| |
| |||||||
Log-Analyse und Auswertung: WIN 7 / Sperrbildschirm(interpol trojaner) / FRST-ScanWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
09.10.2013, 12:59
| #1 |
| |  WIN 7 / Sperrbildschirm(interpol trojaner) / FRST-Scan Hallo Trojaner-Board! Hab seit heute morgen diesen nervigen Sperrbildschirm-Interpol-Trojaner auf meinem Rechner  Ich habe den Farbar-Scan durchgeführt und unten das Logfile angehängt. Im Hintergrund kann ich von meinem AVG-Antivirus (trial-Version) sehen, dass eine Bedrohung erkannt wurde. Folgendes kann ich lesen (leider nicht mehr da ich nichts bewegen kann und der Sperrbildschirm direkt wieder aufgeht): Luhe.Sirefef.A gefunden /c:Program Files (x86)/Google/Desktop/In... Trojaner:Generic34.CNMQ /c:Program Files (x86)/Google/Desktop/In... Würde mich sehr über Hilfe freuen, bin schon am verzweifeln gewesen  Liebe Grüße Daniel. Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by SYSTEM on MININT-G5OHM2O on 09-10-2013 13:37:06
Running from F:\
Windows 7 Professional (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor)
HKLM\...\Run: [VX1000] - C:\Windows\vVX1000.exe [762224 2009-06-30] (Microsoft Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-08-27] (NVIDIA Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation)
HKLM-x32\...\Run: [XFastUSB] - C:\Program Files (x86)\XFastUSB\XFastUsb.exe [5019360 2012-06-15] (FNet Co., Ltd.)
HKLM-x32\...\Run: [THX TruStudio NB Settings] - C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe [909824 2011-05-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] - C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [AVG_UI] - "E:\Programme\avgui.exe" /TRAYONLY
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - "E:\Programme\hamachi-2-ui.exe" --auto-start
HKU\Daniel\...\Run: [ASRockXTU] - [x]
HKU\Daniel\...\Run: [zASRockInstantBoot] - [x]
HKU\Daniel\...\Run: [Google Update] - C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-15] (Google Inc.)
HKU\Daniel\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKU\Daniel\...\Run: [Spotify Web Helper] - C:\Users\Daniel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-05] (Spotify Ltd)
HKU\Daniel\...\Run: [DAEMON Tools Lite] - "E:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun
HKU\Daniel\...\Run: [Spotify] - C:\Users\Daniel\AppData\Roaming\Spotify\spotify.exe [4736000 2013-10-05] (Spotify Ltd)
HKU\Daniel\...\Run: [Google Update] - C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-15] (Google Inc.)
HKU\Daniel\...\Winlogon: [Shell] explorer.exe,C:\Users\Daniel\AppData\Roaming\cache.dat <==== ATTENTION
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [168616 2013-09-12] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [141336 2013-09-12] (NVIDIA Corporation)
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gabn7mqlc.lnk
ShortcutTarget: gabn7mqlc.lnk -> C:\PROGRA~3\clqm7nbag.plz ()
==================== Services (Whitelisted) =================
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [121344 2012-02-07] ()
S2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14997280 2013-08-27] (NVIDIA Corporation)
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-05-21] ()
S2 Winmgmt; C:\PROGRA~3\gabn7mqlc.pzz [60512 2013-10-09] (Microsoft Corporation)
S2 Winmgmt; C:\PROGRA~3\gabn7mqlc.pzz [60512 2013-10-09] (Microsoft Corporation)
S2 avgfws; E:\Programme\avgfws.exe [x]
S2 AVGIDSAgent; E:\Programme\avgidsagent.exe [x]
S2 avgwd; E:\Programme\avgwdsvc.exe [x]
S2 Hamachi2Svc; E:\Programme\hamachi-2.exe -s [x]
S2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{a4cab183-1a68-a2e3-834c-d72db022f1b2}\ \...\???\{a4cab183-1a68-a2e3-834c-d72db022f1b2}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
==================== Drivers (Whitelisted) ====================
S0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology)
S0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.)
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [147768 2013-08-01] (AVG Technologies CZ, s.r.o.)
S1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [241464 2013-09-02] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192824 2013-09-02] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-09-02] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-09-02] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-08-20] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-08] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-04-28] (DT Soft Ltd)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2013-09-17] (FNet Co., Ltd.)
S1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2012-06-15] (FNet Co., Ltd.)
S3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
S3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
S3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] ()
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-08-20] (NVIDIA Corporation)
S3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2013-10-09] ()
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-09 13:36 - 2013-10-09 13:36 - 00000000 ____D C:\FRST
2013-10-09 12:22 - 2013-10-09 12:22 - 00094656 _____ (CACE Technologies) C:\Windows\System32\WPRO_41_2001woem.tmp
2013-10-09 11:14 - 2013-10-09 11:14 - 00000004 _____ C:\Users\Daniel\AppData\Roaming\cache.ini
2013-10-09 11:13 - 2013-10-09 12:25 - 95025368 ____T C:\ProgramData\gabn7mqlc.pff
2013-10-09 11:13 - 2013-10-09 12:22 - 00000000 _____ C:\ProgramData\gabn7mqlc.ctrl
2013-10-09 11:13 - 2013-10-09 11:13 - 00113664 _____ C:\ProgramData\clqm7nbag.plz
2013-10-09 11:13 - 2013-10-09 11:13 - 00060512 ____T (Microsoft Corporation) C:\ProgramData\gabn7mqlc.pzz
2013-10-07 06:44 - 2013-10-07 07:22 - 00000000 ____D C:\Users\Daniel\AppData\Local\DTAG
2013-10-07 06:44 - 2013-10-07 06:44 - 00000000 ____D C:\Users\Daniel\AppData\Local\mquadr.at
2013-10-07 06:44 - 2013-10-07 06:44 - 00000000 ____D C:\ProgramData\mquadr.at
2013-10-07 06:44 - 2013-05-21 16:20 - 00249824 ____N (mquadr.at software engineering & consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at) C:\Windows\SysWOW64\SSDPDiscovery.dll
2013-10-07 06:44 - 2013-05-02 14:36 - 03490112 ____N (mquadr.at software engineering & consulting GmbH) C:\Windows\SysWOW64\m2network64helper.exe
2013-10-07 06:44 - 2013-05-02 08:09 - 03748672 ____N (mquadr.at software engineering und consulting GmbH) C:\Windows\SysWOW64\M2ElevatedCalls.dll
2013-10-07 06:44 - 2013-05-02 08:08 - 00962368 ____N (mquadr.at software engineering) C:\Windows\SysWOW64\M2ElevatedNetworkAdapters.dll
2013-10-07 06:44 - 2012-12-03 14:58 - 00279040 ____N (Nicomsoft Ltd.) C:\Windows\System32\WiFiMan.dll
2013-10-07 06:44 - 2012-12-03 14:57 - 00238592 ____N (Nicomsoft Ltd.) C:\Windows\SysWOW64\WiFiMan.dll
2013-10-01 10:00 - 2013-10-01 10:00 - 00000000 ____D C:\Windows\SysWOW64\NV
2013-10-01 10:00 - 2013-10-01 10:00 - 00000000 ____D C:\Windows\System32\NV
2013-10-01 10:00 - 2013-10-01 10:00 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-10-01 09:59 - 2013-09-12 09:58 - 29337376 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 25256224 _____ (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 22102304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 15703688 _____ (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 13628208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 11274528 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2013-10-01 09:59 - 2013-09-12 09:58 - 09281032 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 07720576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 07648000 _____ (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 06329552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 02970400 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 02789152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 02367264 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 02007328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 01884448 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6432723.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 01511712 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6432723.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 00681760 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 00603424 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 00586016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 00515360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 00458528 _____ (NVIDIA Corporation) C:\Windows\System32\nvEncodeAPI64.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 00388384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 00317472 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglshim64.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-10-01 09:59 - 2013-06-16 13:38 - 00196384 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys
2013-10-01 09:59 - 2013-06-16 13:38 - 00031520 _____ (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll
2013-10-01 09:42 - 2013-08-20 14:33 - 00039200 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvvad64v.sys
2013-10-01 09:42 - 2013-08-20 14:32 - 00028448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-09-27 17:59 - 2013-09-27 17:59 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\AVG2014
2013-09-27 17:55 - 2013-09-27 17:58 - 00000000 ____D C:\ProgramData\AVG2014
2013-09-27 17:55 - 2013-09-27 17:55 - 00000564 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-09-27 16:47 - 2013-09-28 12:30 - 00000000 ____D C:\Users\Daniel\AppData\Local\Avg2014
2013-09-12 17:24 - 2013-09-12 17:24 - 01303624 _____ C:\Windows\Minidump\091213-21450-01.dmp
2013-09-12 17:24 - 2013-09-12 17:24 - 00000000 ____D C:\Windows\Minidump
2013-09-12 00:20 - 2013-08-10 06:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-09-12 00:20 - 2013-08-10 06:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-09-12 00:20 - 2013-08-10 06:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-09-12 00:20 - 2013-08-10 06:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-09-12 00:20 - 2013-08-10 06:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-09-12 00:20 - 2013-08-10 06:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-09-12 00:20 - 2013-08-10 06:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-09-12 00:20 - 2013-08-10 06:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-09-12 00:20 - 2013-08-10 06:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-09-12 00:20 - 2013-08-10 06:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-09-12 00:20 - 2013-08-10 06:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-09-12 00:20 - 2013-08-10 06:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-09-12 00:20 - 2013-08-10 06:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-09-12 00:20 - 2013-08-10 06:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-09-12 00:20 - 2013-08-10 04:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-12 00:20 - 2013-08-10 04:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-12 00:20 - 2013-08-10 04:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-12 00:20 - 2013-08-10 04:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-12 00:20 - 2013-08-10 04:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-12 00:20 - 2013-08-10 04:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-12 00:20 - 2013-08-10 04:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-12 00:20 - 2013-08-10 04:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-12 00:20 - 2013-08-10 04:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-12 00:20 - 2013-08-10 04:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-12 00:20 - 2013-08-10 04:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-12 00:20 - 2013-08-10 04:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-12 00:20 - 2013-08-10 04:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-12 00:20 - 2013-08-10 04:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-09-12 00:20 - 2013-08-10 04:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-12 00:20 - 2013-08-10 03:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-12 00:20 - 2013-08-10 03:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-12 00:17 - 2013-09-12 00:17 - 00571168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2013-09-11 09:22 - 2013-08-08 02:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-09-11 09:22 - 2013-08-05 03:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ataport.sys
2013-09-11 09:22 - 2013-08-02 03:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-09-11 09:22 - 2013-08-02 03:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-09-11 09:22 - 2013-08-02 03:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2013-09-11 09:22 - 2013-08-02 03:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-09-11 09:22 - 2013-08-02 03:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2013-09-11 09:22 - 2013-08-02 03:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-09-11 09:22 - 2013-08-02 03:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2013-09-11 09:22 - 2013-08-02 03:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-09-11 09:22 - 2013-08-02 03:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-11 09:22 - 2013-08-02 02:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-11 09:22 - 2013-08-02 02:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-11 09:22 - 2013-08-02 02:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-11 09:22 - 2013-08-02 02:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-11 09:22 - 2013-08-02 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-09-11 09:22 - 2013-08-02 01:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-09-11 09:22 - 2013-08-02 01:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-11 09:22 - 2013-08-02 01:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-11 09:22 - 2013-08-02 01:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-11 09:22 - 2013-08-02 01:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-11 09:22 - 2013-08-02 01:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 01:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 01:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 01:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-11 09:22 - 2013-07-26 03:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-09-11 09:22 - 2013-07-26 03:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-09-11 09:22 - 2013-07-26 02:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-11 09:22 - 2013-07-26 02:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
==================== One Month Modified Files and Folders =======
2013-10-09 13:36 - 2013-10-09 13:36 - 00000000 ____D C:\FRST
2013-10-09 12:25 - 2013-10-09 11:13 - 95025368 ____T C:\ProgramData\gabn7mqlc.pff
2013-10-09 12:25 - 2012-06-16 14:42 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-09 12:23 - 2012-06-15 20:17 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Skype
2013-10-09 12:22 - 2013-10-09 12:22 - 00094656 _____ (CACE Technologies) C:\Windows\System32\WPRO_41_2001woem.tmp
2013-10-09 12:22 - 2013-10-09 11:13 - 00000000 _____ C:\ProgramData\gabn7mqlc.ctrl
2013-10-09 12:22 - 2013-03-15 12:20 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-09 12:22 - 2013-03-12 20:49 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Spotify
2013-10-09 12:22 - 2012-08-30 21:17 - 00000000 ____D C:\Users\Daniel\AppData\Local\LogMeIn Hamachi
2013-10-09 12:22 - 2012-08-23 21:42 - 00000000 ___RD C:\Users\Daniel\Dropbox
2013-10-09 12:22 - 2012-08-23 21:35 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Dropbox
2013-10-09 12:22 - 2012-06-15 17:03 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-09 12:22 - 2012-06-15 16:54 - 00709294 _____ C:\Windows\PFRO.log
2013-10-09 12:22 - 2012-06-15 16:53 - 00034752 _____ C:\Windows\System32\Drivers\WPRO_41_2001.sys
2013-10-09 12:22 - 2012-06-15 16:51 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2013-10-09 12:22 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-09 12:22 - 2009-07-14 05:51 - 00064401 _____ C:\Windows\setupact.log
2013-10-09 12:06 - 2012-06-15 16:44 - 01998097 _____ C:\Windows\WindowsUpdate.log
2013-10-09 12:06 - 2009-07-14 05:45 - 00014944 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-09 12:06 - 2009-07-14 05:45 - 00014944 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-09 11:59 - 2009-07-14 06:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-09 11:29 - 2012-06-15 17:20 - 00000000 ____D C:\Program Files (x86)\Origin
2013-10-09 11:14 - 2013-10-09 11:14 - 00000004 _____ C:\Users\Daniel\AppData\Roaming\cache.ini
2013-10-09 11:13 - 2013-10-09 11:13 - 00113664 _____ C:\ProgramData\clqm7nbag.plz
