| |
| |||||||
Log-Analyse und Auswertung: GVU Tronjaner hat auch mich erwischtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
29.08.2013, 19:21
| #1 |
 |  GVU Tronjaner hat auch mich erwischt Hallo liebe Helfer, auch mich hat es heute eiskalt erwischt und ich habe bereits einige Stunden alles mögliche was zu googlen war ausprobiert...ohne Erfolg. Ich habe demnach nach Anleitung hier im Forum den FRST Scan durchlaufen lassen und poste es hier: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-08-2013
Ran by SYSTEM on 29-08-2013 20:10:55
Running from H:\
Windows 7 Home Premium (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13531680 2008-07-17] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [92704 2008-07-17] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6139904 2008-05-07] (Realtek Semiconductor)
HKLM\...\Run: [FIC HotKey] - C:\Program Files\Hotkey Utility\tray.exe [520192 2008-06-05] ()
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-04-20] (Intel Corporation)
HKLM\...\Run: [PowerManager] - C:\Program Files\Power Manager\PM.exe [1675264 2008-05-22] ()
HKLM\...\Run: [WrtMon.exe] - C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe [26704 2007-04-11] ()
HKLM\...\Run: [lxdomon.exe] - C:\Program Files\Lexmark 9500 Series\lxdomon.exe [450560 2007-09-06] ()
HKLM\...\Run: [lxdoamon] - C:\Program Files\Lexmark 9500 Series\lxdoamon.exe [20480 2007-08-09] ()
HKLM\...\Run: [TkBellExe] - C:\Program Files\Common Files\Real\Update_OB\realsched.exe [202256 2010-02-18] (RealNetworks, Inc.)
HKLM\...\Run: [TrayServer] - C:\Program Files\MAGIX\Video_deluxe_17_Plus_Sonderedition_Download-Version\TrayServer.exe [90112 2008-08-07] (MAGIX AG)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM\...\Run: [IndexSearch] - C:\Program Files\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-08] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] - C:\Program Files\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-08] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort12reminder] - C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PDFHook] - C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [PDF5 Registry Controller] - C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [ControlCenter4] - C:\Program Files\ControlCenter4\BrCcBoot.exe [139264 2011-04-20] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] - C:\Program Files\Browny02\Brother\BrStMonW.exe [2629632 2011-05-18] (Brother Industries, Ltd.)
HKLM\...\Run: [iTunesHelper] - D:\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKU\Timo Tischler\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2009-07-13] (Microsoft Corporation)
HKU\Timo Tischler\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [ 2009-05-05] (Acresso Corporation)
HKU\Timo Tischler\...\Run: [GoogleChromeAutoLaunch_02FD4696E8D584CA28380A4E066BEED4] - C:\Program Files\Google\Chrome\Application\chrome.exe [ 2013-08-15] (Google Inc.)
HKU\Timo Tischler\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2013-04-19] (Skype Technologies S.A.)
HKU\Timo Tischler\...\Winlogon: [Shell] Explorer.exe <==== ATTENTION
BootExecute: autocheck autochk * auto_reactivate \\?\Volume{8b33aa80-978c-11de-a815-806e6f6e6963}\bootwiz\asrm.bin
========================== Services (Whitelisted) =================
S2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [661072 2009-11-11] (Acronis)
S4 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2480048 2010-02-08] (Acronis)
S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-24] (Brother Industries, Ltd.)
S2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®)
S4 FSCLBaseUpdaterService; C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe [65536 2007-06-04] ()
S2 lmab_device; C:\Windows\system32\LMabcoms.exe [593920 2009-09-06] ( )
S4 LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [186904 2008-06-01] (Logitech Inc.)
S4 LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [141848 2008-06-01] (Logitech Inc.)
S2 lxdoCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdoserv.exe [94208 2007-07-17] (Lexmark International, Inc.)
S2 lxdo_device; C:\Windows\system32\lxdocoms.exe [589824 2007-09-20] ( )
S2 N360; C:\Program Files\Norton 360\Engine\6.4.1.14\diMaster.dll [309688 2012-04-12] (Symantec Corporation)
S2 NMSAccessU; D:\Programme\CDBurnerXP\NMSAccessU.exe [71096 2009-07-13] ()
S4 O&O DriveLED; C:\Program Files\OO Software\DriveLED\oodlag.exe [529664 2009-09-28] (O&O Software GmbH)
S4 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [36352 2009-12-11] ()
S2 OpLclSrv; C:\Program Files\Okidata\Common\Extend3\portmgrsrv.exe [139264 2011-04-11] (Oki Data Corporation)
S2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)
S4 TestHandler; C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [341264 2009-02-19] (Fujitsu Technology Solutions)
==================== Drivers (Whitelisted) ====================
S4 ahcix86s; C:\Windows\system32\drivers\ahcix86s.sys [173576 2008-05-27] (AMD Technologies Inc.)
