Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: https://gqs.donedrive.net popups öffnen ständig

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Alt 04.09.2013, 11:48   #1
wida_da
 
https://gqs.donedrive.net popups öffnen ständig - Standard

https://gqs.donedrive.net popups öffnen ständig



Hallo Board,

ich habe den dummen Fehler gemacht mir zum ersten mal auf einer mir nicht bekannten Website etwas zu laden und wurde prompt bestraft. Die Malware die ich finden konnte habe ich bereits deinstalliert und den Browser wieder umgestellt. Da war eine dubiose Suchmaschine implementiert.

Habe den FRST schon laufen lassen, da dieses Problem schon bekannt ist, allerdings ist der Thread schon geschlossen.

Hier das LOG:

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2013 03
Ran by SYSTEM on MININT-G9U3EBC on 04-09-2013 12:24:58
Running from J:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2011-02-04] (Intel(R) Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)
HKLM-x32\...\Runonce: [Del376960] - cmd.exe /Q /D /c del "C:\Users\MARIOB~1\AppData\Local\Temp\0.del" [x]
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-11] (Oracle Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-19] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] ()
HKU\Mario Broksch\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)
HKU\Mario Broksch\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)
HKU\Mario Broksch\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE [241280 2012-07-11] (SEIKO EPSON CORPORATION)
HKU\Mario Broksch\...\RunOnce: [Del376960] - cmd.exe /Q /D /c del "C:\Users\MARIOB~1\AppData\Local\Temp\0.del" [x]

==================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-03] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-03] (Avira Operations GmbH & Co. KG)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-02-04] ()

==================== Drivers (Whitelisted) ====================

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-03] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-03] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-07-02] (Avira Operations GmbH & Co. KG)
S5 TMUSB; C:\Windows\System32\DRIVERS\TMUSB64.SYS [63096 2013-06-06] (Seiko Epson Corporation)

