|
Plagegeister aller Art und deren Bekämpfung: BKA Virus!!!!!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
03.11.2013, 10:12 | #1 |
| BKA Virus!!!!! guten morgen war gerade am starcraft zocken dann wollte Adobe updaten was ich zuließ nun hab ich den BKA Virus hab schon farbar per usb stcik laufen lassen nun bin ich am ende meines Lateins das ist mein code: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013 Ran by SYSTEM on MININT-U09FD9I on 03-11-2013 09:53:02 Running from E:\ Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SBRegRebootCleaner] - C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe [201608 2012-09-20] (GFI Software) HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation) HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-10-18] (NVIDIA Corporation) HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [8290584 2013-08-01] (Logitech Inc.) HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart Winlogon\Notify\WB: C:\Program Files (x86)\Stardock\MyColors\fast64.dll [X] HKLM-x32\...\Run: [D-Link D-Link DWA-125] - C:\Program Files (x86)\D-Link\DWA-125 revA\AirNCFG.exe [1074496 2011-06-10] (D-Link Corp.) HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554408 2013-05-15] (Lavasoft) HKLM-x32\...\Run: [SearchProtection] - C:\ProgramData\Search Protection\_run.bat [141 2012-12-02] () HKLM-x32\...\Run: [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated) HKU\neX0r\...\Run: [Google Update] - [x] HKU\neX0r\...\Winlogon: [Shell] explorer.exe,C:\Users\neX0r\AppData\Roaming\cache.dat [180224 2013-08-29] () <==== ATTENTION ==================== Services (Whitelisted) ================= S2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-06-13] (Lavasoft Limited) S2 D_Link_DWA-125_WPS; C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe [53248 2010-07-12] () S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] () S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] () S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15122208 2013-10-18] (NVIDIA Corporation) S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-05-06] () S2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software) S2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{bfa7462a-98b9-8465-860e-ae48219905d1}\ \...\???\{bfa7462a-98b9-8465-860e-ae48219905d1}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess) ==================== Drivers (Whitelisted) ==================== S1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2010-05-29] () S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] () S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security) S0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-07-29] (GFI Software) S3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.) hoffe ihr könnt mir helfen danke ahja abgesicherter Modus is nich fährt direkt runter |
03.11.2013, 10:31 | #2 |
Ruhe in Frieden † 2019 | BKA Virus!!!!!Ich habe dein Thema in Arbeit und melde mich so schnell wie möglich mit weiteren Anweisungen. Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass Du Hilfe von einem ausgebildeten Helfer bekommst. Ich bedanke mich für deine Geduld Bitte füge die Logs immer in Code-Tags ein. Wenn Du das nicht machts, erschwert es mir sehr das Auswerten. Danke. Dazu:
Schritt 1 Das FRST-Log, was du gepostet hast, ist unvollständig, bitte poste das komplette Log. |
03.11.2013, 11:54 | #3 |
| BKA Virus!!!!! FRST Logfile:
__________________FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013 Ran by SYSTEM on MININT-U09FD9I on 03-11-2013 09:53:02 Running from E:\ Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SBRegRebootCleaner] - C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe [201608 2012-09-20] (GFI Software) HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation) HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-10-18] (NVIDIA Corporation) HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [8290584 2013-08-01] (Logitech Inc.) HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart Winlogon\Notify\WB: C:\Program Files (x86)\Stardock\MyColors\fast64.dll [X] HKLM-x32\...\Run: [D-Link D-Link DWA-125] - C:\Program Files (x86)\D-Link\DWA-125 revA\AirNCFG.exe [1074496 2011-06-10] (D-Link Corp.) HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554408 2013-05-15] (Lavasoft) HKLM-x32\...\Run: [SearchProtection] - C:\ProgramData\Search Protection\_run.bat [141 2012-12-02] () HKLM-x32\...\Run: [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated) HKU\neX0r\...\Run: [Google Update] - [x] HKU\neX0r\...\Winlogon: [Shell] explorer.exe,C:\Users\neX0r\AppData\Roaming\cache.dat [180224 2013-08-29] () <==== ATTENTION ==================== Services (Whitelisted) ================= S2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-06-13] (Lavasoft Limited) S2 D_Link_DWA-125_WPS; C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe [53248 2010-07-12] () S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] () S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] () S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15122208 2013-10-18] (NVIDIA Corporation) S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-05-06] () S2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software) S2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{bfa7462a-98b9-8465-860e-ae48219905d1}\ \...\???\{bfa7462a-98b9-8465-860e-ae48219905d1}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess) ==================== Drivers (Whitelisted) ==================== S1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2010-05-29] () S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] () S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security) S0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-07-29] (GFI Software) S3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.) S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation) S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] () S3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [1617472 2011-04-28] (Ralink Technology Corp.) S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation) S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-28] (NVIDIA Corporation) S3 athr; system32\DRIVERS\athrx.sys [x] S1 lzwrwlgo; \??\C:\Windows\system32\drivers\lzwrwlgo.sys [x] S3 VGPU; System32\drivers\rdvgkmd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-03 09:52 - 2013-11-03 09:52 - 00000000 ____D C:\FRST 2013-11-03 09:07 - 2013-11-03 09:31 - 00000004 _____ C:\Users\neX0r\AppData\Roaming\cache.ini 2013-10-31 08:47 - 2013-10-31 08:47 - 00000774 _____ C:\Windows\PFRO.log 2013-10-30 21:30 - 2013-10-30 21:30 - 00000000 ____D C:\Program Files (x86)\Adobe 2013-10-28 22:03 - 2013-10-23 11:30 - 25257248 _____ (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll 2013-10-28 22:03 - 2013-10-23 11:30 - 22933792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2013-10-28 22:03 - 2013-10-23 11:30 - 18199872 _____ (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll 2013-10-28 22:03 - 2013-10-23 11:30 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2013-10-28 22:03 - 2013-10-23 11:30 - 12572960 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys 2013-10-28 22:03 - 2013-10-23 11:30 - 11426568 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll 2013-10-28 22:03 - 2013-10-23 11:30 - 11374520 _____ (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll 2013-10-28 22:03 - 2013-10-23 11:30 - 09524088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2013-10-28 22:03 - 2013-10-23 11:30 - 09480328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2013-10-28 22:03 - 2013-10-23 11:30 - 03131680 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll 2013-10-28 22:03 - 2013-10-23 11:30 - 03124512 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll 2013-10-28 22:03 - 2013-10-23 11:30 - 02946848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2013-10-28 22:03 - 2013-10-23 11:30 - 02747168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll 2013-10-28 22:03 - 2013-10-23 11:30 - 01884448 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6433165.dll 2013-10-28 22:03 - 2013-10-23 11:30 - 01511712 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6433165.dll 2013-10-28 22:03 - 2013-10-23 11:30 - 00696096 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll 2013-10-28 22:03 - 2013-10-23 11:30 - 00655136 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll 2013-10-28 22:03 - 2013-10-23 11:30 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2013-10-28 22:03 - 2013-10-23 11:30 - 00560416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2013-10-28 22:01 - 2013-10-18 02:36 - 01063200 _____ (NVIDIA Corporation) C:\Windows\System32\nvspcap64.dll 2013-10-28 22:01 - 2013-10-18 02:36 - 00955168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2013-10-28 21:55 - 2013-09-28 00:01 - 00039200 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvvad64v.sys 2013-10-28 21:55 - 2013-09-28 00:01 - 00028960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2013-10-25 18:09 - 2013-10-25 18:09 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies 2013-10-25 18:03 - 2013-10-16 01:48 - 01884448 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6433158.dll 2013-10-25 18:03 - 2013-10-16 01:48 - 01511712 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6433158.dll 2013-10-25 18:01 - 2013-10-25 18:01 - 00000000 ____D