| |
| |||||||
Log-Analyse und Auswertung: Admin-Konto funktioniert nicht mehrWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
21.12.2013, 17:38
| #1 |
| |  Admin-Konto funktioniert nicht mehr Hallo! Ich habe das gleiche Problem wie bereits einmal im Forum erörtert: Ich hab mir einen Virus eingefangen und seitdem keinen Zugriff auf das Administratorkonto mehr (http://www.trojaner-board.de/138845-...iert-mehr.html) Wie im obigen Thema beschrieben, habe ich bereits den FRST Scan durchgeführt. Das Logfile werde ich sogleich anhängen. Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-12-2013 02
Ran by SYSTEM on MININT-PEOOLMI on 21-12-2013 17:15:54
Running from F:\
Windows 7 Home Premium (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1410344 2008-12-05] (Synaptics, Inc.)
HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\SkyTel.exe [1833504 2009-02-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6814240 2009-02-14] (Realtek Semiconductor)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [Monitor] - C:\Windows\PixArt\Pac207\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [LManager] - C:\Program Files\Launch Manager\LManager.exe [866824 2009-02-19] (Dritek System Inc.)
HKLM\...\Run: [FreePDF Assistant] - C:\Program Files\FreePDF_XP\fpassist.exe [385024 2009-09-05] (shbox.de)
HKLM\...\Run: [CLMLServer] - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [206120 2009-07-02] (CyberLink)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [BackupManagerTray] - C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [248576 2009-02-17] (NewTech Infosystems, Inc.)
HKLM\...\Run: [ArcadeDeluxeAgent] - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [156968 2009-09-17] (CyberLink Corp.)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe [707104 2009-02-19] (Acer Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [LifeCam] - C:\Program Files\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM\...\Run: [vProt] - C:\Program Files\AVG Secure Search\vprot.exe [2471448 2013-12-09] ()
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [QuickTime Plugin Install] - C:\Program Files\QuickTime\Plugins\DeleteMe1.exe [86016 2013-05-29] ()
HKLM\...\Run: [] - [x]
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Runonce: [MSPCLOCK] - rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
HKLM\...\Runonce: [MSPQM] - rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
HKLM\...\Runonce: [MSKSSRV] - rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
HKLM\...\Runonce: [MSTEE.CxTransform] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [MSTEE.Splitter] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [WDM_DRMKAUD] - rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
HKU\Ann-Kathrin\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [ 2009-07-14] (Microsoft Corporation)
HKU\Ann-Kathrin\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2010-11-20] (Microsoft Corporation)
========================== Services (Whitelisted) =================
S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [1025352 2011-07-26] ()
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
S2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [75048 2009-05-20] ()
S2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [666144 2009-02-19] (Acer Incorporated)
S2 NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [44800 2009-02-17] (NewTech Infosystems, Inc.)
S2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144632 2008-09-23] (NewTech Infosystems, Inc.)
S2 vToolbarUpdater17.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [1771544 2013-12-09] (AVG Secure Search)
==================== Drivers (Whitelisted) ====================
S1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120600 2013-11-05] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [209176 2013-11-04] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147768 2013-10-24] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22840 2013-09-17] (AVG Technologies CZ, s.r.o.)
S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-10-31] (AVG Technologies CZ, s.r.o.)
S0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)
S1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
S1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-11-12] (AVG Technologies)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S4 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [102912 2009-06-29] (Huawei Technologies Co., Ltd.)
S2 npf; C:\Windows\System32\drivers\npf.sys [50704 2009-11-16] (CACE Technologies, Inc.)
S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [507136 2006-12-05] (PixArt Imaging Inc.)
S3 lvpopflt; system32\DRIVERS\lvpopflt.sys [x]
S3 MEMSWEEP2; \??\C:\Windows\system32\BE01.tmp [x]
========================== Drivers MD5 =======================
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys F81BB7E487EDCEAB630A7EE66CF23913
C:\Windows\System32\DRIVERS\AGRSM.sys 7E10E3BB9B258AD8A9300F91214D67B9
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D320BF87125326F996D4904FE24300FC
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 46387FB17B086D16DEA267D5BE23A2F2
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\avgdiskx.sys 9C7C45DE9E167F6268D32D6D10133F7D
C:\Windows\System32\DRIVERS\avgidsdriverx.sys C66B17D93F94622293608C2FB91C5806
C:\Windows\System32\DRIVERS\avgidshx.sys 0C70FAB4B08DC1FF6612AA3F352CFCA9
C:\Windows\System32\DRIVERS\avgidsshimx.sys 4118A9D326A76D485713A36988102C3E
C:\Windows\System32\DRIVERS\avgldx86.sys 578ECC3D911897B2C5B760EDAF8ED6CA
C:\Windows\System32\DRIVERS\avglogx.sys BD1A440B9F126AFE52978A44952B0018
C:\Windows\System32\DRIVERS\avgmfx86.sys 7DC192EC714342E7C020C7CF42E394D8
C:\Windows\System32\DRIVERS\avgrkx86.sys E6322DF686CE1C59D7797FAEF0732454
C:\Windows\System32\DRIVERS\avgtdix.sys E98603F9D1F412F38ADF2F76053F9E5A
C:\Windows\system32\drivers\avgtpx86.sys 15ACA2AD17ACECA4814F249783E63AD3
C:\Windows\system32\DRIVERS\bxvbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 85449EEBE8F8EBD6481EFBF0F352B4EB
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CVirtA.sys B5ECADF7708960F1818C7FA015F4C239
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\DKbFltr.sys 73BAF270D24FE726B9CD7F80BB17A23D
C:\Windows\System32\DRIVERS\dne2000.sys B5AA5AA5AC327BD7C1AEC0C58F0C1144
C:\Windows\System32\DRIVERS\Dot4.sys B5E479EB83707DD698F66953E922042C
C:\Windows\System32\DRIVERS\Dot4Prt.sys CAEFD09B6A6249C53A67D55A9A9FCABF
C:\Windows\System32\DRIVERS\dot4usb.sys CF491FF38D62143203C065260567E2F7
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 71BC35067CABC02C9453AEAA42B2E43E
C:\Windows\system32\DRIVERS\evbdx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ewusbnet.sys 0F40E249E4DD0CE47C7CA19C5C8FB48A
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legitB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05
C:\Windows\System32\DRIVERS\fvevol.sys E306A24D9694C724FA2491278BF50FDB
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 185ADA973B5020655CEE342059A86CBB
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ewusbmdm.sys 92CA47DA32009CCC00A5ADED04ABBD78
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ewusbfake.sys 089085538885367E281686762A973EB5
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys 5CD5F9A5444E6CDCB0AC89BD62D8B76E
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHDA.sys B4FD14F7B231E358BEC6C71D1A6C2845
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\k57nd60x.sys EAC21E8014C7E6EE341AFFFB7E2BBD54
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys F286830298323272260332D6ABC905C1
C:\Windows\System32\Drivers\ksecpkg.sys D7C760D57B1656DD748B9E4AB6CB5A51
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lvrs.sys C4FD8055F421A8E6F49259A0BF59C40D
