Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: JS/Ransom-ABJ Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Alt 04.05.2013, 00:20   #1
knax
 
JS/Ransom-ABJ Trojaner - Standard

JS/Ransom-ABJ Trojaner



Hoi zäme

Ich hoffe Ihr könnt mir helfen mit einem Trojaner, welchen ich mir eingefangen habe und welcher mich aus dem System aussperrt. Ich bin zufällig beim stöbern heute über euer Board gestossen und bin sehr beeindruckt von eurer Unterstüzung in den vielen Beiträgen bzgl.Trojaner und anderen Schädlingen.
Nach meiner Meinung habe ich mir einen GVU Trojaner eingefangen. Dieser sperrt den Bildschirm und will einen Geldbetrag für das Entsperren innerhalb 72h. Der PC lässt sich noch im abgesicherten Modus, mit Netzwerktreiber und Eingabeaufforderung starten. Ich habe schon mehrer Versuche unternommen diesem Trojaner vom System zu entfernen, jedoch waren bisher meine Versuche ziemlich erfolglos.
Vorweg hatte ich mit einzelnen Male Säuberungsprogrammen versucht diesen Sperrbildschirm wegzu bekommen. Der auf dem System installierte Virenscanner von MC Afee hatte folgenden Trojaner erkannt und angezeigt: dzvoir.js; Speicherort C:\PROGRA~3; Endeckte Bedrohungen JS/Ransom-ABJ (Trojaner) und dzvoir.js; Speicherort C:\ProgramData; Endeckte Bedrohungen JS/Ransom-ABJ (Trojaner)
Bin im Board auf ein ähnliches Thema gestossen und habe als erstes den Scan mit Farbars im abgesicherten Modus durchgeführt.

Danke euch vorab für eure Unterstüzung und Hilfe.
knax

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2013
Ran by SYSTEM on 04-05-2013 00:14:36
Running from R:\
Windows 7 Professional (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.


ATTENTION!:=====> THE OPERATING SYSTEM IS A X86 SYSTEM BUT THE BOOT DISK THAT IS USED TO BOOT TO RECOVERY ENVIRONMENT IS A X64 SYSTEM DISK.
==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Ocs_SM] C:\Users\****\AppData\Roaming\OCS\SM\SearchAnonymizer.exe                                                                                                                                                                                                                [106496 2011-08-31] (OCS)
HKLM\...\Run: [EvtMgr6] C:\Programme (neu)\Logitech\SetPointP\SetPoint.exe /launchGaming [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM-x32\...\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe [43608 2010-09-07] ()
HKLM-x32\...\Run: [CLMLServer] "C:\Programme (neu)\Cyberlink BD Solution\Power2Go\CLMLSvc.exe"                                                                                                                                                                                                           [103720 2009-11-02] (CyberLink)
HKLM-x32\...\Run: [UpdatePSTShortCut] "C:\Programme (neu)\Cyberlink BD Solution\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Programme (neu)\Cyberlink BD Solution\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"                                                           [222504 2010-01-05] (CyberLink Corp.)
HKLM-x32\...\Run: [LWS] C:\Programme (neu)\Logitech\Webcam\LWS\Webcam Software\LWS.exe -hide [205336 2011-08-12] (Logitech Inc.)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [BCSSync] "C:\Programme (neu)\MS Office 2010 Professional\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [106496 2009-10-21] (NEC Electronics Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1534504 2013-01-14] (McAfee, Inc.)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" [197288 2011-11-15] (Lavasoft)
HKLM-x32\...\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [375000 2009-10-15] (DeviceVM, Inc.)
HKU\HNPC1\...\Run: [HP Photosmart 6520 series (NET)] "C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN29A1618V05TZ:NW" -scfn "HP Photosmart 6520 series (NET)" -AutoStart 1 [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\HNPC1\...\Run: []  [x]
HKU\HNPC1\...\Run: [ctfmon.exe] C:\PROGRA~3\rundll32.exe C:\PROGRA~3\riovzd.dat,FG00 [159744 2013-05-03] ()
Startup: C:ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\HNPC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
ShortcutTarget: msconfig.lnk -> C:\PROGRA~3\riovzd.dat ()
Startup: C:\Users\HNPC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Photosmart 6520 series (Netzwerk).lnk
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} -  No File