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys ==> MD5 is legit
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\avgntflt.sys 0D5C96FD25D6455D97A5C4D7706DFAB1
C:\Windows\System32\DRIVERS\avipbb.sys E26B3C8E9C3DDE047B32C5719955D715
C:\Windows\System32\DRIVERS\avkmgr.sys 490FA25161BF3E51993EB724ECF0ACEB
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 9AC4F97C2D3E93367E2148EA940CD2CD
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys AF2E16242AA723F68F461B6EAE2EAD3D
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\igdkmd64.sys 51D4A73F5262CBF3513933C6AB81AD64
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys CCEDD47ABD068C58C8513DEB785093BB
C:\Windows\System32\DRIVERS\IntcDAud.sys F5495B38BFB9149925F54F65AB40EFBF
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 97A7070AEA4C058B6418519E869A63B4
C:\Windows\System32\Drivers\ksecpkg.sys 26C43A7C2862447EC59DEDA188D1DA07
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NETwNs64.sys 2B26C8A6B4FB519E1849101A10E6C68D
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys DB74544B75566C974815E79A62433F29
C:\Windows\System32\DRIVERS\tcpip.sys DB74544B75566C974815E79A62433F29
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240
C:\Windows\System32\drivers\usbaudio.sys 82E8F44688E6FAC57B5B7C6FC7ADBC2A
C:\Windows\System32\DRIVERS\usbccgp.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbhub.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS ==> MD5 is legit
C:\Windows\system32\drivers\usbuhci.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbvideo.sys 454800C2BC7F3927CE030141EE4F4C50
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WSDPrint.sys 8D918B1DB190A4D9B1753A66FA8C96E8
C:\Windows\System32\DRIVERS\WSDScan.sys 4A2A5C50DD1A63577D3ACA94269FBC7F
C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-04 04:19 - 2013-09-04 04:19 - 00000000 ____D C:\users\.wh..wh.plnk
2013-09-04 04:19 - 2013-09-04 04:19 - 00000000 ____D C:\users\.wh..wh.orph
2013-09-04 04:19 - 2013-09-04 04:19 - 00000000 _____ C:\users\.wh..wh.aufs
2013-09-04 04:18 - 2013-09-04 04:18 - 00000000 ____D C:\InstantOnOS
2013-09-03 03:16 - 2013-09-03 03:16 - 00000938 _____ C:\Users\Public\Desktop\EPSON Scan.lnk
2013-09-03 03:16 - 2009-12-08 14:00 - 00464384 _____ (Seiko Epson Corporation) C:\Windows\System32\esxw2ud.dll
2013-09-03 03:16 - 2009-10-15 14:00 - 00132560 _____ (Seiko Epson Corporation) C:\Windows\System32\esdevapp.exe
2013-09-03 03:16 - 2009-10-15 14:00 - 00013824 _____ (Seiko Epson Corporation) C:\Windows\System32\esxcdev.dll
2013-09-03 02:23 - 2013-09-03 02:23 - 00000000 ____D C:\Users\Mario Broksch\AppData\Local\avgchrome
2013-09-03 02:21 - 2013-09-03 02:21 - 00003278 _____ C:\Windows\System32\Tasks\DSite
2013-09-03 02:21 - 2013-09-03 02:21 - 00003068 _____ C:\Windows\System32\Tasks\Lyrics Seeker Update
2013-09-03 02:21 - 2013-09-03 02:21 - 00000404 _____ C:\Windows\Tasks\Lyrics Seeker Update.job
2013-09-03 02:21 - 2013-09-03 02:21 - 00000308 _____ C:\Windows\Tasks\DSite.job
2013-09-03 02:21 - 2013-09-03 02:21 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-09-03 02:21 - 2013-09-03 02:21 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-09-03 02:21 - 2013-09-03 02:21 - 00000000 ____D C:\Users\Mario Broksch\AppData\Roaming\DSite
2013-09-03 02:21 - 2013-09-03 02:21 - 00000000 ____D C:\Users\Mario Broksch\AppData\Roaming\Babylon
2013-09-03 02:21 - 2013-09-03 02:21 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-09-03 02:21 - 2013-09-03 02:21 - 00000000 ____D C:\ProgramData\Babylon
2013-09-03 02:21 - 2013-09-03 02:21 - 00000000 ____D C:\Program Files (x86)\OpenIt
2013-09-03 02:21 - 2013-09-03 02:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-03 02:21 - 2013-09-03 02:21 - 00000000 ____D C:\Program Files (x86)\LyricsSeeker
2013-09-03 02:20 - 2013-09-03 02:20 - 00714816 _____ C:\Users\Mario Broksch\Downloads\ZipOpenerSetup.exe
2013-09-02 23:37 - 2013-09-02 23:37 - 00000000 ____D C:\Users\Mario Broksch\Downloads\Wohnungsantrag
2013-08-28 13:40 - 2013-08-28 13:40 - 00001587 _____ C:\Users\Mario Broksch\Desktop\DivX Movies.lnk
2013-08-28 13:39 - 2013-08-28 13:39 - 00001160 _____ C:\Users\Public\Desktop\DivX Plus Converter.lnk
2013-08-28 13:39 - 2013-08-28 13:39 - 00001120 _____ C:\Users\Public\Desktop\DivX Plus Player.lnk
2013-08-28 13:38 - 2013-08-28 13:39 - 00000000 ____D C:\Program Files\DivX
2013-08-28 13:26 - 2013-08-28 13:40 - 00000000 ____D C:\Program Files (x86)\DivX
2013-08-28 13:25 - 2013-08-28 13:40 - 00000000 ____D C:\ProgramData\DivX
2013-08-28 13:25 - 2013-08-28 13:25 - 00957248 _____ (DivX, LLC) C:\Users\Mario Broksch\Downloads\DivXInstaller_913.exe
2013-08-28 13:25 - 2013-08-28 13:25 - 00000000 _____ C:\END
2013-08-22 03:51 - 2013-08-22 03:51 - 00037686 _____ C:\Users\Mario Broksch\Downloads\S_20130822_135100_Neue_Nachrichten.zip
2013-08-22 02:56 - 2013-08-22 02:56 - 00002175 _____ C:\Users\Public\Desktop\Epson Easy Photo Print.lnk
2013-08-22 02:40 - 2011-03-14 17:03 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\System32\E_YD4BHTU.DLL
2013-08-22 02:40 - 2007-04-09 15:06 - 00010752 _____ (SEIKO EPSON CORP.) C:\Windows\System32\E_GCINST.DLL
2013-08-21 23:02 - 2013-09-03 11:11 - 00001848 _____ C:\Windows\setupact.log
2013-08-21 23:02 - 2013-08-21 23:02 - 00000000 _____ C:\Windows\setuperr.log
2013-08-21 10:58 - 2013-08-21 10:58 - 00000000 ____D C:\Users\Mario Broksch\AppData\Roaming\InstallShield
2013-08-21 10:58 - 2013-08-21 10:58 - 00000000 ____D C:\Program Files\EpsonNet
2013-08-21 10:58 - 2010-09-13 05:01 - 00538112 _____ (SEIKO EPSON CORPORATION) C:\Windows\System32\ensppui.dll
2013-08-21 10:58 - 2010-09-13 05:01 - 00538112 _____ (SEIKO EPSON CORPORATION) C:\Windows\System32\enppui.dll
2013-08-21 10:58 - 2010-09-13 05:00 - 00558592 _____ (SEIKO EPSON CORPORATION) C:\Windows\System32\ensppmon.dll
