| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU SperrbildschirmWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
13.11.2013, 16:37
| #1 |
| |  GVU Sperrbildschirm Guten Tag, ich habe mir heute scheinbar den GVU-Trojaner eingefangen. Im Gegensatz zu den meisten bekannten Fällen, startete mein System allerdings danach problemlos wieder neu. Habe nun natürlich trotzdem Bedenken, dass sich irgendetwas davon tief im System verfangen habe und würde mich freuen wenn sich ein Profi von Euch dem annehmen kann und mir behilflich sein könnte den Rechner zu checken. Vilen Dank bereits im Voraus! Hier der frst-Scan Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-11-2013 Ran by Bartho (administrator) on BARTHO-PC on 13-11-2013 16:30:04 Running from F:\ Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (AMD) C:\windows\system32\atiesrxx.exe (Panda Security, S.L.) C:\Program Files\Panda Security\Panda Internet Security 2014\PskSvc.exe (AMD) C:\windows\system32\atieclxx.exe (Panda Security, S.L.) C:\Program Files\Panda Security\Panda Internet Security 2014\TPSrv.exe (Panda Security) C:\PROGRAM FILES\PANDA SECURITY\PANDA INTERNET SECURITY 2014\WebProxy.exe (LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe () C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe (SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Teruten) C:\windows\system32\FsUsbExService.Exe (Panda Security, S.L.) C:\Program Files\Panda Security\Panda Internet Security 2014\ApVxdWin.exe () C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe () C:\Program Files\phonostar-Player\phonostarTimer.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Panda Security, S.L.) C:\Program Files\Panda Security\Panda Internet Security 2014\PsCtrls.exe (Panda Security, S.L.) C:\Program Files\Panda Security\Panda Internet Security 2014\PavFnSvr.exe (Panda Security, S.L.) C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe (Panda Security, S.L.) C:\Program Files\Panda Security\Panda Internet Security 2014\pavsrvx86.exe (Panda Security, S.L.) C:\Program Files\Panda Security\Panda Internet Security 2014\AVENGINE.EXE (Panda Security International) c:\program files\panda security\panda internet security 2014\firewall\PSHOST.EXE (Panda Security S.L.) C:\Program Files\Panda Security\Panda Internet Security 2014\PsImSvc.exe () C:\windows\SYSTEM32\Rezip.exe (Secunia) C:\Program Files\Secunia\PSI\PSIA.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Secunia) C:\Program Files\Secunia\PSI\sua.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe (Adobe Systems, Inc.) C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe (Panda Security, S.L.) C:\Program Files\Panda Security\Panda Internet Security 2014\SRVLOAD.EXE (Nero AG) C:\Program Files\Nero\Update\NASvc.exe (Panda Security, S.L.) C:\Program Files\Panda Security\Panda Internet Security 2014\PavBckPT.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7711264 2009-08-19] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1541416 2009-07-15] (Synaptics Incorporated) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated) HKLM\...\Run: [APVXDWIN] - C:\Program Files\Panda Security\Panda Internet Security 2014\ApVxdWin.exe [1062880 2013-07-05] (Panda Security, S.L.) HKLM\...\Run: [SCANINICIO] - C:\Program Files\Panda Security\Panda Internet Security 2014\Inicio.exe [70432 2012-11-08] (Panda Security, S.L.) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) Winlogon\Notify\avldr: C:\Windows\SYSTEM32\avldr.dll (On-Access Anti-Malware Scanner Sync) HKCU\...