BKA Virus!!!!!

neX2111 · 03.11.2013, 10:12

guten morgen

war gerade am starcraft zocken dann wollte Adobe updaten was ich zuließ nun hab ich den BKA Virus

hab schon farbar per usb stcik laufen lassen nun bin ich am ende meines Lateins

das ist mein code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013
Ran by SYSTEM on MININT-U09FD9I on 03-11-2013 09:53:02
Running from E:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SBRegRebootCleaner] - C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe [201608 2012-09-20] (GFI Software)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-10-18] (NVIDIA Corporation)
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [8290584 2013-08-01] (Logitech Inc.)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
Winlogon\Notify\WB: C:\Program Files (x86)\Stardock\MyColors\fast64.dll [X]
HKLM-x32\...\Run: [D-Link D-Link DWA-125] - C:\Program Files (x86)\D-Link\DWA-125 revA\AirNCFG.exe [1074496 2011-06-10] (D-Link Corp.)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554408 2013-05-15] (Lavasoft)
HKLM-x32\...\Run: [SearchProtection] - C:\ProgramData\Search Protection\_run.bat [141 2012-12-02] ()
HKLM-x32\...\Run: [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKU\neX0r\...\Run: [Google Update] - [x]
HKU\neX0r\...\Winlogon: [Shell] explorer.exe,C:\Users\neX0r\AppData\Roaming\cache.dat [180224 2013-08-29] () <==== ATTENTION

==================== Services (Whitelisted) =================

S2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-06-13] (Lavasoft Limited)
S2 D_Link_DWA-125_WPS; C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe [53248 2010-07-12] ()
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] ()
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] ()
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15122208 2013-10-18] (NVIDIA Corporation)
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-05-06] ()
S2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
S2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{bfa7462a-98b9-8465-860e-ae48219905d1}\ \...\???\{bfa7462a-98b9-8465-860e-ae48219905d1}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

S1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2010-05-29] ()
S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-07-29] (GFI Software)
S3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.)

hoffe ihr könnt mir helfen danke
ahja abgesicherter Modus is nich fährt direkt runter

Bootsektor · 03.11.2013, 10:31

Ich habe dein Thema in Arbeit und melde mich so schnell wie möglich mit weiteren Anweisungen.

Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass Du Hilfe von einem ausgebildeten Helfer bekommst.

Ich bedanke mich für deine Geduld

Bitte füge die Logs immer in Code-Tags ein. Wenn Du das nicht machts, erschwert es mir sehr das Auswerten. Danke.
Dazu:

Klicke über dem Antwortfenster auf die Raute #, dann steht dort in eckigen Klammern [] CODE /CODE.
Zwischen den beiden code-Bausteinen fügst Du dann deine Logfiles ein. Also CODE Logfile /CODE
Wenn die Logs zu lang sein sollten, dann teile sie bitte auf und poste sie dann hier in Deinem Thread, notfalls in mehreren Antworten.

Schritt 1
Das FRST-Log, was du gepostet hast, ist unvollständig, bitte poste das komplette Log.

neX2111 · 03.11.2013, 11:54

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013
Ran by SYSTEM on MININT-U09FD9I on 03-11-2013 09:53:02
Running from E:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SBRegRebootCleaner] - C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe [201608 2012-09-20] (GFI Software)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-10-18] (NVIDIA Corporation)
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [8290584 2013-08-01] (Logitech Inc.)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
Winlogon\Notify\WB: C:\Program Files (x86)\Stardock\MyColors\fast64.dll [X]
HKLM-x32\...\Run: [D-Link D-Link DWA-125] - C:\Program Files (x86)\D-Link\DWA-125 revA\AirNCFG.exe [1074496 2011-06-10] (D-Link Corp.)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554408 2013-05-15] (Lavasoft)
HKLM-x32\...\Run: [SearchProtection] - C:\ProgramData\Search Protection\_run.bat [141 2012-12-02] ()
HKLM-x32\...\Run: [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKU\neX0r\...\Run: [Google Update] - [x]
HKU\neX0r\...\Winlogon: [Shell] explorer.exe,C:\Users\neX0r\AppData\Roaming\cache.dat [180224 2013-08-29] () <==== ATTENTION 

==================== Services (Whitelisted) =================

S2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-06-13] (Lavasoft Limited)
S2 D_Link_DWA-125_WPS; C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe [53248 2010-07-12] ()
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] ()
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] ()
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15122208 2013-10-18] (NVIDIA Corporation)
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-05-06] ()
S2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
S2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{bfa7462a-98b9-8465-860e-ae48219905d1}\   \...\???\{bfa7462a-98b9-8465-860e-ae48219905d1}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

