Seph Posted July 15, 2012 ID:571034 Share Posted July 15, 2012 Hi,it seemsl ike I'm infected by this rootkit, that's what Anti Malware says. It seems like it's not able to delete it. My Windows Update and Security essentials is already blocoked. Here is my ODS Log files...hope you guys canl help me. Extras.TxtOTL.Txt Link to post Share on other sites More sharing options...
Seph Posted July 15, 2012 Author ID:571036 Share Posted July 15, 2012 Malwarebytes Anti-Malware 1.61.0.1400www.malwarebytes.orgDatenbank Version: v2012.07.11.04Windows 7 Service Pack 1 x64 NTFSInternet Explorer 8.0.7601.17514Seph :: CLOUD_STRIFE [Administrator]15.07.2012 18:45:47mbam-log-2012-07-15 (18-45-47).txtArt des Suchlaufs: Quick-ScanAktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUMDeaktivierte Suchlaufeinstellungen: P2PDurchsuchte Objekte: 213571Laufzeit: 1 Minute(n), 36 Sekunde(n)Infizierte Speicherprozesse: 0(Keine bösartigen Objekte gefunden)Infizierte Speichermodule: 0(Keine bösartigen Objekte gefunden)Infizierte Registrierungsschlüssel: 0(Keine bösartigen Objekte gefunden)Infizierte Registrierungswerte: 1HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|LicenseValidator (Trojan.Proxy) -> Daten: C:\Users\Seph\AppData\Roaming\Identities\{39A7BBCD-4E79-4297-9CAF-AAEA27312C37}\LicenseValidator.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.Infizierte Dateiobjekte der Registrierung: 0(Keine bösartigen Objekte gefunden)Infizierte Verzeichnisse: 0(Keine bösartigen Objekte gefunden)Infizierte Dateien: 3C:\Windows\Installer\{2ce1db01-728c-dbe3-b99b-46447f15e78a}\n (Trojan.Sirefef) -> Erfolgreich gelöscht und in Quarantäne gestellt.C:\Windows\Installer\{2ce1db01-728c-dbe3-b99b-46447f15e78a}\U\800000cb.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.C:\Users\Seph\AppData\Roaming\Identities\{39A7BBCD-4E79-4297-9CAF-AAEA27312C37}\LicenseValidator.exe (Trojan.Proxy) -> Erfolgreich gelöscht und in Quarantäne gestellt. Link to post Share on other sites More sharing options...
MrCharlie Posted July 15, 2012 ID:571037 Share Posted July 15, 2012 Welcome to the forum.Please remove any usb or external drives from the computer before you run this scan!Please download and run RogueKiller to your desktop.For Windows XP, double-click to start.For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.Click Scan to scan the system. When the scan completes > Close out the program > Don't Fix anything!Don't run any other options, they're not all bad!!!!!!!Post back the report which should be located on your desktop.MrC Link to post Share on other sites More sharing options...
Seph Posted July 15, 2012 Author ID:571040 Share Posted July 15, 2012 Hey there,thanks a ton for your answer. I'm sorry to say that I already tried some stuff. I did RogueKiiller run, deleted the zero access reg and then let the services.exe (And more) fix by Hitman. I read this in another board before you answered. I now restarted and let malware bytes scan again and it didn't find anything. Also in msconfig it seems there is no weird autostart entry. BUT all my services like win security and win update and the firewall are still not working and give me a weird error message. Here is the RogueKiller log from now. As you see zeroaccess still seems to be active. RogueKiller V7.6.3 [07/08/2012] durch Tigzymail: tigzyRK<at>gmail<dot>comKommentare: http://www.geekstogo.com/forum/files/file/413-roguekiller/Blog: http://tigzyrk.blogspot.comBetriebssystem: Windows 7 (6.1.7601 Service Pack 1) 64 bits versionGestartet in: Normal ModusBenutzer: Seph [Admin Rechte]Funktion: Scannen --Datum: 07/15/2012 20:46:14¤¤¤ Böswillige Prozesse: 0 ¤¤¤¤¤¤ Registry-Einträge: 5 ¤¤¤[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤[ZeroAccess][FOLDER] U : c:\windows\installer\{2ce1db01-728c-dbe3-b99b-46447f15e78a}\U --> FOUND¤¤¤ Treiber: [NICHT GELADEN] ¤¤¤¤¤¤ Infektion : ZeroAccess ¤¤¤¤¤¤ Hosts-Datei: ¤¤¤127.0.0.1 activate.adobe.com¤¤¤ MBR überprüfen: ¤¤¤+++++ PhysicalDrive0: WDC WD5000AAKX-001CA0 +++++--- User ---[MBR] bdf7f66084224aa0d21f335dcf6e6417[bSP] eb10ce755ec7591856e3cbf55c501779 : Windows 7 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 74899 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 153600000 | Size: 401939 MoUser = LL1 ... OK!User = LL2 ... OK!Abgeschlossen : << RKreport[1].txt >>RKreport[1].txt Link to post Share on other sites More sharing options...
MrCharlie Posted July 15, 2012 ID:571044 Share Posted July 15, 2012 We'll clean it up, don't run another tools except what I tell you to...OK!!For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.How to tell > 32 or 64 bitPlug the flashdrive into the infected PC.Enter System Recovery Options.To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Select US as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Select US as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press EnterNote: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to disclaimer.[*]Press Scan button.[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.MrC Link to post Share on other sites More sharing options...
Seph Posted July 15, 2012 Author ID:571050 Share Posted July 15, 2012 Thanks! Here is the log file:Scan result of Farbar Recovery Scan Tool Version: 14-07-2012 01Ran by SYSTEM at 15-07-2012 21:09:36Running from G:\Windows 7 Professional Service Pack 1 (X64) OS Language: German StandardThe current controlset is ControlSet001========================== Registry (Whitelisted) =============HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11660904 2010-11-30] (Realtek Semiconductor)HKLM\...\Run: [igfxTray] C:\Windows\system32\igfxtray.exe [168216 2011-04-20] (Intel Corporation)HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [392472 2011-04-20] (Intel Corporation)HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [416024 2011-04-20] (Intel Corporation)HKLM\...\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun [825184 2009-10-01] (Microsoft Corporation)HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)HKLM\...\Run: [EvtMgr6] D:\Programme\Logitech\SetPointP\SetPoint.exe /launchGaming [x]HKLM\...\Run: [LogiScrollApp] C:\Program Files\Logitech\FlowScroll\KhalScroll.exe [166680 2012-02-08] (Logitech, Inc.)HKLM-x32\...\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)HKLM-x32\...\Run: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL [x]HKLM-x32\...\Run: [CTHelper] CTHELPER.EXE [x]HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "D:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [x]HKLM-x32\...\Run: [emsisoft anti-malware] "c:\program files (x86)\emsisoft anti-malware\a2guard.exe" /d=60 [3367328 2012-06-17] (Emsisoft GmbH)HKU\Seph\...\Run: [ASRockXTU] [x]HKU\Seph\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)HKU\Seph\...\Run: [KiesPDLR] D:\Programme\Kies\External\FirmwareUpdate\KiesPDLR.exe [x]HKU\Seph\...\Run: [KiesPreload] D:\Programme\Kies\Kies.exe /preload [x]Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)Tcpip\Parameters: [DhcpNameServer] 192.168.178.1==================== Services (Whitelisted) ======2 a2AntiMalware; "C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe" [3069752 2012-06-17] (Emsisoft GmbH)3 Futuremark SystemInfo Service; "C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe" [135584 2011-12-09] (Futuremark Corporation)3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-07-03] ()2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2656280 2011-02-22] (Intel Corporation)3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]2 MBAMService; "C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe" [x]========================== Drivers (Whitelisted) =============3 a2acc; \??\C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [66320 2012-04-30] (Emsisoft GmbH)1 A2DDA; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [23208 2011-05-19] (Emsi Software GmbH)1 a2injectiondriver; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [44688 2012-04-30] (Emsisoft GmbH)1 a2util; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [14720 2010-05-05] (Emsi Software GmbH)3 CTAUDFX.SYS; C:\Windows\System32\drivers\CTAUDFX.SYS [706648 2010-03-18] (Creative Technology Ltd)1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [279616 2012-01-01] (DT Soft Ltd)3 hitmanpro36; C:\Windows\System32\Drivers\hitmanpro36.sys [30496 2012-07-15] ()3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)3 pwdrvio; \??\C:\Windows\system32\pwdrvio.sys [19936 2012-01-18] ()3 pwdspio; \??\C:\Windows\system32\pwdspio.sys [13280 2012-01-18] ()3 kxwdmdrv; C:\Windows\System32\drivers\kx.sys [x]3 RivaTuner64; \??\D:\Programme\RivaTuner v2.24\RivaTuner64.sys [x]3 RTCore64; \??