-12 16:02 - 05525848 _____ () C:\Users\Anwender\Downloads\raidcall.exe
2014-01-11 10:25 - 2014-01-11 10:28 - 00000000 ____D () C:\Users\Anwender\Zomboid
2014-01-10 19:01 - 2014-01-12 17:06 - 00000000 ____D () C:\Users\Anwender\AppData\Roaming\Awesomium
2014-01-10 14:55 - 2014-01-10 15:52 - 00000000 ____D () C:\Users\Anwender\AppData\Local\dxhr
2014-01-10 14:55 - 2014-01-10 14:55 - 00000000 ____D () C:\Users\Anwender\AppData\Local\28050

==================== One Month Modified Files and Folders =======

2014-02-09 16:17 - 2014-02-09 16:17 - 00015551 _____ () C:\Users\Anwender\Desktop\FRST.txt
2014-02-09 16:17 - 2014-02-09 16:03 - 00000000 ____D () C:\FRST
2014-02-09 16:17 - 2014-01-20 17:50 - 00287688 _____ () C:\Windows\system32\Drivers\APPFCONT.DAT.bck
2014-02-09 16:17 - 2014-01-20 17:50 - 00287688 _____ () C:\Windows\system32\Drivers\APPFCONT.DAT
2014-02-09 16:13 - 2013-11-09 09:57 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-09 16:09 - 2009-07-14 05:45 - 00022512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-09 16:09 - 2009-07-14 05:45 - 00022512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-09 16:04 - 2014-02-09 16:04 - 00019774 _____ () C:\Users\Anwender\Downloads\Addition.txt
2014-02-09 16:04 - 2014-02-09 16:03 - 00041437 _____ () C:\Users\Anwender\Downloads\FRST.txt
2014-02-09 16:03 - 2013-11-09 09:52 - 01608480 _____ () C:\Windows\WindowsUpdate.log
2014-02-09 16:02 - 2014-02-09 16:02 - 02170368 _____ (Farbar) C:\Users\Anwender\Desktop\FRST64.exe
2014-02-09 16:02 - 2014-01-06 16:55 - 00000000 ____D () C:\Users\Anwender\AppData\Roaming\Spotify
2014-02-09 16:01 - 2014-02-09 16:01 - 00050477 _____ () C:\Users\Anwender\Desktop\Defogger.exe
2014-02-09 16:01 - 2014-02-09 16:01 - 00000478 _____ () C:\Users\Anwender\Downloads\defogger_disable.log
2014-02-09 16:01 - 2014-02-09 16:01 - 00000000 _____ () C:\Users\Anwender\defogger_reenable
2014-02-09 16:01 - 2013-11-09 09:52 - 00000000 ____D () C:\Users\Anwender
2014-02-09 15:42 - 2013-12-08 21:47 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-09 15:10 - 2014-01-20 18:34 - 00008627 _____ () C:\Windows\SysWOW64\PAV_FOG.OPC
2014-02-09 15:02 - 2013-12-08 21:33 - 00000000 ____D () C:\Users\Anwender\AppData\Roaming\TS3Client
2014-02-09 14:01 - 2013-12-08 20:36 - 00000000 ____D () C:\Users\Anwender\AppData\Local\CrashDumps
2014-02-09 13:02 - 2014-01-21 14:32 - 00000120 _____ () C:\Windows\system32\Drivers\etc\NetAdapt.cfg.bck
2014-02-09 13:02 - 2014-01-21 14:32 - 00000120 _____ () C:\Windows\system32\Drivers\etc\NetAdapt.cfg
2014-02-09 11:05 - 2013-12-09 09:53 - 00412759 _____ () C:\Windows\IE11_main.log
2014-02-09 11:02 - 2014-01-21 14:32 - 00000252 _____ () C:\Windows\system32\Drivers\etc\IdsFlt.cfg.bck
2014-02-09 11:02 - 2014-01-21 14:32 - 00000252 _____ () C:\Windows\system32\Drivers\etc\IdsFlt.cfg
2014-02-09 11:02 - 2014-01-21 14:32 - 00000068 _____ () C:\Windows\system32\Drivers\etc\NetFlt.cfg.bck
2014-02-09 11:02 - 2014-01-21 14:32 - 00000068 _____ () C:\Windows\system32\Drivers\etc\NetFlt.cfg
2014-02-09 11:02 - 2014-01-21 14:32 - 00000056 _____ () C:\Windows\system32\Drivers\etc\DsaFlt.cfg.bck
2014-02-09 11:02 - 2014-01-21 14:32 - 00000056 _____ () C:\Windows\system32\Drivers\etc\DsaFlt.cfg
2014-02-09 11:02 - 2014-01-20 17:50 - 00303044 _____ () C:\Windows\system32\Drivers\etc\DsaFlt.rls.bck
2014-02-09 11:02 - 2014-01-20 17:50 - 00303044 _____ () C:\Windows\system32\Drivers\etc\DsaFlt.rls
2014-02-09 11:02 - 2014-01-20 17:50 - 00001132 _____ () C:\Windows\system32\Drivers\APPFLTR.CFG.bck
2014-02-09 11:02 - 2014-01-20 17:50 - 00001132 _____ () C:\Windows\system32\Drivers\APPFLTR.CFG
2014-02-09 11:01 - 2014-01-21 14:32 - 00000076 _____ () C:\Windows\system32\Drivers\etc\NetAR.wlt.bck
2014-02-09 11:01 - 2014-01-21 14:32 - 00000076 _____ () C:\Windows\system32\Drivers\etc\NetAR.wlt
2014-02-09 11:00 - 2013-11-09 09:57 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-09 10:59 - 2013-12-08 21:15 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-09 10:59 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-09 10:59 - 2009-07-14 05:51 - 00031885 _____ () C:\Windows\setupact.log
2014-02-06 20:09 - 2014-02-06 19:52 - 00000000 ____D () C:\Users\Anwender\AppData\Local\Dxtory Software
2014-02-06 19:52 - 2014-02-06 19:52 - 00001121 _____ () C:\Users\Anwender\Desktop\Dxtory.lnk
2014-02-06 19:52 - 2014-02-06 19:52 - 00000000 ____D () C:\Program Files (x86)\ExKode
2014-02-06 19:51 - 2014-02-06 19:51 - 03874080 _____ (ExKode Co. Ltd. ) C:\Users\Anwender\Downloads\DxtorySetup2.0.126.exe
2014-02-06 17:13 - 2014-01-06 16:55 - 00000000 ____D () C:\Users\Anwender\AppData\Local\Spotify
2014-02-05 19:06 - 2014-02-02 18:23 - 00000000 ____D () C:\Users\Anwender\Desktop\bewerbung
2014-02-04 21:42 - 2013-12-08 21:47 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-04 21:42 - 2013-12-08 21:47 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-04 21:42 - 2013-12-08 21:47 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-04 21:15 - 2013-11-09 09:58 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-04 21:02 - 2014-01-21 14:34 - 00000080 _____ () C:\Windows\system32\Drivers\etc\NetLoc.wlt.bck
2014-02-04 21:02 - 2014-01-21 14:34 - 00000080 _____ () C:\Windows\system32\Drivers\etc\NetLoc.wlt
2014-02-04 21:02 - 2014-01-21 14:32 - 00000056 _____ () C:\Windows\system32\Drivers\etc\WnmFlt.cfg.bck
2014-02-04 21:02 - 2014-01-21 14:32 - 00000056 _____ () C:\Windows\system32\Drivers\etc\WnmFlt.cfg
2014-02-03 19:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-03 12:51 - 2010-11-21 04:47 - 01278482 _____ () C:\Windows\PFRO.log
2014-02-03 00:46 - 2013-11-09 10:03 - 01597378 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-03 00:46 - 2011-04-12 08:43 - 00700454 _____ () C:\Windows\system32\perfh007.dat
2014-02-03 00:46 - 2011-04-12 08:43 - 00150092 _____ () C:\Windows\system32\perfc007.dat
2014-02-03 00:46 - 2009-07-14 06:13 - 01644916 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-02 12:14 - 2014-02-02 12:14 - 00000000 ____D () C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVEMon
2014-02-02 12:14 - 2014-02-02 12:14 - 00000000 ____D () C:\Users\Anwender\AppData\Roaming\EVEMon
2014-02-02 12:14 - 2014-02-02 12:14 - 00000000 ____D () C:\Program Files (x86)\EVEMon
2014-02-02 12:13 - 2014-02-02 12:12 - 04964669 _____ (battleclinic.com) C:\Users\Anwender\Downloads\EVEMon-install-1.8.5.4162.exe
2014-01-31 21:14 - 2014-01-31 21:14 - 00000000 ____D () C:\Users\Anwender\Documents\EVE
2014-01-31 20:20 - 2014-01-31 20:20 - 00000576 _____ () C:\Users\Anwender\Desktop\EVE.lnk
2014-01-31 20:20 - 2014-01-31 20:20 - 00000000 ____D () C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVE
2014-01-31 19:43 - 2014-01-31 19:43 - 00000000 ____D () C:\Users\Anwender\AppData\Local\CCP
2014-01-31 19:42 - 2014-01-31 19:42 - 04467064 _____ (CCP hf.) C:\Users\Anwender\Downloads\EVE_Online_Installer_710875.exe
2014-01-30 19:55 - 2013-12-13 23:14 - 00000000 ____D () C:\Users\Anwender\Documents\My Games
2014-01-30 19:55 - 2013-11-09 09:53 - 00000000 ____D () C:\Users\Anwender\AppData\Local\VirtualStore
2014-01-30 19:49 - 2014-01-30 19:49 - 00000963 _____ () C:\Users\Public\Desktop\FTL.lnk
2014-01-30 19:49 - 2014-01-30 19:49 - 00000000 ____D () C:\Program Files (x86)\FTL
2014-01-30 19:48 - 2014-01-30 19:48 - 158282489 _____ (Subset Games ) C:\Users\Anwender\Downloads\FTL_v1.03.3_Install.exe
2014-01-28 22:09 - 2014-01-28 22:09 - 00000000 ____D () C:\Users\Anwender\AppData\Local\Daedalic Entertainment GmbH
2014-01-28 18:17 - 2014-01-28 18:14 - 00000000 ____D () C:\ProgramData\sangFroidData
2014-01-28 18:14 - 2014-01-28 18:14 - 00000000 ____D () C:\Users\Anwender\AppData\Local\3DVIA
2014-01-24 00:48 - 2014-01-24 00:48 - 00000000 ____D () C:\Panda Software
2014-01-22 20:42 - 2014-01-22 19:06 - 00021983 _____ () C:\Users\Anwender\Desktop\Reflexion.odt
2014-01-21 14:39 - 2013-11-09 10:33 - 00000000 ____D () C:\Users\Anwender\AppData\Local\Adobe
2014-01-20 17:51 - 2014-01-20 17:51 - 00000000 ____D () C:\Users\Anwender\AppData\Local\Panda Security
2014-01-20 17:50 - 2014-01-20 17:50 - 00015928 _____ () C:\Windows\system32\Drivers\COMFiltr.sys
2014-01-20 17:50 - 2014-01-20 17:50 - 00002532 _____ () C:\Users\Public\Desktop\Remote-Zugriff installieren.lnk
2014-01-20 17:50 - 2014-01-20 17:50 - 00002251 _____ () C:\Users\Public\Desktop\Panda Internet Security 2014.lnk
2014-01-20 17:50 - 2014-01-20 17:50 - 00000274 _____ () C:\Windows\system32\PavCPL64.dat
2014-01-20 17:50 - 2014-01-20 17:50 - 00000000 ____D () C:\ProgramData\Backup
2014-01-20 17:50 - 2014-01-20 17:49 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2014-01-20 17:49 - 2014-01-20 17:49 - 00000000 ____D () C:\Windows\SysWOW64\PAV
2014-01-20 17:49 - 2014-01-20 17:49 - 00000000 ____D () C:\Users\Anwender\AppData\Roaming\Panda Security
2014-01-20 17:49 - 2014-01-20 17:49 - 00000000 ____D () C:\ProgramData\Panda Security
2014-01-20 17:49 - 2013-11-09 10:07 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-01-20 14:13 - 2014-01-20 14:13 - 00000000 ____D () C:\Users\Anwender\AppData\Roaming\TheBannerSaga
2014-01-20 13:44 - 2014-01-20 13:44 - 00297832 _____ () C:\Windows\Minidump\012014-32510-01.dmp
2014-01-20 13:44 - 2014-01-13 22:17 - 598491525 _____ () C:\Windows\MEMORY.DMP
2014-01-20 13:44 - 2014-01-13 22:17 - 00000000 ____D () C:\Windows\Minidump
2014-01-16 23:44 - 2009-07-14 03:34 - 00000414 _____ () C:\Windows\win.ini
2014-01-16 22:53 - 2014-01-16 22:47 - 00000000 ____D () C:\Users\Anwender\Documents\Reus
2014-01-16 22:46 - 2014-01-16 22:46 - 00001010 _____ () C:\Users\Public\Desktop\Ultima VI.lnk
2014-01-16 22:46 - 2014-01-16 22:46 - 00001010 _____ () C:\Users\Public\Desktop\Ultima V.lnk
2014-01-16 22:46 - 2014-01-16 22:46 - 00001010 _____ () C:\Users\Public\Desktop\Ultima IV.lnk
2014-01-16 22:46 - 2014-01-16 22:46 - 00000663 _____ () C:\Users\Public\Desktop\King of Dragon Pass.lnk
2014-01-16 22:46 - 2014-01-16 22:46 - 00000554 _____ () C:\Users\Public\Desktop\Reus.lnk
2014-01-16 22:45 - 2014-01-16 22:45 - 20886688 _____ (GOG.com ) C:\Users\Anwender\Downloads\setup_ultima456_2.0.0.19.exe
2014-01-16 22:45 - 2014-01-16 22:42 - 392955488 _____ (GOG.com ) C:\Users\Anwender\Downloads\setup_reus_2.2.0.15.exe
2014-01-16 22:44 - 2014-01-16 22:42 - 216591280 _____ (GOG.com ) C:\Users\Anwender\Downloads\setup_kodp_2.0.0.12.exe
2014-01-16 19:54 - 2014-01-14 18:08 - 00018812 _____ () C:\Users\Anwender\Desktop\Bericht Praktikum.odt
2014-01-16 14:31 - 2014-01-16 14:31 - 00297824 _____ () C:\Windows\Minidump\011614-47034-01.dmp
2014-01-16 14:31 - 2009-07-14 05:45 - 00294736 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-15 23:37 - 2013-12-13 14:26 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-15 23:35 - 2013-12-13 14:26 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 19:35 - 2014-01-15 19:35 - 00000000 ____D () C:\Users\Anwender\AppData\Roaming\TheBannerSagaFactions
2014-01-12 17:06 - 2014-01-10 19:01 - 00000000 ____D () C:\Users\Anwender\AppData\Roaming\Awesomium
2014-01-12 16:05 - 2014-01-12 16:03 - 00000000 ____D () C:\Program Files (x86)\RaidCall
2014-01-12 16:03 - 2014-01-12 16:03 - 00001035 _____ () C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Start Menu\RaidCall.lnk
2014-01-12 16:03 - 2014-01-12 16:03 - 00001011 _____ () C:\Users\UpdatusUser\Desktop\RaidCall.lnk
2014-01-12 16:03 - 2014-01-12 16:03 - 00001011 _____ () C:\Users\Anwender\Desktop\RaidCall.lnk
2014-01-12 16:03 - 2014-01-12 16:03 - 00000000 ____D () C:\Users\Anwender\AppData\Roaming\raidcall
2014-01-12 16:03 - 2014-01-12 16:03 - 00000000 ____D () C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RaidCall
2014-01-12 16:02 - 2014-01-12 16:01 - 05525848 _____ () C:\Users\Anwender\Downloads\raidcall.exe
2014-01-11 10:28 - 2014-01-11 10:25 - 00000000 ____D () C:\Users\Anwender\Zomboid
2014-01-10 15:52 - 2014-01-10 14:55 - 00000000 ____D () C:\Users\Anwender\AppData\Local\dxhr
2014-01-10 14:55 - 2014-01-10 14:55 - 00000000 ____D () C:\Users\Anwender\AppData\Local\28050
2014-01-10 14:54 - 2013-12-13 15:30 - 00215628 _____ () C:\Windows\DirectX.log