==================== Services (Whitelisted) =================

S3 FastUserSwitchingCompatibility; C:\Windows\System32\shsvcs.dll [370688 2010-11-20] (Microsoft Corporation)
S3 FastUserSwitchingCompatibility; C:\Windows\SysWow64\shsvcs.dll [328192 2010-11-20] (Microsoft Corporation)
S3 Nla; C:\Windows\System32\mswsock.dll [326144 2010-11-20] (Microsoft Corporation)
S3 Nla; C:\Windows\SysWow64\mswsock.dll [232448 2010-11-20] (Microsoft Corporation)
S3 NtLmSsp; C:\Windows\system32\lsass.exe [31232 2011-11-17] (Microsoft Corporation)
S2 PlugPlay; C:\Windows\system32\services.exe [328704 2009-07-14] (Microsoft Corporation)
S3 PolicyAgent; C:\Windows\system32\lsass.exe [31232 2011-11-17] (Microsoft Corporation)
S3 Wmi; C:\Windows\System32\advapi32.dll [877056 2009-07-14] (Microsoft Corporation)
S3 Wmi; C:\Windows\SysWow64\advapi32.dll [640512 2010-11-20] (Microsoft Corporation)
S3 Adobe LM Service; "G:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe" [x]
S4 Alerter; %SystemRoot%\system32\alrsvc.dll [x]
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]
S2 BITS; G:\WINDOWS\system32\qmgr.dll [x]
S4 CiSvc; %SystemRoot%\system32\cisvc.exe [x]
S4 ClipSrv; %SystemRoot%\system32\clipsrv.exe [x]
S3 clr_optimization_v2.0.50727_32; G:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [x]
S3 COMSysApp; G:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} [x]
S3 dmadmin; %SystemRoot%\System32\dmadmin.exe /com [x]
S2 dmserver; %SystemRoot%\System32\dmserver.dll [x]
S2 ERSvc; %SystemRoot%\System32\ersvc.dll [x]
S2 Eventlog;  [x]
S3 EventSystem; G:\WINDOWS\system32\es.dll [x]
S3 FontCache3.0.0.0; G:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [x]
S2 gupdate; "G:\Programme\Google\Update\GoogleUpdate.exe" /svc [x]
S2 helpsvc; %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll [x]
S3 HTTPFilter; %SystemRoot%\System32\w3ssl.dll [x]
S3 idsvc; "G:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [x]
S3 ImapiService; G:\WINDOWS\system32\imapi.exe [x]
S3 JavaQuickStarterService; "G:\Programme\Java\jre6\bin\jqs.exe" -service -config "G:\Programme\Java\jre6\lib\deploy\jqs\jqs.conf" [x]
S2 LVPrcSrv; "G:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcSrv.exe" [x]
S2 MDM; "G:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe" [x]
S4 Messenger; %SystemRoot%\System32\msgsvc.dll [x]
S3 mnmsrvc; G:\WINDOWS\system32\mnmsrvc.exe [x]
S3 MSDTC; G:\WINDOWS\system32\msdtc.exe [x]
S3 MSIServer; G:\WINDOWS\system32\msiexec.exe /V [x]
S4 NetDDE; %SystemRoot%\system32\netdde.exe [x]
S4 NetDDEdsdm; %SystemRoot%\system32\netdde.exe [x]
S4 NetTcpPortSharing; "G:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [x]
S3 NtmsSvc; %SystemRoot%\system32\ntmssvc.dll [x]
S2 NVSvc; %SystemRoot%\system32\nvsvc32.exe [x]
S3 RDSessMgr; G:\WINDOWS\system32\sessmgr.exe [x]
S3 RSVP; %SystemRoot%\system32\rsvp.exe [x]
S3 SCardSvr; %SystemRoot%\System32\SCardSvr.exe [x]
S2 srservice; G:\WINDOWS\system32\srsvc.dll [x]
S3 SwPrv; G:\WINDOWS\system32\dllhost.exe /Processid:{B83E1EC8-722E-46A8-B7E8-62813374A376} [x]
S3 SysmonLog; %SystemRoot%\system32\smlogsvc.exe [x]
S4 TlntSvr; G:\WINDOWS\system32\tlntsvr.exe [x]
S3 TuneUp.Defrag; C:\TuneUP2010\TuneUpDefragService.exe [x]
S2 TuneUp.UtilitiesSvc; "C:\TuneUP2010\TuneUpUtilitiesService32.exe" [x]
S3 UPS; %SystemRoot%\System32\ups.exe [x]
S3 W32Time; G:\WINDOWS\system32\w32time.dll [x]
S3 WmdmPmSN; G:\WINDOWS\system32\MsPMSNSv.dll [x]
S3 WmiApSrv; G:\WINDOWS\system32\wbem\wmiapsrv.exe [x]
S3 WMPNetworkSvc; "G:\Programme\Windows Media Player\WMPNetwk.exe" [x]
S2 wuauserv; G:\WINDOWS\system32\wuauserv.dll [x]
S2 WZCSVC; %SystemRoot%\System32\wzcsvc.dll [x]
S3 xmlprov; %SystemRoot%\System32\xmlprov.dll [x]

