Jump to content


Photo
- - - - -

rootkit.0access

rootkit.0access

  • This topic is locked This topic is locked
37 replies to this topic

#1 Seph

Seph

    Regular Member

  • Honorary Members
  • PipPip
  • 94 posts

Posted 15 July 2012 - 01:29 PM

Hi,

it seemsl ike I'm infected by this rootkit, that's what Anti Malware says. It seems like it's not able to delete it. My Windows Update and Security essentials is already blocoked. :(

Here is my ODS Log files...hope you guys canl help me. :(

Attached Files



#2 Seph

Seph

    Regular Member

  • Honorary Members
  • PipPip
  • 94 posts

Posted 15 July 2012 - 01:31 PM

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.11.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Seph :: CLOUD_STRIFE [Administrator]

15.07.2012 18:45:47
mbam-log-2012-07-15 (18-45-47).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 213571
Laufzeit: 1 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|LicenseValidator (Trojan.Proxy) -> Daten: C:\Users\Seph\AppData\Roaming\Identities\{39A7BBCD-4E79-4297-9CAF-AAEA27312C37}\LicenseValidator.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Windows\Installer\{2ce1db01-728c-dbe3-b99b-46447f15e78a}\n (Trojan.Sirefef) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{2ce1db01-728c-dbe3-b99b-46447f15e78a}\U\800000cb.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Seph\AppData\Roaming\Identities\{39A7BBCD-4E79-4297-9CAF-AAEA27312C37}\LicenseValidator.exe (Trojan.Proxy) -> Erfolgreich gelöscht und in Quarantäne gestellt.

#3 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,160 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 15 July 2012 - 01:34 PM

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#4 Seph

Seph

    Regular Member

  • Honorary Members
  • PipPip
  • 94 posts

Posted 15 July 2012 - 01:46 PM

Hey there,

thanks a ton for your answer. I'm sorry to say that I already tried some stuff. I did RogueKiiller run, deleted the zero access reg and then let the services.exe (And more) fix by Hitman. I read this in another board before you answered. I now restarted and let malware bytes scan again and it didn't find anything. Also in msconfig it seems there is no weird autostart entry. BUT all my services like win security and win update and the firewall are still not working and give me a weird error message. :(

Here is the RogueKiller log from now. As you see zeroaccess still seems to be active. :(

RogueKiller V7.6.3 [07/08/2012] durch Tigzy
mail: tigzyRK<at>gmail<dot>com
Kommentare: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Betriebssystem: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Gestartet in: Normal Modus
Benutzer: Seph [Admin Rechte]
Funktion: Scannen --Datum: 07/15/2012 20:46:14

¤¤¤ Böswillige Prozesse: 0 ¤¤¤

¤¤¤ Registry-Einträge: 5 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤
[ZeroAccess][FOLDER] U : c:\windows\installer\{2ce1db01-728c-dbe3-b99b-46447f15e78a}\U --> FOUND

¤¤¤ Treiber: [NICHT GELADEN] ¤¤¤

¤¤¤ Infektion : ZeroAccess ¤¤¤

¤¤¤ Hosts-Datei: ¤¤¤
127.0.0.1 activate.adobe.com


¤¤¤ MBR überprüfen: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000AAKX-001CA0 +++++
--- User ---
[MBR] bdf7f66084224aa0d21f335dcf6e6417
[BSP] eb10ce755ec7591856e3cbf55c501779 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 74899 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 153600000 | Size: 401939 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Abgeschlossen : << RKreport[1].txt >>
RKreport[1].txt

#5 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,160 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 15 July 2012 - 01:50 PM

We'll clean it up, don't run another tools except what I tell you to...OK!!

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

How to tell > 32 or 64 bit

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#6 Seph

Seph

    Regular Member

  • Honorary Members
  • PipPip
  • 94 posts

Posted 15 July 2012 - 02:14 PM

Thanks! Here is the log file:

Scan result of Farbar Recovery Scan Tool Version: 14-07-2012 01
Ran by SYSTEM at 15-07-2012 21:09:36
Running from G:\
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11660904 2010-11-30] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [168216 2011-04-20] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [392472 2011-04-20] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [416024 2011-04-20] (Intel Corporation)
HKLM\...\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun [825184 2009-10-01] (Microsoft Corporation)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] D:\Programme\Logitech\SetPointP\SetPoint.exe /launchGaming [x]
HKLM\...\Run: [LogiScrollApp] C:\Program Files\Logitech\FlowScroll\KhalScroll.exe [166680 2012-02-08] (Logitech, Inc.)
HKLM-x32\...\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL [x]
HKLM-x32\...\Run: [CTHelper] CTHELPER.EXE [x]
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "D:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [x]
HKLM-x32\...\Run: [emsisoft anti-malware] "c:\program files (x86)\emsisoft anti-malware\a2guard.exe" /d=60 [3367328 2012-06-17] (Emsisoft GmbH)
HKU\Seph\...\Run: [ASRockXTU] [x]
HKU\Seph\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\Seph\...\Run: [KiesPDLR] D:\Programme\Kies\External\FirmwareUpdate\KiesPDLR.exe [x]
HKU\Seph\...\Run: [KiesPreload] D:\Programme\Kies\Kies.exe /preload [x]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

==================== Services (Whitelisted) ======

2 a2AntiMalware; "C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe" [3069752 2012-06-17] (Emsisoft GmbH)
3 Futuremark SystemInfo Service; "C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe" [135584 2011-12-09] (Futuremark Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-07-03] ()
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2656280 2011-02-22] (Intel Corporation)
3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]
2 MBAMService; "C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe" [x]