S1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2010-05-29] ()
S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-07-29] (GFI Software)
S3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
S3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [1617472 2011-04-28] (Ralink Technology Corp.)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-28] (NVIDIA Corporation)
S3 athr; system32\DRIVERS\athrx.sys [x]
S1 lzwrwlgo; \??\C:\Windows\system32\drivers\lzwrwlgo.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-03 09:52 - 2013-11-03 09:52 - 00000000 ____D C:\FRST
2013-11-03 09:07 - 2013-11-03 09:31 - 00000004 _____ C:\Users\neX0r\AppData\Roaming\cache.ini
2013-10-31 08:47 - 2013-10-31 08:47 - 00000774 _____ C:\Windows\PFRO.log
2013-10-30 21:30 - 2013-10-30 21:30 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-10-28 22:03 - 2013-10-23 11:30 - 25257248 _____ (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2013-10-28 22:03 - 2013-10-23 11:30 - 22933792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-10-28 22:03 - 2013-10-23 11:30 - 18199872 _____ (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2013-10-28 22:03 - 2013-10-23 11:30 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-10-28 22:03 - 2013-10-23 11:30 - 12572960 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2013-10-28 22:03 - 2013-10-23 11:30 - 11426568 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2013-10-28 22:03 - 2013-10-23 11:30 - 11374520 _____ (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2013-10-28 22:03 - 2013-10-23 11:30 - 09524088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-10-28 22:03 - 2013-10-23 11:30 - 09480328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-10-28 22:03 - 2013-10-23 11:30 - 03131680 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2013-10-28 22:03 - 2013-10-23 11:30 - 03124512 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2013-10-28 22:03 - 2013-10-23 11:30 - 02946848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-10-28 22:03 - 2013-10-23 11:30 - 02747168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-10-28 22:03 - 2013-10-23 11:30 - 01884448 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6433165.dll
2013-10-28 22:03 - 2013-10-23 11:30 - 01511712 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6433165.dll
2013-10-28 22:03 - 2013-10-23 11:30 - 00696096 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll
2013-10-28 22:03 - 2013-10-23 11:30 - 00655136 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll
2013-10-28 22:03 - 2013-10-23 11:30 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-10-28 22:03 - 2013-10-23 11:30 - 00560416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-10-28 22:01 - 2013-10-18 02:36 - 01063200 _____ (NVIDIA Corporation) C:\Windows\System32\nvspcap64.dll
2013-10-28 22:01 - 2013-10-18 02:36 - 00955168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2013-10-28 21:55 - 2013-09-28 00:01 - 00039200 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvvad64v.sys
2013-10-28 21:55 - 2013-09-28 00:01 - 00028960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-10-25 18:09 - 2013-10-25 18:09 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-10-25 18:03 - 2013-10-16 01:48 - 01884448 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6433158.dll
2013-10-25 18:03 - 2013-10-16 01:48 - 01511712 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6433158.dll
2013-10-25 18:01 - 2013-10-25 18:01 - 00000000 ____D C:\NVIDIA
2013-10-23 03:02 - 2013-10-23 03:02 - 00589600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2013-10-14 18:53 - 2013-10-14 18:55 - 00012600 _____ C:\ProgramData\47rvqb.pff
2013-10-14 15:28 - 2013-10-14 18:53 - 00000000 _____ C:\ProgramData\47rvqb.ctrl
2013-10-14 15:28 - 2013-10-14 15:29 - 00060512 ____T (Microsoft Corporation) C:\ProgramData\47rvqb.pzz
2013-10-14 15:28 - 2013-10-14 15:28 - 00125952 _____ C:\ProgramData\bqvr74.plz
2013-10-14 15:27 - 2013-10-14 15:27 - 00000000 ___HD C:\Windows\AxInstSV
2013-10-11 22:27 - 2013-10-11 22:27 - 00000000 ___HD C:\Wondershare_DrFone_Backup
2013-10-11 22:16 - 2013-10-11 22:16 - 00000000 ____D C:\Users\neX0r\AppData\Roaming\Software4u
2013-10-11 22:16 - 2013-10-11 22:16 - 00000000 ____D C:\Users\neX0r\AppData\Local\IsolatedStorage
2013-10-11 22:06 - 2013-10-11 22:21 - 00000000 ____D C:\Program Files\Recuva
2013-10-11 21:52 - 2013-10-11 21:52 - 00000000 ____D C:\Users\neX0r\AppData\Local\Wondershare
2013-10-11 21:51 - 2013-10-11 22:53 - 00000000 ____D C:\Program Files (x86)\Wondershare
2013-10-11 21:51 - 2013-10-11 21:51 - 00000000 ____D C:\ProgramData\Wondershare
2013-10-11 12:17 - 2013-10-11 12:18 - 00000000 ____D C:\Program Files\Logitech Gaming Software
2013-10-11 12:16 - 2013-10-11 12:16 - 00000000 ____D C:\Users\neX0r\AppData\Roaming\Logitech
2013-10-11 12:16 - 2013-10-11 12:16 - 00000000 ____D C:\Users\neX0r\AppData\Roaming\Logishrd
2013-10-11 12:00 - 2013-10-11 12:00 - 00000000 ____D C:\ProgramData\LogiShrd
2013-10-11 11:55 - 2013-10-11 12:19 - 00000000 ____D C:\Users\neX0r\AppData\Local\Logitech
2013-10-11 11:55 - 2013-10-11 11:55 - 00000000 ____H C:\Windows\System32\Drivers\Msft_User_lgSSQVGA_01_00_00.Wdf
2013-10-11 11:55 - 2013-10-11 11:55 - 00000000 ____H C:\Windows\System32\Drivers\Msft_User_lgSSBW_01_00_00.Wdf
2013-10-09 17:39 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-09 17:39 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-09 17:39 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-09 17:39 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-09 17:39 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-09 17:39 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-09 17:39 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-09 17:39 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-09 17:39 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-09 17:39 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-09 17:39 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-09 17:39 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-09 17:39 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-09 17:39 - 2013-09-22 23:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-10-09 17:39 - 2013-09-22 23:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-10-09 17:39 - 2013-09-22 23:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-10-09 17:39 - 2013-09-22 23:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-10-09 17:39 - 2013-09-22 23:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-10-09 17:39 - 2013-09-22 23:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-10-09 17:39 - 2013-09-22 23:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-10-09 17:39 - 2013-09-22 23:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-10-09 17:39 - 2013-09-22 23:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-10-09 17:39 - 2013-09-22 23:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-10-09 17:39 - 2013-09-22 23:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-10-09 17:39 - 2013-09-22 23:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-10-09 17:39 - 2013-09-22 23:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-10-09 17:39 - 2013-09-22 23:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-10-09 17:39 - 2013-09-21 04:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-10-09 17:39 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-09 17:39 - 2013-09-21 03:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-10-09 17:39 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-09 14:01 - 2013-09-14 02:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2013-10-09 14:01 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-10-09 14:01 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\System32\mswsock.dll
2013-10-09 14:01 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-09 14:01 - 2013-08-28 02:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-10-09 14:01 - 2013-07-12 11:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbvideo.sys
2013-10-09 14:01 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbcir.sys
2013-10-09 14:01 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\System32\WebClnt.dll
2013-10-09 14:01 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\comctl32.dll
2013-10-09 14:01 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\System32\davclnt.dll
2013-10-09 14:01 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-09 14:01 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-09 14:01 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-09 14:01 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys
2013-10-09 14:01 - 2013-07-03 05:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbscan.sys
2013-10-09 14:01 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2013-10-09 14:01 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys
2013-10-09 14:01 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2013-10-09 14:01 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\System32\lpk.dll
2013-10-09 14:01 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2013-10-09 14:01 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\System32\dciman32.dll
2013-10-09 14:01 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
2013-10-09 14:01 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-09 14:01 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-09 14:01 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-09 14:01 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2013-10-09 14:01 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-09 14:01 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-09 14:00 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2013-10-09 14:00 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2013-10-09 14:00 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2013-10-09 14:00 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2013-10-09 14:00 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2013-10-09 14:00 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2013-10-09 14:00 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2013-10-09 14:00 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-10-09 14:00 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-10-09 14:00 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\System32\tdh.dll
2013-10-09 14:00 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-10-09 14:00 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\System32\advapi32.dll
2013-10-09 14:00 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-09 14:00 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-09 14:00 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-09 14:00 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-09 14:00 - 2013-08-29 02:50 - 00180224 _____ C:\Users\neX0r\AppData\Roaming\cache.dat
2013-10-09 14:00 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-09 14:00 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-09 14:00 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-09 14:00 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-09 14:00 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-09 14:00 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-09 14:00 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\System32\scavengeui.dll
2013-10-09 14:00 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-10-09 14:00 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 14:00 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-07 11:06 - 2013-10-07 11:07 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-07 11:06 - 2013-10-07 11:07 - 00000000 ____D C:\Program Files\iTunes
2013-10-07 11:06 - 2013-10-07 11:07 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-07 11:06 - 2013-10-07 11:06 - 00000000 ____D C:\Program Files\iPod
2013-10-06 00:00 - 2013-11-03 09:34 - 00014863 _____ C:\Windows\setupact.log
2013-10-06 00:00 - 2013-10-06 00:00 - 00000000 _____ C:\Windows\setuperr.log
2013-10-05 13:00 - 2013-10-05 13:00 - 00000000 ____D C:\Users\neX0r\Documents\my games
2013-10-04 11:22 - 2013-10-04 11:22 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Vorlagen
2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Startmenü
2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Netzwerkumgebung
2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Lokale Einstellungen
2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Eigene Dateien
2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Druckumgebung
2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Musik
2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Bilder
2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Verlauf
2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Anwendungsdaten
2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Anwendungsdaten
2013-10-04 11:15 - 2013-09-28 00:01 - 00029984 _____ (NVIDIA Corporation) C:\Windows\System32\nvaudcap64v.dll