C:\NVIDIA 2013-10-23 03:02 - 2013-10-23 03:02 - 00589600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2013-10-14 18:53 - 2013-10-14 18:55 - 00012600 _____ C:\ProgramData\47rvqb.pff 2013-10-14 15:28 - 2013-10-14 18:53 - 00000000 _____ C:\ProgramData\47rvqb.ctrl 2013-10-14 15:28 - 2013-10-14 15:29 - 00060512 ____T (Microsoft Corporation) C:\ProgramData\47rvqb.pzz 2013-10-14 15:28 - 2013-10-14 15:28 - 00125952 _____ C:\ProgramData\bqvr74.plz 2013-10-14 15:27 - 2013-10-14 15:27 - 00000000 ___HD C:\Windows\AxInstSV 2013-10-11 22:27 - 2013-10-11 22:27 - 00000000 ___HD C:\Wondershare_DrFone_Backup 2013-10-11 22:16 - 2013-10-11 22:16 - 00000000 ____D C:\Users\neX0r\AppData\Roaming\Software4u 2013-10-11 22:16 - 2013-10-11 22:16 - 00000000 ____D C:\Users\neX0r\AppData\Local\IsolatedStorage 2013-10-11 22:06 - 2013-10-11 22:21 - 00000000 ____D C:\Program Files\Recuva 2013-10-11 21:52 - 2013-10-11 21:52 - 00000000 ____D C:\Users\neX0r\AppData\Local\Wondershare 2013-10-11 21:51 - 2013-10-11 22:53 - 00000000 ____D C:\Program Files (x86)\Wondershare 2013-10-11 21:51 - 2013-10-11 21:51 - 00000000 ____D C:\ProgramData\Wondershare 2013-10-11 12:17 - 2013-10-11 12:18 - 00000000 ____D C:\Program Files\Logitech Gaming Software 2013-10-11 12:16 - 2013-10-11 12:16 - 00000000 ____D C:\Users\neX0r\AppData\Roaming\Logitech 2013-10-11 12:16 - 2013-10-11 12:16 - 00000000 ____D C:\Users\neX0r\AppData\Roaming\Logishrd 2013-10-11 12:00 - 2013-10-11 12:00 - 00000000 ____D C:\ProgramData\LogiShrd 2013-10-11 11:55 - 2013-10-11 12:19 - 00000000 ____D C:\Users\neX0r\AppData\Local\Logitech 2013-10-11 11:55 - 2013-10-11 11:55 - 00000000 ____H C:\Windows\System32\Drivers\Msft_User_lgSSQVGA_01_00_00.Wdf 2013-10-11 11:55 - 2013-10-11 11:55 - 00000000 ____H C:\Windows\System32\Drivers\Msft_User_lgSSBW_01_00_00.Wdf 2013-10-09 17:39 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-10-09 17:39 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-10-09 17:39 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-10-09 17:39 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-10-09 17:39 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-10-09 17:39 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-10-09 17:39 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-10-09 17:39 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-10-09 17:39 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-10-09 17:39 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-10-09 17:39 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-10-09 17:39 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-10-09 17:39 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-10-09 17:39 - 2013-09-22 23:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-10-09 17:39 - 2013-09-22 23:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-10-09 17:39 - 2013-09-22 23:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-10-09 17:39 - 2013-09-22 23:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-10-09 17:39 - 2013-09-22 23:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-10-09 17:39 - 2013-09-22 23:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-10-09 17:39 - 2013-09-22 23:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-10-09 17:39 - 2013-09-22 23:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-10-09 17:39 - 2013-09-22 23:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-10-09 17:39 - 2013-09-22 23:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-10-09 17:39 - 2013-09-22 23:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-10-09 17:39 - 2013-09-22 23:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-10-09 17:39 - 2013-09-22 23:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-10-09 17:39 - 2013-09-22 23:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-10-09 17:39 - 2013-09-21 04:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-10-09 17:39 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-10-09 17:39 - 2013-09-21 03:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-10-09 17:39 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-10-09 14:01 - 2013-09-14 02:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys 2013-10-09 14:01 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-10-09 14:01 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\System32\mswsock.dll 2013-10-09 14:01 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll 2013-10-09 14:01 - 2013-08-28 02:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-10-09 14:01 - 2013-07-12 11:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbvideo.sys 2013-10-09 14:01 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbcir.sys 2013-10-09 14:01 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\System32\WebClnt.dll 2013-10-09 14:01 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\comctl32.dll 2013-10-09 14:01 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\System32\davclnt.dll 2013-10-09 14:01 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll 2013-10-09 14:01 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll 2013-10-09 14:01 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll 2013-10-09 14:01 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys 2013-10-09 14:01 - 2013-07-03 05:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbscan.sys 2013-10-09 14:01 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys 2013-10-09 14:01 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys 2013-10-09 14:01 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys 2013-10-09 14:01 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\System32\lpk.dll 2013-10-09 14:01 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\fontsub.dll 2013-10-09 14:01 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\System32\dciman32.dll 2013-10-09 14:01 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll 2013-10-09 14:01 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2013-10-09 14:01 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2013-10-09 14:01 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2013-10-09 14:01 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll 2013-10-09 14:01 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2013-10-09 14:01 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2013-10-09 14:00 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys 2013-10-09 14:00 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys 2013-10-09 14:00 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys 2013-10-09 14:00 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys 2013-10-09 14:00 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys 2013-10-09 14:00 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys 2013-10-09 14:00 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys 2013-10-09 14:00 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2013-10-09 14:00 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll 2013-10-09 14:00 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\System32\tdh.dll 2013-10-09 14:00 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll 2013-10-09 14:00 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\System32\advapi32.dll 2013-10-09 14:00 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-10-09 14:00 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-10-09 14:00 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-10-09 14:00 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2013-10-09 14:00 - 2013-08-29 02:50 - 00180224 _____ C:\Users\neX0r\AppData\Roaming\cache.dat 2013-10-09 14:00 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-10-09 14:00 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2013-10-09 14:00 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-10-09 14:00 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-10-09 14:00 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-10-09 14:00 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-10-09 14:00 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\System32\scavengeui.dll 2013-10-09 14:00 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys 2013-10-09 14:00 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll 2013-10-09 14:00 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2013-10-07 11:06 - 2013-10-07 11:07 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-10-07 11:06 - 2013-10-07 11:07 - 00000000 ____D C:\Program Files\iTunes 2013-10-07 11:06 - 2013-10-07 11:07 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-10-07 11:06 - 2013-10-07 11:06 - 00000000 ____D C:\Program Files\iPod 2013-10-06 00:00 - 2013-11-03 09:34 - 00014863 _____ C:\Windows\setupact.log 2013-10-06 00:00 - 2013-10-06 00:00 - 00000000 _____ C:\Windows\setuperr.log 2013-10-05 13:00 - 2013-10-05 13:00 - 00000000 ____D C:\Users\neX0r\Documents\my games 2013-10-04 11:22 - 2013-10-04 11:22 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini 2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Vorlagen 2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Startmenü 2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Netzwerkumgebung 2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Lokale Einstellungen 2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Eigene Dateien 2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Druckumgebung 2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Musik 