Some content of TEMP:
====================
C:\Users\Anwender\AppData\Local\Temp\i4jdel0.exe
C:\Users\Anwender\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Anwender\AppData\Local\Temp\_is2CD9.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-02-09 11:29

==================== End Of Log ============================

Zitat:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-02-2014
Ran by Anwender at 2014-02-09 16:04:24
Running from C:\Users\Anwender\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Panda Internet Security 2014 (Enabled - Up to date) {86971480-9989-6750-B122-681A86518D59}
AS: Panda Internet Security 2014 (Enabled - Up to date) {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Personal Firewall 2014 (Enabled) {BEAC95A5-D3E6-6608-9A7D-C12F7882CA22}

==================== Installed Programs ======================

Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Arc (x32 Version: 1.0.0.5510 - Perfect World Entertainment)
ASUS GPU Tweak (x32 Version: 2.3.9.2 - ASUSTek COMPUTER INC.)
ASUS GPU Tweak (x32 Version: 2.3.9.2 - ASUSTek COMPUTER INC.) Hidden
Batman: Arkham Asylum GOTY Edition (x32 Version: - Rocksteady Studios)
Blackguards Demo (x32 Version: - Daedalic Entertainment)
Cube World version 0.0.1 (x32 Version: 0.0.1 - Picroma)
Dark Souls: Prepare to Die Edition (x32 Version: - FromSoftware)
Deponia (x32 Version: - Daedalic Entertainment)
Deus Ex: Human Revolution (x32 Version: - Eidos Montreal)
Dungeon of the Endless (x32 Version: - AMPLITUDE Studios)
Dungeons & Dragons: Chronicles of Mystara (x32 Version: - Iron Galaxy Studios)
Dungeons of Dredmor (x32 Version: - Gaslamp Games, Inc.)
Dxtory version 2.0.126 (x32 Version: 2.0.126 - ExKode Co. Ltd.)
EVE Online (nur entfernen) (x32 Version: - CCP Games Ltd.)
EVEMon (x32 Version: 1.8.5.4162 - battleclinic.com)
Fallout 3 - Game of the Year Edition (x32 Version: - Bethesda Game Studios)
FTL version 1.03.3 (x32 Version: 1.03.3 - Subset Games)
Google Chrome (x32 Version: 32.0.1700.107 - Google Inc.)
Google Drive (x32 Version: 1.13.5782.599 - Google, Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (x32 Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
HWiNFO32 Version 4.26 (x32 Version: 4.26 - Martin Malík - REALiX)
Intel(R) Management Engine Components (x32 Version: 9.0.0.1323 - Intel Corporation)
Intel(R) Network Connections 18.0.1.0 (Version: 18.0.1.0 - Intel)
Intel(R) Network Connections 18.0.1.0 (Version: 18.0.1.0 - Intel) Hidden
Intel(R) Processor Graphics (x32 Version: 9.18.10.3071 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.0.0.1083 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.0.0.1083 - Intel Corporation) Hidden
Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 3.0.0.63463 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 2.0.0.100 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
King of Dragon Pass (x32 Version: 2.0.0.12 - GOG.com)
La-Mulana (x32 Version: - NIGORO)
League of Legends (x32 Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Legend of Grimrock (x32 Version: - Almost Human Games)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (x32 Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
Myst: Masterpiece Edition (x32 Version: - Cyan Worlds)
NVIDIA 3D Vision Controller-Treiber 314.22 (Version: 314.22 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 314.22 (Version: 314.22 - NVIDIA Corporation)
NVIDIA Grafiktreiber 314.22 (Version: 314.22 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.23.1 (Version: 1.3.23.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.115.743 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1422 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 314.22 (Version: 314.22 - NVIDIA Corporation) Hidden
NVIDIA Update 1.12.12 (Version: 1.12.12 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.12.12 - NVIDIA Corporation) Hidden
ON_OFF Charge 2 B13.0403.1 (x32 Version: 1.00.0000 - GIGABYTE)
ON_OFF Charge 2 B13.0403.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
ON_OFF Charge B13.0403.1 (x32 Version: 1.00.0001 - GIGABYTE)
OpenOffice 4.0.1 (x32 Version: 4.01.9714 - Apache Software Foundation)
Overwolf (x32 Version: 0.46.271 - Overwolf)
Panda Internet Security 2014 (x32 Version: 19.00.00 - Panda Security) Hidden
Pando Media Booster (x32 Version: 2.6.0.7 - Pando Networks Inc.)
Password Depot 6 - Panda Secure Vault Edition (x32 Version: 6.1.5 - AceBIT GmbH)
Path of Exile (x32 Version: - Grinding Gear Games)
PlanetSide 2 (x32 Version: - Sony Online Entertainment)
Portal 2 (x32 Version: - Valve)
Project Zomboid (x32 Version: - Indie Stone Studios)
RaidCall (x32 Version: 7.3.0-1.0.10926.49 - raidcall.com)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6849 - Realtek Semiconductor Corp.)
Reus (x32 Version: 2.2.0.15 - GOG.com)
Sang-Froid - Tales of Werewolves (x32 Version: - Artifice Studio)
Space Hulk (x32 Version: - Full Control Studios)
Spotify (HKCU Version: 0.9.7.16.g4b197456 - Spotify AB)
Starbound (x32 Version: - )
Steam (x32 Version: - Valve Corporation)
Sword of the Stars: The Pit (x32 Version: - Kerberos Productions)
TeamSpeak 3 Client (Version: 3.0.13 - TeamSpeak Systems GmbH)
TeamViewer 8 (x32 Version: 8.0.22298 - TeamViewer)
The Banner Saga (x32 Version: - Stoic)
The Banner Saga: Factions (x32 Version: - Stoic)
The Dark Eye: Chains of Satinav (x32 Version: - Daedalic Entertainment)
The Elder Scrolls Online Beta (x32 Version: 0.3.4 - )
The Mighty Quest For Epic Loot version 1.223680 (x32 Version: 1.223680 - )
Ultima Second Trilogy (x32 Version: 2.0.0.19 - GOG.com)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
War of the Vikings Early Access (x32 Version: - Fatshark)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0 - Microsoft Corporation)
XCOM: Enemy Unknown (x32 Version: - Firaxis Games)