S1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20130715.001\BHDrvx86.sys [1002072 2013-05-31] (Symantec Corporation)
S1 ccSet_N360; C:\Windows\system32\drivers\N360\0604010.00E\ccSetx86.sys [132768 2012-06-06] (Symantec Corporation)
S0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-13] (Microsoft Corporation)
S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-08-26] (Symantec Corporation)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13904 2011-05-06] ()
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [30976 2013-08-29] ()
S4 JRAID; C:\Windows\system32\drivers\jraid.sys [76688 2008-04-03] (JMicron Technology Corp.)
S3 LVcKap; C:\Windows\System32\DRIVERS\LVcKap.sys [2109976 2008-06-01] (Logitech Inc.)
S3 LVMVDrv; C:\Windows\System32\DRIVERS\LVMVDrv.sys [2142488 2008-06-01] (Logitech Inc.)
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25624 2008-06-01] ()
S3 massfilter; C:\Windows\System32\drivers\massfilter.sys [9216 2011-05-09] (MBB Incorporated)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130829.002\NAVENG.SYS [93272 2013-08-28] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130829.002\NAVEX15.SYS [1612376 2013-08-28] (Symantec Corporation)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-08] (Microsoft Corporation)
S0 OODrvled; C:\Windows\System32\DRIVERS\OODrvled.sys [25608 2009-09-28] (O&O Software GmbH)
S3 SRTSP; C:\Windows\System32\Drivers\N360\0604010.00E\SRTSP.SYS [574112 2012-07-05] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\N360\0604010.00E\SRTSPX.SYS [32928 2012-07-05] (Symantec Corporation)
S2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2011-03-17] (Samsung Electronics)
S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [7168 2009-11-12] ()
S0 SymDS; C:\Windows\System32\drivers\N360\0604010.00E\SYMDS.SYS [340088 2011-08-15] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\N360\0604010.00E\SYMEFA.SYS [924320 2012-05-21] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [141944 2013-07-23] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\N360\0604010.00E\Ironx86.SYS [149624 2011-11-16] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\N360\0604010.00E\SYMNETS.SYS [318584 2011-11-16] (Symantec Corporation)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25984 2009-12-11] (The OpenVPN Project)
S0 tdrpman258; C:\Windows\System32\DRIVERS\tdrpm258.sys [911680 2010-02-08] (Acronis)
S3 Tdsshbecr; C:\Windows\System32\DRIVERS\shbecr.sys [42368 2008-09-28] (Todos Data System AB)
S1 WINIO; C:\Windows\system32\WinIo.sys [9336 2007-01-04] (hxxp://www.internals.com)
S3 ZTEusbnet; C:\Windows\System32\DRIVERS\ZTEusbnet.sys [116736 2011-05-09] (ZTE Corporation)
S2 adfs; No ImagePath
S1 IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20130823.001\IDSvix86.sys [x]
========================== Drivers MD5 =======================
C:\Windows\System32\DRIVERS\1394ohci.sys 6D2ACA41739BFE8CB86EE8E85F29697D
C:\Windows\System32\DRIVERS\ACPI.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\afcdp.sys EF1AFA9752E468013584585666A3B119
C:\Windows\system32\drivers\afd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\ahcix86s.sys FBE4016F9EF3AB3DB547E40A936B6CD9
C:\Windows\system32\DRIVERS\djsvs.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\aliide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Apfiltr.sys 2C29855AB6E1E476D026C8FC189F8B98
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\atapi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bxvbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20130715.001\BHDrvx86.sys 6C6AC7CA8A034C15C52B35189BAD58EE
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\system32\drivers\N360\0604010.00E\ccSetx86.sys ACE85AF1C31F68BDFEE9333F6592917E
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys DB5E008B3744DD60C8498CBBF2A1CFA6
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dc3d.sys 33E7AB50F87F97ABD9057205E27CB182
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\e1y6032.sys 8EEF52AD831471E323EE7364A8656D35
C:\Windows\system32\DRIVERS\evbdx.sys ==> MD5 is legit
C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys E1E3804F7C59EA3E14637C2A763F65E2