\Run: [phonostar-PlayerTimer] - C:\Program Files\phonostar-Player\phonostarTimer.exe [42496 2013-04-25] () MountPoints2: F - F:\setup_vmc_lite.exe /checkApplicationPresence MountPoints2: {30294f1a-ef02-11e1-af3f-002454143980} - F:\setup_vmc_lite.exe /checkApplicationPresence ==================== Internet (Whitelisted) ==================== SearchScopes: HKLM - DefaultScope value is missing. BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Bartho\AppData\Roaming\Mozilla\Firefox\Profiles\zate8gdb.default-1369498910506 FF Homepage: hxxp://www.onlinefussballmanager.de/ FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @phonostar.de/phonostar - C:\Program Files\phonostar-Player\npphonostarDetectNP.dll ( ) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Deutsches Wörterbuch - C:\Users\Bartho\AppData\Roaming\Mozilla\Firefox\Profiles\zate8gdb.default-1369498910506\Extensions\de-DE@dictionaries.addons.mozilla.org FF Extension: foxfm - C:\Users\Bartho\AppData\Roaming\Mozilla\Firefox\Profiles\zate8gdb.default-1369498910506\Extensions\foxfm@foxfm.org FF Extension: FoxTrick - C:\Users\Bartho\AppData\Roaming\Mozilla\Firefox\Profiles\zate8gdb.default-1369498910506\Extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba} FF Extension: elemhidehelper - C:\Users\Bartho\AppData\Roaming\Mozilla\Firefox\Profiles\zate8gdb.default-1369498910506\Extensions\elemhidehelper@adblockplus.org.xpi FF Extension: jid0-DY3JlbKAAeLydLoHa0dLJn4735o - C:\Users\Bartho\AppData\Roaming\Mozilla\Firefox\Profiles\zate8gdb.default-1369498910506\Extensions\jid0-DY3JlbKAAeLydLoHa0dLJn4735o@jetpack.xpi FF Extension: personas - C:\Users\Bartho\AppData\Roaming\Mozilla\Firefox\Profiles\zate8gdb.default-1369498910506\Extensions\personas@christopher.beard.xpi FF Extension: uriloader - C:\Users\Bartho\AppData\Roaming\Mozilla\Firefox\Profiles\zate8gdb.default-1369498910506\Extensions\uriloader@pdf.js.xpi FF Extension: Adblock Plus - C:\Users\Bartho\AppData\Roaming\Mozilla\Firefox\Profiles\zate8gdb.default-1369498910506\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF Extension: greasemonkey - C:\Users\Bartho\AppData\Roaming\Mozilla\Firefox\Profiles\zate8gdb.default-1369498910506\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 ========================== Services (Whitelisted) ================= R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-28] (LSI Corporation) S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation) R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [769432 2012-07-13] (Nero AG) R2 OberonGameConsoleService; C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [44312 2009-08-13] () R2 Panda Software Controller; C:\Program Files\Panda Security\Panda Internet Security 2014\PsCtrls.exe [177440 2012-11-19] (Panda Security, S.L.) R2 PAVFNSVR; C:\Program Files\Panda Security\Panda Internet Security 2014\PavFnSvr.exe [202016 2012-09-21] (Panda Security, S.L.) R2 PavPrSrv; C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe [62768 2008-02-04] (Panda Security, S.L.) R2 PAVSRV; C:\Program Files\Panda Security\Panda Internet Security 2014\pavsrvx86.exe [313664 2011-04-13] (Panda Security, S.L.) R2 PSHost; c:\program files\panda security\panda internet security 2014\firewall\PSHOST.EXE [226560 2009-11-26] (Panda Security International) R2 PSIMSVC; C:\Program Files\Panda Security\Panda Internet Security 2014\PsImSvc.exe [108288 2008-06-19] (Panda Security S.L.) R2 PskSvcRetail; C:\Program Files\Panda Security\Panda Internet Security 2014\PskSvc.exe [28992 2010-08-16] (Panda Security, S.L.) R2 Rezip; C:\windows\SYSTEM32\Rezip.exe [311296 2009-03-05] () R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1228504 2013-10-14] (Secunia) R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660184 2013-10-14] (Secunia) R2 TPSrv; C:\Program Files\Panda Security\Panda Internet Security 2014\TPSrv.exe [156960 2012-11-16] (Panda Security, S.L.) R2 