==================== One Month Modified Files and Folders =======

2013-11-03 09:52 - 2013-11-03 09:52 - 00000000 ____D C:\FRST
2013-11-03 09:34 - 2013-10-06 00:00 - 00014863 _____ C:\Windows\setupact.log
2013-11-03 09:34 - 2012-11-24 12:01 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-03 09:34 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-03 09:31 - 2013-11-03 09:07 - 00000004 _____ C:\Users\neX0r\AppData\Roaming\cache.ini
2013-11-03 09:18 - 2012-05-01 10:33 - 00004448 _____ C:\Windows\System32\Tasks\Ad-Aware Antivirus Scheduled Scan
2013-11-03 09:06 - 2013-04-18 07:01 - 00000000 ____D C:\Users\neX0r\AppData\Local\Google
2013-11-03 09:06 - 2013-04-18 07:01 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-03 09:06 - 2009-07-14 05:45 - 00021248 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-03 09:06 - 2009-07-14 05:45 - 00021248 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-03 09:02 - 2012-04-30 20:57 - 01541021 _____ C:\Windows\WindowsUpdate.log
2013-11-03 08:59 - 2012-05-01 18:14 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-02 21:49 - 2012-05-01 10:55 - 00000000 ____D C:\Users\neX0r\AppData\Roaming\Skype
2013-11-01 16:57 - 2012-05-08 14:35 - 00000000 ____D C:\Program Files (x86)\Steam
2013-10-31 08:47 - 2013-10-31 08:47 - 00000774 _____ C:\Windows\PFRO.log
2013-10-30 23:31 - 2012-04-30 20:58 - 00000000 ____D C:\users\neX0r
2013-10-30 21:31 - 2012-06-08 18:53 - 00000000 ____D C:\Users\neX0r\AppData\Local\Adobe
2013-10-30 21:30 - 2013-10-30 21:30 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-10-30 21:30 - 2012-06-08 18:51 - 00000000 ____D C:\ProgramData\Adobe
2013-10-29 20:35 - 2011-04-12 08:43 - 00696620 _____ C:\Windows\System32\perfh007.dat
2013-10-29 20:35 - 2011-04-12 08:43 - 00147916 _____ C:\Windows\System32\perfc007.dat
2013-10-29 20:35 - 2009-07-14 06:13 - 01612484 _____ C:\Windows\System32\PerfStringBackup.INI
2013-10-28 22:08 - 2012-11-24 12:01 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-10-28 22:01 - 2012-05-01 11:06 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-10-28 22:01 - 2012-05-01 11:06 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-10-25 18:09 - 2013-10-25 18:09 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-10-25 18:01 - 2013-10-25 18:01 - 00000000 ____D C:\NVIDIA
2013-10-25 17:48 - 2013-10-01 22:38 - 00000000 ____D C:\Users\neX0r\AppData\Local\NVIDIA
2013-10-23 11:30 - 2013-10-28 22:03 - 25257248 _____ (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2013-10-23 11:30 - 2013-10-28 22:03 - 22933792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-10-23 11:30 - 2013-10-28 22:03 - 18199872 _____ (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2013-10-23 11:30 - 2013-10-28 22:03 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-10-23 11:30 - 2013-10-28 22:03 - 12572960 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2013-10-23 11:30 - 2013-10-28 22:03 - 11426568 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2013-10-23 11:30 - 2013-10-28 22:03 - 11374520 _____ (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2013-10-23 11:30 - 2013-10-28 22:03 - 09524088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-10-23 11:30 - 2013-10-28 22:03 - 09480328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-10-23 11:30 - 2013-10-28 22:03 - 03131680 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2013-10-23 11:30 - 2013-10-28 22:03 - 03124512 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2013-10-23 11:30 - 2013-10-28 22:03 - 02946848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-10-23 11:30 - 2013-10-28 22:03 - 02747168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-10-23 11:30 - 2013-10-28 22:03 - 01884448 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6433165.dll
2013-10-23 11:30 - 2013-10-28 22:03 - 01511712 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6433165.dll
2013-10-23 11:30 - 2013-10-28 22:03 - 00696096 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll
2013-10-23 11:30 - 2013-10-28 22:03 - 00655136 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll
2013-10-23 11:30 - 2013-10-28 22:03 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-10-23 11:30 - 2013-10-28 22:03 - 00560416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-10-23 11:30 - 2013-09-17 21:22 - 30344480 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2013-10-23 11:30 - 2013-03-27 10:18 - 15212336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-10-23 11:30 - 2013-03-27 10:18 - 02695200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-10-23 11:30 - 2013-03-27 10:18 - 00023287 _____ C:\Windows\System32\nvinfo.pb
2013-10-23 11:30 - 2012-10-10 21:23 - 18286416 _____ (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2013-10-23 11:30 - 2012-10-10 21:23 - 15855568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-10-23 11:30 - 2012-10-10 21:23 - 03067560 _____ (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2013-10-23 09:20 - 2012-11-24 12:01 - 06669600 _____ (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2013-10-23 09:20 - 2012-11-24 12:01 - 03489568 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2013-10-23 09:20 - 2012-11-24 12:01 - 02559776 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2013-10-23 09:20 - 2012-11-24 12:01 - 00922912 _____ (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2013-10-23 09:20 - 2012-11-24 12:01 - 00219424 _____ (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2013-10-23 09:20 - 2012-11-24 12:01 - 00063776 _____ (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2013-10-23 03:02 - 2013-10-23 03:02 - 00589600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2013-10-22 18:59 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-10-18 02:36 - 2013-10-28 22:01 - 01063200 _____ (NVIDIA Corporation) C:\Windows\System32\nvspcap64.dll
2013-10-18 02:36 - 2013-10-28 22:01 - 00955168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2013-10-17 18:57 - 2012-05-01 10:55 - 00000000 ____D C:\ProgramData\Skype
2013-10-17 18:56 - 2012-05-01 10:55 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-10-16 01:48 - 2013-10-25 18:03 - 01884448 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6433158.dll
2013-10-16 01:48 - 2013-10-25 18:03 - 01511712 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6433158.dll
2013-10-15 22:49 - 2013-08-04 10:08 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-10-15 22:49 - 2013-08-04 10:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-10-15 22:49 - 2012-05-01 10:38 - 00001912 _____ C:\Windows\epplauncher.mif
2013-10-15 18:25 - 2012-05-01 10:53 - 00000000 ____D C:\Users\neX0r\AppData\Roaming\IrfanView
2013-10-15 18:25 - 2012-05-01 09:54 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2013-10-15 18:25 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\NDF
2013-10-15 18:25 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-10-14 18:55 - 2013-10-14 18:53 - 00012600 _____ C:\ProgramData\47rvqb.pff
2013-10-14 18:53 - 2013-10-14 15:28 - 00000000 _____ C:\ProgramData\47rvqb.ctrl
2013-10-14 15:29 - 2013-10-14 15:28 - 00060512 ____T (Microsoft Corporation) C:\ProgramData\47rvqb.pzz
2013-10-14 15:28 - 2013-10-14 15:28 - 00125952 _____ C:\ProgramData\bqvr74.plz
2013-10-14 15:27 - 2013-10-14 15:27 - 00000000 ___HD C:\Windows\AxInstSV
2013-10-12 10:59 - 2012-09-07 21:28 - 00000000 ____D C:\Users\neX0r\AppData\Roaming\Apple Computer
2013-10-11 22:53 - 2013-10-11 21:51 - 00000000 ____D C:\Program Files (x86)\Wondershare
2013-10-11 22:27 - 2013-10-11 22:27 - 00000000 ___HD C:\Wondershare_DrFone_Backup
2013-10-11 22:21 - 2013-10-11 22:06 - 00000000 ____D C:\Program Files\Recuva
2013-10-11 22:16 - 2013-10-11 22:16 - 00000000 ____D C:\Users\neX0r\AppData\Roaming\Software4u
2013-10-11 22:16 - 2013-10-11 22:16 - 00000000 ____D C:\Users\neX0r\AppData\Local\IsolatedStorage
2013-10-11 21:52 - 2013-10-11 21:52 - 00000000 ____D C:\Users\neX0r\AppData\Local\Wondershare
2013-10-11 21:51 - 2013-10-11 21:51 - 00000000 ____D C:\ProgramData\Wondershare
2013-10-11 12:24 - 2013-07-04 19:04 - 00000000 ___RD C:\Users\neX0r\Desktop\System
2013-10-11 12:19 - 2013-10-11 11:55 - 00000000 ____D C:\Users\neX0r\AppData\Local\Logitech
2013-10-11 12:18 - 2013-10-11 12:17 - 00000000 ____D C:\Program Files\Logitech Gaming Software
2013-10-11 12:16 - 2013-10-11 12:16 - 00000000 ____D C:\Users\neX0r\AppData\Roaming\Logitech
2013-10-11 12:16 - 2013-10-11 12:16 - 00000000 ____D C:\Users\neX0r\AppData\Roaming\Logishrd
2013-10-11 12:00 - 2013-10-11 12:00 - 00000000 ____D C:\ProgramData\LogiShrd
2013-10-11 11:55 - 2013-10-11 11:55 - 00000000 ____H C:\Windows\System32\Drivers\Msft_User_lgSSQVGA_01_00_00.Wdf
2013-10-11 11:55 - 2013-10-11 11:55 - 00000000 ____H C:\Windows\System32\Drivers\Msft_User_lgSSBW_01_00_00.Wdf
2013-10-10 16:16 - 2012-05-01 10:34 - 00000000 ___RD C:\Users\neX0r\Desktop\neX
2013-10-09 20:54 - 2012-02-14 18:23 - 00000000 ____D C:\Windows\Panther
2013-10-09 20:51 - 2009-07-14 05:45 - 00297656 _____ C:\Windows\System32\FNTCACHE.DAT
2013-10-09 17:37 - 2012-05-16 21:20 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-09 17:37 - 2012-05-16 21:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-09 17:36 - 2012-02-14 18:39 - 01589442 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-09 17:31 - 2013-08-15 18:30 - 00000000 ____D C:\Windows\System32\MRT
2013-10-09 17:28 - 2012-02-14 19:12 - 80541720 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-10-09 14:59 - 2012-05-01 18:14 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-09 14:59 - 2012-05-01 18:14 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-09 14:59 - 2012-05-01 18:14 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-07 11:52 - 2012-05-03 11:10 - 00000000 ____D C:\Users\neX0r\Documents\StarCraft II
2013-10-07 11:07 - 2013-10-07 11:06 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-07 11:07 - 2013-10-07 11:06 - 00000000 ____D C:\Program Files\iTunes
2013-10-07 11:07 - 2013-10-07 11:06 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-07 11:06 - 2013-10-07 11:06 - 00000000 ____D C:\Program Files\iPod
2013-10-06 00:00 - 2013-10-06 00:00 - 00000000 _____ C:\Windows\setuperr.log
2013-10-05 21:58 - 2012-05-01 10:13 - 00000000 ____D C:\Program Files\CCleaner
2013-10-05 18:06 - 2013-07-04 19:01 - 00000000 ___RD C:\Users\neX0r\Desktop\Games
2013-10-05 18:02 - 2013-07-04 18:59 - 00000000 ___RD C:\Users\neX0r\Desktop\Messanger
2013-10-05 13:00 - 2013-10-05 13:00 - 00000000 ____D C:\Users\neX0r\Documents\my games
2013-10-04 11:22 - 2013-10-04 11:22 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Vorlagen
2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Startmenü
2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Netzwerkumgebung
2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Lokale Einstellungen
2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Eigene Dateien
2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Druckumgebung
2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Musik
2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Bilder
2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Verlauf
2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Anwendungsdaten
2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Anwendungsdaten
2013-10-04 00:11 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