\D:\Programme\MSI Afterburner\RTCore64.sys [x]========================== NetSvcs (Whitelisted) ======================= One Month Created Files and Folders ==============2012-07-15 19:36 - 2012-07-15 19:36 - 00030496 ____A C:\Windows\System32\Drivers\hitmanpro36.sys2012-07-15 19:35 - 2012-07-15 19:35 - 00002272 ____A C:\Windows\System32\.crusader2012-07-15 19:17 - 2012-07-15 19:38 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro2012-07-15 19:17 - 2012-07-15 19:35 - 00000000 ____D C:\Users\Seph\AppData\Roaming\loadtbs2012-07-15 19:17 - 2012-07-15 19:35 - 00000000 ____D C:\Users\All Users\HitmanPro2012-07-15 19:17 - 2012-07-15 19:17 - 00000000 ____D C:\Users\Seph\AppData\Roaming\convert2012-07-15 19:12 - 2012-07-15 19:46 - 00001635 ____A C:\Users\Seph\Desktop\RKreport[1].txt2012-07-15 19:11 - 2012-07-15 19:42 - 00000000 ____D C:\Users\Seph\Desktop\RK_Quarantine2012-07-15 18:57 - 2012-07-15 20:03 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware2012-07-15 18:57 - 2012-07-15 18:57 - 00001102 ____A C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk2012-07-15 18:57 - 2012-07-15 18:57 - 00000000 ____D C:\Users\Seph\Documents\Anti-Malware2012-07-15 18:44 - 2012-07-15 18:44 - 00127542 ____A C:\Users\Seph\Desktop\OTL.Txt2012-07-15 18:44 - 2012-07-15 18:44 - 00064770 ____A C:\Users\Seph\Desktop\Extras.Txt2012-07-15 18:31 - 2012-07-15 18:31 - 00002073 ____A C:\Users\Seph\Desktop\Entfernen des Avira DE-Cleaners.lnk2012-07-15 18:31 - 2012-07-15 18:31 - 00002002 ____A C:\Users\Seph\Desktop\Avira DE-Cleaner.lnk2012-07-15 18:21 - 2012-07-15 19:37 - 00000000 ____D C:\Users\All Users\Kaspersky Lab2012-07-15 14:47 - 2012-07-15 14:47 - 00000000 ____D C:\Users\Seph\Documents\SEGA2012-07-15 14:03 - 2012-07-15 14:06 - 00000000 ____D C:\Users\Seph\Documents\Max Payne 2 Savegames2012-07-15 11:28 - 2012-07-15 11:28 - 00000000 __SHD C:\Windows\System32\%APPDATA%2012-07-15 11:24 - 2012-07-15 11:24 - 00000000 ____D C:\Users\Seph\AppData\Roaming\Help2012-07-14 14:41 - 2012-06-04 08:59 - 00203320 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys2012-07-14 14:41 - 2012-06-04 08:59 - 00099384 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys2012-07-13 12:33 - 2012-07-13 12:38 - 00669184 ____A C:\Windows\SysWOW64\pbsvc.exe2012-07-13 11:19 - 2012-07-13 11:19 - 00000000 ____D C:\Users\Seph\AppData\Roaming\Trine22012-07-12 19:19 - 2012-07-12 19:19 - 00000000 ____D C:\Users\Seph\Documents\Almost Human2012-07-12 19:07 - 2012-07-12 19:07 - 00000000 ____D C:\Users\Seph\Documents\cache2012-07-12 19:07 - 2012-06-19 22:24 - 00000018 ____A C:\Users\Seph\Documents\profiles.cfg2012-07-12 19:07 - 2012-01-06 23:03 - 00000000 ____D C:\Users\Seph\Documents\screenshots2012-07-12 19:00 - 2012-07-12 19:00 - 00000000 ____D C:\Users\Seph\Documents\Hard Reset Extended2012-07-12 09:00 - 2012-07-12 09:11 - 00000000 ____D C:\Users\All Users\Solidshield2012-07-11 13:09 - 2012-07-11 13:09 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer2012-07-11 13:09 - 2012-07-11 13:09 - 00000000 ____D C:\Program Files\Reference Assemblies2012-07-11 13:09 - 2012-07-11 13:09 - 00000000 ____D C:\Program Files\MSBuild2012-07-11 13:09 - 2012-07-11 13:09 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies2012-07-11 13:09 - 2012-07-11 13:09 - 00000000 ____D C:\Program Files (x86)\MSBuild2012-07-11 00:49 - 2012-07-11 00:49 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_dc3d_01009.Wdf2012-07-11 00:49 - 2012-05-04 12:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll2012-07-11 00:49 - 2012-05-04 10:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll2012-07-09 22:56 - 2012-07-09 22:57 - 00000000 ____D C:\Users\Seph\Documents\NFSTR2012-07-09 22:56 - 2012-07-09 22:56 - 00000000 ____D C:\Users\All Users\EA Core2012-07-09 22:39 - 2012-07-09 22:56 - 00000000 ____D C:\Users\All Users\Origin2012-07-09 22:39 - 2012-07-09 22:56 - 00000000 ____D C:\Users\All Users\Electronic Arts2012-07-09 22:39 - 2012-07-09 22:40 - 00000000 ____D C:\Users\Seph\AppData\Roaming\Origin2012-07-09 22:39 - 2012-07-09 22:39 - 00001080 ____A C:\Windows\KB893803v2.log2012-07-09 22:39 - 2012-07-09 22:39 - 00000000 ____D C:\Users\Seph\AppData\Local\Origin2012-07-09 22:39 - 2012-07-09 22:39 - 00000000 ____D C:\Program Files (x86)\Origin Games2012-07-08 14:15 - 2012-07-08 14:15 - 00000000 ____D C:\Users\Seph\AppData\Roaming\LoneSurvivor2012-07-06 23:56 - 2012-07-07 10:19 - 00000000 ____D C:\Users\Seph\AppData\Roaming\Owcihu2012-07-06 23:56 - 2012-07-07 10:17 - 00000000 ____D C:\Users\Seph\AppData\Roaming\Ohve2012-07-06 23:56 - 2012-07-06 23:56 - 00000000 ____D C:\Users\Seph\AppData\Roaming\Yphuon2012-07-06 13:18 - 2012-07-06 20:48 - 00000000 ____D C:\Users\Seph\AppData\Roaming\Uvyq2012-07-06 13:18 - 2012-07-06 13:18 - 00000000 ____D C:\Users\Seph\AppData\Roaming\Ifewi2012-07-06 01:24 - 2010-02-23 09:16 - 00294912 ____A (Microsoft Corporation) C:\Windows\System32\browserchoice.exe2012-07-05 22:11 - 2012-07-05 22:11 - 00000000 ____D C:\Users\Seph\AppData\Local\4A Games2012-07-03 01:05 - 2012-07-08 14:22 - 00298016 ____A C:\Windows\SysWOW64\PnkBstrB.xtr2012-07-03 01:05 - 2012-07-03 01:05 - 00000000 ____D C:\Users\Seph\AppData\Local\PunkBuster2012-07-03 01:02 - 2012-07-13 12:38 - 00103736 ____A C:\Windows\SysWOW64\PnkBstrB.exe2012-07-03 01:02 - 2012-07-13 12:38 - 00103736 ____A C:\Windows\SysWOW64\PnkBstrB.ex02012-07-03 01:01 - 2012-07-03 01:05 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe2012-07-03 01:01 - 2012-07-02 23:48 - 03130440 ____A C:\Windows\SysWOW64\pbsvc_blr.exe2012-07-01 18:40 - 2012-07-01 18:42 - 00000000 ____D C:\Users\Seph\Documents\ArmA 22012-07-01 18:40 - 2012-07-01 18:40 - 00000000 ____D C:\Users\Seph\AppData\Local\ArmA 2 Free2012-07-01 16:36 - 2012-07-01 16:38 - 00000000 ____D C:\Users\Seph\Documents\ArmA 2 OA Demo2012-07-01 16:36 - 2012-07-01 16:36 - 00000000 ____D C:\Users\Seph\AppData\Local\ArmA 2 OA DEMO2012-06-30 01:28 - 2012-06-30 01:35 - 00000000 ____D C:\Users\Seph\AppData\Roaming\The Path2012-06-30 01:28 - 2012-06-30 01:28 - 00000000 ____D C:\Users\Seph\Documents\The Path2012-06-27 00:50 - 2012-06-28 19:06 - 00000000 ____D C:\Users\All Users\NVIDIA2012-06-27 00:50 - 2012-06-27 00:50 - 00000000 ____D C:\Users\All Users\NVIDIA Corporation2012-06-27 00:50 - 2012-05-15 11:48 - 00068928 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll2012-06-27 00:50 - 2012-05-15 11:48 - 00061248 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll2012-06-27 00:50 - 2012-05-15 10:29 - 03149632 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll2012-06-27 00:50 - 2012-05-15 10:29 - 02621723 ____A C:\Windows\System32\nvcoproc.bin2012-06-27 00:50 - 2012-05-15 10:29 - 02561856 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll2012-06-27 00:50 - 2012-05-15 10:29 - 00889664 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe2012-06-27 00:50 - 2012-05-15 10:29 - 00118080 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll2012-06-27 00:50 - 2012-05-15 10:29 - 00063296 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll2012-06-27 00:50 - 2012-05-15 10:28 - 06151488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll2012-06-27 00:49 - 2012-05-15 11:48 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll2012-06-27 00:49 - 2012-05-15 11:48 - 15322432 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll2012-06-27 00:49 - 2012-05-15 11:48 - 08105280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll2012-06-27 00:49 - 2012-05-15 11:48 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll2012-06-27 00:49 - 2012-05-15 11:48 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll2012-06-27 00:49 - 2012-05-15 11:48 - 01738048 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll2012-06-27 00:49 - 2012-05-15 11:48 - 00818496 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll2012-06-27 00:49 - 2012-05-15 11:48 - 00202048 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll2012-06-26 23:17 - 2012-06-26 23:17 - 00000000 ____D C:\Users\Seph\AppData\Local\Chromium2012-06-26 23:14 - 2012-06-26 23:14 - 00000000 ____D C:\Program Files (x86)\Rockstar Games2012-06-26 22:57 - 2012-06-26 22:57 - 00000000 ____D C:\Users\Seph\Documents\Bandicam2012-06-26 22:57 - 2012-06-26 22:57 - 00000000 ____D C:\Users\Seph\AppData\Roaming\BANDISOFT2012-06-26 22:56 - 2012-06-26 22:56 - 00000000 ____D C:\Program Files (x86)\BandiMPEG12012-06-26 19:12 - 2012-06-26 19:12 - 00000000 ____D C:\Users\Public\Documents\CallOfPripyatBench2012-06-26 17:21 - 2012-06-26 22:56 - 00000000 ____D C:\Users\Seph\AppData\Local\Dxtory Software2012-06-26 14:44 - 2012-05-21 14:10 - 00188776 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys2012-06-26 14:44 - 2012-05-21 14:10 - 00031080 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll2012-06-26 