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\errdev.sys ==> MD5 is legit
C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys 2407B8164E966755BC6A4242FC9DE31E
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legitB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 500A9814FD9446A8126858A5A7F7D273
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 185ADA973B5020655CEE342059A86CBB
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\hitmanpro37.sys CE77439BAF613019D6B7658292D1E4A6
C:\Windows\system32\DRIVERS\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys E5A0034847537EAEE3C00349D5C34C5F
C:\Windows\system32\drivers\iaStorV.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\igdkmd32.sys 6FB1858D1F0923D122B0331865695041
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHDA.sys 219CA9A36D6DE2EC04F958C907673436
C:\Windows\system32\DRIVERS\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\isapnp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msiscsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\jraid.sys C36F3A1A4E8416EF43F30DEAB7701730
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 52FC17C8589F11747D01D3CF592673D0
C:\Windows\System32\Drivers\ksecpkg.sys 3E5474B03568CFAB834DA3C38E8C9EFA
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\LVcKap.sys EDD5BDA3483A981C704E7413B69BEE89
C:\Windows\System32\DRIVERS\LVMVDrv.sys 97F5D626CFF8186C8F753AC2A5012798
C:\Windows\System32\DRIVERS\LVPr2Mon.sys C3C347951ED7C3600B5120DA740C2B93
C:\Windows\System32\DRIVERS\lvuvc.sys D19FD251D383BC203E34CFB63B8C10AC
C:\Windows\System32\drivers\massfilter.sys 79EC6C0033776F89DD5131241F0170E1
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb10.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb20.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130829.002\NAVENG.SYS 81E928EE3751FAF725C87CC17726C05D
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130829.002\NAVEX15.SYS E0C39FA6C76AE8ED53ABF043F35ECDFF
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netw5v32.sys 58218EC6B61B1169CF54AAB0D00F5FE2
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\drivers\ccdcmb.sys 28E36E677849174C910FAAEAD3E60E9E
C:\Windows\System32\drivers\ccdcmbo.sys 3823DEB17F9F6775DE0187A98FA0536D
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NuidFltr.sys CF7E041663119E09D2E118521ADA9300
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvlddmkm.sys 1DBD6DF4B2D729D533CF8D4BD05D3F17
C:\Windows\system32\drivers\nvraid.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvstor.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\OODrvled.sys 911B1F6512D954EDF468D536790465CF
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 66D3415C159741ADE7038A277EFFF99F
C:\Windows\system32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pccsmcfd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pci.sys C858CB77C577780ECC456A892E7E7D0F
C:\Windows\system32\DRIVERS\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\Drivers\PxHelp20.sys E42E3433DBB4CFFE8FDD91EAB29AEA8E
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys 835D7E81BF517A3B72384BDCC85E1CE6
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys 1E016846895B15A99F9A176A05029075
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys C5B8D47A4688DE9D335204EA757C2240
C:\Windows\System32\drivers\rdyboost.sys 4EA225BF1CF05E158853F30A99CA29A7
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTSTOR.SYS 4F31CFDEBD0A5BC27D45E7EBFEFAAF6F
C:\Windows\system32\DRIVERS\sbp2port.sys 34EE0C44B724E3E4CE2EFF29126DE5B5
C:\Windows\System32\DRIVERS\scfilter.sys A95C54B2AC3CC9C73FCDF9E51A1D6B51
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffp_sd.sys 4F1E5B0FE7C8050668DBFADE8999AEFB
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\snapman.sys 5BCEB1B306878035DACBA6DD18366EDA
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\N360\0604010.00E\SRTSP.SYS 7BB297CADA42903328E92425D9761DA6
C:\Windows\system32\drivers\N360\0604010.00E\SRTSPX.SYS 475FCF0F28D845BF1C8ABAC27F19003E
C:\Windows\System32\DRIVERS\srv.sys C4A027B8C0BD3FC0699F41FA5E9E0C87
C:\Windows\System32\DRIVERS\srv2.sys 414BB592CAD8A79649D01F9D94318FB3
C:\Windows\System32\DRIVERS\srvnet.sys FF207D67700AA18242AAF985D3E7D8F4