Files to move or delete:
====================
C:\Users\neX0r\AppData\Roaming\cache.dat
C:\Users\neX0r\AppData\Roaming\cache.ini
ZeroAccess:
C:\Users\neX0r\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install
C:\ProgramData\47rvqb.ctrl
C:\ProgramData\47rvqb.pff
C:\ProgramData\bqvr74.plz
C:\ProgramData\wavav0bdtzbtb43b.bat
C:\ProgramData\wavav0bdtzbtb43b.reg


Some content of TEMP:
====================
C:\Users\neX0r\AppData\Local\Temp\h-1143936814.tmp.exe
C:\Users\neX0r\AppData\Local\Temp\h-1307302379.tmp.dll
C:\Users\neX0r\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\neX0r\AppData\Local\Temp\msimg32.dll
C:\Users\neX0r\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\neX0r\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\neX0r\AppData\Local\Temp\nvStInst.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Microsoft Security Client\MsMpEng.exe => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

5
Restore point made on: 2013-10-19 17:58:41
Restore point made on: 2013-10-23 12:13:25
Restore point made on: 2013-10-26 20:39:01
Restore point made on: 2013-10-29 20:42:32
Restore point made on: 2013-11-02 21:54:33

==================== Memory info =========================== 

Percentage of memory in use: 14%
Total physical RAM: 4095.12 MB
Available physical RAM: 3513.4 MB
Total Pagefile: 4093.32 MB
Available Pagefile: 3499.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:327.77 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (USB DISK) (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 677819A3)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 2 GB) (Disk ID: 253FF683)
Partition 1: (Not Active) - (Size=2 GB) - (Type=06)


LastRegBack: 2013-10-22 18:50

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

vielen dank schonmal

meinst du ich könnten ihn einfach mit Bundespolizei Virus entfernen - Einfache Anleitung entfernen?

Bootsektor · 03.11.2013, 12:40

Hallo neX2111
Mein Name ist Sandra und ich werde Dir bei Deinem Problem behilflich sein.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem
Führe bitte nur Scans durch zu denen Du von mir aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software, ausser Du wurdest dazu aufgefordert.
Poste die Logfiles direkt in deinen Thread in Code-Tags.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist.

Schritt 1
Startet Dein Rechner nach diesem Fix wieder normal?
Achtung! Auch wenn Dein Rechner nach diesem Fix normal startet ist er weiterhin infiziert. Es ist noch eine andere Infektion als der BKA auf der Maschine!
Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKU\neX0r\...\Winlogon: [Shell] explorer.exe,C:\Users\neX0r\AppData\Roaming\cache.dat [180224 2013-08-29] () <==== ATTENTION 
C:\Users\neX0r\AppData\Roaming\cache.ini
C:\Users\neX0r\AppData\Roaming\cache.dat
C:\Users\neX0r\AppData\Local\Temp\h-1143936814.tmp.exe
C:\Users\neX0r\AppData\Local\Temp\h-1307302379.tmp.dll

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Fix Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

neX2111 · 03.11.2013, 19:07

ok Moment werde es probieren

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-10-2013
Ran by SYSTEM at 2013-11-03 13:00:48 Run:1
Running from E:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************

*****************


==== End of Fixlog ====

er möchte eine sytemwiederherstellung machen
soll ich dies durchführen oder abbrechen?

ok pc hat nun ganz normal gestartet

warte auf weitere Anweisungen bis moin

Bootsektor · 03.11.2013, 20:40

Hallo neX2111,
bitte editiere nicht ständig deine Posts, meine Antworten müssen erst von einem Ausbilder freigegeben werden. Wenn ich nun meine Antwort poste und die freigegeben wird, du dann aber wieder in deinen Thread editierst oder andere Aktionen durchführst, dann muss ich erneut eine Antwort posten, die dann erneut wieder freigegeben werden muss. Dadurch verzögert sich dann natürlich meine Hilfestellung.

Poste mir bitte in deiner nächsten Antwort das Fixlog von FRST.

neX2111 · 03.11.2013, 22:41

sorry :/

FRST:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013
Ran by neX0r (administrator) on NEX on 03-11-2013 22:33:51
Running from E:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(D-Link Corp.) C:\Program Files (x86)\D-Link\DWA-125 revA\AirNCFG.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe
(Lavasoft Limited) C:\PROGRA~2\AD-AWA~1\AdAware.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Reader_sl.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDWebCam.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPictureViewer.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMovieViewer.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDYT.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(GFI Software) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SBRegRebootCleaner] - C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe [201608 2012-09-20] (GFI Software)
HKLM\...\Run: [MSC] - "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey <===== ATTENTION (File name is altered)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-10-18] (NVIDIA Corporation)
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [8290584 2013-08-01] (Logitech Inc.)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
Winlogon\Notify\WB: C:\Program Files (x86)\Stardock\MyColors\fast64.dll [X]
HKLM-x32\...\Run: [D-Link D-Link DWA-125] - C:\Program Files (x86)\D-Link\DWA-125 revA\AirNCFG.exe [1074496 2011-06-10] (D-Link Corp.)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554408 2013-05-15] (Lavasoft)
HKLM-x32\...\Run: [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x140186E10348CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKCU - {634135E1-F355-4FBA-83D0-1C4DA5C6BFCF} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {866A09B1-B88B-4518-8183-BDA8204DCBE2} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {AFCAAEE9-2AFF-49F7-A2F5-8AC5FE9B19EB} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {DC331F54-2AA7-4071-BCD6-385CB388783A} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

==================== Services (Whitelisted) =================

R2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-06-13] (Lavasoft Limited)
R2 D_Link_DWA-125_WPS; C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe [53248 2010-07-12] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15122208 2013-10-18] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-05-06] ()
R2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)