==================== Restore Points =========================

30-01-2014 15:31:47 Windows Update
31-01-2014 14:33:07 Windows Update
01-02-2014 01:02:08 Windows Update
01-02-2014 18:29:23 Windows Update
02-02-2014 23:42:38 Windows Update
03-02-2014 15:15:32 Windows Update
04-02-2014 20:05:03 Windows Update
05-02-2014 17:47:51 Windows Update
06-02-2014 16:16:56 Windows Update
09-02-2014 10:04:35 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {705280DA-4BC2-402F-86C2-1C13CEC7945A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-04] (Adobe Systems Incorporated)
Task: {7D038296-7BD8-4A3A-B0DB-3DFB8B0A0525} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-09] (Google Inc.)
Task: {C9A23E82-E126-4C55-BBC2-F9BF06B8B6C1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-09] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-11-09 10:08 - 2013-03-19 14:25 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-01-06 16:55 - 2014-01-13 22:18 - 00603648 _____ () C:\Users\Anwender\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2012-01-17 11:24 - 2012-01-17 11:24 - 00055296 _____ () C:\Windows\SysWOW64\ASGT.exe
2014-01-20 17:49 - 2007-02-14 13:55 - 00165424 _____ () C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\MiniCrypto.dll
2014-01-20 17:49 - 2004-05-19 11:33 - 00507904 _____ () C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\libxml2.dll
2014-01-20 17:49 - 2007-02-14 13:55 - 00099888 _____ () C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\APIcr.dll
2014-01-06 16:55 - 2014-01-13 22:18 - 36967424 _____ () C:\Users\Anwender\AppData\Roaming\Spotify\Data\libcef.dll
2013-12-09 02:19 - 2013-12-09 02:19 - 10926080 _____ () C:\Windows\system32\IEFRAME.dll
2014-01-06 16:55 - 2014-01-13 22:18 - 00887808 _____ () C:\Users\Anwender\AppData\Roaming\Spotify\Data\libglesv2.dll
2014-01-06 16:55 - 2014-01-13 22:18 - 00109568 _____ () C:\Users\Anwender\AppData\Roaming\Spotify\Data\libegl.dll
2013-11-09 10:07 - 2013-03-12 13:19 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2013-12-22 13:15 - 2013-12-22 13:15 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-02-04 21:42 - 2014-02-04 21:42 - 16287624 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll
2014-01-08 12:03 - 2013-12-12 23:19 - 00142848 _____ () D:\Steam\libavresample-1.dll
2014-01-08 12:03 - 2013-11-05 02:12 - 00890592 _____ () D:\Steam\libavutil-52.dll
2013-12-13 14:42 - 2014-01-11 00:33 - 00717312 _____ () D:\Steam\SDL2.dll
2013-12-13 14:42 - 2014-01-27 20:02 - 01138088 _____ () D:\Steam\bin\chromehtml.DLL
2013-12-13 14:42 - 2014-01-11 00:33 - 20625832 _____ () D:\Steam\bin\libcef.dll
2013-12-13 14:42 - 2013-06-15 00:49 - 01100800 _____ () D:\Steam\bin\avcodec-53.dll
2013-12-13 14:42 - 2013-06-15 00:49 - 00124416 _____ () D:\Steam\bin\avutil-51.dll
2013-12-13 14:42 - 2013-06-15 00:49 - 00192000 _____ () D:\Steam\bin\avformat-53.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail => ""="Service"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/09/2014 02:00:31 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: ExeFile.exe, Version: 2014.1.70.5482, Zeitstempel: 0x52e11c87
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0220d028
ID des fehlerhaften Prozesses: 0x19b0
Startzeit der fehlerhaften Anwendung: 0xExeFile.exe0
Pfad der fehlerhaften Anwendung: ExeFile.exe1
Pfad des fehlerhaften Moduls: ExeFile.exe2
Berichtskennung: ExeFile.exe3

Error: (02/09/2014 01:07:47 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (02/09/2014 11:04:35 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
Falscher Parameter.
.

Error: (02/09/2014 11:04:35 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
Falscher Parameter.
.

Error: (02/09/2014 11:00:54 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/06/2014 05:16:57 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
Falscher Parameter.
.

Error: (02/06/2014 05:16:56 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
Falscher Parameter.
.

Error: (02/06/2014 05:14:19 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/05/2014 06:47:51 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
Falscher Parameter.
.

Error: (02/05/2014 06:47:50 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
Falscher Parameter.
.

System errors:
=============
Error: (02/09/2014 04:02:52 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004002

Error: (02/09/2014 03:02:46 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004002

Error: (02/09/2014 02:02:40 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004002

Error: (02/09/2014 02:02:40 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004002

Error: (02/09/2014 01:02:34 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004002

Error: (02/09/2014 11:05:47 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Internet Explorer 11 für Windows 7 für x64-basierte Systeme

Error: (02/09/2014 11:03:07 AM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004002

Error: (02/09/2014 11:01:13 AM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004002

Error: (02/06/2014 11:37:21 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Panda On-Access Anti-Malware Service" wurde mit folgendem Fehler beendet:
%%1

Error: (02/06/2014 08:44:06 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004002

Microsoft Office Sessions:
=========================
Error: (02/09/2014 02:00:31 PM) (Source: Application Error)(User: )
Description: ExeFile.exe2014.1.70.548252e11c87unknown0.0.0.000000000c00000050220d02819b001cf25915080f4c1D:\EveOnline\bin\ExeFile.exeunknown27ae6bd2-918a-11e3-bb15-94de806f4318

Error: (02/09/2014 01:07:47 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (02/09/2014 11:04:35 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
Falscher Parameter.

Error: (02/09/2014 11:04:35 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
Falscher Parameter.

Error: (02/09/2014 11:00:54 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/06/2014 05:16:57 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
Falscher Parameter.

Error: (02/06/2014 05:16:56 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
Falscher Parameter.

Error: (02/06/2014 05:14:19 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/05/2014 06:47:51 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
Falscher Parameter.

Error: (02/05/2014 06:47:50 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
Falscher Parameter.

==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 16270.68 MB
Available physical RAM: 13927.84 MB
Total Pagefile: 32539.55 MB
Available Pagefile: 29080.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:415.04 GB) (Free:351.03 GB) NTFS
Drive d: (Volume) (Fixed) (Total:516.36 GB) (Free:340.38 GB) NTFS
Drive f: () (Removable) (Total:7.6 GB) (Free:6.4 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931 GB) (Disk ID: 874F8EC8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=415 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=516 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 8 GB) (Disk ID: 6F20736B)
No partition Table on disk 1.
Disk 1 is a removable device.

==================== End Of Log ============================

Gmer:

Zitat:

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-02-09 16:38:29
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000078 Intel___ rev.1.0. 931,50GB
Running: tvwg6m4h.exe; Driver: C:\Users\Anwender\AppData\Local\Temp\awddqkow.sys

---- Kernel code sections - GMER 2.1 ----

INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80003208000 16 bytes [49, B9, 00, 00, 00, 00, 80, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 546 fffff80003208012 22 bytes [04, 25, 88, 01, 00, 00, F6, ...]