C:\Windows\System32\DRIVERS\lvuvc.sys BAB6DBA71DEFBC9D147AFC15CDC9563F
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 21F4B24ACFC79A483515BD986DD9043F
C:\Windows\System32\DRIVERS\mrxsmb.sys 5D16C921E3671636C0EBA3BBAAC5FD25
C:\Windows\System32\DRIVERS\mrxsmb10.sys 6D17A4791ACA19328C685D256349FEFC
C:\Windows\System32\DRIVERS\mrxsmb20.sys B81F204D146000BE76651A50670A5E9E
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\Drivers\nx6000.sys 7A0F9CBDBDB135113B9A3C138E20C85D
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 8C9C922D71F1CD4DEF73F186416B7896
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NETw5s32.sys EF51B405AD8ACAAE6F0231290D20F516
C:\Windows\System32\DRIVERS\netw5v32.sys 58218EC6B61B1169CF54AAB0D00F5FE2
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\drivers\ccdcmb.sys ==> MD5 is legit
C:\Windows\System32\drivers\ccdcmbo.sys ==> MD5 is legit
C:\Windows\System32\drivers\npf.sys B9730495E0CF674680121E34BD95A73B
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 5E43D2B0EE64123D4880DFA6626DEFDE
C:\Windows\System32\Drivers\NTIDrvr.sys 2757D2BA59AEE155209E24942AB127C9
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\drivers\nvhda32v.sys 77F9F9A199B87FE3F852E12F5419240B
C:\Windows\System32\DRIVERS\nvlddmkm.sys 9A55250A7EDC9EA12DC3495F5E9F8703
C:\Windows\system32\drivers\nvraid.sys B3E25EE28883877076E0E1FF877D02E0
C:\Windows\system32\drivers\nvstor.sys 4380E59A170D88C4F1022EFF6719A8A4
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\PFC027.SYS DCA942C0A19A0AD2ABCD9ACF94EB4B10
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B
C:\Windows\system32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 65375DF758CA1872AB7EBBBA457FD5E6
C:\Windows\System32\Drivers\RDPWD.sys F031683E6D1FEA157ABB2FF260B51E61
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTSTOR.SYS 9B09F336DE36A7A6CA871DE8A7847B65
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys E4C2764065D66EA1D2D3EBC28FE99C46
C:\Windows\System32\DRIVERS\srv2.sys 03F0545BD8D4C77FA0AE1CEEDFCC71AB
C:\Windows\System32\DRIVERS\srvnet.sys BE6BD660CAA6F291AE06A718A4FA8ABC
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serscan.sys EDB05BD63148796F23EA78506404A538
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys AEE6E411A915F50101895BA8DC5C15D4
C:\Windows\System32\drivers\tcpip.sys CA59F7C570AF70BC174F477CFE2D9EE3
C:\Windows\System32\DRIVERS\tcpip.sys CA59F7C570AF70BC174F477CFE2D9EE3
C:\Windows\System32\drivers\tcpipreg.sys 3EEBD3BD93DA46A26E89893C7AB2FF3B
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys B37B08F2E5EEB1A37E448E09BACE1101
C:\Windows\System32\drivers\tsusbflt.sys C6A5FBD4977305E1FA23E02C042DB463
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\Drivers\UBHelper.sys F763E070843EE2803DE1395002B42938
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbser_lowerflt.sys 7062ED67A10F1C83B2AB951736E24F11
C:\Windows\System32\Drivers\usbaapl.sys 6E421CCC57059B0186C6259CA3B6DFC9
C:\Windows\System32\drivers\usbaudio.sys A1977C315BF5691DA99235AA4A6907AF
C:\Windows\System32\DRIVERS\usbccgp.sys 71D97F1A3CC47A56728F7A400A3F8295
C:\Windows\system32\drivers\usbcir.sys 2352AB5F9F8F097BF9D41D5A4718A041
C:\Windows\System32\DRIVERS\usbehci.sys C4FB8E7ADEA9B5CEEA885A1B504B7E40
C:\Windows\System32\DRIVERS\usbhub.sys 86AA95ACB611001E26CD2C0145F2225A
C:\Windows\system32\drivers\usbohci.sys DCDF9855145A14DFCA0AB32308871961
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbscan.sys FC6B21DB4B5B398AB93DBE59CBF11036
C:\Windows\system32\drivers\usbser.sys 007C0C8D5B01D82ACEB70431D15083F6
C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys B76D8039F5B595C4CA551B3D5DD15A98
C:\Windows\System32\DRIVERS\USBSTOR.SYS F991AB9CC6B908DB552166768176896A
C:\Windows\System32\DRIVERS\usbuhci.sys 8E51D04175BAA14C4F79AA5F6D248770
C:\Windows\System32\Drivers\usbvideo.sys DE014425522610BEDCA3821BB8C0F1D5
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viac7.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys 7090D3436EEB4E7DA3373090A23448F7
C:\Windows\System32\DRIVERS\vwifimp.sys A3F04CBEA6C2A10E6CB01F8B47611882
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys A67E5F9A400F3BD1BE3D80613B45F708
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-21 16:54 - 2013-12-21 16:54 - 00000000 ____D C:\FRST
2013-12-21 16:53 - 2013-12-21 16:53 - 01325858 _____ (Farbar) C:\Users\Ann-Kathrin\Downloads\FRST.exe
2013-12-21 16:42 - 2013-12-21 16:42 - 17142784 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 11220992 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 04240384 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-12-21 16:42 - 2013-12-21 16:42 - 02166272 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 01926656 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-12-21 16:42 - 2013-12-21 16:42 - 01818112 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 01156608 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 01051136 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00703488 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00646144 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-12-21 16:42 - 2013-12-21 16:42 - 00645120 _____ (Microsoft Corporation) C:\Windows\System32\jsIntl.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00616104 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-12-21 16:42 - 2013-12-21 16:42 - 00610304 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00553472 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00523776 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00454656 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00440832 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00367104 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00337408 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-12-21 16:42 - 2013-12-21 16:42 - 00244736 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00238288 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00233472 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00208896 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-12-21 16:42 - 2013-12-21 16:42 - 00208384 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00194048 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00182272 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00164864 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00151552 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-12-21 16:42 - 2013-12-21 16:42 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-12-21 16:42 - 2013-12-21 16:42 - 00127488 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00116736 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00112128 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-12-21 16:42 - 2013-12-21 16:42 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00108032 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2013-12-21 16:42 - 2013-12-21 16:42 - 00086016 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00083456 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00074240 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-12-21 16:42 - 2013-12-21 16:42 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-12-21 16:42 - 2013-12-21 16:42 - 00069632 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00069120 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00062464 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-12-21 16:42 - 2013-12-21 16:42 - 00061952 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00061952 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00056832 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00043008 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00043008 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00036352 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00032768 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-12-21 16:42 - 2013-12-21 16:42 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-12-21 16:42 - 2013-12-21 16:42 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2013-12-21 14:18 - 2013-09-04 02:15 - 00258560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2013-12-21 14:18 - 2013-09-04 02:14 - 00284672 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2013-12-21 14:18 - 2013-09-04 02:14 - 00076288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2013-12-21 14:18 - 2013-09-04 02:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2013-12-21 14:18 - 2013-09-04 02:14 - 00024064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2013-12-21 14:18 - 2013-09-04 02:14 - 00020480 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2013-12-21 14:18 - 2013-09-04 02:14 - 00006016 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2013-12-21 14:07 - 2013-12-21 14:07 - 00000000 ____D C:\Windows\System32\%LOCALAPPDATA%