2013-08-21 10:58 - 2010-09-13 05:00 - 00558592 _____ (SEIKO EPSON CORPORATION) C:\Windows\System32\enppmon.dll
2013-08-21 10:58 - 2008-06-18 01:49 - 00250880 _____ (SEIKO EPSON CORPORATION) C:\Windows\System32\enspres.dll
2013-08-21 10:58 - 2008-06-18 01:49 - 00250880 _____ (SEIKO EPSON CORPORATION) C:\Windows\System32\enpres.dll
2013-08-21 10:45 - 2013-09-04 01:55 - 00314260 _____ C:\Windows\WindowsUpdate.log
2013-08-21 10:40 - 2013-08-21 10:40 - 00003342 _____ C:\Windows\System32\Tasks\{9F958C27-7AF8-4B35-A696-0E831360B24B}
2013-08-21 10:13 - 2013-08-21 10:13 - 00000000 ____D C:\Users\Mario Broksch\AppData\Roaming\EPSON
2013-08-21 10:04 - 2013-08-21 10:07 - 00000000 ____D C:\Users\Mario Broksch\Desktop\Foto
2013-08-21 00:35 - 2013-07-25 21:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-08-21 00:35 - 2013-07-25 21:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-08-21 00:35 - 2013-07-25 21:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-08-21 00:35 - 2013-07-25 21:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-08-21 00:35 - 2013-07-25 21:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-08-21 00:35 - 2013-07-25 21:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-08-21 00:35 - 2013-07-25 21:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-08-21 00:35 - 2013-07-25 21:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-08-21 00:35 - 2013-07-25 21:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-08-21 00:35 - 2013-07-25 21:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-08-21 00:35 - 2013-07-25 21:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-08-21 00:35 - 2013-07-25 21:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-08-21 00:35 - 2013-07-25 21:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-08-21 00:35 - 2013-07-25 21:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-08-21 00:35 - 2013-07-25 19:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-08-21 00:35 - 2013-07-25 19:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-21 00:35 - 2013-07-25 19:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-21 00:35 - 2013-07-25 19:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-21 00:35 - 2013-07-25 19:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-21 00:35 - 2013-07-25 19:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-21 00:35 - 2013-07-25 19:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-21 00:35 - 2013-07-25 19:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-21 00:35 - 2013-07-25 19:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-21 00:35 - 2013-07-25 19:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-21 00:35 - 2013-07-25 19:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-21 00:35 - 2013-07-25 19:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-21 00:35 - 2013-07-25 19:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-21 00:35 - 2013-07-25 19:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-21 00:35 - 2013-07-25 18:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-21 00:35 - 2013-07-25 18:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-21 00:35 - 2013-07-25 17:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-19 15:34 - 2013-07-08 21:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-08-19 15:34 - 2013-07-08 21:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-08-19 15:34 - 2013-07-08 21:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-08-19 15:34 - 2013-07-08 21:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-08-19 15:34 - 2013-07-08 20:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-19 15:34 - 2013-07-08 20:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-19 15:34 - 2013-07-08 20:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-19 15:34 - 2013-07-08 20:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-19 15:33 - 2013-07-25 01:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-08-19 15:33 - 2013-07-25 00:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-19 15:33 - 2013-07-18 17:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-08-19 15:33 - 2013-07-18 17:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-19 15:33 - 2013-07-08 21:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2013-08-19 15:33 - 2013-07-08 20:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-19 15:33 - 2013-07-05 22:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-08-19 15:33 - 2013-06-14 20:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys
2013-08-07 09:33 - 2013-08-07 09:36 - 46604616 _____ (Apple Inc.) C:\Users\Mario Broksch\Downloads\iCloudSetup.exe
2013-08-07 09:27 - 2013-08-07 09:27 - 00001787 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-07 09:26 - 2013-08-07 09:26 - 00000000 ____D C:\ProgramData\Apple Computer
2013-08-07 09:26 - 2013-08-07 09:26 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-07 09:26 - 2013-08-07 09:26 - 00000000 ____D C:\Program Files\iTunes
2013-08-07 09:26 - 2013-08-07 09:26 - 00000000 ____D C:\Program Files\iPod
2013-08-07 09:26 - 2013-08-07 09:26 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-08-07 09:26 - 2012-08-21 03:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2013-08-07 09:25 - 2013-08-07 09:25 - 00000000 ____D C:\Users\Mario Broksch\AppData\Local\Apple
2013-08-07 09:25 - 2013-08-07 09:25 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-08-07 09:24 - 2013-08-07 09:41 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-08-07 09:24 - 2013-08-07 09:24 - 00000000 ____D C:\ProgramData\Apple
2013-08-07 09:24 - 2013-08-07 09:24 - 00000000 ____D C:\Program Files\Bonjour
2013-08-07 09:24 - 2013-08-07 09:24 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-08-07 09:11 - 2013-08-07 09:18 - 90917712 _____ (Apple Inc.) C:\Users\Mario Broksch\Downloads\iTunes64Setup (4).exe

