![]() |
|
Log-Analyse und Auswertung: https://gqs.donedrive.net popups öffnen ständigWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
| ![]() https://gqs.donedrive.net popups öffnen ständig Hallo Board, ich habe den dummen Fehler gemacht mir zum ersten mal auf einer mir nicht bekannten Website etwas zu laden und wurde prompt bestraft. Die Malware die ich finden konnte habe ich bereits deinstalliert und den Browser wieder umgestellt. Da war eine dubiose Suchmaschine implementiert. Habe den FRST schon laufen lassen, da dieses Problem schon bekannt ist, allerdings ist der Thread schon geschlossen. Hier das LOG: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2013 03 Ran by SYSTEM on MININT-G9U3EBC on 04-09-2013 12:24:58 Running from J:\ Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2011-02-04] (Intel(R) Corporation) HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor) HKLM-x32\...\Runonce: [Del376960] - cmd.exe /Q /D /c del "C:\Users\MARIOB~1\AppData\Local\Temp\0.del" [x] HKLM\...\Policies\Explorer: [NoActiveDesktop] 1 HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1 HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-11] (Oracle Corporation) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-03] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.) HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-19] (DivX, LLC) HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] () HKU\Mario Broksch\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.) HKU\Mario Broksch\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.) HKU\Mario Broksch\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE [241280 2012-07-11] (SEIKO EPSON CORPORATION) HKU\Mario Broksch\...\RunOnce: [Del376960] - cmd.exe /Q /D /c del "C:\Users\MARIOB~1\AppData\Local\Temp\0.del" [x] ==================== Services (Whitelisted) ================= S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-03] (Avira Operations GmbH & Co. KG) S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-03] (Avira Operations GmbH & Co. KG) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-02-04] () ==================== Drivers (Whitelisted) ==================== S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-03] (Avira Operations GmbH & Co. KG) S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-03] (Avira Operations GmbH & Co. KG) S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-07-02] (Avira Operations GmbH & Co. KG) S5 TMUSB; C:\Windows\System32\DRIVERS\TMUSB64.SYS [63096 2013-06-06] (Seiko Epson Corporation) ========================== Drivers MD5 ======================= C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825 C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit C:\Windows\system32\drivers\amdsata.sys ==> MD5 is legit C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit C:\Windows\System32\drivers\amdxata.sys ==> MD5 is legit C:\Windows\system32\drivers\appid.sys ==> MD5 is legit C:\Windows\system32\drivers\arc.sys ==> MD5 is legit C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\avgntflt.sys 0D5C96FD25D6455D97A5C4D7706DFAB1 C:\Windows\System32\DRIVERS\avipbb.sys E26B3C8E9C3DDE047B32C5719955D715 C:\Windows\System32\DRIVERS\avkmgr.sys 490FA25161BF3E51993EB724ECF0ACEB C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit C:\Windows\System32\CLFS.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit C:\Windows\System32\Drivers\cng.sys 9AC4F97C2D3E93367E2148EA940CD2CD C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit C:\Windows\System32\drivers\discache.sys ==> MD5 is legit C:\Windows\System32\drivers\disk.sys ==> MD5 is legit C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit C:\Windows\System32\drivers\dxgkrnl.sys AF2E16242AA723F68F461B6EAE2EAD3D C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit C:\Windows\system32\drivers\iaStorV.