2013-12-14 20:32 - 2013-12-21 16:48 - 00062096 _____ C:\Windows\IE11_main.log
2013-12-12 13:33 - 2013-12-12 13:34 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-12 12:25 - 2013-12-12 12:26 - 78388136 _____ (AVG) C:\Users\Ann-Kathrin\Downloads\avg_tuh_stf_all_2014_204_24c104.exe
2013-12-11 20:50 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\System32\wmploc.DLL
2013-12-11 20:50 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\System32\wmp.dll
2013-12-11 18:25 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-12-11 18:25 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-12-11 18:25 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\System32\msieftp.dll
2013-12-11 18:25 - 2013-10-30 02:27 - 02349056 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-12-11 18:25 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2013-12-11 18:25 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\System32\wshom.ocx
2013-12-11 18:25 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\System32\scrrun.dll
2013-12-11 18:25 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\System32\wscript.exe
2013-12-11 18:25 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\System32\cscript.exe
2013-12-11 18:25 - 2013-10-04 02:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\drmk.sys
2013-12-11 18:25 - 2013-10-04 02:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\portcls.sys
2013-12-09 10:05 - 2012-10-13 09:17 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\TuneUp Software
2013-12-09 10:05 - 2011-07-07 16:03 - 00000000 ____D C:\Users\TEMP\AppData\Local\Microsoft Help
2013-12-09 10:05 - 2010-02-08 23:36 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Macromedia
2013-12-09 10:05 - 2010-02-08 23:36 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Intel
2013-12-09 10:05 - 2010-02-08 23:36 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Acer GameZone Console
==================== One Month Modified Files and Folders =======
2013-12-21 17:07 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-12-21 17:06 - 2010-02-09 00:06 - 01835408 _____ C:\Windows\WindowsUpdate.log
2013-12-21 16:54 - 2013-12-21 16:54 - 00000000 ____D C:\FRST
2013-12-21 16:53 - 2013-12-21 16:53 - 01325858 _____ (Farbar) C:\Users\Ann-Kathrin\Downloads\FRST.exe
2013-12-21 16:53 - 2010-02-09 00:19 - 01620684 _____ C:\Windows\System32\PerfStringBackup.INI
2013-12-21 16:48 - 2013-12-14 20:32 - 00062096 _____ C:\Windows\IE11_main.log
2013-12-21 16:42 - 2013-12-21 16:42 - 17142784 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 11220992 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 04240384 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-12-21 16:42 - 2013-12-21 16:42 - 02166272 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 01926656 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-12-21 16:42 - 2013-12-21 16:42 - 01818112 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 01156608 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 01051136 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00703488 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00646144 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-12-21 16:42 - 2013-12-21 16:42 - 00645120 _____ (Microsoft Corporation) C:\Windows\System32\jsIntl.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00616104 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-12-21 16:42 - 2013-12-21 16:42 - 00610304 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00553472 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00523776 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00454656 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00440832 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00367104 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00337408 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-12-21 16:42 - 2013-12-21 16:42 - 00244736 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00238288 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00233472 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00208896 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-12-21 16:42 - 2013-12-21 16:42 - 00208384 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00194048 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00182272 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00164864 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00151552 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-12-21 16:42 - 2013-12-21 16:42 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-12-21 16:42 - 2013-12-21 16:42 - 00127488 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00116736 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00112128 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-12-21 16:42 - 2013-12-21 16:42 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00108032 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2013-12-21 16:42 - 2013-12-21 16:42 - 00086016 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00083456 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00074240 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-12-21 16:42 - 2013-12-21 16:42 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-12-21 16:42 - 2013-12-21 16:42 - 00069632 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00069120 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00062464 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-12-21 16:42 - 2013-12-21 16:42 - 00061952 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00061952 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00056832 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00043008 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00043008 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00036352 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00032768 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-12-21 16:42 - 2013-12-21 16:42 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-12-21 16:42 - 2013-12-21 16:42 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2013-12-21 16:37 - 2010-02-08 23:08 - 00010048 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-21 16:37 - 2010-02-08 23:08 - 00010048 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-21 16:30 - 2013-05-18 10:55 - 00000000 ____D C:\Users\Ann-Kathrin\AppData\Local\CrashDumps
2013-12-21 16:28 - 2013-06-10 07:24 - 05090686 _____ C:\Windows\setupact.log
2013-12-21 16:23 - 2013-07-05 16:31 - 00086264 _____ C:\Windows\PFRO.log