VMCService; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [9216 2010-03-25] (Vodafone) S2 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [x] ==================== Drivers (Whitelisted) ==================== R2 AmFSM; C:\Windows\System32\DRIVERS\amm8660.sys [59656 2012-03-26] (Panda Security, S.L.) R2 APPFLT; C:\windows\system32\Drivers\APPFLT.SYS [83528 2011-01-31] (Panda Security, S.L.) R2 ComFiltr; C:\windows\system32\DRIVERS\COMFiltr.sys [13880 2013-09-02] () R2 DSAFLT; C:\windows\system32\Drivers\DSAFLT.SYS [53256 2009-09-25] (Panda Security, S.L.) R2 FNETMON; C:\windows\system32\Drivers\fnetmon.SYS [22024 2009-09-25] (Panda Security, S.L.) R3 FsUsbExDisk; C:\windows\system32\FsUsbExDisk.SYS [37344 2013-03-20] () R2 IDSFLT; C:\windows\system32\Drivers\IDSFLT.SYS [193864 2010-09-09] (Panda Security, S.L.) R2 NETFLTDI; C:\windows\system32\Drivers\NETFLTDI.SYS [159112 2009-09-25] (Panda Security, S.L.) R3 NETIMFLT01060044; C:\Windows\System32\DRIVERS\neti1644.sys [201032 2010-09-01] (Panda Security, S.L.) S3 OlyCamComm; C:\Windows\System32\DRIVERS\OlyCamComm.sys [21648 2009-09-10] (OLYMPUS IMAGING CORP.) R0 pavboot; C:\Windows\System32\Drivers\pavboot.sys [26696 2010-06-22] (Panda Security, S.L.) R2 PavProc; C:\windows\system32\DRIVERS\PavProc.sys [166984 2013-06-12] (Panda Security, S.L.) R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-10-14] (Secunia) R1 SABI; C:\windows\system32\Drivers\SABI.sys [10752 2009-05-28] (SAMSUNG ELECTRONICS) R1 ShldDrv; C:\Windows\System32\DRIVERS\ShlDrv51.sys [37448 2011-02-21] (Panda Security, S.L.) R2 WNMFLT; C:\windows\system32\Drivers\WNMFLT.SYS [46856 2009-09-25] (Panda Security, S.L.) R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] () S3 ZTEusbnet; C:\Windows\System32\DRIVERS\ZTEusbnet.sys [114688 2009-08-18] (ZTE Corporation) S3 ZTEusbvoice; C:\Windows\System32\DRIVERS\ZTEusbvoice.sys [105088 2009-08-18] (ZTE Incorporated) S3 dgderdrv; System32\drivers\dgderdrv.sys [x] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x] R3 PavTPK.sys; \??\C:\windows\system32\PavTPK.sys [x] ========================== Drivers MD5 ======================= C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit C:\Windows\system32\drivers\afd.sys F81BB7E487EDCEAB630A7EE66CF23913 C:\Windows\System32\DRIVERS\AGRSM.sys 07758C2196A62F207F77556311E7459A C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\djsvs.sys ==> MD5 is legit C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit C:\Windows\system32\drivers\amdsata.sys D320BF87125326F996D4904FE24300FC C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit C:\Windows\System32\drivers\amdxata.sys 46387FB17B086D16DEA267D5BE23A2F2 C:\Windows\System32\DRIVERS\amm8660.sys 433B8C8504B283D5C5DEB83487683AE6 C:\windows\system32\Drivers\APPFLT.SYS 6B467E791EC470D010BD50E5E98BF467 C:\Windows\system32\drivers\appid.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\athr.sys 49F17A2E79469BE6581D491706720671 C:\Windows\System32\DRIVERS\atikmdag.sys 745C79700646C3F285CD09775618A04B C:\Windows\system32\DRIVERS\bxvbdx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit C:\Windows\system32\drivers\BthEnum.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bthpan.sys ==> MD5 is legit C:\Windows\System32\Drivers\BTHport.sys 1153DE2E4F5941E10C399CB5592F78A1 C:\Windows\System32\Drivers\BTHUSB.sys C81E9413A25A439F436B1D4B6A0CF9E9 C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit C:\Windows\System32\CLFS.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit C:\Windows\System32\Drivers\cng.sys 42F158036BD4C2FF3122BF142E60E6FD C:\windows\system32\DRIVERS\COMFiltr.sys D9C33E68F61F27D8206F65B0190DC5CF C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit C:\Windows\System32\drivers\discache.