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\igdkmd64.sys 51D4A73F5262CBF3513933C6AB81AD64 C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit C:\Windows\System32\drivers\RTKVHD64.sys CCEDD47ABD068C58C8513DEB785093BB C:\Windows\System32\DRIVERS\IntcDAud.sys F5495B38BFB9149925F54F65AB40EFBF C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit C:\Windows\System32\Drivers\ksecdd.sys 97A7070AEA4C058B6418519E869A63B4 C:\Windows\System32\Drivers\ksecpkg.sys 26C43A7C2862447EC59DEDA188D1DA07 C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit C:\Windows\System32\drivers\modem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163 C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\NETwNs64.sys 2B26C8A6B4FB519E1849101A10E6C68D C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0 C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit C:\Windows\system32\drivers\nvraid.sys ==> MD5 is legit C:\Windows\system32\drivers\nvstor.sys ==> MD5 is legit C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit C:\Windows\system32\drivers\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C C:\Windows\System32\drivers\pci.sys ==> MD5 is legit C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit C:\Windows\system32\drivers\processr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit C:\Windows\system32\drivers\serial.sys ==> MD5 is legit C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28 C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3 C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit C:\Windows\System32\drivers\tcpip.sys DB74544B75566C974815E79A62433F29 C:\Windows\System32\DRIVERS\tcpip.sys DB74544B75566C974815E79A62433F29 C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8 C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09 C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8 C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240 C:\Windows\System32\drivers\usbaudio.sys 82E8F44688E6FAC57B5B7C6FC7ADBC2A C:\Windows\System32\DRIVERS\usbccgp.sys ==> MD5 is legit C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbehci.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbhub.sys ==> MD5 is legit C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\USBSTOR.SYS ==> MD5 is legit C:\Windows\system32\drivers\usbuhci.sys ==> MD5 is legit C:\Windows\System32\Drivers\usbvideo.sys 454800C2BC7F3927CE030141EE4F4C50 C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit C:\Windows\System32\drivers\vga.sys ==> MD5 is legit C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\system32\drivers\wd.sys ==> MD5 is legit C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\WSDPrint.sys 8D918B1DB190A4D9B1753A66FA8C96E8 C:\Windows\System32\DRIVERS\WSDScan.sys 4A2A5C50DD1A63577D3ACA94269FBC7F C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-04 04:19 - 2013-09-04 04:19 - 00000000 ____D C:\users\.wh..wh.plnk 2013-09-04 04:19 - 2013-09-04 04:19 - 00000000 ____D C:\users\.wh..wh.orph 2013-09-04 04:19 - 2013-09-04 04:19 - 00000000 _____ C:\users\.wh..wh.aufs 2013-09-04 04:18 - 2013-09-04 04:18 - 00000000 ____D C:\InstantOnOS 2013-09-03 03:16 - 2013-09-03 03:16 - 00000938 _____ C:\Users\Public\Desktop\EPSON Scan.lnk 2013-09-03 03:16 - 2009-12-08 14:00 - 00464384 _____ (Seiko Epson Corporation) C:\Windows\System32\esxw2ud.dll 2013-09-03 03:16 - 2009-10-15 14:00 - 00132560 _____ (Seiko Epson Corporation) C:\Windows\System32\esdevapp.exe 2013-09-03 03:16 - 2009-10-15 14:00 - 00013824 _____ (Seiko Epson Corporation) C:\Windows\System32\esxcdev.dll 2013-09-03 02:23 - 2013-09-03 02:23 - 00000000 ____D C:\Users\Mario Broksch\AppData\Local\avgchrome 2013-09-03 02:21 - 2013-09-03 02:21 - 00003278 _____ C:\Windows\System32\Tasks\DSite 2013-09-03 02:21 - 2013-09-03 02:21 - 00003068 _____ C:\Windows\System32\Tasks\Lyrics Seeker Update 2013-09-03 02:21 - 2013-09-03 02:21 - 00000404 _____ C:\Windows\Tasks\Lyrics Seeker Update.job 2013-09-03 02:21 - 2013-09-03 02:21 - 00000308 _____ C:\Windows\Tasks\DSite.job 2013-09-03 02:21 - 2013-09-03 02:21 - 00000000 ____D C:\Windows\SysWOW64\searchplugins 2013-09-03 02:21 - 2013-09-03 02:21 - 00000000 ____D C:\Windows\SysWOW64\Extensions 2013-09-03 02:21 - 2013-09-03 02:21 - 00000000 ____D C:\Users\Mario Broksch\AppData\Roaming\DSite 2013-09-03 02:21 - 2013-09-03 02:21 - 00000000 ____D C:\Users\Mario Broksch\AppData\Roaming\Babylon 2013-09-03 02:21 - 2013-09-03 02:21 - 00000000 ____D C:\ProgramData\BrowserDefender 2013-09-03 02:21 - 2013-09-03 02:21 - 00000000 ____D C:\ProgramData\Babylon 2013-09-03 02:21 - 2013-09-03 02:21 - 00000000 ____D C:\Program Files (x86)\OpenIt 2013-09-03 02:21 - 2013-09-03 02:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-09-03 02:21 - 2013-09-03 02:21 - 00000000 ____D C:\Program Files (x86)\LyricsSeeker 2013-09-03 02:20 - 2013-09-03 02:20 - 00714816 _____ C:\Users\Mario Broksch\Downloads\ZipOpenerSetup.exe 2013-09-02 23:37 - 2013-09-02 23:37 - 00000000 ____D C:\Users\Mario Broksch\Downloads\Wohnungsantrag 2013-08-28 13:40 - 2013-08-28 13:40 - 00001587 _____ C:\Users\Mario Broksch\Desktop\DivX Movies.lnk 2013-08-28 13:39 - 2013-08-28 13:39 - 00001160 _____ C:\Users\Public\Desktop\DivX Plus Converter.lnk 2013-08-28 13:39 - 2013-08-28 13:39 - 00001120 _____ C:\Users\Public\Desktop\DivX Plus Player.lnk 2013-08-28 13:38 - 2013-08-28 13:39 - 00000000 ____D C:\Program Files\DivX 2013-08-28 13:26 - 2013-08-28 13:40 - 00000000 ____D C:\Program Files (x86)\DivX 2013-08-28 13:25 - 2013-08-28 13:40 - 00000000 ____D C:\ProgramData\DivX 2013-08-28 13:25 - 2013-08-28 13:25 - 00957248 _____ (DivX, LLC) C:\Users\Mario Broksch\Downloads\DivXInstaller_913.exe 2013-08-28 13:25 - 2013-08-28 13:25 - 00000000 _____ C:\END 2013-08-22 03:51 - 2013-08-22 03:51 - 00037686 _____ C:\Users\Mario Broksch\Downloads\S_20130822_135100_Neue_Nachrichten.zip 2013-08-22 02:56 - 2013-08-22 02:56 - 00002175 _____ C:\Users\Public\Desktop\Epson Easy Photo Print.lnk 2013-08-22 02:40 - 2011-03-14 17:03 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\System32\E_YD4BHTU.DLL 2013-08-22 02:40 - 2007-04-09 15:06 - 00010752 _____ (SEIKO EPSON CORP.) C:\Windows\System32\E_GCINST.DLL 2013-08-21 23:02 - 2013-09-03 11:11 - 00001848 _____ C:\Windows\setupact.log 2013-08-21 23:02 - 2013-08-21 23:02 - 00000000 _____ C:\Windows\setuperr.log 2013-08-21 10:58 - 2013-08-21 10:58 - 00000000 ____D C:\Users\Mario Broksch\AppData\Roaming\InstallShield 2013-08-21 10:58 - 2013-08-21 10:58 - 00000000 ____D C:\Program Files\EpsonNet 2013-08-21 10:58 - 2010-09-13 05:01 - 00538112 _____ (SEIKO EPSON CORPORATION) C:\Windows\System32\ensppui.dll 2013-08-21 10:58 - 2010-09-13 05:01 - 00538112 _____ (SEIKO EPSON CORPORATION) C:\Windows\System32\enppui.dll 2013-08-21 10:58 - 2010-09-13 05:00 - 00558592 _____ (SEIKO EPSON CORPORATION) C:\Windows\System32\ensppmon.dll 2013-08-21 10:58 - 2010-09-13 05:00 - 00558592 _____ (SEIKO EPSON CORPORATION) C:\Windows\System32\enppmon.dll 2013-08-21 10:58 - 2008-06-18 01:49 - 00250880 _____ (SEIKO EPSON CORPORATION) C:\Windows\System32\enspres.dll 2013-08-21 10:58 - 2008-06-18 01:49 - 00250880 _____ (SEIKO EPSON CORPORATION) C:\Windows\System32\enpres.dll 2013-08-21 10:45 - 2013-09-04 01:55 - 00314260 _____ C:\Windows\WindowsUpdate.log 2013-08-21 10:40 - 2013-08-21 10:40 - 00003342 _____ C:\Windows\System32\Tasks\{9F958C27-7AF8-4B35-A696-0E831360B24B} 2013-08-21 10:13 - 2013-08-21 10:13 - 00000000 ____D C:\Users\Mario Broksch\AppData\Roaming\EPSON 2013-08-21 10:04 - 2013-08-21 10:07 - 00000000 ____D C:\Users\Mario Broksch\Desktop\Foto 2013-08-21 00:35 - 2013-07-25 21:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-08-21 