==================== Drivers (Whitelisted) ====================

S4 Abiosdsk; No ImagePath
S4 abp480n5; No ImagePath
S4 ACPIEC; No ImagePath
S4 adpu160m; No ImagePath
S3 aec; system32\drivers\aec.sys [x]
S4 Aha154x; No ImagePath
S4 aic78u2; No ImagePath
S4 aic78xx; No ImagePath
S4 amsint; No ImagePath
S3 Arp1394; system32\DRIVERS\arp1394.sys [x]
S4 asc; No ImagePath
S4 asc3350p; No ImagePath
S4 asc3550; No ImagePath
S4 Atdisk; No ImagePath
S3 ati2mtag; system32\DRIVERS\ati2mtag.sys [x]
S3 Atmarpc; system32\DRIVERS\atmarpc.sys [x]
S3 audstub; system32\DRIVERS\audstub.sys [x]
S4 cbidf2k; No ImagePath
S3 CCDECODE; system32\DRIVERS\CCDECODE.sys [x]
S4 cd20xrnt; No ImagePath
S1 Cdaudio; No ImagePath
S1 Changer; No ImagePath
S3 cmuda; system32\drivers\cmuda.sys [x]
S4 Cpqarray; No ImagePath
S4 dac2w2k; No ImagePath
S4 dac960nt; No ImagePath
S4 dmboot; System32\drivers\dmboot.sys [x]
S0 dmio; System32\drivers\dmio.sys [x]
S0 dmload; System32\drivers\dmload.sys [x]
S3 DMusic; system32\drivers\DMusic.sys [x]
S4 dpti2o; No ImagePath
S3 FilterService; system32\DRIVERS\lvuvcflt.sys [x]
S1 Fips; No ImagePath
S0 Ftdisk; system32\DRIVERS\ftdisk.sys [x]
S3 gameenum; system32\DRIVERS\gameenum.sys [x]
S3 Gpc; system32\DRIVERS\msgpc.sys [x]
S4 hpn; No ImagePath
S1 i2omgmt; No ImagePath
S4 i2omp; No ImagePath
S1 Imapi; system32\DRIVERS\imapi.sys [x]
S4 ini910u; No ImagePath
S3 Ip6Fw; system32\DRIVERS\Ip6Fw.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S1 IPSec; system32\DRIVERS\ipsec.sys [x]
S3 kmixer; system32\drivers\kmixer.sys [x]
S1 lbrtfdc; No ImagePath
S3 LVMVDrv; system32\DRIVERS\LVMVDrv.sys [x]
S3 lvpopflt; system32\DRIVERS\lvpopflt.sys [x]
S3 LVPr2Mon; system32\DRIVERS\LVPr2Mon.sys [x]
S3 LVUSBSta; system32\drivers\LVUSBSta.sys [x]
S3 LVUVC; system32\DRIVERS\lvuvc.sys [x]
S1 mnmdd; No ImagePath
S4 mraid35x; No ImagePath
S3 ms_mpu401; system32\drivers\msmpu401.sys [x]
S3 NABTSFEC; system32\DRIVERS\NABTSFEC.sys [x]
S3 NdisIP; system32\DRIVERS\NdisIP.sys [x]
S3 NIC1394; system32\DRIVERS\nic1394.sys [x]
S3 nv; system32\DRIVERS\nv4_mini.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S2 ParVdm; No ImagePath
S1 PCIDump; No ImagePath
S3 PDCOMP; No ImagePath
S3 PDFRAME; No ImagePath
S3 PDRELI; No ImagePath
S3 PDRFRAME; No ImagePath
S4 perc2; No ImagePath
S4 perc2hib; No ImagePath
S3 PSched; system32\DRIVERS\psched.sys [x]
S3 Ptilink; system32\DRIVERS\ptilink.sys [x]
S0 PxHelp20; System32\Drivers\PxHelp20.sys [x]
S4 ql1080; No ImagePath
S4 Ql10wnt; No ImagePath
S4 ql12160; No ImagePath
S4 ql1240; No ImagePath
S4 ql1280; No ImagePath
S3 Raspti; system32\DRIVERS\raspti.sys [x]
S1 redbook; system32\DRIVERS\redbook.sys [x]
S4 Simbad; No ImagePath
S3 SISNIC; system32\DRIVERS\sisnic.sys [x]
S3 SLIP; system32\DRIVERS\SLIP.sys [x]
S3 SONYPVU1; system32\DRIVERS\SONYPVU1.SYS [x]
S4 Sparrow; No ImagePath
S3 splitter; system32\drivers\splitter.sys [x]
S0 sr; system32\DRIVERS\sr.sys [x]
S3 streamip; system32\DRIVERS\StreamIP.sys [x]
S3 swmidi; system32\drivers\swmidi.sys [x]
S4 symc810; No ImagePath
S4 symc8xx; No ImagePath
S4 sym_hi; No ImagePath
S4 sym_u3; No ImagePath
S3 sysaudio; system32\drivers\sysaudio.sys [x]
S4 TosIde; No ImagePath
S3 TuneUpUtilitiesDrv; \??\C:\TuneUP2010\TuneUpUtilitiesDriver32.sys [x]
S4 ultra; No ImagePath
S3 Update; system32\DRIVERS\update.sys [x]
S3 usbscan; system32\DRIVERS\usbscan.sys [x]
S3 WDICA; No ImagePath
S3 wdmaud; system32\drivers\wdmaud.sys [x]
S1 WS2IFSL; 
S3 WSTCODEC; system32\DRIVERS\WSTCODEC.SYS [x]