========================== Drivers (Whitelisted) =============

3 a2acc; \??\C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [66320 2012-04-30] (Emsisoft GmbH)
1 A2DDA; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [23208 2011-05-19] (Emsi Software GmbH)
1 a2injectiondriver; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [44688 2012-04-30] (Emsisoft GmbH)
1 a2util; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [14720 2010-05-05] (Emsi Software GmbH)
3 CTAUDFX.SYS; C:\Windows\System32\drivers\CTAUDFX.SYS [706648 2010-03-18] (Creative Technology Ltd)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [279616 2012-01-01] (DT Soft Ltd)
3 hitmanpro36; C:\Windows\System32\Drivers\hitmanpro36.sys [30496 2012-07-15] ()
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
3 pwdrvio; \??\C:\Windows\system32\pwdrvio.sys [19936 2012-01-18] ()
3 pwdspio; \??\C:\Windows\system32\pwdspio.sys [13280 2012-01-18] ()
3 kxwdmdrv; C:\Windows\System32\drivers\kx.sys [x]
3 RivaTuner64; \??\D:\Programme\RivaTuner v2.24\RivaTuner64.sys [x]
3 RTCore64; \??\D:\Programme\MSI Afterburner\RTCore64.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-15 19:36 - 2012-07-15 19:36 - 00030496 ____A C:\Windows\System32\Drivers\hitmanpro36.sys
2012-07-15 19:35 - 2012-07-15 19:35 - 00002272 ____A C:\Windows\System32\.crusader
2012-07-15 19:17 - 2012-07-15 19:38 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2012-07-15 19:17 - 2012-07-15 19:35 - 00000000 ____D C:\Users\Seph\AppData\Roaming\loadtbs
2012-07-15 19:17 - 2012-07-15 19:35 - 00000000 ____D C:\Users\All Users\HitmanPro
2012-07-15 19:17 - 2012-07-15 19:17 - 00000000 ____D C:\Users\Seph\AppData\Roaming\convert
2012-07-15 19:12 - 2012-07-15 19:46 - 00001635 ____A C:\Users\Seph\Desktop\RKreport[1].txt
2012-07-15 19:11 - 2012-07-15 19:42 - 00000000 ____D C:\Users\Seph\Desktop\RK_Quarantine
2012-07-15 18:57 - 2012-07-15 20:03 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2012-07-15 18:57 - 2012-07-15 18:57 - 00001102 ____A C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2012-07-15 18:57 - 2012-07-15 18:57 - 00000000 ____D C:\Users\Seph\Documents\Anti-Malware
2012-07-15 18:44 - 2012-07-15 18:44 - 00127542 ____A C:\Users\Seph\Desktop\OTL.Txt
2012-07-15 18:44 - 2012-07-15 18:44 - 00064770 ____A C:\Users\Seph\Desktop\Extras.Txt
2012-07-15 18:31 - 2012-07-15 18:31 - 00002073 ____A C:\Users\Seph\Desktop\Entfernen des Avira DE-Cleaners.lnk
2012-07-15 18:31 - 2012-07-15 18:31 - 00002002 ____A C:\Users\Seph\Desktop\Avira DE-Cleaner.lnk
2012-07-15 18:21 - 2012-07-15 19:37 - 00000000 ____D C:\Users\All Users\Kaspersky Lab
2012-07-15 14:47 - 2012-07-15 14:47 - 00000000 ____D C:\Users\Seph\Documents\SEGA
2012-07-15 14:03 - 2012-07-15 14:06 - 00000000 ____D C:\Users\Seph\Documents\Max Payne 2 Savegames
2012-07-15 11:28 - 2012-07-15 11:28 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-07-15 11:24 - 2012-07-15 11:24 - 00000000 ____D C:\Users\Seph\AppData\Roaming\Help
2012-07-14 14:41 - 2012-06-04 08:59 - 00203320 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys
2012-07-14 14:41 - 2012-06-04 08:59 - 00099384 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys
2012-07-13 12:33 - 2012-07-13 12:38 - 00669184 ____A C:\Windows\SysWOW64\pbsvc.exe
2012-07-13 11:19 - 2012-07-13 11:19 - 00000000 ____D C:\Users\Seph\AppData\Roaming\Trine2
2012-07-12 19:19 - 2012-07-12 19:19 - 00000000 ____D C:\Users\Seph\Documents\Almost Human
2012-07-12 19:07 - 2012-07-12 19:07 - 00000000 ____D C:\Users\Seph\Documents\cache
2012-07-12 19:07 - 2012-06-19 22:24 - 00000018 ____A C:\Users\Seph\Documents\profiles.cfg
2012-07-12 19:07 - 2012-01-06 23:03 - 00000000 ____D C:\Users\Seph\Documents\screenshots
2012-07-12 19:00 - 2012-07-12 19:00 - 00000000 ____D C:\Users\Seph\Documents\Hard Reset Extended
2012-07-12 09:00 - 2012-07-12 09:11 - 00000000 ____D C:\Users\All Users\Solidshield
2012-07-11 13:09 - 2012-07-11 13:09 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2012-07-11 13:09 - 2012-07-11 13:09 - 00000000 ____D C:\Program Files\Reference Assemblies
2012-07-11 13:09 - 2012-07-11 13:09 - 00000000 ____D C:\Program Files\MSBuild
2012-07-11 13:09 - 2012-07-11 13:09 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2012-07-11 13:09 - 2012-07-11 13:09 - 00000000 ____D C:\Program Files (x86)\MSBuild
2012-07-11 00:49 - 2012-07-11 00:49 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_dc3d_01009.Wdf
2012-07-11 00:49 - 2012-05-04 12:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-07-11 00:49 - 2012-05-04 10:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-07-09 22:56 - 2012-07-09 22:57 - 00000000 ____D C:\Users\Seph\Documents\NFSTR
2012-07-09 22:56 - 2012-07-09 22:56 - 00000000 ____D C:\Users\All Users\EA Core
2012-07-09 22:39 - 2012-07-09 22:56 - 00000000 ____D C:\Users\All Users\Origin
2012-07-09 22:39 - 2012-07-09 22:56 - 00000000 ____D C:\Users\All Users\Electronic Arts
2012-07-09 22:39 - 2012-07-09 22:40 - 00000000 ____D C:\Users\Seph\AppData\Roaming\Origin
2012-07-09 22:39 - 2012-07-09 22:39 - 00001080 ____A C:\Windows\KB893803v2.log
2012-07-09 22:39 - 2012-07-09 22:39 - 00000000 ____D C:\Users\Seph\AppData\Local\Origin
2012-07-09 22:39 - 2012-07-09 22:39 - 00000000 ____D C:\Program Files (x86)\Origin Games
2012-07-08 14:15 - 2012-07-08 14:15 - 00000000 ____D C:\Users\Seph\AppData\Roaming\LoneSurvivor
2012-07-06 23:56 - 2012-07-07 10:19 - 00000000 ____D C:\Users\Seph\AppData\Roaming\Owcihu
2012-07-06 23:56 - 2012-07-07 10:17 - 00000000 ____D C:\Users\Seph\AppData\Roaming\Ohve
2012-07-06 23:56 - 2012-07-06 23:56 - 00000000 ____D C:\Users\Seph\AppData\Roaming\Yphuon
2012-07-06 13:18 - 2012-07-06 20:48 - 00000000 ____D C:\Users\Seph\AppData\Roaming\Uvyq
2012-07-06 13:18 - 2012-07-06 13:18 - 00000000 ____D C:\Users\Seph\AppData\Roaming\Ifewi
2012-07-06 01:24 - 2010-02-23 09:16 - 00294912 ____A (Microsoft Corporation) C:\Windows\System32\browserchoice.exe
2012-07-05 22:11 - 2012-07-05 22:11 - 00000000 ____D C:\Users\Seph\AppData\Local\4A Games
