Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
WIN 7 / Sperrbildschirm(interpol trojaner) / FRST-Scan

WIN 7 / Sperrbildschirm(interpol trojaner) / FRST-Scan


Log-Analyse und Auswertung: WIN 7 / Sperrbildschirm(interpol trojaner) / FRST-Scan

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 09.10.2013, 12:59   #1
Greezywonder
 
WIN 7 / Sperrbildschirm(interpol trojaner) / FRST-Scan - Icon17

WIN 7 / Sperrbildschirm(interpol trojaner) / FRST-Scan


Hallo Trojaner-Board!

Hab seit heute morgen diesen nervigen Sperrbildschirm-Interpol-Trojaner auf meinem Rechner

Ich habe den Farbar-Scan durchgeführt und unten das Logfile angehängt.
Im Hintergrund kann ich von meinem AVG-Antivirus (trial-Version) sehen, dass eine Bedrohung
erkannt wurde. Folgendes kann ich lesen (leider nicht mehr da ich nichts bewegen kann und der Sperrbildschirm direkt wieder aufgeht):


Luhe.Sirefef.A gefunden
/c:Program Files (x86)/Google/Desktop/In...
Trojaner:Generic34.CNMQ
/c:Program Files (x86)/Google/Desktop/In...


Würde mich sehr über Hilfe freuen, bin schon am verzweifeln gewesen

Liebe Grüße Daniel.


Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by SYSTEM on MININT-G5OHM2O on 09-10-2013 13:37:06
Running from F:\
Windows 7 Professional (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor)
HKLM\...\Run: [VX1000] - C:\Windows\vVX1000.exe [762224 2009-06-30] (Microsoft Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-08-27] (NVIDIA Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation)
HKLM-x32\...\Run: [XFastUSB] - C:\Program Files (x86)\XFastUSB\XFastUsb.exe [5019360 2012-06-15] (FNet Co., Ltd.)
HKLM-x32\...\Run: [THX TruStudio NB Settings] - C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe [909824 2011-05-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] - C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [AVG_UI] - "E:\Programme\avgui.exe" /TRAYONLY
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - "E:\Programme\hamachi-2-ui.exe" --auto-start
HKU\Daniel\...\Run: [ASRockXTU] - [x]
HKU\Daniel\...\Run: [zASRockInstantBoot] - [x]
HKU\Daniel\...\Run: [Google Update] - C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-15] (Google Inc.)
HKU\Daniel\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKU\Daniel\...\Run: [Spotify Web Helper] - C:\Users\Daniel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-05] (Spotify Ltd)
HKU\Daniel\...\Run: [DAEMON Tools Lite] - "E:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun
HKU\Daniel\...\Run: [Spotify] - C:\Users\Daniel\AppData\Roaming\Spotify\spotify.exe [4736000 2013-10-05] (Spotify Ltd)
HKU\Daniel\...\Run: [Google Update] - C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-15] (Google Inc.)
HKU\Daniel\...\Winlogon: [Shell] explorer.exe,C:\Users\Daniel\AppData\Roaming\cache.dat <==== ATTENTION 
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [168616 2013-09-12] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [141336 2013-09-12] (NVIDIA Corporation)
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gabn7mqlc.lnk
ShortcutTarget: gabn7mqlc.lnk -> C:\PROGRA~3\clqm7nbag.plz ()

==================== Services (Whitelisted) =================

S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [121344 2012-02-07] ()
S2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14997280 2013-08-27] (NVIDIA Corporation)
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-05-21] ()
S2 Winmgmt; C:\PROGRA~3\gabn7mqlc.pzz [60512 2013-10-09] (Microsoft Corporation)
S2 Winmgmt; C:\PROGRA~3\gabn7mqlc.pzz [60512 2013-10-09] (Microsoft Corporation)
S2 avgfws; E:\Programme\avgfws.exe [x]
S2 AVGIDSAgent; E:\Programme\avgidsagent.exe [x]
S2 avgwd; E:\Programme\avgwdsvc.exe [x]
S2 Hamachi2Svc; E:\Programme\hamachi-2.exe -s [x]
S2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{a4cab183-1a68-a2e3-834c-d72db022f1b2}\   \...\???\{a4cab183-1a68-a2e3-834c-d72db022f1b2}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