========================== Drivers MD5 =======================

C:\Windows\System32\DRIVERS\ACPI.sys ==> MD5 is legit
C:\Windows\System32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\System32\Drivers\AliIde.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atapi.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\System32\Drivers\CmdIde.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fastfat.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fltMgr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\Drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\Drivers\IntelIde.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipnat.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\irenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\isapnp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\KSecDD.sys 97A7070AEA4C058B6418519E869A63B4
C:\Windows\System32\DRIVERS\LHidFilt.Sys 241F2648ADF090E2A10095BD6D6F5DCB
C:\Windows\System32\DRIVERS\LMouFilt.Sys 342ED5A4B3326014438F36D22D803737
C:\Windows\System32\Drivers\Modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MountMgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Mup.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDIS.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\Drivers\PartMgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\DRIVERS\pci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pciide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Pcmcia.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\DRIVERS\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Sfloppy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tcpip.sys B62A953F2BF3922C8764A29C34A22899
C:\Windows\System32\Drivers\TDPIPE.sys ==> MD5 is legit
C:\Windows\System32\Drivers\TDTCP.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Udfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\usbaudio.sys 82E8F44688E6FAC57B5B7C6FC7ADBC2A
C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C
C:\Windows\System32\DRIVERS\usbehci.sys C025055FE7B87701EB042095DF1A2D7B
C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24
C:\Windows\System32\DRIVERS\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ViaIde.sys ==> MD5 is legit
C:\Windows\System32\Drivers\VolSnap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4
C:\Windows\System32\DRIVERS\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\wudfrd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-05-04 00:14 - 2013-05-04 00:14 - 00000000 ____D C:\FRST
2013-05-03 22:31 - 2013-05-03 22:31 - 03795288 ____A (McAfee, Inc.) C:\Users\HNPC1\Desktop\SecurityScan_Release.exe
2013-05-03 22:31 - 2013-05-03 22:31 - 00002160 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-05-03 22:31 - 2013-05-03 22:31 - 00000000 ____D C:ProgramData\McAfee Security Scan
2013-05-03 22:31 - 2013-05-03 22:31 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
2013-05-03 22:20 - 2013-05-03 22:20 - 00044544 ____A (Microsoft Corporation) C:ProgramData\rundll32.exe
2013-05-03 21:49 - 2013-05-03 21:49 - 00001130 ____A C:\Users\Public\Desktop\FileASSASSIN.lnk
2013-05-03 21:41 - 2013-05-03 21:41 - 00000000 ____D C:\Users\HNPC1\AppData\Roaming\Malwarebytes
2013-05-03 21:40 - 2013-05-03 21:40 - 00001025 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-05-03 21:40 - 2013-05-03 21:40 - 00000000 ____D C:ProgramData\Malwarebytes
2013-05-03 21:40 - 2013-04-04 13:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-05-03 21:39 - 2013-05-03 21:39 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\HNPC1\Desktop\mbam-setup-1.75.0.1300.exe
2013-05-03 21:18 - 2013-05-03 21:36 - 00000000 ____D C:\Windows\6B6C4C461B7E4A419E70ACFBB22B1D81.TMP
2013-05-03 21:18 - 2013-05-03 21:18 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-05-03 21:17 - 2013-05-03 21:17 - 00726464 ____A (Enigma Software Group USA, LLC.) C:\Users\HNPC1\Desktop\SpyHunter-Installer.exe
2013-05-03 21:14 - 2013-05-03 21:36 - 00000000 ____D C:ProgramData\SpeedyPC Software
2013-05-03 21:14 - 2013-05-03 21:14 - 00000000 ____D C:\Users\HNPC1\AppData\Roaming\SpeedyPC Software
2013-05-03 21:14 - 2013-05-03 21:14 - 00000000 ____D C:\Users\HNPC1\AppData\Roaming\DriverCure
2013-05-03 21:12 - 2013-05-03 21:13 - 05706680 ____A (SpeedyPC Software) C:\Users\HNPC1\Desktop\SpeedyPC Pro Installer.exe
2013-05-03 21:12 - 2013-05-03 21:12 - 00001205 ____A C:\Users\HNPC1\Desktop\FixNCR.reg
2013-05-03 20:50 - 2013-05-03 20:50 - 00013453 ____A C:\AdwCleaner[R1].txt
2013-05-03 20:49 - 2013-05-03 20:49 - 00628743 ____A C:\Users\HNPC1\Desktop\adwcleaner.exe
2013-05-03 20:48 - 2013-05-03 20:48 - 00684480 ____A C:\Users\HNPC1\Desktop\DownloadManagerSetup(1).exe