14:44 - 2012-05-15 11:48 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll2012-06-26 14:44 - 2012-05-15 11:48 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll2012-06-26 14:44 - 2012-05-15 11:48 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll2012-06-26 14:44 - 2012-05-15 11:48 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys2012-06-26 14:44 - 2012-05-15 11:48 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll2012-06-26 14:44 - 2012-05-15 11:48 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll2012-06-26 14:44 - 2012-05-15 11:48 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll2012-06-26 14:44 - 2012-05-15 11:48 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll2012-06-26 14:44 - 2012-05-15 11:48 - 02368832 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll2012-06-26 14:44 - 2012-05-15 11:48 - 00246592 ____A (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll2012-06-26 10:58 - 2012-06-26 10:58 - 00000000 ____D C:\Users\Seph\Documents\Fax2012-06-24 10:22 - 2012-06-02 23:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll2012-06-24 10:22 - 2012-06-02 23:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll2012-06-24 10:22 - 2012-06-02 23:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe2012-06-24 10:22 - 2012-06-02 23:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll2012-06-24 10:22 - 2012-06-02 23:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll2012-06-24 10:22 - 2012-06-02 23:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll2012-06-24 10:22 - 2012-06-02 23:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll2012-06-24 10:21 - 2012-06-02 14:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll2012-06-24 10:21 - 2012-06-02 14:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe2012-06-22 11:43 - 2012-06-22 11:43 - 00000000 ____D C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP2012-06-22 11:43 - 2012-06-22 11:43 - 00000000 ____D C:\Users\Seph\AppData\Local\Risen22012-06-21 20:16 - 2012-06-21 20:16 - 00000000 ____D C:\Users\Seph\AppData\Local\2012802012-06-19 22:27 - 2012-07-12 19:06 - 00000000 ____D C:\Users\Seph\Documents\Hard Reset2012-06-19 22:27 - 2012-06-19 22:27 - 01007692 ____A C:\Users\Seph\Documents\Hard Reset.rar2012-06-17 12:09 - 2012-06-17 12:09 - 00000000 ____D C:\Users\Seph\AppData\Local\FOMM2012-06-17 00:20 - 2012-06-17 00:20 - 00000000 ____D C:\Users\Seph\AppData\Local\ECSD============ 3 Months Modified Files ========================2012-07-15 20:03 - 2012-01-27 12:04 - 00000292 ____A C:\Windows\Tasks\AutoKMS.job2012-07-15 20:03 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT2012-07-15 20:03 - 2009-07-14 05:51 - 00122678 ____A C:\Windows\setupact.log2012-07-15 20:00 - 2012-05-27 15:52 - 04931577 ____A C:\Windows\{00000004-00000000-00000001-00001102-00000004-20021102}.CDF2012-07-15 20:00 - 2012-05-27 15:52 - 04931577 ____A C:\Windows\{00000004-00000000-00000001-00001102-00000004-20021102}.BAK2012-07-15 19:58 - 2011-04-12 08:43 - 00654622 ____A C:\Windows\System32\perfh007.dat2012-07-15 19:58 - 2011-04-12 08:43 - 00131546 ____A C:\Windows\System32\perfc007.dat2012-07-15 19:58 - 2009-07-14 06:13 - 01502760 ____A C:\Windows\System32\PerfStringBackup.INI2012-07-15 19:46 - 2012-07-15 19:12 - 00001635 ____A C:\Users\Seph\Desktop\RKreport[1].txt2012-07-15 19:43 - 2009-07-14 05:45 - 00022000 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02012-07-15 19:43 - 2009-07-14 05:45 - 00022000 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02012-07-15 19:38 - 2012-04-07 15:27 - 00001106 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2012-07-15 19:38 - 2012-01-01 18:19 - 01615968 ____A C:\Windows\WindowsUpdate.log2012-07-15 19:36 - 2012-07-15 19:36 - 00030496 ____A C:\Windows\System32\Drivers\hitmanpro36.sys2012-07-15 19:36 - 2012-04-07 15:27 - 00001102 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2012-07-15 19:36 - 2012-01-27 12:04 - 00151552 ____A C:\Windows\KMSEmulator.exe2012-07-15 19:35 - 2012-07-15 19:35 - 00002272 ____A C:\Windows\System32\.crusader2012-07-15 18:57 - 2012-07-15 18:57 - 00001102 ____A C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk2012-07-15 18:44 - 2012-07-15 18:44 - 00127542 ____A C:\Users\Seph\Desktop\OTL.Txt2012-07-15 18:44 - 2012-07-15 18:44 - 00064770 ____A C:\Users\Seph\Desktop\Extras.Txt2012-07-15 18:31 - 2012-07-15 18:31 - 00002073 ____A C:\Users\Seph\Desktop\Entfernen des Avira DE-Cleaners.lnk2012-07-15 18:31 - 2012-07-15 18:31 - 00002002 ____A C:\Users\Seph\Desktop\Avira DE-Cleaner.lnk2012-07-15 18:27 - 2012-01-20 18:40 - 00002198 ____A C:\Windows\epplauncher.mif2012-07-15 18:20 - 2010-11-21 04:47 - 00018336 ____A C:\Windows\PFRO.log2012-07-15 09:33 - 2009-07-14 06:08 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT2012-07-15 00:53 - 2012-04-23 12:13 - 00000026 ____A C:\Windows\SysWOW64\log.log2012-07-13 16:33 - 2009-07-14 05:45 - 04854192 ____A C:\Windows\System32\FNTCACHE.DAT2012-07-13 13:32 - 2012-01-01 18:29 - 00066808 ____A C:\Users\Seph\AppData\Local\GDIPFONTCACHEV1.DAT2012-07-13 12:39 - 2012-01-02 01:50 - 01529296 ____A C:\Windows\SysWOW64\PerfStringBackup.INI2012-07-13 12:38 - 2012-07-13 12:33 - 00669184 ____A C:\Windows\SysWOW64\pbsvc.exe2012-07-13 12:38 - 2012-07-03 01:02 - 00103736 ____A C:\Windows\SysWOW64\PnkBstrB.exe2012-07-13 12:38 - 2012-07-03 01:02 - 00103736 ____A C:\Windows\SysWOW64\PnkBstrB.ex02012-07-13 12:33 - 2012-01-01 23:25 - 00838613 ____A C:\Windows\DirectX.log2012-07-11 15:54 - 2012-06-13 15:57 - 00000715 ____A C:\Users\Seph\Desktop\Neues Textdokument.txt2012-07-11 00:49 - 2012-07-11 00:49 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_dc3d_01009.Wdf2012-07-09 22:39 - 2012-07-09 22:39 - 00001080 ____A C:\Windows\KB893803v2.log2012-07-08 14:22 - 2012-07-03 01:05 - 00298016 ____A C:\Windows\SysWOW64\PnkBstrB.xtr2012-07-03 01:05 - 2012-07-03 01:01 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe2012-07-02 23:48 - 2012-07-03 01:01 - 03130440 ____A C:\Windows\SysWOW64\pbsvc_blr.exe2012-06-26 14:51 - 2012-04-03 09:06 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2012-06-26 14:51 - 2012-01-01 23:35 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2012-06-26 08:02 - 2012-01-31 00:15 - 00330240 ____A ((?)????) C:\Windows\MASetupCaller.dll2012-06-26 08:02 - 2012-01-31 00:15 - 00045320 ____A (MARKANY) C:\Windows\SysWOW64\MAMACExtract.dll2012-06-19 22:27 - 2012-06-19 22:27 - 01007692 ____A C:\Users\Seph\Documents\Hard Reset.rar2012-06-19 22:24 - 2012-07-12 19:07 - 00000018 ____A C:\Users\Seph\Documents\profiles.cfg2012-06-14 08:15 - 2012-01-01 20:44 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe2012-06-04 08:59 - 2012-07-14 14:41 - 00203320 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys2012-06-04 08:59 - 2012-07-14 14:41 - 00099384 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys2012-06-02 23:19 - 2012-06-24 10:22 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll2012-06-02 23:19 - 2012-06-24 10:22 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll2012-06-02 23:19 - 2012-06-24 10:22 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe2012-06-02 23:19 - 2012-06-24 10:22 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll2012-06-02 23:19 - 2012-06-24 10:22 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll2012-06-02 23:15 - 2012-06-24 10:22 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll2012-06-02 23:15 - 2012-06-24 10:22 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll2012-06-02 14:19 - 2012-06-24 10:21 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll2012-06-02 14:15 - 2012-06-24 10:21 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe2012-05-28 00:42 - 2012-05-28 00:42 - 00001080 ____A C:\Windows\System32\settingsbkup.sfm2012-05-28 00:42 - 2012-05-28 00:42 - 00001080 ____A C:\Windows\System32\settings.sfm2012-05-27 22:13 - 2012-05-15 11:45 - 00018960 ____A (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys2012-05-27 22:13 - 2012-05-15 11:45 - 00002423 ____A C:\Windows\LkmdfCoInst.log2012-05-27 15:51 - 2012-05-27 12:25 - 00000159 __RAH C:\Windows\ctfile.rfc2012-05-27 15:51 - 2012-01-02 20:46 - 00466520 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll2012-05-27 15:51 - 2012-01-02 20:46 - 00445016 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll2012-05-27 15:51 - 2012-01-02 20:46 - 00123480 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll2012-05-27 15:51 - 2012-01-02 20:46 - 00109144 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll2012-05-25 16:41 - 2012-01-20 15:54 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2012-05-25 16:41 - 2012-01-20 15:54 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe2012-05-21 