S0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology)
S0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.)
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [147768 2013-08-01] (AVG Technologies CZ, s.r.o.)
S1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [241464 2013-09-02] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192824 2013-09-02] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-09-02] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-09-02] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-08-20] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-08] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-04-28] (DT Soft Ltd)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2013-09-17] (FNet Co., Ltd.)
S1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2012-06-15] (FNet Co., Ltd.)
S3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
S3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
S3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] ()
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-08-20] (NVIDIA Corporation)
S3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2013-10-09] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-09 13:36 - 2013-10-09 13:36 - 00000000 ____D C:\FRST
2013-10-09 12:22 - 2013-10-09 12:22 - 00094656 _____ (CACE Technologies) C:\Windows\System32\WPRO_41_2001woem.tmp
2013-10-09 11:14 - 2013-10-09 11:14 - 00000004 _____ C:\Users\Daniel\AppData\Roaming\cache.ini
2013-10-09 11:13 - 2013-10-09 12:25 - 95025368 ____T C:\ProgramData\gabn7mqlc.pff
2013-10-09 11:13 - 2013-10-09 12:22 - 00000000 _____ C:\ProgramData\gabn7mqlc.ctrl
2013-10-09 11:13 - 2013-10-09 11:13 - 00113664 _____ C:\ProgramData\clqm7nbag.plz
2013-10-09 11:13 - 2013-10-09 11:13 - 00060512 ____T (Microsoft Corporation) C:\ProgramData\gabn7mqlc.pzz
2013-10-07 06:44 - 2013-10-07 07:22 - 00000000 ____D C:\Users\Daniel\AppData\Local\DTAG
2013-10-07 06:44 - 2013-10-07 06:44 - 00000000 ____D C:\Users\Daniel\AppData\Local\mquadr.at
2013-10-07 06:44 - 2013-10-07 06:44 - 00000000 ____D C:\ProgramData\mquadr.at
2013-10-07 06:44 - 2013-05-21 16:20 - 00249824 ____N (mquadr.at software engineering & consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at) C:\Windows\SysWOW64\SSDPDiscovery.dll
2013-10-07 06:44 - 2013-05-02 14:36 - 03490112 ____N (mquadr.at software engineering & consulting GmbH) C:\Windows\SysWOW64\m2network64helper.exe
2013-10-07 06:44 - 2013-05-02 08:09 - 03748672 ____N (mquadr.at software engineering und consulting GmbH) C:\Windows\SysWOW64\M2ElevatedCalls.dll
2013-10-07 06:44 - 2013-05-02 08:08 - 00962368 ____N (mquadr.at software engineering) C:\Windows\SysWOW64\M2ElevatedNetworkAdapters.dll
2013-10-07 06:44 - 2012-12-03 14:58 - 00279040 ____N (Nicomsoft Ltd.) C:\Windows\System32\WiFiMan.dll
2013-10-07 06:44 - 2012-12-03 14:57 - 00238592 ____N (Nicomsoft Ltd.) C:\Windows\SysWOW64\WiFiMan.dll
2013-10-01 10:00 - 2013-10-01 10:00 - 00000000 ____D C:\Windows\SysWOW64\NV
2013-10-01 10:00 - 2013-10-01 10:00 - 00000000 ____D C:\Windows\System32\NV
2013-10-01 10:00 - 2013-10-01 10:00 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-10-01 09:59 - 2013-09-12 09:58 - 29337376 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 25256224 _____ (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 22102304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 15703688 _____ (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 13628208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 11274528 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2013-10-01 09:59 - 2013-09-12 09:58 - 09281032 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 07720576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 07648000 _____ (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 06329552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 02970400 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 02789152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 02367264 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 02007328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 01884448 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6432723.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 01511712 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6432723.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 00681760 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 00603424 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 00586016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 00515360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 00458528 _____ (NVIDIA Corporation) C:\Windows\System32\nvEncodeAPI64.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 00388384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 00317472 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglshim64.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-10-01 09:59 - 2013-06-16 13:38 - 00196384 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys
2013-10-01 09:59 - 2013-06-16 13:38 - 00031520 _____ (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll
2013-10-01 09:42 - 2013-08-20 14:33 - 00039200 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvvad64v.sys
2013-10-01 09:42 - 2013-08-20 14:32 - 00028448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-09-27 17:59 - 2013-09-27 17:59 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\AVG2014