2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Bilder 2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Verlauf 2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Anwendungsdaten 2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Anwendungsdaten 2013-10-04 11:15 - 2013-09-28 00:01 - 00029984 _____ (NVIDIA Corporation) C:\Windows\System32\nvaudcap64v.dll ==================== One Month Modified Files and Folders ======= 2013-11-03 09:52 - 2013-11-03 09:52 - 00000000 ____D C:\FRST 2013-11-03 09:34 - 2013-10-06 00:00 - 00014863 _____ C:\Windows\setupact.log 2013-11-03 09:34 - 2012-11-24 12:01 - 00000000 ____D C:\ProgramData\NVIDIA 2013-11-03 09:34 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-11-03 09:31 - 2013-11-03 09:07 - 00000004 _____ C:\Users\neX0r\AppData\Roaming\cache.ini 2013-11-03 09:18 - 2012-05-01 10:33 - 00004448 _____ C:\Windows\System32\Tasks\Ad-Aware Antivirus Scheduled Scan 2013-11-03 09:06 - 2013-04-18 07:01 - 00000000 ____D C:\Users\neX0r\AppData\Local\Google 2013-11-03 09:06 - 2013-04-18 07:01 - 00000000 ____D C:\Program Files (x86)\Google 2013-11-03 09:06 - 2009-07-14 05:45 - 00021248 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-11-03 09:06 - 2009-07-14 05:45 - 00021248 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-11-03 09:02 - 2012-04-30 20:57 - 01541021 _____ C:\Windows\WindowsUpdate.log 2013-11-03 08:59 - 2012-05-01 18:14 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-11-02 21:49 - 2012-05-01 10:55 - 00000000 ____D C:\Users\neX0r\AppData\Roaming\Skype 2013-11-01 16:57 - 2012-05-08 14:35 - 00000000 ____D C:\Program Files (x86)\Steam 2013-10-31 08:47 - 2013-10-31 08:47 - 00000774 _____ C:\Windows\PFRO.log 2013-10-30 23:31 - 2012-04-30 20:58 - 00000000 ____D C:\users\neX0r 2013-10-30 21:31 - 2012-06-08 18:53 - 00000000 ____D C:\Users\neX0r\AppData\Local\Adobe 2013-10-30 21:30 - 2013-10-30 21:30 - 00000000 ____D C:\Program Files (x86)\Adobe 2013-10-30 21:30 - 2012-06-08 18:51 - 00000000 ____D C:\ProgramData\Adobe 2013-10-29 20:35 - 2011-04-12 08:43 - 00696620 _____ C:\Windows\System32\perfh007.dat 2013-10-29 20:35 - 2011-04-12 08:43 - 00147916 _____ C:\Windows\System32\perfc007.dat 2013-10-29 20:35 - 2009-07-14 06:13 - 01612484 _____ C:\Windows\System32\PerfStringBackup.INI 2013-10-28 22:08 - 2012-11-24 12:01 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2013-10-28 22:01 - 2012-05-01 11:06 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2013-10-28 22:01 - 2012-05-01 11:06 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2013-10-25 18:09 - 2013-10-25 18:09 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies 2013-10-25 18:01 - 2013-10-25 18:01 - 00000000 ____D C:\NVIDIA 2013-10-25 17:48 - 2013-10-01 22:38 - 00000000 ____D C:\Users\neX0r\AppData\Local\NVIDIA 2013-10-23 11:30 - 2013-10-28 22:03 - 25257248 _____ (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll 2013-10-23 11:30 - 2013-10-28 22:03 - 22933792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2013-10-23 11:30 - 2013-10-28 22:03 - 18199872 _____ (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll 2013-10-23 11:30 - 2013-10-28 22:03 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2013-10-23 11:30 - 2013-10-28 22:03 - 12572960 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys 2013-10-23 11:30 - 2013-10-28 22:03 - 11426568 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll 2013-10-23 11:30 - 2013-10-28 22:03 - 11374520 _____ (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll 2013-10-23 11:30 - 2013-10-28 22:03 - 09524088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2013-10-23 11:30 - 2013-10-28 22:03 - 09480328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2013-10-23 11:30 - 2013-10-28 22:03 - 03131680 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll 2013-10-23 11:30 - 2013-10-28 22:03 - 03124512 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll 2013-10-23 11:30 - 2013-10-28 22:03 - 02946848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2013-10-23 11:30 - 2013-10-28 22:03 - 02747168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll 2013-10-23 11:30 - 2013-10-28 22:03 - 01884448 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6433165.dll 2013-10-23 11:30 - 2013-10-28 22:03 - 01511712 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6433165.dll 2013-10-23 11:30 - 2013-10-28 22:03 - 00696096 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll 2013-10-23 11:30 - 2013-10-28 22:03 - 00655136 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll 2013-10-23 11:30 - 2013-10-28 22:03 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2013-10-23 11:30 - 2013-10-28 22:03 - 00560416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2013-10-23 11:30 - 2013-09-17 21:22 - 30344480 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll 2013-10-23 11:30 - 2013-03-27 10:18 - 15212336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll 2013-10-23 11:30 - 2013-03-27 10:18 - 02695200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2013-10-23 11:30 - 2013-03-27 10:18 - 00023287 _____ C:\Windows\System32\nvinfo.pb 2013-10-23 11:30 - 2012-10-10 21:23 - 18286416 _____ (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll 2013-10-23 11:30 - 2012-10-10 21:23 - 15855568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2013-10-23 11:30 - 2012-10-10 21:23 - 03067560 _____ (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll 2013-10-23 09:20 - 2012-11-24 12:01 - 06669600 _____ (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll 2013-10-23 09:20 - 2012-11-24 12:01 - 03489568 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll 2013-10-23 09:20 - 2012-11-24 12:01 - 02559776 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll 2013-10-23 09:20 - 2012-11-24 12:01 - 00922912 _____ (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe 2013-10-23 09:20 - 2012-11-24 12:01 - 00219424 _____ (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll 2013-10-23 09:20 - 2012-11-24 12:01 - 00063776 _____ (NVIDIA Corporation) C:\Windows\System32\nvshext.dll 2013-10-23 03:02 - 2013-10-23 03:02 - 00589600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2013-10-22 18:59 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2013-10-18 02:36 - 2013-10-28 22:01 - 01063200 _____ (NVIDIA Corporation) C:\Windows\System32\nvspcap64.dll 2013-10-18 02:36 - 2013-10-28 22:01 - 00955168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2013-10-17 18:57 - 2012-05-01 10:55 - 00000000 ____D C:\ProgramData\Skype 2013-10-17 18:56 - 2012-05-01 10:55 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-10-16 01:48 - 2013-10-25 18:03 - 01884448 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6433158.dll 2013-10-16 01:48 - 2013-10-25 18:03 - 01511712 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6433158.dll 2013-10-15 22:49 - 2013-08-04 10:08 - 00000000 ____D C:\Program Files\Microsoft Security Client 2013-10-15 22:49 - 2013-08-04 10:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client 2013-10-15 22:49 - 2012-05-01 10:38 - 00001912 _____ C:\Windows\epplauncher.mif 2013-10-15 18:25 - 2012-05-01 10:53 - 00000000 ____D C:\Users\neX0r\AppData\Roaming\IrfanView 2013-10-15 18:25 - 2012-05-01 09:54 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus 2013-10-15 18:25 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\NDF 2013-10-15 18:25 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration 2013-10-14 18:55 - 2013-10-14 18:53 - 00012600 _____ C:\ProgramData\47rvqb.pff 2013-10-14 18:53 - 2013-10-14 15:28 - 00000000 _____ C:\ProgramData\47rvqb.ctrl 2013-10-14 15:29 - 2013-10-14 15:28 - 00060512 ____T (Microsoft Corporation) C:\ProgramData\47rvqb.pzz 2013-10-14 15:28 - 2013-10-14 15:28 - 00125952 _____ C:\ProgramData\bqvr74.plz 2013-10-14 15:27 - 2013-10-14 15:27 - 00000000 ___HD C:\Windows\AxInstSV 2013-10-12 10:59 - 2012-09-07 21:28 - 00000000 ____D C:\Users\neX0r\AppData\Roaming\Apple Computer 2013-10-11 22:53 - 2013-10-11 21:51 - 00000000 ____D C:\Program Files (x86)\Wondershare 2013-10-11 22:27 - 2013-10-11 22:27 - 00000000 ___HD C:\Wondershare_DrFone_Backup 2013-10-11 22:21 - 2013-10-11 22:06 - 00000000 ____D C:\Program Files\Recuva 2013-10-11 22:16 - 2013-10-11 22:16 - 00000000 ____D C:\Users\neX0r\AppData\Roaming\Software4u 2013-10-11 22:16 - 2013-10-11 22:16 - 00000000 ____D C:\Users\neX0r\AppData\Local\IsolatedStorage 2013-10-11 21:52 - 2013-10-11 21:52 - 00000000 ____D C:\Users\neX0r\AppData\Local\Wondershare 2013-10-11 21:51 - 2013-10-11 21:51 - 00000000 ____D C:\ProgramData\Wondershare 2013-10-11 12:24 - 2013-07-04 19:04 - 00000000 ___RD C:\Users\neX0r\Desktop\System 2013-10-11 12:19 - 2013-10-11 11:55 - 00000000 ____D C:\Users\neX0r\AppData\Local\Logitech 2013-10-11 12:18 - 2013-10-11 12:17 - 00000000 ____D C:\Program Files\Logitech Gaming Software 2013-10-11 12:16 - 2013-10-11 12:16 - 00000000 ____D C:\Users\neX0r\AppData\Roaming\Logitech 2013-10-11 12:16 - 2013-10-11 12:16 - 00000000 ____D C:\Users\neX0r\AppData\Roaming\Logishrd 2013-10-11 12:00 - 2013-10-11 12:00 - 00000000 ____D C:\ProgramData\LogiShrd 2013-10-11 11:55 - 2013-10-11 11:55 - 00000000 ____H C:\Windows\System32\Drivers\Msft_User_lgSSQVGA_01_00_00.Wdf 2013-10-11 11:55 - 2013-10-11 11:55 - 00000000 ____H C:\Windows\System32\Drivers\Msft_User_lgSSBW_01_00_00.Wdf 2013-10-10 16:16 - 2012-05-01 10:34 - 00000000 ___RD C:\Users\neX0r\Desktop\neX 2013-10-09 20:54 - 2012-02-14 18:23 - 00000000 ____D C:\Windows\Panther 