C:\Windows\system32\Drivers\SSPORT.sys EF3458337D7341A05169CEFC73709264
C:\Windows\System32\Drivers\StarOpen.sys F92254B0BCFCD10CAAC7BCCC7CB7F467
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serscan.sys EDB05BD63148796F23EA78506404A538
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\N360\0604010.00E\SYMDS.SYS 690FA0E61B90084C4D9A721BD4F3D779
C:\Windows\System32\drivers\N360\0604010.00E\SYMEFA.SYS 8F88EDB211B12537D2DC2A6D73D6067C
C:\Windows\system32\Drivers\SYMEVENT.SYS 74E2521E96176A4449570E50BE91954D
C:\Windows\system32\drivers\N360\0604010.00E\Ironx86.SYS 2C356CCA706505CF63CBE39D532B9236
C:\Windows\System32\Drivers\N360\0604010.00E\SYMNETS.SYS 3EE215D6FE821E3EDF0F7134D9AE905A
C:\Windows\System32\DRIVERS\tap0901.sys 5C7C939BBD03784FE58C80578D065CC9
C:\Windows\System32\drivers\tcpip.sys 55E9965552741F3850CB22CBBA9671ED
C:\Windows\System32\DRIVERS\tcpip.sys 55E9965552741F3850CB22CBBA9671ED
C:\Windows\System32\drivers\tcpipreg.sys E64444523ADD154F86567C469BC0B17F
C:\Windows\System32\drivers\tdpipe.sys 1875C1490D99E70E449E3AFAE9FCBADF
C:\Windows\System32\DRIVERS\tdrpm258.sys 8DE3E45000BA8C9EBB16737D3F83E216
C:\Windows\System32\DRIVERS\shbecr.sys 4A766448821359DF6A0427A91782385A
C:\Windows\System32\drivers\tdtcp.sys 7156308896D34EA75A582F9A09E50C17
C:\Windows\System32\DRIVERS\tdx.sys CB39E896A2A83702D1737BFD402B3542
C:\Windows\System32\DRIVERS\termdd.sys C36F41EE20E6999DBF4B0425963268A5
C:\Windows\System32\DRIVERS\tosrfbd.sys 4AC571026155442678E3A0B564A374B1
C:\Windows\System32\Drivers\tosrfbnp.sys 181E217A7A326817D97946D045B3CB46
C:\Windows\System32\Drivers\tosrfcom.sys E90ACE3B4FA7A85F992BC21EB779C407
C:\Windows\System32\DRIVERS\Tosrfhid.sys D3F87C46C7C9E5DB99FBD3D17121B891
C:\Windows\System32\DRIVERS\tosrfnds.sys C52FD27B9ADF3A1F22CB90E6BCF9B0CB
C:\Windows\System32\DRIVERS\tosrfusb.sys 98C04A6432CE9C2AD328F57B9384D348
C:\Windows\System32\DRIVERS\tssecsrv.sys 98AE6FA07D12CB4EC5CF4A9BFA5F4242
C:\Windows\System32\DRIVERS\tunnel.sys 3E461D890A97F9D4C168F5FDA36E1D00
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys 09CC3E16F8E5EE7168E01CF8FCBE061A
C:\Windows\system32\DRIVERS\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys 049B3A50B3D646BAEEEE9EEC9B0668DC
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbser_lowerflt.sys B1B8BEE26227DAD9835019201552CB05
C:\Windows\System32\Drivers\usbaapl.sys 73B41F4EAD65F355962168D766AF0F2E
C:\Windows\System32\DRIVERS\usbccgp.sys C31AE588E403042632DC796CF09E30B0
C:\Windows\System32\DRIVERS\usbcir.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbehci.sys E4C436D914768CE965D5E659BA7EEBD8
C:\Windows\System32\DRIVERS\usbhub.sys BDCD7156EC37448F08633FD899823620
C:\Windows\system32\drivers\usbohci.sys EB2D819A639015253C871CDA09D91D58
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 576096CCBC07E7C4EA4F5E6686D6888F
C:\Windows\System32\drivers\usbser.sys 88701ECA76145E2C011C0EEFF0F7B70E
C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys 98E1FF1D732C6C7200B6C59D4FF8C1C3
C:\Windows\System32\DRIVERS\USBSTOR.SYS 1C4287739A93594E57E2A9E6A3ED7353
C:\Windows\system32\drivers\usbuhci.sys 22480BF4E5A09192E5E30BA4DDE79FA4
C:\Windows\System32\DRIVERS\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vhdmp.sys 3BE6E1F3A4F1AFEC8CEE0D7883F93583
C:\Windows\system32\DRIVERS\viaagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viac7.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viaide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\volmgr.sys 384E5A2AA49934295171E499F86BA6F3
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\volsnap.sys 58DF9D2481A56EDDE167E51B334D44FD
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys 692A712062146E96D28BA0B7D75DE31B
C:\Windows\System32\DRIVERS\wanarp.sys 692A712062146E96D28BA0B7D75DE31B
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\system32\WinIo.sys 819C68FF6C4C63886D636FFB2DABF5EF
C:\Windows\System32\DRIVERS\WinUsb.sys 30FC6E5448D0CBAAA95280EEEF7FEDAE
C:\Windows\system32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys 6F9B6C0C93232CFF47D0F72D6DB1D21E
C:\Windows\System32\DRIVERS\WUDFRd.sys F91FF1E51FCA30B3C3981DB7D5924252
C:\Windows\System32\DRIVERS\ZTEusbnet.sys 48B9F83939F56622FAB71B526D28D89F