2013-09-27 17:55 - 2013-09-27 17:58 - 00000000 ____D C:\ProgramData\AVG2014
2013-09-27 17:55 - 2013-09-27 17:55 - 00000564 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-09-27 16:47 - 2013-09-28 12:30 - 00000000 ____D C:\Users\Daniel\AppData\Local\Avg2014
2013-09-12 17:24 - 2013-09-12 17:24 - 01303624 _____ C:\Windows\Minidump\091213-21450-01.dmp
2013-09-12 17:24 - 2013-09-12 17:24 - 00000000 ____D C:\Windows\Minidump
2013-09-12 00:20 - 2013-08-10 06:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-09-12 00:20 - 2013-08-10 06:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-09-12 00:20 - 2013-08-10 06:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-09-12 00:20 - 2013-08-10 06:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-09-12 00:20 - 2013-08-10 06:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-09-12 00:20 - 2013-08-10 06:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-09-12 00:20 - 2013-08-10 06:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-09-12 00:20 - 2013-08-10 06:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-09-12 00:20 - 2013-08-10 06:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-09-12 00:20 - 2013-08-10 06:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-09-12 00:20 - 2013-08-10 06:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-09-12 00:20 - 2013-08-10 06:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-09-12 00:20 - 2013-08-10 06:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-09-12 00:20 - 2013-08-10 06:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-09-12 00:20 - 2013-08-10 04:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-12 00:20 - 2013-08-10 04:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-12 00:20 - 2013-08-10 04:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-12 00:20 - 2013-08-10 04:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-12 00:20 - 2013-08-10 04:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-12 00:20 - 2013-08-10 04:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-12 00:20 - 2013-08-10 04:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-12 00:20 - 2013-08-10 04:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-12 00:20 - 2013-08-10 04:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-12 00:20 - 2013-08-10 04:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-12 00:20 - 2013-08-10 04:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-12 00:20 - 2013-08-10 04:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-12 00:20 - 2013-08-10 04:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-12 00:20 - 2013-08-10 04:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-09-12 00:20 - 2013-08-10 04:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-12 00:20 - 2013-08-10 03:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-12 00:20 - 2013-08-10 03:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-12 00:17 - 2013-09-12 00:17 - 00571168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2013-09-11 09:22 - 2013-08-08 02:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-09-11 09:22 - 2013-08-05 03:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ataport.sys
2013-09-11 09:22 - 2013-08-02 03:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-09-11 09:22 - 2013-08-02 03:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-09-11 09:22 - 2013-08-02 03:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2013-09-11 09:22 - 2013-08-02 03:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-09-11 09:22 - 2013-08-02 03:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2013-09-11 09:22 - 2013-08-02 03:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-09-11 09:22 - 2013-08-02 03:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2013-09-11 09:22 - 2013-08-02 03:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-09-11 09:22 - 2013-08-02 03:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-11 09:22 - 2013-08-02 02:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-11 09:22 - 2013-08-02 02:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-11 09:22 - 2013-08-02 02:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-11 09:22 - 2013-08-02 02:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-11 09:22 - 2013-08-02 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-09-11 09:22 - 2013-08-02 01:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-09-11 09:22 - 2013-08-02 01:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-11 09:22 - 2013-08-02 01:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-11 09:22 - 2013-08-02 01:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-11 09:22 - 2013-08-02 01:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-11 09:22 - 2013-08-02 01:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 01:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 01:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 01:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-11 09:22 - 2013-07-26 03:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-09-11 09:22 - 2013-07-26 03:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-09-11 09:22 - 2013-07-26 02:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-11 09:22 - 2013-07-26 02:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll

==================== One Month Modified Files and Folders =======

2013-10-09 13:36 - 2013-10-09 13:36 - 00000000 ____D C:\FRST
2013-10-09 12:25 - 2013-10-09 11:13 - 95025368 ____T C:\ProgramData\gabn7mqlc.pff
2013-10-09 12:25 - 2012-06-16 14:42 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-09 12:23 - 2012-06-15 20:17 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Skype
2013-10-09 12:22 - 2013-10-09 12:22 - 00094656 _____ (CACE Technologies) C:\Windows\System32\WPRO_41_2001woem.tmp
2013-10-09 12:22 - 2013-10-09 11:13 - 00000000 _____ C:\ProgramData\gabn7mqlc.ctrl
2013-10-09 12:22 - 2013-03-15 12:20 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-09 12:22 - 2013-03-12 20:49 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Spotify
2013-10-09 12:22 - 2012-08-30 21:17 - 00000000 ____D C:\Users\Daniel\AppData\Local\LogMeIn Hamachi
2013-10-09 12:22 - 2012-08-23 21:42 - 00000000 ___RD C:\Users\Daniel\Dropbox
2013-10-09 12:22 - 2012-08-23 21:35 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Dropbox
2013-10-09 12:22 - 2012-06-15 17:03 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-09 12:22 - 2012-06-15 16:54 - 00709294 _____ C:\Windows\PFRO.log
2013-10-09 12:22 - 2012-06-15 16:53 - 00034752 _____ C:\Windows\System32\Drivers\WPRO_41_2001.sys
2013-10-09 12:22 - 2012-06-15 16:51 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2013-10-09 12:22 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-09 12:22 - 2009-07-14 05:51 - 00064401 _____ C:\Windows\setupact.log
2013-10-09 12:06 - 2012-06-15 16:44 - 01998097 _____ C:\Windows\WindowsUpdate.log
2013-10-09 12:06 - 2009-07-14 05:45 - 00014944 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-09 12:06 - 2009-07-14 05:45 - 00014944 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-09 11:59 - 2009-07-14 06:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-09 11:29 - 2012-06-15 17:20 - 00000000 ____D C:\Program Files (x86)\Origin
2013-10-09 11:14 - 2013-10-09 11:14 - 00000004 _____ C:\Users\Daniel\AppData\Roaming\cache.ini
2013-10-09 11:13 - 2013-10-09 11:13 - 00113664 _____ C:\ProgramData\clqm7nbag.plz
2013-10-09 11:13 - 2013-10-09 11:13 - 00060512 ____T (Microsoft Corporation) C:\ProgramData\gabn7mqlc.pzz
2013-10-09 11:13 - 2013-03-15 12:20 - 00000000 ____D C:\Program Files (x86)\Google
2013-10-09 11:13 - 2012-06-17 17:16 - 00000000 ____D C:\Users\Daniel\AppData\Local\CrashDumps
2013-10-09 11:13 - 2012-06-15 17:17 - 00000000 ____D C:\Users\Daniel\AppData\Local\Google
2013-10-09 10:59 - 2012-06-15 17:17 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2477343632-1281009956-176077191-1000UA.job
2013-10-09 10:36 - 2013-03-15 12:20 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-09 09:10 - 2012-06-15 16:51 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2013-10-09 08:16 - 2012-08-30 13:25 - 00000000 ____D C:\ProgramData\MFAData
2013-10-09 08:13 - 2009-07-14 18:58 - 00696832 _____ C:\Windows\System32\perfh007.dat
2013-10-09 08:13 - 2009-07-14 18:58 - 00148128 _____ C:\Windows\System32\perfc007.dat
2013-10-09 08:13 - 2009-07-14 06:13 - 01613340 _____ C:\Windows\System32\PerfStringBackup.INI
2013-10-08 21:25 - 2012-06-16 14:42 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-08 21:25 - 2012-06-16 14:42 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-08 21:25 - 2012-06-16 14:42 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-08 21:10 - 2013-02-25 23:36 - 00291088 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-10-08 21:10 - 2013-02-25 23:36 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-10-08 21:10 - 2012-06-15 17:48 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-10-08 18:59 - 2012-06-15 17:17 - 00001072 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2477343632-1281009956-176077191-1000Core.job
2013-10-08 18:54 - 2012-06-15 17:17 - 00004100 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2477343632-1281009956-176077191-1000UA
2013-10-08 18:54 - 2012-06-15 17:17 - 00003704 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2477343632-1281009956-176077191-1000Core
2013-10-07 21:13 - 2012-06-15 16:43 - 00000000 ____D C:\users\Daniel
2013-10-07 21:13 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-10-07 13:27 - 2013-03-12 20:49 - 00000000 ____D C:\Users\Daniel\AppData\Local\Spotify
2013-10-07 07:22 - 2013-10-07 06:44 - 00000000 ____D C:\Users\Daniel\AppData\Local\DTAG
2013-10-07 06:44 - 2013-10-07 06:44 - 00000000 ____D C:\Users\Daniel\AppData\Local\mquadr.at
2013-10-07 06:44 - 2013-10-07 06:44 - 00000000 ____D C:\ProgramData\mquadr.at
2013-10-01 10:00 - 2013-10-01 10:00 - 00000000 ____D C:\Windows\SysWOW64\NV
2013-10-01 10:00 - 2013-10-01 10:00 - 00000000 ____D C:\Windows\System32\NV
2013-10-01 10:00 - 2013-10-01 10:00 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-10-01 10:00 - 2012-06-15 17:02 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-09-30 15:07 - 2012-06-15 17:46 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-09-28 12:30 - 2013-09-27 16:47 - 00000000 ____D C:\Users\Daniel\AppData\Local\Avg2014
