![]() |
|
Plagegeister aller Art und deren Bekämpfung: JS/Ransom-ABJ TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() | #1 |
| ![]() JS/Ransom-ABJ Trojaner Hoi zäme Ich hoffe Ihr könnt mir helfen mit einem Trojaner, welchen ich mir eingefangen habe und welcher mich aus dem System aussperrt. Ich bin zufällig beim stöbern heute über euer Board gestossen und bin sehr beeindruckt von eurer Unterstüzung in den vielen Beiträgen bzgl.Trojaner und anderen Schädlingen. Nach meiner Meinung habe ich mir einen GVU Trojaner eingefangen. Dieser sperrt den Bildschirm und will einen Geldbetrag für das Entsperren innerhalb 72h. Der PC lässt sich noch im abgesicherten Modus, mit Netzwerktreiber und Eingabeaufforderung starten. Ich habe schon mehrer Versuche unternommen diesem Trojaner vom System zu entfernen, jedoch waren bisher meine Versuche ziemlich erfolglos. Vorweg hatte ich mit einzelnen Male Säuberungsprogrammen versucht diesen Sperrbildschirm wegzu bekommen. Der auf dem System installierte Virenscanner von MC Afee hatte folgenden Trojaner erkannt und angezeigt: dzvoir.js; Speicherort C:\PROGRA~3; Endeckte Bedrohungen JS/Ransom-ABJ (Trojaner) und dzvoir.js; Speicherort C:\ProgramData; Endeckte Bedrohungen JS/Ransom-ABJ (Trojaner) Bin im Board auf ein ähnliches Thema gestossen und habe als erstes den Scan mit Farbars im abgesicherten Modus durchgeführt. Danke euch vorab für eure Unterstüzung und Hilfe. knax Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2013 Ran by SYSTEM on 04-05-2013 00:14:36 Running from R:\ Windows 7 Professional (X64) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log. ATTENTION!:=====> THE OPERATING SYSTEM IS A X86 SYSTEM BUT THE BOOT DISK THAT IS USED TO BOOT TO RECOVERY ENVIRONMENT IS A X64 SYSTEM DISK. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Ocs_SM] C:\Users\****\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [106496 2011-08-31] (OCS) HKLM\...\Run: [EvtMgr6] C:\Programme (neu)\Logitech\SetPointP\SetPoint.exe /launchGaming [1744152 2011-10-07] (Logitech, Inc.) HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12503184 2012-06-11] (Realtek Semiconductor) HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKLM-x32\...\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe [43608 2010-09-07] () HKLM-x32\...\Run: [CLMLServer] "C:\Programme (neu)\Cyberlink BD Solution\Power2Go\CLMLSvc.exe" [103720 2009-11-02] (CyberLink) HKLM-x32\...\Run: [UpdatePSTShortCut] "C:\Programme (neu)\Cyberlink BD Solution\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Programme (neu)\Cyberlink BD Solution\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [222504 2010-01-05] (CyberLink Corp.) HKLM-x32\...\Run: [LWS] C:\Programme (neu)\Logitech\Webcam\LWS\Webcam Software\LWS.exe -hide [205336 2011-08-12] (Logitech Inc.) HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [BCSSync] "C:\Programme (neu)\MS Office 2010 Professional\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [106496 2009-10-21] (NEC Electronics Corporation) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.) HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1534504 2013-01-14] (McAfee, Inc.) HKLM-x32\...\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" [197288 2011-11-15] (Lavasoft) HKLM-x32\...\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [375000 2009-10-15] (DeviceVM, Inc.) HKU\HNPC1\...\Run: [HP Photosmart 6520 series (NET)] "C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN29A1618V05TZ:NW" -scfn "HP Photosmart 6520 series (NET)" -AutoStart 1 [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\HNPC1\...\Run: [] [x] HKU\HNPC1\...\Run: [ctfmon.exe] C:\PROGRA~3\rundll32.exe C:\PROGRA~3\riovzd.dat,FG00 [159744 2013-05-03] () Startup: C:ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\HNPC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk ShortcutTarget: msconfig.lnk -> C:\PROGRA~3\riovzd.dat () Startup: C:\Users\HNPC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Photosmart 6520 series (Netzwerk).lnk SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation) SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - No File ==================== Services (Whitelisted) ================= S3 FastUserSwitchingCompatibility; C:\Windows\System32\shsvcs.dll [370688 2010-11-20] (Microsoft Corporation) S3 FastUserSwitchingCompatibility; C:\Windows\SysWow64\shsvcs.dll [328192 2010-11-20] (Microsoft Corporation) S3 Nla; C:\Windows\System32\mswsock.dll [326144 2010-11-20] (Microsoft Corporation) S3 Nla; C:\Windows\SysWow64\mswsock.dll [232448 2010-11-20] (Microsoft Corporation) S3 NtLmSsp; C:\Windows\system32\lsass.exe [31232 2011-11-17] (Microsoft Corporation) S2 PlugPlay; C:\Windows\system32\services.exe [328704 2009-07-14] (Microsoft Corporation) S3 PolicyAgent; C:\Windows\system32\lsass.exe [31232 2011-11-17] (Microsoft Corporation) S3 