00:35 - 2013-07-25 21:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-08-21 00:35 - 2013-07-25 21:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-08-21 00:35 - 2013-07-25 21:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-08-21 00:35 - 2013-07-25 21:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-08-21 00:35 - 2013-07-25 21:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-08-21 00:35 - 2013-07-25 21:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-08-21 00:35 - 2013-07-25 21:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-08-21 00:35 - 2013-07-25 21:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-08-21 00:35 - 2013-07-25 21:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-08-21 00:35 - 2013-07-25 21:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-08-21 00:35 - 2013-07-25 21:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-08-21 00:35 - 2013-07-25 21:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-08-21 00:35 - 2013-07-25 21:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-08-21 00:35 - 2013-07-25 19:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-08-21 00:35 - 2013-07-25 19:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-08-21 00:35 - 2013-07-25 19:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-08-21 00:35 - 2013-07-25 19:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-08-21 00:35 - 2013-07-25 19:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-08-21 00:35 - 2013-07-25 19:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-08-21 00:35 - 2013-07-25 19:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-08-21 00:35 - 2013-07-25 19:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-08-21 00:35 - 2013-07-25 19:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-08-21 00:35 - 2013-07-25 19:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-08-21 00:35 - 2013-07-25 19:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-08-21 00:35 - 2013-07-25 19:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-08-21 00:35 - 2013-07-25 19:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-08-21 00:35 - 2013-07-25 19:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-08-21 00:35 - 2013-07-25 18:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-08-21 00:35 - 2013-07-25 18:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-08-21 00:35 - 2013-07-25 17:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-08-19 15:34 - 2013-07-08 21:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll 2013-08-19 15:34 - 2013-07-08 21:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-08-19 15:34 - 2013-07-08 21:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-08-19 15:34 - 2013-07-08 21:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-08-19 15:34 - 2013-07-08 20:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2013-08-19 15:34 - 2013-07-08 20:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-08-19 15:34 - 2013-07-08 20:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-08-19 15:34 - 2013-07-08 20:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-08-19 15:33 - 2013-07-25 01:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL 2013-08-19 15:33 - 2013-07-25 00:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-08-19 15:33 - 2013-07-18 17:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll 2013-08-19 15:33 - 2013-07-18 17:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-08-19 15:33 - 2013-07-08 21:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll 2013-08-19 15:33 - 2013-07-08 20:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2013-08-19 15:33 - 2013-07-05 22:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-08-19 15:33 - 2013-06-14 20:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys 2013-08-07 09:33 - 