2013-09-27 18:00 - 2012-12-28 14:59 - 00000000 ____D C:\Program Files (x86)\AVG
2013-09-27 17:59 - 2013-09-27 17:59 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\AVG2014
2013-09-27 17:59 - 2012-08-30 13:29 - 00000000 ___HD C:\$AVG
2013-09-27 17:58 - 2013-09-27 17:55 - 00000000 ____D C:\ProgramData\AVG2014
2013-09-27 17:58 - 2012-12-28 14:59 - 00000000 ____D C:\ProgramData\AVG2013
2013-09-27 17:55 - 2013-09-27 17:55 - 00000564 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-09-20 15:31 - 2012-11-10 14:23 - 00000000 ____D C:\Users\Daniel\AppData\Local\Windows Live
2013-09-17 15:06 - 2012-07-12 10:19 - 00032320 _____ (FNet Co., Ltd.) C:\Windows\System32\Drivers\FNETTBOH_305.SYS
2013-09-14 11:28 - 2012-07-24 13:42 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-12 17:24 - 2013-09-12 17:24 - 01303624 _____ C:\Windows\Minidump\091213-21450-01.dmp
2013-09-12 17:24 - 2013-09-12 17:24 - 00000000 ____D C:\Windows\Minidump
2013-09-12 10:45 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-09-12 09:58 - 2013-10-01 09:59 - 29337376 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 25256224 _____ (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 22102304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 15703688 _____ (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 13628208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 11274528 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2013-09-12 09:58 - 2013-10-01 09:59 - 09281032 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 07720576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 07648000 _____ (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 06329552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 02970400 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 02789152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 02367264 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 02007328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 01884448 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6432723.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 01511712 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6432723.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 00681760 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 00603424 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 00586016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 00515360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 00458528 _____ (NVIDIA Corporation) C:\Windows\System32\nvEncodeAPI64.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 00388384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 00317472 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglshim64.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-09-12 09:58 - 2013-02-25 23:52 - 01222824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-09-12 09:58 - 2013-02-25 23:52 - 00168616 _____ (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
2013-09-12 09:58 - 2013-02-25 23:52 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-09-12 09:58 - 2012-10-12 17:54 - 02630304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-09-12 09:58 - 2012-06-15 17:02 - 15901448 _____ (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2013-09-12 09:58 - 2012-06-15 17:02 - 12947360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-09-12 09:58 - 2012-06-15 17:02 - 02986672 _____ (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2013-09-12 09:58 - 2012-06-15 17:02 - 01412832 _____ (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll
2013-09-12 09:58 - 2012-06-15 17:02 - 00022814 _____ C:\Windows\System32\nvinfo.pb
2013-09-12 08:25 - 2012-06-15 17:02 - 06599968 _____ (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2013-09-12 08:25 - 2012-06-15 17:02 - 03452192 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2013-09-12 08:25 - 2012-06-15 17:02 - 02559776 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2013-09-12 08:25 - 2012-06-15 17:02 - 00920864 _____ (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2013-09-12 08:25 - 2012-06-15 17:02 - 00219424 _____ (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2013-09-12 08:25 - 2012-06-15 17:02 - 00063776 _____ (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2013-09-12 08:03 - 2009-07-14 05:45 - 00311784 _____ C:\Windows\System32\FNTCACHE.DAT
2013-09-12 00:20 - 2013-08-13 22:25 - 00000000 ____D C:\Windows\System32\MRT
2013-09-12 00:19 - 2012-06-21 18:42 - 79143768 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-09-12 00:17 - 2013-09-12 00:17 - 00571168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2013-09-11 23:06 - 2012-06-15 17:02 - 03361114 _____ C:\Windows\System32\nvcoproc.bin