Wmi; C:\Windows\System32\advapi32.dll [877056 2009-07-14] (Microsoft Corporation) S3 Wmi; C:\Windows\SysWow64\advapi32.dll [640512 2010-11-20] (Microsoft Corporation) S3 Adobe LM Service; "G:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe" [x] S4 Alerter; %SystemRoot%\system32\alrsvc.dll [x] S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x] S2 BITS; G:\WINDOWS\system32\qmgr.dll [x] S4 CiSvc; %SystemRoot%\system32\cisvc.exe [x] S4 ClipSrv; %SystemRoot%\system32\clipsrv.exe [x] S3 clr_optimization_v2.0.50727_32; G:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [x] S3 COMSysApp; G:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} [x] S3 dmadmin; %SystemRoot%\System32\dmadmin.exe /com [x] S2 dmserver; %SystemRoot%\System32\dmserver.dll [x] S2 ERSvc; %SystemRoot%\System32\ersvc.dll [x] S2 Eventlog; [x] S3 EventSystem; G:\WINDOWS\system32\es.dll [x] S3 FontCache3.0.0.0; G:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [x] S2 gupdate; "G:\Programme\Google\Update\GoogleUpdate.exe" /svc [x] S2 helpsvc; %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll [x] S3 HTTPFilter; %SystemRoot%\System32\w3ssl.dll [x] S3 idsvc; "G:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [x] S3 ImapiService; G:\WINDOWS\system32\imapi.exe [x] S3 JavaQuickStarterService; "G:\Programme\Java\jre6\bin\jqs.exe" -service -config "G:\Programme\Java\jre6\lib\deploy\jqs\jqs.conf" [x] S2 LVPrcSrv; "G:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcSrv.exe" [x] S2 MDM; "G:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe" [x] S4 Messenger; %SystemRoot%\System32\msgsvc.dll [x] S3 mnmsrvc; G:\WINDOWS\system32\mnmsrvc.exe [x] S3 MSDTC; G:\WINDOWS\system32\msdtc.exe [x] S3 MSIServer; G:\WINDOWS\system32\msiexec.exe /V [x] S4 NetDDE; %SystemRoot%\system32\netdde.exe [x] S4 NetDDEdsdm; %SystemRoot%\system32\netdde.exe [x] S4 NetTcpPortSharing; "G:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [x] S3 NtmsSvc; %SystemRoot%\system32\ntmssvc.dll [x] S2 NVSvc; %SystemRoot%\system32\nvsvc32.exe [x] S3 RDSessMgr; G:\WINDOWS\system32\sessmgr.exe [x] S3 RSVP; %SystemRoot%\system32\rsvp.exe [x] S3 SCardSvr; %SystemRoot%\System32\SCardSvr.exe [x] S2 srservice; G:\WINDOWS\system32\srsvc.dll [x] S3 SwPrv; G:\WINDOWS\system32\dllhost.exe /Processid:{B83E1EC8-722E-46A8-B7E8-62813374A376} [x] S3 SysmonLog; %SystemRoot%\system32\smlogsvc.exe [x] S4 TlntSvr; G:\WINDOWS\system32\tlntsvr.exe [x] S3 TuneUp.Defrag; C:\TuneUP2010\TuneUpDefragService.exe [x] S2 TuneUp.UtilitiesSvc; "C:\TuneUP2010\TuneUpUtilitiesService32.exe" [x] S3 UPS; %SystemRoot%\System32\ups.exe [x] S3 W32Time; G:\WINDOWS\system32\w32time.dll [x] S3 WmdmPmSN; G:\WINDOWS\system32\MsPMSNSv.dll [x] S3 WmiApSrv; G:\WINDOWS\system32\wbem\wmiapsrv.exe [x] S3 WMPNetworkSvc; "G:\Programme\Windows Media Player\WMPNetwk.exe" [x] S2 wuauserv; G:\WINDOWS\system32\wuauserv.dll [x] S2 WZCSVC; %SystemRoot%\System32\wzcsvc.dll [x] S3 xmlprov; %SystemRoot%\System32\xmlprov.dll [x] ==================== Drivers (Whitelisted) ==================== S4 Abiosdsk; No ImagePath S4 abp480n5; No ImagePath S4 ACPIEC; No ImagePath S4 adpu160m; No ImagePath S3 aec; system32\drivers\aec.sys [x] S4 Aha154x; No ImagePath S4 aic78u2; No ImagePath S4 aic78xx; No ImagePath S4 amsint; No ImagePath S3 Arp1394; system32\DRIVERS\arp1394.sys [x] S4 asc; No ImagePath S4 asc3350p; No ImagePath S4 asc3550; No ImagePath S4 Atdisk; No ImagePath S3 ati2mtag; system32\DRIVERS\ati2mtag.sys [x] S3 Atmarpc; system32\DRIVERS\atmarpc.sys [x] S3 audstub; system32\DRIVERS\audstub.sys [x] S4 cbidf2k; No ImagePath S3 CCDECODE; system32\DRIVERS\CCDECODE.sys [x] S4 cd20xrnt; No ImagePath S1 Cdaudio; No ImagePath S1 Changer; No ImagePath S3 cmuda; system32\drivers\cmuda.sys [x] S4 Cpqarray; No ImagePath S4 dac2w2k; No ImagePath S4 dac960nt; No ImagePath S4 dmboot; System32\drivers\dmboot.sys [x] S0 dmio; System32\drivers\dmio.sys [x] S0 dmload; System32\drivers\dmload.sys [x] S3 DMusic; system32\drivers\DMusic.sys [x] S4 dpti2o; No ImagePath S3 FilterService; system32\DRIVERS\lvuvcflt.sys [x] S1 Fips; No ImagePath S0 Ftdisk; system32\DRIVERS\ftdisk.sys [x] S3 gameenum; system32\DRIVERS\gameenum.sys [x] S3 Gpc; system32\DRIVERS\msgpc.sys [x] S4 hpn; No ImagePath S1 i2omgmt; No ImagePath S4 i2omp; No ImagePath S1 Imapi; system32\DRIVERS\imapi.sys [x] S4 ini910u; No ImagePath S3 Ip6Fw; system32\DRIVERS\Ip6Fw.sys [x] S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S1 IPSec; system32\DRIVERS\ipsec.sys [x] S3 kmixer; system32\drivers\kmixer.sys [x] S1 lbrtfdc; No ImagePath S3 LVMVDrv; system32\DRIVERS\LVMVDrv.sys [x] S3 lvpopflt; system32\DRIVERS\lvpopflt.sys [x] S3 LVPr2Mon; system32\DRIVERS\LVPr2Mon.sys [x] S3 LVUSBSta; system32\drivers\LVUSBSta.sys [x] S3 LVUVC; system32\DRIVERS\lvuvc.sys [x] S1 mnmdd; No ImagePath S4 mraid35x; No ImagePath S3 ms_mpu401; system32\drivers\msmpu401.sys [x] S3 NABTSFEC; system32\DRIVERS\NABTSFEC.sys [x] S3 NdisIP; system32\DRIVERS\NdisIP.sys [x] S3 NIC1394; system32\DRIVERS\nic1394.sys [x] S3 nv; system32\DRIVERS\nv4_mini.