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\Dot4.sys B5E479EB83707DD698F66953E922042C C:\Windows\System32\DRIVERS\Dot4Prt.sys CAEFD09B6A6249C53A67D55A9A9FCABF C:\Windows\System32\DRIVERS\dot4usb.sys CF491FF38D62143203C065260567E2F7 C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit C:\windows\system32\Drivers\DSAFLT.SYS 5BB0F91FFD84057D094D106D9FF53298 C:\Windows\System32\drivers\dxgkrnl.sys 71BC35067CABC02C9453AEAA42B2E43E C:\Windows\system32\DRIVERS\evbdx.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legitB C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit C:\windows\system32\Drivers\fnetmon.SYS A38B9BA7A4C17F7DCE9EC4E8F7870026 C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\fssfltr.sys B74B0578FD1D3F897E95F2A2B69EA051 C:\windows\system32\FsUsbExDisk.SYS DDEE99DC54EFA20BD5A442CD733C4462 C:\Windows\System32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05 C:\Windows\System32\DRIVERS\fvevol.sys E306A24D9694C724FA2491278BF50FDB C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit C:\Windows\system32\drivers\HdAudio.sys A5EF29D5315111C80A5C1ABAD14C8972 C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\iaStor.sys D483687EACE0C065EE772481A96E05F5 C:\Windows\system32\drivers\iaStorV.sys 5CD5F9A5444E6CDCB0AC89BD62D8B76E C:\windows\system32\Drivers\IDSFLT.SYS C4E887CF7BA2D3624233231AECD34C9D C:\Windows\System32\DRIVERS\igdkmd32.sys AD626F6964F4D364D226C39E06872DD3 C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit C:\Windows\System32\drivers\RTKVHDA.sys 5CEEF2CCCB4FE00D3FFBFEB12BCFA07F C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit C:\Windows\System32\Drivers\ksecdd.sys B7895B4182C0D16F6EFADEB8081E8D36 C:\Windows\System32\Drivers\ksecpkg.sys 5FE1ABF1AF591A3458C9CF24ED9A4D35 C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\massfilter.sys 59A2783ABA6019BED0C843C706E10A6A C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit C:\Windows\System32\drivers\modem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\mrxdav.sys 21F4B24ACFC79A483515BD986DD9043F C:\Windows\System32\DRIVERS\mrxsmb.sys 5D16C921E3671636C0EBA3BBAAC5FD25 C:\Windows\System32\DRIVERS\mrxsmb10.sys 6D17A4791ACA19328C685D256349FEFC C:\Windows\System32\DRIVERS\mrxsmb20.sys B81F204D146000BE76651A50670A5E9E C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit C:\Windows\System32\drivers\ndis.sys 8C9C922D71F1CD4DEF73F186416B7896 C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit C:\windows\system32\Drivers\NETFLTDI.SYS D8F44FC13DB193C9379297973EE42272 C:\Windows\System32\DRIVERS\neti1644.sys 9DEE136C4863D5065437D07262BB5C40 C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit C:\Windows\System32\Drivers\Ntfs.sys 5E43D2B0EE64123D4880DFA6626DEFDE C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit C:\Windows\system32\drivers\nvraid.sys B3E25EE28883877076E0E1FF877D02E0 C:\Windows\system32\drivers\nvstor.sys 4380E59A170D88C4F1022EFF6719A8A4 C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\OlyCamComm.sys F4CB9C1991314B1352DDBD8A968E4471 C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B C:\Windows\system32\DRIVERS\parvdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\pavboot.sys 55D654258A9C509B671310C314BD30B4 C:\windows\system32\DRIVERS\PavProc.sys E5E921267AB5019483D9207243FDA472 C:\Windows\System32\DRIVERS\pccsmcfd.sys ==> MD5 is legit C:\Windows\System32\drivers\pci.sys ==> MD5 is legit C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\psi_mf_x86.sys 68B57D7C11277EA89F78255480376B4D C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpvideominiport.sys 65375DF758CA1872AB7EBBBA457FD5E6 C:\Windows\System32\Drivers\RDPWD.sys F031683E6D1FEA157ABB2FF260B51E61 C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rfcomm.sys