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

Files to move or delete:
====================
C:\Users\Daniel\AppData\Roaming\cache.ini
ZeroAccess:
C:\Users\Daniel\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install
C:\ProgramData\clqm7nbag.plz
C:\ProgramData\gabn7mqlc.ctrl
C:\ProgramData\gabn7mqlc.pff


Some content of TEMP:
====================
C:\Users\Daniel\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Daniel\AppData\Local\Temp\drm_dyndata_7330017.dll
C:\Users\Daniel\AppData\Local\Temp\fx-runtime.exe
C:\Users\Daniel\AppData\Local\Temp\h-1938417301.tmp.exe
C:\Users\Daniel\AppData\Local\Temp\h-79531810.tmp.dll
C:\Users\Daniel\AppData\Local\Temp\h58141557.tmp.exe
C:\Users\Daniel\AppData\Local\Temp\ICReinstall_VideoConverterSetup.exe
C:\Users\Daniel\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Daniel\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Daniel\AppData\Local\Temp\nvStereoApiI64.dll
C:\Users\Daniel\AppData\Local\Temp\nvStInst.exe
C:\Users\Daniel\AppData\Local\Temp\ose00000.exe
C:\Users\Daniel\AppData\Local\Temp\rhrdk_20080527.exe
C:\Users\Daniel\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Daniel\AppData\Local\Temp\sonarinst.exe
C:\Users\Daniel\AppData\Local\Temp\SpotifyUpgrader.exe
C:\Users\Daniel\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Daniel\AppData\Local\Temp\uninstaller-4648.exe
C:\Users\Daniel\AppData\Local\Temp\wajam_install.exe
C:\Users\Daniel\AppData\Local\Temp\_isDE1E.exe
C:\Users\Daniel\AppData\Local\Temp\~tmf9167799996504937257.dll


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

4
Restore point made on: 2013-09-27 17:55:25
Restore point made on: 2013-09-27 17:55:40
Restore point made on: 2013-10-05 17:19:37
Restore point made on: 2013-10-07 16:42:10

==================== Memory info =========================== 

Percentage of memory in use: 9%
Total physical RAM: 8086.39 MB
Available physical RAM: 7310.66 MB
Total Pagefile: 8084.54 MB
Available Pagefile: 7319.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.02 GB) (Free:10.01 GB) NTFS
Drive d: () (Fixed) (Total:596.05 GB) (Free:549.6 GB) NTFS
Drive f: (TRANSCEND) (Removable) (Total:14.95 GB) (Free:13.05 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 119 GB) (Disk ID: 00000000)

Partition: GPT Partition Type
========================================================
Disk: 1 (Size: 596 GB) (Disk ID: 1549F232)

Partition: GPT Partition Type
========================================================
Disk: 2 (Size: 15 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0B)