C:\Windows\System32\DRIVERS\ZTEusbnmea.sys F6520E06C15DEA5AB7BB016309FE4BB3
C:\Windows\System32\DRIVERS\ZTEusbser6k.sys F6520E06C15DEA5AB7BB016309FE4BB3
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-29 16:21 - 2013-08-29 16:21 - 00000000 __SHD C:\found.004
2013-08-29 09:08 - 2013-08-29 09:08 - 00003288 ____N C:\bootsqm.dat
2013-08-29 09:06 - 2013-08-29 09:06 - 00000000 __SHD C:\found.005
2013-08-29 08:30 - 2013-08-29 08:30 - 00001048 _____ C:\Windows\System32\.crusader
2013-08-29 08:25 - 2013-08-29 08:37 - 00030976 _____ C:\Windows\System32\Drivers\hitmanpro37.sys
2013-08-29 08:24 - 2013-08-29 08:31 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-29 06:23 - 2013-08-29 06:23 - 01084764 _____ C:\Users\Timo Tischler\AppData\Local\2433f433
2013-08-29 05:36 - 2013-08-29 06:23 - 01084698 _____ C:\ProgramData\2433f433
2013-08-29 05:36 - 2013-08-29 06:23 - 01084696 _____ C:\Users\Timo Tischler\AppData\Roaming\2433f433
2013-08-29 03:44 - 2013-08-29 03:44 - 00010083 _____ C:\Users\Timo Tischler\Desktop\Mappe1.xlsx
2013-08-26 09:13 - 2013-08-26 09:13 - 00081650 _____ C:\Users\Timo Tischler\Desktop\Preordersheet_EUR_SS14.xlsx
2013-08-25 03:12 - 2013-08-25 03:12 - 00000000 ____D C:\Users\Timo Tischler\AppData\Roaming\Okidata
2013-08-25 02:44 - 2013-08-25 02:44 - 00009203 _____ C:\Users\Timo Tischler\Desktop\Überweisungen.xlsx
2013-08-21 05:01 - 2013-08-21 05:01 - 00167547 _____ C:\Users\Timo Tischler\Desktop\Kopie von am 27 8 .xlsx
2013-08-21 00:13 - 2013-08-21 00:13 - 00265582 _____ C:\Users\Timo Tischler\Desktop\am 27 8 .xlsx
2013-08-18 10:32 - 2013-08-18 10:32 - 00051294 _____ C:\Users\Timo Tischler\Desktop\Lundhags Preorder 2014.xlsx
2013-08-17 03:35 - 2013-05-15 07:22 - 00354242 _____ C:\Users\Timo Tischler\Desktop\LOGO1.ai
2013-08-17 02:15 - 2013-08-17 02:15 - 00000000 ____D C:\Users\Timo Tischler\Downloads\Exigus_20130817121055
2013-08-17 02:11 - 2013-08-17 02:11 - 07224929 _____ C:\Users\Timo Tischler\Downloads\Exigus_20130817121055.zip
2013-08-02 08:41 - 2013-08-02 08:41 - 00001991 _____ C:\Users\Public\Desktop\MF60 Mobile Hotspot.lnk
2013-08-02 08:41 - 2011-05-09 23:26 - 00116736 _____ (ZTE Corporation) C:\Windows\System32\Drivers\ZTEusbnet.sys
2013-08-02 08:41 - 2011-05-09 23:26 - 00107776 _____ (ZTE Incorporated) C:\Windows\System32\Drivers\ZTEusbser6k.sys
2013-08-02 08:41 - 2011-05-09 23:26 - 00107776 _____ (ZTE Incorporated) C:\Windows\System32\Drivers\ZTEusbnmea.sys
2013-08-02 08:41 - 2011-05-09 23:26 - 00107776 _____ (ZTE Incorporated) C:\Windows\System32\Drivers\ZTEusbmdm6k.sys
2013-08-02 08:41 - 2011-05-09 23:26 - 00009216 _____ (MBB Incorporated) C:\Windows\System32\Drivers\massfilter.sys
2013-08-02 08:40 - 2013-08-02 08:41 - 00000000 ____D C:\Program Files\SupportAppCB
2013-08-02 08:40 - 2013-08-02 08:40 - 00000000 ____D C:\Program Files\MF60 Mobile Hotspot
==================== One Month Modified Files and Folders =======
2013-08-29 16:21 - 2013-08-29 16:21 - 00000000 __SHD C:\found.004
2013-08-29 09:51 - 2010-02-09 03:49 - 00028599 _____ C:\ProgramData\nvModes.dat
2013-08-29 09:49 - 2010-02-09 02:52 - 00015104 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-29 09:49 - 2010-02-09 02:52 - 00015104 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-29 09:42 - 2009-07-13 20:39 - 24839886 _____ C:\Windows\setupact.log
2013-08-29 09:08 - 2013-08-29 09:08 - 00003288 ____N C:\bootsqm.dat
2013-08-29 09:06 - 2013-08-29 09:06 - 00000000 __SHD C:\found.005
2013-08-29 08:37 - 2013-08-29 08:25 - 00030976 _____ C:\Windows\System32\Drivers\hitmanpro37.sys
2013-08-29 08:35 - 2010-02-09 03:58 - 00169871 _____ C:\ProgramData\nvModes.001
2013-08-29 08:31 - 2013-08-29 08:24 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-29 08:30 - 2013-08-29 08:30 - 00001048 _____ C:\Windows\System32\.crusader
2013-08-29 06:23 - 2013-08-29 06:23 - 01084764 _____ C:\Users\Timo Tischler\AppData\Local\2433f433
2013-08-29 06:23 - 2013-08-29 05:36 - 01084698 _____ C:\ProgramData\2433f433
2013-08-29 06:23 - 2013-08-29 05:36 - 01084696 _____ C:\Users\Timo Tischler\AppData\Roaming\2433f433
2013-08-29 05:33 - 2010-05-30 10:54 - 00000000 ____D C:\Users\Timo Tischler\AppData\Local\CrashDumps