CB928D9E6DAF51879DD6BA8D02F01321 C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\Rt86win7.sys 7DFD48E24479B68B258D8770121155A0 C:\windows\system32\Drivers\SABI.sys 6E5FBB7CBAEC47038B945D5E9B144A64 C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ShlDrv51.sys 32D6F7632234F0354C79E915CA4613D4 C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\srv.sys E4C2764065D66EA1D2D3EBC28FE99C46 C:\Windows\System32\DRIVERS\srv2.sys 03F0545BD8D4C77FA0AE1CEEDFCC71AB C:\Windows\System32\DRIVERS\srvnet.sys BE6BD660CAA6F291AE06A718A4FA8ABC C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit C:\Windows\system32\drivers\serscan.sys EDB05BD63148796F23EA78506404A538 C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\SynTP.sys 7A9025D8F7852B06D6D08ED536135E7E C:\Windows\System32\drivers\tcpip.sys CA59F7C570AF70BC174F477CFE2D9EE3 C:\Windows\System32\DRIVERS\tcpip.sys CA59F7C570AF70BC174F477CFE2D9EE3 C:\Windows\System32\drivers\tcpipreg.sys 3EEBD3BD93DA46A26E89893C7AB2FF3B C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit C:\Windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8 C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\tssecsrv.sys B37B08F2E5EEB1A37E448E09BACE1101 C:\Windows\System32\drivers\tsusbflt.sys 9CE253214ACAA5A7D323327D2055EFAA C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbccgp.sys 71D97F1A3CC47A56728F7A400A3F8295 C:\Windows\system32\drivers\usbcir.sys 2352AB5F9F8F097BF9D41D5A4718A041 C:\Windows\System32\DRIVERS\usbehci.sys C4FB8E7ADEA9B5CEEA885A1B504B7E40 C:\Windows\System32\DRIVERS\usbhub.sys 86AA95ACB611001E26CD2C0145F2225A C:\Windows\system32\drivers\usbohci.sys DCDF9855145A14DFCA0AB32308871961 C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit C:\Windows\system32\drivers\usbscan.sys FC6B21DB4B5B398AB93DBE59CBF11036 C:\Windows\System32\DRIVERS\USBSTOR.SYS F991AB9CC6B908DB552166768176896A C:\Windows\System32\DRIVERS\usbuhci.sys 8E51D04175BAA14C4F79AA5F6D248770 C:\Windows\System32\Drivers\usbvideo.sys DE014425522610BEDCA3821BB8C0F1D5 C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit C:\Windows\System32\drivers\vga.sys ==> MD5 is legit C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\viac7.sys ==> MD5 is legit C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwififlt.sys 7090D3436EEB4E7DA3373090A23448F7 C:\Windows\System32\DRIVERS\vwifimp.sys A3F04CBEA6C2A10E6CB01F8B47611882 C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645 C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\WinUsb.sys A67E5F9A400F3BD1BE3D80613B45F708 C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit C:\windows\system32\Drivers\WNMFLT.SYS 0411D0433E8C48AD24B2EF32D7C97AE0 C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\WSDPrint.sys 553F6CCD7C58EB98D4A8FBDAF283D7A9 C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070 C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF C:\Windows\System32\DRIVERS\yk62x86.sys 30B73EB97218A16CBC6DE535782A1B35 C:\Windows\System32\DRIVERS\ZTEusbmdm6k.sys 86187FB5D81781501558F8742DEE4197 C:\Windows\System32\DRIVERS\ZTEusbnet.sys B7836CA4A95E12135E7E49FEC9C29F2A C:\Windows\System32\DRIVERS\ZTEusbnmea.sys 86187FB5D81781501558F8742DEE4197 C:\Windows\System32\DRIVERS\ZTEusbser6k.sys 86187FB5D81781501558F8742DEE4197 C:\Windows\System32\DRIVERS\ZTEusbvoice.sys 86187FB5D81781501558F8742DEE4197 ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-13 16:26 - 2013-11-13 16:26 - 00000000 ____D C:\FRST 2013-11-08 18:30 - 2013-11-08 18:30 - 00000000 ____D C:\Users\Bartho\AppData\Local\Secunia PSI 2013-11-08 18:28 - 2013-11-08 18:28 - 00000000 ____D C:\Program Files\Secunia 2013-11-08 18:25 - 2013-11-08 18:26 - 03864904 _____ (Secunia) C:\Users\Bartho\Desktop\PSISetup_30b8013.exe 