2013-12-21 14:29 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-12-21 14:07 - 2013-12-21 14:07 - 00000000 ____D C:\Windows\System32\%LOCALAPPDATA%
2013-12-21 13:20 - 2010-10-31 13:29 - 00000000 ____D C:\ProgramData\MFAData
2013-12-18 10:07 - 2010-06-26 15:42 - 00000000 ____D C:\Users\Ann-Kathrin\AppData\Roaming\HpUpdate
2013-12-14 19:11 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2013-12-13 08:45 - 2012-04-26 10:23 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-12 13:34 - 2013-12-12 13:33 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-12 12:26 - 2013-12-12 12:25 - 78388136 _____ (AVG) C:\Users\Ann-Kathrin\Downloads\avg_tuh_stf_all_2014_204_24c104.exe
2013-12-12 12:12 - 2013-05-27 07:25 - 00421624 _____ C:\Windows\System32\FNTCACHE.DAT
2013-12-11 20:56 - 2009-03-12 04:11 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-11 20:54 - 2013-08-14 21:40 - 00000000 ____D C:\Windows\System32\MRT
2013-12-11 20:51 - 2010-02-10 11:57 - 88123800 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-12-11 18:15 - 2012-04-10 18:57 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-12-11 18:15 - 2011-05-18 07:33 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-12-09 13:53 - 2009-06-10 20:00 - 00000000 ____D C:\Users\Ann-Kathrin\AppData\Roaming\Skype
2013-12-09 10:06 - 2013-06-27 11:49 - 00003728 _____ C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2013-12-09 10:06 - 2011-11-08 22:43 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2013-12-09 10:05 - 2012-10-03 16:40 - 00000000 ____D C:\Program Files\AVG Secure Search
2013-12-09 10:05 - 2011-12-29 14:15 - 00000000 ____D C:\ProgramData\AVG Secure Search
2013-11-30 21:34 - 2009-10-23 16:17 - 00000000 ____D C:\Users\Ann-Kathrin\AppData\Local\FreePDF_XP
2013-11-30 21:33 - 2013-06-30 11:29 - 00001080 _____ C:\fpRedmon.log
2013-11-29 14:26 - 2009-07-02 21:10 - 00000000 ___RD C:\Program Files\Skype
2013-11-29 14:26 - 2009-06-10 19:59 - 00000000 ____D C:\ProgramData\Skype
2013-11-26 17:30 - 2010-02-08 23:12 - 00000000 ____D C:\users\Ann-Kathrin
2013-11-23 19:26 - 2013-12-11 18:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-11-21 09:35 - 2009-06-13 13:15 - 00000000 ____D C:\Users\Ann-Kathrin\Documents\Sonstiges
Some content of TEMP:
====================
C:\Users\Ann-Kathrin\AppData\Local\Temp\7383E141.dll
C:\Users\Ann-Kathrin\AppData\Local\Temp\7387744C.dll
C:\Users\Ann-Kathrin\AppData\Local\Temp\Checkupdate.exe
C:\Users\Ann-Kathrin\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Ann-Kathrin\AppData\Local\Temp\gcapi_dll.dll
C:\Users\Ann-Kathrin\AppData\Local\Temp\gtapi_signed.dll
C:\Users\Ann-Kathrin\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\Ann-Kathrin\AppData\Local\Temp\SkypeSetup.exe
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2013-11-21 10:06:06
Restore point made on: 2013-12-03 16:27:32
Restore point made on: 2013-12-11 20:47:00
Restore point made on: 2013-12-14 20:31:37
Restore point made on: 2013-12-15 16:11:56
Restore point made on: 2013-12-16 15:17:20
Restore point made on: 2013-12-18 10:19:19
Restore point made on: 2013-12-18 16:45:06
Restore point made on: 2013-12-19 11:03:10
Restore point made on: 2013-12-19 23:52:40
Restore point made on: 2013-12-20 20:29:28
Restore point made on: 2013-12-21 13:47:07
Restore point made on: 2013-12-21 14:18:53
Restore point made on: 2013-12-21 16:38:38
==================== BCD ================================
Windows-Start-Manager
---------------------
Bezeichner {bootmgr}
device partition=C:
description Windows Boot Manager
locale de-DE
inherit {globalsettings}
default {default}
resumeobject {a9d4d023-d441-11dc-8a35-e9a1536067d6}
displayorder {default}
toolsdisplayorder {memdiag}
timeout 30
Windows-Startladeprogramm
-------------------------
Bezeichner {572bcd56-ffa7-11d9-aae0-0007e994107d}
device ramdisk=[D:]\x86\winre.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
path \windows\system32\boot\winload.exe
description Windows Recovery Environment
osdevice ramdisk=[D:]\x86\winre.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
systemroot \windows
nx OptIn
detecthal Yes
winpe Yes
Windows-Startladeprogramm
-------------------------
Bezeichner {current}
device ramdisk=[C:]\Recovery\936bc32c-1507-11df-a0d0-001f16927a94\Winre.wim,{936bc32d-1507-11df-a0d0-001f16927a94}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\936bc32c-1507-11df-a0d0-001f16927a94\Winre.wim,{936bc32d-1507-11df-a0d0-001f16927a94}
systemroot \windows
nx OptIn
winpe Yes
Windows-Startladeprogramm
-------------------------
Bezeichner {default}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale de-DE
inherit {bootloadersettings}
recoverysequence {current}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {a9d4d023-d441-11dc-8a35-e9a1536067d6}
nx OptIn
Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner {a9d4d023-d441-11dc-8a35-e9a1536067d6}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale de-DE
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
pae Yes
debugoptionenabled No
Windows-Speichertestprogramm
----------------------------
Bezeichner {memdiag}
device partition=C:
path \boot\memtest.exe
description Windows-Speicherdiagnose
locale de-DE
inherit {globalsettings}
badmemoryaccess Yes
Windows-Legacybetriebssystem-Ladeprogramm
-----------------------------------------
Bezeichner {ntldr}
device unknown
path \ntldr
description Frhere Windows-Version
EMS-Einstellungen
-----------------
Bezeichner {emssettings}
bootems Yes
Debuggereinstellungen
---------------------
Bezeichner {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200
RAM-Defekte
-----------
Bezeichner {badmemory}
Globale Einstellungen
---------------------
Bezeichner {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
Startladeprogramm-Einstellungen
-------------------------------
Bezeichner {bootloadersettings}
inherit {globalsettings}
Hypervisoreinstellungen
-------------------
Bezeichner {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner {resumeloadersettings}
inherit {globalsettings}
Ger„teoptionen
--------------
Bezeichner {936bc32d-1507-11df-a0d0-001f16927a94}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\936bc32c-1507-11df-a0d0-001f16927a94\boot.sdi
Ger„teoptionen
--------------
Bezeichner {ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
description Ramdisk Device Options
ramdisksdidevice partition=D:
ramdisksdipath \X86\boot.sdi
==================== Memory info ===========================
Percentage of memory in use: 13%
Total physical RAM: 4090.84 MB
Available physical RAM: 3556.07 MB
Total Pagefile: 4089.11 MB
Available Pagefile: 3572.77 MB
Total Virtual: 2047.88 MB
Available Virtual: 1947.74 MB
==================== Drives ================================
Drive c: (ACER) (Fixed) (Total:288.32 GB) (Free:105.29 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (PQSERVICE) (Fixed) (Total:9.76 GB) (Free:1.95 GB) FAT32
Drive f: () (Removable) (Total:1.89 GB) (Free:0.48 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 005DDBAD)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=288 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 2 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=2 GB) - (Type=06)
LastRegBack: 2013-12-14 19:02
==================== End Of Log ============================
|
|
22.12.2013, 06:30
| #2 |
| /// the machine /// TB-Ausbilder    | Admin-Konto funktioniert nicht mehr Hi,
__________________hast Du konkret den Sperrbildschirm der Geld verlangt? Was genau passiert wenn Du ins Adminkonto willst?
__________________ |
|
22.12.2013, 17:37
| #3 |
| | Admin-Konto funktioniert nicht mehr Scheint doch nicht der GVU zu sein. Nachdem ich mich nochmal schlau gelesen habe, fällt die Option weg. Es ist also irgendetwas anderes.