2013-05-03 20:47 - 2013-05-03 20:47 - 00684480 ____A C:\Users\HNPC1\Desktop\DownloadManagerSetup.exe
2013-05-03 20:47 - 2013-05-03 20:47 - 00001120 ____A C:\Users\HNPC1\Desktop\Continue Mipony Download Manager Installation.lnk
2013-05-03 19:28 - 2013-05-03 19:28 - 00002635 ____A C:ProgramData\dzvoir.js
2013-05-03 13:44 - 2013-05-03 23:08 - 95023320 ___AT C:ProgramData\dzvoir.pad
2013-05-03 13:44 - 2013-05-03 23:08 - 00000000 ____A C:ProgramData\as98213.txt
2013-05-03 13:44 - 2013-05-03 13:44 - 00159744 ____A C:ProgramData\riovzd.dat
2013-05-03 13:44 - 2013-05-03 13:44 - 00000152 ____A C:ProgramData\dzvoir.reg
2013-05-03 13:44 - 2013-05-03 13:44 - 00000056 ____A C:ProgramData\dzvoir.bat
2013-05-03 13:31 - 2013-05-03 21:43 - 00000000 ____D C:\Users\HNPC1\AppData\Roaming\WinHost
2013-04-30 19:45 - 2013-04-30 19:45 - 00000000 ____D C:\Users\HNPC1\Documents\CyberLink
2013-04-27 16:16 - 2013-04-27 16:16 - 01769674 ____A C:\Users\HNPC1\Desktop\5012413_20130427_1716_13_attachments.zip
2013-04-27 16:16 - 2013-04-27 16:16 - 00061627 ____A C:\Users\HNPC1\Desktop\5012413_20130427_1716_02_attachments.zip
2013-04-24 07:11 - 2013-04-12 15:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-11 08:36 - 2013-02-21 11:30 - 01766912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-04-11 08:36 - 2013-02-21 11:30 - 01129984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-04-11 08:36 - 2013-02-21 11:29 - 14323200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-04-11 08:36 - 2013-02-21 11:29 - 13761024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-04-11 08:36 - 2013-02-21 11:29 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-04-11 08:36 - 2013-02-21 11:29 - 02046464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-04-11 08:36 - 2013-02-21 11:29 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-04-11 08:36 - 2013-02-21 11:29 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-04-11 08:36 - 2013-02-21 11:29 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-04-11 08:36 - 2013-02-21 11:29 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-04-11 08:36 - 2013-02-21 11:29 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-04-11 08:36 - 2013-02-21 11:29 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-04-11 08:36 - 2013-02-21 11:29 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-04-11 08:36 - 2013-02-21 11:15 - 02240512 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-04-11 08:36 - 2013-02-21 11:15 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-04-11 08:36 - 2013-02-21 11:14 - 19230208 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-04-11 08:36 - 2013-02-21 11:14 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-04-11 08:36 - 2013-02-21 11:14 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-04-11 08:36 - 2013-02-21 11:14 - 02647040 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-04-11 08:36 - 2013-02-21 11:14 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-04-11 08:36 - 2013-02-21 11:14 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-04-11 08:36 - 2013-02-21 11:14 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-04-11 08:36 - 2013-02-21 11:14 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-04-11 08:36 - 2013-02-21 11:14 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-04-11 08:36 - 2013-02-21 11:14 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-04-11 08:36 - 2013-02-21 11:14 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-04-11 08:36 - 2013-02-21 11:14 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-04-11 08:36 - 2013-02-19 13:01 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-04-11 08:36 - 2013-02-19 12:42 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-04-11 08:36 - 2013-02-19 12:10 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-04-11 08:36 - 2013-02-19 11:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-04-11 07:30 - 2013-04-11 07:30 - 01443770 ____A C:\Users\HNPC1\Desktop\documents.zip
2013-04-11 07:26 - 2013-03-01 04:36 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-04-11 07:25 - 2013-03-19 07:04 - 05550424 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-04-11 07:25 - 2013-03-19 06:46 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-04-11 07:25 - 2013-03-19 06:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-04-11 07:25 - 2013-03-19 06:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-04-11 07:25 - 2013-03-19 05:47 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-04-11 07:25 - 2013-03-19 04:06 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-04-11 07:25 - 2013-01-24 07:01 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2013-04-07 21:14 - 2013-04-12 16:23 - 00000000 ____D C:\Users\HNPC1\Desktop\Vater