2013-11-08 15:22 - 2013-11-08 15:22 - 00000000 ____D C:\Users\Public\Documents\CrashDump 2013-11-06 02:15 - 2013-11-06 02:15 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-10-31 20:22 - 2013-11-06 11:51 - 00000000 ____D C:\Program Files\Mozilla Thunderbird 2013-10-31 18:41 - 2013-10-31 18:41 - 00264616 _____ (Oracle Corporation) C:\windows\system32\javaws.exe 2013-10-31 18:41 - 2013-10-31 18:41 - 00094632 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll 2013-10-31 18:34 - 2013-10-31 18:42 - 00000000 ____D C:\ProgramData\Oracle 2013-10-31 18:34 - 2013-10-31 18:41 - 00175016 _____ (Oracle Corporation) C:\windows\system32\javaw.exe 2013-10-31 18:34 - 2013-10-31 18:41 - 00174504 _____ (Oracle Corporation) C:\windows\system32\java.exe 2013-10-31 18:34 - 2013-10-31 18:34 - 00000000 ____D C:\Program Files\Common Files\Java 2013-10-31 18:33 - 2013-10-31 18:34 - 00004874 _____ C:\windows\system32\jupdate-1.7.0_45-b18.log 2013-10-23 18:07 - 2013-11-13 16:22 - 00000370 _____ C:\windows\setupact.log 2013-10-23 18:07 - 2013-10-23 18:07 - 00000000 _____ C:\windows\setuperr.log 2013-10-22 01:00 - 2013-10-28 22:17 - 00013073 _____ C:\Users\Bartho\Desktop\SGD 9-Sitzer.xlsx 2013-10-14 11:04 - 2013-10-14 11:04 - 00016024 _____ (Secunia) C:\windows\system32\Drivers\psi_mf_x86.sys ==================== One Month Modified Files and Folders ======= 2013-11-13 16:28 - 2013-09-02 20:50 - 00294948 _____ C:\windows\system32\Drivers\APPFCONT.DAT.bck 2013-11-13 16:28 - 2013-09-02 20:50 - 00294948 _____ C:\windows\system32\Drivers\APPFCONT.DAT 2013-11-13 16:26 - 2013-11-13 16:26 - 00000000 ____D C:\FRST 2013-11-13 16:25 - 2013-09-02 21:19 - 00000252 _____ C:\windows\system32\Drivers\etc\IdsFlt.cfg.bck 2013-11-13 16:25 - 2013-09-02 21:19 - 00000252 _____ C:\windows\system32\Drivers\etc\IdsFlt.cfg 2013-11-13 16:25 - 2013-09-02 21:19 - 00000140 _____ C:\windows\system32\Drivers\etc\NetLoc.wlt.bck 2013-11-13 16:25 - 2013-09-02 21:19 - 00000140 _____ C:\windows\system32\Drivers\etc\NetLoc.wlt 2013-11-13 16:25 - 2013-09-02 21:19 - 00000056 _____ C:\windows\system32\Drivers\etc\WnmFlt.cfg.bck 2013-11-13 16:25 - 2013-09-02 21:19 - 00000056 _____ C:\windows\system32\Drivers\etc\WnmFlt.cfg 2013-11-13 16:25 - 2013-09-02 21:19 - 00000056 _____ C:\windows\system32\Drivers\etc\DsaFlt.cfg.bck 2013-11-13 16:25 - 2013-09-02 21:19 - 00000056 _____ C:\windows\system32\Drivers\etc\DsaFlt.cfg 2013-11-13 16:25 - 2013-09-02 21:16 - 00000068 _____ C:\windows\system32\Drivers\etc\NetFlt.cfg.bck 2013-11-13 16:25 - 2013-09-02 21:16 - 00000068 _____ C:\windows\system32\Drivers\etc\NetFlt.cfg 2013-11-13 16:25 - 2013-09-02 20:50 - 00303044 _____ C:\windows\system32\Drivers\etc\DsaFlt.rls.bck 2013-11-13 16:25 - 2013-09-02 20:50 - 00303044 _____ C:\windows\system32\Drivers\etc\DsaFlt.rls 2013-11-13 16:25 - 2013-09-02 20:50 - 00001132 _____ C:\windows\system32\Drivers\APPFLTR.CFG.bck 2013-11-13 16:25 - 2013-09-02 20:50 - 00001132 _____ C:\windows\system32\Drivers\APPFLTR.CFG 2013-11-13 16:22 - 2013-10-23 18:07 - 00000370 _____ C:\windows\setupact.log 2013-11-13 16:22 - 2013-09-02 21:17 - 00000152 _____ C:\windows\system32\Drivers\etc\NetAdapt.cfg.bck 2013-11-13 16:22 - 2013-09-02 21:17 - 00000152 _____ C:\windows\system32\Drivers\etc\NetAdapt.cfg 2013-11-13 16:22 - 2013-09-02 21:17 - 00000064 _____ C:\windows\system32\Drivers\etc\NetAR.wlt.bck 2013-11-13 16:22 - 2013-09-02 21:17 - 00000064 _____ C:\windows\system32\Drivers\etc\NetAR.wlt 2013-11-13 16:22 - 2011-11-30 19:08 - 00001094 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-11-13 16:22 - 2009-07-14 05:53 - 00000006 ____H C:\windows\Tasks\SA.DAT 2013-11-13 16:21 - 2011-12-01 13:24 - 00000000 ____D C:\Program Files\FileZilla FTP Client 2013-11-13 16:20 - 