==================== Drivers (Whitelisted) ====================

R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2010-05-29] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-07-29] (GFI Software)
R3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
R3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [1617472 2011-04-28] (Ralink Technology Corp.)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-28] (NVIDIA Corporation)
S3 athr; system32\DRIVERS\athrx.sys [x]
S1 lzwrwlgo; \??\C:\Windows\system32\drivers\lzwrwlgo.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-03 20:41 - 2013-11-03 20:49 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-11-03 19:23 - 2013-11-03 22:32 - 00000504 _____ C:\Windows\setupact.log
2013-11-03 19:23 - 2013-11-03 19:23 - 00000000 _____ C:\Windows\setuperr.log
2013-11-03 19:07 - 2013-11-03 19:17 - 00000000 ____D C:\ProgramData\HitmanPro
2013-11-03 16:52 - 2013-11-03 17:00 - 00000000 ____D C:\AdwCleaner
2013-11-03 15:40 - 2013-11-03 15:40 - 00000000 ____D C:\Users\neX0r\AppData\Roaming\Malwarebytes
2013-11-03 15:40 - 2013-11-03 15:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-03 15:40 - 2013-11-03 15:40 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-03 15:40 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-03 09:52 - 2013-11-03 09:52 - 00000000 ____D C:\FRST
2013-10-30 21:30 - 2013-10-30 21:30 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-10-28 22:03 - 2013-10-23 11:30 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-10-28 22:03 - 2013-10-23 11:30 - 22933792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-10-28 22:03 - 2013-10-23 11:30 - 18199872 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-10-28 22:03 - 2013-10-23 11:30 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-10-28 22:03 - 2013-10-23 11:30 - 12572960 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-10-28 22:03 - 2013-10-23 11:30 - 11426568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-10-28 22:03 - 2013-10-23 11:30 - 11374520 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-10-28 22:03 - 2013-10-23 11:30 - 09524088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-10-28 22:03 - 2013-10-23 11:30 - 09480328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-10-28 22:03 - 2013-10-23 11:30 - 03131680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-10-28 22:03 - 2013-10-23 11:30 - 03124512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-10-28 22:03 - 2013-10-23 11:30 - 02946848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-10-28 22:03 - 2013-10-23 11:30 - 02747168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-10-28 22:03 - 2013-10-23 11:30 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433165.dll
2013-10-28 22:03 - 2013-10-23 11:30 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433165.dll
2013-10-28 22:03 - 2013-10-23 11:30 - 00696096 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-10-28 22:03 - 2013-10-23 11:30 - 00655136 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-10-28 22:03 - 2013-10-23 11:30 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-10-28 22:03 - 2013-10-23 11:30 - 00560416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-10-28 22:01 - 2013-10-18 02:36 - 01063200 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2013-10-28 22:01 - 2013-10-18 02:36 - 00955168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2013-10-28 21:55 - 2013-09-28 00:01 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-10-28 21:55 - 2013-09-28 00:01 - 00028960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-10-25 18:09 - 2013-10-25 18:09 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-10-25 18:03 - 2013-10-16 01:48 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433158.dll
2013-10-25 18:03 - 2013-10-16 01:48 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433158.dll
2013-10-25 18:01 - 2013-10-25 18:01 - 00000000 ____D C:\NVIDIA
2013-10-23 03:02 - 2013-10-23 03:02 - 00589600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2013-10-14 18:53 - 2013-10-14 18:55 - 00012600 _____ C:\ProgramData\47rvqb.pff
2013-10-14 15:28 - 2013-10-14 18:53 - 00000000 _____ C:\ProgramData\47rvqb.ctrl
2013-10-14 15:27 - 2013-10-14 15:27 - 00000000 ___HD C:\Windows\AxInstSV
2013-10-11 22:27 - 2013-10-11 22:27 - 00000000 ___HD C:\Wondershare_DrFone_Backup
2013-10-11 22:16 - 2013-10-11 22:16 - 00000000 ____D C:\Users\neX0r\AppData\Local\IsolatedStorage
2013-10-11 21:52 - 2013-10-11 21:52 - 00000000 ____D C:\Users\neX0r\AppData\Local\Wondershare
2013-10-11 21:51 - 2013-10-11 22:53 - 00000000 ____D C:\Program Files (x86)\Wondershare
2013-10-11 21:51 - 2013-10-11 21:51 - 00000000 ____D C:\ProgramData\Wondershare
2013-10-11 12:17 - 2013-10-11 12:18 - 00000000 ____D C:\Program Files\Logitech Gaming Software
2013-10-11 12:16 - 2013-10-11 12:16 - 00000000 ____D C:\Users\neX0r\AppData\Roaming\Logitech
2013-10-11 12:16 - 2013-10-11 12:16 - 00000000 ____D C:\Users\neX0r\AppData\Roaming\Logishrd
2013-10-11 12:00 - 2013-10-11 12:00 - 00000000 ____D C:\ProgramData\LogiShrd
2013-10-11 11:55 - 2013-10-11 12:19 - 00000000 ____D C:\Users\neX0r\AppData\Local\Logitech
2013-10-11 11:55 - 2013-10-11 11:55 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_lgSSQVGA_01_00_00.Wdf
2013-10-11 11:55 - 2013-10-11 11:55 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_lgSSBW_01_00_00.Wdf
2013-10-09 17:39 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-09 17:39 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-09 17:39 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-09 17:39 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-09 17:39 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-09 17:39 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-09 17:39 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-09 17:39 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-09 17:39 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-09 17:39 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-09 17:39 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-09 17:39 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-09 17:39 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-09 17:39 - 2013-09-22 23:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-09 17:39 - 2013-09-22 23:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-09 17:39 - 2013-09-22 23:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-09 17:39 - 2013-09-22 23:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-09 17:39 - 2013-09-22 23:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-09 17:39 - 2013-09-22 23:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-09 17:39 - 2013-09-22 23:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-09 17:39 - 2013-09-22 23:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-09 17:39 - 2013-09-22 23:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-09 17:39 - 2013-09-22 23:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-09 17:39 - 2013-09-22 23:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-09 17:39 - 2013-09-22 23:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-09 17:39 - 2013-09-22 23:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-09 17:39 - 2013-09-22 23:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-09 17:39 - 2013-09-21 04:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-09 17:39 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-09 17:39 - 2013-09-21 03:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-09 17:39 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-09 14:01 - 2013-09-14 02:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-09 14:01 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-09 14:01 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-09 14:01 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-09 14:01 - 2013-08-28 02:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 14:01 - 2013-07-12 11:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-09 14:01 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-09 14:01 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-09 14:01 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 14:01 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-09 14:01 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-09 14:01 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-09 14:01 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-09 14:01 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-09 14:01 - 2013-07-03 05:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-09 14:01 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-09 14:01 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-09 14:01 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 14:01 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-09 14:01 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-09 14:01 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-09 14:01 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 14:01 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-09 14:01 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-09 14:01 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-09 14:01 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 14:01 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-09 14:01 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-09 14:00 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-09 14:00 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-09 14:00 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-09 14:00 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-09 14:00 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-09 14:00 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-09 14:00 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-09 14:00 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-09 14:00 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-09 14:00 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-09 14:00 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-09 14:00 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-09 14:00 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-09 14:00 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-09 14:00 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-09 14:00 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-09 14:00 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-09 14:00 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-09 14:00 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-09 14:00 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-09 14:00 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-09 14:00 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-09 14:00 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-09 14:00 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 14:00 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 14:00 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-07 11:06 - 2013-10-07 11:07 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-07 11:06 - 2013-10-07 11:07 - 00000000 ____D C:\Program Files\iTunes
2013-10-07 11:06 - 2013-10-07 11:07 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-07 11:06 - 2013-10-07 11:06 - 00000000 ____D C:\Program Files\iPod
2013-10-05 13:00 - 2013-10-05 13:00 - 00000000 ____D C:\Users\neX0r\Documents\my games
2013-10-04 11:22 - 2013-10-04 11:22 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Vorlagen
2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Startmenü
2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Netzwerkumgebung
2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Lokale Einstellungen
2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Eigene Dateien
2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Druckumgebung
2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Musik
2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Bilder
2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Verlauf
2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Anwendungsdaten
2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Anwendungsdaten
2013-10-04 11:22 - 2009-07-14 05:54 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-10-04 11:22 - 2009-07-14 05:49 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-10-04 11:15 - 2013-09-28 00:01 - 00029984 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll

==================== One Month Modified Files and Folders =======

2013-11-03 22:32 - 2013-11-03 19:23 - 00000504 _____ C:\Windows\setupact.log
2013-11-03 22:32 - 2012-11-24 12:01 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-03 22:32 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-03 20:49 - 2013-11-03 20:41 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-11-03 19:53 - 2012-04-30 20:57 - 01596997 _____ C:\Windows\WindowsUpdate.log
2013-11-03 19:53 - 2009-07-14 05:45 - 00021248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-03 19:53 - 2009-07-14 05:45 - 00021248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-03 19:23 - 2013-11-03 19:23 - 00000000 _____ C:\Windows\setuperr.log
2013-11-03 19:20 - 2013-07-04 19:04 - 00000000 ___RD C:\Users\neX0r\Desktop\System
2013-11-03 19:17 - 2013-11-03 19:07 - 00000000 ____D C:\ProgramData\HitmanPro
2013-11-03 19:07 - 2012-05-01 10:55 - 00000000 ____D C:\Users\neX0r\AppData\Roaming\Skype
2013-11-03 18:59 - 2012-05-01 18:14 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-03 17:38 - 2012-05-08 14:35 - 00000000 ____D C:\Program Files (x86)\Steam
2013-11-03 17:37 - 2012-02-14 18:23 - 00000000 ____D C:\Windows\Panther
2013-11-03 17:00 - 2013-11-03 16:52 - 00000000 ____D C:\AdwCleaner
2013-11-03 15:40 - 2013-11-03 15:40 - 00000000 ____D C:\Users\neX0r\AppData\Roaming\Malwarebytes
2013-11-03 15:40 - 2013-11-03 15:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-03 15:40 - 2013-11-03 15:40 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-03 15:14 - 2011-04-12 08:43 - 00696620 _____ C:\Windows\system32\perfh007.dat
2013-11-03 15:14 - 2011-04-12 08:43 - 00147916 _____ C:\Windows\system32\perfc007.dat
2013-11-03 15:14 - 2009-07-14 06:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-03 15:06 - 2012-05-01 09:53 - 00000000 ____D C:\Users\neX0r\AppData\Roaming\Ad-Aware Antivirus
2013-11-03 14:45 - 2012-04-30 20:58 - 00000000 ____D C:\Users\neX0r
2013-11-03 14:34 - 2013-08-04 10:08 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-11-03 14:34 - 2012-05-01 09:54 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2013-11-03 14:34 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-11-03 14:34 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-11-03 09:52 - 2013-11-03 09:52 - 00000000 ____D C:\FRST
2013-11-03 09:06 - 2013-04-18 07:01 - 00000000 ____D C:\Users\neX0r\AppData\Local\Google
2013-11-03 09:06 - 2013-04-18 07:01 - 00000000 ____D C:\Program Files (x86)\Google
2013-10-30 21:31 - 2012-06-08 18:53 - 00000000 ____D C:\Users\neX0r\AppData\Local\Adobe
2013-10-30 21:30 - 2013-10-30 21:30 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-10-30 21:30 - 2012-06-08 18:51 - 00000000 ____D C:\ProgramData\Adobe
2013-10-28 22:08 - 2012-11-24 12:01 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-10-28 22:01 - 2012-05-01 11:06 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-10-28 22:01 - 2012-05-01 11:06 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-10-25 18:09 - 2013-10-25 18:09 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-10-25 18:01 - 2013-10-25 18:01 - 00000000 ____D C:\NVIDIA
2013-10-25 17:48 - 2013-10-01 22:38 - 00000000 ____D C:\Users\neX0r\AppData\Local\NVIDIA
2013-10-23 11:30 - 2013-10-28 22:03 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-10-23 11:30 - 2013-10-28 22:03 - 22933792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-10-23 11:30 - 2013-10-28 22:03 - 18199872 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-10-23 11:30 - 2013-10-28 22:03 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-10-23 11:30 - 2013-10-28 22:03 - 12572960 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-10-23 11:30 - 2013-10-28 22:03 - 11426568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-10-23 11:30 - 2013-10-28 22:03 - 11374520 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-10-23 11:30 - 2013-10-28 22:03 - 09524088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-10-23 11:30 - 2013-10-28 22:03 - 09480328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-10-23 11:30 - 2013-10-28 22:03 - 03131680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-10-23 11:30 - 2013-10-28 22:03 - 03124512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-10-23 11:30 - 2013-10-28 22:03 - 02946848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-10-23 11:30 - 2013-10-28 22:03 - 02747168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-10-23 11:30 - 2013-10-28 22:03 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433165.dll
2013-10-23 11:30 - 2013-10-28 22:03 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433165.dll
2013-10-23 11:30 - 2013-10-28 22:03 - 00696096 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-10-23 11:30 - 2013-10-28 22:03 - 00655136 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-10-23 11:30 - 2013-10-28 22:03 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-10-23 11:30 - 2013-10-28 22:03 - 00560416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-10-23 11:30 - 2013-09-17 21:22 - 30344480 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-10-23 11:30 - 2013-03-27 10:18 - 15212336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-10-23 11:30 - 2013-03-27 10:18 - 02695200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-10-23 11:30 - 2013-03-27 10:18 - 00023287 _____ C:\Windows\system32\nvinfo.pb
2013-10-23 11:30 - 2012-10-10 21:23 - 18286416 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2013-10-23 11:30 - 2012-10-10 21:23 - 15855568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-10-23 11:30 - 2012-10-10 21:23 - 03067560 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2013-10-23 09:20 - 2012-11-24 12:01 - 06669600 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2013-10-23 09:20 - 2012-11-24 12:01 - 03489568 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2013-10-23 09:20 - 2012-11-24 12:01 - 02559776 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2013-10-23 09:20 - 2012-11-24 12:01 - 00922912 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2013-10-23 09:20 - 2012-11-24 12:01 - 00219424 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2013-10-23 09:20 - 2012-11-24 12:01 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2013-10-23 03:02 - 2013-10-23 03:02 - 00589600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2013-10-22 18:59 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-10-18 02:36 - 2013-10-28 22:01 - 01063200 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2013-10-18 02:36 - 2013-10-28 22:01 - 00955168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2013-10-17 18:57 - 2012-05-01 10:55 - 00000000 ____D C:\ProgramData\Skype
2013-10-17 18:56 - 2012-05-01 10:55 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-10-16 01:48 - 2013-10-25 18:03 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433158.dll
2013-10-16 01:48 - 2013-10-25 18:03 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433158.dll
2013-10-15 22:49 - 2013-08-04 10:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-10-15 22:49 - 2012-05-01 10:38 - 00001912 _____ C:\Windows\epplauncher.mif
2013-10-15 18:25 - 2012-05-01 10:53 - 00000000 ____D C:\Users\neX0r\AppData\Roaming\IrfanView
2013-10-15 18:25 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-14 18:55 - 2013-10-14 18:53 - 00012600 _____ C:\ProgramData\47rvqb.pff
2013-10-14 18:53 - 2013-10-14 15:28 - 00000000 _____ C:\ProgramData\47rvqb.ctrl
2013-10-14 15:27 - 2013-10-14 15:27 - 00000000 ___HD C:\Windows\AxInstSV
2013-10-12 10:59 - 2012-09-07 21:28 - 00000000 ____D C:\Users\neX0r\AppData\Roaming\Apple Computer
2013-10-11 22:53 - 2013-10-11 21:51 - 00000000 ____D C:\Program Files (x86)\Wondershare
2013-10-11 22:27 - 2013-10-11 22:27 - 00000000 ___HD C:\Wondershare_DrFone_Backup
2013-10-11 22:16 - 2013-10-11 22:16 - 00000000 ____D C:\Users\neX0r\AppData\Local\IsolatedStorage
2013-10-11 21:52 - 2013-10-11 21:52 - 00000000 ____D C:\Users\neX0r\AppData\Local\Wondershare
2013-10-11 21:51 - 2013-10-11 21:51 - 00000000 ____D C:\ProgramData\Wondershare
2013-10-11 12:19 - 2013-10-11 11:55 - 00000000 ____D C:\Users\neX0r\AppData\Local\Logitech
2013-10-11 12:18 - 2013-10-11 12:17 - 00000000 ____D C:\Program Files\Logitech Gaming Software
2013-10-11 12:16 - 2013-10-11 12:16 - 00000000 ____D C:\Users\neX0r\AppData\Roaming\Logitech
2013-10-11 12:16 - 2013-10-11 12:16 - 00000000 ____D C:\Users\neX0r\AppData\Roaming\Logishrd
2013-10-11 12:00 - 2013-10-11 12:00 - 00000000 ____D C:\ProgramData\LogiShrd
2013-10-11 11:55 - 2013-10-11 11:55 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_lgSSQVGA_01_00_00.Wdf
2013-10-11 11:55 - 2013-10-11 11:55 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_lgSSBW_01_00_00.Wdf
2013-10-10 16:16 - 2012-05-01 10:34 - 00000000 ___RD C:\Users\neX0r\Desktop\neX
2013-10-09 20:51 - 2009-07-14 05:45 - 00297656 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-09 17:37 - 2012-05-16 21:20 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-09 17:37 - 2012-05-16 21:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-09 17:36 - 2012-02-14 18:39 - 01589442 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-09 17:31 - 2013-08-15 18:30 - 00000000 ____D C:\Windows\system32\MRT
2013-10-09 17:28 - 2012-02-14 19:12 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-09 14:59 - 2012-05-01 18:14 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-09 14:59 - 2012-05-01 18:14 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-09 14:59 - 2012-05-01 18:14 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-07 11:52 - 2012-05-03 11:10 - 00000000 ____D C:\Users\neX0r\Documents\StarCraft II
2013-10-07 11:07 - 2013-10-07 11:06 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-07 11:07 - 2013-10-07 11:06 - 00000000 ____D C:\Program Files\iTunes
2013-10-07 11:07 - 2013-10-07 11:06 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-07 11:06 - 2013-10-07 11:06 - 00000000 ____D C:\Program Files\iPod
2013-10-05 21:58 - 2012-05-01 10:13 - 00000000 ____D C:\Program Files\CCleaner
2013-10-05 18:06 - 2013-07-04 19:01 - 00000000 ___RD C:\Users\neX0r\Desktop\Games
2013-10-05 18:02 - 2013-07-04 18:59 - 00000000 ___RD C:\Users\neX0r\Desktop\Messanger
2013-10-05 13:00 - 2013-10-05 13:00 - 00000000 ____D C:\Users\neX0r\Documents\my games
2013-10-04 11:22 - 2013-10-04 11:22 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Vorlagen
2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Startmenü
2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Netzwerkumgebung
2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Lokale Einstellungen
2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Eigene Dateien
2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Druckumgebung
2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Musik
2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Bilder
2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Verlauf
2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Anwendungsdaten
2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Anwendungsdaten
2013-10-04 00:11 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions

Files to move or delete:
====================
ZeroAccess:
C:\Users\neX0r\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install
C:\ProgramData\47rvqb.ctrl
C:\ProgramData\47rvqb.pff
C:\ProgramData\wavav0bdtzbtb43b.bat
C:\ProgramData\wavav0bdtzbtb43b.reg


Some content of TEMP:
====================
C:\Users\neX0r\AppData\Local\Temp\HitmanPro.exe
C:\Users\neX0r\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-22 18:50

==================== End Of Log ============================

--- --- ---

Addition:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-10-2013
Ran by neX0r at 2013-11-03 22:36:37
Running from E:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Lavasoft Ad-Aware (Enabled - Up to date) {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Lavasoft Ad-Aware (Enabled - Up to date) {5BB89C30-6480-BC7C-9F17-199BD76F557A}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: Lavasoft Ad-Aware (Disabled) {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}

==================== Installed Programs ======================

Ad-Aware Antivirus (x32 Version: 10.5.3.4405)
Ad-Aware Browsing Protection (x32 Version: 1.0.1.106)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
Bonjour (Version: 3.0.0.10)
Borderlands 2 (x32)
CCleaner (Version: 4.06)
CDBurnerXP (x32 Version: 4.4.0.3018)
DivX-Setup (x32 Version: 2.6.1.8)
D-Link DWA-125 (x32)
GeForce Experience NvStream Client Components (Version: 1.6.28)
iCloud (Version: 3.0.2.163)
IrfanView (remove only) (x32 Version: 4.32)
iTunes (Version: 11.1.1.11)
Java(TM) 6 Update 39 (x32 Version: 6.0.390)
Logitech Gaming Software (Version: 8.45.88)
Logitech Gaming Software 8.50 (Version: 8.50.281)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Security Client (Version: 4.3.0219.0)
Microsoft Security Essentials (Version: 4.3.219.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Natural Selection 2 (x32)
NVIDIA 3D Vision Controller-Treiber 331.65 (Version: 331.65)
NVIDIA 3D Vision Treiber 331.65 (Version: 331.65)
NVIDIA GeForce Experience 1.7 (Version: 1.7)
NVIDIA Grafiktreiber 331.65 (Version: 331.65)
NVIDIA Install Application (Version: 2.1002.140.952)
NVIDIA LED Visualizer 1.0 (Version: 1.0)
NVIDIA PhysX (x32 Version: 9.13.0725)
NVIDIA PhysX-Systemsoftware 9.13.0725 (Version: 9.13.0725)
NVIDIA ShadowPlay 9.3.16 (Version: 9.3.16)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3165)
NVIDIA Systemsteuerung 331.65 (Version: 331.65)
NVIDIA Update 9.3.16 (Version: 9.3.16)
NVIDIA Update Components (Version: 9.3.16)
NVIDIA Virtual Audio 1.2.9 (Version: 1.2.9)
OpenOffice 4.0.0 (x32 Version: 4.00.9702)
Origin (x32 Version: 8.5.2.23)
PAYDAY 2 (x32)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6602)
Revo Uninstaller 1.95 (x32 Version: 1.95)
SHIELD Streaming (Version: 1.6.34)
Skype Click to Call (x32 Version: 5.10.9560)
Skype™ 6.9 (x32 Version: 6.9.106)
StarCraft II (x32)
Steam (x32 Version: 1.0.0.0)
TeamSpeak 3 Client (Version: 3.0.11.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
WinRAR 4.11 (64-Bit) (Version: 4.11.0)
World of Warcraft (x32 Version: 5.0.5.16135)

==================== Restore Points  =========================

19-10-2013 16:57:45 Windows Update
23-10-2013 11:13:00 Windows Update
26-10-2013 19:38:40 Windows Update
29-10-2013 19:42:00 Windows Update
02-11-2013 20:54:09 Windows Update
03-11-2013 13:56:22 Windows Update
03-11-2013 14:14:14 F-Secure malware removal

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1604EE26-C4F6-48A9-858B-CAFF4E936EF0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {27F38DB8-7AD6-4F22-B524-CBB8AF4FCFB4} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {8F9D16A2-E03A-4296-BD5F-93EB2A9DE1CB} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe [2013-06-13] (Lavasoft Limited)
Task: {C42F04C5-F387-49EE-8F2A-4C25BD83B60D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2011-11-01 22:26 - 2011-11-01 22:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-01 22:26 - 2011-11-01 22:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-04-30 22:30 - 2012-04-30 22:30 - 00315392 _____ () C:\Program Files (x86)\D-Link\DWA-125 revA\ANPDApi.dll
2012-04-30 22:30 - 2010-05-13 09:58 - 00294912 _____ () C:\Program Files (x86)\D-Link\DWA-125 revA\WlanApp.dll
2012-05-22 20:23 - 2013-10-01 14:16 - 00190752 _____ () C:\Program Files (x86)\Ad-Aware Antivirus\Definitions\libBase64.dll
2012-05-22 20:23 - 2013-10-01 14:16 - 00178464 _____ () C:\Program Files (x86)\Ad-Aware Antivirus\Definitions\libMachoUniv.dll

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/03/2013 10:33:49 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/03/2013 07:52:09 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/03/2013 07:24:58 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/03/2013 07:24:31 PM) (Source: Windows Search Service) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/03/2013 07:24:31 PM) (Source: Windows Search Service) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/03/2013 07:24:31 PM) (Source: Windows Search Service) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/03/2013 07:24:31 PM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)

Error: (11/03/2013 07:24:29 PM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/03/2013 07:24:29 PM) (Source: Windows Search Service) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (11/03/2013 07:24:29 PM) (Source: Windows Search Service) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (11/03/2013 07:53:14 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Update" wurde mit folgendem Fehler beendet: 
%%-2147467243

Error: (11/03/2013 07:53:08 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (11/03/2013 07:24:31 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (11/03/2013 07:24:31 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.