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] S2 ParVdm; No ImagePath S1 PCIDump; No ImagePath S3 PDCOMP; No ImagePath S3 PDFRAME; No ImagePath S3 PDRELI; No ImagePath S3 PDRFRAME; No ImagePath S4 perc2; No ImagePath S4 perc2hib; No ImagePath S3 PSched; system32\DRIVERS\psched.sys [x] S3 Ptilink; system32\DRIVERS\ptilink.sys [x] S0 PxHelp20; System32\Drivers\PxHelp20.sys [x] S4 ql1080; No ImagePath S4 Ql10wnt; No ImagePath S4 ql12160; No ImagePath S4 ql1240; No ImagePath S4 ql1280; No ImagePath S3 Raspti; system32\DRIVERS\raspti.sys [x] S1 redbook; system32\DRIVERS\redbook.sys [x] S4 Simbad; No ImagePath S3 SISNIC; system32\DRIVERS\sisnic.sys [x] S3 SLIP; system32\DRIVERS\SLIP.sys [x] S3 SONYPVU1; system32\DRIVERS\SONYPVU1.SYS [x] S4 Sparrow; No ImagePath S3 splitter; system32\drivers\splitter.sys [x] S0 sr; system32\DRIVERS\sr.sys [x] S3 streamip; system32\DRIVERS\StreamIP.sys [x] S3 swmidi; system32\drivers\swmidi.sys [x] S4 symc810; No ImagePath S4 symc8xx; No ImagePath S4 sym_hi; No ImagePath S4 sym_u3; No ImagePath S3 sysaudio; system32\drivers\sysaudio.sys [x] S4 TosIde; No ImagePath S3 TuneUpUtilitiesDrv; \??\C:\TuneUP2010\TuneUpUtilitiesDriver32.sys [x] S4 ultra; No ImagePath S3 Update; system32\DRIVERS\update.sys [x] S3 usbscan; system32\DRIVERS\usbscan.sys [x] S3 WDICA; No ImagePath S3 wdmaud; system32\drivers\wdmaud.sys [x] S1 WS2IFSL; S3 WSTCODEC; system32\DRIVERS\WSTCODEC.SYS [x] ========================== Drivers MD5 ======================= C:\Windows\System32\DRIVERS\ACPI.sys ==> MD5 is legit C:\Windows\System32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825 C:\Windows\System32\Drivers\AliIde.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\atapi.sys ==> MD5 is legit C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit C:\Windows\System32\Drivers\Cdfs.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit C:\Windows\System32\Drivers\CmdIde.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit C:\Windows\System32\Drivers\Fastfat.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\flpydisk.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\fltMgr.sys ==> MD5 is legit C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit C:\Windows\System32\Drivers\HTTP.sys ==> MD5 is legit C:\Windows\System32\Drivers\i8042prt.sys ==> MD5 is legit C:\Windows\System32\Drivers\IntelIde.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ipnat.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\irenum.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\isapnp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit C:\Windows\System32\Drivers\KSecDD.sys 97A7070AEA4C058B6418519E869A63B4 C:\Windows\System32\DRIVERS\LHidFilt.Sys 241F2648ADF090E2A10095BD6D6F5DCB C:\Windows\System32\DRIVERS\LMouFilt.Sys 342ED5A4B3326014438F36D22D803737 C:\Windows\System32\Drivers\Modem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit C:\Windows\System32\Drivers\MountMgr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mrxdav.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit C:\Windows\System32\Drivers\Mup.sys ==> MD5 is legit C:\Windows\System32\Drivers\NDIS.sys 760E38053BF56E501D562B70AD796B88 C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0 C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ohci1394.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit C:\Windows\System32\Drivers\PartMgr.sys E9766131EEADE40A27DC27D2D68FBA9C C:\Windows\System32\DRIVERS\pci.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pciide.sys ==> MD5 is legit C:\Windows\System32\Drivers\Pcmcia.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdpdr.sys ==> MD5 is legit C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A C:\Windows\System32\DRIVERS\secdrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit C:\Windows\System32\Drivers\Sfloppy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\tcpip.sys B62A953F2BF3922C8764A29C34A22899 C:\Windows\System32\Drivers\TDPIPE.sys ==> MD5 is legit C:\Windows\System32\Drivers\TDTCP.sys 51C5ECEB1CDEE2468A1748BE550CFBC8 C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\uagp35.sys ==> MD5 is legit C:\Windows\System32\Drivers\Udfs.sys ==> MD5 is legit C:\Windows\System32\drivers\usbaudio.sys 82E8F44688E6FAC57B5B7C6FC7ADBC2A C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C C:\Windows\System32\DRIVERS\usbehci.sys C025055FE7B87701EB042095DF1A2D7B C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24 C:\Windows\System32\DRIVERS\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31 C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6 C:\Windows\System32\drivers\vga.sys ==> MD5 is legit C:\Windows\System32\Drivers\ViaIde.sys ==> MD5 is legit C:\Windows\System32\Drivers\VolSnap.