2013-10-09 20:51 - 2009-07-14 05:45 - 00297656 _____ C:\Windows\System32\FNTCACHE.DAT 2013-10-09 17:37 - 2012-05-16 21:20 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-10-09 17:37 - 2012-05-16 21:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-10-09 17:36 - 2012-02-14 18:39 - 01589442 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2013-10-09 17:31 - 2013-08-15 18:30 - 00000000 ____D C:\Windows\System32\MRT 2013-10-09 17:28 - 2012-02-14 19:12 - 80541720 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-10-09 14:59 - 2012-05-01 18:14 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-10-09 14:59 - 2012-05-01 18:14 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-10-09 14:59 - 2012-05-01 18:14 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-10-07 11:52 - 2012-05-03 11:10 - 00000000 ____D C:\Users\neX0r\Documents\StarCraft II 2013-10-07 11:07 - 2013-10-07 11:06 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-10-07 11:07 - 2013-10-07 11:06 - 00000000 ____D C:\Program Files\iTunes 2013-10-07 11:07 - 2013-10-07 11:06 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-10-07 11:06 - 2013-10-07 11:06 - 00000000 ____D C:\Program Files\iPod 2013-10-06 00:00 - 2013-10-06 00:00 - 00000000 _____ C:\Windows\setuperr.log 2013-10-05 21:58 - 2012-05-01 10:13 - 00000000 ____D C:\Program Files\CCleaner 2013-10-05 18:06 - 2013-07-04 19:01 - 00000000 ___RD C:\Users\neX0r\Desktop\Games 2013-10-05 18:02 - 2013-07-04 18:59 - 00000000 ___RD C:\Users\neX0r\Desktop\Messanger 2013-10-05 13:00 - 2013-10-05 13:00 - 00000000 ____D C:\Users\neX0r\Documents\my games 2013-10-04 11:22 - 2013-10-04 11:22 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini 2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Vorlagen 2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Startmenü 2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Netzwerkumgebung 2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Lokale Einstellungen 2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Eigene Dateien 2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Druckumgebung 2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Musik 2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Bilder 2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Verlauf 2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Anwendungsdaten 2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Anwendungsdaten 2013-10-04 00:11 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions ZeroAccess: C:\Windows\assembly\GAC_32\Desktop.ini ZeroAccess: C:\Windows\assembly\GAC_64\Desktop.ini Files to move or delete: ==================== C:\Users\neX0r\AppData\Roaming\cache.dat C:\Users\neX0r\AppData\Roaming\cache.ini ZeroAccess: C:\Users\neX0r\AppData\Local\Google\Desktop\Install ZeroAccess: C:\Program Files (x86)\Google\Desktop\Install C:\ProgramData\47rvqb.ctrl C:\ProgramData\47rvqb.pff C:\ProgramData\bqvr74.plz C:\ProgramData\wavav0bdtzbtb43b.bat C:\ProgramData\wavav0bdtzbtb43b.reg Some content of TEMP: ==================== C:\Users\neX0r\AppData\Local\Temp\h-1143936814.tmp.exe C:\Users\neX0r\AppData\Local\Temp\h-1307302379.tmp.dll C:\Users\neX0r\AppData\Local\Temp\InstallFlashPlayer.exe C:\Users\neX0r\AppData\Local\Temp\msimg32.dll C:\Users\neX0r\AppData\Local\Temp\nvSCPAPI.dll C:\Users\neX0r\AppData\Local\Temp\nvSCPAPI64.dll C:\Users\neX0r\AppData\Local\Temp\nvStInst.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit C:\Program Files\Microsoft Security Client\MsMpEng.exe => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= 5 Restore point made on: 2013-10-19 17:58:41 Restore point made on: 2013-10-23 12:13:25 Restore point made on: 2013-10-26 20:39:01 Restore point made on: 2013-10-29 20:42:32 Restore point made on: 2013-11-02 21:54:33 ==================== Memory info =========================== Percentage of memory in use: 14% Total physical RAM: 4095.12 MB Available physical RAM: 3513.4 MB Total Pagefile: 4093.32 MB Available Pagefile: 3499.46 MB Total Virtual: 8192 MB Available Virtual: 8191.86 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.66 GB) (Free:327.77 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive e: (USB DISK) (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 677819A3) Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 2 GB) (Disk ID: 253FF683) Partition 1: (Not Active) - (Size=2 GB) - (Type=06) LastRegBack: 2013-10-22 18:50 ==================== End Of Log ============================ --- --- --- --- --- --- vielen dank schonmal meinst du ich könnten ihn einfach mit Bundespolizei Virus entfernen - Einfache Anleitung entfernen? |
03.11.2013, 12:40 | #4 |
Ruhe in Frieden † 2019 | BKA Virus!!!!! Hallo neX2111 Mein Name ist Sandra und ich werde Dir bei Deinem Problem behilflich sein.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist. Schritt 1 Startet Dein Rechner nach diesem Fix wieder normal? Achtung! Auch wenn Dein Rechner nach diesem Fix normal startet ist er weiterhin infiziert. Es ist noch eine andere Infektion als der BKA auf der Maschine! Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\neX0r\...\Winlogon: [Shell] explorer.exe,C:\Users\neX0r\AppData\Roaming\cache.dat [180224 2013-08-29] () <==== ATTENTION C:\Users\neX0r\AppData\Roaming\cache.ini C:\Users\neX0r\AppData\Roaming\cache.dat C:\Users\neX0r\AppData\Local\Temp\h-1143936814.tmp.exe C:\Users\neX0r\AppData\Local\Temp\h-1307302379.tmp.dll
|
03.11.2013, 19:07 | #5 |
| BKA Virus!!!!! ok Moment werde es probieren Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-10-2013 Ran by SYSTEM at 2013-11-03 13:00:48 Run:1 Running from E:\ Boot Mode: Recovery ============================================== Content of fixlist: ***************** ***************** ==== End of Fixlog ==== soll ich dies durchführen oder abbrechen? ok pc hat nun ganz normal gestartet warte auf weitere Anweisungen bis moin |
03.11.2013, 20:40 | #6 |
Ruhe in Frieden † 2019 | BKA Virus!!!!! Hallo neX2111, bitte editiere nicht ständig deine Posts, meine Antworten müssen erst von einem Ausbilder freigegeben werden. Wenn ich nun meine Antwort poste und die freigegeben wird, du dann aber wieder in deinen Thread editierst oder andere Aktionen durchführst, dann muss ich erneut eine Antwort posten, die dann erneut wieder freigegeben werden muss. Dadurch verzögert sich dann natürlich meine Hilfestellung. Poste mir bitte in deiner nächsten Antwort das Fixlog von FRST. |
03.11.2013, 22:41 | #7 |
| BKA Virus!!!!! sorry :/ FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013 Ran by neX0r (administrator) on NEX on 03-11-2013 22:33:51 Running from E:\ Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (D-Link Corp.) C:\Program Files (x86)\D-Link\DWA-125 revA\AirNCFG.exe (Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited) C:\PROGRA~2\AD-AWA~1\AdAware.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Reader_sl.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDWebCam.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPictureViewer.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMovieViewer.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDYT.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe (GFI Software) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SBRegRebootCleaner] - C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe [201608 2012-09-20] (GFI Software) HKLM\...\Run: [MSC] - "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey <===== ATTENTION (File name is altered) HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-10-18] (NVIDIA Corporation) HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [8290584 2013-08-01] (Logitech Inc.) HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart Winlogon\Notify\WB: C:\Program Files (x86)\Stardock\MyColors\fast64.dll [X] HKLM-x32\...\Run: [D-Link D-Link DWA-125] - C:\Program Files (x86)\D-Link\DWA-125 revA\AirNCFG.exe [1074496 2011-06-10] (D-Link Corp.) HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554408 2013-05-15] (Lavasoft) HKLM-x32\...\Run: [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x140186E10348CD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE SearchScopes: HKCU - {634135E1-F355-4FBA-83D0-1C4DA5C6BFCF} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms} SearchScopes: HKCU - {866A09B1-B88B-4518-8183-BDA8204DCBE2} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie SearchScopes: HKCU - {AFCAAEE9-2AFF-49F7-A2F5-8AC5FE9B19EB} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} SearchScopes: HKCU - {DC331F54-2AA7-4071-BCD6-385CB388783A} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms} BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 ==================== Services (Whitelisted) ================= R2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-06-13] (Lavasoft Limited) R2 D_Link_DWA-125_WPS; C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe [53248 2010-07-12] () R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15122208 2013-10-18] (NVIDIA Corporation) R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-05-06] () R2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software) ==================== Drivers (Whitelisted) ==================== R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2010-05-29] () R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] () S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security) R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-07-29] (GFI Software) R3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] () R3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [1617472 2011-04-28] (Ralink Technology Corp.) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-28] (NVIDIA Corporation) S3 athr; system32\DRIVERS\athrx.sys [x] S1 lzwrwlgo; \??\C:\Windows\system32\drivers\lzwrwlgo.sys [x] S3 VGPU; System32\drivers\rdvgkmd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-03 20:41 - 2013-11-03 20:49 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0 2013-11-03 19:23 - 2013-11-03 22:32 - 00000504 _____ C:\Windows\setupact.log 2013-11-03 19:23 - 2013-11-03 19:23 - 00000000 _____ C:\Windows\setuperr.log 2013-11-03 19:07 - 2013-11-03 19:17 - 00000000 ____D C:\ProgramData\HitmanPro 2013-11-03 16:52 - 2013-11-03 17:00 - 00000000 ____D C:\AdwCleaner 2013-11-03 15:40 - 2013-11-03 15:40 - 00000000 ____D C:\Users\neX0r\AppData\Roaming\Malwarebytes 2013-11-03 15:40 - 2013-11-03 15:40 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-11-03 15:40 - 2013-11-03 15:40 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-11-03 15:40 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-11-03 09:52 - 2013-11-03 09:52 - 00000000 ____D C:\FRST 2013-10-30 21:30 - 2013-10-30 21:30 - 00000000 ____D C:\Program Files (x86)\Adobe 2013-10-28 22:03 - 2013-10-23 11:30 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2013-10-28 22:03 - 2013-10-23 11:30 - 22933792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2013-10-28 22:03 - 2013-10-23 11:30 - 18199872 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2013-10-28 22:03 - 2013-10-23 11:30 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2013-10-28 22:03 - 2013-10-23 11:30 - 12572960 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2013-10-28 22:03 - 2013-10-23 11:30 - 11426568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2013-10-28 22:03 - 2013-10-23 11:30 - 11374520 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2013-10-28 22:03 - 2013-10-23 11:30 - 09524088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2013-10-28 22:03 - 2013-10-23 11:30 - 09480328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2013-10-28 22:03 - 2013-10-23 11:30 - 03131680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2013-10-28 22:03 - 2013-10-23 11:30 - 03124512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll 2013-10-28 22:03 - 2013-10-23 11:30 - 02946848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2013-10-28 22:03 - 2013-10-23 11:30 - 02747168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll 2013-10-28 22:03 - 2013-10-23 11:30 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433165.dll 2013-10-28 22:03 - 2013-10-23 11:30 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433165.dll 2013-10-28 22:03 - 2013-10-23 11:30 - 00696096 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2013-10-28 22:03 - 2013-10-23 11:30 - 00655136 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2013-10-28 22:03 - 2013-10-23 11:30 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2013-10-28 22:03 - 2013-10-23 11:30 - 00560416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2013-10-28 22:01 - 2013-10-18 02:36 - 01063200 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2013-10-28 22:01 - 2013-10-18 02:36 - 00955168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2013-10-28 21:55 - 2013-09-28 00:01 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2013-10-28 21:55 - 2013-09-28 00:01 - 00028960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2013-10-25 18:09 - 2013-10-25 18:09 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies 2013-10-25 18:03 - 2013-10-16 01:48 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433158.dll 2013-10-25 18:03 - 2013-10-16 01:48 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433158.dll 2013-10-25 18:01 - 2013-10-25 18:01 - 00000000 ____D C:\NVIDIA 2013-10-23 03:02 - 2013-10-23 03:02 - 00589600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2013-10-14 18:53 - 2013-10-14 18:55 - 00012600 _____ C:\ProgramData\47rvqb.pff 2013-10-14 15:28 - 2013-10-14 18:53 - 00000000 _____ C:\ProgramData\47rvqb.ctrl 2013-10-14 15:27 - 2013-10-14 15:27 - 00000000 ___HD C:\Windows\AxInstSV 2013-10-11 22:27 - 2013-10-11 22:27 - 00000000 ___HD C:\Wondershare_DrFone_Backup 2013-10-11 22:16 - 2013-10-11 22:16 - 00000000 ____D C:\Users\neX0r\AppData\Local\IsolatedStorage 2013-10-11 21:52 - 2013-10-11 21:52 - 00000000 ____D C:\Users\neX0r\AppData\Local\Wondershare 2013-10-11 21:51 - 2013-10-11 22:53 - 00000000 ____D C:\Program Files (x86)\Wondershare 2013-10-11 21:51 - 2013-10-11 21:51 - 00000000 ____D C:\ProgramData\Wondershare 2013-10-11 12:17 - 2013-10-11 12:18 - 00000000 ____D C:\Program Files\Logitech Gaming Software 2013-10-11 12:16 - 2013-10-11 12:16 - 00000000 ____D C:\Users\neX0r\AppData\Roaming\Logitech 2013-10-11 12:16 - 2013-10-11 12:16 - 00000000 ____D C:\Users\neX0r\AppData\Roaming\Logishrd 2013-10-11 12:00 - 2013-10-11 12:00 - 00000000 ____D C:\ProgramData\LogiShrd 2013-10-11 11:55 - 2013-10-11 12:19 - 00000000 ____D C:\Users\neX0r\AppData\Local\Logitech 2013-10-11 11:55 - 2013-10-11 11:55 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_lgSSQVGA_01_00_00.Wdf 2013-10-11 11:55 - 2013-10-11 11:55 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_lgSSBW_01_00_00.Wdf 2013-10-09 17:39 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-10-09 17:39 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-10-09 17:39 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-10-09 17:39 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-10-09 17:39 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-10-09 17:39 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-10-09 17:39 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-10-09 17:39 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-10-09 17:39 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-10-09 17:39 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-10-09 17:39 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-10-09 17:39 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-10-09 17:39 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-10-09 17:39 - 2013-09-22 23:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-10-09 17:39 - 2013-09-22 23:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-10-09 17:39 - 2013-09-22 23:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-10-09 17:39 - 2013-09-22 23:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-10-09 17:39 - 2013-09-22 23:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-10-09 17:39 - 2013-09-22 23:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-10-09 17:39 - 2013-09-22 23:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-10-09 17:39 - 2013-09-22 23:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-10-09 17:39 - 2013-09-22 23:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-10-09 17:39 - 2013-09-22 23:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-10-09 17:39 - 2013-09-22 23:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-10-09 17:39 - 2013-09-22 23:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-10-09 17:39 - 2013-09-22 23:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-10-09 17:39 - 2013-09-22 23:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-10-09 17:39 - 2013-09-21 04:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-10-09 17:39 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-10-09 17:39 - 2013-09-21 03:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-10-09 17:39 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-10-09 14:01 - 2013-09-14 02:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2013-10-09 14:01 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-10-09 14:01 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll 2013-10-09 14:01 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll 2013-10-09 14:01 - 2013-08-28 02:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-10-09 14:01 - 2013-07-12 11:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys 2013-10-09 14:01 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys 2013-10-09 14:01 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2013-10-09 14:01 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2013-10-09 14:01 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2013-10-09 14:01 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll 2013-10-09 14:01 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll 2013-10-09 14:01 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll 2013-10-09 14:01 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2013-10-09 14:01 - 2013-07-03 05:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys 2013-10-09 14:01 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys 2013-10-09 14:01 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys 2013-10-09 14:01 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys 2013-10-09 14:01 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2013-10-09 14:01 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2013-10-09 14:01 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2013-10-09 14:01 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2013-10-09 14:01 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2013-10-09 14:01 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2013-10-09 