==================== One Month Modified Files and Folders =======

2013-05-04 00:14 - 2013-05-04 00:14 - 00000000 ____D C:\FRST
2013-05-03 23:08 - 2013-05-03 13:44 - 95023320 ___AT C:ProgramData\dzvoir.pad
2013-05-03 23:08 - 2013-05-03 13:44 - 00000000 ____A C:ProgramData\as98213.txt
2013-05-03 23:08 - 2010-10-02 22:51 - 00001104 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-03 23:06 - 2012-12-29 20:53 - 00012075 ____A C:\Windows\setupact.log
2013-05-03 23:06 - 2011-12-21 17:24 - 00092887 ____A C:\aaw7boot.log
2013-05-03 23:06 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-03 22:49 - 2009-07-14 18:58 - 00657660 ____A C:\Windows\System32\perfh007.dat
2013-05-03 22:49 - 2009-07-14 18:58 - 00131032 ____A C:\Windows\System32\perfc007.dat
2013-05-03 22:49 - 2009-07-14 06:13 - 01507342 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-03 22:31 - 2013-05-03 22:31 - 03795288 ____A (McAfee, Inc.) C:\Users\HNPC1\Desktop\SecurityScan_Release.exe
2013-05-03 22:31 - 2013-05-03 22:31 - 00002160 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-05-03 22:31 - 2013-05-03 22:31 - 00000000 ____D C:ProgramData\McAfee Security Scan
2013-05-03 22:31 - 2013-05-03 22:31 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
2013-05-03 22:20 - 2013-05-03 22:20 - 00044544 ____A (Microsoft Corporation) C:ProgramData\rundll32.exe
2013-05-03 21:49 - 2013-05-03 21:49 - 00001130 ____A C:\Users\Public\Desktop\FileASSASSIN.lnk
2013-05-03 21:44 - 2012-12-29 20:53 - 00137790 ____A C:\Windows\PFRO.log
2013-05-03 21:43 - 2013-05-03 13:31 - 00000000 ____D C:\Users\HNPC1\AppData\Roaming\WinHost
2013-05-03 21:41 - 2013-05-03 21:41 - 00000000 ____D C:\Users\HNPC1\AppData\Roaming\Malwarebytes
2013-05-03 21:40 - 2013-05-03 21:40 - 00001025 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-05-03 21:40 - 2013-05-03 21:40 - 00000000 ____D C:ProgramData\Malwarebytes
2013-05-03 21:40 - 2010-10-02 16:44 - 00000000 ____D C:\Programme (neu)
2013-05-03 21:39 - 2013-05-03 21:39 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\HNPC1\Desktop\mbam-setup-1.75.0.1300.exe
2013-05-03 21:36 - 2013-05-03 21:18 - 00000000 ____D C:\Windows\6B6C4C461B7E4A419E70ACFBB22B1D81.TMP
2013-05-03 21:36 - 2013-05-03 21:14 - 00000000 ____D C:ProgramData\SpeedyPC Software
2013-05-03 21:36 - 2010-10-02 19:23 - 00000000 ____D C:\Windows\System32\appmgmt
2013-05-03 21:18 - 2013-05-03 21:18 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-05-03 21:17 - 2013-05-03 21:17 - 00726464 ____A (Enigma Software Group USA, LLC.) C:\Users\HNPC1\Desktop\SpyHunter-Installer.exe
2013-05-03 21:14 - 2013-05-03 21:14 - 00000000 ____D C:\Users\HNPC1\AppData\Roaming\SpeedyPC Software
2013-05-03 21:14 - 2013-05-03 21:14 - 00000000 ____D C:\Users\HNPC1\AppData\Roaming\DriverCure
2013-05-03 21:13 - 2013-05-03 21:12 - 05706680 ____A (SpeedyPC Software) C:\Users\HNPC1\Desktop\SpeedyPC Pro Installer.exe
2013-05-03 21:12 - 2013-05-03 21:12 - 00001205 ____A C:\Users\HNPC1\Desktop\FixNCR.reg
2013-05-03 20:50 - 2013-05-03 20:50 - 00013453 ____A C:\AdwCleaner[R1].txt
2013-05-03 20:49 - 2013-05-03 20:49 - 00628743 ____A C:\Users\HNPC1\Desktop\adwcleaner.exe
2013-05-03 20:48 - 2013-05-03 20:48 - 00684480 ____A C:\Users\HNPC1\Desktop\DownloadManagerSetup(1).exe