2013-10-09 11:13 - 2013-10-09 11:13 - 00060512 ____T (Microsoft Corporation) C:\ProgramData\gabn7mqlc.pzz
2013-10-09 11:13 - 2013-03-15 12:20 - 00000000 ____D C:\Program Files (x86)\Google
2013-10-09 11:13 - 2012-06-17 17:16 - 00000000 ____D C:\Users\Daniel\AppData\Local\CrashDumps
2013-10-09 11:13 - 2012-06-15 17:17 - 00000000 ____D C:\Users\Daniel\AppData\Local\Google
2013-10-09 10:59 - 2012-06-15 17:17 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2477343632-1281009956-176077191-1000UA.job
2013-10-09 10:36 - 2013-03-15 12:20 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-09 09:10 - 2012-06-15 16:51 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2013-10-09 08:16 - 2012-08-30 13:25 - 00000000 ____D C:\ProgramData\MFAData
2013-10-09 08:13 - 2009-07-14 18:58 - 00696832 _____ C:\Windows\System32\perfh007.dat
2013-10-09 08:13 - 2009-07-14 18:58 - 00148128 _____ C:\Windows\System32\perfc007.dat
2013-10-09 08:13 - 2009-07-14 06:13 - 01613340 _____ C:\Windows\System32\PerfStringBackup.INI
2013-10-08 21:25 - 2012-06-16 14:42 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-08 21:25 - 2012-06-16 14:42 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-08 21:25 - 2012-06-16 14:42 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-08 21:10 - 2013-02-25 23:36 - 00291088 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-10-08 21:10 - 2013-02-25 23:36 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-10-08 21:10 - 2012-06-15 17:48 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-10-08 18:59 - 2012-06-15 17:17 - 00001072 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2477343632-1281009956-176077191-1000Core.job
2013-10-08 18:54 - 2012-06-15 17:17 - 00004100 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2477343632-1281009956-176077191-1000UA
2013-10-08 18:54 - 2012-06-15 17:17 - 00003704 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2477343632-1281009956-176077191-1000Core
2013-10-07 21:13 - 2012-06-15 16:43 - 00000000 ____D C:\users\Daniel
2013-10-07 21:13 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-10-07 13:27 - 2013-03-12 20:49 - 00000000 ____D C:\Users\Daniel\AppData\Local\Spotify
2013-10-07 07:22 - 2013-10-07 06:44 - 00000000 ____D C:\Users\Daniel\AppData\Local\DTAG
2013-10-07 06:44 - 2013-10-07 06:44 - 00000000 ____D C:\Users\Daniel\AppData\Local\mquadr.at
2013-10-07 06:44 - 2013-10-07 06:44 - 00000000 ____D C:\ProgramData\mquadr.at
2013-10-01 10:00 - 2013-10-01 10:00 - 00000000 ____D C:\Windows\SysWOW64\NV
2013-10-01 10:00 - 2013-10-01 10:00 - 00000000 ____D C:\Windows\System32\NV
2013-10-01 10:00 - 2013-10-01 10:00 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-10-01 10:00 - 2012-06-15 17:02 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-09-30 15:07 - 2012-06-15 17:46 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-09-28 12:30 - 2013-09-27 16:47 - 00000000 ____D C:\Users\Daniel\AppData\Local\Avg2014
2013-09-27 18:00 - 2012-12-28 14:59 - 00000000 ____D C:\Program Files (x86)\AVG
2013-09-27 17:59 - 2013-09-27 17:59 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\AVG2014
2013-09-27 17:59 - 2012-08-30 13:29 - 00000000 ___HD C:\$AVG
2013-09-27 17:58 - 2013-09-27 17:55 - 00000000 ____D C:\ProgramData\AVG2014
2013-09-27 17:58 - 2012-12-28 14:59 - 00000000 ____D C:\ProgramData\AVG2013
2013-09-27 17:55 - 2013-09-27 17:55 - 00000564 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-09-20 15:31 - 2012-11-10 14:23 - 00000000 ____D C:\Users\Daniel\AppData\Local\Windows Live
2013-09-17 15:06 - 2012-07-12 10:19 - 00032320 _____ (FNet Co., Ltd.) C:\Windows\System32\Drivers\FNETTBOH_305.SYS
2013-09-14 11:28 - 2012-07-24 13:42 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-12 17:24 - 2013-09-12 17:24 - 01303624 _____ C:\Windows\Minidump\091213-21450-01.dmp
2013-09-12 17:24 - 2013-09-12 17:24 - 00000000 ____D C:\Windows\Minidump
2013-09-12 10:45 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-09-12 09:58 - 2013-10-01 09:59 - 29337376 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 25256224 _____ (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 22102304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 15703688 _____ (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 13628208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 11274528 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2013-09-12 09:58 - 2013-10-01 09:59 - 09281032 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 07720576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 07648000 _____ (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 06329552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 02970400 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 02789152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 02367264 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 02007328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 01884448 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6432723.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 01511712 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6432723.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 00681760 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 00603424 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 00586016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 00515360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 00458528 _____ (NVIDIA Corporation) C:\Windows\System32\nvEncodeAPI64.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 00388384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 00317472 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglshim64.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-09-12 09:58 - 2013-02-25 23:52 - 01222824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-09-12 09:58 - 2013-02-25 23:52 - 00168616 _____ (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
2013-09-12 09:58 - 2013-02-25 23:52 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-09-12 09:58 - 2012-10-12 17:54 - 02630304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-09-12 09:58 - 2012-06-15 17:02 - 15901448 _____ (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2013-09-12 09:58 - 2012-06-15 17:02 - 12947360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-09-12 09:58 - 2012-06-15 17:02 - 02986672 _____ (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2013-09-12 09:58 - 2012-06-15 17:02 - 01412832 _____ (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll
2013-09-12 09:58 - 2012-06-15 17:02 - 00022814 _____ C:\Windows\System32\nvinfo.pb
2013-09-12 08:25 - 2012-06-15 17:02 - 06599968 _____ (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2013-09-12 08:25 - 2012-06-15 17:02 - 03452192 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2013-09-12 08:25 - 2012-06-15 17:02 - 02559776 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2013-09-12 08:25 - 2012-06-15 17:02 - 00920864 _____ (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2013-09-12 08:25 - 2012-06-15 17:02 - 00219424 _____ (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2013-09-12 08:25 - 2012-06-15 17:02 - 00063776 _____ (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2013-09-12 08:03 - 2009-07-14 05:45 - 00311784 _____ C:\Windows\System32\FNTCACHE.DAT
2013-09-12 00:20 - 2013-08-13 22:25 - 00000000 ____D C:\Windows\System32\MRT
2013-09-12 00:19 - 2012-06-21 18:42 - 79143768 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-09-12 00:17 - 2013-09-12 00:17 - 00571168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2013-09-11 23:06 - 2012-06-15 17:02 - 03361114 _____ C:\Windows\System32\nvcoproc.bin
ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini
ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini
Files to move or delete:
====================
C:\Users\Daniel\AppData\Roaming\cache.ini
ZeroAccess:
C:\Users\Daniel\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install
C:\ProgramData\clqm7nbag.plz
C:\ProgramData\gabn7mqlc.ctrl
C:\ProgramData\gabn7mqlc.pff
Some content of TEMP:
====================
C:\Users\Daniel\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Daniel\AppData\Local\Temp\drm_dyndata_7330017.dll
C:\Users\Daniel\AppData\Local\Temp\fx-runtime.exe
C:\Users\Daniel\AppData\Local\Temp\h-1938417301.tmp.exe
C:\Users\Daniel\AppData\Local\Temp\h-79531810.tmp.dll
C:\Users\Daniel\AppData\Local\Temp\h58141557.tmp.exe
C:\Users\Daniel\AppData\Local\Temp\ICReinstall_VideoConverterSetup.exe
C:\Users\Daniel\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Daniel\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Daniel\AppData\Local\Temp\nvStereoApiI64.dll
C:\Users\Daniel\AppData\Local\Temp\nvStInst.exe
C:\Users\Daniel\AppData\Local\Temp\ose00000.exe
C:\Users\Daniel\AppData\Local\Temp\rhrdk_20080527.exe
C:\Users\Daniel\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Daniel\AppData\Local\Temp\sonarinst.exe
C:\Users\Daniel\AppData\Local\Temp\SpotifyUpgrader.exe
C:\Users\Daniel\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Daniel\AppData\Local\Temp\uninstaller-4648.exe
C:\Users\Daniel\AppData\Local\Temp\wajam_install.exe
C:\Users\Daniel\AppData\Local\Temp\_isDE1E.exe
C:\Users\Daniel\AppData\Local\Temp\~tmf9167799996504937257.dll
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
4
Restore point made on: 2013-09-27 17:55:25
Restore point made on: 2013-09-27 17:55:40
Restore point made on: 2013-10-05 17:19:37
Restore point made on: 2013-10-07 16:42:10
==================== Memory info ===========================
Percentage of memory in use: 9%
Total physical RAM: 8086.39 MB
Available physical RAM: 7310.66 MB
Total Pagefile: 8084.54 MB
Available Pagefile: 7319.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:119.02 GB) (Free:10.01 GB) NTFS
Drive d: () (Fixed) (Total:596.05 GB) (Free:549.6 GB) NTFS
Drive f: (TRANSCEND) (Removable) (Total:14.95 GB) (Free:13.05 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 119 GB) (Disk ID: 00000000)
Partition: GPT Partition Type
========================================================
Disk: 1 (Size: 596 GB) (Disk ID: 1549F232)
Partition: GPT Partition Type
========================================================
Disk: 2 (Size: 15 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0B)
LastRegBack: 2013-10-01 10:40
==================== End Of Log ============================
|
|
09.10.2013, 13:06
| #2 |
| /// TB-Ausbilder   |  WIN 7 / Sperrbildschirm(interpol trojaner) / FRST-Scan Hi,
__________________du hast dir da noch mehr als nur diesen Sperrbildschirm eingefangen.. Aber eins nach dem anderen, zuerst entsperren. Kannst du nach folgendem Fix den Rechner wieder normal starten? Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\Daniel\...\Winlogon: [Shell] explorer.exe,C:\Users\Daniel\AppData\Roaming\cache.dat <==== ATTENTION
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gabn7mqlc.lnk
ShortcutTarget: gabn7mqlc.lnk -> C:\PROGRA~3\clqm7nbag.plz ()
S2 Winmgmt; C:\PROGRA~3\gabn7mqlc.pzz [60512 2013-10-09] (Microsoft Corporation)
S2 Winmgmt; C:\PROGRA~3\gabn7mqlc.pzz [60512 2013-10-09] (Microsoft Corporation)
C:\ProgramData\clqm7nbag.plz
C:\ProgramData\gabn7mqlc.ctrl
C:\ProgramData\gabn7mqlc.pff
C:\Users\Daniel\AppData\Roaming\cache.dat
2013-10-09 11:14 - 2013-10-09 11:14 - 00000004 _____ C:\Users\Daniel\AppData\Roaming\cache.ini
2013-10-09 11:13 - 2013-10-09 11:13 - 00060512 ____T (Microsoft Corporation) C:\ProgramData\gabn7mqlc.pzz
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.
__________________ |
|
09.10.2013, 14:04
| #3 |
| | WIN 7 / Sperrbildschirm(interpol trojaner) / FRST-Scan Hallo Leo,
__________________danke erstmal für diese unglaublich schnelle Antwort! Ohjeh hoffentlich wird das wieder :S Hier die Fixlog.txt grüße daniel Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013
Ran by SYSTEM at 2013-10-09 15:02:58 Run:1
Running from F:\
Boot Mode: Recovery
==============================================
Content of fixlist:
*****************
HKU\Daniel\...\Winlogon: [Shell] explorer.exe,C:\Users\Daniel\AppData\Roaming\cache.dat <==== ATTENTION
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gabn7mqlc.lnk
ShortcutTarget: gabn7mqlc.lnk -> C:\PROGRA~3\clqm7nbag.plz ()
S2 Winmgmt; C:\PROGRA~3\gabn7mqlc.pzz [60512 2013-10-09] (Microsoft Corporation)
S2 Winmgmt; C:\PROGRA~3\gabn7mqlc.pzz [60512 2013-10-09] (Microsoft Corporation)
C:\ProgramData\clqm7nbag.plz
C:\ProgramData\gabn7mqlc.ctrl
C:\ProgramData\gabn7mqlc.pff
C:\Users\Daniel\AppData\Roaming\cache.dat
2013-10-09 11:14 - 2013-10-09 11:14 - 00000004 _____ C:\Users\Daniel\AppData\Roaming\cache.ini
2013-10-09 11:13 - 2013-10-09 11:13 - 00060512 ____T (Microsoft Corporation) C:\ProgramData\gabn7mqlc.pzz
*****************
HKU\Daniel\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gabn7mqlc.lnk => Moved successfully.
C:\PROGRA~3\clqm7nbag.plz => Moved successfully.
Winmgmt => Service restored successfully.
Winmgmt => Service restored successfully.
"C:\ProgramData\clqm7nbag.plz" => File/Directory not found.
C:\ProgramData\gabn7mqlc.ctrl => Moved successfully.
C:\ProgramData\gabn7mqlc.pff => Moved successfully.
"C:\Users\Daniel\AppData\Roaming\cache.dat" => File/Directory not found.
C:\Users\Daniel\AppData\Roaming\cache.ini => Moved successfully.
C:\ProgramData\gabn7mqlc.pzz => Moved successfully.
==== End of Fixlog ====
|
|
09.10.2013, 14:27
| #4 |
| /// TB-Ausbilder | WIN 7 / Sperrbildschirm(interpol trojaner) / FRST-Scan Und startet der Rechner jetzt wieder normal?
__________________ cheers, Leo |
|
09.10.2013, 14:31
| #5 |
| | WIN 7 / Sperrbildschirm(interpol trojaner) / FRST-Scan Ja tut er, der Sperrbildschirm erscheint nicht mehr! Das ist doch schon einmal was  |
|
09.10.2013, 14:36
| #6 |
| /// TB-Ausbilder | WIN 7 / Sperrbildschirm(interpol trojaner) / FRST-Scan Ok, aber dann gibt's ja noch eine zweite Baustelle.. Verschiebe die frst64.exe vom USB-Stick auf den Desktop.
__________________ --> WIN 7 / Sperrbildschirm(interpol trojaner) / FRST-Scan |
|
09.10.2013, 14:50
| #7 |
| | WIN 7 / Sperrbildschirm(interpol trojaner) / FRST-Scan FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Daniel (administrator) on DANIEL-PC on 09-10-2013 15:46:49
Running from C:\Users\Daniel\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AVG Technologies CZ, s.r.o.) E:\PROGRA~1\avgrsa.exe
(AVG Technologies CZ, s.r.o.) E:\Programme\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) E:\Programme\avgfws.exe
(AVG Technologies CZ, s.r.o.) E:\Programme\avgidsagent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\vVX1000.exe
(AVG Technologies CZ, s.r.o.) E:\Programme\avgwdsvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(LogMeIn Inc.) E:\Programme\hamachi-2.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Spotify Ltd) C:\Users\Daniel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Spotify Ltd) C:\Users\Daniel\AppData\Roaming\Spotify\spotify.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Dropbox, Inc.) C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(FNet Co., Ltd.) C:\Program Files (x86)\XFastUSB\XFastUsb.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) E:\Programme\avgui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(AVG Technologies CZ, s.r.o.) E:\Programme\avgnsa.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVG Technologies CZ, s.r.o.) E:\Programme\avgcsrva.exe
() C:\Users\Daniel\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Daniel\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Daniel\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Daniel\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Daniel\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor)
HKLM\...\Run: [VX1000] - C:\Windows\vVX1000.exe [762224 2009-06-30] (Microsoft Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-08-27] (NVIDIA Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [ASRockXTU] - [x]
HKCU\...\Run: [zASRockInstantBoot] - [x]
HKCU\...\Run: [Google Update] - C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-15] (Google Inc.)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Daniel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-05] (Spotify Ltd)
HKCU\...\Run: [DAEMON Tools Lite] - E:\Programme\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKCU\...\Run: [Spotify] - C:\Users\Daniel\AppData\Roaming\Spotify\spotify.exe [4736000 2013-10-05] (Spotify Ltd)
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
MountPoints2: {5d44367d-afef-11e2-8f43-bc5ff43694a8} - F:\setup.exe
MountPoints2: {d2b5a153-b732-11e1-8c99-806e6f6e6963} - D:\ASRSetup.exe
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation)
HKLM-x32\...\Run: [XFastUSB] - C:\Program Files (x86)\XFastUSB\XFastUsb.exe [5019360 2012-06-15] (FNet Co., Ltd.)