14:10 - 2012-06-26 14:44 - 00188776 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys2012-05-21 14:10 - 2012-06-26 14:44 - 00031080 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll2012-05-21 08:34 - 2012-02-28 10:57 - 01468264 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdagenco6420103.dll2012-05-18 09:53 - 2012-05-18 09:53 - 00061440 ____A C:\Windows\diabunin.exe2012-05-18 09:53 - 2012-04-28 19:57 - 00086528 ____A C:\Windows\bnetunin.exe2012-05-15 16:01 - 2012-05-15 16:01 - 00000425 ____A C:\Windows\BRWMARK.INI2012-05-15 11:50 - 2012-01-08 03:01 - 00030896 ____A C:\Windows\LDPINST.LOG2012-05-15 11:48 - 2012-06-27 00:50 - 00068928 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll2012-05-15 11:48 - 2012-06-27 00:50 - 00061248 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll2012-05-15 11:48 - 2012-06-27 00:49 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll2012-05-15 11:48 - 2012-06-27 00:49 - 15322432 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll2012-05-15 11:48 - 2012-06-27 00:49 - 08105280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll2012-05-15 11:48 - 2012-06-27 00:49 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll2012-05-15 11:48 - 2012-06-27 00:49 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll2012-05-15 11:48 - 2012-06-27 00:49 - 01738048 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll2012-05-15 11:48 - 2012-06-27 00:49 - 00818496 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll2012-05-15 11:48 - 2012-06-27 00:49 - 00202048 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll2012-05-15 11:48 - 2012-06-26 14:44 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll2012-05-15 11:48 - 2012-06-26 14:44 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll2012-05-15 11:48 - 2012-06-26 14:44 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll2012-05-15 11:48 - 2012-06-26 14:44 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys2012-05-15 11:48 - 2012-06-26 14:44 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll2012-05-15 11:48 - 2012-06-26 14:44 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll2012-05-15 11:48 - 2012-06-26 14:44 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll2012-05-15 11:48 - 2012-06-26 14:44 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll2012-05-15 11:48 - 2012-06-26 14:44 - 02368832 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll2012-05-15 11:48 - 2012-06-26 14:44 - 00246592 ____A (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll2012-05-15 11:48 - 2012-05-23 11:10 - 00364352 ____A (NVIDIA Corporation) C:\Windows\System32\nvdecodemft.dll2012-05-15 11:48 - 2012-05-23 11:10 - 00301376 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvdecodemft.dll2012-05-15 11:48 - 2012-04-18 16:34 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll2012-05-15 11:48 - 2012-02-28 10:57 - 00949056 ____A (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll2012-05-15 11:48 - 2012-01-19 15:24 - 10194752 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll2012-05-15 11:48 - 2012-01-19 15:24 - 02741568 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll2012-05-15 11:48 - 2012-01-19 15:24 - 01468224 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco64.dll2012-05-15 11:48 - 2011-05-21 06:01 - 00014324 ____A C:\Windows\System32\nvinfo.pb2012-05-15 10:29 - 2012-06-27 00:50 - 03149632 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll2012-05-15 10:29 - 2012-06-27 00:50 - 02621723 ____A C:\Windows\System32\nvcoproc.bin2012-05-15 10:29 - 2012-06-27 00:50 - 02561856 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll2012-05-15 10:29 - 2012-06-27 00:50 - 00889664 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe2012-05-15 10:29 - 2012-06-27 00:50 - 00118080 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll2012-05-15 10:29 - 2012-06-27 00:50 - 00063296 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll2012-05-15 10:28 - 2012-06-27 00:50 - 06151488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll2012-05-15 05:01 - 2012-06-13 18:34 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll2012-05-15 04:59 - 2012-06-13 18:34 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll2012-05-15 04:03 - 2012-06-13 18:34 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2012-05-15 04:00 - 2012-06-13 18:34 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2012-05-15 02:32 - 2012-06-13 18:34 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys2012-05-10 19:06 - 2012-05-10 19:05 - 01657856 ____A C:\Users\Seph\Desktop\ITFW_strategie_final.ppt2012-05-09 11:29 - 2012-05-09 11:29 - 00034842 ____A C:\Users\Seph\Desktop\860637246-getty.9.jpeg2012-05-04 12:06 - 2012-06-13 18:34 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe2012-05-04 12:00 - 2012-07-11 00:49 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll2012-05-04 11:03 - 2012-06-13 18:34 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2012-05-04 11:03 - 2012-06-13 18:34 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2012-05-04 10:59 - 2012-07-11 00:49 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll2012-05-01 06:40 - 2012-06-13 18:34 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll2012-04-28 18:20 - 2012-04-28 18:14 - 00331077 ____A C:\Users\Seph\Desktop\workshop_3_ITfW_neu.pptx2012-04-28 04:55 - 2012-06-13 18:34 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys2012-04-26 06:41 - 2012-06-13 18:34 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll2012-04-26 06:41 - 2012-06-13 18:34 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll2012-04-26 06:34 - 2012-06-13 18:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe2012-04-24 06:37 - 2012-06-13 18:34 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll2012-04-24 06:37 - 2012-06-13 18:34 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll2012-04-24 06:37 - 2012-06-13 18:34 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll2012-04-24 05:36 - 2012-06-13 18:34 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll2012-04-24 05:36 - 2012-06-13 18:34 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll2012-04-24 05:36 - 2012-06-13 18:34 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll2012-04-20 06:42 - 2012-06-13 18:34 - 12297216 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll2012-04-20 06:42 - 2012-06-13 18:34 - 09059840 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll2012-04-20 06:42 - 2012-06-13 18:34 - 02454528 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll2012-04-20 06:42 - 2012-06-13 18:34 - 01494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll2012-04-20 06:42 - 2012-06-13 18:34 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll2012-04-20 06:42 - 2012-06-13 18:34 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll2012-04-20 06:42 - 2012-06-13 18:34 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll2012-04-20 06:42 - 2012-06-13 18:34 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll2012-04-20 06:00 - 2012-06-13 18:34 - 01231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2012-04-20 06:00 - 2012-06-13 18:34 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll2012-04-20 05:57 - 2012-06-13 18:34 - 06027776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2012-04-20 05:57 - 2012-06-13 18:34 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2012-04-20 05:57 - 2012-06-13 18:34 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2012-04-20 05:56 - 2012-06-13 18:34 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2012-04-20 05:56 - 2012-06-13 18:34 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2012-04-20 05:56 - 2012-06-13 18:34 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2012-04-20 04:45 - 2012-06-13 18:34 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb2012-04-20 04:16 - 2012-06-13 18:34 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2012-04-17 06:31 - 2012-06-13 18:34 - 00918016 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll2012-04-17 05:34 - 2012-06-13 18:34 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dllZeroAccess:C:\Windows\Installer\{2ce1db01-728c-dbe3-b99b-46447f15e78a}C:\Windows\Installer\{2ce1db01-728c-dbe3-b99b-46447f15e78a}\U========================= Known DLLs (Whitelisted) ===================================== Bamital & volsnap Check ============C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit==================== EXE ASSOCIATION =====================HKLM\...\.exe: exefile => OKHKLM\...\exefile\DefaultIcon: %1 => OKHKLM\...