__________________Wenn ich versuche auf das Administratorkonto zuzugreifen meldet mir Windows, dass dies nicht möglich ist. Versuche ich ein Update herunterzuladen und das Passwort des Administrators einzugeben, schlägt der Download fehl. Ich bin somit komplett von sämtlichen Downloads etc abgeschnitten. |
|
23.12.2013, 09:30
| #4 |
| /// the machine /// TB-Ausbilder | Admin-Konto funktioniert nicht mehr Kannst Du normal in Windows booten? Von Dort FRST ausführen?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.12.2013, 13:29
| #5 |
| | Admin-Konto funktioniert nicht mehr Ja, über ein anderes Konto lässt sich FRST durchführen FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-12-2013 02
Ran by Ann-Kathrin (ATTENTION: The logged in user is not administrator) on ANN-KATHRIN-PC on 23-12-2013 13:25:39
Running from E:\
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\Pac207\Monitor.exe
(Realtek Semiconductor Corp.) C:\Users\Ann-Kathrin\AppData\Local\Temp\RtkBtMnt.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(CyberLink) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
() C:\Program Files\AVG Secure Search\vprot.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1410344 2008-12-05] (Synaptics, Inc.)
HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\SkyTel.exe [1833504 2009-02-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6814240 2009-02-14] (Realtek Semiconductor)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [Monitor] - C:\Windows\PixArt\Pac207\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [LManager] - C:\Program Files\Launch Manager\LManager.exe [866824 2009-02-19] (Dritek System Inc.)
HKLM\...\Run: [FreePDF Assistant] - C:\Program Files\FreePDF_XP\fpassist.exe [385024 2009-09-05] (shbox.de)
HKLM\...\Run: [CLMLServer] - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [206120 2009-07-02] (CyberLink)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [BackupManagerTray] - C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [248576 2009-02-17] (NewTech Infosystems, Inc.)
HKLM\...\Run: [ArcadeDeluxeAgent] - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [156968 2009-09-17] (CyberLink Corp.)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe [707104 2009-02-19] (Acer Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [LifeCam] - C:\Program Files\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM\...\Run: [vProt] - C:\Program Files\AVG Secure Search\vprot.exe [2471448 2013-12-09] ()
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [QuickTime Plugin Install] - C:\Program Files\QuickTime\Plugins\DeleteMe1.exe [86016 2013-05-29] ()
HKLM\...\Run: [] - [x]
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Runonce: [MSPCLOCK] - rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
HKLM\...\Runonce: [MSPQM] - rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
HKLM\...\Runonce: [MSKSSRV] - rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
HKLM\...\Runonce: [MSTEE.CxTransform] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [MSTEE.Splitter] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [WDM_DRMKAUD] - rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [144384 2010-11-20] (Microsoft Corporation)
MountPoints2: E - E:\setup_vmc_lite.exe /checkApplicationPresence
MountPoints2: {656bfe0b-1638-11df-8098-001f16927a94} - E:\setup_vmc_lite.exe /checkApplicationPresence
MountPoints2: {656bfe13-1638-11df-8098-001f16927a94} - E:\setup_vmc_lite.exe /checkApplicationPresence
MountPoints2: {8783cfcb-cada-11df-86da-001f16927a94} - E:\setup_vmc_lite.exe /checkApplicationPresence
MountPoints2: {8783cfe6-cada-11df-86da-001f16927a94} - E:\setup_vmc_lite.exe /checkApplicationPresence
MountPoints2: {b7350ea8-d1ce-11e1-a8e4-001f16927a94} - F:\LaunchU3.exe -a
MountPoints2: {ea3296ca-caed-11df-8710-001f16927a94} - E:\setup_vmc_lite.exe /checkApplicationPresence
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0409&m=aspire_5738
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.au.dk/selfservice
URLSearchHook: HKCU - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
URLSearchHook: HKCU - (No Name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
SearchScopes: HKLM - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={06094468-3C1E-45C4-A747-E9E117B1E706}&mid=ba414ffbdb0c47d6b88fd15650769367-2978a9cd151fcffeef8f57c8adbdb2ce25018c8c&lang=de&ds=AVG&pr=fr&d=2012-10-03 17:40:16&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ATU3&o=15380&src=crm&q={searchTerms}&locale=&apn_ptnrs=UJ&apn_dtid=YYYYYYYYDE&apn_uid=1cea222f-8048-4d2c-b7a1-4602f8b64a6a&apn_sauid=AAD892EA-65BF-4F4A-82CC-94A06439A6D7
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={06094468-3C1E-45C4-A747-E9E117B1E706}&mid=ba414ffbdb0c47d6b88fd15650769367-2978a9cd151fcffeef8f57c8adbdb2ce25018c8c&lang=de&ds=AVG&pr=fr&d=2012-10-03 17:40:16&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {C69AD376-6853-4128-8FF5-749A25F21341} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ATU2&o=14670&src=kw&q={searchTerms}&locale=&apn_ptnrs=T8&apn_dtid=YYYYYYYYDE&apn_uid=4ab43afd-147c-4b56-bde7-9e2ad8143d98&apn_sauid=C7A06B2F-452D-4833-B152-23ACCE9F053B
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\17.2.0.38\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\17.2.0.38\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com)
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.2.0\ViProtocol.dll (AVG Secure Search)
Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - No File
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{C50B5E64-FEB9-43A5-8D7F-A5168348F856}: [NameServer]134.106.143.1
FireFox:
========
FF ProfilePath: C:\Users\Ann-Kathrin\AppData\Roaming\Mozilla\Firefox\Profiles\n00l8n49.default-1364659358220
FF Homepage: hxxp://www.hsv.de/news/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.2.0\\npsitesafety.dll (AVG Technologies)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\Ann-Kathrin\AppData\Roaming\Mozilla\Firefox\Profiles\n00l8n49.default-1364659358220\searchplugins\safesearch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF Extension: English (Australian) Dictionary - C:\Users\Ann-Kathrin\AppData\Roaming\Mozilla\Firefox\Profiles\n00l8n49.default-1364659358220\Extensions\en-AU@dictionaries.addons.mozilla.org
FF Extension: ProxTube - Unblock YouTube - C:\Users\Ann-Kathrin\AppData\Roaming\Mozilla\Firefox\Profiles\n00l8n49.default-1364659358220\Extensions\ich@maltegoetz.de
FF Extension: No Name - C:\Users\Ann-Kathrin\AppData\Roaming\Mozilla\Firefox\Profiles\n00l8n49.default-1364659358220\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: ICQ Toolbar - C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [ClickPotatoLite@ClickPotatoLite.com] - C:\Program Files\ClickPotatoLite\bin\10.0.668.0\firefox\extensions
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\17.2.0.38
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\17.2.0.38
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
========================== Services (Whitelisted) =================
S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [1025352 2011-07-26] ()
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [75048 2009-05-20] ()
R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [666144 2009-02-19] (Acer Incorporated)
R2 lmhosts; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [44800 2009-02-17] (NewTech Infosystems, Inc.)
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144632 2008-09-23] (NewTech Infosystems, Inc.)
R2 vToolbarUpdater17.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [1771544 2013-12-09] (AVG Secure Search)
==================== Drivers (Whitelisted) ====================
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120600 2013-11-05] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [209176 2013-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147768 2013-10-24] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22840 2013-09-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-11-12] (AVG Technologies)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S4 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [102912 2009-06-29] (Huawei Technologies Co., Ltd.)