HKLM-x32\...\Run: [THX TruStudio NB Settings] - C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe [909824 2011-05-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] - C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [AVG_UI] - E:\Programme\avgui.exe [4851760 2013-09-15] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - E:\Programme\hamachi-2-ui.exe [2255184 2013-06-28] (LogMeIn Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [168616 2013-09-12] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [141336 2013-09-12] (NVIDIA Corporation)
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=52355e85-90ca-48c7-a83f-41952d47723c&searchtype=ds&q={searchTerms}&installDate=28/04/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3D22A9152358CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=52355e85-90ca-48c7-a83f-41952d47723c&searchtype=ds&q={searchTerms}&installDate=28/04/2013
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=52355e85-90ca-48c7-a83f-41952d47723c&searchtype=ds&q={searchTerms}&installDate=28/04/2013
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=52355e85-90ca-48c7-a83f-41952d47723c&searchtype=ds&q={searchTerms}&installDate=28/04/2013
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=52355e85-90ca-48c7-a83f-41952d47723c&searchtype=ds&q={searchTerms}&installDate=28/04/2013
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=52355e85-90ca-48c7-a83f-41952d47723c&searchtype=ds&q={searchTerms}&installDate=28/04/2013
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Programme\avgppa.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Programme\avgpp.dll No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 06 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 06 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 mswsock.dll File Not found ()
Winsock: Catalog9-x64 02 mswsock.dll File Not found ()
Winsock: Catalog9-x64 03 mswsock.dll File Not found ()
Winsock: Catalog9-x64 04 mswsock.dll File Not found ()
Winsock: Catalog9-x64 05 mswsock.dll File Not found ()
Winsock: Catalog9-x64 06 mswsock.dll File Not found ()
Winsock: Catalog9-x64 07 mswsock.dll File Not found ()
Winsock: Catalog9-x64 08 mswsock.dll File Not found ()
Winsock: Catalog9-x64 09 mswsock.dll File Not found ()
Winsock: Catalog9-x64 10 mswsock.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/", "hxxp://www.facebook.com/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Daniel\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Daniel\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Daniel\AppData\Local\Google\Chrome\Application\30.0.1599.69\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Google Update) - C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (ProxTube) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.4_0
CHR Extension: (YouTube) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.8_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR StartMenuInternet: Google Chrome - C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
R2 avgfws; E:\Programme\avgfws.exe [1358944 2013-09-22] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; E:\Programme\avgidsagent.exe [3538480 2013-09-03] (AVG Technologies CZ, s.r.o.)
R2 avgwd; E:\Programme\avgwdsvc.exe [301152 2013-09-22] (AVG Technologies CZ, s.r.o.)
R2 Hamachi2Svc; E:\Programme\hamachi-2.exe [2470736 2013-06-28] (LogMeIn Inc.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [121344 2012-02-07] ()
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14997280 2013-08-27] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-05-21] ()
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{a4cab183-1a68-a2e3-834c-d72db022f1b2}\ \...\???\{a4cab183-1a68-a2e3-834c-d72db022f1b2}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
==================== Drivers (Whitelisted) ====================
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology)
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [147768 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [241464 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192824 2013-09-02] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-04-28] (DT Soft Ltd)
R3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2013-09-17] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2012-06-15] (FNet Co., Ltd.)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] ()
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-08-20] (NVIDIA Corporation)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2013-10-09] ()
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-09 15:46 - 2013-10-09 13:14 - 01954124 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe
2013-10-09 15:30 - 2013-10-09 15:30 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2013-10-09 14:36 - 2013-10-09 14:36 - 00000000 ____D C:\FRST
2013-10-09 12:14 - 2013-10-09 12:14 - 00001029 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startupgabn7mqlc.lnk
2013-10-07 07:44 - 2013-10-07 08:22 - 00000000 ____D C:\Users\Daniel\AppData\Local\DTAG
2013-10-07 07:44 - 2013-10-07 07:44 - 00000000 ____D C:\Users\Daniel\AppData\Local\mquadr.at
2013-10-07 07:44 - 2013-10-07 07:44 - 00000000 ____D C:\ProgramData\mquadr.at
2013-10-07 07:44 - 2013-05-21 17:20 - 00249824 ____N (mquadr.at software engineering & consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at) C:\Windows\SysWOW64\SSDPDiscovery.dll
2013-10-07 07:44 - 2013-05-02 15:36 - 03490112 ____N (mquadr.at software engineering & consulting GmbH) C:\Windows\SysWOW64\m2network64helper.exe
2013-10-07 07:44 - 2013-05-02 09:09 - 03748672 ____N (mquadr.at software engineering und consulting GmbH) C:\Windows\SysWOW64\M2ElevatedCalls.dll
2013-10-07 07:44 - 2013-05-02 09:08 - 00962368 ____N (mquadr.at software engineering) C:\Windows\SysWOW64\M2ElevatedNetworkAdapters.dll
2013-10-07 07:44 - 2012-12-03 15:58 - 00279040 ____N (Nicomsoft Ltd.) C:\Windows\system32\WiFiMan.dll
2013-10-07 07:44 - 2012-12-03 15:57 - 00238592 ____N (Nicomsoft Ltd.) C:\Windows\SysWOW64\WiFiMan.dll
2013-10-01 11:00 - 2013-10-01 11:00 - 00000000 ____D C:\Windows\SysWOW64\NV
2013-10-01 11:00 - 2013-10-01 11:00 - 00000000 ____D C:\Windows\system32\NV
2013-10-01 11:00 - 2013-10-01 11:00 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-10-01 10:59 - 2013-09-12 10:58 - 29337376 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-10-01 10:59 - 2013-09-12 10:58 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-10-01 10:59 - 2013-09-12 10:58 - 22102304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-10-01 10:59 - 2013-09-12 10:58 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-10-01 10:59 - 2013-09-12 10:58 - 15703688 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-10-01 10:59 - 2013-09-12 10:58 - 13628208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-10-01 10:59 - 2013-09-12 10:58 - 11274528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-10-01 10:59 - 2013-09-12 10:58 - 09281032 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-10-01 10:59 - 2013-09-12 10:58 - 07720576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-10-01 10:59 - 2013-09-12 10:58 - 07648000 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-10-01 10:59 - 2013-09-12 10:58 - 06329552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-10-01 10:59 - 2013-09-12 10:58 - 02970400 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-10-01 10:59 - 2013-09-12 10:58 - 02789152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-10-01 10:59 - 2013-09-12 10:58 - 02367264 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-10-01 10:59 - 2013-09-12 10:58 - 02007328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-10-01 10:59 - 2013-09-12 10:58 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6432723.dll
2013-10-01 10:59 - 2013-09-12 10:58 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6432723.dll
2013-10-01 10:59 - 2013-09-12 10:58 - 00681760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-10-01 10:59 - 2013-09-12 10:58 - 00603424 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-10-01 10:59 - 2013-09-12 10:58 - 00586016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-10-01 10:59 - 2013-09-12 10:58 - 00515360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-10-01 10:59 - 2013-09-12 10:58 - 00458528 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2013-10-01 10:59 - 2013-09-12 10:58 - 00388384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2013-10-01 10:59 - 2013-09-12 10:58 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-10-01 10:59 - 2013-09-12 10:58 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-10-01 10:59 - 2013-06-16 14:38 - 00196384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2013-10-01 10:59 - 2013-06-16 14:38 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2013-10-01 10:42 - 2013-08-20 15:33 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-10-01 10:42 - 2013-08-20 15:32 - 00028448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-09-27 18:59 - 2013-09-27 18:59 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\AVG2014
2013-09-27 18:55 - 2013-09-27 18:58 - 00000000 ____D C:\ProgramData\AVG2014
2013-09-27 18:55 - 2013-09-27 18:55 - 00000564 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-09-27 17:47 - 2013-09-28 13:30 - 00000000 ____D C:\Users\Daniel\AppData\Local\Avg2014
2013-09-12 18:24 - 2013-09-12 18:24 - 01303624 _____ C:\Windows\Minidump\091213-21450-01.dmp
2013-09-12 18:24 - 2013-09-12 18:24 - 00000000 ____D C:\Windows\Minidump
2013-09-12 01:20 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 01:20 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 01:20 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 01:20 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 01:20 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 01:20 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 01:20 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 01:20 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 01:20 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 01:20 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 01:20 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 01:20 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 01:20 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 01:20 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 01:20 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-12 01:20 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-12 01:20 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-12 01:20 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-12 01:20 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-12 01:20 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-12 01:20 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-12 01:20 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-12 01:20 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-12 01:20 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-12 01:20 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-12 01:20 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-12 01:20 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-12 01:20 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 01:20 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-12 01:20 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 01:20 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-12 01:17 - 2013-09-12 01:17 - 00571168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2013-09-11 10:22 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-11 10:22 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-11 10:22 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-11 10:22 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-11 10:22 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-11 10:22 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-11 10:22 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-11 10:22 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-11 10:22 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-11 10:22 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-11 10:22 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-11 10:22 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-11 10:22 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-11 10:22 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-11 10:22 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-11 10:22 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-11 10:22 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-11 10:22 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-11 10:22 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-11 10:22 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-11 10:22 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-11 10:22 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-11 10:22 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-11 10:22 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-11 10:22 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-11 10:22 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-11 10:22 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-11 10:22 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-11 10:22 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-11 10:22 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-11 10:22 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
==================== One Month Modified Files and Folders =======
2013-10-09 16:02 - 2012-06-15 17:43 - 00000000 ___RD C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-09 15:46 - 2012-06-15 21:17 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Skype
2013-10-09 15:38 - 2009-07-14 06:45 - 00014944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-09 15:38 - 2009-07-14 06:45 - 00014944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-09 15:36 - 2013-03-15 13:20 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-09 15:36 - 2009-07-14 19:58 - 00696832 _____ C:\Windows\system32\perfh007.dat
2013-10-09 15:36 - 2009-07-14 19:58 - 00148128 _____ C:\Windows\system32\perfc007.dat
2013-10-09 15:36 - 2009-07-14 07:13 - 01613150 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-09 15:34 - 2012-06-15 17:44 - 02064271 _____ C:\Windows\WindowsUpdate.log
2013-10-09 15:32 - 2012-08-30 22:17 - 00000000 ____D C:\Users\Daniel\AppData\Local\LogMeIn Hamachi
2013-10-09 15:31 - 2013-03-12 21:49 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Spotify
2013-10-09 15:31 - 2012-08-23 22:42 - 00000000 ___RD C:\Users\Daniel\Dropbox
2013-10-09 15:31 - 2012-08-23 22:35 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Dropbox
2013-10-09 15:31 - 2009-07-14 06:51 - 00065232 _____ C:\Windows\setupact.log
2013-10-09 15:30 - 2013-10-09 15:30 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2013-10-09 15:30 - 2013-03-15 13:20 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-09 15:30 - 2012-06-15 18:03 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-09 15:30 - 2012-06-15 17:54 - 00710292 _____ C:\Windows\PFRO.log
2013-10-09 15:30 - 2012-06-15 17:53 - 00034752 _____ C:\Windows\system32\Drivers\WPRO_41_2001.sys
2013-10-09 15:30 - 2012-06-15 17:51 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2013-10-09 15:30 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-09 14:51 - 2012-08-30 14:25 - 00000000 ____D C:\ProgramData\MFAData
2013-10-09 14:36 - 2013-10-09 14:36 - 00000000 ____D C:\FRST
2013-10-09 14:25 - 2012-06-16 15:42 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-09 13:14 - 2013-10-09 15:46 - 01954124 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe
2013-10-09 12:59 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-09 12:29 - 2012-06-15 18:20 - 00000000 ____D C:\Program Files (x86)\Origin
2013-10-09 12:14 - 2013-10-09 12:14 - 00001029 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startupgabn7mqlc.lnk
2013-10-09 12:13 - 2013-03-15 13:20 - 00000000 ____D C:\Program Files (x86)\Google
2013-10-09 12:13 - 2012-06-17 18:16 - 00000000 ____D C:\Users\Daniel\AppData\Local\CrashDumps
2013-10-09 12:13 - 2012-06-15 18:17 - 00000000 ____D C:\Users\Daniel\AppData\Local\Google
2013-10-09 11:59 - 2012-06-15 18:17 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2477343632-1281009956-176077191-1000UA.job
2013-10-09 10:10 - 2012-06-15 17:51 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2013-10-08 22:25 - 2012-06-16 15:42 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-08 22:25 - 2012-06-16 15:42 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-08 22:25 - 2012-06-16 15:42 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-08 22:10 - 2013-02-26 00:36 - 00291088 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-10-08 22:10 - 2013-02-26 00:36 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-10-08 22:10 - 2012-06-15 18:48 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-10-08 19:59 - 2012-06-15 18:17 - 00001072 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2477343632-1281009956-176077191-1000Core.job
2013-10-08 19:54 - 2012-06-15 18:17 - 00004100 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2477343632-1281009956-176077191-1000UA
2013-10-08 19:54 - 2012-06-15 18:17 - 00003704 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2477343632-1281009956-176077191-1000Core
2013-10-07 22:13 - 2012-06-15 17:43 - 00000000 ____D C:\Users\Daniel
2013-10-07 22:13 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-10-07 14:27 - 2013-03-12 21:49 - 00000000 ____D C:\Users\Daniel\AppData\Local\Spotify
2013-10-07 08:22 - 2013-10-07 07:44 - 00000000 ____D C:\Users\Daniel\AppData\Local\DTAG
2013-10-07 07:44 - 2013-10-07 07:44 - 00000000 ____D C:\Users\Daniel\AppData\Local\mquadr.at
2013-10-07 07:44 - 2013-10-07 07:44 - 00000000 ____D C:\ProgramData\mquadr.at
2013-10-01 11:00 - 2013-10-01 11:00 - 00000000 ____D C:\Windows\SysWOW64\NV