2012-07-03 01:05 - 2012-07-08 14:22 - 00298016 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2012-07-03 01:05 - 2012-07-03 01:05 - 00000000 ____D C:\Users\Seph\AppData\Local\PunkBuster
2012-07-03 01:02 - 2012-07-13 12:38 - 00103736 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-07-03 01:02 - 2012-07-13 12:38 - 00103736 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2012-07-03 01:01 - 2012-07-03 01:05 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe
2012-07-03 01:01 - 2012-07-02 23:48 - 03130440 ____A C:\Windows\SysWOW64\pbsvc_blr.exe
2012-07-01 18:40 - 2012-07-01 18:42 - 00000000 ____D C:\Users\Seph\Documents\ArmA 2
2012-07-01 18:40 - 2012-07-01 18:40 - 00000000 ____D C:\Users\Seph\AppData\Local\ArmA 2 Free
2012-07-01 16:36 - 2012-07-01 16:38 - 00000000 ____D C:\Users\Seph\Documents\ArmA 2 OA Demo
2012-07-01 16:36 - 2012-07-01 16:36 - 00000000 ____D C:\Users\Seph\AppData\Local\ArmA 2 OA DEMO
2012-06-30 01:28 - 2012-06-30 01:35 - 00000000 ____D C:\Users\Seph\AppData\Roaming\The Path
2012-06-30 01:28 - 2012-06-30 01:28 - 00000000 ____D C:\Users\Seph\Documents\The Path
2012-06-27 00:50 - 2012-06-28 19:06 - 00000000 ____D C:\Users\All Users\NVIDIA
2012-06-27 00:50 - 2012-06-27 00:50 - 00000000 ____D C:\Users\All Users\NVIDIA Corporation
2012-06-27 00:50 - 2012-05-15 11:48 - 00068928 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-06-27 00:50 - 2012-05-15 11:48 - 00061248 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2012-06-27 00:50 - 2012-05-15 10:29 - 03149632 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2012-06-27 00:50 - 2012-05-15 10:29 - 02621723 ____A C:\Windows\System32\nvcoproc.bin
2012-06-27 00:50 - 2012-05-15 10:29 - 02561856 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2012-06-27 00:50 - 2012-05-15 10:29 - 00889664 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2012-06-27 00:50 - 2012-05-15 10:29 - 00118080 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2012-06-27 00:50 - 2012-05-15 10:29 - 00063296 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2012-06-27 00:50 - 2012-05-15 10:28 - 06151488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2012-06-27 00:49 - 2012-05-15 11:48 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-06-27 00:49 - 2012-05-15 11:48 - 15322432 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2012-06-27 00:49 - 2012-05-15 11:48 - 08105280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2012-06-27 00:49 - 2012-05-15 11:48 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-06-27 00:49 - 2012-05-15 11:48 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-06-27 00:49 - 2012-05-15 11:48 - 01738048 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
2012-06-27 00:49 - 2012-05-15 11:48 - 00818496 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2012-06-27 00:49 - 2012-05-15 11:48 - 00202048 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2012-06-26 23:17 - 2012-06-26 23:17 - 00000000 ____D C:\Users\Seph\AppData\Local\Chromium
2012-06-26 23:14 - 2012-06-26 23:14 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2012-06-26 22:57 - 2012-06-26 22:57 - 00000000 ____D C:\Users\Seph\Documents\Bandicam
2012-06-26 22:57 - 2012-06-26 22:57 - 00000000 ____D C:\Users\Seph\AppData\Roaming\BANDISOFT
2012-06-26 22:56 - 2012-06-26 22:56 - 00000000 ____D C:\Program Files (x86)\BandiMPEG1
2012-06-26 19:12 - 2012-06-26 19:12 - 00000000 ____D C:\Users\Public\Documents\CallOfPripyatBench
2012-06-26 17:21 - 2012-06-26 22:56 - 00000000 ____D C:\Users\Seph\AppData\Local\Dxtory Software
2012-06-26 14:44 - 2012-05-21 14:10 - 00188776 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys
2012-06-26 14:44 - 2012-05-21 14:10 - 00031080 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll
2012-06-26 14:44 - 2012-05-15 11:48 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2012-06-26 14:44 - 2012-05-15 11:48 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-06-26 14:44 - 2012-05-15 11:48 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-06-26 14:44 - 2012-05-15 11:48 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-06-26 14:44 - 2012-05-15 11:48 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-06-26 14:44 - 2012-05-15 11:48 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-06-26 14:44 - 2012-05-15 11:48 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-06-26 14:44 - 2012-05-15 11:48 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-06-26 14:44 - 2012-05-15 11:48 - 02368832 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2012-06-26 14:44 - 2012-05-15 11:48 - 00246592 ____A (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
2012-06-26 10:58 - 2012-06-26 10:58 - 00000000 ____D C:\Users\Seph\Documents\Fax
2012-06-24 10:22 - 2012-06-02 23:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-24 10:22 - 2012-06-02 23:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-24 10:22 - 2012-06-02 23:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-24 10:22 - 2012-06-02 23:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-24 10:22 - 2012-06-02 23:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-24 10:22 - 2012-06-02 23:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-24 10:22 - 2012-06-02 23:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-24 10:21 - 2012-06-02 14:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-24 10:21 - 2012-06-02 14:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-22 11:43 - 2012-06-22 11:43 - 00000000 ____D C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2012-06-22 11:43 - 2012-06-22 11:43 - 00000000 ____D C:\Users\Seph\AppData\Local\Risen2
2012-06-21 20:16 - 2012-06-21 20:16 - 00000000 ____D C:\Users\Seph\AppData\Local\201280
2012-06-19 22:27 - 2012-07-12 19:06 - 00000000 ____D C:\Users\Seph\Documents\Hard Reset
2012-06-19 22:27 - 2012-06-19 22:27 - 01007692 ____A C:\Users\Seph\Documents\Hard Reset.rar
2012-06-17 12:09 - 2012-06-17 12:09 - 00000000 ____D C:\Users\Seph\AppData\Local\FOMM
2012-06-17 00:20 - 2012-06-17 00:20 - 00000000 ____D C:\Users\Seph\AppData\Local\ECSD