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4 C:\Windows\System32\DRIVERS\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F C:\Windows\System32\DRIVERS\wudfrd.sys DDA4CAF29D8C0A297F886BFE561E6659 ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-05-04 00:14 - 2013-05-04 00:14 - 00000000 ____D C:\FRST 2013-05-03 22:31 - 2013-05-03 22:31 - 03795288 ____A (McAfee, Inc.) C:\Users\HNPC1\Desktop\SecurityScan_Release.exe 2013-05-03 22:31 - 2013-05-03 22:31 - 00002160 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2013-05-03 22:31 - 2013-05-03 22:31 - 00000000 ____D C:ProgramData\McAfee Security Scan 2013-05-03 22:31 - 2013-05-03 22:31 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan 2013-05-03 22:20 - 2013-05-03 22:20 - 00044544 ____A (Microsoft Corporation) C:ProgramData\rundll32.exe 2013-05-03 21:49 - 2013-05-03 21:49 - 00001130 ____A C:\Users\Public\Desktop\FileASSASSIN.lnk 2013-05-03 21:41 - 2013-05-03 21:41 - 00000000 ____D C:\Users\HNPC1\AppData\Roaming\Malwarebytes 2013-05-03 21:40 - 2013-05-03 21:40 - 00001025 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-05-03 21:40 - 2013-05-03 21:40 - 00000000 ____D C:ProgramData\Malwarebytes 2013-05-03 21:40 - 2013-04-04 13:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2013-05-03 21:39 - 2013-05-03 21:39 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\HNPC1\Desktop\mbam-setup-1.75.0.1300.exe 2013-05-03 21:18 - 2013-05-03 21:36 - 00000000 ____D C:\Windows\6B6C4C461B7E4A419E70ACFBB22B1D81.TMP 2013-05-03 21:18 - 2013-05-03 21:18 - 00000000 ____D C:\Program Files\Enigma Software Group 2013-05-03 21:17 - 2013-05-03 21:17 - 00726464 ____A (Enigma Software Group USA, LLC.) C:\Users\HNPC1\Desktop\SpyHunter-Installer.exe 2013-05-03 21:14 - 2013-05-03 21:36 - 00000000 ____D C:ProgramData\SpeedyPC Software 2013-05-03 21:14 - 2013-05-03 21:14 - 00000000 ____D C:\Users\HNPC1\AppData\Roaming\SpeedyPC Software 2013-05-03 21:14 - 2013-05-03 21:14 - 00000000 ____D C:\Users\HNPC1\AppData\Roaming\DriverCure 2013-05-03 21:12 - 2013-05-03 21:13 - 05706680 ____A (SpeedyPC Software) C:\Users\HNPC1\Desktop\SpeedyPC Pro Installer.exe 2013-05-03 21:12 - 2013-05-03 21:12 - 00001205 ____A C:\Users\HNPC1\Desktop\FixNCR.reg 2013-05-03 20:50 - 2013-05-03 20:50 - 00013453 ____A C:\AdwCleaner[R1].txt 2013-05-03 20:49 - 2013-05-03 20:49 - 00628743 ____A C:\Users\HNPC1\Desktop\adwcleaner.exe 2013-05-03 20:48 - 2013-05-03 20:48 - 00684480 ____A C:\Users\HNPC1\Desktop\DownloadManagerSetup(1).exe 2013-05-03 20:47 - 2013-05-03 20:47 - 00684480 ____A C:\Users\HNPC1\Desktop\DownloadManagerSetup.exe 2013-05-03 20:47 - 2013-05-03 20:47 - 00001120 ____A C:\Users\HNPC1\Desktop\Continue Mipony Download Manager Installation.lnk 2013-05-03 19:28 - 2013-05-03 19:28 - 00002635 ____A C:ProgramData\dzvoir.js 2013-05-03 13:44 - 2013-05-03 23:08 - 95023320 ___AT C:ProgramData\dzvoir.pad 2013-05-03 13:44 - 2013-05-03 23:08 - 00000000 ____A C:ProgramData\as98213.txt 2013-05-03 13:44 - 2013-05-03 13:44 - 00159744 ____A C:ProgramData\riovzd.dat 2013-05-03 13:44 - 2013-05-03 13:44 - 00000152 ____A C:ProgramData\dzvoir.reg 2013-05-03 13:44 - 2013-05-03 13:44 - 00000056 ____A C:ProgramData\dzvoir.bat 2013-05-03 13:31 - 2013-05-03 21:43 - 00000000 ____D C:\Users\HNPC1\AppData\Roaming\WinHost 2013-04-30 19:45 - 2013-04-30 19:45 - 00000000 ____D C:\Users\HNPC1\Documents\CyberLink 2013-04-27 16:16 - 2013-04-27 16:16 - 01769674 ____A C:\Users\HNPC1\Desktop\5012413_20130427_1716_13_attachments.zip 2013-04-27 16:16 - 2013-04-27 16:16 - 00061627 ____A C:\Users\HNPC1\Desktop\5012413_20130427_1716_02_attachments.zip 2013-04-24 07:11 - 2013-04-12 15:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys 2013-04-11 08:36 - 2013-02-21 11:30 - 01766912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-04-11 08:36 - 2013-02-21 11:30 - 01129984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-04-11 08:36 - 2013-02-21 11:29 - 14323200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-04-11 08:36 - 2013-02-21 11:29 - 13761024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-04-11 08:36 - 2013-02-21 11:29 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-04-11 08:36 - 2013-02-21 11:29 - 02046464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-04-11 08:36 - 2013-02-21 11:29 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-04-11 08:36 - 2013-02-21 11:29 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-04-11 08:36 - 2013-02-21 11:29 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-04-11 08:36 - 2013-02-21 11:29 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-04-11 08:36 - 2013-02-21 11:29 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-04-11 08:36 - 2013-02-21 11:29 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-04-11 08:36 - 2013-02-21 11:29 