2013-10-01 11:00 - 2013-10-01 11:00 - 00000000 ____D C:\Windows\system32\NV
2013-10-01 11:00 - 2013-10-01 11:00 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-10-01 11:00 - 2012-06-15 18:02 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-09-30 16:07 - 2012-06-15 18:46 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-09-28 13:30 - 2013-09-27 17:47 - 00000000 ____D C:\Users\Daniel\AppData\Local\Avg2014
2013-09-27 19:00 - 2012-12-28 15:59 - 00000000 ____D C:\Program Files (x86)\AVG
2013-09-27 18:59 - 2013-09-27 18:59 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\AVG2014
2013-09-27 18:59 - 2012-08-30 14:29 - 00000000 ___HD C:\$AVG
2013-09-27 18:58 - 2013-09-27 18:55 - 00000000 ____D C:\ProgramData\AVG2014
2013-09-27 18:58 - 2012-12-28 15:59 - 00000000 ____D C:\ProgramData\AVG2013
2013-09-27 18:55 - 2013-09-27 18:55 - 00000564 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-09-20 16:31 - 2012-11-10 15:23 - 00000000 ____D C:\Users\Daniel\AppData\Local\Windows Live
2013-09-17 16:06 - 2012-07-12 11:19 - 00032320 _____ (FNet Co., Ltd.) C:\Windows\system32\Drivers\FNETTBOH_305.SYS
2013-09-14 12:28 - 2012-07-24 14:42 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-12 18:24 - 2013-09-12 18:24 - 01303624 _____ C:\Windows\Minidump\091213-21450-01.dmp
2013-09-12 18:24 - 2013-09-12 18:24 - 00000000 ____D C:\Windows\Minidump
2013-09-12 11:45 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-09-12 10:58 - 2013-10-01 10:59 - 29337376 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-09-12 10:58 - 2013-10-01 10:59 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-09-12 10:58 - 2013-10-01 10:59 - 22102304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-09-12 10:58 - 2013-10-01 10:59 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-09-12 10:58 - 2013-10-01 10:59 - 15703688 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-09-12 10:58 - 2013-10-01 10:59 - 13628208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-09-12 10:58 - 2013-10-01 10:59 - 11274528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-09-12 10:58 - 2013-10-01 10:59 - 09281032 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-09-12 10:58 - 2013-10-01 10:59 - 07720576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-09-12 10:58 - 2013-10-01 10:59 - 07648000 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-09-12 10:58 - 2013-10-01 10:59 - 06329552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-09-12 10:58 - 2013-10-01 10:59 - 02970400 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-09-12 10:58 - 2013-10-01 10:59 - 02789152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-09-12 10:58 - 2013-10-01 10:59 - 02367264 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-09-12 10:58 - 2013-10-01 10:59 - 02007328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-09-12 10:58 - 2013-10-01 10:59 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6432723.dll
2013-09-12 10:58 - 2013-10-01 10:59 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6432723.dll
2013-09-12 10:58 - 2013-10-01 10:59 - 00681760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-09-12 10:58 - 2013-10-01 10:59 - 00603424 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-09-12 10:58 - 2013-10-01 10:59 - 00586016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-09-12 10:58 - 2013-10-01 10:59 - 00515360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-09-12 10:58 - 2013-10-01 10:59 - 00458528 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2013-09-12 10:58 - 2013-10-01 10:59 - 00388384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2013-09-12 10:58 - 2013-10-01 10:59 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-09-12 10:58 - 2013-10-01 10:59 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-09-12 10:58 - 2013-02-26 00:52 - 01222824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-09-12 10:58 - 2013-02-26 00:52 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-09-12 10:58 - 2013-02-26 00:52 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-09-12 10:58 - 2012-10-12 18:54 - 02630304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-09-12 10:58 - 2012-06-15 18:02 - 15901448 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2013-09-12 10:58 - 2012-06-15 18:02 - 12947360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-09-12 10:58 - 2012-06-15 18:02 - 02986672 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2013-09-12 10:58 - 2012-06-15 18:02 - 01412832 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2013-09-12 10:58 - 2012-06-15 18:02 - 00022814 _____ C:\Windows\system32\nvinfo.pb
2013-09-12 09:25 - 2012-06-15 18:02 - 06599968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2013-09-12 09:25 - 2012-06-15 18:02 - 03452192 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2013-09-12 09:25 - 2012-06-15 18:02 - 02559776 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2013-09-12 09:25 - 2012-06-15 18:02 - 00920864 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2013-09-12 09:25 - 2012-06-15 18:02 - 00219424 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2013-09-12 09:25 - 2012-06-15 18:02 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2013-09-12 09:03 - 2012-06-15 17:43 - 00000000 ___RD C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-12 09:03 - 2009-07-14 06:45 - 00311784 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 01:20 - 2013-08-13 23:25 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 01:19 - 2012-06-21 19:42 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-12 01:17 - 2013-09-12 01:17 - 00571168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2013-09-12 00:06 - 2012-06-15 18:02 - 03361114 _____ C:\Windows\system32\nvcoproc.bin
ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini
ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini
Files to move or delete:
====================
ZeroAccess:
C:\Users\Daniel\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install
Some content of TEMP:
====================
C:\Users\Daniel\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Daniel\AppData\Local\Temp\drm_dyndata_7330017.dll
C:\Users\Daniel\AppData\Local\Temp\fx-runtime.exe
C:\Users\Daniel\AppData\Local\Temp\h-1938417301.tmp.exe
C:\Users\Daniel\AppData\Local\Temp\h-79531810.tmp.dll
C:\Users\Daniel\AppData\Local\Temp\h58141557.tmp.exe
C:\Users\Daniel\AppData\Local\Temp\ICReinstall_VideoConverterSetup.exe
C:\Users\Daniel\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Daniel\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Daniel\AppData\Local\Temp\nvStereoApiI64.dll
C:\Users\Daniel\AppData\Local\Temp\nvStInst.exe
C:\Users\Daniel\AppData\Local\Temp\ose00000.exe
C:\Users\Daniel\AppData\Local\Temp\rhrdk_20080527.exe
C:\Users\Daniel\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Daniel\AppData\Local\Temp\sonarinst.exe
C:\Users\Daniel\AppData\Local\Temp\SpotifyUpgrader.exe
C:\Users\Daniel\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Daniel\AppData\Local\Temp\uninstaller-4648.exe
C:\Users\Daniel\AppData\Local\Temp\wajam_install.exe
C:\Users\Daniel\AppData\Local\Temp\_isDE1E.exe
C:\Users\Daniel\AppData\Local\Temp\~tmf9167799996504937257.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
LastRegBack: 2013-10-01 11:40
==================== End Of Log ============================
--- --- --- FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013
Ran by Daniel at 2013-10-09 15:47:42
Running from C:\Users\Daniel\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: AVG Internet Security 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
==================== Installed Programs ======================
Acrobat.com (x32 Version: 0.0.0)
Acrobat.com (x32 Version: 1.1.377)
Adobe AIR (x32 Version: 3.4.0.2540)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Reader XI (11.0.04) - Deutsch (x32 Version: 11.0.04)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Asmedia ASM104x USB 3.0 Host Controller Driver (x32 Version: 1.10.1.0)
Asmedia ASM106x SATA Host Controller Driver (x32 Version: 1.3.1.000)
ASRock App Charger v1.0.5
ASRock eXtreme Tuner v0.1.181 (x32)
ASRock InstantBoot v1.29 (x32)
ASRock SmartConnect v1.0.6
ASRock XFast RAM v2.0.9
AVG 2014 (Version: 14.0.3604)
AVG 2014 (Version: 14.0.3609)
AVG 2014 (Version: 14.0.4142)
AVG 2014 (Version: 2014.0.4142)
Battlefield 3™ (x32 Version: 1.4.0.0)
Battlelog Web Plugins (x32 Version: 2.3.0)
Bonjour (Version: 3.0.0.10)
Broadcom NetLink Controller (Version: 14.8.5.1)
D3DX10 (x32 Version: 15.4.2368.0902)
DAEMON Tools Lite (x32 Version: 4.47.1.0333)
Dead Island Riptide (c) Deep Silver version 1 (x32 Version: 1)
Deus Ex: Human Revolution (x32)
Dropbox (HKCU Version: 2.0.22)
ESN Sonar (x32 Version: 0.70.4)
Fotogalerie (x32 Version: 16.4.3505.0912)
Free YouTube to MP3 Converter version 3.12.0.128 (x32 Version: 3.12.0.128)
GeForce Experience NvStream Client Components (Version: 0.1.87)
Google Chrome (HKCU Version: 30.0.1599.69)
Google Earth Plug-in (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.21.153)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Manageability Engine Firmware Recovery Agent (x32 Version: 1.0.0.35342)
Intel(R) Management Engine Components (x32 Version: 8.0.2.1410)
Intel(R) Rapid Storage Technology (x32 Version: 11.0.0.1032)
Intel(R) Smart Connect Technology 2.0 x64 (Version: 2.0.1083.0)
Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.3.214)
Intel® Trusted Connect Service Client (Version: 1.23.605.1)
iTunes (Version: 11.0.3.42)
Java 7 Update 6 (64-bit) (Version: 7.0.60)
Java 7 Update 7 (x32 Version: 7.0.70)
Java Auto Updater (x32 Version: 2.1.9.0)
League of Legends (x32 Version: 3.0.1)
LogMeIn Hamachi (x32 Version: 2.1.0.374)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 8.0 Support DLLs (x32 Version: 1.0.0)
Microsoft Visual J# 2.0 Redistributable Package (x32 Version: 2.0.50727)
Microsoft Visual J# 2.0 Redistributable Package (x32)
Movie Maker (x32 Version: 16.4.3505.0912)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
NVIDIA 3D Vision Controller-Treiber 326.01 (Version: 326.01)
NVIDIA 3D Vision Treiber 327.23 (Version: 327.23)
NVIDIA GeForce Experience 1.6.1 (Version: 1.6.1)
NVIDIA Grafiktreiber 327.23 (Version: 327.23)
NVIDIA HD-Audiotreiber 1.3.26.4 (Version: 1.3.26.4)
NVIDIA Install Application (Version: 2.1002.133.902)
NVIDIA PhysX (x32 Version: 9.13.0725)
NVIDIA PhysX-Systemsoftware 9.13.0725 (Version: 9.13.0725)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2723)
NVIDIA Systemsteuerung 327.23 (Version: 327.23)
NVIDIA Update 8.3.14 (Version: 8.3.14)
NVIDIA Update Components (Version: 8.3.14)
NVIDIA Virtual Audio 1.2.5 (Version: 1.2.5)
Origin (x32 Version: 8.6.0.357)
Photo Gallery (x32 Version: 16.4.3505.0912)
PunkBuster Services (x32 Version: 0.991)
QuickTime (x32 Version: 7.73.80.64)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6559)
Rhino RDK (x32)
Rhinoceros 4.0 SR9 (x32 Version: 4.0.60309)
Rhinoceros 4.0 SR9 Hot Fix 1 (x32 Version: 5.0.2011.0324)
SHIELD Streaming (Version: 1.05.28)
Skype Click to Call (x32 Version: 6.3.11079)
Skype™ 6.6 (x32 Version: 6.6.106)
Spotify (HKCU Version: 0.9.4.178.g259772ba)
Steam (x32 Version: 1.0.0.0)
Supreme Commander - Forged Alliance (x32 Version: 1.00.0000)
TeamSpeak 3 Client (Version: 3.0.11)
The Elder Scrolls V: Skyrim (x32)
THX TruStudio (x32 Version: 1.00.01)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
Vectorworks 2012 Hilfe (x32 Version: 1.2)
Vectorworks 2013 Hilfe (x32 Version: 1.1)
Visual Studio 2008 x64 Redistributables (x32 Version: 10.0.0.2)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1)
Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1)
V-Ray for Rhinoceros (x32 Version: 01.05.29)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912)
Windows Live Essentials (x32 Version: 16.4.3505.0912)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3505.0912)
Windows Live Photo Common (x32 Version: 16.4.3505.0912)
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912)
Windows Live SOXE (x32 Version: 16.4.3505.0912)
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912)
Windows Live UX Platform (x32 Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912)
XFastUSB (x32 Version: 3.02.28)
==================== Restore Points =========================
27-09-2013 16:55:13 Installed AVG 2014
27-09-2013 16:55:29 Installed AVG 2014
05-10-2013 16:19:16 Geplanter Prüfpunkt
07-10-2013 15:41:57 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {1553B729-09BE-4893-AD52-222D09D7473F} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {326C549F-70E0-479F-A90F-BEB33E551EEE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-15] (Google Inc.)
Task: {3927E401-13E2-42B4-B059-9BD4D69A9C59} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: {571268A8-2466-4AEA-A8CA-294D78C59CFC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {87B16459-95BB-4AD1-B7C3-826DA6B43932} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-15] (Google Inc.)
Task: {D1C72C82-B953-4AB1-BA49-A87B6D7BFB74} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2477343632-1281009956-176077191-1000UA => C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-15] (Google Inc.)
Task: {DE18673F-548A-46C9-859B-94BF74ACE344} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {ED47773D-8A91-47DF-BB51-647F00475C45} - System32\Tasks\{B4AAB569-2E17-45E3-8CE9-51DE37E6F9C6} => F:\Vray\schritt4 gh+vray\V ray 1.05.29\VRayForRhino_01.05.29.exe
Task: {FB976C40-A3C7-488E-A2C8-0259BCFF145C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2477343632-1281009956-176077191-1000Core => C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-15] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2477343632-1281009956-176077191-1000Core.job => C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2477343632-1281009956-176077191-1000UA.job => C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
==================== Loaded Modules (whitelisted) =============
2012-06-15 18:02 - 2013-09-12 10:58 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2012-06-20 21:51 - 2010-11-20 15:27 - 00326144 _____ () C:\Windows\system32\MSWSOCK.dll
2012-03-19 22:09 - 2012-03-19 22:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-06-20 21:51 - 2010-11-20 15:27 - 00326144 _____ () C:\Windows\system32\mswsock.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-03-12 21:49 - 2013-10-05 12:27 - 34604032 _____ () C:\Users\Daniel\AppData\Roaming\Spotify\Data\libcef.dll
2013-03-13 22:48 - 2013-03-13 22:48 - 24978944 _____ () C:\Users\Daniel\AppData\Roaming\Dropbox\bin\libcef.dll
2012-06-15 17:56 - 2011-05-04 16:32 - 00094208 ____N () C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\de-DE\THXAudNB.resources.dll
2013-09-25 18:39 - 2013-10-05 12:27 - 00747008 _____ () C:\Users\Daniel\AppData\Roaming\Spotify\Data\libglesv2.dll
2013-09-25 18:39 - 2013-10-05 12:27 - 00137216 _____ () C:\Users\Daniel\AppData\Roaming\Spotify\Data\libegl.dll
2012-06-15 17:49 - 2011-11-29 20:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2012-06-15 17:50 - 2012-02-07 17:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-10-07 07:53 - 2013-10-03 08:02 - 00698832 _____ () C:\Users\Daniel\AppData\Local\Google\Chrome\Application\30.0.1599.69\libglesv2.dll
2013-10-07 07:53 - 2013-10-03 08:02 - 00099792 _____ () C:\Users\Daniel\AppData\Local\Google\Chrome\Application\30.0.1599.69\libegl.dll
2013-10-07 07:53 - 2013-10-03 08:03 - 04055504 _____ () C:\Users\Daniel\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll
2013-10-07 07:53 - 2013-10-03 08:03 - 00415184 _____ () C:\Users\Daniel\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
2013-10-07 07:53 - 2013-10-03 08:02 - 01604560 _____ () C:\Users\Daniel\AppData\Local\Google\Chrome\Application\30.0.1599.69\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
==================== Faulty Device Manager Devices =============
Name: USB camera
Description: USB camera
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/09/2013 03:30:55 PM) (Source: ISCT Agent) (User: )
Description: CAgentState::DoPeriodicSuspendResume ****Error in initialize NetDetect, status = 0x2
Error: (10/09/2013 02:50:22 PM) (Source: ISCT Agent) (User: )
Description: CAgentState::DoPeriodicSuspendResume ****Error in initialize NetDetect, status = 0x2
Error: (10/09/2013 02:20:29 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: LogMeIn Hamachi -- Error 1321. The Installer has insufficient privileges to modify this file: E:\Programme\TBD8158.tmp. System Error 5.
Error: (10/09/2013 02:20:21 PM) (Source: ISCT Agent) (User: )
Description: CAgentState::DoPeriodicSuspendResume ****Error in initialize NetDetect, status = 0x2
Error: (10/09/2013 01:47:48 PM) (Source: ISCT Agent) (User: )
Description: CAgentState::DoPeriodicSuspendResume ****Error in initialize NetDetect, status = 0x2
Error: (10/09/2013 01:22:38 PM) (Source: ISCT Agent) (User: )
Description: CAgentState::DoPeriodicSuspendResume ****Error in initialize NetDetect, status = 0x2
Error: (10/09/2013 00:59:36 PM) (Source: ISCT Agent) (User: )
Description: CAgentState::DoPeriodicSuspendResume ****Error in initialize NetDetect, status = 0x2
Error: (10/09/2013 00:26:23 PM) (Source: ISCT Agent) (User: )
Description: CAgentState::DoPeriodicSuspendResume ****Error in initialize NetDetect, status = 0x2
Error: (10/09/2013 00:19:58 PM) (Source: ISCT Agent) (User: )
Description: CAgentState::DoPeriodicSuspendResume ****Error in initialize NetDetect, status = 0x2
Error: (10/09/2013 00:15:26 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: LogMeIn Hamachi -- Error 1321. The Installer has insufficient privileges to modify this file: E:\Programme\TBD92E5.tmp. System Error 5.
System errors:
=============
Error: (10/09/2013 03:30:59 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:
%%1060
Error: (10/09/2013 03:30:54 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
Error: (10/09/2013 03:30:52 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 09.10.2013 um 14:52:02 unerwartet heruntergefahren.