---- User code sections - GMER 2.1 ----

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1200] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007744efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1200] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774799b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1200] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000774894d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1200] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077489640 5 bytes JMP 000000016fff0110
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1200] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000774aa500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1200] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe527490 11 bytes JMP 000007fffdf50228
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1200] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe53bf00 7 bytes JMP 000007fffdf50260
.text C:\Windows\system32\Dwm.exe[2844] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdf62db0 5 bytes JMP 000007fffdf50180
.text C:\Windows\system32\Dwm.exe[2844] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdf637d0 7 bytes JMP 000007fffdf500d8
.text C:\Windows\system32\Dwm.exe[2844] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdf68ef0 6 bytes JMP 000007fffdf50148
.text C:\Windows\system32\Dwm.exe[2844] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdf7af60 5 bytes JMP 000007fffdf50110
.text C:\Windows\system32\Dwm.exe[2844] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff7589e0 8 bytes JMP 000007fffdf501f0
.text C:\Windows\system32\Dwm.exe[2844] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff75be40 8 bytes JMP 000007fffdf501b8
.text C:\Windows\Explorer.EXE[2208] C:\Windows\system32\WS2_32.dll!WSASend 000007fefe0213b0 5 bytes JMP 000007feff4a0ac0
.text C:\Windows\Explorer.EXE[2208] C:\Windows\system32\WS2_32.dll!closesocket 000007fefe0218e0 5 bytes JMP 000007feff4a0d30
.text C:\Windows\Explorer.EXE[2208] C:\Windows\system32\WS2_32.dll!WSARecv 000007fefe022200 5 bytes JMP 000007feff4a0850
.text C:\Windows\Explorer.EXE[2208] C:\Windows\system32\WS2_32.dll!connect 000007fefe0245c0 5 bytes JMP 000007feff4a0100
.text C:\Windows\Explorer.EXE[2208] C:\Windows\system32\WS2_32.dll!send 000007fefe028000 5 bytes JMP 000007feff4a04a8
.text C:\Windows\Explorer.EXE[2208] C:\Windows\system32\WS2_32.dll!sendto 000007fefe02d7f0 5 bytes JMP 000007feff4a05e0
.text C:\Windows\Explorer.EXE[2208] C:\Windows\system32\WS2_32.dll!recv 000007fefe02df40 5 bytes JMP 000007feff4a0238
.text C:\Windows\Explorer.EXE[2208] C:\Windows\system32\WS2_32.dll!recvfrom 000007fefe02eb90 5 bytes JMP 000007feff4a0370
.text C:\Windows\Explorer.EXE[2208] C:\Windows\system32\WS2_32.dll!WSASendTo 000007fefe02ed50 5 bytes JMP 000007feff4a0bf8
.text C:\Windows\Explorer.EXE[2208] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefe04e0f0 5 bytes JMP 000007feff4a0718
.text C:\Windows\Explorer.EXE[2208] C:\Windows\system32\WS2_32.dll!WSARecvFrom 000007fefe04e6c0 5 bytes JMP 000007feff4a0988
.text C:\Windows\System32\igfxpers.exe[2812] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007744efe0 5 bytes JMP 000000016fff0148
.text C:\Windows\System32\igfxpers.exe[2812] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774799b0 7 bytes JMP 000000016fff00d8
.text C:\Windows\System32\igfxpers.exe[2812] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000774894d0 5 bytes JMP 000000016fff0180
.text C:\Windows\System32\igfxpers.exe[2812] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077489640 5 bytes JMP 000000016fff0110
.text C:\Windows\System32\igfxpers.exe[2812] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000774aa500 7 bytes JMP 000000016fff01b8
.text C:\Users\Anwender\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2992] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000753913e1 7 bytes JMP 00000001721c12ad
.text C:\Users\Anwender\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2992] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000753ab1d3 5 bytes JMP 00000001721c15be
.text C:\Users\Anwender\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2992] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000754288b4 7 bytes JMP 00000001721c1357
.text C:\Users\Anwender\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2992] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075428939 5 bytes JMP 00000001721c16e0
.text C:\Users\Anwender\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2992] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075428c8f 5 bytes JMP 00000001721c1028
.text C:\Users\Anwender\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2992] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000771c1d1b 5 bytes JMP 00000001721c11ef
.text C:\Users\Anwender\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2992] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000771c1dc9 5 bytes JMP 00000001721c1023
.text C:\Users\Anwender\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2992] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000771c2aa4 5 bytes JMP 00000001721c156e
.text C:\Users\Anwender\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2992] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000771c2d0a 5 bytes JMP 00000001721c1294
.text C:\Users\Anwender\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2992] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000077228a29 5 bytes JMP 00000001721c1050
.text C:\Users\Anwender\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2992] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000077234572 5 bytes JMP 00000001721c10d2
.text C:\Users\Anwender\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2992] C:\Windows\syswow64\WS2_32.dll!sendto 00000000766e34b5 5 bytes JMP 0000000101fd0594
.text C:\Users\Anwender\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2992] C:\Windows\syswow64\WS2_32.dll!closesocket 00000000766e3918 5 bytes JMP 0000000101fd0c6c
.text C:\Users\Anwender\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2992] C:\Windows\syswow64\WS2_32.dll!WSASend 00000000766e4406 5 bytes JMP 0000000101fd0a24
.text C:\Users\Anwender\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2992] C:\Windows\syswow64\WS2_32.dll!recv 00000000766e6b0e 5 bytes JMP 0000000101fd0228
.text C:\Users\Anwender\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2992] C:\Windows\syswow64\WS2_32.dll!connect 00000000766e6bdd 5 bytes JMP 0000000101fd0104
.text C:\Users\Anwender\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2992] C:\Windows\syswow64\WS2_32.dll!send 00000000766e6f01 5 bytes JMP 0000000101fd0470
.text C:\Users\Anwender\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2992] C:\Windows\syswow64\WS2_32.dll!WSARecv 00000000766e7089 5 bytes JMP 0000000101fd07dc
.text C:\Users\Anwender\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2992] C:\Windows\syswow64\WS2_32.dll!recvfrom 00000000766eb6dc 5 bytes JMP 0000000101fd034c
.text C:\Users\Anwender\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2992] C:\Windows\syswow64\WS2_32.dll!WSARecvFrom 00000000766ecba6 5 bytes JMP 0000000101fd0900
.text C:\Users\Anwender\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2992] C:\Windows\syswow64\WS2_32.dll!WSAConnect 00000000766ecc3f 5 bytes JMP 0000000101fd06b8
.text C:\Users\Anwender\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2992] C:\Windows\syswow64\WS2_32.dll!WSASendTo 00000000766fb30c 5 bytes JMP 0000000101fd0b48
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3548] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000753913e1 7 bytes JMP 00000001721c12ad
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3548] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000753ab1d3 5 bytes JMP 00000001721c15be
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3548] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000754288b4 7 bytes JMP 00000001721c1357
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3548] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075428939 5 bytes JMP 00000001721c16e0
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3548] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075428c8f 5 bytes JMP 00000001721c1028
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3548] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000771c1d1b 5 bytes JMP 00000001721c11ef
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3548] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000771c1dc9 5 bytes JMP 00000001721c1023
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3548] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000771c2aa4 5 bytes JMP 00000001721c156e
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3548] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000771c2d0a 5 bytes JMP 00000001721c1294
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3548] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007667e96b 5 bytes JMP 00000001721c15d7
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3548] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007667eba5 5 bytes JMP 00000001721c11b8
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3548] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000077228a29 5 bytes JMP 00000001721c1050
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3548] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000077234572 5 bytes JMP 00000001721c10d2
.text C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe[3312] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000753913e1 7 bytes JMP 00000001721c12ad
.text C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe[3312] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000753ab1d3 5 bytes JMP 00000001721c15be
.text C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe[3312] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000754288b4 7 bytes JMP 00000001721c1357
.text C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe[3312] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075428939 5 bytes JMP 00000001721c16e0
.text C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe[3312] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075428c8f 5 bytes JMP 00000001721c1028
.text C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe[3312] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000771c1d1b 5 bytes JMP 00000001721c11ef
.text C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe[3312] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000771c1dc9 5 bytes JMP 00000001721c1023
.text C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe[3312] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000771c2aa4 5 bytes JMP 00000001721c156e
.text C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe[3312] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000771c2d0a 5 bytes JMP 00000001721c1294
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4016] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000753913e1 7 bytes JMP 00000001721c12ad
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4016] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000753ab1d3 5 bytes JMP 00000001721c15be
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4016] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000754288b4 7 bytes JMP 00000001721c1357
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4016] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075428939 5 bytes JMP 00000001721c16e0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4016] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075428c8f 5 bytes JMP 00000001721c1028
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4016] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000771c1d1b 5 bytes JMP 00000001721c11ef
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4016] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000771c1dc9 5 bytes JMP 00000001721c1023
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4016] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000771c2aa4 5 bytes JMP 00000001721c156e
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4016] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000771c2d0a 5 bytes JMP 00000001721c1294
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4016] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000077228a29 5 bytes JMP 00000001721c1050
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4016] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000077234572 5 bytes JMP 00000001721c10d2
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3676] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007744efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3676] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774799b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3676] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000774894d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3676] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077489640 5 bytes JMP 000000016fff0110
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3676] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000774aa500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3676] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff7589e0 8 bytes JMP 000007fffdf501f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3676] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff75be40 8 bytes JMP 000007fffdf501b8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3676] C:\Windows\system32\WS2_32.dll!WSASend 000007fefe0213b0 5 bytes JMP 000007feff4a0ac0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3676] C:\Windows\system32\WS2_32.dll!closesocket 000007fefe0218e0 5 bytes JMP 000007feff4a0d30
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3676] C:\Windows\system32\WS2_32.dll!WSARecv 000007fefe022200 5 bytes JMP 000007feff4a0850
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3676] C:\Windows\system32\WS2_32.dll!connect 000007fefe0245c0 5 bytes JMP 000007feff4a0100
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3676] C:\Windows\system32\WS2_32.dll!send 000007fefe028000 5 bytes JMP 000007feff4a04a8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3676] C:\Windows\system32\WS2_32.dll!sendto 000007fefe02d7f0 5 bytes JMP 000007feff4a05e0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3676] C:\Windows\system32\WS2_32.dll!recv 000007fefe02df40 5 bytes JMP 000007feff4a0238
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3676] C:\Windows\system32\WS2_32.dll!recvfrom 000007fefe02eb90 5 bytes JMP 000007feff4a0370
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3676] C:\Windows\system32\WS2_32.dll!WSASendTo 000007fefe02ed50 5 bytes JMP 000007feff4a0bf8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3676] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefe04e0f0 5 bytes JMP 000007feff4a0718
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3676] C:\Windows\system32\WS2_32.dll!WSARecvFrom 000007fefe04e6c0 5 bytes JMP 000007feff4a0988
.text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4836] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 00000000753913e1 7 bytes JMP 00000001721c12ad
.text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4836] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW 00000000753ab1d3 5 bytes JMP 00000001721c15be
.text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4836] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 00000000754288b4 7 bytes JMP 00000001721c1357
.text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4836] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000075428939 5 bytes JMP 00000001721c16e0
.text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4836] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 0000000075428c8f 5 bytes JMP 00000001721c1028
.text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4836] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000771c1d1b 5 bytes JMP 00000001721c11ef
.text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4836] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000771c1dc9 5 bytes JMP 00000001721c1023
.text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4836] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000771c2aa4 5 bytes JMP 00000001721c156e
.text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4836] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000771c2d0a 5 bytes JMP 00000001721c1294
.text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4836] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000077228a29 5 bytes JMP 00000001721c1050
.text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4836] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000077234572 5 bytes JMP 00000001721c10d2
.text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4836] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007667e96b 5 bytes JMP 00000001721c15d7
.text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4836] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007667eba5 5 bytes JMP 00000001721c11b8
.text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4836] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076865ea5 5 bytes JMP 00000001721c1609
.text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4836] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076899d0b 5 bytes JMP 00000001721c1249
.text C:\Windows\SysWOW64\ntdll.dll[5584] C:\Windows\syswow64\WS2_32.dll!sendto 00000000766e34b5 5 bytes JMP 0000000100260594
.text C:\Windows\SysWOW64\ntdll.dll[5584] C:\Windows\syswow64\WS2_32.dll!closesocket 00000000766e3918 5 bytes JMP 0000000100260c6c
.text C:\Windows\SysWOW64\ntdll.dll[5584] C:\Windows\syswow64\WS2_32.dll!WSASend 00000000766e4406 5 bytes JMP 0000000100260a24
.text C:\Windows\SysWOW64\ntdll.dll[5584] C:\Windows\syswow64\WS2_32.dll!recv 00000000766e6b0e 5 bytes JMP 0000000100260228
.text C:\Windows\SysWOW64\ntdll.dll[5584] C:\Windows\syswow64\WS2_32.dll!connect 00000000766e6bdd 5 bytes JMP 0000000100260104
.text C:\Windows\SysWOW64\ntdll.dll[5584] C:\Windows\syswow64\WS2_32.dll!send 00000000766e6f01 5 bytes JMP 0000000100260470
.text C:\Windows\SysWOW64\ntdll.dll[5584] C:\Windows\syswow64\WS2_32.dll!WSARecv 00000000766e7089 5 bytes JMP 00000001002607dc
.text C:\Windows\SysWOW64\ntdll.dll[5584] C:\Windows\syswow64\WS2_32.dll!recvfrom 00000000766eb6dc 5 bytes JMP 000000010026034c
.text C:\Windows\SysWOW64\ntdll.dll[5584] C:\Windows\syswow64\WS2_32.dll!WSARecvFrom 00000000766ecba6 5 bytes JMP 0000000100260900
.text C:\Windows\SysWOW64\ntdll.dll[5584] C:\Windows\syswow64\WS2_32.dll!WSAConnect 00000000766ecc3f 5 bytes JMP 00000001002606b8
.text C:\Windows\SysWOW64\ntdll.dll[5584] C:\Windows\syswow64\WS2_32.dll!WSASendTo 00000000766fb30c 5 bytes JMP 0000000100260b48
.text C:\Users\Anwender\Desktop\tvwg6m4h.exe[7436] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000753913e1 7 bytes JMP 00000001721c12ad
.text C:\Users\Anwender\Desktop\tvwg6m4h.exe[7436] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000753ab1d3 5 bytes JMP 00000001721c15be
.text C:\Users\Anwender\Desktop\tvwg6m4h.exe[7436] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000754288b4 7 bytes JMP 00000001721c1357
.text C:\Users\Anwender\Desktop\tvwg6m4h.exe[7436] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075428939 5 bytes JMP 00000001721c16e0
.text C:\Users\Anwender\Desktop\tvwg6m4h.exe[7436] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075428c8f 5 bytes JMP 00000001721c1028
.text C:\Users\Anwender\Desktop\tvwg6m4h.exe[7436] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000771c1d1b 5 bytes JMP 00000001721c11ef
.text C:\Users\Anwender\Desktop\tvwg6m4h.exe[7436] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000771c1dc9 5 bytes JMP 00000001721c1023
.text C:\Users\Anwender\Desktop\tvwg6m4h.exe[7436] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000771c2aa4 5 bytes JMP 00000001721c156e
.text C:\Users\Anwender\Desktop\tvwg6m4h.exe[7436] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000771c2d0a 5 bytes JMP 00000001721c1294
.text C:\Users\Anwender\Desktop\tvwg6m4h.exe[7436] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007667e96b 5 bytes JMP 00000001721c15d7
.text C:\Users\Anwender\Desktop\tvwg6m4h.exe[7436] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007667eba5 5 bytes JMP 00000001721c11b8
.text C:\Users\Anwender\Desktop\tvwg6m4h.exe[7436] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000077228a29 5 bytes JMP 00000001721c1050
.text C:\Users\Anwender\Desktop\tvwg6m4h.exe[7436] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000077234572 5 bytes JMP 00000001721c10d2
.text C:\Users\Anwender\Desktop\tvwg6m4h.exe[7436] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076865ea5 5 bytes JMP 00000001721c1609
.text C:\Users\Anwender\Desktop\tvwg6m4h.exe[7436] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076899d0b 5 bytes JMP 00000001721c1249