2013-05-03 20:47 - 2013-05-03 20:47 - 00684480 ____A C:\Users\HNPC1\Desktop\DownloadManagerSetup.exe
2013-05-03 20:47 - 2013-05-03 20:47 - 00001120 ____A C:\Users\HNPC1\Desktop\Continue Mipony Download Manager Installation.lnk
2013-05-03 20:06 - 2011-12-21 08:50 - 00000064 ____A C:\Windows\SysWOW64\rp_stats.dat
2013-05-03 20:06 - 2011-12-21 08:50 - 00000044 ____A C:\Windows\SysWOW64\rp_rules.dat
2013-05-03 19:28 - 2013-05-03 19:28 - 00002635 ____A C:ProgramData\dzvoir.js
2013-05-03 15:08 - 2009-08-19 12:46 - 01718124 ____A C:\Windows\WindowsUpdate.log
2013-05-03 15:08 - 2009-07-14 05:45 - 00010256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-03 15:08 - 2009-07-14 05:45 - 00010256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-03 15:00 - 2012-12-29 20:32 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-03 14:39 - 2010-10-02 22:51 - 00001108 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-03 13:44 - 2013-05-03 13:44 - 00159744 ____A C:ProgramData\riovzd.dat
2013-05-03 13:44 - 2013-05-03 13:44 - 00000152 ____A C:ProgramData\dzvoir.reg
2013-05-03 13:44 - 2013-05-03 13:44 - 00000056 ____A C:ProgramData\dzvoir.bat
2013-05-02 19:45 - 2013-01-08 19:26 - 00000000 ____D C:\Users\HNPC1\Documents\Outlook-Dateien
2013-05-02 19:44 - 2011-11-15 22:36 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-04-30 19:45 - 2013-04-30 19:45 - 00000000 ____D C:\Users\HNPC1\Documents\CyberLink
2013-04-28 15:53 - 2013-01-05 16:25 - 00000000 ____D C:\Users\HNPC1\AppData\Roaming\HpUpdate
2013-04-28 15:33 - 2012-11-17 23:27 - 00000000 ____D C:\Users\HNPC1\Desktop\Malediven
2013-04-27 16:16 - 2013-04-27 16:16 - 01769674 ____A C:\Users\HNPC1\Desktop\5012413_20130427_1716_13_attachments.zip
2013-04-27 16:16 - 2013-04-27 16:16 - 00061627 ____A C:\Users\HNPC1\Desktop\5012413_20130427_1716_02_attachments.zip
2013-04-24 07:10 - 2013-01-01 13:06 - 00000000 ____D C:\Users\HNPC1\Desktop\CKW
2013-04-21 20:19 - 2013-01-23 21:06 - 00000000 ____D C:\Users\HNPC1\Desktop\Ant
2013-04-15 19:37 - 2012-07-05 20:22 - 00000000 ____D C:\Users\HNPC1\Desktop\Sansan
2013-04-12 16:23 - 2013-04-07 21:14 - 00000000 ____D C:\Users\HNPC1\Desktop\Vater
2013-04-12 15:45 - 2013-04-24 07:11 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-12 15:12 - 2012-12-29 20:32 - 00691592 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-04-12 15:12 - 2012-12-29 20:11 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-04-12 15:12 - 2010-10-02 17:52 - 00000000 ____D C:ProgramData\Adobe
2013-04-12 14:59 - 2012-12-29 20:53 - 03030032 ____A C:\Windows\System32\FNTCACHE.DAT
2013-04-11 08:37 - 2010-10-06 17:52 - 00000000 ____D C:ProgramData\Microsoft Help
2013-04-11 08:37 - 2010-10-02 01:06 - 72702784 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-04-11 07:37 - 2011-09-25 17:53 - 00000000 ____D C:\Users\HNPC1\Desktop\SBB
2013-04-11 07:30 - 2013-04-11 07:30 - 01443770 ____A C:\Users\HNPC1\Desktop\documents.zip
2013-04-11 07:26 - 2011-09-18 14:42 - 00000000 ____D C:\Users\HNPC1\Desktop\Swisscom
2013-04-07 21:14 - 2013-03-27 21:41 - 00000000 ____D C:\Users\HNPC1\Desktop\Thailand
2013-04-07 20:02 - 2012-12-29 21:08 - 00019938 ____A C:\Windows\IE10_main.log
2013-04-04 13:50 - 2013-05-03 21:40 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