Error: (10/09/2013 02:51:55 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%127
Error: (10/09/2013 02:51:55 PM) (Source: DCOM) (User: )
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
Error: (10/09/2013 02:51:25 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%127
Error: (10/09/2013 02:50:55 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%127
Error: (10/09/2013 02:50:55 PM) (Source: DCOM) (User: )
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
Error: (10/09/2013 02:50:26 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:
%%1060
Error: (10/09/2013 02:50:25 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%127
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 27%
Total physical RAM: 8086.39 MB
Available physical RAM: 5846.97 MB
Total Pagefile: 16170.96 MB
Available Pagefile: 13629.74 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:119.02 GB) (Free:9.98 GB) NTFS
Drive e: () (Fixed) (Total:596.05 GB) (Free:549.6 GB) NTFS
Drive f: (rld-diriptide) (CDROM) (Total:5.88 GB) (Free:0 GB) CDFS
Drive h: (TRANSCEND) (Removable) (Total:14.95 GB) (Free:13.05 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 119 GB) (Disk ID: 00000000)
Partition: GPT Partition Type
========================================================
Disk: 1 (Size: 596 GB) (Disk ID: 1549F232)
Partition: GPT Partition Type
========================================================
Disk: 2 (Size: 15 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0B)
==================== End Of Log ============================
|
|
09.10.2013, 15:55
| #8 |
| /// TB-Ausbilder | WIN 7 / Sperrbildschirm(interpol trojaner) / FRST-Scan Ok, weiter: Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Scan mit Combofix
Schritt 3 Starte noch einmal FRST.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
09.10.2013, 20:31
| #9 |
| | WIN 7 / Sperrbildschirm(interpol trojaner) / FRST-Scan AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.007 - Bericht erstellt am 09/10/2013 um 21:01:55
# Updated 09/10/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Daniel - DANIEL-PC
# Gestartet von : C:\Users\Daniel\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\DeviceVM
Ordner Gelöscht : C:\Users\Daniel\AppData\Roaming\DeviceVM
Ordner Gelöscht : C:\Users\Daniel\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Daniel\AppData\Roaming\OpenCandy
Datei Gelöscht : C:\END
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0F3DC9E0-C459-4A40-BCF8-747BD9322E10}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : HKCU\Software\smartbar
Schlüssel Gelöscht : HKLM\Software\AVG Secure Search
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16686
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
-\\ Google Chrome v
[ Datei : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [6491 octets] - [09/10/2013 21:01:13]
AdwCleaner[S0].txt - [5291 octets] - [09/10/2013 21:01:55]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5351 octets] ##########
Ich konnte AVG nicht richtig beenden, die Prozesse ließen sich nicht schließen (wohl normal bei antivirusprogramm). Hab jedoch die firewall ausgeschaltet und AVG vorübergehend deaktiviert. Combofix hat dann trotzdem gesagt dass AVG noch läuft aber ich habs trotzdem mal durchlaufen lassen, hoffe es hat geklappt. Code:
ATTFilter ComboFix 13-10-09.01 - Daniel 09.10.2013 21:11:42.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8086.6538 [GMT 2:00]
ausgeführt von:: c:\users\Daniel\Desktop\ComboFix.exe
AV: AVG Internet Security 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2014 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Google\Desktop\Install
c:\program files (x86)\Google\Desktop\Install\{a4cab183-1a68-a2e3-834c-d72db022f1b2}\9519~1\A535~1\E628~1\{a4cab183-1a68-a2e3-834c-d72db022f1b2}\@
c:\program files (x86)\Google\Desktop\Install\{a4cab183-1a68-a2e3-834c-d72db022f1b2}\9519~1\A535~1\E628~1\{a4cab183-1a68-a2e3-834c-d72db022f1b2}\GoogleUpdate.exe
c:\program files (x86)\Google\Desktop\Install\{a4cab183-1a68-a2e3-834c-d72db022f1b2}\9519~1\A535~1\E628~1\{a4cab183-1a68-a2e3-834c-d72db022f1b2}\U\00000004.@
c:\program files (x86)\Google\Desktop\Install\{a4cab183-1a68-a2e3-834c-d72db022f1b2}\9519~1\A535~1\E628~1\{a4cab183-1a68-a2e3-834c-d72db022f1b2}\U\00000008.@
c:\program files (x86)\Google\Desktop\Install\{a4cab183-1a68-a2e3-834c-d72db022f1b2}\9519~1\A535~1\E628~1\{a4cab183-1a68-a2e3-834c-d72db022f1b2}\U\000000cb.@
c:\programdata\ntuser.dat
c:\users\Daniel\AppData\Local\Google\Desktop\Install
c:\users\Daniel\AppData\Local\Google\Desktop\Install\{a4cab183-1a68-a2e3-834c-d72db022f1b2}\2E2F~1\28F0~1\E628~1\{a4cab183-1a68-a2e3-834c-d72db022f1b2}\@
c:\users\Daniel\AppData\Local\Google\Desktop\Install\{a4cab183-1a68-a2e3-834c-d72db022f1b2}\2E2F~1\28F0~1\E628~1\{a4cab183-1a68-a2e3-834c-d72db022f1b2}\GoogleUpdate.exe
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-09-09 bis 2013-10-09 ))))))))))))))))))))))))))))))
.
.
2013-10-09 19:03 . 2013-10-09 19:15 94656 ----a-w- c:\windows\system32\WPRO_41_2001woem.tmp
2013-10-09 19:01 . 2013-10-09 19:02 -------- d-----w- C:\AdwCleaner
2013-10-09 12:36 . 2013-10-09 12:36 -------- d-----w- C:\FRST
2013-10-07 05:44 . 2013-10-07 05:44 -------- d-----w- c:\users\Daniel\AppData\Local\mquadr.at
2013-10-07 05:44 . 2013-10-07 05:44 -------- d-----w- c:\programdata\mquadr.at
2013-10-07 05:44 . 2013-05-21 15:20 249824 ------w- c:\windows\SysWow64\SSDPDiscovery.dll
2013-10-07 05:44 . 2013-05-02 13:36 3490112 ------w- c:\windows\SysWow64\m2network64helper.exe
2013-10-07 05:44 . 2013-05-02 07:09 3748672 ------w- c:\windows\SysWow64\M2ElevatedCalls.dll
2013-10-07 05:44 . 2013-05-02 07:08 962368 ------w- c:\windows\SysWow64\M2ElevatedNetworkAdapters.dll
2013-10-07 05:44 . 2012-12-03 13:58 279040 ------w- c:\windows\system32\WiFiMan.dll
2013-10-07 05:44 . 2012-12-03 13:57 238592 ------w- c:\windows\SysWow64\WiFiMan.dll
2013-10-07 05:44 . 2013-10-07 06:22 -------- d-----w- c:\users\Daniel\AppData\Local\DTAG
2013-10-01 09:00 . 2013-10-01 09:00 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2013-10-01 09:00 . 2013-10-01 09:00 -------- d-----w- c:\windows\SysWow64\NV
2013-10-01 09:00 . 2013-10-01 09:00 -------- d-----w- c:\windows\system32\NV
2013-10-01 08:42 . 2013-08-20 13:33 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2013-10-01 08:42 . 2013-08-20 13:32 28448 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2013-09-27 16:59 . 2013-09-27 16:59 -------- d-----w- c:\users\Daniel\AppData\Roaming\AVG2014
2013-09-27 16:55 . 2013-09-27 16:58 -------- d-----w- c:\programdata\AVG2014
2013-09-27 15:47 . 2013-09-28 11:30 -------- d-----w- c:\users\Daniel\AppData\Local\Avg2014
2013-09-11 23:17 . 2013-09-11 23:17 571168 ----a-w- c:\windows\SysWow64\nvStreaming.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-09 19:15 . 2012-06-15 15:53 34752 ----a-w- c:\windows\system32\drivers\WPRO_41_2001.sys
2013-10-08 20:25 . 2012-06-16 13:42 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-08 20:25 . 2012-06-16 13:42 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-08 20:10 . 2013-02-25 22:36 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-10-08 20:10 . 2012-06-15 16:48 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-10-08 20:10 . 2013-02-25 22:36 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-09-17 14:06 . 2012-07-12 09:19 32320 ----a-w- c:\windows\system32\drivers\FNETTBOH_305.SYS
2013-09-12 08:58 . 2013-02-25 22:52 1222824 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2013-09-12 08:58 . 2013-02-25 22:52 168616 ----a-w- c:\windows\system32\nvinitx.dll
2013-09-12 08:58 . 2013-02-25 22:52 141336 ----a-w- c:\windows\SysWow64\nvinit.dll
2013-09-12 08:58 . 2012-10-12 16:54 2630304 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-09-12 08:58 . 2012-06-15 16:02 15901448 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-09-12 08:58 . 2012-06-15 16:02 1412832 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-09-12 08:58 . 2012-06-15 16:02 12947360 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-09-12 08:58 . 2012-06-15 16:02 2986672 ----a-w- c:\windows\system32\nvapi64.dll
2013-09-12 07:25 . 2012-06-15 16:02 3452192 ----a-w- c:\windows\system32\nvsvc64.dll
2013-09-12 07:25 . 2012-06-15 16:02 6599968 ----a-w- c:\windows\system32\nvcpl.dll
2013-09-12 07:25 . 2012-06-15 16:02 920864 ----a-w- c:\windows\system32\nvvsvc.exe
2013-09-12 07:25 . 2012-06-15 16:02 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-09-12 07:25 . 2012-06-15 16:02 2559776 ----a-w- c:\windows\system32\nvsvcr.dll
2013-09-12 07:25 . 2012-06-15 16:02 219424 ----a-w- c:\windows\system32\nvmctray.dll
2013-09-11 23:19 . 2012-06-21 17:42 79143768 ----a-w- c:\windows\system32\MRT.exe
2013-09-11 22:06 . 2012-06-15 16:02 3361114 ----a-w- c:\windows\system32\nvcoproc.bin
2013-09-08 20:11 . 2013-09-08 20:11 31544 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2013-09-02 08:59 . 2013-09-02 08:59 212280 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2013-09-02 08:29 . 2013-09-02 08:29 294712 ----a-w- c:\windows\system32\drivers\avgloga.sys
2013-09-02 08:26 . 2013-09-02 08:26 192824 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2013-09-02 08:26 . 2013-09-02 08:26 241464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-08-20 20:53 . 2013-08-20 20:53 123704 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2013-08-20 13:32 . 2013-08-01 19:09 29984 ----a-w- c:\windows\system32\nvaudcap64v.dll
2013-08-02 01:48 . 2013-09-11 08:22 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-01 14:07 . 2013-08-01 14:07 251192 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2013-08-01 14:06 . 2013-08-01 14:06 147768 ----a-w- c:\windows\system32\drivers\avgdiska.sys
2013-07-25 09:25 . 2013-08-13 19:50 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-13 19:50 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58 . 2013-08-13 19:50 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-13 19:50 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-21 19875432]
"Spotify Web Helper"="c:\users\Daniel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-10-05 1140736]
"DAEMON Tools Lite"="e:\programme\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
"Spotify"="c:\users\Daniel\AppData\Roaming\Spotify\spotify.exe" [2013-10-05 4736000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-26 291608]
"XFastUSB"="c:\program files (x86)\XFastUSB\XFastUsb.exe" [2012-06-15 5019360]
"THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2011-05-19 909824]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"AVG_UI"="e:\programme\avgui.exe" [2013-09-15 4851760]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-15 152392]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"LogMeIn Hamachi Ui"="e:\programme\hamachi-2-ui.exe" [2013-06-28 2255184]
.
c:\users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS;c:\windows\SYSNATIVE\drivers\FNETTBOH_305.SYS [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x]
S0 AsrRamDisk;AsrRamDisk;c:\windows\system32\DRIVERS\AsrRamDisk.sys;c:\windows\SYSNATIVE\DRIVERS\AsrRamDisk.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AsrAppCharger.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS;c:\windows\SYSNATIVE\drivers\FNETURPX.SYS [x]
S2 avgfws;AVG Firewall;e:\programme\avgfws.exe;e:\programme\avgfws.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;e:\programme\avgidsagent.exe;e:\programme\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;e:\programme\avgwdsvc.exe;e:\programme\avgwdsvc.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;e:\programme\hamachi-2.exe;e:\programme\hamachi-2.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys;c:\windows\SYSNATIVE\drivers\WPRO_41_2001.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-10-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 20:25]
.
2013-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-15 11:20]
.
2013-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-15 11:20]
.
2013-10-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2477343632-1281009956-176077191-1000Core.job
- c:\users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-15 16:17]
.
2013-10-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2477343632-1281009956-176077191-1000UA.job
- c:\users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-15 16:17]
.
2013-10-09 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 11:41]
.
2013-10-09 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 11:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-31 12446824]
"VX1000"="c:\windows\vVX1000.exe" [2009-06-30 762224]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-08-27 1028896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-ASRockXTU - (no file)
Wow6432Node-HKCU-Run-zASRockInstantBoot - (no file)
AddRemove-ESN Sonar-0.70.4 - c:\program files (x86)\Battlelog Web Plugins\Sonar\esnsonar_uninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-10-09 21:16:47 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-10-09 19:16
.
Vor Suchlauf: 13 Verzeichnis(se), 14.009.380.864 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 19.481.694.208 Bytes frei
.
- - End Of File - - DD60445987B1F19E89DFE6587A4B5464
Poste trotzdem mal die Logdatei FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by SYSTEM on MININT-U39H3LO on 09-10-2013 21:24:08
Running from F:\
Windows 7 Professional (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor)
HKLM\...\Run: [VX1000] - C:\Windows\vVX1000.exe [762224 2009-06-30] (Microsoft Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-08-27] (NVIDIA Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation)
HKLM-x32\...\Run: [XFastUSB] - C:\Program Files (x86)\XFastUSB\XFastUsb.exe [5019360 2012-06-15] (FNet Co., Ltd.)
HKLM-x32\...\Run: [THX TruStudio NB Settings] - C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe [909824 2011-05-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] - C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [AVG_UI] - "E:\Programme\avgui.exe" /TRAYONLY
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - "E:\Programme\hamachi-2-ui.exe" --auto-start
HKU\Daniel\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKU\Daniel\...\Run: [Spotify Web Helper] - C:\Users\Daniel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-05] (Spotify Ltd)
HKU\Daniel\...\Run: [DAEMON Tools Lite] - "E:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun
HKU\Daniel\...\Run: [Spotify] - C:\Users\Daniel\AppData\Roaming\Spotify\spotify.exe [4736000 2013-10-05] (Spotify Ltd)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [168616 2013-09-12] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [141336 2013-09-12] (NVIDIA Corporation)
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
==================== Services (Whitelisted) =================
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [121344 2012-02-07] ()
S2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14997280 2013-08-27] (NVIDIA Corporation)
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-05-21] ()
S4 RemoteAccess; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 avgfws; E:\Programme\avgfws.exe [x]
S2 AVGIDSAgent; E:\Programme\avgidsagent.exe [x]
S2 avgwd; E:\Programme\avgwdsvc.exe [x]
S2 Hamachi2Svc; E:\Programme\hamachi-2.exe -s [x]
==================== Drivers (Whitelisted) ====================
S0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology)
S0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.)
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [147768 2013-08-01] (AVG Technologies CZ, s.r.o.)
S1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [241464 2013-09-02] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192824 2013-09-02] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-09-02] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-09-02] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-08-20] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-08] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-04-28] (DT Soft Ltd)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2013-09-17] (FNet Co., Ltd.)
S1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2012-06-15] (FNet Co., Ltd.)