---- Threads - GMER 2.1 ----

Thread C:\Windows\SysWOW64\ntdll.dll [1052:1056] 000000000040e740
Thread C:\Windows\SysWOW64\ntdll.dll [1052:1092] 00000000502e2090
Thread C:\Windows\SysWOW64\ntdll.dll [1052:1096] 00000000502e2090
Thread C:\Windows\SysWOW64\ntdll.dll [1052:1100] 00000000502e2090
Thread C:\Windows\SysWOW64\ntdll.dll [1052:1104] 00000000502e2090
Thread C:\Windows\SysWOW64\ntdll.dll [1052:3620] 000000002569d9c3
Thread C:\Windows\SysWOW64\ntdll.dll [1052:3080] 0000000000415e80
Thread C:\Windows\SysWOW64\ntdll.dll [1052:532] 0000000000415680
Thread C:\Windows\System32\svchost.exe [1256:3748] 000007fef73644e0
Thread C:\Windows\System32\svchost.exe [1256:4944] 000007feed4d20c0
Thread C:\Windows\System32\svchost.exe [1256:2640] 000007feed4d26a8
Thread C:\Windows\System32\svchost.exe [1256:5028] 000007feed4a14a0
Thread C:\Windows\System32\svchost.exe [1256:5808] 000007feec8ca2b0
Thread C:\Windows\System32\svchost.exe [1256:3848] 000007feec923efc
Thread C:\Windows\System32\svchost.exe [1256:5984] 000007feec968a4c
Thread C:\Windows\System32\svchost.exe [1256:3708] 000007feed4d29dc
Thread C:\Windows\System32\svchost.exe [1256:4688] 000007fef76288f8
Thread C:\Windows\system32\svchost.exe [1728:1064] 000007feedc7506c
Thread C:\Windows\system32\svchost.exe [1728:4660] 000007fef2bd1c20
Thread C:\Windows\system32\svchost.exe [1728:4672] 000007fef2bd1c20
Thread C:\Windows\system32\svchost.exe [1728:3128] 000007feed4084d8
Thread C:\Windows\system32\svchost.exe [1728:4432] 000007feed3c23a8
Thread C:\Windows\system32\svchost.exe [1728:4588] 000007feed460d00
Thread C:\Windows\system32\svchost.exe [1728:4812] 000007feed0b9498
Thread C:\Windows\system32\svchost.exe [1728:1452] 000007fef5bf4164
Thread C:\Windows\system32\svchost.exe [1728:3864] 000007fef9db5124
Thread C:\Windows\system32\svchost.exe [1728:14776] 000007fef5c11ab0
Thread C:\Windows\system32\svchost.exe [1728:14800] 000007feeba3cb70
Thread C:\Windows\system32\svchost.exe [1728:16260] 000007feedf9a978
Thread C:\Windows\system32\svchost.exe [1232:1520] 000007fefd651a70
Thread C:\Windows\system32\svchost.exe [1232:1560] 000007fefd651a70
Thread C:\Windows\system32\svchost.exe [1232:1780] 000007fefd651a70
Thread C:\Windows\system32\svchost.exe [1232:1808] 000007fef94f2c70
Thread C:\Windows\system32\svchost.exe [1232:1568] 000007fef94ffb40
Thread C:\Windows\system32\svchost.exe [1232:1604] 000007fef9511d20
Thread C:\Windows\system32\svchost.exe [1232:1640] 000007fef94ff6f0
Thread C:\Windows\system32\svchost.exe [1232:1424] 000007fef94135c0
Thread C:\Windows\system32\svchost.exe [1232:4428] 000007fef9415600
Thread C:\Windows\system32\svchost.exe [1232:4728] 000007feecf12888
Thread C:\Windows\system32\svchost.exe [1232:1700] 000007feecfb2940
Thread C:\Windows\system32\svchost.exe [1232:1724] 000007feecf12a40
Thread C:\Windows\SysWOW64\ntdll.dll [1388:1408] 000000000040182d
Thread [2412:2456] 00000000777faef0
Thread [2412:2508] 000007fefe38a808
Thread [2412:12312] 00000000777ffbf0
Thread [2412:16196] 00000000777ffbf0
Thread [2412:16288] 00000000777ffbf0
Thread [2764:3060] 00000000764f7587
Thread [2764:3068] 0000000077a12e65
Thread [2764:3016] 000000003d3ec9a0
Thread [2764:2956] 000000000802a770
Thread [2764:2984] 0000000008017bd0
Thread [2764:2088] 00000000080166e0
Thread [2764:2800] 00000000027c24c0
Thread [2764:2616] 0000000077a13e85
Thread [2764:15996] 000000007687d864
Thread [2764:15476] 0000000077a13e85
Thread [2764:11572] 0000000077a13e85
Thread C:\Windows\SysWOW64\ntdll.dll [1420:2052] 000000003db7d2af
Thread C:\Windows\SysWOW64\ntdll.dll [1420:2972] 000000003d7d4600
Thread C:\Windows\SysWOW64\ntdll.dll [1420:2056] 0000000050066778
Thread C:\Windows\SysWOW64\ntdll.dll [1420:2096] 00000000500d1571
Thread C:\Windows\SysWOW64\ntdll.dll [1420:2132] 00000000500d1571
Thread C:\Windows\SysWOW64\ntdll.dll [1420:2584] 000000003db6f050
Thread C:\Windows\SysWOW64\ntdll.dll [1420:3524] 0000000071ce32fb
Thread C:\Windows\SysWOW64\ntdll.dll [1420:3452] 000000004b22c270
Thread C:\Windows\SysWOW64\ntdll.dll [1420:3276] 000000004b22c270
Thread C:\Windows\SysWOW64\ntdll.dll [3012:3004] 0000000000527a85
Thread C:\Windows\SysWOW64\ntdll.dll [3012:2060] 0000000000529e44
Thread [6068:904] 000007feec7824a0
Thread [6068:6048] 00000000777faef0
Thread C:\Windows\SysWOW64\ntdll.dll [160:3568] 00000000002f314e
Thread C:\Windows\SysWOW64\ntdll.dll [5304:1620] 0000000000a37e12
Thread C:\Windows\SysWOW64\ntdll.dll [5584:4492] 0000000000e996c0
Thread C:\Windows\SysWOW64\ntdll.dll [5584:3228] 0000000000e9d7c4
Thread C:\Windows\SysWOW64\ntdll.dll [5584:2936] 0000000000e9d7c4
Thread C:\Windows\SysWOW64\ntdll.dll [5584:5136] 0000000000e9d7c4

---- EOF - GMER 2.1 ----

Mein Virenschutzprogramm (Panda Internet Security) hat nichts zu beanstanden...

Danke schonmal im Voraus!
Grüße, Piggeldi

cosinus · 09.02.2014, 16:46

Hi,

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Piggeldi · 09.02.2014, 17:13

Hi,
Danke für die schnelle Antwort!
Ich habe Malwarebytes Anti-Rootkit scannen lassen, der hat mir dann aber gemeldet, dass kein "cleanup" notwendig sei.

Hier mal die Logfiles:

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.02.09.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Anwender :: ANWENDER-PC [administrator]

09.02.2014 16:56:58
mbar-log-2014-02-09 (16-56-58).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 250753
Time elapsed: 10 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Grüße,
Piggeldi

cosinus · 10.02.2014, 09:50

Adware/Junkware/Toolbars entfernen

1. Schritt: adwCleaner

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Piggeldi · 10.02.2014, 11:35

Hi,

So, hier der Cleaner:

Code:

ATTFilter

# AdwCleaner v3.018 - Bericht erstellt am 10/02/2014 um 11:13:20
# Updated 28/01/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Anwender - ANWENDER-PC
# Gestartet von : C:\Users\Anwender\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16520


-\\ Mozilla Firefox v26.0 (de)

[ Datei : C:\Users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\zv0i53xq.default\prefs.js ]


-\\ Google Chrome v32.0.1700.107

[ Datei : C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1083 octets] - [10/02/2014 11:12:54]
AdwCleaner[S0].txt - [1005 octets] - [10/02/2014 11:13:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1065 octets] ##########

JRT:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Professional x64
Ran by Anwender on 10.02.2014 at 11:17:06,13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Emptied folder: C:\Users\Anwender\AppData\Roaming\mozilla\firefox\profiles\zv0i53xq.default\minidumps [48 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10.02.2014 at 11:27:37,50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-02-2014 03
Ran by Anwender (administrator) on ANWENDER-PC on 10-02-2014 11:30:52
Running from C:\Users\Anwender\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Panda Security) C:\PROGRAM FILES (X86)\PANDA SECURITY\PANDA INTERNET SECURITY 2014\WebProxy.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Spotify Ltd) C:\Users\Anwender\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\ApVxdWin.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\PavBckPT.exe
(Panda Security S.L.) C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\avciman.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13423688 2013-02-26] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291128 2013-03-06] (Intel Corporation)
HKLM-x32\...\Run: [ISUSScheduler] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [APVXDWIN] - C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\APVXDWIN.EXE [1054688 2013-06-10] (Panda Security, S.L.)
HKLM-x32\...\Run: [SCANINICIO] - C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\Inicio.exe [70432 2012-11-08] (Panda Security, S.L.)
Winlogon\Notify\avldr: C:\Windows\system32\avldr64.dll (On-Access Anti-Malware Scanner Sync)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2993961791-2139576912-1221930130-1000\...\Run: [ISUSPM Startup] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)
HKU\S-1-5-21-2993961791-2139576912-1221930130-1000\...\Run: [Spotify] - C:\Users\Anwender\AppData\Roaming\Spotify\Spotify.exe [6118400 2014-01-13] (Spotify Ltd)
HKU\S-1-5-21-2993961791-2139576912-1221930130-1000\...\Run: [Spotify Web Helper] - C:\Users\Anwender\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-13] (Spotify Ltd)
HKU\S-1-5-21-2993961791-2139576912-1221930130-1000\...\Run: [Dxtory Update Checker 2.0] - C:\Program Files (x86)\ExKode\Dxtory2.0\UpdateChecker.exe [93696 2010-10-17] (Dxtory Software)
HKU\S-1-5-21-2993961791-2139576912-1221930130-1000\...\MountPoints2: {538304a7-491f-11e3-80ce-806e6f6e6963} - E:\Install.exe
HKU\S-1-5-21-2993961791-2139576912-1221930130-1000\...\MountPoints2: {a5272ec9-491b-11e3-97e8-806e6f6e6963} - E:\Run.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [250504 2013-03-15] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [205184 2013-03-15] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x820004752FDDCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class - {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - D:\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 78.42.43.62 82.212.62.62

FireFox:
========
FF ProfilePath: C:\Users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\zv0i53xq.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin - D:\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: @raidcall.en/RCplugin - C:\Users\Anwender\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\zv0i53xq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-26]

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
CHR Plugin: (Norton Confidential) - C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.0.0.72_0\npcoplgn.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (         "name": "",) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (         "name": "",) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Extension: (Google Wallet) - C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-28]

==================== Services (Whitelisted) =================

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S3 ArcService; D:\Arc\ArcService.exe [88424 2013-10-10] (Perfect World Entertainment Inc)
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [18360 2013-11-11] (Overwolf Ltd)
R2 Panda Software Controller; C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\PsCtrls.exe [177440 2012-11-19] (Panda Security, S.L.)
R2 PAVFNSVR; C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\PavFnSvr.exe [202016 2012-09-21] (Panda Security, S.L.)
R2 PavPrSrv; C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe [62768 2008-02-04] (Panda Security, S.L.)
R2 PAVSRV; C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\pavsrvx86.exe [313664 2011-04-13] (Panda Security, S.L.)
R2 PSHost; c:\program files (x86)\panda security\panda internet security 2014\firewall\PSHOST.EXE [226560 2009-11-26] (Panda Security International)
R2 PSIMSVC; C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\PsImSvc.exe [108288 2008-06-19] (Panda Security S.L.)
R2 PskSvcRetail; C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\PskSvc.exe [28992 2010-08-16] (Panda Security, S.L.)
R2 TPSrv; C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\TPSrvWow.exe [173344 2012-11-16] (Panda Security, S.L.)