==================== One Month Modified Files and Folders =======

2013-09-04 12:24 - 2013-09-04 12:24 - 00000000 ____D C:\FRST
2013-09-04 04:19 - 2013-09-04 04:19 - 00000000 ____D C:\users\.wh..wh.plnk
2013-09-04 04:19 - 2013-09-04 04:19 - 00000000 ____D C:\users\.wh..wh.orph
2013-09-04 04:19 - 2013-09-04 04:19 - 00000000 _____ C:\users\.wh..wh.aufs
2013-09-04 04:18 - 2013-09-04 04:18 - 00000000 ____D C:\InstantOnOS
2013-09-04 01:55 - 2013-08-21 10:45 - 00314260 _____ C:\Windows\WindowsUpdate.log
2013-09-04 01:37 - 2009-07-13 20:45 - 00016752 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-04 01:37 - 2009-07-13 20:45 - 00016752 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-04 01:25 - 2013-07-02 11:15 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-03 11:11 - 2013-08-21 23:02 - 00001848 _____ C:\Windows\setupact.log
2013-09-03 07:33 - 2013-07-02 11:15 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-03 03:16 - 2013-09-03 03:16 - 00000938 _____ C:\Users\Public\Desktop\EPSON Scan.lnk
2013-09-03 03:15 - 2013-07-10 22:52 - 00000000 ____D C:\Program Files (x86)\epson
2013-09-03 03:13 - 2013-07-02 21:23 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-09-03 03:13 - 2013-07-02 11:38 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-09-03 03:13 - 2013-07-02 11:38 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-09-03 02:23 - 2013-09-03 02:23 - 00000000 ____D C:\Users\Mario Broksch\AppData\Local\avgchrome
2013-09-03 02:21 - 2013-09-03 02:21 - 00003278 _____ C:\Windows\System32\Tasks\DSite
2013-09-03 02:21 - 2013-09-03 02:21 - 00003068 _____ C:\Windows\System32\Tasks\Lyrics Seeker Update
2013-09-03 02:21 - 2013-09-03 02:21 - 00000404 _____ C:\Windows\Tasks\Lyrics Seeker Update.job
2013-09-03 02:21 - 2013-09-03 02:21 - 00000308 _____ C:\Windows\Tasks\DSite.job
2013-09-03 02:21 - 2013-09-03 02:21 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-09-03 02:21 - 2013-09-03 02:21 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-09-03 02:21 - 2013-09-03 02:21 - 00000000 ____D C:\Users\Mario Broksch\AppData\Roaming\DSite
2013-09-03 02:21 - 2013-09-03 02:21 - 00000000 ____D C:\Users\Mario Broksch\AppData\Roaming\Babylon
2013-09-03 02:21 - 2013-09-03 02:21 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-09-03 02:21 - 2013-09-03 02:21 - 00000000 ____D C:\ProgramData\Babylon
2013-09-03 02:21 - 2013-09-03 02:21 - 00000000 ____D C:\Program Files (x86)\OpenIt
2013-09-03 02:21 - 2013-09-03 02:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-03 02:21 - 2013-09-03 02:21 - 00000000 ____D C:\Program Files (x86)\LyricsSeeker
2013-09-03 02:20 - 2013-09-03 02:20 - 00714816 _____ C:\Users\Mario Broksch\Downloads\ZipOpenerSetup.exe
2013-09-03 02:17 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-09-03 02:15 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-03 02:14 - 2013-07-02 21:36 - 00000000 ____D C:\Users\Mario Broksch\AppData\Roaming\TS3Client
2013-09-02 23:37 - 2013-09-02 23:37 - 00000000 ____D C:\Users\Mario Broksch\Downloads\Wohnungsantrag
2013-08-28 22:15 - 2013-07-02 10:42 - 00063568 _____ C:\Users\Mario Broksch\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-28 22:14 - 2009-07-13 20:45 - 00306448 _____ C:\Windows\System32\FNTCACHE.DAT
2013-08-28 13:40 - 2013-08-28 13:40 - 00001587 _____ C:\Users\Mario Broksch\Desktop\DivX Movies.lnk
2013-08-28 13:40 - 2013-08-28 13:26 - 00000000 ____D C:\Program Files (x86)\DivX
2013-08-28 13:40 - 2013-08-28 13:25 - 00000000 ____D C:\ProgramData\DivX
2013-08-28 13:39 - 2013-08-28 13:39 - 00001160 _____ C:\Users\Public\Desktop\DivX Plus Converter.lnk