S3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
S3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
S3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] ()
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-08-20] (NVIDIA Corporation)
S3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2013-10-09] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-09 20:16 - 2013-10-09 20:16 - 00027614 _____ C:\ComboFix.txt
2013-10-09 20:07 - 2013-10-09 20:16 - 00000000 ____D C:\Windows\erdnt
2013-10-09 20:07 - 2013-10-09 20:16 - 00000000 ____D C:\Qoobox
2013-10-09 20:07 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-09 20:07 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-09 20:07 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-09 20:07 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-09 20:07 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-09 20:07 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-09 20:07 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-09 20:07 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-09 20:05 - 2013-10-09 20:06 - 05131844 ____R (Swearware) C:\Users\Daniel\Desktop\ComboFix.exe
2013-10-09 20:03 - 2013-10-09 20:15 - 00094656 _____ (CACE Technologies) C:\Windows\System32\WPRO_41_2001woem.tmp
2013-10-09 20:01 - 2013-10-09 20:02 - 00000000 ____D C:\AdwCleaner
2013-10-09 20:00 - 2013-10-09 20:00 - 01048960 _____ C:\Users\Daniel\Desktop\adwcleaner.exe
2013-10-09 14:48 - 2013-10-09 14:48 - 00053282 _____ C:\Users\Daniel\Desktop\FRST.txt
2013-10-09 14:47 - 2013-10-09 14:48 - 00020605 _____ C:\Users\Daniel\Desktop\Addition.txt
2013-10-09 14:46 - 2013-10-09 12:14 - 01954124 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe
2013-10-09 13:36 - 2013-10-09 13:36 - 00000000 ____D C:\FRST
2013-10-07 06:44 - 2013-10-07 07:22 - 00000000 ____D C:\Users\Daniel\AppData\Local\DTAG
2013-10-07 06:44 - 2013-10-07 06:44 - 00000000 ____D C:\Users\Daniel\AppData\Local\mquadr.at
2013-10-07 06:44 - 2013-10-07 06:44 - 00000000 ____D C:\ProgramData\mquadr.at
2013-10-07 06:44 - 2013-05-21 16:20 - 00249824 ____N (mquadr.at software engineering & consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at) C:\Windows\SysWOW64\SSDPDiscovery.dll
2013-10-07 06:44 - 2013-05-02 14:36 - 03490112 ____N (mquadr.at software engineering & consulting GmbH) C:\Windows\SysWOW64\m2network64helper.exe
2013-10-07 06:44 - 2013-05-02 08:09 - 03748672 ____N (mquadr.at software engineering und consulting GmbH) C:\Windows\SysWOW64\M2ElevatedCalls.dll
2013-10-07 06:44 - 2013-05-02 08:08 - 00962368 ____N (mquadr.at software engineering) C:\Windows\SysWOW64\M2ElevatedNetworkAdapters.dll
2013-10-07 06:44 - 2012-12-03 14:58 - 00279040 ____N (Nicomsoft Ltd.) C:\Windows\System32\WiFiMan.dll
2013-10-07 06:44 - 2012-12-03 14:57 - 00238592 ____N (Nicomsoft Ltd.) C:\Windows\SysWOW64\WiFiMan.dll
2013-10-01 10:00 - 2013-10-01 10:00 - 00000000 ____D C:\Windows\SysWOW64\NV
2013-10-01 10:00 - 2013-10-01 10:00 - 00000000 ____D C:\Windows\System32\NV
2013-10-01 10:00 - 2013-10-01 10:00 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-10-01 09:59 - 2013-09-12 09:58 - 29337376 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 25256224 _____ (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 22102304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 15703688 _____ (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 13628208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 11274528 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2013-10-01 09:59 - 2013-09-12 09:58 - 09281032 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 07720576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 07648000 _____ (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 06329552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 02970400 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 02789152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 02367264 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 02007328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 01884448 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6432723.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 01511712 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6432723.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 00681760 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 00603424 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 00586016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 00515360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 00458528 _____ (NVIDIA Corporation) C:\Windows\System32\nvEncodeAPI64.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 00388384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 00317472 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglshim64.dll
2013-10-01 09:59 - 2013-09-12 09:58 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-10-01 09:59 - 2013-06-16 13:38 - 00196384 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys
2013-10-01 09:59 - 2013-06-16 13:38 - 00031520 _____ (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll
2013-10-01 09:42 - 2013-08-20 14:33 - 00039200 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvvad64v.sys
2013-10-01 09:42 - 2013-08-20 14:32 - 00028448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-09-27 17:59 - 2013-09-27 17:59 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\AVG2014
2013-09-27 17:55 - 2013-09-27 17:58 - 00000000 ____D C:\ProgramData\AVG2014
2013-09-27 17:55 - 2013-09-27 17:55 - 00000564 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-09-27 16:47 - 2013-09-28 12:30 - 00000000 ____D C:\Users\Daniel\AppData\Local\Avg2014
2013-09-12 17:24 - 2013-09-12 17:24 - 01303624 _____ C:\Windows\Minidump\091213-21450-01.dmp
2013-09-12 17:24 - 2013-09-12 17:24 - 00000000 ____D C:\Windows\Minidump
2013-09-12 00:20 - 2013-08-10 06:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-09-12 00:20 - 2013-08-10 06:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-09-12 00:20 - 2013-08-10 06:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-09-12 00:20 - 2013-08-10 06:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-09-12 00:20 - 2013-08-10 06:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-09-12 00:20 - 2013-08-10 06:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-09-12 00:20 - 2013-08-10 06:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-09-12 00:20 - 2013-08-10 06:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-09-12 00:20 - 2013-08-10 06:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-09-12 00:20 - 2013-08-10 06:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-09-12 00:20 - 2013-08-10 06:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-09-12 00:20 - 2013-08-10 06:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-09-12 00:20 - 2013-08-10 06:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-09-12 00:20 - 2013-08-10 06:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-09-12 00:20 - 2013-08-10 04:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-12 00:20 - 2013-08-10 04:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-12 00:20 - 2013-08-10 04:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-12 00:20 - 2013-08-10 04:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-12 00:20 - 2013-08-10 04:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-12 00:20 - 2013-08-10 04:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-12 00:20 - 2013-08-10 04:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-12 00:20 - 2013-08-10 04:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-12 00:20 - 2013-08-10 04:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-12 00:20 - 2013-08-10 04:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-12 00:20 - 2013-08-10 04:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-12 00:20 - 2013-08-10 04:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-12 00:20 - 2013-08-10 04:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-12 00:20 - 2013-08-10 04:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-09-12 00:20 - 2013-08-10 04:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-12 00:20 - 2013-08-10 03:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-12 00:20 - 2013-08-10 03:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-12 00:17 - 2013-09-12 00:17 - 00571168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2013-09-11 09:22 - 2013-08-08 02:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-09-11 09:22 - 2013-08-05 03:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ataport.sys
2013-09-11 09:22 - 2013-08-02 03:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-09-11 09:22 - 2013-08-02 03:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-09-11 09:22 - 2013-08-02 03:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2013-09-11 09:22 - 2013-08-02 03:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-09-11 09:22 - 2013-08-02 03:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2013-09-11 09:22 - 2013-08-02 03:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-09-11 09:22 - 2013-08-02 03:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2013-09-11 09:22 - 2013-08-02 03:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-09-11 09:22 - 2013-08-02 03:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-11 09:22 - 2013-08-02 02:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-11 09:22 - 2013-08-02 02:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-11 09:22 - 2013-08-02 02:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-11 09:22 - 2013-08-02 02:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-11 09:22 - 2013-08-02 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 02:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-09-11 09:22 - 2013-08-02 01:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-09-11 09:22 - 2013-08-02 01:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-11 09:22 - 2013-08-02 01:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-11 09:22 - 2013-08-02 01:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-11 09:22 - 2013-08-02 01:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-11 09:22 - 2013-08-02 01:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 01:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 01:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 09:22 - 2013-08-02 01:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-11 09:22 - 2013-07-26 03:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-09-11 09:22 - 2013-07-26 03:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-09-11 09:22 - 2013-07-26 02:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-11 09:22 - 2013-07-26 02:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
==================== One Month Modified Files and Folders =======
2013-10-09 20:20 - 2012-06-15 16:44 - 01148138 _____ C:\Windows\WindowsUpdate.log
2013-10-09 20:20 - 2009-07-14 18:58 - 00696832 _____ C:\Windows\System32\perfh007.dat
2013-10-09 20:20 - 2009-07-14 18:58 - 00148128 _____ C:\Windows\System32\perfc007.dat
2013-10-09 20:20 - 2009-07-14 06:13 - 01612976 _____ C:\Windows\System32\PerfStringBackup.INI
2013-10-09 20:20 - 2009-07-14 05:45 - 00014944 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-09 20:20 - 2009-07-14 05:45 - 00014944 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-09 20:17 - 2013-03-12 20:49 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Spotify
2013-10-09 20:16 - 2013-10-09 20:16 - 00027614 _____ C:\ComboFix.txt
2013-10-09 20:16 - 2013-10-09 20:07 - 00000000 ____D C:\Windows\erdnt
2013-10-09 20:16 - 2013-10-09 20:07 - 00000000 ____D C:\Qoobox
2013-10-09 20:16 - 2012-08-30 13:25 - 00000000 ____D C:\ProgramData\MFAData
2013-10-09 20:16 - 2012-06-15 20:17 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Skype
2013-10-09 20:15 - 2013-10-09 20:03 - 00094656 _____ (CACE Technologies) C:\Windows\System32\WPRO_41_2001woem.tmp
2013-10-09 20:15 - 2013-03-15 12:20 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-09 20:15 - 2012-08-30 21:17 - 00000000 ____D C:\Users\Daniel\AppData\Local\LogMeIn Hamachi
2013-10-09 20:15 - 2012-08-23 21:42 - 00000000 ___RD C:\Users\Daniel\Dropbox
2013-10-09 20:15 - 2012-08-23 21:35 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Dropbox
2013-10-09 20:15 - 2012-06-15 17:03 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-09 20:15 - 2012-06-15 16:54 - 00711402 _____ C:\Windows\PFRO.log
2013-10-09 20:15 - 2012-06-15 16:53 - 00034752 _____ C:\Windows\System32\Drivers\WPRO_41_2001.sys
2013-10-09 20:15 - 2012-06-15 16:51 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2013-10-09 20:15 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-09 20:15 - 2009-07-14 05:51 - 00065568 _____ C:\Windows\setupact.log
2013-10-09 20:15 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2013-10-09 20:07 - 2009-07-14 06:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-09 20:06 - 2013-10-09 20:05 - 05131844 ____R (Swearware) C:\Users\Daniel\Desktop\ComboFix.exe
2013-10-09 20:02 - 2013-10-09 20:01 - 00000000 ____D C:\AdwCleaner
2013-10-09 20:01 - 2012-06-15 17:17 - 00001072 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2477343632-1281009956-176077191-1000Core.job
2013-10-09 20:00 - 2013-10-09 20:00 - 01048960 _____ C:\Users\Daniel\Desktop\adwcleaner.exe
2013-10-09 19:59 - 2012-06-15 17:17 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2477343632-1281009956-176077191-1000UA.job
2013-10-09 19:57 - 2013-03-15 12:20 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-09 19:57 - 2012-06-16 14:42 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-09 14:48 - 2013-10-09 14:48 - 00053282 _____ C:\Users\Daniel\Desktop\FRST.txt
2013-10-09 14:48 - 2013-10-09 14:47 - 00020605 _____ C:\Users\Daniel\Desktop\Addition.txt
2013-10-09 13:36 - 2013-10-09 13:36 - 00000000 ____D C:\FRST
2013-10-09 12:14 - 2013-10-09 14:46 - 01954124 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe
2013-10-09 11:29 - 2012-06-15 17:20 - 00000000 ____D C:\Program Files (x86)\Origin
2013-10-09 11:13 - 2013-03-15 12:20 - 00000000 ____D C:\Program Files (x86)\Google
2013-10-09 11:13 - 2012-06-17 17:16 - 00000000 ____D C:\Users\Daniel\AppData\Local\CrashDumps
2013-10-09 11:13 - 2012-06-15 17:17 - 00000000 ____D C:\Users\Daniel\AppData\Local\Google
2013-10-09 09:10 - 2012-06-15 16:51 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2013-10-08 21:25 - 2012-06-16 14:42 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-08 21:25 - 2012-06-16 14:42 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-08 21:25 - 2012-06-16 14:42 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-08 21:10 - 2013-02-25 23:36 - 00291088 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-10-08 21:10 - 2013-02-25 23:36 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-10-08 21:10 - 2012-06-15 17:48 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-10-08 18:54 - 2012-06-15 17:17 - 00004100 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2477343632-1281009956-176077191-1000UA
2013-10-08 18:54 - 2012-06-15 17:17 - 00003704 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2477343632-1281009956-176077191-1000Core
2013-10-07 21:13 - 2012-06-15 16:43 - 00000000 ____D C:\users\Daniel
2013-10-07 21:13 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-10-07 13:27 - 2013-03-12 20:49 - 00000000 ____D C:\Users\Daniel\AppData\Local\Spotify
2013-10-07 07:22 - 2013-10-07 06:44 - 00000000 ____D C:\Users\Daniel\AppData\Local\DTAG
2013-10-07 06:44 - 2013-10-07 06:44 - 00000000 ____D C:\Users\Daniel\AppData\Local\mquadr.at
2013-10-07 06:44 - 2013-10-07 06:44 - 00000000 ____D C:\ProgramData\mquadr.at
2013-10-01 10:00 - 2013-10-01 10:00 - 00000000 ____D C:\Windows\SysWOW64\NV
2013-10-01 10:00 - 2013-10-01 10:00 - 00000000 ____D C:\Windows\System32\NV
2013-10-01 10:00 - 2013-10-01 10:00 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-10-01 10:00 - 2012-06-15 17:02 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-09-30 15:07 - 2012-06-15 17:46 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-09-28 12:30 - 2013-09-27 16:47 - 00000000 ____D C:\Users\Daniel\AppData\Local\Avg2014
2013-09-27 18:00 - 2012-12-28 14:59 - 00000000 ____D C:\Program Files (x86)\AVG
2013-09-27 17:59 - 2013-09-27 17:59 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\AVG2014
2013-09-27 17:59 - 2012-08-30 13:29 - 00000000 ____D C:\$AVG
2013-09-27 17:58 - 2013-09-27 17:55 - 00000000 ____D C:\ProgramData\AVG2014
2013-09-27 17:58 - 2012-12-28 14:59 - 00000000 ____D C:\ProgramData\AVG2013
2013-09-27 17:55 - 2013-09-27 17:55 - 00000564 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-09-20 15:31 - 2012-11-10 14:23 - 00000000 ____D C:\Users\Daniel\AppData\Local\Windows Live
2013-09-17 15:06 - 2012-07-12 10:19 - 00032320 _____ (FNet Co., Ltd.) C:\Windows\System32\Drivers\FNETTBOH_305.SYS
2013-09-14 11:28 - 2012-07-24 13:42 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-12 17:24 - 2013-09-12 17:24 - 01303624 _____ C:\Windows\Minidump\091213-21450-01.dmp
2013-09-12 17:24 - 2013-09-12 17:24 - 00000000 ____D C:\Windows\Minidump
2013-09-12 10:45 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-09-12 09:58 - 2013-10-01 09:59 - 29337376 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 25256224 _____ (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 22102304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 15703688 _____ (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 13628208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 11274528 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2013-09-12 09:58 - 2013-10-01 09:59 - 09281032 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 07720576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 07648000 _____ (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 06329552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 02970400 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 02789152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 02367264 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 02007328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 01884448 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6432723.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 01511712 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6432723.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 00681760 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 00603424 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 00586016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 00515360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 00458528 _____ (NVIDIA Corporation) C:\Windows\System32\nvEncodeAPI64.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 00388384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 00317472 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglshim64.dll
2013-09-12 09:58 - 2013-10-01 09:59 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-09-12 09:58 - 2013-02-25 23:52 - 01222824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-09-12 09:58 - 2013-02-25 23:52 - 00168616 _____ (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
2013-09-12 09:58 - 2013-02-25 23:52 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-09-12 09:58 - 2012-10-12 17:54 - 02630304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-09-12 09:58 - 2012-06-15 17:02 - 15901448 _____ (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2013-09-12 09:58 - 2012-06-15 17:02 - 12947360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-09-12 09:58 - 2012-06-15 17:02 - 02986672 _____ (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2013-09-12 09:58 - 2012-06-15 17:02 - 01412832 _____ (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll
2013-09-12 09:58 - 2012-06-15 17:02 - 00022814 _____ C:\Windows\System32\nvinfo.pb
2013-09-12 08:25 - 2012-06-15 17:02 - 06599968 _____ (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2013-09-12 08:25 - 2012-06-15 17:02 - 03452192 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2013-09-12 08:25 - 2012-06-15 17:02 - 02559776 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2013-09-12 08:25 - 2012-06-15 17:02 - 00920864 _____ (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2013-09-12 08:25 - 2012-06-15 17:02 - 00219424 _____ (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2013-09-12 08:25 - 2012-06-15 17:02 - 00063776 _____ (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2013-09-12 08:03 - 2009-07-14 05:45 - 00311784 _____ C:\Windows\System32\FNTCACHE.DAT
2013-09-12 00:20 - 2013-08-13 22:25 - 00000000 ____D C:\Windows\System32\MRT
2013-09-12 00:19 - 2012-06-21 18:42 - 79143768 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-09-12 00:17 - 2013-09-12 00:17 - 00571168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2013-09-11 23:06 - 2012-06-15 17:02 - 03361114 _____ C:\Windows\System32\nvcoproc.bin
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
3
Restore point made on: 2013-10-05 17:19:37
Restore point made on: 2013-10-07 16:42:10
Restore point made on: 2013-10-09 20:11:09
==================== Memory info ===========================
Percentage of memory in use: 9%
Total physical RAM: 8086.39 MB
Available physical RAM: 7320.25 MB
Total Pagefile: 8084.54 MB
Available Pagefile: 7313.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:119.02 GB) (Free:18.23 GB) NTFS
Drive d: () (Fixed) (Total:596.05 GB) (Free:549.6 GB) NTFS
Drive f: (TRANSCEND) (Removable) (Total:14.95 GB) (Free:13.05 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 119 GB) (Disk ID: 00000000)
Partition: GPT Partition Type
========================================================
Disk: 1 (Size: 596 GB) (Disk ID: 1549F232)
Partition: GPT Partition Type
========================================================
Disk: 2 (Size: 15 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0B)
LastRegBack: 2013-10-01 10:40
==================== End Of Log ============================
--- --- --- |
|
09.10.2013, 20:35
| #10 |
| | WIN 7 / Sperrbildschirm(interpol trojaner) / FRST-Scan Hab in dem anderen Log das hier gelesen: "ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log." Habe jetzt FRST nochmal vom Desktop aus gestartet und einen Scan gemacht. FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Daniel (administrator) on DANIEL-PC on 09-10-2013 21:32:24
Running from C:\Users\Daniel\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AVG Technologies CZ, s.r.o.) E:\PROGRA~1\avgrsa.exe
(AVG Technologies CZ, s.r.o.) E:\Programme\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\vVX1000.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Spotify Ltd) C:\Users\Daniel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Spotify Ltd) C:\Users\Daniel\AppData\Roaming\Spotify\spotify.exe
(Dropbox, Inc.) C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(FNet Co., Ltd.) C:\Program Files (x86)\XFastUSB\XFastUsb.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe
(AVG Technologies CZ, s.r.o.) E:\Programme\avgfws.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) E:\Programme\avgui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(LogMeIn Inc.) E:\Programme\hamachi-2-ui.exe
(AVG Technologies CZ, s.r.o.) E:\Programme\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) E:\Programme\avgwdsvc.exe
(LogMeIn Inc.) E:\Programme\hamachi-2.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Users\Daniel\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Daniel\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Daniel\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVG Technologies CZ, s.r.o.) E:\Programme\avgnsa.exe
() C:\Users\Daniel\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(AVG Technologies CZ, s.r.o.) E:\Programme\avgcsrva.exe
() C:\Users\Daniel\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Google Inc.) C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor)
HKLM\...\Run: [VX1000] - C:\Windows\vVX1000.exe [762224 2009-06-30] (Microsoft Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-08-27] (NVIDIA Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Daniel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-05] (Spotify Ltd)
HKCU\...\Run: [DAEMON Tools Lite] - E:\Programme\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKCU\...\Run: [Spotify] - C:\Users\Daniel\AppData\Roaming\Spotify\spotify.exe [4736000 2013-10-05] (Spotify Ltd)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation)
HKLM-x32\...\Run: [XFastUSB] - C:\Program Files (x86)\XFastUSB\XFastUsb.exe [5019360 2012-06-15] (FNet Co., Ltd.)