============ 3 Months Modified Files ========================

2012-07-15 20:03 - 2012-01-27 12:04 - 00000292 ____A C:\Windows\Tasks\AutoKMS.job
2012-07-15 20:03 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-15 20:03 - 2009-07-14 05:51 - 00122678 ____A C:\Windows\setupact.log
2012-07-15 20:00 - 2012-05-27 15:52 - 04931577 ____A C:\Windows\{00000004-00000000-00000001-00001102-00000004-20021102}.CDF
2012-07-15 20:00 - 2012-05-27 15:52 - 04931577 ____A C:\Windows\{00000004-00000000-00000001-00001102-00000004-20021102}.BAK
2012-07-15 19:58 - 2011-04-12 08:43 - 00654622 ____A C:\Windows\System32\perfh007.dat
2012-07-15 19:58 - 2011-04-12 08:43 - 00131546 ____A C:\Windows\System32\perfc007.dat
2012-07-15 19:58 - 2009-07-14 06:13 - 01502760 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-15 19:46 - 2012-07-15 19:12 - 00001635 ____A C:\Users\Seph\Desktop\RKreport[1].txt
2012-07-15 19:43 - 2009-07-14 05:45 - 00022000 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-15 19:43 - 2009-07-14 05:45 - 00022000 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-15 19:38 - 2012-04-07 15:27 - 00001106 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-15 19:38 - 2012-01-01 18:19 - 01615968 ____A C:\Windows\WindowsUpdate.log
2012-07-15 19:36 - 2012-07-15 19:36 - 00030496 ____A C:\Windows\System32\Drivers\hitmanpro36.sys
2012-07-15 19:36 - 2012-04-07 15:27 - 00001102 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-15 19:36 - 2012-01-27 12:04 - 00151552 ____A C:\Windows\KMSEmulator.exe
2012-07-15 19:35 - 2012-07-15 19:35 - 00002272 ____A C:\Windows\System32\.crusader
2012-07-15 18:57 - 2012-07-15 18:57 - 00001102 ____A C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2012-07-15 18:44 - 2012-07-15 18:44 - 00127542 ____A C:\Users\Seph\Desktop\OTL.Txt
2012-07-15 18:44 - 2012-07-15 18:44 - 00064770 ____A C:\Users\Seph\Desktop\Extras.Txt
2012-07-15 18:31 - 2012-07-15 18:31 - 00002073 ____A C:\Users\Seph\Desktop\Entfernen des Avira DE-Cleaners.lnk
2012-07-15 18:31 - 2012-07-15 18:31 - 00002002 ____A C:\Users\Seph\Desktop\Avira DE-Cleaner.lnk
2012-07-15 18:27 - 2012-01-20 18:40 - 00002198 ____A C:\Windows\epplauncher.mif
2012-07-15 18:20 - 2010-11-21 04:47 - 00018336 ____A C:\Windows\PFRO.log
2012-07-15 09:33 - 2009-07-14 06:08 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-15 00:53 - 2012-04-23 12:13 - 00000026 ____A C:\Windows\SysWOW64\log.log
2012-07-13 16:33 - 2009-07-14 05:45 - 04854192 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-13 13:32 - 2012-01-01 18:29 - 00066808 ____A C:\Users\Seph\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-13 12:39 - 2012-01-02 01:50 - 01529296 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-13 12:38 - 2012-07-13 12:33 - 00669184 ____A C:\Windows\SysWOW64\pbsvc.exe
2012-07-13 12:38 - 2012-07-03 01:02 - 00103736 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-07-13 12:38 - 2012-07-03 01:02 - 00103736 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2012-07-13 12:33 - 2012-01-01 23:25 - 00838613 ____A C:\Windows\DirectX.log
2012-07-11 15:54 - 2012-06-13 15:57 - 00000715 ____A C:\Users\Seph\Desktop\Neues Textdokument.txt
2012-07-11 00:49 - 2012-07-11 00:49 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_dc3d_01009.Wdf
2012-07-09 22:39 - 2012-07-09 22:39 - 00001080 ____A C:\Windows\KB893803v2.log
2012-07-08 14:22 - 2012-07-03 01:05 - 00298016 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2012-07-03 01:05 - 2012-07-03 01:01 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe
2012-07-02 23:48 - 2012-07-03 01:01 - 03130440 ____A C:\Windows\SysWOW64\pbsvc_blr.exe
2012-06-26 14:51 - 2012-04-03 09:06 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-26 14:51 - 2012-01-01 23:35 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-26 08:02 - 2012-01-31 00:15 - 00330240 ____A ((?)????) C:\Windows\MASetupCaller.dll
2012-06-26 08:02 - 2012-01-31 00:15 - 00045320 ____A (MARKANY) C:\Windows\SysWOW64\MAMACExtract.dll
2012-06-19 22:27 - 2012-06-19 22:27 - 01007692 ____A C:\Users\Seph\Documents\Hard Reset.rar
2012-06-19 22:24 - 2012-07-12 19:07 - 00000018 ____A C:\Users\Seph\Documents\profiles.cfg
2012-06-14 08:15 - 2012-01-01 20:44 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-04 08:59 - 2012-07-14 14:41 - 00203320 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys
2012-06-04 08:59 - 2012-07-14 14:41 - 00099384 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys
2012-06-02 23:19 - 2012-06-24 10:22 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 23:19 - 2012-06-24 10:22 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 23:19 - 2012-06-24 10:22 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 23:19 - 2012-06-24 10:22 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 23:19 - 2012-06-24 10:22 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 23:15 - 2012-06-24 10:22 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 23:15 - 2012-06-24 10:22 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:19 - 2012-06-24 10:21 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:15 - 2012-06-24 10:21 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-28 00:42 - 2012-05-28 00:42 - 00001080 ____A C:\Windows\System32\settingsbkup.sfm
2012-05-28 00:42 - 2012-05-28 00:42 - 00001080 ____A C:\Windows\System32\settings.sfm
2012-05-27 22:13 - 2012-05-15 11:45 - 00018960 ____A (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
2012-05-27 22:13 - 2012-05-15 11:45 - 00002423 ____A C:\Windows\LkmdfCoInst.log
2012-05-27 15:51 - 2012-05-27 12:25 - 00000159 __RAH C:\Windows\ctfile.rfc
2012-05-27 15:51 - 2012-01-02 20:46 - 00466520 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
2012-05-27 15:51 - 2012-01-02 20:46 - 00445016 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2012-05-27 15:51 - 2012-01-02 20:46 - 00123480 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
2012-05-27 15:51 - 2012-01-02 20:46 - 00109144 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2012-05-25 16:41 - 2012-01-20 15:54 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-05-25 16:41 - 2012-01-20 15:54 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-05-21 14:10 - 2012-06-26 14:44 - 00188776 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys
2012-05-21 14:10 - 2012-06-26 14:44 - 00031080 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll
2012-05-21 08:34 - 2012-02-28 10:57 - 01468264 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdagenco6420103.dll
2012-05-18 09:53 - 2012-05-18 09:53 - 00061440 ____A C:\Windows\diabunin.exe
2012-05-18 09:53 - 2012-04-28 19:57 - 00086528 ____A C:\Windows\bnetunin.exe
2012-05-15 16:01 - 2012-05-15 16:01 - 00000425 ____A C:\Windows\BRWMARK.INI
2012-05-15 11:50 - 2012-01-08 03:01 - 00030896 ____A C:\Windows\LDPINST.LOG
2012-05-15 11:48 - 2012-06-27 00:50 - 00068928 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-05-15 11:48 - 2012-06-27 00:50 - 00061248 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2012-05-15 11:48 - 2012-06-27 00:49 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-05-15 11:48 - 2012-06-27 00:49 - 15322432 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2012-05-15 11:48 - 2012-06-27 00:49 - 08105280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2012-05-15 11:48 - 2012-06-27 00:49 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-05-15 11:48 - 2012-06-27 00:49 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-05-15 11:48 - 2012-06-27 00:49 - 01738048 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
2012-05-15 11:48 - 2012-06-27 00:49 - 00818496 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2012-05-15 11:48 - 2012-06-27 00:49 - 00202048 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2012-05-15 11:48 - 2012-06-26 14:44 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2012-05-15 11:48 - 2012-06-26 14:44 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-05-15 11:48 - 2012-06-26 14:44 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-05-15 11:48 - 2012-06-26 14:44 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-05-15 11:48 - 2012-06-26 14:44 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-05-15 11:48 - 2012-06-26 14:44 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-05-15 11:48 - 2012-06-26 14:44 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-05-15 11:48 - 2012-06-26 14:44 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-05-15 11:48 - 2012-06-26 14:44 - 02368832 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2012-05-15 11:48 - 2012-06-26 14:44 - 00246592 ____A (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
2012-05-15 11:48 - 2012-05-23 11:10 - 00364352 ____A (NVIDIA Corporation) C:\Windows\System32\nvdecodemft.dll
2012-05-15 11:48 - 2012-05-23 11:10 - 00301376 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvdecodemft.dll
2012-05-15 11:48 - 2012-04-18 16:34 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2012-05-15 11:48 - 2012-02-28 10:57 - 00949056 ____A (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll
2012-05-15 11:48 - 2012-01-19 15:24 - 10194752 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2012-05-15 11:48 - 2012-01-19 15:24 - 02741568 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2012-05-15 11:48 - 2012-01-19 15:24 - 01468224 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco64.dll
2012-05-15 11:48 - 2011-05-21 06:01 - 00014324 ____A C:\Windows\System32\nvinfo.pb
2012-05-15 10:29 - 2012-06-27 00:50 - 03149632 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2012-05-15 10:29 - 2012-06-27 00:50 - 02621723 ____A C:\Windows\System32\nvcoproc.bin
2012-05-15 10:29 - 2012-06-27 00:50 - 02561856 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2012-05-15 10:29 - 2012-06-27 00:50 - 00889664 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2012-05-15 10:29 - 2012-06-27 00:50 - 00118080 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2012-05-15 10:29 - 2012-06-27 00:50 - 00063296 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2012-05-15 10:28 - 2012-06-27 00:50 - 06151488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2012-05-15 05:01 - 2012-06-13 18:34 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-15 04:59 - 2012-06-13 18:34 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-15 04:03 - 2012-06-13 18:34 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-15 04:00 - 2012-06-13 18:34 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-15 02:32 - 2012-06-13 18:34 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-10 19:06 - 2012-05-10 19:05 - 01657856 ____A C:\Users\Seph\Desktop\ITFW_strategie_final.ppt
2012-05-09 11:29 - 2012-05-09 11:29 - 00034842 ____A C:\Users\Seph\Desktop\860637246-getty.9.jpeg
2012-05-04 12:06 - 2012-06-13 18:34 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 12:00 - 2012-07-11 00:49 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-05-04 11:03 - 2012-06-13 18:34 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 11:03 - 2012-06-13 18:34 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-04 10:59 - 2012-07-11 00:49 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-05-01 06:40 - 2012-06-13 18:34 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-28 18:20 - 2012-04-28 18:14 - 00331077 ____A C:\Users\Seph\Desktop\workshop_3_ITfW_neu.pptx
2012-04-28 04:55 - 2012-06-13 18:34 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-26 06:41 - 2012-06-13 18:34 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-26 06:41 - 2012-06-13 18:34 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-26 06:34 - 2012-06-13 18:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-24 06:37 - 2012-06-13 18:34 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-24 06:37 - 2012-06-13 18:34 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-24 06:37 - 2012-06-13 18:34 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-24 05:36 - 2012-06-13 18:34 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-24 05:36 - 2012-06-13 18:34 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-24 05:36 - 2012-06-13 18:34 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-20 06:42 - 2012-06-13 18:34 - 12297216 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-20 06:42 - 2012-06-13 18:34 - 09059840 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-20 06:42 - 2012-06-13 18:34 - 02454528 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-20 06:42 - 2012-06-13 18:34 - 01494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-20 06:42 - 2012-06-13 18:34 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-04-20 06:42 - 2012-06-13 18:34 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-20 06:42 - 2012-06-13 18:34 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-20 06:42 - 2012-06-13 18:34 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-20 06:00 - 2012-06-13 18:34 - 01231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-20 06:00 - 2012-06-13 18:34 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-20 05:57 - 2012-06-13 18:34 - 06027776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-20 05:57 - 2012-06-13 18:34 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-04-20 05:57 - 2012-06-13 18:34 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-20 05:56 - 2012-06-13 18:34 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-20 05:56 - 2012-06-13 18:34 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-20 05:56 - 2012-06-13 18:34 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-20 04:45 - 2012-06-13 18:34 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-20 04:16 - 2012-06-13 18:34 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-17 06:31 - 2012-06-13 18:34 - 00918016 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-17 05:34 - 2012-06-13 18:34 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