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-04-11 08:36 - 2013-02-21 11:15 - 02240512 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-04-11 08:36 - 2013-02-21 11:15 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-04-11 08:36 - 2013-02-21 11:14 - 19230208 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-04-11 08:36 - 2013-02-21 11:14 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-04-11 08:36 - 2013-02-21 11:14 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-04-11 08:36 - 2013-02-21 11:14 - 02647040 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-04-11 08:36 - 2013-02-21 11:14 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-04-11 08:36 - 2013-02-21 11:14 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-04-11 08:36 - 2013-02-21 11:14 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-04-11 08:36 - 2013-02-21 11:14 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-04-11 08:36 - 2013-02-21 11:14 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-04-11 08:36 - 2013-02-21 11:14 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-04-11 08:36 - 2013-02-21 11:14 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-04-11 08:36 - 2013-02-21 11:14 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-04-11 08:36 - 2013-02-19 13:01 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-04-11 08:36 - 2013-02-19 12:42 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-04-11 08:36 - 2013-02-19 12:10 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-04-11 08:36 - 2013-02-19 11:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-04-11 07:30 - 2013-04-11 07:30 - 01443770 ____A C:\Users\HNPC1\Desktop\documents.zip 2013-04-11 07:26 - 2013-03-01 04:36 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-04-11 07:25 - 2013-03-19 07:04 - 05550424 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2013-04-11 07:25 - 2013-03-19 06:46 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll 2013-04-11 07:25 - 2013-03-19 06:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-04-11 07:25 - 2013-03-19 06:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-04-11 07:25 - 2013-03-19 05:47 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2013-04-11 07:25 - 2013-03-19 04:06 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe 2013-04-11 07:25 - 2013-01-24 07:01 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys 2013-04-07 21:14 - 2013-04-12 16:23 - 00000000 ____D C:\Users\HNPC1\Desktop\Vater ==================== One Month Modified Files and Folders ======= 2013-05-04 00:14 - 2013-05-04 00:14 - 00000000 ____D C:\FRST 2013-05-03 23:08 - 2013-05-03 13:44 - 95023320 ___AT C:ProgramData\dzvoir.pad 2013-05-03 23:08 - 2013-05-03 13:44 - 00000000 ____A C:ProgramData\as98213.txt 2013-05-03 23:08 - 2010-10-02 22:51 - 00001104 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-05-03 23:06 - 2012-12-29 20:53 - 00012075 ____A C:\Windows\setupact.log 2013-05-03 23:06 - 2011-12-21 17:24 - 00092887 ____A C:\aaw7boot.log 2013-05-03 23:06 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-05-03 22:49 - 2009-07-14 18:58 - 00657660 ____A C:\Windows\System32\perfh007.dat 2013-05-03 22:49 - 2009-07-14 18:58 - 00131032 ____A C:\Windows\System32\perfc007.dat 2013-05-03 22:49 - 2009-07-14 06:13 - 01507342 ____A C:\Windows\System32\PerfStringBackup.INI 2013-05-03 22:31 - 2013-05-03 22:31 - 03795288 ____A (McAfee, Inc.) C:\Users\HNPC1\Desktop\SecurityScan_Release.exe 2013-05-03 22:31 - 2013-05-03 22:31 - 00002160 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2013-05-03 22:31 - 2013-05-03 22:31 - 00000000 ____D C:ProgramData\McAfee Security Scan 2013-05-03 22:31 - 2013-05-03 22:31 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan 2013-05-03 22:20 - 2013-05-03 22:20 - 00044544 ____A (Microsoft Corporation) C:ProgramData\rundll32.exe 2013-05-03 21:49 - 2013-05-03 21:49 - 00001130 ____A C:\Users\Public\Desktop\FileASSASSIN.lnk 2013-05-03 21:44 - 2012-12-29 20:53 - 00137790 ____A C:\Windows\PFRO.log 2013-05-03 21:43 - 2013-05-03 13:31 - 00000000 ____D C:\Users\HNPC1\AppData\Roaming\WinHost 2013-05-03 21:41 - 2013-05-03 21:41 - 00000000 ____D C:\Users\HNPC1\AppData\Roaming\Malwarebytes 2013-05-03 21:40 - 2013-05-03 21:40 - 00001025 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-05-03 21:40 - 2013-05-03 21:40 - 00000000 ____D C:ProgramData\Malwarebytes 2013-05-03 21:40 - 2010-10-02 16:44 - 00000000 ____D C:\Programme (neu) 2013-05-03 21:39 - 2013-05-03 21:39 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\HNPC1\Desktop\mbam-setup-1.75.0.1300.exe 2013-05-03 21:36 - 2013-05-03 21:18 - 00000000 ____D C:\Windows\6B6C4C461B7E4A419E70ACFBB22B1D81.TMP 2013-05-03 21:36 - 2013-05-03 21:14 - 00000000 ____D C:ProgramData\SpeedyPC Software 2013-05-03 21:36 - 2010-10-02 19:23 - 00000000 ____D C:\Windows\System32\appmgmt 2013-05-03 21:18 - 2013-05-03 21:18 - 00000000 ____D C:\Program Files\Enigma Software Group 2013-05-03 21:17 - 2013-05-03 21:17 - 00726464 ____A (Enigma Software Group USA, LLC.) C:\Users\HNPC1\Desktop\SpyHunter-Installer.exe 2013-05-03 21:14 - 2013-05-03 21:14 - 00000000 ____D C:\Users\HNPC1\AppData\Roaming\SpeedyPC Software 2013-05-03 21:14 - 2013-05-03 21:14 - 00000000 ____D C:\Users\HNPC1\AppData\Roaming\DriverCure 2013-05-03 21:13 - 2013-05-03 21:12 - 05706680 ____A (SpeedyPC Software) C:\Users\HNPC1\Desktop\SpeedyPC Pro Installer.exe 2013-05-03 21:12 - 2013-05-03 21:12 - 00001205 ____A C:\Users\HNPC1\Desktop\FixNCR.reg 2013-05-03 20:50 - 2013-05-03 20:50 - 00013453 ____A C:\AdwCleaner[R1].txt 2013-05-03 20:49 - 2013-05-03 20:49 - 00628743 ____A C:\Users\HNPC1\Desktop\adwcleaner.exe 2013-05-03 20:48 - 2013-05-03 20:48 - 00684480 ____A C:\Users\HNPC1\Desktop\DownloadManagerSetup(1).exe 2013-05-03 20:47 - 2013-05-03 20:47 - 00684480 ____A C:\Users\HNPC1\Desktop\DownloadManagerSetup.exe 2013-05-03 20:47 - 2013-05-03 20:47 - 00001120 ____A C:\Users\HNPC1\Desktop\Continue Mipony Download Manager Installation.lnk 2013-05-03 20:06 - 2011-12-21 08:50 - 00000064 ____A C:\Windows\SysWOW64\rp_stats.dat 2013-05-03 20:06 - 2011-12-21 08:50 - 00000044 ____A C:\Windows\SysWOW64\rp_rules.dat 2013-05-03 19:28 - 2013-05-03 19:28 - 00002635 ____A C:ProgramData\dzvoir.js 2013-05-03 15:08 - 2009-08-19 12:46 - 01718124 ____A C:\Windows\WindowsUpdate.log 2013-05-03 15:08 - 2009-07-14 05:45 - 00010256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-05-03 15:08 - 2009-07-14 05:45 - 00010256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-05-03 15:00 - 2012-12-29 20:32 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-05-03 14:39 - 2010-10-02 22:51 - 00001108 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-05-03 13:44 - 2013-05-03 13:44 - 00159744 ____A C:ProgramData\riovzd.dat 2013-05-03 13:44 - 2013-05-03 13:44 - 00000152 ____A C:ProgramData\dzvoir.reg 2013-05-03 13:44 - 2013-05-03 13:44 - 00000056 ____A C:ProgramData\dzvoir.bat 2013-05-02 19:45 - 2013-01-08 19:26 - 00000000 ____D C:\Users\HNPC1\Documents\Outlook-Dateien 2013-05-02 19:44 - 2011-11-15 22:36 - 00000000 ____D C:\Program Files (x86)\McAfee 2013-04-30 19:45 - 2013-04-30 19:45 - 00000000 ____D C:\Users\HNPC1\Documents\CyberLink 2013-04-28 15:53 - 2013-01-05 16:25 - 00000000 ____D C:\Users\HNPC1\AppData\Roaming\HpUpdate 2013-04-28 15:33 - 2012-11-17 23:27 - 00000000 ____D C:\Users\HNPC1\Desktop\Malediven 2013-04-27 16:16 - 2013-04-27 16:16 - 01769674 ____A C:\Users\HNPC1\Desktop\5012413_20130427_1716_13_attachments.zip 2013-04-27 16:16 - 2013-04-27 16:16 - 00061627 ____A C:\Users\HNPC1\Desktop\5012413_20130427_1716_02_attachments.zip 2013-04-24 07:10 - 2013-01-01 13:06 - 00000000 ____D C:\Users\HNPC1\Desktop\CKW 2013-04-21 20:19 - 2013-01-23 21:06 - 00000000 ____D C:\Users\HNPC1\Desktop\Ant 2013-04-15 19:37 - 2012-07-05 20:22 - 00000000 ____D C:\Users\HNPC1\Desktop\Sansan 2013-04-12 16:23 - 2013-04-07 21:14 - 00000000 ____D C:\Users\HNPC1\Desktop\Vater 2013-04-12 15:45 - 2013-04-24 07:11 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys 2013-04-12 15:12 - 2012-12-29 20:32 - 00691592 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-04-12 15:12 - 2012-12-29 20:11 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-04-12 15:12 - 2010-10-02 17:52 - 00000000 ____D C:ProgramData\Adobe 2013-04-12 14:59 - 2012-12-29 20:53 - 03030032 ____A C:\Windows\System32\FNTCACHE.DAT 2013-04-11 08:37 - 2010-10-06 17:52 - 00000000 ____D C:ProgramData\Microsoft Help 2013-04-11 08:37 - 2010-10-02 01:06 - 72702784 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-04-11 07:37 - 2011-09-25 17:53 - 00000000 ____D C:\Users\HNPC1\Desktop\SBB 2013-04-11 07:30 - 2013-04-11 07:30 - 01443770 ____A C:\Users\HNPC1\Desktop\documents.zip 2013-04-11 07:26 - 2011-09-18 14:42 - 00000000 ____D C:\Users\HNPC1\Desktop\Swisscom 2013-04-07 21:14 - 2013-03-27 21:41 - 00000000 ____D C:\Users\HNPC1\Desktop\Thailand 2013-04-07 20:02 - 2012-12-29 21:08 - 00019938 ____A C:\Windows\IE10_main.log 2013-04-04 13:50 - 2013-05-03 21:40 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys Other Malware: =========== C:\Users\HNPC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\\msconfig.lnk ==================== Known DLLs (Whitelisted) ================ C:\Windows\System32\olecli32.dll IS MISSING <==== ATTENTION! [2009-07-14 00:44] - [2009-07-14 02:16] - 0080384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\olecli32.dll C:\Windows\System32\olecnv32.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\olecnv32.dll IS MISSING <==== ATTENTION! C:\Windows\System32\olesvr32.dll IS MISSING <==== ATTENTION! [2009-07-14 00:43] - [2009-07-14 02:16] - 0028672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\olesvr32.dll C:\Windows\System32\olethk32.dll IS MISSING <==== ATTENTION! [2011-05-02 09:06] - [2010-11-20 13:20] - 0077824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\olethk32.