R2 npf; C:\Windows\System32\drivers\npf.sys [50704 2009-11-16] (CACE Technologies, Inc.)
S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [507136 2006-12-05] (PixArt Imaging Inc.)
S3 lvpopflt; system32\DRIVERS\lvpopflt.sys [x]
S3 MEMSWEEP2; \??\C:\Windows\system32\BE01.tmp [x]
========================== Drivers MD5 =======================
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys F81BB7E487EDCEAB630A7EE66CF23913
C:\Windows\System32\DRIVERS\AGRSM.sys 7E10E3BB9B258AD8A9300F91214D67B9
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D320BF87125326F996D4904FE24300FC
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 46387FB17B086D16DEA267D5BE23A2F2
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\avgdiskx.sys 9C7C45DE9E167F6268D32D6D10133F7D
C:\Windows\System32\DRIVERS\avgidsdriverx.sys C66B17D93F94622293608C2FB91C5806
C:\Windows\System32\DRIVERS\avgidshx.sys 0C70FAB4B08DC1FF6612AA3F352CFCA9
C:\Windows\System32\DRIVERS\avgidsshimx.sys 4118A9D326A76D485713A36988102C3E
C:\Windows\System32\DRIVERS\avgldx86.sys 578ECC3D911897B2C5B760EDAF8ED6CA
C:\Windows\System32\DRIVERS\avglogx.sys BD1A440B9F126AFE52978A44952B0018
C:\Windows\System32\DRIVERS\avgmfx86.sys 7DC192EC714342E7C020C7CF42E394D8
C:\Windows\System32\DRIVERS\avgrkx86.sys E6322DF686CE1C59D7797FAEF0732454
C:\Windows\System32\DRIVERS\avgtdix.sys E98603F9D1F412F38ADF2F76053F9E5A
C:\Windows\system32\drivers\avgtpx86.sys 15ACA2AD17ACECA4814F249783E63AD3
C:\Windows\system32\DRIVERS\bxvbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 85449EEBE8F8EBD6481EFBF0F352B4EB
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CVirtA.sys B5ECADF7708960F1818C7FA015F4C239
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\DKbFltr.sys 73BAF270D24FE726B9CD7F80BB17A23D
C:\Windows\System32\DRIVERS\dne2000.sys B5AA5AA5AC327BD7C1AEC0C58F0C1144
C:\Windows\System32\DRIVERS\Dot4.sys B5E479EB83707DD698F66953E922042C
C:\Windows\System32\DRIVERS\Dot4Prt.sys CAEFD09B6A6249C53A67D55A9A9FCABF
C:\Windows\System32\DRIVERS\dot4usb.sys CF491FF38D62143203C065260567E2F7
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 71BC35067CABC02C9453AEAA42B2E43E
C:\Windows\system32\DRIVERS\evbdx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ewusbnet.sys 0F40E249E4DD0CE47C7CA19C5C8FB48A
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legitB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05
C:\Windows\System32\DRIVERS\fvevol.sys E306A24D9694C724FA2491278BF50FDB
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 185ADA973B5020655CEE342059A86CBB
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ewusbmdm.sys 92CA47DA32009CCC00A5ADED04ABBD78
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ewusbfake.sys 089085538885367E281686762A973EB5
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys 5CD5F9A5444E6CDCB0AC89BD62D8B76E
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHDA.sys B4FD14F7B231E358BEC6C71D1A6C2845
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\k57nd60x.sys EAC21E8014C7E6EE341AFFFB7E2BBD54
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys F286830298323272260332D6ABC905C1
C:\Windows\System32\Drivers\ksecpkg.sys D7C760D57B1656DD748B9E4AB6CB5A51
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lvrs.sys C4FD8055F421A8E6F49259A0BF59C40D
C:\Windows\System32\DRIVERS\lvuvc.sys BAB6DBA71DEFBC9D147AFC15CDC9563F
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 21F4B24ACFC79A483515BD986DD9043F
C:\Windows\System32\DRIVERS\mrxsmb.sys 5D16C921E3671636C0EBA3BBAAC5FD25
C:\Windows\System32\DRIVERS\mrxsmb10.sys 6D17A4791ACA19328C685D256349FEFC
C:\Windows\System32\DRIVERS\mrxsmb20.sys B81F204D146000BE76651A50670A5E9E
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\Drivers\nx6000.sys 7A0F9CBDBDB135113B9A3C138E20C85D
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 8C9C922D71F1CD4DEF73F186416B7896
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NETw5s32.sys EF51B405AD8ACAAE6F0231290D20F516
C:\Windows\System32\DRIVERS\netw5v32.sys 58218EC6B61B1169CF54AAB0D00F5FE2
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\drivers\ccdcmb.sys ==> MD5 is legit
C:\Windows\System32\drivers\ccdcmbo.sys ==> MD5 is legit
C:\Windows\System32\drivers\npf.sys B9730495E0CF674680121E34BD95A73B
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 5E43D2B0EE64123D4880DFA6626DEFDE
C:\Windows\System32\Drivers\NTIDrvr.sys 2757D2BA59AEE155209E24942AB127C9
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\drivers\nvhda32v.sys 77F9F9A199B87FE3F852E12F5419240B
C:\Windows\System32\DRIVERS\nvlddmkm.sys 9A55250A7EDC9EA12DC3495F5E9F8703
C:\Windows\system32\drivers\nvraid.sys B3E25EE28883877076E0E1FF877D02E0
C:\Windows\system32\drivers\nvstor.sys 4380E59A170D88C4F1022EFF6719A8A4
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\PFC027.SYS DCA942C0A19A0AD2ABCD9ACF94EB4B10
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B
C:\Windows\system32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 65375DF758CA1872AB7EBBBA457FD5E6
C:\Windows\System32\Drivers\RDPWD.sys F031683E6D1FEA157ABB2FF260B51E61
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTSTOR.SYS 9B09F336DE36A7A6CA871DE8A7847B65
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys E4C2764065D66EA1D2D3EBC28FE99C46
C:\Windows\System32\DRIVERS\srv2.sys 03F0545BD8D4C77FA0AE1CEEDFCC71AB
C:\Windows\System32\DRIVERS\srvnet.sys BE6BD660CAA6F291AE06A718A4FA8ABC
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serscan.sys EDB05BD63148796F23EA78506404A538
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys AEE6E411A915F50101895BA8DC5C15D4
C:\Windows\System32\drivers\tcpip.sys CA59F7C570AF70BC174F477CFE2D9EE3
C:\Windows\System32\DRIVERS\tcpip.sys CA59F7C570AF70BC174F477CFE2D9EE3
C:\Windows\System32\drivers\tcpipreg.sys 3EEBD3BD93DA46A26E89893C7AB2FF3B
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys B37B08F2E5EEB1A37E448E09BACE1101
C:\Windows\System32\drivers\tsusbflt.sys C6A5FBD4977305E1FA23E02C042DB463
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\Drivers\UBHelper.sys F763E070843EE2803DE1395002B42938
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbser_lowerflt.sys 7062ED67A10F1C83B2AB951736E24F11
C:\Windows\System32\Drivers\usbaapl.sys 6E421CCC57059B0186C6259CA3B6DFC9
C:\Windows\System32\drivers\usbaudio.sys A1977C315BF5691DA99235AA4A6907AF
C:\Windows\System32\DRIVERS\usbccgp.sys 71D97F1A3CC47A56728F7A400A3F8295
C:\Windows\system32\drivers\usbcir.sys 2352AB5F9F8F097BF9D41D5A4718A041
C:\Windows\System32\DRIVERS\usbehci.sys C4FB8E7ADEA9B5CEEA885A1B504B7E40
C:\Windows\System32\DRIVERS\usbhub.sys 86AA95ACB611001E26CD2C0145F2225A
C:\Windows\system32\drivers\usbohci.sys DCDF9855145A14DFCA0AB32308871961
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbscan.sys FC6B21DB4B5B398AB93DBE59CBF11036
C:\Windows\system32\drivers\usbser.sys 007C0C8D5B01D82ACEB70431D15083F6
C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys B76D8039F5B595C4CA551B3D5DD15A98