ZeroAccess:
C:\Windows\Installer\{2ce1db01-728c-dbe3-b99b-46447f15e78a}
C:\Windows\Installer\{2ce1db01-728c-dbe3-b99b-46447f15e78a}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 8174.67 MB
Available physical RAM: 7383.28 MB
Total Pagefile: 8172.87 MB
Available Pagefile: 7377.17 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (Windows) (Fixed) (Total:73.14 GB) (Free:19.82 GB) NTFS
2 Drive e: (Daten) (Fixed) (Total:392.52 GB) (Free:92.03 GB) NTFS
4 Drive g: (FHWS SF) (Removable) (Total:1.95 GB) (Free:1.33 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Datentr„ger ### Status Gr”áe Frei Dyn GPT
--------------- ------------- ------- ------- --- ---
Datentr„ger 0 Online 465 GB 0 B
Datentr„ger 1 Online 1995 MB 0 B
Datentr„ger 2 Kein Medium 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Typ GrӇe Offset
------------- ---------------- ------- -------
Partition 1 Prim„r 100 MB 1024 KB
Partition 2 Prim„r 73 GB 101 MB
Partition 3 Prim„r 392 GB 73 GB

==================================================================================

Disk: 0
Partition 1
Typ : 07
Versteckt: Nein
Aktiv : Ja

Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System-rese NTFS Partition 100 MB Fehlerfre

==================================================================================

Disk: 0
Partition 2
Typ : 07
Versteckt: Nein
Aktiv : Nein

Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Windows NTFS Partition 73 GB Fehlerfre

==================================================================================

Disk: 0
Partition 3
Typ : 07
Versteckt: Nein
Aktiv : Nein

Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Daten NTFS Partition 392 GB Fehlerfre

==================================================================================

Partitions of Disk 1:
===============

Partition ### Typ GrӇe Offset
------------- ---------------- ------- -------
* Partition 1 Prim„r 1995 MB 0 B

==================================================================================

Disk: 1
Es wurde keine Partition gew„hlt.

Es wurde keine Partition ausgew„hlt.
W„hlen Sie eine Partition, und wiederholen Sie den Vorgang.

==================================================================================

==========================================================

Last Boot: 2012-07-08 15:53

======================= End Of Log ==========================

#7 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,160 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 15 July 2012 - 02:20 PM

OK, here you go......


Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

C:\Windows\Installer\{2ce1db01-728c-dbe3-b99b-46447f15e78a}
C:\Windows\Installer\{2ce1db01-728c-dbe3-b99b-46447f15e78a}\U

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#8 Seph

Seph

    Regular Member

  • Honorary Members
  • PipPip
  • 94 posts

Posted 15 July 2012 - 02:22 PM

I have to run FRST64 just like the way before yes?