2013-08-28 13:39 - 2013-08-28 13:39 - 00001120 _____ C:\Users\Public\Desktop\DivX Plus Player.lnk
2013-08-28 13:39 - 2013-08-28 13:38 - 00000000 ____D C:\Program Files\DivX
2013-08-28 13:25 - 2013-08-28 13:25 - 00957248 _____ (DivX, LLC) C:\Users\Mario Broksch\Downloads\DivXInstaller_913.exe
2013-08-28 13:25 - 2013-08-28 13:25 - 00000000 _____ C:\END
2013-08-22 04:32 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-08-22 03:51 - 2013-08-22 03:51 - 00037686 _____ C:\Users\Mario Broksch\Downloads\S_20130822_135100_Neue_Nachrichten.zip
2013-08-22 02:56 - 2013-08-22 02:56 - 00002175 _____ C:\Users\Public\Desktop\Epson Easy Photo Print.lnk
2013-08-22 02:56 - 2013-07-10 22:57 - 00000000 ____D C:\ProgramData\UDL
2013-08-22 02:55 - 2013-07-10 22:56 - 00000000 ____D C:\Program Files (x86)\Epson Software
2013-08-22 02:55 - 2013-07-10 22:55 - 00000308 _____ C:\Windows\setup.iss
2013-08-22 02:55 - 2013-07-03 10:11 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-08-21 23:02 - 2013-08-21 23:02 - 00000000 _____ C:\Windows\setuperr.log
2013-08-21 22:58 - 2013-07-02 13:10 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2013-08-21 14:20 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-08-21 10:58 - 2013-08-21 10:58 - 00000000 ____D C:\Users\Mario Broksch\AppData\Roaming\InstallShield
2013-08-21 10:58 - 2013-08-21 10:58 - 00000000 ____D C:\Program Files\EpsonNet
2013-08-21 10:45 - 2013-06-30 17:28 - 00000000 ____D C:\Windows\Panther
2013-08-21 10:40 - 2013-08-21 10:40 - 00003342 _____ C:\Windows\System32\Tasks\{9F958C27-7AF8-4B35-A696-0E831360B24B}
2013-08-21 10:21 - 2010-11-20 23:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-08-21 10:13 - 2013-08-21 10:13 - 00000000 ____D C:\Users\Mario Broksch\AppData\Roaming\EPSON
2013-08-21 10:07 - 2013-08-21 10:04 - 00000000 ____D C:\Users\Mario Broksch\Desktop\Foto
2013-08-21 10:02 - 2011-03-11 01:20 - 00654166 _____ C:\Windows\System32\perfh007.dat
2013-08-21 10:02 - 2011-03-11 01:20 - 00130006 _____ C:\Windows\System32\perfc007.dat
2013-08-21 10:02 - 2009-07-13 21:13 - 01498506 _____ C:\Windows\System32\PerfStringBackup.INI
2013-08-12 08:37 - 2013-07-10 22:45 - 00000000 ____D C:\ProgramData\EPSON
2013-08-07 09:43 - 2013-07-02 13:56 - 00000000 ____D C:\Users\Mario Broksch\AppData\Roaming\Apple Computer
2013-08-07 09:42 - 2013-07-02 13:56 - 00000000 ____D C:\Users\Mario Broksch\AppData\Local\Apple Computer
2013-08-07 09:41 - 2013-08-07 09:24 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-08-07 09:36 - 2013-08-07 09:33 - 46604616 _____ (Apple Inc.) C:\Users\Mario Broksch\Downloads\iCloudSetup.exe
2013-08-07 09:27 - 2013-08-07 09:27 - 00001787 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-07 09:26 - 2013-08-07 09:26 - 00000000 ____D C:\ProgramData\Apple Computer
2013-08-07 09:26 - 2013-08-07 09:26 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-07 09:26 - 2013-08-07 09:26 - 00000000 ____D C:\Program Files\iTunes
2013-08-07 09:26 - 2013-08-07 09:26 - 00000000 ____D C:\Program Files\iPod
2013-08-07 09:26 - 2013-08-07 09:26 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-08-07 09:25 - 2013-08-07 09:25 - 00000000 ____D C:\Users\Mario Broksch\AppData\Local\Apple
2013-08-07 09:25 - 2013-08-07 09:25 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-08-07 09:24 - 2013-08-07 09:24 - 00000000 ____D C:\ProgramData\Apple
2013-08-07 09:24 - 2013-08-07 09:24 - 00000000 ____D C:\Program Files\Bonjour
2013-08-07 09:24 - 2013-08-07 09:24 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-08-07 09:18 - 2013-08-07 09:11 - 90917712 _____ (Apple Inc.) C:\Users\Mario Broksch\Downloads\iTunes64Setup (4).exe