C:\Windows\System32\DRIVERS\USBSTOR.SYS F991AB9CC6B908DB552166768176896A
C:\Windows\System32\DRIVERS\usbuhci.sys 8E51D04175BAA14C4F79AA5F6D248770
C:\Windows\System32\Drivers\usbvideo.sys DE014425522610BEDCA3821BB8C0F1D5
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viac7.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys 7090D3436EEB4E7DA3373090A23448F7
C:\Windows\System32\DRIVERS\vwifimp.sys A3F04CBEA6C2A10E6CB01F8B47611882
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys A67E5F9A400F3BD1BE3D80613B45F708
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-23 13:25 - 2013-12-23 13:25 - 00000000 ____D C:\FRST
2013-12-23 13:24 - 2013-12-23 13:24 - 01061231 _____ (Farbar) C:\Users\Ann-Kathrin\Downloads\FRST.exe
2013-12-22 19:01 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-22 19:01 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-22 19:01 - 2013-11-26 10:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-22 19:01 - 2013-11-26 09:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-22 19:01 - 2013-11-26 09:52 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-22 19:01 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-22 19:01 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-22 19:01 - 2013-11-26 09:36 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-22 19:01 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-22 19:01 - 2013-11-26 09:29 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-22 19:01 - 2013-11-26 09:29 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-22 19:01 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-22 19:01 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-22 19:01 - 2013-11-26 09:13 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-22 19:01 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-22 19:01 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-22 19:01 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-22 19:01 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-22 19:01 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-22 17:33 - 2013-12-22 17:33 - 00915368 _____ (Oracle Corporation) C:\Users\Ann-Kathrin\Downloads\jre-7u45-windows-i586-iftw.exe
2013-12-21 21:34 - 2013-12-21 22:00 - 00189824 _____ C:\Windows\system32\avgrep.txt
2013-12-21 16:42 - 2013-12-21 16:42 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-21 16:42 - 2013-12-21 16:42 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-21 16:42 - 2013-12-21 16:42 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-21 16:42 - 2013-12-21 16:42 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-21 16:42 - 2013-12-21 16:42 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-21 16:42 - 2013-12-21 16:42 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-21 16:42 - 2013-12-21 16:42 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-21 16:42 - 2013-12-21 16:42 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-21 16:42 - 2013-12-21 16:42 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-21 16:42 - 2013-12-21 16:42 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-21 14:18 - 2013-09-04 02:15 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-12-21 14:18 - 2013-09-04 02:14 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-12-21 14:18 - 2013-09-04 02:14 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-12-21 14:18 - 2013-09-04 02:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-12-21 14:18 - 2013-09-04 02:14 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-12-21 14:18 - 2013-09-04 02:14 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-12-21 14:18 - 2013-09-04 02:14 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-12-21 14:07 - 2013-12-21 14:07 - 00000000 ____D C:\Windows\system32\%LOCALAPPDATA%
2013-12-14 20:32 - 2013-12-21 16:48 - 00062096 _____ C:\Windows\IE11_main.log
2013-12-12 13:33 - 2013-12-12 13:34 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-11 20:50 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-11 20:50 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-11 18:25 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-11 18:25 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 18:25 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-11 18:25 - 2013-10-30 02:27 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 18:25 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 18:25 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 18:25 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 18:25 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 18:25 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 18:25 - 2013-10-04 02:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 18:25 - 2013-10-04 02:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
==================== One Month Modified Files and Folders =======
2013-12-23 13:27 - 2010-01-20 15:11 - 00000394 ____H C:\Windows\Tasks\User_Feed_Synchronization-{EFA8C12A-6759-475D-9B69-8FEEA216EC80}.job
2013-12-23 13:25 - 2013-12-23 13:25 - 00000000 ____D C:\FRST
2013-12-23 13:24 - 2013-12-23 13:24 - 01061231 _____ (Farbar) C:\Users\Ann-Kathrin\Downloads\FRST.exe
2013-12-23 13:20 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2013-12-23 13:15 - 2012-04-10 18:57 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-23 13:01 - 2012-12-28 12:10 - 00000268 _____ C:\Windows\Tasks\HP Photo Creations Messager.job
2013-12-23 12:43 - 2013-05-18 10:55 - 00000000 ____D C:\Users\Ann-Kathrin\AppData\Local\CrashDumps
2013-12-23 12:40 - 2010-02-09 00:06 - 01942553 _____ C:\Windows\WindowsUpdate.log
2013-12-23 12:39 - 2010-10-31 13:29 - 00000000 ____D C:\ProgramData\MFAData
2013-12-23 12:38 - 2010-02-08 23:08 - 00010048 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-23 12:38 - 2010-02-08 23:08 - 00010048 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-23 12:32 - 2013-06-10 07:24 - 05184478 _____ C:\Windows\setupact.log
2013-12-23 12:32 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-22 17:33 - 2013-12-22 17:33 - 00915368 _____ (Oracle Corporation) C:\Users\Ann-Kathrin\Downloads\jre-7u45-windows-i586-iftw.exe
2013-12-22 09:10 - 2010-02-09 00:19 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-21 22:00 - 2013-12-21 21:34 - 00189824 _____ C:\Windows\system32\avgrep.txt
2013-12-21 21:08 - 2009-07-14 03:37 - 00000000 ___RD C:\Users\Public
2013-12-21 18:15 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-12-21 17:07 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-12-21 16:48 - 2013-12-14 20:32 - 00062096 _____ C:\Windows\IE11_main.log