==================== Drivers (Whitelisted) ====================

S3 AD851X64; C:\Windows\System32\DRIVERS\AD851X64.SYS [41472 2005-11-21] (Infineon Technologies AG)
R2 AmFSM; C:\Windows\System32\DRIVERS\amm6460.sys [71432 2012-03-26] (Panda Security, S.L.)
R2 APPFLT; C:\Windows\system32\Drivers\APPFLT64.SYS [129096 2011-01-31] (Panda Security, S.L.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21584 2013-02-19] ()
R2 ComFiltr; C:\Windows\system32\DRIVERS\COMFiltr.sys [15928 2014-01-20] ()
R2 DSAFLT; C:\Windows\system32\Drivers\DSAFLT64.SYS [82952 2009-09-25] (Panda Security, S.L.)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [490256 2013-01-23] (Intel Corporation)
R2 FNETMON; C:\Windows\system32\Drivers\fnetm64.SYS [31752 2009-09-25] (Panda Security, S.L.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [31136 2013-12-09] (REALiX(tm))
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-01-31] (Intel Corporation)
R2 IDSFLT; C:\Windows\system32\Drivers\IDSFLT64.SYS [78920 2010-09-09] (Panda Security, S.L.)
R2 NETFLTDI; C:\Windows\system32\Drivers\NETTDI64.SYS [170504 2009-09-25] (Panda Security, S.L.)
R3 NETIMFLT01060044; C:\Windows\System32\DRIVERS\n64i1644.sys [216648 2010-09-01] (Panda Security, S.L.)
R0 pavboot; C:\Windows\System32\Drivers\pavboot64.sys [30792 2010-06-22] (Panda Security, S.L.)
R1 ShldFlt; C:\Windows\System32\DRIVERS\ShldFlt.sys [48136 2009-10-27] (Panda Security, S.L.)
R1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [21072 2013-03-27] ()
R2 WNMFLT; C:\Windows\system32\Drivers\WNMFLT64.SYS [74760 2009-09-25] (Panda Security, S.L.)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
R4 IOMap; \??\C:\Windows\system32\drivers\IOMap64.sys [X]
R3 PavTPK.sys; \??\C:\Windows\system32\PavTPK.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-10 11:30 - 2014-02-10 11:30 - 00000000 ____D () C:\Users\Anwender\Desktop\FRST-OlderVersion
2014-02-10 11:27 - 2014-02-10 11:27 - 00000833 _____ () C:\Users\Anwender\Desktop\JRT.txt
2014-02-10 11:17 - 2014-02-10 11:17 - 00000000 ____D () C:\Windows\ERUNT
2014-02-10 11:11 - 2014-02-10 11:13 - 00000000 ____D () C:\AdwCleaner
2014-02-10 11:11 - 2014-02-10 11:11 - 01037530 _____ (Thisisu) C:\Users\Anwender\Desktop\JRT.exe
2014-02-10 11:10 - 2014-02-10 11:10 - 01166132 _____ () C:\Users\Anwender\Desktop\adwcleaner.exe
2014-02-09 16:56 - 2014-02-09 17:10 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-09 16:56 - 2014-02-09 16:56 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-02-09 16:56 - 2014-02-09 16:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-09 16:55 - 2014-02-09 17:10 - 00000000 ____D () C:\Users\Anwender\Desktop\mbar
2014-02-09 16:55 - 2014-02-09 16:55 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-09 16:53 - 2014-02-09 16:53 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Anwender\Desktop\mbar-1.07.0.1009.exe
2014-02-09 16:38 - 2014-02-09 16:38 - 00048384 _____ () C:\Users\Anwender\Desktop\Gmer.txt
2014-02-09 16:23 - 2014-02-09 16:23 - 00380416 _____ () C:\Users\Anwender\Desktop\tvwg6m4h.exe
2014-02-09 16:18 - 2014-02-09 16:18 - 00000478 _____ () C:\Users\Anwender\Desktop\defogger_disable.log
2014-02-09 16:17 - 2014-02-10 11:30 - 00014766 _____ () C:\Users\Anwender\Desktop\FRST.txt
2014-02-09 16:04 - 2014-02-09 16:04 - 00019774 _____ () C:\Users\Anwender\Downloads\Addition.txt
2014-02-09 16:03 - 2014-02-10 11:30 - 00000000 ____D () C:\FRST
2014-02-09 16:03 - 2014-02-09 16:04 - 00041437 _____ () C:\Users\Anwender\Downloads\FRST.txt
2014-02-09 16:02 - 2014-02-10 11:30 - 02170880 _____ (Farbar) C:\Users\Anwender\Desktop\FRST64.exe
2014-02-09 16:01 - 2014-02-09 16:01 - 00050477 _____ () C:\Users\Anwender\Desktop\Defogger.exe
2014-02-09 16:01 - 2014-02-09 16:01 - 00000478 _____ () C:\Users\Anwender\Downloads\defogger_disable.log
2014-02-09 16:01 - 2014-02-09 16:01 - 00000000 _____ () C:\Users\Anwender\defogger_reenable
2014-02-06 19:52 - 2014-02-06 20:09 - 00000000 ____D () C:\Users\Anwender\AppData\Local\Dxtory Software
2014-02-06 19:52 - 2014-02-06 19:52 - 00001121 _____ () C:\Users\Anwender\Desktop\Dxtory.lnk
2014-02-06 19:52 - 2014-02-06 19:52 - 00000000 ____D () C:\Program Files (x86)\ExKode
2014-02-06 19:52 - 2013-02-15 22:44 - 08300544 _____ (Dxtory Software) C:\Windows\SysWOW64\DxtoryCodec.dll
2014-02-06 19:52 - 2013-02-15 22:44 - 08043008 _____ (Dxtory Software) C:\Windows\system32\DxtoryCodec.dll
2014-02-06 19:51 - 2014-02-06 19:51 - 03874080 _____ (ExKode Co. Ltd. ) C:\Users\Anwender\Downloads\DxtorySetup2.0.126.exe
2014-02-02 18:23 - 2014-02-05 19:06 - 00000000 ____D () C:\Users\Anwender\Desktop\bewerbung
2014-02-02 12:14 - 2014-02-02 12:14 - 00000000 ____D () C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVEMon
2014-02-02 12:14 - 2014-02-02 12:14 - 00000000 ____D () C:\Users\Anwender\AppData\Roaming\EVEMon
2014-02-02 12:14 - 2014-02-02 12:14 - 00000000 ____D () C:\Program Files (x86)\EVEMon
2014-02-02 12:12 - 2014-02-02 12:13 - 04964669 _____ (battleclinic.com) C:\Users\Anwender\Downloads\EVEMon-install-1.8.5.4162.exe
2014-01-31 21:14 - 2014-01-31 21:14 - 00000000 ____D () C:\Users\Anwender\Documents\EVE
2014-01-31 20:20 - 2014-01-31 20:20 - 00000576 _____ () C:\Users\Anwender\Desktop\EVE.lnk
2014-01-31 20:20 - 2014-01-31 20:20 - 00000000 ____D () C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVE
2014-01-31 19:43 - 2014-01-31 19:43 - 00000000 ____D () C:\Users\Anwender\AppData\Local\CCP
2014-01-31 19:42 - 2014-01-31 19:42 - 04467064 _____ (CCP hf.) C:\Users\Anwender\Downloads\EVE_Online_Installer_710875.exe
2014-01-30 19:49 - 2014-01-30 19:49 - 00000963 _____ () C:\Users\Public\Desktop\FTL.lnk
2014-01-30 19:49 - 2014-01-30 19:49 - 00000000 ____D () C:\Program Files (x86)\FTL
2014-01-30 19:48 - 2014-01-30 19:48 - 158282489 _____ (Subset Games ) C:\Users\Anwender\Downloads\FTL_v1.03.3_Install.exe
2014-01-28 22:09 - 2014-01-28 22:09 - 00000000 ____D () C:\Users\Anwender\AppData\Local\Daedalic Entertainment GmbH
2014-01-28 18:14 - 2014-01-28 18:17 - 00000000 ____D () C:\ProgramData\sangFroidData
2014-01-28 18:14 - 2014-01-28 18:14 - 00000000 ____D () C:\Users\Anwender\AppData\Local\3DVIA
2014-01-24 00:48 - 2014-01-24 00:48 - 00000000 ____D () C:\Panda Software
2014-01-22 19:06 - 2014-01-22 20:42 - 00021983 _____ () C:\Users\Anwender\Desktop\Reflexion.odt
2014-01-21 14:34 - 2014-02-04 21:02 - 00000080 _____ () C:\Windows\system32\Drivers\etc\NetLoc.wlt.bck
2014-01-21 14:34 - 2014-02-04 21:02 - 00000080 _____ () C:\Windows\system32\Drivers\etc\NetLoc.wlt
2014-01-21 14:32 - 2014-02-10 11:17 - 00000252 _____ () C:\Windows\system32\Drivers\etc\IdsFlt.cfg.bck
2014-01-21 14:32 - 2014-02-10 11:17 - 00000252 _____ () C:\Windows\system32\Drivers\etc\IdsFlt.cfg
2014-01-21 14:32 - 2014-02-10 11:17 - 00000068 _____ () C:\Windows\system32\Drivers\etc\NetFlt.cfg.bck
2014-01-21 14:32 - 2014-02-10 11:17 - 00000068 _____ () C:\Windows\system32\Drivers\etc\NetFlt.cfg
2014-01-21 14:32 - 2014-02-10 11:17 - 00000056 _____ () C:\Windows\system32\Drivers\etc\DsaFlt.cfg.bck
2014-01-21 14:32 - 2014-02-10 11:17 - 00000056 _____ () C:\Windows\system32\Drivers\etc\DsaFlt.cfg
2014-01-21 14:32 - 2014-02-10 11:15 - 00000120 _____ () C:\Windows\system32\Drivers\etc\NetAdapt.cfg.bck
2014-01-21 14:32 - 2014-02-10 11:15 - 00000120 _____ () C:\Windows\system32\Drivers\etc\NetAdapt.cfg
2014-01-21 14:32 - 2014-02-10 11:15 - 00000076 _____ () C:\Windows\system32\Drivers\etc\NetAR.wlt.bck