#9 Seph

Seph

    Regular Member

  • Honorary Members
  • PipPip
  • 94 posts

Posted 15 July 2012 - 02:29 PM

Here it comes:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 14-07-2012 01
Ran by SYSTEM at 2012-07-15 21:26:58 Run:1
Running from G:\

==============================================

C:\Windows\Installer\{2ce1db01-728c-dbe3-b99b-46447f15e78a} moved successfully.
C:\Windows\Installer\{2ce1db01-728c-dbe3-b99b-46447f15e78a}\U not found.

==== End of Fixlog ====

#10 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,160 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 15 July 2012 - 02:40 PM

OK, did you run ComboFix on this computer? MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#11 Seph

Seph

    Regular Member

  • Honorary Members
  • PipPip
  • 94 posts

Posted 15 July 2012 - 02:45 PM

No, I didn't. Firewall etc. still not working.

#12 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,160 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 15 July 2012 - 02:55 PM

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#13 Seph

Seph

    Regular Member

  • Honorary Members
  • PipPip
  • 94 posts

Posted 15 July 2012 - 03:08 PM

Thanks! Here comes the log:

ComboFix 12-07-14.01 - Seph 15.07.2012 21:59:31.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8175.6265 [GMT 2:00]
ausgeführt von:: c:\users\Seph\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Seph\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll
c:\users\Seph\AppData\Roaming\Help\coredb\storage
c:\windows\SysWow64\muzapp.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-15 bis 2012-07-15 ))))))))))))))))))))))))))))))
.
.
2012-07-15 18:55 . 2012-07-15 20:09 -------- d-----w- C:\FRST
2012-07-15 18:36 . 2012-07-15 18:36 30496 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-07-15 18:17 . 2012-07-15 18:35 -------- d-----w- c:\programdata\HitmanPro
2012-07-15 18:17 . 2012-07-15 18:38 -------- d-----w- c:\program files (x86)\Optimizer Pro
2012-07-15 18:17 . 2012-07-15 18:17 -------- d-----w- c:\users\Seph\AppData\Roaming\convert
2012-07-15 18:17 . 2012-07-15 18:35 -------- d-----w- c:\users\Seph\AppData\Roaming\loadtbs
2012-07-15 17:57 . 2012-07-15 20:04 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
2012-07-15 17:21 . 2012-07-15 18:37 -------- d-----w- c:\programdata\Kaspersky Lab
2012-07-15 10:28 . 2012-07-15 10:28 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-14 13:41 . 2012-06-04 07:59 99384 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2012-07-14 13:41 . 2012-06-04 07:59 203320 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2012-07-14 09:08 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BE9E6CAB-D896-478C-8835-F538E9C42012}\mpengine.dll
2012-07-13 11:39 . 2012-07-13 11:39 -------- d-----w- c:\windows\SysWow64\URTTEMP
2012-07-13 11:33 . 2012-07-13 11:38 669184 ----a-w- c:\windows\SysWow64\pbsvc.exe
2012-07-13 10:19 . 2012-07-13 10:19 -------- d-----w- c:\users\Seph\AppData\Roaming\Trine2
2012-07-13 08:34 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-12 08:00 . 2012-07-12 08:11 -------- d-----w- c:\programdata\Solidshield
2012-07-11 12:09 . 2012-07-11 12:09 -------- d-----w- c:\windows\SysWow64\XPSViewer
2012-07-11 12:09 . 2012-07-11 12:09 -------- d-----w- c:\program files (x86)\Reference Assemblies
2012-07-11 12:09 . 2012-07-11 12:09 -------- d-----w- c:\program files (x86)\MSBuild
2012-07-11 12:09 . 2012-07-11 12:09 -------- d-----w- c:\program files\Reference Assemblies
2012-07-11 12:09 . 2012-07-11 12:09 -------- d-----w- c:\program files\MSBuild
2012-07-10 23:49 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A8EEE7B1-9A9C-452C-B92B-6C62C51644A2}\mpengine.dll
2012-07-10 23:49 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-07-10 23:49 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-07-09 21:56 . 2012-07-10 21:22 -------- d-----w- c:\programdata\EA Logs
2012-07-09 21:56 . 2012-07-09 21:56 -------- d-----w- c:\programdata\EA Core
2012-07-09 21:39 . 2012-07-09 21:40 -------- d-----w- c:\users\Seph\AppData\Roaming\Origin
2012-07-09 21:39 . 2012-07-09 21:39 -------- d-----w- c:\users\Seph\AppData\Local\Origin
2012-07-09 21:39 . 2012-07-09 21:56 -------- d-----w- c:\programdata\Electronic Arts
2012-07-09 21:39 . 2012-07-09 21:56 -------- d-----w- c:\programdata\Origin
2012-07-09 21:39 . 2012-07-09 21:39 -------- d-----w- c:\program files (x86)\Origin Games
2012-07-08 13:15 . 2012-07-08 13:15 -------- d-----w- c:\users\Seph\AppData\Roaming\LoneSurvivor
2012-07-06 22:56 . 2012-07-07 09:19 -------- d-----w- c:\users\Seph\AppData\Roaming\Owcihu
2012-07-06 22:56 . 2012-07-07 09:17 -------- d-----w- c:\users\Seph\AppData\Roaming\Ohve
2012-07-06 22:56 . 2012-07-06 22:56 -------- d-----w- c:\users\Seph\AppData\Roaming\Yphuon
2012-07-06 12:18 . 2012-07-06 19:48 -------- d-----w- c:\users\Seph\AppData\Roaming\Uvyq
2012-07-06 12:18 . 2012-07-06 12:18 -------- d-----w- c:\users\Seph\AppData\Roaming\Ifewi
2012-07-06 00:24 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-07-05 21:11 . 2012-07-05 21:11 -------- d-----w- c:\users\Seph\AppData\Local\4A Games
2012-07-03 00:05 . 2012-07-08 13:22 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-07-03 00:05 . 2012-07-03 00:05 -------- d-----w- c:\users\Seph\AppData\Local\PunkBuster
2012-07-03 00:02 . 2012-07-13 11:38 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-07-03 00:02 . 2012-07-13 11:38 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-07-03 00:01 . 2012-07-03 00:05 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-07-03 00:01 . 2012-07-02 22:48 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe
2012-07-01 17:40 . 2012-07-01 17:40 -------- d-----w- c:\users\Seph\AppData\Local\ArmA 2 Free
2012-07-01 15:36 . 2012-07-01 15:36 -------- d-----w- c:\users\Seph\AppData\Local\ArmA 2 OA DEMO
2012-06-30 00:28 . 2012-06-30 00:35 -------- d-----w- c:\users\Seph\AppData\Roaming\The Path
2012-06-26 23:50 . 2012-06-28 18:06 -------- d-----w- c:\programdata\NVIDIA
2012-06-26 23:50 . 2012-05-15 09:29 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-06-26 23:50 . 2012-05-15 09:29 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-06-26 23:50 . 2012-05-15 09:29 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
2012-06-26 23:50 . 2012-05-15 09:29 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-06-26 23:50 . 2012-05-15 09:29 2621723 ----a-w- c:\windows\system32\nvcoproc.bin
2012-06-26 23:50 . 2012-05-15 09:29 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-06-26 23:50 . 2012-05-15 09:28 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-06-26 23:50 . 2012-05-15 10:48 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-06-26 23:50 . 2012-05-15 10:48 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-06-26 23:50 . 2012-06-26 23:50 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-06-26 23:49 . 2012-05-15 10:48 818496 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-06-26 23:49 . 2012-05-15 10:48 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-06-26 23:49 . 2012-05-15 10:48 2524992 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-06-26 23:49 . 2012-05-15 10:48 2445120 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-06-26 23:49 . 2012-05-15 10:48 202048 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-06-26 23:49 . 2012-05-15 10:48 19607872 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-06-26 23:49 . 2012-05-15 10:48 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
2012-06-26 23:49 . 2012-05-15 10:48 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-06-26 22:17 . 2012-06-26 22:17 -------- d-----w- c:\users\Seph\AppData\Local\Chromium
2012-06-26 22:14 . 2012-06-26 22:14 -------- d-----w- c:\program files (x86)\Rockstar Games
2012-06-26 21:57 . 2012-06-26 21:57 -------- d-----w- c:\users\Seph\AppData\Roaming\BANDISOFT
2012-06-26 21:56 . 2012-06-26 21:56 -------- d-----w- c:\program files (x86)\BandiMPEG1
2012-06-26 16:21 . 2012-06-26 21:56 -------- d-----w- c:\users\Seph\AppData\Local\Dxtory Software
2012-06-26 13:44 . 2012-05-21 13:10 31080 ----a-w- c:\windows\system32\nvhdap64.dll
2012-06-26 13:44 . 2012-05-21 13:10 188776 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2012-06-26 13:44 . 2012-05-15 10:48 8139072 ----a-w- c:\windows\system32\nvcuda.dll
2012-06-26 13:44 . 2012-05-15 10:48 5982528 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-06-26 13:44 . 2012-05-15 10:48 2881856 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-06-26 13:44 . 2012-05-15 10:48 2681664 ----a-w- c:\windows\system32\nvcuvid.dll
2012-06-26 13:44 . 2012-05-15 10:48 25743168 ----a-w- c:\windows\system32\nvoglv64.dll
2012-06-26 13:44 . 2012-05-15 10:48 25248064 ----a-w- c:\windows\system32\nvcompiler.dll
2012-06-26 13:44 . 2012-05-15 10:48 246592 ----a-w- c:\windows\system32\nvinitx.dll
2012-06-26 13:44 . 2012-05-15 10:48 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-06-26 13:44 . 2012-05-15 10:48 17551680 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-06-26 13:44 . 2012-05-15 10:48 14298944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-06-24 09:22 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-24 09:22 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-24 09:22 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-24 09:22 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-24 09:22 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-24 09:22 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-24 09:22 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-24 09:21 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-24 09:21 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-22 10:43 . 2012-06-22 10:43 -------- d-----w- c:\users\Seph\AppData\Local\Risen2
2012-06-22 10:43 . 2012-06-22 10:43 -------- d-----w- c:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2012-06-21 19:16 . 2012-06-21 19:16 -------- d-----w- c:\users\Seph\AppData\Local\201280