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== BCD ================================ Windows-Start-Manager --------------------- Bezeichner {bootmgr} device partition=C: description Windows Boot Manager locale de-DE inherit {globalsettings} default {default} resumeobject {fd5a51a0-cdbd-11df-8573-f58f51f0d469} displayorder {default} toolsdisplayorder {memdiag} timeout 3 Windows-Startladeprogramm ------------------------- Bezeichner {default} device partition=C: path \Windows\system32\winload.exe description Windows 7 locale de-DE inherit {bootloadersettings} recoverysequence {current} recoveryenabled Yes osdevice partition=C: systemroot \Windows resumeobject {fd5a51a0-cdbd-11df-8573-f58f51f0d469} nx OptIn detecthal Yes Windows-Startladeprogramm ------------------------- Bezeichner {current} device ramdisk=[C:]\Recovery\fd5a51a2-cdbd-11df-8573-f58f51f0d469\Winre.wim,{fd5a51a3-cdbd-11df-8573-f58f51f0d469} path \windows\system32\winload.exe description Windows Recovery Environment inherit {bootloadersettings} osdevice ramdisk=[C:]\Recovery\fd5a51a2-cdbd-11df-8573-f58f51f0d469\Winre.wim,{fd5a51a3-cdbd-11df-8573-f58f51f0d469} systemroot \windows nx OptIn winpe Yes Wiederaufnahme aus dem Ruhezustand ---------------------------------- Bezeichner {fd5a51a0-cdbd-11df-8573-f58f51f0d469} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale de-DE inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys debugoptionenabled No Windows-Speichertestprogramm ---------------------------- Bezeichner {memdiag} device partition=C: path \boot\memtest.exe description Windows-Speicherdiagnose locale de-DE inherit {globalsettings} badmemoryaccess Yes EMS-Einstellungen ----------------- Bezeichner {emssettings} bootems Yes Debuggereinstellungen --------------------- Bezeichner {dbgsettings} debugtype Serial debugport 1 baudrate 115200 RAM-Defekte ----------- Bezeichner {badmemory} Globale Einstellungen --------------------- Bezeichner {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Startladeprogramm-Einstellungen ------------------------------- Bezeichner {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Hypervisoreinstellungen ------------------- Bezeichner {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Einstellungen zur Ladeprogrammfortsetzung ----------------------------------------- Bezeichner {resumeloadersettings} inherit {globalsettings} Ger„teoptionen -------------- Bezeichner {fd5a51a3-cdbd-11df-8573-f58f51f0d469} description Ramdisk Options ramdisksdidevice partition=C: ramdisksdipath \Recovery\fd5a51a2-cdbd-11df-8573-f58f51f0d469\boot.sdi ==================== Memory info =========================== Percentage of memory in use: 17% Total physical RAM: 3831.49 MB Available physical RAM: 3172.82 MB Total Pagefile: 3829.64 MB Available Pagefile: 3188.31 MB Total Virtual: 8192 MB Available Virtual: 8191.87 MB ==================== Drives ================================ Drive c: (WinPro) (Fixed) (Total:111.79 GB) (Free:37.45 GB) NTFS (Disk=3 Partition=1) ==>[Drive with boot components (obtained from BCD)] Drive e: ((XP) Programme ) (Fixed) (Total:29.29 GB) (Free:21.36 GB) NTFS (Disk=2 Partition=1) Drive g: ((XP) Dateien II ) (Fixed) (Total:95.33 GB) (Free:59.81 GB) NTFS (Disk=1 Partition=2) Drive h: ((XP) Dateien ) (Fixed) (Total:82.49 GB) (Free:64.61 GB) NTFS (Disk=2 Partition=2) Drive i: (Dateien (I)) (Fixed) (Total:440.2 GB) (Free:377.08 GB) NTFS (Disk=0 Partition=2) Drive j: (Dateien (II)) (Fixed) (Total:491.21 GB) (Free:444.1 GB) NTFS (Disk=0 Partition=3) Drive r: () (Removable) (Total:3.8 GB) (Free:3.8 GB) FAT32 (Disk=9 Partition=1) Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.08 GB) NTFS (Disk=0 Partition=1) Datentr„ger ### Status Gr”áe Frei Dyn GPT --------------- ------------- ------- ------- --- --- Datentr„ger 0 Online 931 GB 0 B Datentr„ger 1 Online 149 GB 8 MB Datentr„ger 2 Online 111 GB 8 MB Datentr„ger 3 Online 111 GB 0 B Datentr„ger 4 Kein Medium 0 B 0 B Datentr„ger 5 Kein Medium 0 B 0 B Datentr„ger 6 Kein Medium 0 B 0 B Datentr„ger 7 Kein Medium 0 B 0 B Datentr„ger 8 Kein Medium 0 B 0 B Datentr„ger 9 Online 3900 MB 0 B Partitions of Disk 0: =============== Datentr„ger-ID: 71ED8D7B Partition ### Typ Gr”áe Offset ------------- ---------------- ------- ------- Partition 1 Prim„r 100 MB 1024 KB Partition 2 Prim„r 440 GB 101 MB Partition 3 Prim„r 491 GB 440 GB ================================================================================== Disk: 0 Partition 1 Typ : 07 Versteckt: Nein Aktiv : Ja Volume ### Bst Bezeichnung DS Typ Gr”áe Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 Y System-rese NTFS Partition 100 MB Fehlerfre ========================================================= Disk: 0 Partition 2 Typ : 07 