2014-01-21 14:32 - 2014-02-10 11:15 - 00000076 _____ () C:\Windows\system32\Drivers\etc\NetAR.wlt
2014-01-21 14:32 - 2014-02-04 21:02 - 00000056 _____ () C:\Windows\system32\Drivers\etc\WnmFlt.cfg.bck
2014-01-21 14:32 - 2014-02-04 21:02 - 00000056 _____ () C:\Windows\system32\Drivers\etc\WnmFlt.cfg
2014-01-20 18:34 - 2014-02-09 15:10 - 00008627 _____ () C:\Windows\SysWOW64\PAV_FOG.OPC
2014-01-20 17:51 - 2014-01-20 17:51 - 00000000 ____D () C:\Users\Anwender\AppData\Local\Panda Security
2014-01-20 17:50 - 2014-02-10 11:30 - 00289860 _____ () C:\Windows\system32\Drivers\APPFCONT.DAT.bck
2014-01-20 17:50 - 2014-02-10 11:30 - 00289860 _____ () C:\Windows\system32\Drivers\APPFCONT.DAT
2014-01-20 17:50 - 2014-02-10 11:17 - 00303044 _____ () C:\Windows\system32\Drivers\etc\DsaFlt.rls.bck
2014-01-20 17:50 - 2014-02-10 11:17 - 00303044 _____ () C:\Windows\system32\Drivers\etc\DsaFlt.rls
2014-01-20 17:50 - 2014-02-10 11:17 - 00001132 _____ () C:\Windows\system32\Drivers\APPFLTR.CFG.bck
2014-01-20 17:50 - 2014-02-10 11:17 - 00001132 _____ () C:\Windows\system32\Drivers\APPFLTR.CFG
2014-01-20 17:50 - 2014-01-20 17:50 - 00015928 _____ () C:\Windows\system32\Drivers\COMFiltr.sys
2014-01-20 17:50 - 2014-01-20 17:50 - 00002532 _____ () C:\Users\Public\Desktop\Remote-Zugriff installieren.lnk
2014-01-20 17:50 - 2014-01-20 17:50 - 00002251 _____ () C:\Users\Public\Desktop\Panda Internet Security 2014.lnk
2014-01-20 17:50 - 2014-01-20 17:50 - 00000274 _____ () C:\Windows\system32\PavCPL64.dat
2014-01-20 17:50 - 2014-01-20 17:50 - 00000000 ____D () C:\ProgramData\Backup
2014-01-20 17:50 - 2011-01-31 16:41 - 00129096 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\APPFLT64.SYS
2014-01-20 17:50 - 2010-09-09 16:23 - 00078920 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\idsflt64.sys
2014-01-20 17:50 - 2010-06-22 18:20 - 00030792 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\pavboot64.sys
2014-01-20 17:50 - 2009-09-25 14:54 - 00170504 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\NETTDI64.SYS
2014-01-20 17:50 - 2009-09-25 14:54 - 00082952 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\dsaflt64.sys
2014-01-20 17:50 - 2009-09-25 14:54 - 00074760 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\wnmflt64.sys
2014-01-20 17:50 - 2009-09-25 14:54 - 00031752 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\fnetm64.sys
2014-01-20 17:49 - 2014-01-20 17:50 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2014-01-20 17:49 - 2014-01-20 17:49 - 00000000 ____D () C:\Windows\SysWOW64\PAV
2014-01-20 17:49 - 2014-01-20 17:49 - 00000000 ____D () C:\Users\Anwender\AppData\Roaming\Panda Security
2014-01-20 17:49 - 2014-01-20 17:49 - 00000000 ____D () C:\ProgramData\Panda Security
2014-01-20 17:49 - 2012-11-20 12:20 - 00545056 _____ (Panda Security, S.L.) C:\Windows\SysWOW64\PavSHookWow.dll
2014-01-20 17:49 - 2012-11-16 12:08 - 00837920 _____ (Panda Security, S.L.) C:\Windows\system32\PavSHook64.dll
2014-01-20 17:49 - 2012-05-22 15:54 - 00087328 _____ (Panda Security, S.L.) C:\Windows\SysWOW64\PavLspHookWow.dll
2014-01-20 17:49 - 2012-05-22 15:52 - 00117024 _____ (Panda Security, S.L.) C:\Windows\system32\PavLspHook64.dll
2014-01-20 17:49 - 2012-04-20 13:42 - 00024064 _____ (Panda Security, S.L.) C:\Windows\system32\sysHelper64.dll
2014-01-20 17:49 - 2012-03-26 18:57 - 00071432 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\amm6460.sys
2014-01-20 17:49 - 2010-09-01 11:09 - 00216648 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\n64i1644.sys
2014-01-20 17:49 - 2010-06-21 17:02 - 00323392 _____ (Panda Security, S.L.) C:\Windows\system32\TpUtil64.dll
2014-01-20 17:49 - 2010-06-21 17:02 - 00202048 _____ (Panda Security, S.L.) C:\Windows\SysWOW64\TpUtilWow.dll
2014-01-20 17:49 - 2010-06-21 17:01 - 00090944 _____ (Panda Security, S.L.) C:\Windows\system32\PavIpc64.dll
2014-01-20 17:49 - 2010-06-21 17:01 - 00066880 _____ (Panda Security, S.L.) C:\Windows\SysWOW64\PavIpcWow.dll
2014-01-20 17:49 - 2010-03-24 12:56 - 00064768 _____ (On-Access Anti-Malware Scanner Sync) C:\Windows\system32\avldr64.dll
2014-01-20 17:49 - 2009-10-27 12:07 - 00048136 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\ShldFlt.sys
2014-01-20 17:49 - 2009-08-10 13:46 - 00025344 _____ (Panda Security, S.L.) C:\Windows\SysWOW64\sysHelper32.dll
2014-01-20 17:49 - 2007-03-15 19:38 - 00046640 _____ (Panda Software) C:\Windows\system32\pavcpl64.cpl
2014-01-20 17:49 - 2003-10-22 18:23 - 00446464 _____ (eHelp Corporation.) C:\Windows\SysWOW64\HHActiveX.dll
2014-01-20 14:13 - 2014-01-20 14:13 - 00000000 ____D () C:\Users\Anwender\AppData\Roaming\TheBannerSaga
2014-01-20 13:44 - 2014-01-20 13:44 - 00297832 _____ () C:\Windows\Minidump\012014-32510-01.dmp
2014-01-16 22:47 - 2014-01-16 22:53 - 00000000 ____D () C:\Users\Anwender\Documents\Reus
2014-01-16 22:46 - 2014-01-16 22:46 - 00001010 _____ () C:\Users\Public\Desktop\Ultima VI.lnk
2014-01-16 22:46 - 2014-01-16 22:46 - 00001010 _____ () C:\Users\Public\Desktop\Ultima V.lnk
2014-01-16 22:46 - 2014-01-16 22:46 - 00001010 _____ () C:\Users\Public\Desktop\Ultima IV.lnk
2014-01-16 22:46 - 2014-01-16 22:46 - 00000663 _____ () C:\Users\Public\Desktop\King of Dragon Pass.lnk
2014-01-16 22:46 - 2014-01-16 22:46 - 00000554 _____ () C:\Users\Public\Desktop\Reus.lnk
2014-01-16 22:45 - 2014-01-16 22:45 - 20886688 _____ (GOG.com ) C:\Users\Anwender\Downloads\setup_ultima456_2.0.0.19.exe
2014-01-16 22:42 - 2014-01-16 22:45 - 392955488 _____ (GOG.com ) C:\Users\Anwender\Downloads\setup_reus_2.2.0.15.exe
2014-01-16 22:42 - 2014-01-16 22:44 - 216591280 _____ (GOG.com ) C:\Users\Anwender\Downloads\setup_kodp_2.0.0.12.exe
2014-01-16 14:31 - 2014-01-16 14:31 - 00297824 _____ () C:\Windows\Minidump\011614-47034-01.dmp
2014-01-15 19:35 - 2014-01-15 19:35 - 00000000 ____D () C:\Users\Anwender\AppData\Roaming\TheBannerSagaFactions
2014-01-15 16:17 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 16:17 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 16:17 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 16:17 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 16:17 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 16:17 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 16:17 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 16:17 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 16:17 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-14 18:08 - 2014-01-16 19:54 - 00018812 _____ () C:\Users\Anwender\Desktop\Bericht Praktikum.odt
2014-01-13 22:17 - 2014-01-20 13:44 - 598491525 _____ () C:\Windows\MEMORY.DMP
2014-01-13 22:17 - 2014-01-20 13:44 - 00000000 ____D () C:\Windows\Minidump
2014-01-12 16:03 - 2014-01-12 16:05 - 00000000 ____D () C:\Program Files (x86)\RaidCall
2014-01-12 16:03 - 2014-01-12 16:03 - 00001035 _____ () C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Start Menu\RaidCall.lnk
2014-01-12 16:03 - 2014-01-12 16:03 - 00001011 _____ () C:\Users\UpdatusUser\Desktop\RaidCall.lnk
2014-01-12 16:03 - 2014-01-12 16:03 - 00001011 _____ () C:\Users\Anwender\Desktop\RaidCall.lnk
2014-01-12 16:03 - 2014-01-12 16:03 - 00000000 ____D () C:\Users\Anwender\AppData\Roaming\raidcall
2014-01-12 16:03 - 2014-01-12 16:03 - 00000000 ____D () C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RaidCall
2014-01-12 16:01 - 2014-01-12 16:02 - 05525848 _____ () C:\Users\Anwender\Downloads\raidcall.exe
2014-01-11 10:25 - 2014-01-11 10:28 - 00000000 ____D () C:\Users\Anwender\Zomboid