Files to move or delete:
====================
C:\Users\Mario Broksch\AppData\Local\Temp\uninst1.exe
C:\Users\Mario Broksch\AppData\Local\Temp\~nsu.tmp\Au_.exe
C:\Users\Mario Broksch\AppData\Local\Temp\{C0BD5A6B-7205-4FD6-A670-6D966EAD36D1}\setup.exe
C:\Users\Mario Broksch\AppData\Local\Temp\nsxF048.tmp\Time.dll
C:\Users\Mario Broksch\AppData\Local\Temp\nssEEA3.tmp\Time.dll
C:\Users\Mario Broksch\AppData\Local\Temp\nscF019.tmp\Time.dll
C:\Users\Mario Broksch\AppData\Local\Temp\is357113909\354298_Setup.EXE
C:\Users\Mario Broksch\AppData\Local\Temp\is357113909\DeltaTB.exe
C:\Users\Mario Broksch\AppData\Local\Temp\is357113909\OpenItSetup.exe
C:\Users\Mario Broksch\AppData\Local\Temp\is357113909\OptimizerPro.exe
C:\Users\Mario Broksch\AppData\Local\Temp\is357113909\wajam_validate.exe
C:\Users\Mario Broksch\AppData\Local\Temp\ct3297265\ism.exe
C:\Users\Mario Broksch\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\BabMaint.exe
C:\Users\Mario Broksch\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\BExternal.dll
C:\Users\Mario Broksch\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\BUSolForMontiera.dll
C:\Users\Mario Broksch\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\BUSolution.dll
C:\Users\Mario Broksch\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\ccp.exe
C:\Users\Mario Broksch\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\ChromeToolbarSetup.dll
C:\Users\Mario Broksch\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\CrxInstaller.dll
C:\Users\Mario Broksch\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\enhancedNT.dll
C:\Users\Mario Broksch\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\GUninstaller.exe
C:\Users\Mario Broksch\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\IEHelper.dll
C:\Users\Mario Broksch\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\MntrDLLInstall.dll
C:\Users\Mario Broksch\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\MyDeltaTB.exe
C:\Users\Mario Broksch\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\Setup.exe
C:\Users\Mario Broksch\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\sqlite3.dll