Versteckt: Nein Aktiv : Nein Volume ### Bst Bezeichnung DS Typ Gr”áe Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 I Dateien (I) NTFS Partition 440 GB Fehlerfre ========================================================= Disk: 0 Partition 3 Typ : 07 Versteckt: Nein Aktiv : Nein Volume ### Bst Bezeichnung DS Typ Gr”áe Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 J Dateien (II NTFS Partition 491 GB Fehlerfre ========================================================= Partitions of Disk 1: =============== Datentr„ger-ID: 18B918B8 Partition ### Typ Gr”áe Offset ------------- ---------------- ------- ------- Partition 1 Prim„r 53 GB 31 KB Partition 0 Erweitert 95 GB 53 GB Partition 2 Logisch 95 GB 53 GB ================================================================================== Disk: 1 Partition 1 Typ : 07 Versteckt: Nein Aktiv : Ja Volume ### Bst Bezeichnung DS Typ Gr”áe Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 5 (XP) Window NTFS Partition 53 GB Fehlerfre ========================================================= Disk: 1 Partition 2 Typ : 07 Versteckt: Nein Aktiv : Nein Volume ### Bst Bezeichnung DS Typ Gr”áe Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 6 G (XP) Dateie NTFS Partition 95 GB Fehlerfre ========================================================= Partitions of Disk 2: =============== Datentr„ger-ID: F681F681 Partition ### Typ Gr”áe Offset ------------- ---------------- ------- ------- Partition 1 Prim„r 29 GB 31 KB Partition 0 Erweitert 82 GB 29 GB Partition 2 Logisch 82 GB 29 GB ================================================================================== Disk: 2 Partition 1 Typ : 07 Versteckt: Nein Aktiv : Nein Volume ### Bst Bezeichnung DS Typ Gr”áe Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 7 E (XP) Progra NTFS Partition 29 GB Fehlerfre ========================================================= Disk: 2 Partition 2 Typ : 07 Versteckt: Nein Aktiv : Nein Volume ### Bst Bezeichnung DS Typ Gr”áe Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 8 H (XP) Dateie NTFS Partition 82 GB Fehlerfre ========================================================= Partitions of Disk 3: =============== Datentr„ger-ID: E9A523B4 Partition ### Typ Gr”áe Offset ------------- ---------------- ------- ------- Partition 1 Prim„r 111 GB 1024 KB ================================================================================== Disk: 3 Partition 1 Typ : 07 Versteckt: Nein Aktiv : Ja Volume ### Bst Bezeichnung DS Typ Gr”áe Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 9 C WinPro NTFS Partition 111 GB Fehlerfre ========================================================= Partitions of Disk 9: =============== Datentr„ger-ID: 00000000 Partition ### Typ Gr”áe Offset ------------- ---------------- ------- ------- Partition 1 Prim„r 3899 MB 380 KB ================================================================================== Disk: 9 Partition 1 Typ : 0B Versteckt: Nein Aktiv : Nein Volume ### Bst Bezeichnung DS Typ Gr”áe Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 15 R FAT32 Wechselmed 3899 MB Fehlerfre ========================================================= ============================== MBR & Partition Table ================== ==================================================================== Disk: 0 (Size: 932 GB) (Disk ID: 71ED8D7B) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=440 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=491 GB) - (Type=07 NTFS) ==================================================================== Disk: 1 (Size: 149 GB) (Disk ID: 18B918B8) Partition 1: (Active) - (Size=54 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=95 GB) - (Type=OF Extended) ==================================================================== Disk: 2 (Size: 112 GB) (Disk ID: F681F681) Partition 1: (Not Active) - (Size=29 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=82 GB) - (Type=OF Extended) ==================================================================== Disk: 3 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: E9A523B4) Partition 1: (Active) - (Size=112 GB) - (Type=07 NTFS) ==================================================================== Disk: 9 (Size: 4 GB) (Disk ID: 00000000) Partition 1: (Not Active) - (Size=4 GB) - (Type=0B) Last Boot: 2013-04-22 07:45 ==================== End Of Log ============================ |
Themen zu JS/Ransom-ABJ Trojaner |
ad-aware, association, bildschirm, bootmgr, browser, continue, desktop, dllhost.exe, enigma, entfernen, explorer, farbar recovery scan tool, flash player, fontcache, frst.txt, google, java/exploit.agent.obl, js/ransom-abj, lws.exe, mipony, ms office 2010, msiexec.exe, netzwerk, opera, policyagent, realtek, registry, scan, security, services.exe, software, system, trojan.agent, trojaner, win32/kryptik.badu, win32/reveton.m, winlogon.exe, wmi |