\exefile\open\command: "%1" %* => OK========================= Memory info ======================Percentage of memory in use: 9%Total physical RAM: 8174.67 MBAvailable physical RAM: 7383.28 MBTotal Pagefile: 8172.87 MBAvailable Pagefile: 7377.17 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.91 MB======================= Partitions =========================1 Drive c: (Windows) (Fixed) (Total:73.14 GB) (Free:19.82 GB) NTFS2 Drive e: (Daten) (Fixed) (Total:392.52 GB) (Free:92.03 GB) NTFS4 Drive g: (FHWS SF) (Removable) (Total:1.95 GB) (Free:1.33 GB) FAT6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS7 Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)] Datentr„ger ### Status Gr”áe Frei Dyn GPT --------------- ------------- ------- ------- --- --- Datentr„ger 0 Online 465 GB 0 B Datentr„ger 1 Online 1995 MB 0 B Datentr„ger 2 Kein Medium 0 B 0 B Partitions of Disk 0:=============== Partition ### Typ Gr”áe Offset ------------- ---------------- ------- ------- Partition 1 Prim„r 100 MB 1024 KB Partition 2 Prim„r 73 GB 101 MB Partition 3 Prim„r 392 GB 73 GB==================================================================================Disk: 0Partition 1Typ : 07Versteckt: NeinAktiv : Ja Volume ### Bst Bezeichnung DS Typ Gr”áe Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 1 Y System-rese NTFS Partition 100 MB Fehlerfre ==================================================================================Disk: 0Partition 2Typ : 07Versteckt: NeinAktiv : Nein Volume ### Bst Bezeichnung DS Typ Gr”áe Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 2 C Windows NTFS Partition 73 GB Fehlerfre ==================================================================================Disk: 0Partition 3Typ : 07Versteckt: NeinAktiv : Nein Volume ### Bst Bezeichnung DS Typ Gr”áe Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 3 E Daten NTFS Partition 392 GB Fehlerfre ==================================================================================Partitions of Disk 1:=============== Partition ### Typ Gr”áe Offset ------------- ---------------- ------- -------* Partition 1 Prim„r 1995 MB 0 B==================================================================================Disk: 1Es wurde keine Partition gew„hlt.Es wurde keine Partition ausgew„hlt.W„hlen Sie eine Partition, und wiederholen Sie den Vorgang.============================================================================================================================================Last Boot: 2012-07-08 15:53======================= End Of Log ========================== Link to post Share on other sites More sharing options...
MrCharlie Posted July 15, 2012 ID:571051 Share Posted July 15, 2012 OK, here you go......Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txtC:\Windows\Installer\{2ce1db01-728c-dbe3-b99b-46447f15e78a}C:\Windows\Installer\{2ce1db01-728c-dbe3-b99b-46447f15e78a}\UNOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemOn Vista or Windows 7: Now please enter System Recovery Options.Run FRST64 and press the Fix button just once and wait.The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.MrC Link to post Share on other sites More sharing options...
Seph Posted July 15, 2012 Author ID:571054 Share Posted July 15, 2012 I have to run FRST64 just like the way before yes? Link to post Share on other sites More sharing options...
Seph Posted July 15, 2012 Author ID:571057 Share Posted July 15, 2012 Here it comes:Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 14-07-2012 01Ran by SYSTEM at 2012-07-15 21:26:58 Run:1Running from G:\==============================================C:\Windows\Installer\{2ce1db01-728c-dbe3-b99b-46447f15e78a} moved successfully.C:\Windows\Installer\{2ce1db01-728c-dbe3-b99b-46447f15e78a}\U not found.==== End of Fixlog ==== Link to post Share on other sites More sharing options...
MrCharlie Posted July 15, 2012 ID:571063 Share Posted July 15, 2012 OK, did you run ComboFix on this computer? MrC Link to post Share on other sites More sharing options...
Seph Posted July 15, 2012 Author ID:571066 Share Posted July 15, 2012 No, I didn't. Firewall etc. still not working. Link to post Share on other sites More sharing options...
MrCharlie Posted July 15, 2012 ID:571071 Share Posted July 15, 2012 Please download and run ComboFix.The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.Please visit this webpage for download links, and instructions for running ComboFixhttp://www.bleepingc...to-use-combofixEnsure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Information on disabling your malware programs can be found Here.Make sure you run ComboFix from your desktop. Give it at least 30-45 minutes to finish if needed.Please include the C:\ComboFix.txt in your next reply for further review.---------->NOTE<----------If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.MrC Link to post Share on other sites More sharing options...
Seph Posted July 15, 2012 Author ID:571078 Share Posted July 15, 2012 Thanks! Here comes the log:ComboFix 12-07-14.01 - Seph 15.07.2012 21:59:31.1.4 - x64Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8175.6265 [GMT 2:00]ausgeführt von:: c:\users\Seph\Desktop\ComboFix.exeAV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))..c:\users\Seph\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dllc:\users\Seph\AppData\Roaming\Help\coredb\storagec:\windows\SysWow64\muzapp.exe..((((((((((((((((((((((( Dateien erstellt von 2012-06-15 bis 2012-07-15 ))))))))))))))))))))))))))))))..2012-07-15 18:55 . 2012-07-15 20:09 -------- d-----w- C:\FRST2012-07-15 18:36 . 2012-07-15 18:36 30496 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys2012-07-15 18:17 . 2012-07-15 18:35 -------- d-----w- c:\programdata\HitmanPro2012-07-15 18:17 . 2012-07-15 18:38 -------- d-----w- c:\program files (x86)\Optimizer Pro2012-07-15 18:17 . 2012-07-15 18:17 -------- d-----w- c:\users\Seph\AppData\Roaming\convert2012-07-15 18:17 . 2012-07-15 18:35 -------- d-----w- c:\users\Seph\AppData\Roaming\loadtbs2012-07-15 17:57 . 2012-07-15 20:04 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware2012-07-15 17:21 . 2012-07-15 18:37 -------- d-----w- c:\programdata\Kaspersky Lab2012-07-15 10:28 . 2012-07-15 10:28 -------- d-sh--w- c:\windows\system32\%APPDATA%2012-07-14 13:41 . 2012-06-04 07:59 99384 ----a-w- c:\windows\system32\drivers\ssudbus.sys2012-07-14 13:41 . 2012-06-04 07:59 203320 ----a-w- c:\windows\system32\drivers\ssudmdm.sys2012-07-14 09:08 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BE9E6CAB-D896-478C-8835-F538E9C42012}\mpengine.dll2012-07-13 11:39 . 2012-07-13 11:39 -------- d-----w- c:\windows\SysWow64\URTTEMP2012-07-13 11:33 . 2012-07-13 11:38 669184 ----a-w- c:\windows\SysWow64\pbsvc.exe2012-07-13 10:19 . 2012-07-13 10:19 -------- d-----w- c:\users\Seph\AppData\Roaming\Trine22012-07-13 08:34 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2012-07-12 08:00 . 2012-07-12 08:11 -------- d-----w- c:\programdata\Solidshield2012-07-11 12:09 . 2012-07-11 12:09 -------- d-----w- c:\windows\SysWow64\XPSViewer2012-07-11 12:09 . 2012-07-11 12:09 -------- d-----w- c:\program files (x86)\Reference Assemblies2012-07-11 12:09 . 2012-07-11 12:09 -------- d-----w- c:\program files (x86)\MSBuild2012-07-11 12:09 . 2012-07-11 12:09 -------- d-----w- c:\program files\Reference Assemblies2012-07-11 12:09 . 2012-07-11 12:09 -------- d-----w- c:\program files\MSBuild2012-07-10 23:49 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A8EEE7B1-9A9C-452C-B92B-6C62C51644A2}\mpengine.dll2012-07-10 23:49 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll2012-07-10 23:49 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll2012-07-09 21:56 . 2012-07-10 21:22 -------- d-----w- c:\programdata\EA Logs2012-07-09 21:56 . 2012-07-09 21:56 -------- d-----w- c:\programdata\EA Core2012-07-09 21:39 . 2012-07-09 21:40 -------- d-----w- c:\users\Seph\AppData\Roaming\Origin2012-07-09 21:39 . 2012-07-09 21:39 -------- d-----w- c:\users\Seph\AppData\Local\Origin2012-07-09 21:39 . 2012-07-09 21:56 -------- d-----w- c:\programdata\Electronic Arts2012-07-09 21:39 . 2012-07-09 21:56 -------- d-----w- c:\programdata\Origin2012-07-09 21:39 . 2012-07-09 21:39 -------- d-----w- c:\program files (x86)\Origin Games2012-07-08 13:15 . 2012-07-08 13:15 -------- d-----w- c:\users\Seph\AppData\Roaming\LoneSurvivor2012-07-06 22:56 . 2012-07-07 09:19 -------- d-----w- c:\users\Seph\AppData\Roaming\Owcihu2012-07-06 22:56 . 2012-07-07 09:17 -------- d-----w- c:\users\Seph\AppData\Roaming\Ohve2012-07-06 22:56 . 2012-07-06 22:56 -------- d-----w- c:\users\Seph\AppData\Roaming\Yphuon2012-07-06 12:18 . 2012-07-06 19:48 -------- d-----w- c:\users\Seph\AppData\Roaming\Uvyq2012-07-06 12:18 . 2012-07-06 12:18 -------- d-----w- c:\users\Seph\AppData\Roaming\Ifewi2012-07-06 00:24 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe2012-07-05 21:11 . 