2013-08-29 03:44 - 2013-08-29 03:44 - 00010083 _____ C:\Users\Timo Tischler\Desktop\Mappe1.xlsx
2013-08-28 03:09 - 2013-06-07 07:05 - 00000000 ____D C:\Users\Timo Tischler\Desktop\ZWISCHENABLAGE AKTUELL
2013-08-26 21:41 - 2013-05-15 19:51 - 00000000 ____D C:\Users\Timo Tischler\AppData\Roaming\Skype
2013-08-26 21:35 - 2010-02-09 03:31 - 01782982 _____ C:\Windows\PFRO.log
2013-08-26 11:26 - 2013-07-27 09:31 - 00016073 _____ C:\Users\Timo Tischler\Desktop\Lundhags Order.xlsx
2013-08-26 09:13 - 2013-08-26 09:13 - 00081650 _____ C:\Users\Timo Tischler\Desktop\Preordersheet_EUR_SS14.xlsx
2013-08-25 03:12 - 2013-08-25 03:12 - 00000000 ____D C:\Users\Timo Tischler\AppData\Roaming\Okidata
2013-08-25 02:44 - 2013-08-25 02:44 - 00009203 _____ C:\Users\Timo Tischler\Desktop\Überweisungen.xlsx
2013-08-24 04:52 - 2013-07-25 06:41 - 00010161 _____ C:\Users\Timo Tischler\Desktop\VERKAUF.xlsx
2013-08-24 04:26 - 2010-02-09 03:43 - 01111721 _____ C:\Windows\WindowsUpdate.log
2013-08-22 23:50 - 2009-09-14 21:46 - 00000000 ____D C:\Users\Timo Tischler\AppData\Roaming\UseNeXT
2013-08-21 05:01 - 2013-08-21 05:01 - 00167547 _____ C:\Users\Timo Tischler\Desktop\Kopie von am 27 8 .xlsx
2013-08-21 00:13 - 2013-08-21 00:13 - 00265582 _____ C:\Users\Timo Tischler\Desktop\am 27 8 .xlsx
2013-08-18 11:03 - 2010-03-26 08:54 - 00000000 ____D C:\Users\Timo Tischler\AppData\Roaming\vlc
2013-08-18 10:32 - 2013-08-18 10:32 - 00051294 _____ C:\Users\Timo Tischler\Desktop\Lundhags Preorder 2014.xlsx
2013-08-18 08:03 - 2009-07-13 20:33 - 03291984 _____ C:\Windows\System32\FNTCACHE.DAT
2013-08-17 11:22 - 2010-03-31 05:15 - 00000000 ____D C:\Users\Timo Tischler\AppData\Roaming\dvdcss
2013-08-17 03:37 - 2010-02-09 03:50 - 00233696 _____ C:\Users\Timo Tischler\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-17 02:15 - 2013-08-17 02:15 - 00000000 ____D C:\Users\Timo Tischler\Downloads\Exigus_20130817121055
2013-08-17 02:11 - 2013-08-17 02:11 - 07224929 _____ C:\Users\Timo Tischler\Downloads\Exigus_20130817121055.zip
2013-08-15 06:26 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\NDF
2013-08-10 02:05 - 2013-07-22 05:08 - 00000000 ____D C:\Users\Timo Tischler\Desktop\Ausrüstungsverkauf
2013-08-10 01:25 - 2013-05-22 12:27 - 00000000 ____D C:\Users\Timo Tischler\Desktop\XXXXXXCHANGE FLYERWERKSTATT LAPPLAND
2013-08-02 08:41 - 2013-08-02 08:41 - 00001991 _____ C:\Users\Public\Desktop\MF60 Mobile Hotspot.lnk
2013-08-02 08:41 - 2013-08-02 08:40 - 00000000 ____D C:\Program Files\SupportAppCB
2013-08-02 08:40 - 2013-08-02 08:40 - 00000000 ____D C:\Program Files\MF60 Mobile Hotspot
2013-08-02 08:40 - 2009-09-02 00:00 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
ZeroAccess:
C:\Windows\Installer\{630d094a-5ad6-4afb-b11c-d421014a516d}
C:\Windows\Installer\{630d094a-5ad6-4afb-b11c-d421014a516d}\@
ZeroAccess:
C:\Users\Timo Tischler\AppData\Local\{630d094a-5ad6-4afb-b11c-d421014a516d}
C:\Users\Timo Tischler\AppData\Local\{630d094a-5ad6-4afb-b11c-d421014a516d}\@
Files to move or delete:
====================
C:\ProgramData\nvModes.dat
C:\Users\Timo Tischler\AppData\Roaming\skype.ini
C:\Users\Timo Tischler\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Timo Tischler\AppData\Local\Temp\lfnvkjwtlsbwfyshq.dll
C:\Users\Timo Tischler\AppData\Local\Temp\_isC909.exe
C:\Users\Timo Tischler\AppData\Local\Temp\_isE257.exe
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\PcfaxTx\pcfxcom.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\NetScn\SysDir\BrMuSNMP.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\NetScn\SysDir\BrNetSti.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\NetScn\SysDir\Brnsplg.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\NetScn\SysDir\BrWiaNCp.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\NetScn\SysDir\NSSearch.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\brlm03a.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\BrMonitor.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrFirmUpdateCheck.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrotherNetTool.exe
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrotherOfflineChk.exe
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrotherUSBTool.exe