HKLM-x32\...\Run: [THX TruStudio NB Settings] - C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe [909824 2011-05-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] - C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [AVG_UI] - E:\Programme\avgui.exe [4851760 2013-09-15] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - E:\Programme\hamachi-2-ui.exe [2255184 2013-06-28] (LogMeIn Inc.)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [168616 2013-09-12] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [141336 2013-09-12] (NVIDIA Corporation)
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3D22A9152358CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Programme\avgppa.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Programme\avgpp.dll No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [326144] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/", "hxxp://www.facebook.com/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Daniel\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Daniel\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Daniel\AppData\Local\Google\Chrome\Application\30.0.1599.69\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Google Update) - C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (ProxTube) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.4_0
CHR Extension: (YouTube) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.8_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR StartMenuInternet: Google Chrome - C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
R2 avgfws; E:\Programme\avgfws.exe [1358944 2013-09-22] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; E:\Programme\avgidsagent.exe [3538480 2013-09-03] (AVG Technologies CZ, s.r.o.)
R2 avgwd; E:\Programme\avgwdsvc.exe [301152 2013-09-22] (AVG Technologies CZ, s.r.o.)
R2 Hamachi2Svc; E:\Programme\hamachi-2.exe [2470736 2013-06-28] (LogMeIn Inc.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [121344 2012-02-07] ()
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14997280 2013-08-27] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-05-21] ()
S4 RemoteAccess; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology)
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [147768 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [241464 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192824 2013-09-02] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-04-28] (DT Soft Ltd)
R3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2013-09-17] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2012-06-15] (FNet Co., Ltd.)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] ()
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-08-20] (NVIDIA Corporation)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2013-10-09] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-09 21:26 - 2013-10-09 21:26 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2013-10-09 21:16 - 2013-10-09 21:16 - 00027614 _____ C:\ComboFix.txt
2013-10-09 21:07 - 2013-10-09 21:16 - 00000000 ____D C:\Windows\erdnt
2013-10-09 21:07 - 2013-10-09 21:16 - 00000000 ____D C:\Qoobox
2013-10-09 21:07 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-09 21:07 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-09 21:07 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-09 21:07 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-09 21:07 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-09 21:07 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-09 21:07 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-09 21:07 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-09 21:05 - 2013-10-09 21:06 - 05131844 ____R (Swearware) C:\Users\Daniel\Desktop\ComboFix.exe
2013-10-09 21:01 - 2013-10-09 21:02 - 00000000 ____D C:\AdwCleaner
2013-10-09 21:00 - 2013-10-09 21:00 - 01048960 _____ C:\Users\Daniel\Desktop\adwcleaner.exe
2013-10-09 15:47 - 2013-10-09 15:48 - 00020605 _____ C:\Users\Daniel\Desktop\Addition.txt
2013-10-09 15:46 - 2013-10-09 13:14 - 01954124 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe
2013-10-09 14:36 - 2013-10-09 14:36 - 00000000 ____D C:\FRST
2013-10-09 12:14 - 2013-10-09 12:14 - 00001029 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startupgabn7mqlc.lnk
2013-10-07 07:44 - 2013-10-07 08:22 - 00000000 ____D C:\Users\Daniel\AppData\Local\DTAG
2013-10-07 07:44 - 2013-10-07 07:44 - 00000000 ____D C:\Users\Daniel\AppData\Local\mquadr.at
2013-10-07 07:44 - 2013-10-07 07:44 - 00000000 ____D C:\ProgramData\mquadr.at
2013-10-07 07:44 - 2013-05-21 17:20 - 00249824 ____N (mquadr.at software engineering & consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at) C:\Windows\SysWOW64\SSDPDiscovery.dll
2013-10-07 07:44 - 2013-05-02 15:36 - 03490112 ____N (mquadr.at software engineering & consulting GmbH) C:\Windows\SysWOW64\m2network64helper.exe
2013-10-07 07:44 - 2013-05-02 09:09 - 03748672 ____N (mquadr.at software engineering und consulting GmbH) C:\Windows\SysWOW64\M2ElevatedCalls.dll
2013-10-07 07:44 - 2013-05-02 09:08 - 00962368 ____N (mquadr.at software engineering) C:\Windows\SysWOW64\M2ElevatedNetworkAdapters.dll
2013-10-07 07:44 - 2012-12-03 15:58 - 00279040 ____N (Nicomsoft Ltd.) C:\Windows\system32\WiFiMan.dll
2013-10-07 07:44 - 2012-12-03 15:57 - 00238592 ____N (Nicomsoft Ltd.) C:\Windows\SysWOW64\WiFiMan.dll
2013-10-01 11:00 - 2013-10-01 11:00 - 00000000 ____D C:\Windows\SysWOW64\NV
2013-10-01 11:00 - 2013-10-01 11:00 - 00000000 ____D C:\Windows\system32\NV
2013-10-01 11:00 - 2013-10-01 11:00 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-10-01 10:59 - 2013-09-12 10:58 - 29337376 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-10-01 10:59 - 2013-09-12 10:58 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-10-01 10:59 - 2013-09-12 10:58 - 22102304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-10-01 10:59 - 2013-09-12 10:58 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-10-01 10:59 - 2013-09-12 10:58 - 15703688 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-10-01 10:59 - 2013-09-12 10:58 - 13628208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-10-01 10:59 - 2013-09-12 10:58 - 11274528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-10-01 10:59 - 2013-09-12 10:58 - 09281032 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-10-01 10:59 - 2013-09-12 10:58 - 07720576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-10-01 10:59 - 2013-09-12 10:58 - 07648000 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-10-01 10:59 - 2013-09-12 10:58 - 06329552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-10-01 10:59 - 2013-09-12 10:58 - 02970400 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-10-01 10:59 - 2013-09-12 10:58 - 02789152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-10-01 10:59 - 2013-09-12 10:58 - 02367264 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-10-01 10:59 - 2013-09-12 10:58 - 02007328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-10-01 10:59 - 2013-09-12 10:58 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6432723.dll
2013-10-01 10:59 - 2013-09-12 10:58 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6432723.dll
2013-10-01 10:59 - 2013-09-12 10:58 - 00681760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-10-01 10:59 - 2013-09-12 10:58 - 00603424 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-10-01 10:59 - 2013-09-12 10:58 - 00586016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-10-01 10:59 - 2013-09-12 10:58 - 00515360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-10-01 10:59 - 2013-09-12 10:58 - 00458528 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2013-10-01 10:59 - 2013-09-12 10:58 - 00388384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2013-10-01 10:59 - 2013-09-12 10:58 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-10-01 10:59 - 2013-09-12 10:58 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-10-01 10:59 - 2013-06-16 14:38 - 00196384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2013-10-01 10:59 - 2013-06-16 14:38 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2013-10-01 10:42 - 2013-08-20 15:33 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-10-01 10:42 - 2013-08-20 15:32 - 00028448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-09-27 18:59 - 2013-09-27 18:59 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\AVG2014
2013-09-27 18:55 - 2013-09-27 18:58 - 00000000 ____D C:\ProgramData\AVG2014
2013-09-27 18:55 - 2013-09-27 18:55 - 00000564 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-09-27 17:47 - 2013-09-28 13:30 - 00000000 ____D C:\Users\Daniel\AppData\Local\Avg2014
2013-09-12 18:24 - 2013-09-12 18:24 - 01303624 _____ C:\Windows\Minidump\091213-21450-01.dmp
2013-09-12 18:24 - 2013-09-12 18:24 - 00000000 ____D C:\Windows\Minidump
2013-09-12 01:20 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 01:20 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 01:20 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 01:20 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 01:20 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 01:20 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 01:20 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 01:20 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 01:20 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 01:20 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 01:20 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 01:20 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 01:20 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 01:20 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 01:20 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-12 01:20 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-12 01:20 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-12 01:20 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-12 01:20 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-12 01:20 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-12 01:20 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-12 01:20 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-12 01:20 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-12 01:20 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-12 01:20 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-12 01:20 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-12 01:20 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-12 01:20 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 01:20 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-12 01:20 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 01:20 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-12 01:17 - 2013-09-12 01:17 - 00571168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2013-09-11 10:22 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-11 10:22 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-11 10:22 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-11 10:22 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-11 10:22 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-11 10:22 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-11 10:22 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-11 10:22 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-11 10:22 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-11 10:22 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-11 10:22 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-11 10:22 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-11 10:22 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-11 10:22 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-11 10:22 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-11 10:22 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-11 10:22 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-11 10:22 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-11 10:22 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-11 10:22 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-11 10:22 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-11 10:22 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-11 10:22 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-11 10:22 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-11 10:22 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-11 10:22 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-11 10:22 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 10:22 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-11 10:22 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-11 10:22 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-11 10:22 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-11 10:22 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
==================== One Month Modified Files and Folders =======
2013-10-09 21:32 - 2009-07-14 19:58 - 00696832 _____ C:\Windows\system32\perfh007.dat
2013-10-09 21:32 - 2009-07-14 19:58 - 00148128 _____ C:\Windows\system32\perfc007.dat
2013-10-09 21:32 - 2009-07-14 07:13 - 01612976 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-09 21:31 - 2009-07-14 06:45 - 00014944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-09 21:31 - 2009-07-14 06:45 - 00014944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-09 21:27 - 2012-06-15 21:17 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Skype
2013-10-09 21:26 - 2013-10-09 21:26 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2013-10-09 21:26 - 2013-03-15 13:20 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-09 21:26 - 2013-03-12 21:49 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Spotify
2013-10-09 21:26 - 2012-08-30 22:17 - 00000000 ____D C:\Users\Daniel\AppData\Local\LogMeIn Hamachi
2013-10-09 21:26 - 2012-08-23 22:42 - 00000000 ___RD C:\Users\Daniel\Dropbox
2013-10-09 21:26 - 2012-08-23 22:35 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Dropbox
2013-10-09 21:26 - 2012-06-15 18:03 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-09 21:26 - 2012-06-15 17:53 - 00034752 _____ C:\Windows\system32\Drivers\WPRO_41_2001.sys
2013-10-09 21:26 - 2012-06-15 17:51 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2013-10-09 21:26 - 2012-06-15 17:44 - 01208798 _____ C:\Windows\WindowsUpdate.log
2013-10-09 21:26 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-09 21:26 - 2009-07-14 06:51 - 00065895 _____ C:\Windows\setupact.log
2013-10-09 21:25 - 2012-06-15 17:54 - 00711736 _____ C:\Windows\PFRO.log
2013-10-09 21:16 - 2013-10-09 21:16 - 00027614 _____ C:\ComboFix.txt
2013-10-09 21:16 - 2013-10-09 21:07 - 00000000 ____D C:\Windows\erdnt
2013-10-09 21:16 - 2013-10-09 21:07 - 00000000 ____D C:\Qoobox
2013-10-09 21:16 - 2012-08-30 14:25 - 00000000 ____D C:\ProgramData\MFAData
2013-10-09 21:15 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-10-09 21:07 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-09 21:06 - 2013-10-09 21:05 - 05131844 ____R (Swearware) C:\Users\Daniel\Desktop\ComboFix.exe
2013-10-09 21:02 - 2013-10-09 21:01 - 00000000 ____D C:\AdwCleaner
2013-10-09 21:01 - 2012-06-15 18:17 - 00001072 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2477343632-1281009956-176077191-1000Core.job
2013-10-09 21:00 - 2013-10-09 21:00 - 01048960 _____ C:\Users\Daniel\Desktop\adwcleaner.exe
2013-10-09 20:59 - 2012-06-15 18:17 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2477343632-1281009956-176077191-1000UA.job
2013-10-09 20:57 - 2013-03-15 13:20 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-09 20:57 - 2012-06-16 15:42 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-09 16:02 - 2012-06-15 17:43 - 00000000 ___RD C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-09 15:48 - 2013-10-09 15:47 - 00020605 _____ C:\Users\Daniel\Desktop\Addition.txt
2013-10-09 14:36 - 2013-10-09 14:36 - 00000000 ____D C:\FRST