Error: (11/03/2013 04:51:37 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X64 erreicht.

Error: (11/03/2013 02:45:34 PM) (Source: Microsoft Antimalware) (User: )
Description: Beim Laden der Signaturen wurde von %60 ein Fehler festgestellt. Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen.

	Versuchte Signaturen: %24

	Fehlercode: 0x80070002

	Fehlerbeschreibung: Das System kann die angegebene Datei nicht finden. 

	Signaturversion: 0.0.0.0;0.0.0.0

	Modulversion: %600

Error: (11/03/2013 00:51:25 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: 
%%-2147024891

Error: (11/03/2013 00:51:24 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Microsoft Network Inspection System" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.

Error: (11/03/2013 00:51:24 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.

Error: (11/03/2013 00:51:04 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: 
%%1060


Microsoft Office Sessions:
=========================
Error: (11/03/2013 10:33:49 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/03/2013 07:52:09 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/03/2013 07:24:58 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/03/2013 07:24:31 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/03/2013 07:24:31 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/03/2013 07:24:31 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/03/2013 07:24:31 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (11/03/2013 07:24:29 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (11/03/2013 07:24:29 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (11/03/2013 07:24:29 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt


CodeIntegrity Errors:
===================================
  Date: 2012-12-23 11:36:47.941
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-12-23 11:36:47.911
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 45%
Total physical RAM: 4095.12 MB
Available physical RAM: 2245.56 MB
Total Pagefile: 8188.41 MB
Available Pagefile: 6359.44 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:326.82 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (USB DISK) (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 677819A3)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 2 GB) (Disk ID: 253FF683)
Partition 1: (Not Active) - (Size=2 GB) - (Type=06)

==================== End Of Log ============================

Bootsektor · 04.11.2013, 20:10

Hallo neX2111,
ich wollte eigentlich die Fixlog.txt haben, aber passt schon so.

Schritt 1
Mehrere Anti-Virus-Programme

Code:

ATTFilter

Microsoft Security Essentials
Ad-Aware Antivirus

Mir ist aufgefallen, dass Du mehr als ein Anti-Virus-Programm mit Hintergrundwächter laufen hast. Das ist gefährlich, da sich die Programme in die Quere kommen können und dadurch Viren erst recht auf dem Rechner landen können. Ausserdem bremst es auch das System aus. Entscheide Dich für eine Variante und deinstalliere die andere über Systemsteuerung => Software.
Berichte, für welches Anti-Virus-Programm Du Dich entschieden hast.

Zitat:

Speedy hat letztens eine einleuchtende Erklärung dazu geliefert: "Man stelle sich einen Torwart vor, der das Tor hüten soll (Anti-Virus-Programm), der Ball kommt angeflogen (Virus), der Torhüter konzentriert sich auf den Ball und fängt ihn. Jetzt stelle Dir zwei Torhüter im Tor vor ...., die knallen aneinander und der Ball kann ungehindert ins Tor wandern."

Schritt 2
Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Schritt 3
Verschiebe nun die FRST.exe von Deinem USB-Stick auf den Desktop Deines Rechners.
Starte jetzt noch einmal FRST.

Wenn der Scan abgeschlossen ist, wird eine neue Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
Poste den Inhalt dieser Logfile bitte hier in deinen Thread.

neX2111 · 05.11.2013, 18:37

hi sandra,

vielen dank für deine hilfe, hätte mein rechner nicht wieder zum laufen gebracht. hab jetzt meine daten gesichert und werd warscheinlich neu instalieren weil einfach angst hab das was übrig bleibt und nacher meine kreditkarten daten weg sind oder ähnliches. doch mir bleit noch eine frage soll ich auch kein zusätliches anti mailware drauf tun?

oder brauch ich davor keine angst haben?

Bootsektor · 06.11.2013, 00:14

Hallo neX2111,

Zitat:

oder brauch ich davor keine angst haben?

Wovor brauchst du keine Angst haben?
eine Neuinstallation ist immer der sicherste Weg.
Du kannst dir gerne ein Antimalwareprogramm zusätzlich zu deinem Antivirenprogramm installieren und damit regelmäßig (wöchentlich) einen Scan deines Systems machen. Ich empfehle dir Malwarebytes Antimalware.
Wenn du Fragen zum Neuaufsetzen hast, dann melde dich gerne wieder.

neX2111 · 06.11.2013, 06:41

so windows neu azfgesetzt. nun hab ich ein ganz andered problem vtl kannst du mir dabei behilflich sein auch wenns nich um einen vrius geht, wenn nich dann dank ich dir jetzt schon vielmals.

so mein problem:
ich habe mein wlan stick dlink daw 125 in den gesteckt treiber angefangen zu instalieren. der treiber sagt mir nun aber immer ..... wurde nich erkannr buttr schließen sie den wlan stick an. im geräte manager wird er als 11n adapter abgezeigt. normal müsste am stick das lichtlein blicken was aber auch nicht tut. der wlan stick funktioniert an meinem laptop und die usb ports sind auch okay. hatte dieses problem schoneinmal weis aber leider nich mehr wie ich dieses gelöst habe. bei google habe ich ein foren eintrag gefunden der user hatte das gleiche problem konnte es lösen hat aber leider nich erklärt wie.

Bootsektor · 06.11.2013, 22:56

Hallo neX2111,
schau mal, ob du im Internet einen neuen Treiber für den Stick bekommst, hier ist die Seite von D-Link, sonst frag dort direkt nach.

neX2111 · 06.11.2013, 23:02

hab nochmal formatiert dang gings reibungslos.

so jetzt bedank ich mich nochmal für deine zeit und gedult.

Bootsektor · 07.11.2013, 00:54

Gern geschehen.

Bootsektor · 08.11.2013, 19:53

Hallo neX2111,

zum Abschluss möchte ich mir gerne dein neu aufgesetztes System einmal anschauen, auch im Betracht auf sicherheitsrelevante Software. Mache dazu bitte nochmal ein neues FRST-Log

Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

06.11.2013, 22:56	#12
Bootsektor Ruhe in Frieden † 2019	BKA Virus!!!!! Hallo neX2111, schau mal, ob du im Internet einen neuen Treiber für den Stick bekommst, hier ist die Seite von D-Link, sonst frag dort direkt nach.

07.11.2013, 00:54	#14
Bootsektor Ruhe in Frieden † 2019	BKA Virus!!!!! Gern geschehen.

BKA Virus!!!!!

Plagegeister aller Art und deren Bekämpfung: BKA Virus!!!!!

BKA Virus!!!!!

BKA Virus!!!!!

BKA Virus!!!!!

BKA Virus!!!!!

BKA Virus!!!!!

BKA Virus!!!!!

BKA Virus!!!!!

BKA Virus!!!!!

BKA Virus!!!!!

BKA Virus!!!!!

BKA Virus!!!!!

BKA Virus!!!!!

BKA Virus!!!!!

BKA Virus!!!!!

BKA Virus!!!!!

Ähnliche Themen: BKA Virus!!!!!

06.11.2013, 23:02	#13
neX2111	BKA Virus!!!!! hab nochmal formatiert dang gings reibungslos. so jetzt bedank ich mich nochmal für deine zeit und gedult.