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-08-07 09:41:04
Restore point made on: 2013-08-19 16:05:26
Restore point made on: 2013-08-21 00:29:27
Restore point made on: 2013-08-21 10:31:47
Restore point made on: 2013-08-21 10:41:30
Restore point made on: 2013-08-22 02:41:03
Restore point made on: 2013-08-22 02:55:12
Restore point made on: 2013-08-30 20:17:36
Restore point made on: 2013-09-03 02:22:00
Restore point made on: 2013-09-03 03:11:05

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=Y:
description             Windows Boot Manager
locale                  de-DE
inherit                 {globalsettings}
default                 {default}
resumeobject            {0a4ec0a1-f0de-11e0-98dc-d7dd1f559c3d}
displayorder            {default}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {0a4ec09f-f0de-11e0-98dc-d7dd1f559c3d}
device                  ramdisk=[C:]\Recovery\0a4ec09f-f0de-11e0-98dc-d7dd1f559c3d\Winre.wim,{0a4ec0a0-f0de-11e0-98dc-d7dd1f559c3d}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\0a4ec09f-f0de-11e0-98dc-d7dd1f559c3d\Winre.wim,{0a4ec0a0-f0de-11e0-98dc-d7dd1f559c3d}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {default}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  de-DE
inherit                 {bootloadersettings}
recoverysequence        {current}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {0a4ec0a1-f0de-11e0-98dc-d7dd1f559c3d}
nx                      OptIn

Windows Boot Loader
-------------------
identifier              {current}
device                  ramdisk=[C:]\Recovery\0a4ec0a3-f0de-11e0-98dc-d7dd1f559c3d\Winre.wim,{0a4ec0a4-f0de-11e0-98dc-d7dd1f559c3d}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\0a4ec0a3-f0de-11e0-98dc-d7dd1f559c3d\Winre.wim,{0a4ec0a4-f0de-11e0-98dc-d7dd1f559c3d}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {0a4ec0a1-f0de-11e0-98dc-d7dd1f559c3d}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  de-DE
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=Y:
path                    \boot\memtest.exe
description             Windows-Speicherdiagnose
locale                  de-DE
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {0a4ec0a0-f0de-11e0-98dc-d7dd1f559c3d}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\0a4ec09f-f0de-11e0-98dc-d7dd1f559c3d\boot.sdi

Device options
--------------
identifier              {0a4ec0a4-f0de-11e0-98dc-d7dd1f559c3d}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\0a4ec0a3-f0de-11e0-98dc-d7dd1f559c3d\boot.sdi


==================== Memory info =========================== 

Percentage of memory in use: 15%
Total physical RAM: 4003.01 MB
Available physical RAM: 3391.44 MB
Total Pagefile: 4001.21 MB
Available Pagefile: 3375.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:647.54 GB) (Free:496.71 GB) NTFS
Drive d: (Recover) (Fixed) (Total:48 GB) (Free:25.33 GB) NTFS
Drive j: () (Removable) (Total:7.45 GB) (Free:7.42 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 9A490055)
Partition 1: (Active) - (Size=101 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=648 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)