2013-10-09 13:14 - 2013-10-09 15:46 - 01954124 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe
2013-10-09 12:29 - 2012-06-15 18:20 - 00000000 ____D C:\Program Files (x86)\Origin
2013-10-09 12:14 - 2013-10-09 12:14 - 00001029 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startupgabn7mqlc.lnk
2013-10-09 12:13 - 2013-03-15 13:20 - 00000000 ____D C:\Program Files (x86)\Google
2013-10-09 12:13 - 2012-06-17 18:16 - 00000000 ____D C:\Users\Daniel\AppData\Local\CrashDumps
2013-10-09 12:13 - 2012-06-15 18:17 - 00000000 ____D C:\Users\Daniel\AppData\Local\Google
2013-10-09 10:10 - 2012-06-15 17:51 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2013-10-08 22:25 - 2012-06-16 15:42 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-08 22:25 - 2012-06-16 15:42 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-08 22:25 - 2012-06-16 15:42 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-08 22:10 - 2013-02-26 00:36 - 00291088 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-10-08 22:10 - 2013-02-26 00:36 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-10-08 22:10 - 2012-06-15 18:48 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-10-08 19:54 - 2012-06-15 18:17 - 00004100 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2477343632-1281009956-176077191-1000UA
2013-10-08 19:54 - 2012-06-15 18:17 - 00003704 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2477343632-1281009956-176077191-1000Core
2013-10-07 22:13 - 2012-06-15 17:43 - 00000000 ____D C:\Users\Daniel
2013-10-07 22:13 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-10-07 14:27 - 2013-03-12 21:49 - 00000000 ____D C:\Users\Daniel\AppData\Local\Spotify
2013-10-07 08:22 - 2013-10-07 07:44 - 00000000 ____D C:\Users\Daniel\AppData\Local\DTAG
2013-10-07 07:44 - 2013-10-07 07:44 - 00000000 ____D C:\Users\Daniel\AppData\Local\mquadr.at
2013-10-07 07:44 - 2013-10-07 07:44 - 00000000 ____D C:\ProgramData\mquadr.at
2013-10-01 11:00 - 2013-10-01 11:00 - 00000000 ____D C:\Windows\SysWOW64\NV
2013-10-01 11:00 - 2013-10-01 11:00 - 00000000 ____D C:\Windows\system32\NV
2013-10-01 11:00 - 2013-10-01 11:00 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-10-01 11:00 - 2012-06-15 18:02 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-09-30 16:07 - 2012-06-15 18:46 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-09-28 13:30 - 2013-09-27 17:47 - 00000000 ____D C:\Users\Daniel\AppData\Local\Avg2014
2013-09-27 19:00 - 2012-12-28 15:59 - 00000000 ____D C:\Program Files (x86)\AVG
2013-09-27 18:59 - 2013-09-27 18:59 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\AVG2014
2013-09-27 18:59 - 2012-08-30 14:29 - 00000000 ____D C:\$AVG
2013-09-27 18:58 - 2013-09-27 18:55 - 00000000 ____D C:\ProgramData\AVG2014
2013-09-27 18:58 - 2012-12-28 15:59 - 00000000 ____D C:\ProgramData\AVG2013
2013-09-27 18:55 - 2013-09-27 18:55 - 00000564 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-09-20 16:31 - 2012-11-10 15:23 - 00000000 ____D C:\Users\Daniel\AppData\Local\Windows Live
2013-09-17 16:06 - 2012-07-12 11:19 - 00032320 _____ (FNet Co., Ltd.) C:\Windows\system32\Drivers\FNETTBOH_305.SYS
2013-09-14 12:28 - 2012-07-24 14:42 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-12 18:24 - 2013-09-12 18:24 - 01303624 _____ C:\Windows\Minidump\091213-21450-01.dmp
2013-09-12 18:24 - 2013-09-12 18:24 - 00000000 ____D C:\Windows\Minidump
2013-09-12 11:45 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-09-12 10:58 - 2013-10-01 10:59 - 29337376 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-09-12 10:58 - 2013-10-01 10:59 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-09-12 10:58 - 2013-10-01 10:59 - 22102304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-09-12 10:58 - 2013-10-01 10:59 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-09-12 10:58 - 2013-10-01 10:59 - 15703688 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-09-12 10:58 - 2013-10-01 10:59 - 13628208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-09-12 10:58 - 2013-10-01 10:59 - 11274528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-09-12 10:58 - 2013-10-01 10:59 - 09281032 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-09-12 10:58 - 2013-10-01 10:59 - 07720576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-09-12 10:58 - 2013-10-01 10:59 - 07648000 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-09-12 10:58 - 2013-10-01 10:59 - 06329552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-09-12 10:58 - 2013-10-01 10:59 - 02970400 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-09-12 10:58 - 2013-10-01 10:59 - 02789152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-09-12 10:58 - 2013-10-01 10:59 - 02367264 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-09-12 10:58 - 2013-10-01 10:59 - 02007328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-09-12 10:58 - 2013-10-01 10:59 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6432723.dll
2013-09-12 10:58 - 2013-10-01 10:59 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6432723.dll
2013-09-12 10:58 - 2013-10-01 10:59 - 00681760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-09-12 10:58 - 2013-10-01 10:59 - 00603424 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-09-12 10:58 - 2013-10-01 10:59 - 00586016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-09-12 10:58 - 2013-10-01 10:59 - 00515360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-09-12 10:58 - 2013-10-01 10:59 - 00458528 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2013-09-12 10:58 - 2013-10-01 10:59 - 00388384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2013-09-12 10:58 - 2013-10-01 10:59 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-09-12 10:58 - 2013-10-01 10:59 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-09-12 10:58 - 2013-02-26 00:52 - 01222824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-09-12 10:58 - 2013-02-26 00:52 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-09-12 10:58 - 2013-02-26 00:52 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-09-12 10:58 - 2012-10-12 18:54 - 02630304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-09-12 10:58 - 2012-06-15 18:02 - 15901448 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2013-09-12 10:58 - 2012-06-15 18:02 - 12947360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-09-12 10:58 - 2012-06-15 18:02 - 02986672 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2013-09-12 10:58 - 2012-06-15 18:02 - 01412832 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2013-09-12 10:58 - 2012-06-15 18:02 - 00022814 _____ C:\Windows\system32\nvinfo.pb
2013-09-12 09:25 - 2012-06-15 18:02 - 06599968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2013-09-12 09:25 - 2012-06-15 18:02 - 03452192 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2013-09-12 09:25 - 2012-06-15 18:02 - 02559776 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2013-09-12 09:25 - 2012-06-15 18:02 - 00920864 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2013-09-12 09:25 - 2012-06-15 18:02 - 00219424 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2013-09-12 09:25 - 2012-06-15 18:02 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2013-09-12 09:03 - 2012-06-15 17:43 - 00000000 ___RD C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-12 09:03 - 2009-07-14 06:45 - 00311784 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 01:20 - 2013-08-13 23:25 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 01:19 - 2012-06-21 19:42 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-12 01:17 - 2013-09-12 01:17 - 00571168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2013-09-12 00:06 - 2012-06-15 18:02 - 03361114 _____ C:\Windows\system32\nvcoproc.bin
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-01 11:40
==================== End Of Log ============================
|
|
09.10.2013, 21:25
| #11 |
| /// TB-Ausbilder | WIN 7 / Sperrbildschirm(interpol trojaner) / FRST-Scan Hi, genau, den Scan aus dem Reperaturmodus braucht man vor allem, wenn der Rechner gesperrt ist oder sonstwie nicht booten will. Wie läuft die Kiste jetzt? Schritt 1 Lade dir die RemoteAccess.reg auf den Desktop herunter, führe die Datei aus und bestätige das Hinzufügen zur Registrierungsdatenbank. Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3 ESET Online Scanner
__________________ cheers, Leo |
|
09.10.2013, 23:05
| #12 |
| | WIN 7 / Sperrbildschirm(interpol trojaner) / FRST-Scan Also der Gute läuft wieder einwandfrei! Vielen dank schon mal dafür! Hier das log von Malwarebytes. lg Daniel Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.10.09.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16686 Daniel :: DANIEL-PC [Administrator] Schutz: Aktiviert 09.10.2013 22:54:51 mbam-log-2013-10-09 (22-54-51).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 225980 Laufzeit: 1 Minute(n), 51 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=0a250b5efc877045926917b4e6387c90
# engine=15422
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-09 10:03:06
# local_time=2013-10-10 12:03:06 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 7744558 132986036 0 0
# scanned=188962
# found=12
# cleaned=0
# scan_time=3030
sh=60D35D37E74A958553A0355F3968A6CB13C5A47B ft=1 fh=d956b4d4053369d4 vn="a variant of Win32/Kryptik.BMES trojan" ac=I fn="C:\FRST\Quarantine\clqm7nbag.plz"
sh=D38B4E47E8F6567D9955AA763F88607967C578AF ft=1 fh=55ca905e6e271bb6 vn="Win32/Sirefef.FY trojan" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\Google\Desktop\Install\{a4cab183-1a68-a2e3-834c-d72db022f1b2}\9519~1\A535~1\E628~1\{a4cab183-1a68-a2e3-834c-d72db022f1b2}\GoogleUpdate.exe.vir"
sh=46C1319EE38510C365A4226621DE30BDF7E462FF ft=1 fh=662930a683ab766b vn="Win64/Conedex.C trojan" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\Google\Desktop\Install\{a4cab183-1a68-a2e3-834c-d72db022f1b2}\9519~1\A535~1\E628~1\{a4cab183-1a68-a2e3-834c-d72db022f1b2}\U\00000004.@.vir"
sh=A065922E48E274F827BC8A04091A44632D498373 ft=1 fh=f3684398a5f5cf1b vn="Win64/Conedex.I trojan" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\Google\Desktop\Install\{a4cab183-1a68-a2e3-834c-d72db022f1b2}\9519~1\A535~1\E628~1\{a4cab183-1a68-a2e3-834c-d72db022f1b2}\U\00000008.@.vir"
sh=810E28D4E7B28D658DC48A82F0C65B46149AAE89 ft=1 fh=120d32a29875bbd8 vn="Win64/Conedex.B trojan" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\Google\Desktop\Install\{a4cab183-1a68-a2e3-834c-d72db022f1b2}\9519~1\A535~1\E628~1\{a4cab183-1a68-a2e3-834c-d72db022f1b2}\U\000000cb.@.vir"
sh=D38B4E47E8F6567D9955AA763F88607967C578AF ft=1 fh=55ca905e6e271bb6 vn="Win32/Sirefef.FY trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Daniel\AppData\Local\Google\Desktop\Install\{a4cab183-1a68-a2e3-834c-d72db022f1b2}\2E2F~1\28F0~1\E628~1\{a4cab183-1a68-a2e3-834c-d72db022f1b2}\GoogleUpdate.exe.vir"
sh=F3CA92972BBF1FA97E39BA265127D7F12B9D2575 ft=1 fh=582fc9d8a460549d vn="Win32/Sirefef.EZ trojan" ac=I fn="C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir"
sh=B8834D7BE89E71B41E2265976841873C079E5DD5 ft=1 fh=64c34a558e18e82f vn="Win64/Sirefef.G trojan" ac=I fn="C:\Qoobox\Quarantine\C\Windows\assembly\GAC_64\Desktop.ini.vir"
sh=ADCE69196F393A856402B98AEBA631F755D1D86F ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2012-4681.CT trojan" ac=I fn="C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\34695d54-35cf98e9"
sh=ADCE69196F393A856402B98AEBA631F755D1D86F ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2012-4681.CT trojan" ac=I fn="C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\34695d54-7dfdfce6"
sh=414EC2288BED4C2D457177B270910725CB316180 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.OJF trojan" ac=I fn="C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\4b4f929c-287e15c3"
sh=9ACE247F0067161AF1C8BECB892C5DF5B87CC3B6 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2012-4681.CU trojan" ac=I fn="C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\580cc21d-465b44d3"
|
|
10.10.2013, 09:13
| #13 |
| /// TB-Ausbilder | WIN 7 / Sperrbildschirm(interpol trojaner) / FRST-Scan Hi, die Funde von ESET sind allesamt nicht mehr spannend. Nur noch Dinge in Quarantäne und im Java-Cache. Wir räumen auf. Schritt 1 Lade dir  TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
Schritt 2 Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware zur Infizierung per Drive-by Download missbraucht werden können. Die aktuelle Version ist Java 7 Update 40.
Überleg dir also, ob du eine Java-Installation wirklich brauchst. Falls du Java weiterhin verwenden möchtest, dann:
Schritt 3 Die Version deines Adobe PDF Readers ist veraltet, wir müssen ihn updaten:
Überprüfe dann mit diesem Plugin-Check (mit dem Firefox hier), ob nun alle deine verwendeten Versionen aktuell sind und update sie anderenfalls. Cleanup Zum Schluss werden wir jetzt noch unsere Tools (inklusive der Quarantäne-Ordner) wegräumen, die verseuchten Systemwiederherstellungspunkte löschen und alle Einstellungen wieder herrichten. Auch diese Schritte sind noch wichtig und sollten in der angegebenen Reihenfolge ausgeführt werden.
>> OK << Wir sind durch, deine Logs sehen für mich im Moment sauber aus.  Ich habe dir nachfolgend ein paar Hinweise und Tipps zusammengestellt, die dazu beitragen sollen, dass du in Zukunft unsere Hilfe nicht mehr brauchen wirst. Bitte gib mir danach noch eine kurze Rückmeldung, wenn auch von deiner Seite keine Probleme oder Fragen mehr offen sind, damit ich dieses Thema als erledigt betrachten kann. Epilog: Tipps, Dos & Don'ts  Aktualität von System und SoftwareDas Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:
Auch die installierte Software sollte immer in der aktuellsten Version vorliegen. Speziell gilt das für den Browser, Java, Flash-Player und PDF-Reader, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.
Sicherheits-SoftwareEine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine verseuchte Datei nicht erkennt). Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.
Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt. Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons zur Empfehlung gibt:
(Un-)Sicheres Verhalten im InternetNebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert. Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
Allgemeine HinweiseAbschliessend noch ein paar grundsätzliche Bemerkungen:
Wenn du möchtest, kannst du das Forum mit einer kleinen Spende unterstützen. Es bleibt mir nur noch, dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen. 
__________________ cheers, Leo |
|
10.10.2013, 14:52
| #14 |
| | WIN 7 / Sperrbildschirm(interpol trojaner) / FRST-Scan Vielen vielen dank für die super Hilfe! Kann es immer noch nicht so richtig glauben, dass mir so schnell Schritt für Schritt geholfen wurde. Werde mir die Tipps zu Herzen nehmen und versuchen besser auf zu passen, auch wenn diese Viren einen einfach beim öffnen einer Seite überrumpeln >D Eine Spende ist mir das Ganze auf jeden Fall wert, macht weiter so LG Daniel |
|
10.10.2013, 14:56
| #15 |
| /// TB-Ausbilder | WIN 7 / Sperrbildschirm(interpol trojaner) / FRST-Scan Danke für die Rückmeldung, Daniel. Und im Namen des Teams vielen Dank für die Spende! Freut mich, dass wir helfen konnten.  Falls du dem Forum noch Verbesserungsvorschläge, Kritik oder ein Lob mitgeben möchtest, kannst du das hier tun. Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten. Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter. Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
__________________ cheers, Leo |
|
| Themen zu WIN 7 / Sperrbildschirm(interpol trojaner) / FRST-Scan |
| adobe, adobe flash player, association, defender, explorer, explorer.exe, farbar recovery scan tool, flash player, free, generic, hintergrund, icreinstall, logfile, microsoft, minidump, nvidia, programme, realtek, registry, services.exe, software, spotify web helper, svchost.exe, system, system32, temp, trojaner, update, usb, wajam, winlogon.exe |
Linear-Darstellung