2013-08-07 09:36 - 46604616 _____ (Apple Inc.) C:\Users\Mario Broksch\Downloads\iCloudSetup.exe 2013-08-07 09:27 - 2013-08-07 09:27 - 00001787 _____ C:\Users\Public\Desktop\iTunes.lnk 2013-08-07 09:26 - 2013-08-07 09:26 - 00000000 ____D C:\ProgramData\Apple Computer 2013-08-07 09:26 - 2013-08-07 09:26 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-08-07 09:26 - 2013-08-07 09:26 - 00000000 ____D C:\Program Files\iTunes 2013-08-07 09:26 - 2013-08-07 09:26 - 00000000 ____D C:\Program Files\iPod 2013-08-07 09:26 - 2013-08-07 09:26 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-08-07 09:26 - 2012-08-21 03:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys 2013-08-07 09:25 - 2013-08-07 09:25 - 00000000 ____D C:\Users\Mario Broksch\AppData\Local\Apple 2013-08-07 09:25 - 2013-08-07 09:25 - 00000000 ____D C:\Program Files (x86)\Apple Software Update 2013-08-07 09:24 - 2013-08-07 09:41 - 00000000 ____D C:\Program Files\Common Files\Apple 2013-08-07 09:24 - 2013-08-07 09:24 - 00000000 ____D C:\ProgramData\Apple 2013-08-07 09:24 - 2013-08-07 09:24 - 00000000 ____D C:\Program Files\Bonjour 2013-08-07 09:24 - 2013-08-07 09:24 - 00000000 ____D C:\Program Files (x86)\Bonjour 2013-08-07 09:11 - 2013-08-07 09:18 - 90917712 _____ (Apple Inc.) C:\Users\Mario Broksch\Downloads\iTunes64Setup (4).exe ==================== One Month Modified Files and Folders ======= 2013-09-04 12:24 - 2013-09-04 12:24 - 00000000 ____D C:\FRST 2013-09-04 04:19 - 2013-09-04 04:19 - 00000000 ____D C:\users\.wh..wh.plnk 2013-09-04 04:19 - 2013-09-04 04:19 - 00000000 ____D C:\users\.wh..wh.orph 2013-09-04 04:19 - 2013-09-04 04:19 - 00000000 _____ C:\users\.wh..wh.aufs 2013-09-04 04:18 - 2013-09-04 04:18 - 00000000 ____D C:\InstantOnOS 2013-09-04 01:55 - 2013-08-21 10:45 - 00314260 _____ C:\Windows\WindowsUpdate.log 2013-09-04 01:37 - 2009-07-13 20:45 - 00016752 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-09-04 01:37 - 2009-07-13 20:45 - 00016752 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-09-04 01:25 - 2013-07-02 11:15 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-09-03 11:11 - 2013-08-21 23:02 - 00001848 _____ C:\Windows\setupact.log 2013-09-03 07:33 - 2013-07-02 11:15 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-09-03 03:16 - 2013-09-03 03:16 - 00000938 _____ C:\Users\Public\Desktop\EPSON Scan.lnk 2013-09-03 03:15 - 2013-07-10 22:52 - 00000000 ____D C:\Program Files (x86)\epson 2013-09-03 03:13 - 2013-07-02 21:23 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys 2013-09-03 03:13 - 2013-07-02 11:38 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys 2013-09-03 03:13 - 2013-07-02 11:38 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys 2013-09-03 02:23 - 2013-09-03 02:23 - 00000000 ____D C:\Users\Mario Broksch\AppData\Local\avgchrome 2013-09-03 02:21 - 2013-09-03 02:21 - 00003278 _____ C:\Windows\System32\Tasks\DSite 2013-09-03 02:21 - 2013-09-03 02:21 - 00003068 _____ C:\Windows\System32\Tasks\Lyrics Seeker Update 2013-09-03 02:21 - 2013-09-03 02:21 - 00000404 _____ C:\Windows\Tasks\Lyrics Seeker Update.job 2013-09-03 02:21 - 2013-09-03 02:21 - 00000308 _____ C:\Windows\Tasks\DSite.job 2013-09-03 02:21 - 2013-09-03 02:21 - 00000000 ____D C:\Windows\SysWOW64\searchplugins 2013-09-03 02:21 - 2013-09-03 02:21 - 00000000 ____D C:\Windows\SysWOW64\Extensions 2013-09-03 02:21 - 2013-09-03 02:21 - 00000000 ____D C:\Users\Mario Broksch\AppData\Roaming\DSite 2013-09-03 02:21 - 2013-09-03 02:21 - 00000000 ____D C:\Users\Mario Broksch\AppData\Roaming\Babylon 2013-09-03 02:21 - 2013-09-03 02:21 - 00000000 ____D C:\ProgramData\BrowserDefender 2013-09-03 02:21 - 2013-09-03 02:21 - 00000000 ____D C:\ProgramData\Babylon 2013-09-03 02:21 - 2013-09-03 02:21 - 00000000 ____D C:\Program Files (x86)\OpenIt 2013-09-03 02:21 - 2013-09-03 02:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-09-03 02:21 - 2013-09-03 02:21 - 00000000 ____D C:\Program Files (x86)\LyricsSeeker 2013-09-03 02:20 - 2013-09-03 02:20 - 00714816 _____ C:\Users\Mario Broksch\Downloads\ZipOpenerSetup.exe 2013-09-03 02:17 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp 2013-09-03 02:15 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-09-03 02:14 - 2013-07-02 21:36 - 00000000 ____D C:\Users\Mario Broksch\AppData\Roaming\TS3Client 2013-09-02 23:37 - 2013-09-02 23:37 - 00000000 ____D C:\Users\Mario Broksch\Downloads\Wohnungsantrag 2013-08-28 22:15 - 2013-07-02 10:42 - 00063568 _____ C:\Users\Mario Broksch\AppData\Local\GDIPFONTCACHEV1.DAT 2013-08-28 22:14 - 2009-07-13 20:45 - 00306448 _____ C:\Windows\System32\FNTCACHE.DAT 2013-08-28 13:40 - 2013-08-28 13:40 - 00001587 _____ C:\Users\Mario Broksch\Desktop\DivX Movies.lnk 2013-08-28 13:40 - 2013-08-28 13:26 - 00000000 ____D C:\Program Files (x86)\DivX 2013-08-28 13:40 - 2013-08-28 13:25 - 00000000 ____D C:\ProgramData\DivX 2013-08-28 13:39 - 2013-08-28 13:39 - 00001160 _____ C:\Users\Public\Desktop\DivX Plus Converter.lnk 2013-08-28 13:39 - 2013-08-28 13:39 - 00001120 _____ C:\Users\Public\Desktop\DivX Plus Player.lnk 2013-08-28 13:39 - 2013-08-28 13:38 - 00000000 ____D C:\Program Files\DivX 2013-08-28 13:25 - 2013-08-28 13:25 - 00957248 _____ (DivX, LLC) C:\Users\Mario Broksch\Downloads\DivXInstaller_913.exe 2013-08-28 13:25 - 2013-08-28 13:25 - 00000000 _____ C:\END 2013-08-22 04:32 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF 2013-08-22 03:51 - 2013-08-22 03:51 - 00037686 _____ C:\Users\Mario Broksch\Downloads\S_20130822_135100_Neue_Nachrichten.zip 2013-08-22 02:56 - 2013-08-22 02:56 - 00002175 _____ C:\Users\Public\Desktop\Epson Easy Photo Print.lnk 2013-08-22 02:56 - 2013-07-10 22:57 - 00000000 ____D C:\ProgramData\UDL 2013-08-22 02:55 - 2013-07-10 22:56 - 00000000 ____D C:\Program Files (x86)\Epson Software 2013-08-22 02:55 - 2013-07-10 22:55 - 00000308 _____ C:\Windows\setup.iss 2013-08-22 02:55 - 2013-07-03 10:11 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-08-21 23:02 - 2013-08-21 23:02 - 00000000 _____ C:\Windows\setuperr.log 2013-08-21 22:58 - 2013-07-02 13:10 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client 2013-08-21 14:20 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache 2013-08-21 10:58 - 2013-08-21 10:58 - 00000000 ____D C:\Users\Mario Broksch\AppData\Roaming\InstallShield 2013-08-21 10:58 - 2013-08-21 10:58 - 00000000 ____D C:\Program Files\EpsonNet 2013-08-21 10:45 - 2013-06-30 17:28 - 00000000 ____D C:\Windows\Panther 2013-08-21 10:40 - 2013-08-21 10:40 - 00003342 _____ C:\Windows\System32\Tasks\{9F958C27-7AF8-4B35-A696-0E831360B24B} 2013-08-21 10:21 - 2010-11-20 23:16 - 00000000 ___RD C:\Users\Public\Recorded TV 2013-08-21 10:13 - 2013-08-21 10:13 - 00000000 ____D C:\Users\Mario Broksch\AppData\Roaming\EPSON 2013-08-21 10:07 - 2013-08-21 10:04 - 00000000 ____D C:\Users\Mario Broksch\Desktop\Foto 2013-08-21 10:02 - 2011-03-11 01:20 - 00654166 _____ C:\Windows\System32\perfh007.dat 2013-08-21 10:02 - 2011-03-11 01:20 - 00130006 _____ C:\Windows\System32\perfc007.dat 2013-08-21 10:02 - 2009-07-13 21:13 - 01498506 _____ C:\Windows\System32\PerfStringBackup.INI 2013-08-12 08:37 - 2013-07-10 22:45 - 00000000 ____D C:\ProgramData\EPSON 2013-08-07 09:43 - 2013-07-02 13:56 - 00000000 ____D C:\Users\Mario Broksch\AppData\Roaming\Apple Computer 2013-08-07 09:42 - 2013-07-02 13:56 - 00000000 ____D C:\Users\Mario Broksch\AppData\Local\Apple Computer 2013-08-07 09:41 - 2013-08-07 09:24 - 00000000 ____D C:\Program Files\Common Files\Apple 2013-08-07 09:36 - 2013-08-07 09:33 - 46604616 _____ (Apple Inc.) C:\Users\Mario Broksch\Downloads\iCloudSetup.exe 2013-08-07 09:27 - 2013-08-07 09:27 - 00001787 _____ C:\Users\Public\Desktop\iTunes.lnk 