2013-12-21 16:42 - 2013-12-21 16:42 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-21 16:42 - 2013-12-21 16:42 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-21 16:42 - 2013-12-21 16:42 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-21 16:42 - 2013-12-21 16:42 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-21 16:42 - 2013-12-21 16:42 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-21 16:42 - 2013-12-21 16:42 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-21 16:42 - 2013-12-21 16:42 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-21 16:42 - 2013-12-21 16:42 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-21 16:42 - 2013-12-21 16:42 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-21 16:42 - 2013-12-21 16:42 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-21 16:42 - 2013-12-21 16:42 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-21 16:28 - 2009-07-14 05:53 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-21 16:23 - 2013-07-05 16:31 - 00086264 _____ C:\Windows\PFRO.log
2013-12-21 14:07 - 2013-12-21 14:07 - 00000000 ____D C:\Windows\system32\%LOCALAPPDATA%
2013-12-18 10:07 - 2010-06-26 15:42 - 00000000 ____D C:\Users\Ann-Kathrin\AppData\Roaming\HpUpdate
2013-12-13 08:45 - 2012-04-26 10:23 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-12 13:34 - 2013-12-12 13:33 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-12 12:12 - 2013-05-27 07:25 - 00421624 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-11 20:56 - 2009-03-12 04:11 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-11 20:54 - 2013-08-14 21:40 - 00000000 ____D C:\Windows\system32\MRT
2013-12-11 20:51 - 2010-02-10 11:57 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-11 18:15 - 2012-04-10 18:57 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-11 18:15 - 2011-05-18 07:33 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-09 13:53 - 2009-06-10 20:00 - 00000000 ____D C:\Users\Ann-Kathrin\AppData\Roaming\Skype
2013-12-09 10:06 - 2013-06-27 11:49 - 00003728 _____ C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2013-12-09 10:06 - 2011-11-08 22:43 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2013-12-09 10:05 - 2012-10-03 16:40 - 00000000 ____D C:\Program Files\AVG Secure Search
2013-12-09 10:05 - 2011-12-29 14:15 - 00000000 ____D C:\ProgramData\AVG Secure Search
2013-11-30 21:34 - 2009-10-23 16:17 - 00000000 ____D C:\Users\Ann-Kathrin\AppData\Local\FreePDF_XP
2013-11-30 21:33 - 2013-06-30 11:29 - 00001080 _____ C:\fpRedmon.log
2013-11-29 14:26 - 2009-07-02 21:10 - 00000000 ___RD C:\Program Files\Skype
2013-11-29 14:26 - 2009-06-10 19:59 - 00000000 ____D C:\ProgramData\Skype
2013-11-26 17:30 - 2010-02-08 23:12 - 00000000 ____D C:\Users\Ann-Kathrin
2013-11-26 11:11 - 2013-12-22 19:01 - 17112576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-26 10:23 - 2013-12-22 19:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-26 10:22 - 2013-12-22 19:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-26 09:53 - 2013-12-22 19:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-26 09:52 - 2013-12-22 19:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-26 09:38 - 2013-12-22 19:01 - 02166784 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-26 09:38 - 2013-12-22 19:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-26 09:36 - 2013-12-22 19:01 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-26 09:32 - 2013-12-22 19:01 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-26 09:29 - 2013-12-22 19:01 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-26 09:29 - 2013-12-22 19:01 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-26 09:28 - 2013-12-22 19:01 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-26 09:16 - 2013-12-22 19:01 - 04243968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-26 09:13 - 2013-12-22 19:01 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-26 08:32 - 2013-12-22 19:01 - 01928192 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-26 08:26 - 2013-12-22 19:01 - 11221504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-26 07:34 - 2013-12-22 19:01 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-26 07:33 - 2013-12-22 19:01 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-26 07:27 - 2013-12-22 19:01 - 01157632 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-23 19:26 - 2013-12-11 18:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
Some content of TEMP:
====================
C:\Users\Ann-Kathrin\AppData\Local\Temp\7383E141.dll
C:\Users\Ann-Kathrin\AppData\Local\Temp\7387744C.dll
C:\Users\Ann-Kathrin\AppData\Local\Temp\Checkupdate.exe
C:\Users\Ann-Kathrin\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Ann-Kathrin\AppData\Local\Temp\gcapi_dll.dll
C:\Users\Ann-Kathrin\AppData\Local\Temp\gtapi_signed.dll
C:\Users\Ann-Kathrin\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\Ann-Kathrin\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== BCD ================================
Der Speicher fr die Startkonfigurationsdaten konnte nicht ge”ffnet werden.
Zugriff verweigert
==================== End Of Log ============================
|
|
24.12.2013, 10:29
| #6 |
| /// the machine /// TB-Ausbilder | Admin-Konto funktioniert nicht mehr Hast Du auch noch ein anderes Konto mit Adminrechten? Wenn nein versuche bitte eines anzulegen.
__________________ --> Admin-Konto funktioniert nicht mehr |
|
25.12.2013, 14:42
| #7 |
| | Admin-Konto funktioniert nicht mehr Nein, habe ich nicht. Und wenn ich versuche ein neues anzulegen, bzw. ein anderes zu ändern, passiert rein gar nichts. Schöne Weihnachten wünsche ich dir auf diesem Wege! |
|
26.12.2013, 14:22
| #8 |
| /// the machine /// TB-Ausbilder | Admin-Konto funktioniert nicht mehr Downloade dir bitte Windows Repair (All In One) von hier.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
27.12.2013, 14:43
| #9 |
| | Admin-Konto funktioniert nicht mehr Das geht leider wieder nicht, da ich zur Installation mein Administratorpasswort benötige  |
|
28.12.2013, 12:44
| #10 |
| /// the machine /// TB-Ausbilder | Admin-Konto funktioniert nicht mehr Dann sind wir leider am Ende mit dem Latein. Daten sichern und neu aufsetzen, sonst wird das nix.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.12.2013, 08:57
| #11 |
| | Admin-Konto funktioniert nicht mehr Ich hatte es befürchtet. Vielen Dank! Wie schaffe ich es denn eigentlich meine Daten zu säubern um mir nicht gleich den ganzen PC wieder zu infizieren. Meine Sicherungskopie ist ja sicherlich auch betroffen |
|
30.12.2013, 04:06
| #12 |
| /// the machine /// TB-Ausbilder | Admin-Konto funktioniert nicht mehr Nee, solange da kein FileInfector ist (hier nicht der Fall) sind normale, nicht ausführbare Daten safe 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Admin-Konto funktioniert nicht mehr |
| adobe, association, avg, avg security toolbar, bootmgr, dll, explorer, explorer.exe, funktioniert nicht mehr, home, i8042prt.sys, launch, logfile, microsoft, monitor, monitor.exe, mozilla, problem, realtek, registry, rundll, scan, secure, secure search, security, services.exe, svchost.exe, system, temp, trojaner / windows7 / administrator konto zugriff, usbvideo.sys, virus, vtoolbarupdater, windows xp, winlogon.exe |
Linear-Darstellung