2012-06-17 11:09 . 2012-06-17 11:09 -------- d-----w- c:\users\Seph\AppData\Local\FOMM
2012-06-16 23:20 . 2012-06-16 23:20 -------- d-----w- c:\users\Seph\AppData\Local\ECSD
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-15 20:04 . 2012-01-27 11:04 151552 ----a-w- c:\windows\KMSEmulator.exe
2012-06-26 13:51 . 2012-04-03 08:06 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-26 13:51 . 2012-01-01 22:35 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-26 07:02 . 2012-01-30 23:15 330240 ----a-w- c:\windows\MASetupCaller.dll
2012-06-26 07:02 . 2012-01-30 23:15 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
2012-05-27 21:13 . 2012-05-15 10:45 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-05-27 14:51 . 2012-01-02 19:46 466520 ----a-w- c:\windows\system32\wrap_oal.dll
2012-05-27 14:51 . 2012-01-02 19:46 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-05-27 14:51 . 2012-01-02 19:46 123480 ----a-w- c:\windows\system32\OpenAL32.dll
2012-05-27 14:51 . 2012-01-02 19:46 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-05-21 07:34 . 2012-02-28 09:57 1468264 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2012-05-18 08:53 . 2012-05-18 08:53 61440 ----a-w- c:\windows\diabunin.exe
2012-05-18 08:53 . 2012-04-28 18:57 86528 ----a-w- c:\windows\bnetunin.exe
2012-05-15 10:48 . 2012-05-23 10:10 364352 ----a-w- c:\windows\system32\nvdecodemft.dll
2012-05-15 10:48 . 2012-05-23 10:10 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
2012-05-15 10:48 . 2012-04-18 15:34 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-05-15 10:48 . 2012-02-28 09:57 949056 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-05-15 10:48 . 2012-01-19 14:24 2741568 ----a-w- c:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2012-01-19 14:24 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2012-01-19 14:24 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-05-15 10:45 . 2012-05-15 10:45 53248 ----a-r- c:\users\Seph\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-05-15 04:01 . 2012-06-13 17:34 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 03:03 . 2012-06-13 17:34 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-15 01:32 . 2012-06-13 17:34 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-05-04 11:06 . 2012-06-13 17:34 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 17:34 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 17:34 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-13 17:34 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-13 17:34 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-13 17:34 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-13 17:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-13 17:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-13 17:34 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-13 17:34 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-13 17:34 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-13 17:34 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 17:34 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-13 17:34 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-04-20 03:45 . 2012-06-13 17:34 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-20 03:16 . 2012-06-13 17:34 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{DFEFCDEE-CF1A-4FC8-88AD-129872198372}"= "c:\users\Seph\AppData\Roaming\loadtbs\toolbar.dll" [2012-07-15 614912]
.
[HKEY_CLASSES_ROOT\clsid\{dfefcdee-cf1a-4fc8-88ad-129872198372}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Seph\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Seph\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Seph\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Seph\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPDLR"="d:\programme\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-07-10 21432]
"KiesPreload"="d:\programme\Kies\Kies.exe" [2012-07-10 975800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"AsioThk32Reg"="CTASIO.DLL" [2010-03-18 47104]
"CTHelper"="CTHELPER.EXE" [2010-03-18 19456]
"Malwarebytes' Anti-Malware"="d:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"emsisoft anti-malware"="c:\program files (x86)\emsisoft anti-malware\a2guard.exe" [2012-06-17 3367328]
.
c:\users\Seph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Seph\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-07 116648]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 BthAudioHF;BthAudioHF-Dienst;c:\windows\system32\DRIVERS\BthAudioHF.sys [2009-12-21 52224]
R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2010-03-18 158808]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-05-27 79360]
R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2010-03-18 706648]
R3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\System32\drivers\CTERFXFX.SYS [2010-03-18 141912]
R3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2010-03-18 141912]
R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2010-03-18 681048]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-06-04 99384]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-12-09 135584]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-07 116648]
R3 hitmanpro36;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [2012-07-15 30496]
R3 IntcDAud;Intel® Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
R3 kxwdmdrv;kX WDM Driver Service;c:\windows\system32\drivers\kx.sys [x]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2011-09-02 76056]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2011-09-02 15128]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-11-10 115272]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-01-18 19936]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-01-18 13280]
R3 RivaTuner64;RivaTuner64;d:\programme\RivaTuner v2.24\RivaTuner64.sys [2012-07-11 19952]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-06-04 203320]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2011-05-19 23208]
S1 a2injectiondriver;a2injectiondriver;c:\program files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2012-04-30 44688]
S1 a2util;a-squared Malware-IDS utility driver;c:\program files (x86)\Emsisoft Anti-Malware\a2util64.sys [2010-05-05 14720]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-01-01 279616]
S2 a2AntiMalware;Emsisoft Anti-Malware 6.6 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-06-17 3069752]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
S2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 MBAMService;MBAMService;d:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
S3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2012-04-30 66320]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS [2010-03-18 158808]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS [2010-03-18 706648]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS [2010-03-18 681048]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-02-08 39936]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-02-08 64512]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-05-21 188776]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 RTCore64;RTCore64;d:\programme\MSI Afterburner\RTCore64.sys [2010-05-27 14648]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-04-22 471144]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-15 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2012-01-27 11:04]
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-07 14:27]
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-07 14:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Seph\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Seph\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Seph\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Seph\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-20 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-20 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-20 416024]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"EvtMgr6"="d:\programme\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"LogiScrollApp"="c:\program files\Logitech\FlowScroll\KhalScroll.exe" [2012-02-08 166680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - d:\progra~1\OFFICE~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\Seph\AppData\Roaming\Mozilla\Firefox\Profiles\tx3jwk86.default\
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-ASRockXTU - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
SafeBoot-MsMpSvc
WebBrowser-{DFEFCDEE-CF1A-4FC8-88AD-129872198372} - (no file)
AddRemove-BattlEye A2 Free - d:\games\steam\steamapps\common\arma 2 freeBattlEye\UnInstallBE.exe
AddRemove-BOSS - d:\games\Steam\SteamApps\common\fallout new vegas\Uninstall.exe
AddRemove-Generic Mod Manager_is1 - d:\games\Steam\SteamApps\common\fallout new vegas\GeMM\uninstall\unins000.exe
AddRemove-loadtbs-3.0 - c:\users\Seph\AppData\Roaming\loadtbs\uninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-4273373884-2151313797-3506864452-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:44,eb,39,b1,f0,51,85,8b,12,7a,6a,0b,92,e0,74,fa,c5,5b,df,87,b9,d9,5d,
0e,d4,64,4b,b0,8f,18,44,77,e8,03,90,c5,c6,b5,06,26,f3,33,48,e2,58,34,6f,66,\
"??"=hex:01,5a,03,9a,10,2f,bd,03,4e,44,50,15,f5,fe,5c,83
.
[HKEY_USERS\S-1-5-21-4273373884-2151313797-3506864452-1000\Software\SecuROM\License information*]
"datasecu"=hex:a5,93,dc,c2,3f,68,a6,9f,97,73,6b,8d,66,05,b2,a1,cc,6a,d7,08,57,
73,9f,23,ec,13,0b,d3,ed,12,f6,3b,7d,89,1d,9a,19,ed,ff,30,9c,e7,fa,f3,17,19,\
"rkeysecu"=hex:b2,3d,08,d1,a4,95,b6,e5,53,06,28,84,d6,9c,45,ca
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
d:\programme\MSI Afterburner\MSIAfterburner.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-15 22:07:33 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-07-15 20:07
.
Vor Suchlauf: 11 Verzeichnis(se), 20.954.677.248 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 23.107.620.864 Bytes frei
.
- - End Of File - - 65116C5C12AC605D7C93B21CD22487F7