==================== One Month Modified Files and Folders =======

2014-02-10 11:31 - 2014-02-09 16:17 - 00014766 _____ () C:\Users\Anwender\Desktop\FRST.txt
2014-02-10 11:30 - 2014-02-10 11:30 - 00000000 ____D () C:\Users\Anwender\Desktop\FRST-OlderVersion
2014-02-10 11:30 - 2014-02-09 16:03 - 00000000 ____D () C:\FRST
2014-02-10 11:30 - 2014-02-09 16:02 - 02170880 _____ (Farbar) C:\Users\Anwender\Desktop\FRST64.exe
2014-02-10 11:30 - 2014-01-20 17:50 - 00289860 _____ () C:\Windows\system32\Drivers\APPFCONT.DAT.bck
2014-02-10 11:30 - 2014-01-20 17:50 - 00289860 _____ () C:\Windows\system32\Drivers\APPFCONT.DAT
2014-02-10 11:27 - 2014-02-10 11:27 - 00000833 _____ () C:\Users\Anwender\Desktop\JRT.txt
2014-02-10 11:23 - 2009-07-14 05:45 - 00022512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-10 11:23 - 2009-07-14 05:45 - 00022512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-10 11:17 - 2014-02-10 11:17 - 00000000 ____D () C:\Windows\ERUNT
2014-02-10 11:17 - 2014-01-21 14:32 - 00000252 _____ () C:\Windows\system32\Drivers\etc\IdsFlt.cfg.bck
2014-02-10 11:17 - 2014-01-21 14:32 - 00000252 _____ () C:\Windows\system32\Drivers\etc\IdsFlt.cfg
2014-02-10 11:17 - 2014-01-21 14:32 - 00000068 _____ () C:\Windows\system32\Drivers\etc\NetFlt.cfg.bck
2014-02-10 11:17 - 2014-01-21 14:32 - 00000068 _____ () C:\Windows\system32\Drivers\etc\NetFlt.cfg
2014-02-10 11:17 - 2014-01-21 14:32 - 00000056 _____ () C:\Windows\system32\Drivers\etc\DsaFlt.cfg.bck
2014-02-10 11:17 - 2014-01-21 14:32 - 00000056 _____ () C:\Windows\system32\Drivers\etc\DsaFlt.cfg
2014-02-10 11:17 - 2014-01-20 17:50 - 00303044 _____ () C:\Windows\system32\Drivers\etc\DsaFlt.rls.bck
2014-02-10 11:17 - 2014-01-20 17:50 - 00303044 _____ () C:\Windows\system32\Drivers\etc\DsaFlt.rls
2014-02-10 11:17 - 2014-01-20 17:50 - 00001132 _____ () C:\Windows\system32\Drivers\APPFLTR.CFG.bck
2014-02-10 11:17 - 2014-01-20 17:50 - 00001132 _____ () C:\Windows\system32\Drivers\APPFLTR.CFG
2014-02-10 11:16 - 2014-01-06 16:55 - 00000000 ____D () C:\Users\Anwender\AppData\Roaming\Spotify
2014-02-10 11:15 - 2014-01-21 14:32 - 00000120 _____ () C:\Windows\system32\Drivers\etc\NetAdapt.cfg.bck
2014-02-10 11:15 - 2014-01-21 14:32 - 00000120 _____ () C:\Windows\system32\Drivers\etc\NetAdapt.cfg
2014-02-10 11:15 - 2014-01-21 14:32 - 00000076 _____ () C:\Windows\system32\Drivers\etc\NetAR.wlt.bck
2014-02-10 11:15 - 2014-01-21 14:32 - 00000076 _____ () C:\Windows\system32\Drivers\etc\NetAR.wlt
2014-02-10 11:15 - 2013-11-09 09:57 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-10 11:15 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-10 11:14 - 2013-12-08 21:15 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-10 11:14 - 2009-07-14 05:51 - 00031997 _____ () C:\Windows\setupact.log
2014-02-10 11:13 - 2014-02-10 11:11 - 00000000 ____D () C:\AdwCleaner
2014-02-10 11:13 - 2013-11-09 09:57 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-10 11:13 - 2013-11-09 09:52 - 01693505 _____ () C:\Windows\WindowsUpdate.log
2014-02-10 11:11 - 2014-02-10 11:11 - 01037530 _____ (Thisisu) C:\Users\Anwender\Desktop\JRT.exe
2014-02-10 11:10 - 2014-02-10 11:10 - 01166132 _____ () C:\Users\Anwender\Desktop\adwcleaner.exe
2014-02-10 11:06 - 2014-01-06 16:55 - 00000000 ____D () C:\Users\Anwender\AppData\Local\Spotify
2014-02-10 10:46 - 2013-12-09 09:53 - 00420972 _____ () C:\Windows\IE11_main.log
2014-02-10 10:42 - 2013-12-08 21:47 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-09 21:03 - 2013-12-08 21:33 - 00000000 ____D () C:\Users\Anwender\AppData\Roaming\TS3Client
2014-02-09 17:10 - 2014-02-09 16:56 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-09 17:10 - 2014-02-09 16:55 - 00000000 ____D () C:\Users\Anwender\Desktop\mbar
2014-02-09 16:56 - 2014-02-09 16:56 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-02-09 16:56 - 2014-02-09 16:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-09 16:55 - 2014-02-09 16:55 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-09 16:53 - 2014-02-09 16:53 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Anwender\Desktop\mbar-1.07.0.1009.exe
2014-02-09 16:38 - 2014-02-09 16:38 - 00048384 _____ () C:\Users\Anwender\Desktop\Gmer.txt
2014-02-09 16:23 - 2014-02-09 16:23 - 00380416 _____ () C:\Users\Anwender\Desktop\tvwg6m4h.exe
2014-02-09 16:18 - 2014-02-09 16:18 - 00000478 _____ () C:\Users\Anwender\Desktop\defogger_disable.log
2014-02-09 16:04 - 2014-02-09 16:04 - 00019774 _____ () C:\Users\Anwender\Downloads\Addition.txt
2014-02-09 16:04 - 2014-02-09 16:03 - 00041437 _____ () C:\Users\Anwender\Downloads\FRST.txt
2014-02-09 16:01 - 2014-02-09 16:01 - 00050477 _____ () C:\Users\Anwender\Desktop\Defogger.exe
2014-02-09 16:01 - 2014-02-09 16:01 - 00000478 _____ () C:\Users\Anwender\Downloads\defogger_disable.log
2014-02-09 16:01 - 2014-02-09 16:01 - 00000000 _____ () C:\Users\Anwender\defogger_reenable
2014-02-09 16:01 - 2013-11-09 09:52 - 00000000 ____D () C:\Users\Anwender
2014-02-09 15:10 - 2014-01-20 18:34 - 00008627 _____ () C:\Windows\SysWOW64\PAV_FOG.OPC
2014-02-09 14:01 - 2013-12-08 20:36 - 00000000 ____D () C:\Users\Anwender\AppData\Local\CrashDumps
2014-02-06 20:09 - 2014-02-06 19:52 - 00000000 ____D () C:\Users\Anwender\AppData\Local\Dxtory Software
2014-02-06 19:52 - 2014-02-06 19:52 - 00001121 _____ () C:\Users\Anwender\Desktop\Dxtory.lnk
2014-02-06 19:52 - 2014-02-06 19:52 - 00000000 ____D () C:\Program Files (x86)\ExKode
2014-02-06 19:51 - 2014-02-06 19:51 - 03874080 _____ (ExKode Co. Ltd. ) C:\Users\Anwender\Downloads\DxtorySetup2.0.126.exe
2014-02-05 19:06 - 2014-02-02 18:23 - 00000000 ____D () C:\Users\Anwender\Desktop\bewerbung
2014-02-04 21:42 - 2013-12-08 21:47 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-04 21:42 - 2013-12-08 21:47 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-04 21:42 - 2013-12-08 21:47 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-04 21:15 - 2013-11-09 09:58 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-04 21:02 - 2014-01-21 14:34 - 00000080 _____ () C:\Windows\system32\Drivers\etc\NetLoc.wlt.bck
2014-02-04 21:02 - 2014-01-21 14:34 - 00000080 _____ () C:\Windows\system32\Drivers\etc\NetLoc.wlt
2014-02-04 21:02 - 2014-01-21 14:32 - 00000056 _____ () C:\Windows\system32\Drivers\etc\WnmFlt.cfg.bck
2014-02-04 21:02 - 2014-01-21 14:32 - 00000056 _____ () C:\Windows\system32\Drivers\etc\WnmFlt.cfg
2014-02-03 19:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-03 12:51 - 2010-11-21 04:47 - 01278482 _____ () C:\Windows\PFRO.log
2014-02-03 00:46 - 2013-11-09 10:03 - 01597378 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-03 00:46 - 2011-04-12 08:43 - 00700454 _____ () C:\Windows\system32\perfh007.dat
2014-02-03 00:46 - 2011-04-12 08:43 - 00150092 _____ () C:\Windows\system32\perfc007.dat
2014-02-03 00:46 - 2009-07-14 06:13 - 01644916 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-02 12:14 - 2014-02-02 12:14 - 00000000 ____D () C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVEMon
2014-02-02 12:14 - 2014-02-02 12:14 - 00000000 ____D () C:\Users\Anwender\AppData\Roaming\EVEMon
2014-02-02 12:14 - 2014-02-02 12:14 - 00000000 ____D () C:\Program Files (x86)\EVEMon
2014-02-02 12:13 - 2014-02-02 12:12 - 04964669 _____ (battleclinic.com) C:\Users\Anwender\Downloads\EVEMon-install-1.8.5.4162.exe
2014-01-31 21:14 - 2014-01-31 21:14 - 00000000 ____D () C:\Users\Anwender\Documents\EVE
2014-01-31 20:20 - 2014-01-31 20:20 - 00000576 _____ () C:\Users\Anwender\Desktop\EVE.lnk
2014-01-31 20:20 - 2014-01-31 20:20 - 00000000 ____D () C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVE
2014-01-31 19:43 - 2014-01-31 19:43 - 00000000 ____D () C:\Users\Anwender\AppData\Local\CCP
2014-01-31 19:42 - 2014-01-31 19:42 - 04467064 _____ (CCP hf.) C:\Users\Anwender\Downloads\EVE_Online_Installer_710875.exe
2014-01-30 19:55 - 2013-12-13 23:14 - 00000000 ____D () C:\Users\Anwender\Documents\My Games
2014-01-30 19:55 - 2013-11-09 09:53 - 00000000 ____D () C:\Users\Anwender\AppData\Local\VirtualStore
2014-01-30 19:49 - 2014-01-30 19:49 - 00000963 _____ () C:\Users\Public\Desktop\FTL.lnk
2014-01-30 19:49 - 2014-01-30 19:49 - 00000000 ____D () C:\Program Files (x86)\FTL
2014-01-30 19:48 - 2014-01-30 19:48 - 158282489 _____ (Subset Games ) C:\Users\Anwender\Downloads\FTL_v1.03.3_Install.exe
2014-01-28 22:09 - 2014-01-28 22:09 - 00000000 ____D () C:\Users\Anwender\AppData\Local\Daedalic Entertainment GmbH
2014-01-28 18:17 - 2014-01-28 18:14 - 00000000 ____D () C:\ProgramData\sangFroidData
2014-01-28 18:14 - 2014-01-28 18:14 - 00000000 ____D () C:\Users\Anwender\AppData\Local\3DVIA
2014-01-24 00:48 - 2014-01-24 00:48 - 00000000 ____D () C:\Panda Software
2014-01-22 20:42 - 2014-01-22 19:06 - 00021983 _____ () C:\Users\Anwender\Desktop\Reflexion.odt
2014-01-21 14:39 - 2013-11-09 10:33 - 00000000 ____D () C:\Users\Anwender\AppData\Local\Adobe
2014-01-20 17:51 - 2014-01-20 17:51 - 00000000 ____D () C:\Users\Anwender\AppData\Local\Panda Security
2014-01-20 17:50 - 2014-01-20 17:50 - 00015928 _____ () C:\Windows\system32\Drivers\COMFiltr.sys
2014-01-20 17:50 - 2014-01-20 17:50 - 00002532 _____ () C:\Users\Public\Desktop\Remote-Zugriff installieren.lnk
2014-01-20 17:50 - 2014-01-20 17:50 - 00002251 _____ () C:\Users\Public\Desktop\Panda Internet Security 2014.lnk
2014-01-20 17:50 - 2014-01-20 17:50 - 00000274 _____ () C:\Windows\system32\PavCPL64.dat
2014-01-20 17:50 - 2014-01-20 17:50 - 00000000 ____D () C:\ProgramData\Backup
2014-01-20 17:50 - 2014-01-20 17:49 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2014-01-20 17:49 - 2014-01-20 17:49 - 00000000 ____D () C:\Windows\SysWOW64\PAV
2014-01-20 17:49 - 2014-01-20 17:49 - 00000000 ____D () C:\Users\Anwender\AppData\Roaming\Panda Security
2014-01-20 17:49 - 2014-01-20 17:49 - 00000000 ____D () C:\ProgramData\Panda Security
2014-01-20 17:49 - 2013-11-09 10:07 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-01-20 14:13 - 2014-01-20 14:13 - 00000000 ____D () C:\Users\Anwender\AppData\Roaming\TheBannerSaga
2014-01-20 13:44 - 2014-01-20 13:44 - 00297832 _____ () C:\Windows\Minidump\012014-32510-01.dmp
2014-01-20 13:44 - 2014-01-13 22:17 - 598491525 _____ () C:\Windows\MEMORY.DMP
2014-01-20 13:44 - 2014-01-13 22:17 - 00000000 ____D () C:\Windows\Minidump
2014-01-16 23:44 - 2009-07-14 03:34 - 00000414 _____ () C:\Windows\win.ini
2014-01-16 22:53 - 2014-01-16 22:47 - 00000000 ____D () C:\Users\Anwender\Documents\Reus
2014-01-16 22:46 - 2014-01-16 22:46 - 00001010 _____ () C:\Users\Public\Desktop\Ultima VI.lnk
2014-01-16 22:46 - 2014-01-16 22:46 - 00001010 _____ () C:\Users\Public\Desktop\Ultima V.lnk
2014-01-16 22:46 - 2014-01-16 22:46 - 00001010 _____ () C:\Users\Public\Desktop\Ultima IV.lnk
2014-01-16 22:46 - 2014-01-16 22:46 - 00000663 _____ () C:\Users\Public\Desktop\King of Dragon Pass.lnk
2014-01-16 22:46 - 2014-01-16 22:46 - 00000554 _____ () C:\Users\Public\Desktop\Reus.lnk
2014-01-16 22:45 - 2014-01-16 22:45 - 20886688 _____ (GOG.com ) C:\Users\Anwender\Downloads\setup_ultima456_2.0.0.19.exe
2014-01-16 22:45 - 2014-01-16 22:42 - 392955488 _____ (GOG.com ) C:\Users\Anwender\Downloads\setup_reus_2.2.0.15.exe
2014-01-16 22:44 - 2014-01-16 22:42 - 216591280 _____ (GOG.com ) C:\Users\Anwender\Downloads\setup_kodp_2.0.0.12.exe
2014-01-16 19:54 - 2014-01-14 18:08 - 00018812 _____ () C:\Users\Anwender\Desktop\Bericht Praktikum.odt
2014-01-16 14:31 - 2014-01-16 14:31 - 00297824 _____ () C:\Windows\Minidump\011614-47034-01.dmp
2014-01-16 14:31 - 2009-07-14 05:45 - 00294736 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-15 23:37 - 2013-12-13 14:26 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-15 23:35 - 2013-12-13 14:26 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 19:35 - 2014-01-15 19:35 - 00000000 ____D () C:\Users\Anwender\AppData\Roaming\TheBannerSagaFactions
2014-01-12 17:06 - 2014-01-10 19:01 - 00000000 ____D () C:\Users\Anwender\AppData\Roaming\Awesomium
2014-01-12 16:05 - 2014-01-12 16:03 - 00000000 ____D () C:\Program Files (x86)\RaidCall
2014-01-12 16:03 - 2014-01-12 16:03 - 00001035 _____ () C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Start Menu\RaidCall.lnk
2014-01-12 16:03 - 2014-01-12 16:03 - 00001011 _____ () C:\Users\UpdatusUser\Desktop\RaidCall.lnk
2014-01-12 16:03 - 2014-01-12 16:03 - 00001011 _____ () C:\Users\Anwender\Desktop\RaidCall.lnk
2014-01-12 16:03 - 2014-01-12 16:03 - 00000000 ____D () C:\Users\Anwender\AppData\Roaming\raidcall
2014-01-12 16:03 - 2014-01-12 16:03 - 00000000 ____D () C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RaidCall
2014-01-12 16:02 - 2014-01-12 16:01 - 05525848 _____ () C:\Users\Anwender\Downloads\raidcall.exe
2014-01-11 10:28 - 2014-01-11 10:25 - 00000000 ____D () C:\Users\Anwender\Zomboid

Some content of TEMP:
====================
C:\Users\Anwender\AppData\Local\Temp\i4jdel0.exe
C:\Users\Anwender\AppData\Local\Temp\Quarantine.exe
C:\Users\Anwender\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Anwender\AppData\Local\Temp\_is2CD9.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-09 11:29

==================== End Of Log ============================

--- --- ---

--- --- ---

cosinus · 10.02.2014, 11:45

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Piggeldi · 10.02.2014, 13:28

Malwarebytes Anti-Malware :

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.02.10.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Anwender :: ANWENDER-PC [Administrator]

Schutz: Aktiviert

10.02.2014 11:55:50
mbam-log-2014-02-10 (11-55-50).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 235969
Laufzeit: 4 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Anwender\Downloads\OpenOffice - CHIP-Downloader.exe (PUP.Optional.DownloadSponsor) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

ESET:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=08c96d56b9a3d34385cbeb8a51cb8f32
# engine=17009
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-10 12:23:33
# local_time=2014-02-10 01:23:33 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 5326064 143664863 0 0
# scanned=177774
# found=0
# cleaned=0
# scan_time=4177

cosinus · 10.02.2014, 13:29

TFC - Temp File Cleaner

Lade dir

TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.

Öffne die TFC.exe.
Vista und Win 7 User mit Rechtsklick "als Administrator starten".
Schließe alle anderen Programme.
Drücke auf den Button Start.
Falls du zu einem Neustart aufgefordert wirst, bestätige diesen.

Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Piggeldi · 10.02.2014, 13:42

Hey Cosinus,

Danke für die schnelle Hilfe!
Das mit den Cookies werde ich mir mal ansehen.

Grüße, Piggeldi

cosinus · 10.02.2014, 13:51

Dann wären wir durch!

Falls du noch Lob oder Kritik loswerden möchtest => Lob, Kritik und Wünsche - Trojaner-Board

Die Programme, die hier zum Einsatz kamen, können alle deinstalliert werden.

Helfen kann dir dabei delfix:

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Bitte abschließend noch die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

Windows 7 - immer wieder aufploppendes Java Update

Log-Analyse und Auswertung: Windows 7 - immer wieder aufploppendes Java Update