LastRegBack: 2013-09-02 12:09

==================== End Of Log ============================
         
Vielen Dank schonmal

 

Themen zu https://gqs.donedrive.net popups öffnen ständig
association, bootmgr, farbar, farbar recovery scan tool, hdaudio.sys, installation, malware, problem, pup.optional.babsolution.a, pup.optional.babylon.a, pup.optional.conduit.a, pup.optional.datamngr, pup.optional.delta, pup.optional.delta.a, pup.optional.domaiq, pup.optional.iminent.a, pup.optional.installcore.a, pup.optional.lyricsad, pup.optional.optimizepro.a, pup.optional.startpage, suchmaschine, svchost.exe, teamspeak, usbvideo.sys, win32/adware.1clic, win32/adware.1clickdownload.am, win32/adware.1clickdownload.m, win32/adware.addlyrics.l, win32/adware.addlyrics.p, winlogon.exe




Ähnliche Themen: https://gqs.donedrive.net popups öffnen ständig


  1. HTTPS: Darstellungs- und Ajax-Probleme bei HTTPS-Seiten - Chrome und Firefox
    Plagegeister aller Art und deren Bekämpfung - 16.08.2015 (11)
  2. Ständig öffnen sich werbeseiten und Popups!
    Plagegeister aller Art und deren Bekämpfung - 01.03.2015 (17)
  3. Win7: Https seiten öffnen nicht
    Log-Analyse und Auswertung - 28.03.2014 (7)
  4. Windows 7 - Beim Öffnen von Websites öffnen sich Popups und Tabs mit Werbung
    Log-Analyse und Auswertung - 27.01.2014 (3)
  5. Aggressive Werbeeinblendungen und POPUPs, ebenfalls viele von gqs.donedrive.net
    Log-Analyse und Auswertung - 22.09.2013 (9)
  6. Ebenfalls (PopUps & ads im Browser von gqs.donedrive.net )
    Log-Analyse und Auswertung - 19.09.2013 (9)
  7. PopUps & ads im Browser von gqs.donedrive.net
    Log-Analyse und Auswertung - 16.09.2013 (17)
  8. Permanente Werbeeinblednungen und PopUps - gqs.donedrive.net und andere
    Log-Analyse und Auswertung - 13.09.2013 (16)
  9. gqs.donedrive.net popups öffnen ständig
    Log-Analyse und Auswertung - 05.09.2013 (11)
  10. https://gqs.donedrive.net popups öffnen ständig
    Plagegeister aller Art und deren Bekämpfung - 02.09.2013 (15)
  11. Hermes_v01 und Öffnen vieler Internetseiten in https
    Log-Analyse und Auswertung - 09.07.2012 (9)
  12. Rechner stürzt ständig ab. Https-Seite können nicht besucht werden. Keine Wiederherstellung möglich
    Log-Analyse und Auswertung - 09.01.2012 (3)
  13. vermutliche Malware? PC öffnet .exe Dateien Nicht , IE - Popups öffnen Ständig > Folgen von Viren?
    Plagegeister aller Art und deren Bekämpfung - 07.04.2011 (7)
  14. Internet ist sehr langsam und Popups öffnen sich ständig.
    Log-Analyse und Auswertung - 26.06.2008 (4)
  15. CID PopUps Öffnen sich ständig!!
    Mülltonne - 18.06.2008 (0)
  16. CID-Popups öffnen sich ständig!
    Log-Analyse und Auswertung - 07.01.2008 (15)
  17. popups öffnen sich ständig
    Log-Analyse und Auswertung - 12.08.2007 (12)

Zum Thema https://gqs.donedrive.net popups öffnen ständig - Hallo Board, ich habe den dummen Fehler gemacht mir zum ersten mal auf einer mir nicht bekannten Website etwas zu laden und wurde prompt bestraft. Die Malware die ich finden - https://gqs.donedrive.net popups öffnen ständig...
Archiv
Du betrachtest: https://gqs.donedrive.net popups öffnen ständig auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.