2012-07-05 21:11 -------- d-----w- c:\users\Seph\AppData\Local\4A Games2012-07-03 00:05 . 2012-07-08 13:22 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr2012-07-03 00:05 . 2012-07-03 00:05 -------- d-----w- c:\users\Seph\AppData\Local\PunkBuster2012-07-03 00:02 . 2012-07-13 11:38 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe2012-07-03 00:02 . 2012-07-13 11:38 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.ex02012-07-03 00:01 . 2012-07-03 00:05 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe2012-07-03 00:01 . 2012-07-02 22:48 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe2012-07-01 17:40 . 2012-07-01 17:40 -------- d-----w- c:\users\Seph\AppData\Local\ArmA 2 Free2012-07-01 15:36 . 2012-07-01 15:36 -------- d-----w- c:\users\Seph\AppData\Local\ArmA 2 OA DEMO2012-06-30 00:28 . 2012-06-30 00:35 -------- d-----w- c:\users\Seph\AppData\Roaming\The Path2012-06-26 23:50 . 2012-06-28 18:06 -------- d-----w- c:\programdata\NVIDIA2012-06-26 23:50 . 2012-05-15 09:29 889664 ----a-w- c:\windows\system32\nvvsvc.exe2012-06-26 23:50 . 2012-05-15 09:29 63296 ----a-w- c:\windows\system32\nvshext.dll2012-06-26 23:50 . 2012-05-15 09:29 2561856 ----a-w- c:\windows\system32\nvsvcr.dll2012-06-26 23:50 . 2012-05-15 09:29 118080 ----a-w- c:\windows\system32\nvmctray.dll2012-06-26 23:50 . 2012-05-15 09:29 2621723 ----a-w- c:\windows\system32\nvcoproc.bin2012-06-26 23:50 . 2012-05-15 09:29 3149632 ----a-w- c:\windows\system32\nvsvc64.dll2012-06-26 23:50 . 2012-05-15 09:28 6151488 ----a-w- c:\windows\system32\nvcpl.dll2012-06-26 23:50 . 2012-05-15 10:48 68928 ----a-w- c:\windows\system32\OpenCL.dll2012-06-26 23:50 . 2012-05-15 10:48 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll2012-06-26 23:50 . 2012-06-26 23:50 -------- d-----w- c:\programdata\NVIDIA Corporation2012-06-26 23:49 . 2012-05-15 10:48 818496 ----a-w- c:\windows\SysWow64\nvumdshim.dll2012-06-26 23:49 . 2012-05-15 10:48 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll2012-06-26 23:49 . 2012-05-15 10:48 2524992 ----a-w- c:\windows\SysWow64\nvcuvid.dll2012-06-26 23:49 . 2012-05-15 10:48 2445120 ----a-w- c:\windows\SysWow64\nvcuvenc.dll2012-06-26 23:49 . 2012-05-15 10:48 202048 ----a-w- c:\windows\SysWow64\nvinit.dll2012-06-26 23:49 . 2012-05-15 10:48 19607872 ----a-w- c:\windows\SysWow64\nvoglv32.dll2012-06-26 23:49 . 2012-05-15 10:48 1738048 ----a-w- c:\windows\system32\nvdispco64.dll2012-06-26 23:49 . 2012-05-15 10:48 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll2012-06-26 22:17 . 2012-06-26 22:17 -------- d-----w- c:\users\Seph\AppData\Local\Chromium2012-06-26 22:14 . 2012-06-26 22:14 -------- d-----w- c:\program files (x86)\Rockstar Games2012-06-26 21:57 . 2012-06-26 21:57 -------- d-----w- c:\users\Seph\AppData\Roaming\BANDISOFT2012-06-26 21:56 . 2012-06-26 21:56 -------- d-----w- c:\program files (x86)\BandiMPEG12012-06-26 16:21 . 2012-06-26 21:56 -------- d-----w- c:\users\Seph\AppData\Local\Dxtory Software2012-06-26 13:44 . 2012-05-21 13:10 31080 ----a-w- c:\windows\system32\nvhdap64.dll2012-06-26 13:44 . 2012-05-21 13:10 188776 ----a-w- c:\windows\system32\drivers\nvhda64v.sys2012-06-26 13:44 . 2012-05-15 10:48 8139072 ----a-w- c:\windows\system32\nvcuda.dll2012-06-26 13:44 . 2012-05-15 10:48 5982528 ----a-w- c:\windows\SysWow64\nvcuda.dll2012-06-26 13:44 . 2012-05-15 10:48 2881856 ----a-w- c:\windows\system32\nvcuvenc.dll2012-06-26 13:44 . 2012-05-15 10:48 2681664 ----a-w- c:\windows\system32\nvcuvid.dll2012-06-26 13:44 . 2012-05-15 10:48 25743168 ----a-w- c:\windows\system32\nvoglv64.dll2012-06-26 13:44 . 2012-05-15 10:48 25248064 ----a-w- c:\windows\system32\nvcompiler.dll2012-06-26 13:44 . 2012-05-15 10:48 246592 ----a-w- c:\windows\system32\nvinitx.dll2012-06-26 13:44 . 2012-05-15 10:48 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll2012-06-26 13:44 . 2012-05-15 10:48 17551680 ----a-w- c:\windows\SysWow64\nvcompiler.dll2012-06-26 13:44 . 2012-05-15 10:48 14298944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys2012-06-24 09:22 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll2012-06-24 09:22 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe2012-06-24 09:22 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll2012-06-24 09:22 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll2012-06-24 09:22 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll2012-06-24 09:22 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll2012-06-24 09:22 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll2012-06-24 09:21 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll2012-06-24 09:21 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe2012-06-22 10:43 . 2012-06-22 10:43 -------- d-----w- c:\users\Seph\AppData\Local\Risen22012-06-22 10:43 . 2012-06-22 10:43 -------- d-----w- c:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP2012-06-21 19:16 . 2012-06-21 19:16 -------- d-----w- c:\users\Seph\AppData\Local\2012802012-06-17 11:09 . 2012-06-17 11:09 -------- d-----w- c:\users\Seph\AppData\Local\FOMM2012-06-16 23:20 . 2012-06-16 23:20 -------- d-----w- c:\users\Seph\AppData\Local\ECSD...(((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))).2012-07-15 20:04 . 2012-01-27 11:04 151552 ----a-w- c:\windows\KMSEmulator.exe2012-06-26 13:51 . 2012-04-03 08:06 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2012-06-26 13:51 . 2012-01-01 22:35 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2012-06-26 07:02 . 2012-01-30 23:15 330240 ----a-w- c:\windows\MASetupCaller.dll2012-06-26 07:02 . 2012-01-30 23:15 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll2012-05-27 21:13 . 2012-05-15 10:45 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys2012-05-27 14:51 . 2012-01-02 19:46 466520 ----a-w- c:\windows\system32\wrap_oal.dll2012-05-27 14:51 . 2012-01-02 19:46 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll2012-05-27 14:51 . 2012-01-02 19:46 123480 ----a-w- c:\windows\system32\OpenAL32.dll2012-05-27 14:51 . 2012-01-02 19:46 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll2012-05-21 07:34 . 2012-02-28 09:57 1468264 ----a-w- c:\windows\system32\nvhdagenco6420103.dll2012-05-18 08:53 . 2012-05-18 08:53 61440 ----a-w- c:\windows\diabunin.exe2012-05-18 08:53 . 2012-04-28 18:57 86528 ----a-w- c:\windows\bnetunin.exe2012-05-15 10:48 . 2012-05-23 10:10 364352 ----a-w- c:\windows\system32\nvdecodemft.dll2012-05-15 10:48 . 2012-05-23 10:10 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll2012-05-15 10:48 . 2012-04-18 15:34 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll2012-05-15 10:48 . 2012-02-28 09:57 949056 ----a-w- c:\windows\system32\nvumdshimx.dll2012-05-15 10:48 . 2012-01-19 14:24 2741568 ----a-w- c:\windows\system32\nvapi64.dll2012-05-15 10:48 . 2012-01-19 14:24 1468224 ----a-w- c:\windows\system32\nvgenco64.dll2012-05-15 10:48 . 2012-01-19 14:24 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll2012-05-15 10:45 . 2012-05-15 10:45 53248 ----a-r- c:\users\Seph\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe2012-05-15 04:01 . 2012-06-13 17:34 1188864 ----a-w- c:\windows\system32\wininet.dll2012-05-15 03:03 . 2012-06-13 17:34 981504 ----a-w- c:\windows\SysWow64\wininet.dll2012-05-15 01:32 . 2012-06-13 17:34 3146752 ----a-w- c:\windows\system32\win32k.sys2012-05-04 11:06 . 2012-06-13 17:34 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe2012-05-04 10:03 . 2012-06-13 17:34 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe2012-05-04 10:03 . 2012-06-13 17:34 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe2012-05-01 05:40 . 2012-06-13 17:34 209920 ----a-w- c:\windows\system32\profsvc.dll2012-04-28 03:55 . 2012-06-13 17:34 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys2012-04-26 05:41 . 2012-06-13 17:34 77312 ----a-w- c:\windows\system32\rdpwsx.dll2012-04-26 05:41 . 2012-06-13 17:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll2012-04-26 05:34 . 2012-06-13 17:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe2012-04-24 05:37 . 2012-06-13 17:34 184320 ----a-w- c:\windows\system32\cryptsvc.dll2012-04-24 05:37 . 2012-06-13 17:34 140288 ----a-w- c:\windows\system32\cryptnet.dll2012-04-24 05:37 . 2012-06-13 17:34 1462272 ----a-w- c:\windows\system32\crypt32.dll2012-04-24 04:36 . 2012-06-13 17:34 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll2012-04-24 04:36 . 2012-06-13 17:34 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll2012-04-24 04:36 . 2012-06-13 17:34 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll2012-04-20 03:45 . 2012-06-13 17:34 1638912 ----a-w- c:\windows\system32\mshtml.tlb2012-04-20 03:16 . 2012-06-13 17:34 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb..(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))..*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.REGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]"{DFEFCDEE-CF1A-4FC8-88AD-129872198372}"= "c:\users\Seph\AppData\Roaming\loadtbs\toolbar.dll" [2012-07-15 614912].[HKEY_CLASSES_ROOT\clsid\{dfefcdee-cf1a-4fc8-88ad-129872198372}].[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2012-02-15 00:32 94208 ----a-w- c:\users\Seph\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2012-02-15 00:32 94208 ----a-w- c:\users\Seph\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2012-02-15 00:32 94208 ----a-w- c:\users\Seph\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2012-02-15 00:32 94208 ----a-w- c:\users\Seph\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"KiesPDLR"="d:\programme\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-07-10 21432]"KiesPreload"="d:\programme\Kies\Kies.exe" [2012-07-10 975800].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]"AsioThk32Reg"="CTASIO.DLL" [2010-03-18 47104]"CTHelper"="CTHELPER.EXE" [2010-03-18 19456]"Malwarebytes' Anti-Malware"="d:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]"emsisoft anti-malware"="c:\program files (x86)\emsisoft anti-malware\a2guard.exe" [2012-06-17 3367328].c:\users\Seph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\Seph\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 0 (0x0)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"mixer9"=wdmaud.drv.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]@="".R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-07 116648]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]R3 BthAudioHF;BthAudioHF-Dienst;c:\windows\system32\DRIVERS\BthAudioHF.sys [2009-12-21 52224]R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2010-03-18 158808]R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-05-27 79360]R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2010-03-18 706648]R3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\System32\drivers\CTERFXFX.SYS [2010-03-18 141912]R3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2010-03-18 141912]R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2010-03-18 681048]R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-06-04 99384]R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-12-09 135584]R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-07 116648]R3 hitmanpro36;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [2012-07-15 30496]R3 IntcDAud;Intel® Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]R3 kxwdmdrv;kX WDM Driver Service;c:\windows\system32\drivers\kx.sys [x]R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2011-09-02 76056]R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2011-09-02 15128]R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-11-10 115272]R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120]R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-01-18 19936]R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-01-18 13280]R3 RivaTuner64;RivaTuner64;d:\programme\RivaTuner v2.24\RivaTuner64.sys [2012-07-11 19952]R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-06-04 203320]R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2011-05-19 23208]S1 a2injectiondriver;a2injectiondriver;c:\program files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2012-04-30 44688]S1 a2util;a-squared Malware-IDS utility driver;c:\program files (x86)\Emsisoft Anti-Malware\a2util64.sys [2010-05-05 14720]S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-01-01 279616]S2 a2AntiMalware;Emsisoft Anti-Malware 6.6 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-06-17 3069752]S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]S2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe [2009-07-14 27136]S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]S2 MBAMService;MBAMService;d:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]S3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2012-04-30 66320]S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS [2010-03-18 158808]S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS [2010-03-18 706648]S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS [2010-03-18 681048]S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-02-08 39936]S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-02-08 64512]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-05-21 188776]S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]S3 RTCore64;RTCore64;d:\programme\MSI Afterburner\RTCore64.sys [2010-05-27 14648]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-04-22 471144]..--- Andere Dienste/Treiber im Speicher ---.*NewlyCreated* - WS2IFSL.Inhalt des "geplante Tasks" Ordners.2012-07-15 c:\windows\Tasks\AutoKMS.job- c:\windows\AutoKMS\AutoKMS.exe [2012-01-27 11:04].2012-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-07 14:27].2012-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-07 14:27]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2012-02-15 00:32 97792 ----a-w- c:\users\Seph\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2012-02-15 00:32 97792 ----a-w- c:\users\Seph\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2012-02-15 00:32 97792 ----a-w- c:\users\Seph\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2012-02-15 00:32 97792 ----a-w- c:\users\Seph\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-20 168216]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-20 392472]"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-20 416024]"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]"EvtMgr6"="d:\programme\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]"LogiScrollApp"="c:\program files\Logitech\FlowScroll\KhalScroll.exe" [2012-02-08 166680].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"LoadAppInit_DLLs"=0x0.------- Zusätzlicher Suchlauf -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmIE: E&xport to Microsoft Excel - d:\progra~1\OFFICE~1\Office14\EXCEL.EXE/3000TCP: DhcpNameServer = 192.168.178.1DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cabFF - ProfilePath - c:\users\Seph\AppData\Roaming\Mozilla\Firefox\Profiles\tx3jwk86.default\FF - user.js: network.cookie.cookieBehavior - 0FF - user.js: privacy.clearOnShutdown.cookies - falseFF - user.js: security.warn_viewing_mixed - falseFF - user.js: security.warn_viewing_mixed.show_once - falseFF - user.js: security.warn_submit_insecure - falseFF - user.js: security.warn_submit_insecure.show_once - false.- - - - Entfernte verwaiste Registrierungseinträge - - - -.Wow6432Node-HKCU-Run-ASRockXTU - (no file)Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exeSafeBoot-MsMpSvcWebBrowser-{DFEFCDEE-CF1A-4FC8-88AD-129872198372} - (no file)AddRemove-BattlEye A2 Free - d:\games\steam\steamapps\common\arma 2 freeBattlEye\UnInstallBE.exeAddRemove-BOSS - d:\games\Steam\SteamApps\common\fallout new vegas\Uninstall.exeAddRemove-Generic Mod Manager_is1 - d:\games\Steam\SteamApps\common\fallout new vegas\GeMM\uninstall\unins000.exeAddRemove-loadtbs-3.0 - c:\users\Seph\AppData\Roaming\loadtbs\uninstall.exeAddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe...--------------------- Gesperrte Registrierungsschluessel ---------------------.[HKEY_USERS\S-1-5-21-4273373884-2151313797-3506864452-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]@Allowed: (Read) (RestrictedCode)"??"=hex:44,eb,39,b1,f0,51,85,8b,12,7a,6a,0b,92,e0,74,fa,c5,5b,df,87,b9,d9,5d, 0e,d4,64,4b,b0,8f,18,44,77,e8,03,90,c5,c6,b5,06,26,f3,33,48,e2,58,34,6f,66,\"??"=hex:01,5a,03,9a,10,2f,bd,03,4e,44,50,15,f5,fe,5c,83.[HKEY_USERS\S-1-5-21-4273373884-2151313797-3506864452-1000\Software\SecuROM\License information*]"datasecu"=hex:a5,93,dc,c2,3f,68,a6,9f,97,73,6b,8d,66,05,b2,a1,cc,6a,d7,08,57, 73,9f,23,ec,13,0b,d3,ed,12,f6,3b,7d,89,1d,9a,19,ed,ff,30,9c,e7,fa,f3,17,19,\"rkeysecu"=hex:b2,3d,08,d1,a4,95,b6,e5,53,06,28,84,d6,9c,45,ca.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Weitere laufende Prozesse ------------------------.c:\program files (x86)\Creative\Shared Files\CTAudSvc.exec:\windows\SysWOW64\PnkBstrA.exed:\programme\MSI Afterburner\MSIAfterburner.exec:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe.**************************************************************************.Zeit der Fertigstellung: 2012-07-15 22:07:33 - PC wurde neu gestartetComboFix-quarantined-files.txt 2012-07-15 20:07.Vor Suchlauf: 11 Verzeichnis(se), 20.954.677.248 Bytes freiNach Suchlauf: 14 Verzeichnis(se), 23.107.620.864 Bytes frei.- - End Of File - - 65116C5C12AC605D7C93B21CD22487F7 Link to post Share on other sites More sharing options...