14:01 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2013-10-09 14:01 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2013-10-09 14:01 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2013-10-09 14:01 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2013-10-09 14:00 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2013-10-09 14:00 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2013-10-09 14:00 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2013-10-09 14:00 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2013-10-09 14:00 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2013-10-09 14:00 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2013-10-09 14:00 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2013-10-09 14:00 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-10-09 14:00 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-10-09 14:00 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2013-10-09 14:00 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2013-10-09 14:00 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2013-10-09 14:00 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-10-09 14:00 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-10-09 14:00 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-10-09 14:00 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2013-10-09 14:00 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-10-09 14:00 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2013-10-09 14:00 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-10-09 14:00 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-10-09 14:00 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-10-09 14:00 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-10-09 14:00 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll 2013-10-09 14:00 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2013-10-09 14:00 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2013-10-09 14:00 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2013-10-07 11:06 - 2013-10-07 11:07 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-10-07 11:06 - 2013-10-07 11:07 - 00000000 ____D C:\Program Files\iTunes 2013-10-07 11:06 - 2013-10-07 11:07 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-10-07 11:06 - 2013-10-07 11:06 - 00000000 ____D C:\Program Files\iPod 2013-10-05 13:00 - 2013-10-05 13:00 - 00000000 ____D C:\Users\neX0r\Documents\my games 2013-10-04 11:22 - 2013-10-04 11:22 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini 2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Vorlagen 2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Startmenü 2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Netzwerkumgebung 2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Lokale Einstellungen 2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Eigene Dateien 2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Druckumgebung 2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Musik 2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Bilder 2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Verlauf 2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Anwendungsdaten 2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Anwendungsdaten 2013-10-04 11:22 - 2009-07-14 05:54 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2013-10-04 11:22 - 2009-07-14 05:49 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2013-10-04 11:15 - 2013-09-28 00:01 - 00029984 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll ==================== One Month Modified Files and Folders ======= 2013-11-03 22:32 - 2013-11-03 19:23 - 00000504 _____ C:\Windows\setupact.log 2013-11-03 22:32 - 2012-11-24 12:01 - 00000000 ____D C:\ProgramData\NVIDIA 2013-11-03 22:32 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-11-03 20:49 - 2013-11-03 20:41 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0 2013-11-03 19:53 - 2012-04-30 20:57 - 01596997 _____ C:\Windows\WindowsUpdate.log 2013-11-03 19:53 - 2009-07-14 05:45 - 00021248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-11-03 19:53 - 2009-07-14 05:45 - 00021248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-11-03 19:23 - 2013-11-03 19:23 - 00000000 _____ C:\Windows\setuperr.log 2013-11-03 19:20 - 2013-07-04 19:04 - 00000000 ___RD C:\Users\neX0r\Desktop\System 2013-11-03 19:17 - 2013-11-03 19:07 - 00000000 ____D C:\ProgramData\HitmanPro 2013-11-03 19:07 - 2012-05-01 10:55 - 00000000 ____D C:\Users\neX0r\AppData\Roaming\Skype 2013-11-03 18:59 - 2012-05-01 18:14 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-11-03 17:38 - 2012-05-08 14:35 - 00000000 ____D C:\Program Files (x86)\Steam 2013-11-03 17:37 - 2012-02-14 18:23 - 00000000 ____D C:\Windows\Panther 2013-11-03 17:00 - 2013-11-03 16:52 - 00000000 ____D C:\AdwCleaner 2013-11-03 15:40 - 2013-11-03 15:40 - 00000000 ____D C:\Users\neX0r\AppData\Roaming\Malwarebytes 2013-11-03 15:40 - 2013-11-03 15:40 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-11-03 15:40 - 2013-11-03 15:40 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-11-03 15:14 - 2011-04-12 08:43 - 00696620 _____ C:\Windows\system32\perfh007.dat 2013-11-03 15:14 - 2011-04-12 08:43 - 00147916 _____ C:\Windows\system32\perfc007.dat 2013-11-03 15:14 - 2009-07-14 06:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI 2013-11-03 15:06 - 2012-05-01 09:53 - 00000000 ____D C:\Users\neX0r\AppData\Roaming\Ad-Aware Antivirus 2013-11-03 14:45 - 2012-04-30 20:58 - 00000000 ____D C:\Users\neX0r 2013-11-03 14:34 - 2013-08-04 10:08 - 00000000 ____D C:\Program Files\Microsoft Security Client 2013-11-03 14:34 - 2012-05-01 09:54 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus 2013-11-03 14:34 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Defender 2013-11-03 14:34 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration 2013-11-03 09:52 - 2013-11-03 09:52 - 00000000 ____D C:\FRST 2013-11-03 09:06 - 2013-04-18 07:01 - 00000000 ____D C:\Users\neX0r\AppData\Local\Google 2013-11-03 09:06 - 2013-04-18 07:01 - 00000000 ____D C:\Program Files (x86)\Google 2013-10-30 21:31 - 2012-06-08 18:53 - 00000000 ____D C:\Users\neX0r\AppData\Local\Adobe 2013-10-30 21:30 - 2013-10-30 21:30 - 00000000 ____D C:\Program Files (x86)\Adobe 2013-10-30 21:30 - 2012-06-08 18:51 - 00000000 ____D C:\ProgramData\Adobe 2013-10-28 22:08 - 2012-11-24 12:01 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2013-10-28 22:01 - 2012-05-01 11:06 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2013-10-28 22:01 - 2012-05-01 11:06 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2013-10-25 18:09 - 2013-10-25 18:09 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies 2013-10-25 18:01 - 2013-10-25 18:01 - 00000000 ____D C:\NVIDIA 2013-10-25 17:48 - 2013-10-01 22:38 - 00000000 ____D C:\Users\neX0r\AppData\Local\NVIDIA 2013-10-23 11:30 - 2013-10-28 22:03 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2013-10-23 11:30 - 2013-10-28 22:03 - 22933792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2013-10-23 11:30 - 2013-10-28 22:03 - 18199872 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2013-10-23 11:30 - 2013-10-28 22:03 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2013-10-23 11:30 - 2013-10-28 22:03 - 12572960 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2013-10-23 11:30 - 2013-10-28 22:03 - 11426568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2013-10-23 11:30 - 2013-10-28 22:03 - 11374520 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2013-10-23 11:30 - 2013-10-28 22:03 - 09524088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2013-10-23 11:30 - 2013-10-28 22:03 - 09480328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2013-10-23 11:30 - 2013-10-28 22:03 - 03131680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2013-10-23 11:30 - 2013-10-28 22:03 - 03124512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll 2013-10-23 11:30 - 2013-10-28 22:03 - 02946848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2013-10-23 11:30 - 2013-10-28 22:03 - 02747168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll 2013-10-23 11:30 - 2013-10-28 22:03 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433165.dll 2013-10-23 11:30 - 2013-10-28 22:03 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433165.dll 2013-10-23 11:30 - 2013-10-28 22:03 - 00696096 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2013-10-23 11:30 - 2013-10-28 22:03 - 00655136 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2013-10-23 11:30 - 2013-10-28 22:03 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2013-10-23 11:30 - 2013-10-28 22:03 - 00560416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2013-10-23 11:30 - 2013-09-17 21:22 - 30344480 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2013-10-23 11:30 - 2013-03-27 10:18 - 15212336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll 2013-10-23 11:30 - 2013-03-27 10:18 - 02695200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2013-10-23 11:30 - 2013-03-27 10:18 - 00023287 _____ C:\Windows\system32\nvinfo.pb 2013-10-23 11:30 - 2012-10-10 21:23 - 18286416 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll 2013-10-23 11:30 - 2012-10-10 21:23 - 15855568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2013-10-23 11:30 - 2012-10-10 21:23 - 03067560 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll 2013-10-23 09:20 - 2012-11-24 12:01 - 06669600 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll 2013-10-23 09:20 - 2012-11-24 12:01 - 03489568 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll 2013-10-23 09:20 - 2012-11-24 12:01 - 02559776 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll 2013-10-23 09:20 - 2012-11-24 12:01 - 00922912 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe 2013-10-23 09:20 - 2012-11-24 12:01 - 00219424 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll 2013-10-23 09:20 - 2012-11-24 12:01 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll 2013-10-23 03:02 - 2013-10-23 03:02 - 00589600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2013-10-22 18:59 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2013-10-18 02:36 - 2013-10-28 22:01 - 01063200 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2013-10-18 02:36 - 2013-10-28 22:01 - 00955168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2013-10-17 18:57 - 2012-05-01 10:55 - 00000000 ____D C:\ProgramData\Skype 2013-10-17 18:56 - 2012-05-01 10:55 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-10-16 01:48 - 2013-10-25 18:03 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433158.dll 2013-10-16 01:48 - 2013-10-25 18:03 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433158.dll 2013-10-15 22:49 - 2013-08-04 10:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client 2013-10-15 22:49 - 2012-05-01 10:38 - 00001912 _____ C:\Windows\epplauncher.mif 2013-10-15 18:25 - 2012-05-01 10:53 - 00000000 ____D C:\Users\neX0r\AppData\Roaming\IrfanView 2013-10-15 18:25 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF 2013-10-14 18:55 - 2013-10-14 18:53 - 00012600 _____ C:\ProgramData\47rvqb.pff 2013-10-14 18:53 - 2013-10-14 15:28 - 00000000 _____ C:\ProgramData\47rvqb.ctrl 2013-10-14 15:27 - 2013-10-14 15:27 - 00000000 ___HD C:\Windows\AxInstSV 2013-10-12 10:59 - 2012-09-07 21:28 - 00000000 ____D C:\Users\neX0r\AppData\Roaming\Apple Computer 2013-10-11 22:53 - 2013-10-11 21:51 - 00000000 ____D C:\Program Files (x86)\Wondershare 2013-10-11 22:27 - 2013-10-11 22:27 - 00000000 ___HD C:\Wondershare_DrFone_Backup 2013-10-11 22:16 - 2013-10-11 22:16 - 00000000 ____D C:\Users\neX0r\AppData\Local\IsolatedStorage 2013-10-11 21:52 - 2013-10-11 21:52 - 00000000 ____D C:\Users\neX0r\AppData\Local\Wondershare 2013-10-11 21:51 - 2013-10-11 21:51 - 00000000 ____D C:\ProgramData\Wondershare 2013-10-11 12:19 - 2013-10-11 11:55 - 00000000 ____D C:\Users\neX0r\AppData\Local\Logitech 2013-10-11 12:18 - 2013-10-11 12:17 - 00000000 ____D C:\Program Files\Logitech Gaming Software 2013-10-11 12:16 - 2013-10-11 12:16 - 00000000 ____D C:\Users\neX0r\AppData\Roaming\Logitech 2013-10-11 12:16 - 2013-10-11 12:16 - 00000000 ____D C:\Users\neX0r\AppData\Roaming\Logishrd 2013-10-11 12:00 - 2013-10-11 12:00 - 00000000 ____D C:\ProgramData\LogiShrd 2013-10-11 11:55 - 2013-10-11 11:55 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_lgSSQVGA_01_00_00.Wdf 2013-10-11 11:55 - 2013-10-11 11:55 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_lgSSBW_01_00_00.Wdf 2013-10-10 16:16 - 2012-05-01 10:34 - 00000000 ___RD C:\Users\neX0r\Desktop\neX 2013-10-09 20:51 - 2009-07-14 05:45 - 00297656 _____ C:\Windows\system32\FNTCACHE.DAT 2013-10-09 17:37 - 2012-05-16 21:20 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-10-09 17:37 - 2012-05-16 21:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-10-09 17:36 - 2012-02-14 18:39 - 01589442 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2013-10-09 17:31 - 2013-08-15 18:30 - 00000000 ____D C:\Windows\system32\MRT 2013-10-09 17:28 - 2012-02-14 19:12 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-10-09 14:59 - 2012-05-01 18:14 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-10-09 14:59 - 2012-05-01 18:14 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-10-09 14:59 - 2012-05-01 18:14 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-10-07 11:52 - 2012-05-03 11:10 - 00000000 ____D C:\Users\neX0r\Documents\StarCraft II 2013-10-07 11:07 - 2013-10-07 11:06 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-10-07 11:07 - 2013-10-07 11:06 - 00000000 ____D C:\Program Files\iTunes 2013-10-07 11:07 - 2013-10-07 11:06 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-10-07 11:06 - 2013-10-07 11:06 - 00000000 ____D C:\Program Files\iPod 2013-10-05 21:58 - 2012-05-01 10:13 - 00000000 ____D C:\Program Files\CCleaner 2013-10-05 18:06 - 2013-07-04 19:01 - 00000000 ___RD C:\Users\neX0r\Desktop\Games 2013-10-05 18:02 - 2013-07-04 18:59 - 00000000 ___RD C:\Users\neX0r\Desktop\Messanger 2013-10-05 13:00 - 2013-10-05 13:00 - 00000000 ____D C:\Users\neX0r\Documents\my games 2013-10-04 11:22 - 2013-10-04 11:22 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini 2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Vorlagen 2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Startmenü 2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Netzwerkumgebung 2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Lokale Einstellungen 2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Eigene Dateien 2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Druckumgebung 2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Musik 2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Bilder 2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Verlauf 2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Anwendungsdaten 2013-10-04 11:22 - 2013-10-04 11:22 - 00000000 _SHDL C:\Users\UpdatusUser\Anwendungsdaten 2013-10-04 00:11 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions Files to move or delete: ==================== ZeroAccess: C:\Users\neX0r\AppData\Local\Google\Desktop\Install ZeroAccess: C:\Program Files (x86)\Google\Desktop\Install C:\ProgramData\47rvqb.ctrl C:\ProgramData\47rvqb.pff C:\ProgramData\wavav0bdtzbtb43b.bat C:\ProgramData\wavav0bdtzbtb43b.reg Some content of TEMP: ==================== C:\Users\neX0r\AppData\Local\Temp\HitmanPro.exe C:\Users\neX0r\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-22 18:50 ==================== End Of Log ============================ Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-10-2013 Ran by neX0r at 2013-11-03 22:36:37 Running from E:\ Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AV: Lavasoft Ad-Aware (Enabled - Up to date) {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Lavasoft Ad-Aware (Enabled - Up to date) {5BB89C30-6480-BC7C-9F17-199BD76F557A} AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} FW: Lavasoft Ad-Aware (Disabled) {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC} ==================== Installed Programs ====================== Ad-Aware Antivirus (x32 Version: 10.5.3.4405) Ad-Aware Browsing Protection (x32 Version: 1.0.1.106) Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117) Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117) Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05) Apple Application Support (x32 Version: 2.3.6) Apple Mobile Device Support (Version: 7.0.0.117) Apple Software Update (x32 Version: 2.1.3.127) Bonjour (Version: 3.0.0.10) Borderlands 2 (x32) CCleaner (Version: 4.06) CDBurnerXP (x32 Version: 4.4.0.3018) DivX-Setup (x32 Version: 2.6.1.8) D-Link DWA-125 (x32) GeForce Experience NvStream Client Components (Version: 1.6.28) iCloud (Version: 3.0.2.163) IrfanView (remove only) (x32 Version: 4.32) iTunes (Version: 11.1.1.11) Java(TM) 6 Update 39 (x32 Version: 6.0.390) Logitech Gaming Software (Version: 8.45.88) Logitech Gaming Software 8.50 (Version: 8.50.281) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319) Microsoft Security Client (Version: 4.3.0219.0) Microsoft Security Essentials (Version: 4.3.219.0) Microsoft Silverlight (Version: 5.1.20913.0) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) Natural Selection 2 (x32) NVIDIA 3D Vision Controller-Treiber 331.65 (Version: 331.65) NVIDIA 3D Vision Treiber 331.65 (Version: 331.65) NVIDIA GeForce Experience 1.7 (Version: 1.7) NVIDIA Grafiktreiber 331.65 (Version: 331.65) NVIDIA Install Application (Version: 2.1002.140.952) NVIDIA LED Visualizer 1.0 (Version: 1.0) NVIDIA PhysX (x32 Version: 9.13.0725) NVIDIA PhysX-Systemsoftware 9.13.0725 (Version: 9.13.0725) NVIDIA ShadowPlay 9.3.16 (Version: 9.3.16) NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3165) NVIDIA Systemsteuerung 331.65 (Version: 331.65) NVIDIA Update 9.3.16 (Version: 9.3.16) NVIDIA Update Components (Version: 9.3.16) NVIDIA Virtual Audio 1.2.9 (Version: 1.2.9) OpenOffice 4.0.0 (x32 Version: 4.00.9702) Origin (x32 Version: 8.5.2.23) PAYDAY 2 (x32) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6602) Revo Uninstaller 1.95 (x32 Version: 1.95) SHIELD Streaming (Version: 1.6.34) Skype Click to Call (x32 Version: 5.10.9560) Skype™ 6.9 (x32 Version: 6.9.106) StarCraft II (x32) Steam (x32 Version: 1.0.0.0) TeamSpeak 3 Client (Version: 3.0.11.1) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0) WinRAR 4.11 (64-Bit) (Version: 4.11.0) World of Warcraft (x32 Version: 5.0.5.16135) ==================== Restore Points ========================= 19-10-2013 16:57:45 Windows Update 23-10-2013 11:13:00 Windows Update 26-10-2013 19:38:40 Windows Update 29-10-2013 19:42:00 Windows Update 02-11-2013 20:54:09 Windows Update 03-11-2013 13:56:22 Windows Update 03-11-2013 14:14:14 F-Secure malware removal ==================== Hosts content: ========================== 