LastRegBack: 2013-10-01 10:40

==================== End Of Log ============================

 

Themen zu WIN 7 / Sperrbildschirm(interpol trojaner) / FRST-Scan
adobe, adobe flash player, association, defender, explorer, explorer.exe, farbar recovery scan tool, flash player, free, generic, hintergrund, icreinstall, logfile, microsoft, minidump, nvidia, programme, realtek, registry, services.exe, software, spotify web helper, svchost.exe, system, system32, temp, trojaner, update, usb, wajam, winlogon.exe


« Interpol-Virus | Brief von Telekom: Sie sind mit ZeuS/ZBot-Trojaner infiziert »


Ähnliche Themen: WIN 7 / Sperrbildschirm(interpol trojaner) / FRST-Scan


  1. Windows 7 bootet nicht mehr, nur Sperrbildschirm! FRST-Scan ist erfolgt.
    Plagegeister aller Art und deren Bekämpfung - 21.08.2015 (16)
  2. Windows 7 64Bit Sperrbildschirm / FRST txt anbei
    Log-Analyse und Auswertung - 11.04.2014 (11)
  3. Windows 7: Interpol-Trojaner, FRST-Scan angefügt
    Log-Analyse und Auswertung - 02.04.2014 (10)
  4. Windows7: GUV/Interpol-Trojaner mit Sperrbildschirm... Komme nicht weiter
    Log-Analyse und Auswertung - 05.02.2014 (6)
  5. Interpol Trojaner Windows 7 Statusfenster von frst erscheint nicht
    Log-Analyse und Auswertung - 08.12.2013 (3)
  6. FRST.txt nach Interpol-Polizei Trojaner/Virus
    Plagegeister aller Art und deren Bekämpfung - 28.11.2013 (3)
  7. Trojaner Interpol mit Sperrbildschirm - Abgesichter Modus nicht möglich
    Log-Analyse und Auswertung - 25.10.2013 (13)
  8. Interpol Sperrbildschirm/Trojaner WIN 7
    Log-Analyse und Auswertung - 15.10.2013 (7)
  9. Sperrbildschirm Interpol
    Log-Analyse und Auswertung - 03.10.2013 (12)
  10. GUV Trojaner mit Sperrbildschirm --> Schritte nach FRST Scan
    Log-Analyse und Auswertung - 01.10.2013 (9)
  11. GVU Trojaner! FRST scan schon durchgeführt, wie gehts weiter?
    Log-Analyse und Auswertung - 16.09.2013 (10)
  12. Interpol Trojaner hat PC gesperrt - frst Scan bereits durchgeführt
    Plagegeister aller Art und deren Bekämpfung - 14.08.2013 (7)
  13. Interpol Trojaner - FRST Logfile includiert
    Plagegeister aller Art und deren Bekämpfung - 13.08.2013 (13)
  14. Interpol Trojaner - Sperschirm//FRST.Log schon angehängt
    Plagegeister aller Art und deren Bekämpfung - 12.08.2013 (9)
  15. GVU Trojaner auf Asus EEE PC Windows 7 Starter - FRST Scan
    Log-Analyse und Auswertung - 06.08.2013 (13)
  16. Weißer Bildschirm nach Neustart, scan via FRST.exe --> FRST.txt
    Log-Analyse und Auswertung - 06.08.2013 (5)
  17. GVU-Trojaner Scan-Ergebnis mit Frst.exe
    Log-Analyse und Auswertung - 18.05.2013 (5)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema WIN 7 / Sperrbildschirm(interpol trojaner) / FRST-Scan - Hallo Trojaner-Board! Hab seit heute morgen diesen nervigen Sperrbildschirm-Interpol-Trojaner auf meinem Rechner Ich habe den Farbar-Scan durchgeführt und unten das Logfile angehängt. Im Hintergrund kann ich von meinem AVG-Antivirus (trial-Version) - WIN 7 / Sperrbildschirm(interpol trojaner) / FRST-Scan...
Archiv
Du betrachtest: WIN 7 / Sperrbildschirm(interpol trojaner) / FRST-Scan auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132