Seph Posted July 15, 2012 Author ID:571080 Share Posted July 15, 2012 My firewall is working again! You are amazing!!!Can you tell me how I got infected? Was it maybe because I downgraded from framework 4.0 to 3.5? I wanted to play LA Noire which only supports 3.5. Link to post Share on other sites More sharing options...
Seph Posted July 15, 2012 Author ID:571081 Share Posted July 15, 2012 Well, Security Essentials and my Windows Live Games is still not working though. Link to post Share on other sites More sharing options...
Seph Posted July 15, 2012 Author ID:571082 Share Posted July 15, 2012 Windows Update is kinda working. It's showing that new updates are there and I can try to install but I get an error after it's loading a bit...but it's better than before where it didn't work at all. Link to post Share on other sites More sharing options...
MrCharlie Posted July 15, 2012 ID:571083 Share Posted July 15, 2012 Can you take a look at these folders and see what's in them, I believe they are all malware related:2012-07-06 22:56 . 2012-07-07 09:19 -------- d-----w- c:\users\Seph\AppData\Roaming\Owcihu2012-07-06 22:56 . 2012-07-07 09:17 -------- d-----w- c:\users\Seph\AppData\Roaming\Ohve2012-07-06 22:56 . 2012-07-06 22:56 -------- d-----w- c:\users\Seph\AppData\Roaming\Yphuon2012-07-06 12:18 . 2012-07-06 19:48 -------- d-----w- c:\users\Seph\AppData\Roaming\Uvyq2012-07-06 12:18 . 2012-07-06 12:18 -------- d-----w- c:\users\Seph\AppData\Roaming\IfewiLet me know, MrC Link to post Share on other sites More sharing options...
Seph Posted July 15, 2012 Author ID:571085 Share Posted July 15, 2012 Can you take a look at these folders and see what's in them, I believe they are all malware related:2012-07-06 22:56 . 2012-07-07 09:19 -------- d-----w- c:\users\Seph\AppData\Roaming\Owcihu => empty2012-07-06 22:56 . 2012-07-07 09:17 -------- d-----w- c:\users\Seph\AppData\Roaming\Ohve => wiex.vii2012-07-06 22:56 . 2012-07-06 22:56 -------- d-----w- c:\users\Seph\AppData\Roaming\Yphuon => niquz.avy2012-07-06 12:18 . 2012-07-06 19:48 -------- d-----w- c:\users\Seph\AppData\Roaming\Uvyq => ahub.bee2012-07-06 12:18 . 2012-07-06 12:18 -------- d-----w- c:\users\Seph\AppData\Roaming\Ifewi => firo.kohI wrote you the file names next to the folder. I don't know any of those. Link to post Share on other sites More sharing options...
MrCharlie Posted July 15, 2012 ID:571087 Share Posted July 15, 2012 Delete them, MrC Link to post Share on other sites More sharing options...
Seph Posted July 15, 2012 Author ID:571088 Share Posted July 15, 2012 I did. What's next? How do I get all the services running again? I'm missing Background Intelligent Transfer Service (BITS) in the services. I guess it affects several other things as well like essentials and windows update. Link to post Share on other sites More sharing options...
MrCharlie Posted July 15, 2012 ID:571089 Share Posted July 15, 2012 Please download Farbar Service Scanner and run it on the computer with the issue.Make sure the following options are checked:Internet ServicesWindows FirewallSystem RestoreSecurity CenterWindows Update[*]Press "Scan".[*]It will create a log (FSS.txt) in the same directory the tool is run.[*]Please copy and paste the log to your reply. MrC Link to post Share on other sites More sharing options...
Seph Posted July 15, 2012 Author ID:571091 Share Posted July 15, 2012 Here it comes. You are fast, damn! Thanks a lot. Farbar Service Scanner Version: 08-07-2012Ran by Seph (administrator) on 15-07-2012 at 22:40:39Running from "C:\Users\Seph\Desktop"Microsoft Windows 7 Professional Service Pack 1 (X64)Boot Mode: Normal****************************************************************Internet Services:============Connection Status:==============Localhost is accessible.LAN connected.Google IP is accessible.Google.com is accessible.Yahoo IP is accessible.Yahoo.com is accessible.Windows Firewall:=============Firewall Disabled Policy:==================System Restore:============System Restore Disabled Policy:========================Action Center:============Windows Update:============BITS Service is not running. Checking service configuration:Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.The ImagePath of BITS service is OK.The ServiceDll of BITS service is OK.Windows Autoupdate Disabled Policy:============================Windows Defender:==============File Check:========C:\Windows\System32\nsisvc.dll => MD5 is legitC:\Windows\System32\drivers\nsiproxy.sys => MD5 is legitC:\Windows\System32\dhcpcore.dll => MD5 is legitC:\Windows\System32\drivers\afd.sys => MD5 is legitC:\Windows\System32\drivers\tdx.sys => MD5 is legitC:\Windows\System32\Drivers\tcpip.sys => MD5 is legitC:\Windows\System32\dnsrslvr.dll => MD5 is legitC:\Windows\System32\mpssvc.dll => MD5 is legitC:\Windows\System32\bfe.dll => MD5 is legitC:\Windows\System32\drivers\mpsdrv.sys => MD5 is legitC:\Windows\System32\SDRSVC.dll => MD5 is legitC:\Windows\System32\vssvc.exe => MD5 is legitC:\Windows\System32\wscsvc.dll => MD5 is legitC:\Windows\System32\wbem\WMIsvc.dll => MD5 is legitC:\Windows\System32\wuaueng.dll => MD5 is legitC:\Windows\System32\qmgr.dll => MD5 is legitC:\Windows\System32\es.dll => MD5 is legitC:\Windows\System32\cryptsvc.dll => MD5 is legitC:\Program Files\Windows Defender\MpSvc.dll => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legit**** End of log **** Link to post Share on other sites More sharing options...
MrCharlie Posted July 15, 2012 ID:571094 Share Posted July 15, 2012 Please back up the registry using ERUNT before we continue.Download, unzip and run (double click on it and allow it to merge into registry) the attached Bits.zip (Bits.reg).MrCEDIT: attachment removed Link to post Share on other sites More sharing options...
Seph Posted July 15, 2012 Author ID:571095 Share Posted July 15, 2012 Done! Link to post Share on other sites More sharing options...
Seph Posted July 15, 2012 Author ID:571097 Share Posted July 15, 2012 Should it be working? Because it isn't. :-/ Link to post Share on other sites More sharing options...
Recommended Posts