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {1604EE26-C4F6-48A9-858B-CAFF4E936EF0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd) Task: {27F38DB8-7AD6-4F22-B524-CBB8AF4FCFB4} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation) Task: {8F9D16A2-E03A-4296-BD5F-93EB2A9DE1CB} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe [2013-06-13] (Lavasoft Limited) Task: {C42F04C5-F387-49EE-8F2A-4C25BD83B60D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2011-11-01 22:26 - 2011-11-01 22:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2011-11-01 22:26 - 2011-11-01 22:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2012-04-30 22:30 - 2012-04-30 22:30 - 00315392 _____ () C:\Program Files (x86)\D-Link\DWA-125 revA\ANPDApi.dll 2012-04-30 22:30 - 2010-05-13 09:58 - 00294912 _____ () C:\Program Files (x86)\D-Link\DWA-125 revA\WlanApp.dll 2012-05-22 20:23 - 2013-10-01 14:16 - 00190752 _____ () C:\Program Files (x86)\Ad-Aware Antivirus\Definitions\libBase64.dll 2012-05-22 20:23 - 2013-10-01 14:16 - 00178464 _____ () C:\Program Files (x86)\Ad-Aware Antivirus\Definitions\libMachoUniv.dll ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service => ""="Ad-Aware Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ad-Aware Service => ""="Ad-Aware Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service" ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (11/03/2013 10:33:49 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/03/2013 07:52:09 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/03/2013 07:24:58 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/03/2013 07:24:31 PM) (Source: Windows Search Service) (User: ) Description: Der Index kann nicht initialisiert werden. Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (11/03/2013 07:24:31 PM) (Source: Windows Search Service) (User: ) Description: Die Anwendung kann nicht initialisiert werden. Kontext: Windows Anwendung Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (11/03/2013 07:24:31 PM) (Source: Windows Search Service) (User: ) Description: Das Gatherer-Objekt kann nicht initialisiert werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (11/03/2013 07:24:31 PM) (Source: Windows Search Service) (User: ) Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490) Error: (11/03/2013 07:24:29 PM) (Source: Windows Search Service) (User: ) Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (11/03/2013 07:24:29 PM) (Source: Windows Search Service) (User: ) Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800) (0xc0041800) Error: (11/03/2013 07:24:29 PM) (Source: Windows Search Service) (User: ) Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet. Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) System errors: ============= Error: (11/03/2013 07:53:14 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows Update" wurde mit folgendem Fehler beendet: %%-2147467243 Error: (11/03/2013 07:53:08 PM) (Source: DCOM) (User: ) Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Error: (11/03/2013 07:24:31 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error: (11/03/2013 07:24:31 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535. Error: (11/03/2013 04:51:37 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X64 erreicht. Error: (11/03/2013 02:45:34 PM) (Source: Microsoft Antimalware) (User: ) Description: Beim Laden der Signaturen wurde von %60 ein Fehler festgestellt. Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen. Versuchte Signaturen: %24 Fehlercode: 0x80070002 Fehlerbeschreibung: Das System kann die angegebene Datei nicht finden. Signaturversion: 0.0.0.0;0.0.0.0 Modulversion: %600 Error: (11/03/2013 00:51:25 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: %%-2147024891 Error: (11/03/2013 00:51:24 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Microsoft Network Inspection System" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert. Error: (11/03/2013 00:51:24 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert. Error: (11/03/2013 00:51:04 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060 Microsoft Office Sessions: ========================= Error: (11/03/2013 10:33:49 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/03/2013 07:52:09 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/03/2013 07:24:58 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/03/2013 07:24:31 PM) (Source: Windows Search Service)(User: ) Description: Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (11/03/2013 07:24:31 PM) (Source: Windows Search Service)(User: ) Description: Kontext: Windows Anwendung Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (11/03/2013 07:24:31 PM) (Source: Windows Search Service)(User: ) Description: Kontext: Windows Anwendung, SystemIndex Katalog Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (11/03/2013 07:24:31 PM) (Source: Windows Search Service)(User: ) Description: Kontext: Windows Anwendung, SystemIndex Katalog Details: Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490) Search.TripoliIndexer Error: (11/03/2013 07:24:29 PM) (Source: Windows Search Service)(User: ) Description: Kontext: Windows Anwendung, SystemIndex Katalog Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Search.JetPropStore Error: (11/03/2013 07:24:29 PM) (Source: Windows Search Service)(User: ) Description: Kontext: Windows Anwendung, SystemIndex Katalog Details: Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800) (0xc0041800) Error: (11/03/2013 07:24:29 PM) (Source: Windows Search Service)(User: ) Description: Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) The catalog is corrupt CodeIntegrity Errors: =================================== Date: 2012-12-23 11:36:47.941 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2012-12-23 11:36:47.911 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Percentage of memory in use: 45% Total physical RAM: 4095.12 MB Available physical RAM: 2245.56 MB Total Pagefile: 8188.41 MB Available Pagefile: 6359.44 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.66 GB) (Free:326.82 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive e: (USB DISK) (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 677819A3) Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 2 GB) (Disk ID: 253FF683) Partition 1: (Not Active) - (Size=2 GB) - (Type=06) ==================== End Of Log ============================ |
04.11.2013, 20:10 | #8 | |
Ruhe in Frieden † 2019 | BKA Virus!!!!! Hallo neX2111, ich wollte eigentlich die Fixlog.txt haben, aber passt schon so. Schritt 1 Mehrere Anti-Virus-Programme Code:
ATTFilter Microsoft Security Essentials Ad-Aware Antivirus Berichte, für welches Anti-Virus-Programm Du Dich entschieden hast. Zitat:
Schritt 2 Scan mit Combofix
Schritt 3 Verschiebe nun die FRST.exe von Deinem USB-Stick auf den Desktop Deines Rechners. Starte jetzt noch einmal FRST.
|
05.11.2013, 18:37 | #9 |
| BKA Virus!!!!! hi sandra, vielen dank für deine hilfe, hätte mein rechner nicht wieder zum laufen gebracht. hab jetzt meine daten gesichert und werd warscheinlich neu instalieren weil einfach angst hab das was übrig bleibt und nacher meine kreditkarten daten weg sind oder ähnliches. doch mir bleit noch eine frage soll ich auch kein zusätliches anti mailware drauf tun? oder brauch ich davor keine angst haben? |
06.11.2013, 00:14 | #10 | |
Ruhe in Frieden † 2019 | BKA Virus!!!!! Hallo neX2111, Zitat:
eine Neuinstallation ist immer der sicherste Weg. Du kannst dir gerne ein Antimalwareprogramm zusätzlich zu deinem Antivirenprogramm installieren und damit regelmäßig (wöchentlich) einen Scan deines Systems machen. Ich empfehle dir Malwarebytes Antimalware. Wenn du Fragen zum Neuaufsetzen hast, dann melde dich gerne wieder. |
06.11.2013, 06:41 | #11 |
| BKA Virus!!!!! so windows neu azfgesetzt. nun hab ich ein ganz andered problem vtl kannst du mir dabei behilflich sein auch wenns nich um einen vrius geht, wenn nich dann dank ich dir jetzt schon vielmals. so mein problem: ich habe mein wlan stick dlink daw 125 in den gesteckt treiber angefangen zu instalieren. der treiber sagt mir nun aber immer ..... wurde nich erkannr buttr schließen sie den wlan stick an. im geräte manager wird er als 11n adapter abgezeigt. normal müsste am stick das lichtlein blicken was aber auch nicht tut. der wlan stick funktioniert an meinem laptop und die usb ports sind auch okay. hatte dieses problem schoneinmal weis aber leider nich mehr wie ich dieses gelöst habe. bei google habe ich ein foren eintrag gefunden der user hatte das gleiche problem konnte es lösen hat aber leider nich erklärt wie. |
06.11.2013, 23:02 | #13 |
| BKA Virus!!!!! hab nochmal formatiert dang gings reibungslos. so jetzt bedank ich mich nochmal für deine zeit und gedult. |
07.11.2013, 00:54 | #14 |
Ruhe in Frieden † 2019 | BKA Virus!!!!! Gern geschehen. |
08.11.2013, 19:53 | #15 |
Ruhe in Frieden † 2019 | BKA Virus!!!!! Hallo neX2111, zum Abschluss möchte ich mir gerne dein neu aufgesetztes System einmal anschauen, auch im Betracht auf sicherheitsrelevante Software. Mache dazu bitte nochmal ein neues FRST-Log Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
|
Themen zu BKA Virus!!!!! |
.dll, ad-aware, adobe, antivirus, appdata, desktop, dll, explorer, explorer.exe, farbar, farbar recovery scan tool, google, launch, logitech, microsoft, nvidia, recovery, registry, roaming, rundll, rundll32.exe, security, software, system, system32, update, usb, virus |