2013-08-07 09:26 - 2013-08-07 09:26 - 00000000 ____D C:\ProgramData\Apple Computer 2013-08-07 09:26 - 2013-08-07 09:26 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-08-07 09:26 - 2013-08-07 09:26 - 00000000 ____D C:\Program Files\iTunes 2013-08-07 09:26 - 2013-08-07 09:26 - 00000000 ____D C:\Program Files\iPod 2013-08-07 09:26 - 2013-08-07 09:26 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-08-07 09:25 - 2013-08-07 09:25 - 00000000 ____D C:\Users\Mario Broksch\AppData\Local\Apple 2013-08-07 09:25 - 2013-08-07 09:25 - 00000000 ____D C:\Program Files (x86)\Apple Software Update 2013-08-07 09:24 - 2013-08-07 09:24 - 00000000 ____D C:\ProgramData\Apple 2013-08-07 09:24 - 2013-08-07 09:24 - 00000000 ____D C:\Program Files\Bonjour 2013-08-07 09:24 - 2013-08-07 09:24 - 00000000 ____D C:\Program Files (x86)\Bonjour 2013-08-07 09:18 - 2013-08-07 09:11 - 90917712 _____ (Apple Inc.) C:\Users\Mario Broksch\Downloads\iTunes64Setup (4).exe Files to move or delete: ==================== C:\Users\Mario Broksch\AppData\Local\Temp\uninst1.exe C:\Users\Mario Broksch\AppData\Local\Temp\~nsu.tmp\Au_.exe C:\Users\Mario Broksch\AppData\Local\Temp\{C0BD5A6B-7205-4FD6-A670-6D966EAD36D1}\setup.exe C:\Users\Mario Broksch\AppData\Local\Temp\nsxF048.tmp\Time.dll C:\Users\Mario Broksch\AppData\Local\Temp\nssEEA3.tmp\Time.dll C:\Users\Mario Broksch\AppData\Local\Temp\nscF019.tmp\Time.dll C:\Users\Mario Broksch\AppData\Local\Temp\is357113909\354298_Setup.EXE C:\Users\Mario Broksch\AppData\Local\Temp\is357113909\DeltaTB.exe C:\Users\Mario Broksch\AppData\Local\Temp\is357113909\OpenItSetup.exe C:\Users\Mario Broksch\AppData\Local\Temp\is357113909\OptimizerPro.exe C:\Users\Mario Broksch\AppData\Local\Temp\is357113909\wajam_validate.exe C:\Users\Mario Broksch\AppData\Local\Temp\ct3297265\ism.exe C:\Users\Mario Broksch\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\BabMaint.exe C:\Users\Mario Broksch\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\BExternal.dll C:\Users\Mario Broksch\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\BUSolForMontiera.dll C:\Users\Mario Broksch\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\BUSolution.dll C:\Users\Mario Broksch\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\ccp.exe C:\Users\Mario Broksch\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\ChromeToolbarSetup.dll C:\Users\Mario Broksch\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\CrxInstaller.dll C:\Users\Mario Broksch\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\enhancedNT.dll C:\Users\Mario Broksch\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\GUninstaller.exe C:\Users\Mario Broksch\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\IEHelper.dll C:\Users\Mario Broksch\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\MntrDLLInstall.dll C:\Users\Mario Broksch\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\MyDeltaTB.exe C:\Users\Mario Broksch\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\Setup.exe C:\Users\Mario Broksch\AppData\Local\Temp\17FFF67B-BAB0-7891-80A4-33A42C16FB94\Latest\sqlite3.dll ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-08-07 09:41:04 Restore point made on: 2013-08-19 16:05:26 Restore point made on: 2013-08-21 00:29:27 Restore point made on: 2013-08-21 10:31:47 Restore point made on: 2013-08-21 10:41:30 Restore point made on: 2013-08-22 02:41:03 Restore point made on: 2013-08-22 02:55:12 Restore point made on: 2013-08-30 20:17:36 Restore point made on: 2013-09-03 02:22:00 Restore point made on: 2013-09-03 03:11:05 ==================== BCD ================================ Windows Boot Manager -------------------- identifier {bootmgr} device partition=Y: description Windows Boot Manager locale de-DE inherit {globalsettings} default {default} resumeobject {0a4ec0a1-f0de-11e0-98dc-d7dd1f559c3d} displayorder {default} toolsdisplayorder {memdiag} timeout 30 Windows Boot Loader ------------------- identifier {0a4ec09f-f0de-11e0-98dc-d7dd1f559c3d} device ramdisk=[C:]\Recovery\0a4ec09f-f0de-11e0-98dc-d7dd1f559c3d\Winre.wim,{0a4ec0a0-f0de-11e0-98dc-d7dd1f559c3d} path \windows\system32\winload.exe description Windows Recovery Environment inherit {bootloadersettings} osdevice ramdisk=[C:]\Recovery\0a4ec09f-f0de-11e0-98dc-d7dd1f559c3d\Winre.wim,{0a4ec0a0-f0de-11e0-98dc-d7dd1f559c3d} systemroot \windows nx OptIn winpe Yes Windows Boot Loader ------------------- identifier {default} device partition=C: path \Windows\system32\winload.exe description Windows 7 locale de-DE inherit {bootloadersettings} recoverysequence {current} recoveryenabled Yes osdevice partition=C: systemroot \Windows resumeobject {0a4ec0a1-f0de-11e0-98dc-d7dd1f559c3d} nx OptIn Windows Boot Loader ------------------- identifier {current} device ramdisk=[C:]\Recovery\0a4ec0a3-f0de-11e0-98dc-d7dd1f559c3d\Winre.wim,{0a4ec0a4-f0de-11e0-98dc-d7dd1f559c3d} path \windows\system32\winload.exe description Windows Recovery Environment inherit {bootloadersettings} osdevice ramdisk=[C:]\Recovery\0a4ec0a3-f0de-11e0-98dc-d7dd1f559c3d\Winre.wim,{0a4ec0a4-f0de-11e0-98dc-d7dd1f559c3d} systemroot \windows nx OptIn winpe Yes Resume from Hibernate --------------------- identifier {0a4ec0a1-f0de-11e0-98dc-d7dd1f559c3d} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale de-DE inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys debugoptionenabled No Windows Memory Tester --------------------- identifier {memdiag} device partition=Y: path \boot\memtest.exe description Windows-Speicherdiagnose locale de-DE inherit {globalsettings} badmemoryaccess Yes EMS Settings ------------ identifier {emssettings} bootems Yes Debugger Settings ----------------- identifier {dbgsettings} debugtype Serial debugport 1 baudrate 115200 RAM Defects ----------- identifier {badmemory} Global Settings --------------- identifier {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Boot Loader Settings -------------------- identifier {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Hypervisor Settings ------------------- identifier {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Resume Loader Settings ---------------------- identifier {resumeloadersettings} inherit {globalsettings} Device options -------------- identifier {0a4ec0a0-f0de-11e0-98dc-d7dd1f559c3d} description Ramdisk Options ramdisksdidevice partition=C: ramdisksdipath \Recovery\0a4ec09f-f0de-11e0-98dc-d7dd1f559c3d\boot.sdi Device options -------------- identifier {0a4ec0a4-f0de-11e0-98dc-d7dd1f559c3d} description Ramdisk Options ramdisksdidevice partition=C: ramdisksdipath \Recovery\0a4ec0a3-f0de-11e0-98dc-d7dd1f559c3d\boot.sdi ==================== Memory info =========================== Percentage of memory in use: 15% Total physical RAM: 4003.01 MB Available physical RAM: 3391.44 MB Total Pagefile: 4001.21 MB Available Pagefile: 3375.2 MB Total Virtual: 8192 MB Available Virtual: 8191.88 MB ==================== Drives ================================ Drive c: (Boot) (Fixed) (Total:647.54 GB) (Free:496.71 GB) NTFS Drive d: (Recover) (Fixed) (Total:48 GB) (Free:25.33 GB) NTFS Drive j: () (Removable) (Total:7.45 GB) (Free:7.42 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 9A490055) Partition 1: (Active) - (Size=101 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=648 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=50 GB) - (Type=OF Extended) Partition 4: (Not Active) - (Size=1 GB) - (Type=12) ======================================================== Disk: 1 (Size: 7 GB) (Disk ID: 00000000) Partition 1: (Not Active) - (Size=7 GB) - (Type=0B) LastRegBack: 2013-09-02 12:09 ==================== End Of Log ============================ |