2012-08-08 13:58 - 01623161 _____ C:\windows\WindowsUpdate.log 2013-11-13 16:19 - 2013-06-30 19:51 - 00015123 _____ C:\Users\Bartho\Desktop\privat.xlsx 2013-11-13 16:18 - 2009-07-14 05:34 - 00014512 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-11-13 16:18 - 2009-07-14 05:34 - 00014512 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-11-13 16:16 - 2012-04-04 14:11 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2013-11-13 16:16 - 2009-07-26 21:06 - 01646182 _____ C:\windows\system32\PerfStringBackup.INI 2013-11-13 15:43 - 2011-11-30 19:09 - 00001098 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-11-12 17:55 - 2012-03-31 12:58 - 00000000 ____D C:\Users\Bartho\Desktop\ElbeZeit 2013-11-09 23:29 - 2011-12-30 00:17 - 00000000 ____D C:\Users\Bartho\AppData\Local\Paint.NET 2013-11-09 04:11 - 2013-06-24 09:33 - 00000000 ____D C:\Users\Bartho\AppData\Roaming\vlc 2013-11-08 19:17 - 2009-07-14 03:37 - 00000000 ____D C:\windows\Microsoft.NET 2013-11-08 18:38 - 2012-02-20 14:34 - 00000000 ____D C:\Program Files\Opera 2013-11-08 18:37 - 2012-02-22 18:26 - 00001874 _____ C:\Users\Public\Desktop\FileZilla Client.lnk 2013-11-08 18:36 - 2012-03-25 00:22 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR 2013-11-08 18:30 - 2013-11-08 18:30 - 00000000 ____D C:\Users\Bartho\AppData\Local\Secunia PSI 2013-11-08 18:28 - 2013-11-08 18:28 - 00000000 ____D C:\Program Files\Secunia 2013-11-08 18:26 - 2013-11-08 18:25 - 03864904 _____ (Secunia) C:\Users\Bartho\Desktop\PSISetup_30b8013.exe 2013-11-08 15:36 - 2013-09-25 23:10 - 00001952 _____ C:\Users\Public\Desktop\Samsung Kies (Lite).lnk 2013-11-08 15:22 - 2013-11-08 15:22 - 00000000 ____D C:\Users\Public\Documents\CrashDump 2013-11-08 02:16 - 2012-01-15 18:15 - 00000000 ____D C:\Program Files\phonostar-Player 2013-11-07 17:35 - 2013-09-03 02:18 - 00000816 _____ C:\windows\system32\Drivers\etc\wnmth.wlt.bck 2013-11-07 17:35 - 2013-09-03 02:18 - 00000816 _____ C:\windows\system32\Drivers\etc\wnmth.wlt 2013-11-07 12:25 - 2012-03-02 11:44 - 00000000 ____D C:\Users\Bartho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2013-11-07 12:25 - 2012-03-02 11:44 - 00000000 ____D C:\Program Files\WinRAR 2013-11-06 11:51 - 2013-10-31 20:22 - 00000000 ____D C:\Program Files\Mozilla Thunderbird 2013-11-06 10:56 - 2012-04-27 12:35 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-11-06 02:15 - 2013-11-06 02:15 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-11-03 22:06 - 2009-07-14 03:37 - 00000000 ____D C:\windows\system32\NDF 2013-11-02 19:35 - 2012-02-14 15:41 - 00000000 ____D C:\Users\Bartho\AppData\Roaming\UseNeXT 2013-11-02 19:31 - 2012-02-14 15:41 - 00000000 ____D C:\Users\Bartho\Documents\UseNeXT 2013-10-31 18:42 - 2013-10-31 18:34 - 00000000 ____D C:\ProgramData\Oracle 2013-10-31 18:41 - 2013-10-31 18:41 - 00264616 _____ (Oracle Corporation) C:\windows\system32\javaws.exe 2013-10-31 18:41 - 2013-10-31 18:41 - 00094632 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll 2013-10-31 18:41 - 2013-10-31 18:34 - 00175016 _____ (Oracle Corporation) C:\windows\system32\javaw.exe 2013-10-31 18:41 - 2013-10-31 18:34 - 00174504 _____ (Oracle Corporation) C:\windows\system32\java.exe 2013-10-31 18:41 - 2011-11-30 23:05 - 00000000 ____D C:\Program Files\Java 2013-10-31 18:34 - 2013-10-31 18:34 - 00000000 ____D C:\Program Files\Common Files\Java 2013-10-31 18:34 - 2013-10-31 18:33 - 00004874 _____ C:\windows\system32\jupdate-1.7.0_45-b18.log 2013-10-28 22:17 - 2013-10-22 01:00 - 00013073 _____ C:\Users\Bartho\Desktop\SGD 9-Sitzer.xlsx 2013-10-24 21:39 - 2013-09-02 20:26 - 00239017 _____ C:\windows\hpwins26.dat 2013-10-24 21:39 - 2012-05-09 16:59 - 00020759 _____ C:\ProgramData\hpzinstall.log 2013-10-24 17:05 - 2011-11-30 