#14 Seph

Seph

    Regular Member

  • Honorary Members
  • PipPip
  • 94 posts

Posted 15 July 2012 - 03:11 PM

My firewall is working again! You are amazing!!!

Can you tell me how I got infected? Was it maybe because I downgraded from framework 4.0 to 3.5? I wanted to play LA Noire which only supports 3.5.

#15 Seph

Seph

    Regular Member

  • Honorary Members
  • PipPip
  • 94 posts

Posted 15 July 2012 - 03:12 PM

Well, Security Essentials and my Windows Live Games is still not working though. :(

#16 Seph

Seph

    Regular Member

  • Honorary Members
  • PipPip
  • 94 posts

Posted 15 July 2012 - 03:16 PM

Windows Update is kinda working. It's showing that new updates are there and I can try to install but I get an error after it's loading a bit...but it's better than before where it didn't work at all. :)

#17 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,160 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 15 July 2012 - 03:20 PM

Can you take a look at these folders and see what's in them, I believe they are all malware related:

2012-07-06 22:56 . 2012-07-07 09:19 -------- d-----w- c:\users\Seph\AppData\Roaming\Owcihu
2012-07-06 22:56 . 2012-07-07 09:17 -------- d-----w- c:\users\Seph\AppData\Roaming\Ohve
2012-07-06 22:56 . 2012-07-06 22:56 -------- d-----w- c:\users\Seph\AppData\Roaming\Yphuon
2012-07-06 12:18 . 2012-07-06 19:48 -------- d-----w- c:\users\Seph\AppData\Roaming\Uvyq
2012-07-06 12:18 . 2012-07-06 12:18 -------- d-----w- c:\users\Seph\AppData\Roaming\Ifewi

Let me know, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#18 Seph

Seph

    Regular Member

  • Honorary Members
  • PipPip
  • 94 posts

Posted 15 July 2012 - 03:23 PM

Can you take a look at these folders and see what's in them, I believe they are all malware related:

2012-07-06 22:56 . 2012-07-07 09:19 -------- d-----w- c:\users\Seph\AppData\Roaming\Owcihu => empty
2012-07-06 22:56 . 2012-07-07 09:17 -------- d-----w- c:\users\Seph\AppData\Roaming\Ohve => wiex.vii
2012-07-06 22:56 . 2012-07-06 22:56 -------- d-----w- c:\users\Seph\AppData\Roaming\Yphuon => niquz.avy
2012-07-06 12:18 . 2012-07-06 19:48 -------- d-----w- c:\users\Seph\AppData\Roaming\Uvyq => ahub.bee
2012-07-06 12:18 . 2012-07-06 12:18 -------- d-----w- c:\users\Seph\AppData\Roaming\Ifewi => firo.koh

I wrote you the file names next to the folder. I don't know any of those.

#19 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,160 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 15 July 2012 - 03:32 PM

Delete them, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#20 Seph

Seph

    Regular Member

  • Honorary Members
  • PipPip
  • 94 posts

Posted 15 July 2012 - 03:36 PM

I did. What's next? How do I get all the services running again? I'm missing Background Intelligent Transfer Service (BITS) in the services. I guess it affects several other things as well like essentials and windows update.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users