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrStMonW.exe
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrStMonWRes.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrUSBAru.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrUSBBul.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrUSBChn.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrUSBCht.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrUSBCze.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrUSBDan.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrUSBDut.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrUSBEng.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrUSBFin.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrUSBFrc.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrUSBFre.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrUSBGer.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrUSBHun.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrUSBIta.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrUSBJpn.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrUSBKor.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrUSBNor.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrUSBPol.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrUSBPor.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrUSBPtb.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrUSBRom.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrUSBRus.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrUSBSpa.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrUSBSvk.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrUSBSwe.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrUSBTrk.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\{830F55B6-4398-4B72-A0D8-66397B902C0E}\Browny02\Company\BrUSBUsa.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\PCFAX\BRLFX05C.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\PCFAX\BROFX05C.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\PCFAX\BRUFX05C.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\Drivers\DPInst.exe
C:\Users\Timo Tischler\AppData\Local\Temp\{EA6A878B-D625-4690-88F8-5B5CFF280EF9}\Drivers\dpinst2k.exe
C:\Users\Timo Tischler\AppData\Local\Temp\{D4FE75C4-EAE1-4A55-B8A5-02B385625628}\ISSetup.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{D4FE75C4-EAE1-4A55-B8A5-02B385625628}\_Setup.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{42BF6071-8D11-45A9-B17D-2C1684C33DC5}\ISSetup.dll
C:\Users\Timo Tischler\AppData\Local\Temp\{42BF6071-8D11-45A9-B17D-2C1684C33DC5}\_Setup.dll
C:\Users\Timo Tischler\AppData\Local\Temp\CProgram FilesOpera\D3DCompiler_43.dll
C:\Users\Timo Tischler\AppData\Local\Temp\CProgram FilesOpera\Opera-12.16-1860.i386.autoupdate.exe
C:\Users\Timo Tischler\AppData\Local\Temp\CProgram FilesOpera\opera.dll
C:\Users\Timo Tischler\AppData\Local\Temp\CProgram FilesOpera\opera.exe
C:\Users\Timo Tischler\AppData\Local\Temp\CProgram FilesOpera\OperaUpgrader.exe
C:\Users\Timo Tischler\AppData\Local\Temp\CProgram FilesOpera\updatechecker\opera_autoupdate.exe
C:\Users\Timo Tischler\AppData\Local\Temp\CProgram FilesOpera\mapi\OperaMAPI.dll
C:\Users\Timo Tischler\AppData\Local\Temp\CProgram FilesOpera\gstreamer\gstreamer.dll
C:\Users\Timo Tischler\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstaudioconvert.dll
C:\Users\Timo Tischler\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstaudioresample.dll
C:\Users\Timo Tischler\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstautodetect.dll
C:\Users\Timo Tischler\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstcoreplugins.dll
C:\Users\Timo Tischler\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstdecodebin2.dll
C:\Users\Timo Tischler\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstdirectsound.dll
C:\Users\Timo Tischler\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstffmpegcolorspace.dll
C:\Users\Timo Tischler\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstoggdec.dll
C:\Users\Timo Tischler\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstwaveform.dll
C:\Users\Timo Tischler\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstwavparse.dll