22:55 - 00008627 _____ C:\windows\system32\PAV_FOG.OPC 2013-10-23 18:07 - 2013-10-23 18:07 - 00000000 _____ C:\windows\setuperr.log 2013-10-21 20:42 - 2012-04-14 23:33 - 00000000 ____D C:\Users\Bartho\Desktop\dienstplan 2013-10-15 10:42 - 2009-07-26 21:57 - 00000000 ____D C:\windows\Panther 2013-10-14 11:04 - 2013-10-14 11:04 - 00016024 _____ (Secunia) C:\windows\system32\Drivers\psi_mf_x86.sys Some content of TEMP: ==================== C:\Users\Bartho\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== BCD ================================ Windows-Start-Manager --------------------- Bezeichner {bootmgr} device partition=\Device\HarddiskVolume2 description Windows Boot Manager locale de-DE inherit {globalsettings} default {current} resumeobject {bf86db92-b3b0-11de-ba27-001377b698c7} displayorder {current} toolsdisplayorder {memdiag} timeout 30 Windows-Startladeprogramm ------------------------- Bezeichner {current} device partition=C: path \windows\system32\winload.exe description Windows 7 locale de-DE inherit {bootloadersettings} recoverysequence {bf86db94-b3b0-11de-ba27-001377b698c7} recoveryenabled Yes osdevice partition=C: systemroot \windows resumeobject {bf86db92-b3b0-11de-ba27-001377b698c7} nx OptIn Windows-Startladeprogramm ------------------------- Bezeichner {bf86db94-b3b0-11de-ba27-001377b698c7} device ramdisk=[C:]\Recovery\bf86db94-b3b0-11de-ba27-001377b698c7\Winre.wim,{bf86db95-b3b0-11de-ba27-001377b698c7} path \windows\system32\winload.exe description Windows Recovery Environment inherit {bootloadersettings} osdevice ramdisk=[C:]\Recovery\bf86db94-b3b0-11de-ba27-001377b698c7\Winre.wim,{bf86db95-b3b0-11de-ba27-001377b698c7} systemroot \windows nx OptIn winpe Yes Wiederaufnahme aus dem Ruhezustand ---------------------------------- Bezeichner {bf86db92-b3b0-11de-ba27-001377b698c7} device partition=C: path \windows\system32\winresume.exe description Windows Resume Application locale de-DE inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys pae No debugoptionenabled No Windows-Speichertestprogramm ---------------------------- Bezeichner {memdiag} device partition=\Device\HarddiskVolume2 path \boot\memtest.exe description Windows Memory Diagnostic locale de-DE inherit {globalsettings} badmemoryaccess Yes EMS-Einstellungen ----------------- Bezeichner {emssettings} bootems Yes Debuggereinstellungen --------------------- Bezeichner {dbgsettings} debugtype Serial debugport 1 baudrate 115200 RAM-Defekte ----------- Bezeichner {badmemory} Globale Einstellungen --------------------- Bezeichner {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Startladeprogramm-Einstellungen ------------------------------- Bezeichner {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Hypervisoreinstellungen ------------------- Bezeichner {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Einstellungen zur Ladeprogrammfortsetzung ----------------------------------------- Bezeichner {resumeloadersettings} inherit {globalsettings} Ger„teoptionen -------------- Bezeichner {bf86db95-b3b0-11de-ba27-001377b698c7} description Ramdisk Options ramdisksdidevice partition=C: ramdisksdipath \Recovery\bf86db94-b3b0-11de-ba27-001377b698c7\boot.sdi LastRegBack: 2013-11-10 11:30 ==================== End Of Log ============================ |
| Themen zu GVU Sperrbildschirm |
| administrator, adobe, adobe flash player, bootmgr, desktop, explorer, explorer.exe, farbar, farbar recovery scan tool, firefox, firewall, flash player, ftp, hdaudio.sys, home, homepage, i8042prt.sys, mozilla, olympus, plug-in, realtek, registry, safer networking, samsung kies, secunia psi, security, server, services.exe, software, svchost.exe, system, temp, usbvideo.sys, windows, winlogon.exe |
Baum-Darstellung