C:\Users\Timo Tischler\AppData\Local\Temp\CProgram FilesOpera\gstreamer\plugins\gstwebmdec.dll
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
==================== BCD ================================
Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=C:
description Windows Boot Manager
locale de-DE
inherit {globalsettings}
default {default}
resumeobject {ab2ccf87-6874-11dd-816a-ca656e8d5a34}
displayorder {default}
toolsdisplayorder {memdiag}
timeout 30
Windows Boot Loader
-------------------
identifier {current}
device ramdisk=[C:]\Recovery\048a3594-1571-11df-8e04-00140b6424fe\Winre.wim,{048a3595-1571-11df-8e04-00140b6424fe}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\048a3594-1571-11df-8e04-00140b6424fe\Winre.wim,{048a3595-1571-11df-8e04-00140b6424fe}
systemroot \windows
nx OptIn
winpe Yes
Windows Boot Loader
-------------------
identifier {572bcd56-ffa7-11d9-aae0-0007e994107d}
device ramdisk=[E:]\sources\boot.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
path \windows\system32\boot\winload.exe
description Windows Recovery Environment
osdevice ramdisk=[E:]\sources\boot.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
systemroot \windows
nx OptIn
detecthal Yes
winpe Yes
Windows Boot Loader
-------------------
identifier {default}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale de-DE
inherit {bootloadersettings}
recoverysequence {current}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {ab2ccf87-6874-11dd-816a-ca656e8d5a34}
nx OptIn
Resume from Hibernate
---------------------
identifier {ab2ccf87-6874-11dd-816a-ca656e8d5a34}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale de-DE
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
pae Yes
debugoptionenabled No
Windows Memory Tester
---------------------
identifier {memdiag}
device partition=C:
path \boot\memtest.exe
description Windows-Speicherdiagnose
locale de-DE
inherit {globalsettings}
badmemoryaccess Yes
Windows Legacy OS Loader
------------------------
identifier {ntldr}
device partition=C:
path \ntldr
description Frhere Windows-Version
EMS Settings
------------
identifier {emssettings}
bootems Yes
Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200
RAM Defects
-----------
identifier {badmemory}
Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}
Device options
--------------
identifier {048a3595-1571-11df-8e04-00140b6424fe}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\048a3594-1571-11df-8e04-00140b6424fe\boot.sdi
Device options
--------------
identifier {ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
description Ramdisk Device Options
ramdisksdidevice partition=E:
ramdisksdipath \boot\boot.sdi
==================== Memory info ===========================
Percentage of memory in use: 12%
Total physical RAM: 4056.81 MB
Available physical RAM: 3552.89 MB
Total Pagefile: 4055.09 MB
Available Pagefile: 3554.48 MB
Total Virtual: 2047.88 MB
Available Virtual: 1946.3 MB
==================== Drives ================================
Drive c: (SYSTEM) (Fixed) (Total:92.21 GB) (Free:14.94 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:364.76 GB) (Free:263.57 GB) NTFS
Drive e: (WinRE) (Fixed) (Total:8.79 GB) (Free:3.76 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive h: (HITMANPRO) (Removable) (Total:0.96 GB) (Free:0.94 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 8A879E46)
Partition 1: (Not Active) - (Size=9 GB) - (Type=27)
Partition 2: (Active) - (Size=92 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=365 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 990 MB) (Disk ID: C07F3511)
Partition 1: (Active) - (Size=988 MB) - (Type=0B)
LastRegBack: 2013-08-21 15:56
==================== End Of Log ============================
Schon einmal vielen lieben und herzlichen Dank im Voraus. Viele Grüße TIMO |
| Themen zu GVU Tronjaner hat auch mich erwischt |
| association, bootmgr, cdburnerxp, desktop, explorer, explorer.exe, farbar, farbar recovery scan tool, google, home, hotkey, i8042prt.sys, ics, installation, microsoft, nvidia, programme, realtek, registry, scan, services.exe, software, svchost.exe, symantec, system, system32, temp, tronjaner, winlogon, winlogon.exe |
Baum-Darstellung