Other Malware:
===========
C:\Users\HNPC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\\msconfig.lnk

==================== Known DLLs (Whitelisted) ================

C:\Windows\System32\olecli32.dll IS MISSING <==== ATTENTION!
[2009-07-14 00:44] - [2009-07-14 02:16] - 0080384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\olecli32.dll
C:\Windows\System32\olecnv32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\olecnv32.dll IS MISSING <==== ATTENTION!
C:\Windows\System32\olesvr32.dll IS MISSING <==== ATTENTION!
[2009-07-14 00:43] - [2009-07-14 02:16] - 0028672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\olesvr32.dll
C:\Windows\System32\olethk32.dll IS MISSING <==== ATTENTION!
[2011-05-02 09:06] - [2010-11-20 13:20] - 0077824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\olethk32.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== BCD ================================

Windows-Start-Manager
---------------------
Bezeichner              {bootmgr}
device                  partition=C:
description             Windows Boot Manager
locale                  de-DE
inherit                 {globalsettings}
default                 {default}
resumeobject            {fd5a51a0-cdbd-11df-8573-f58f51f0d469}
displayorder            {default}
toolsdisplayorder       {memdiag}
timeout                 3

Windows-Startladeprogramm
-------------------------
Bezeichner              {default}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  de-DE
inherit                 {bootloadersettings}
recoverysequence        {current}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {fd5a51a0-cdbd-11df-8573-f58f51f0d469}
nx                      OptIn
detecthal               Yes

Windows-Startladeprogramm
-------------------------
Bezeichner              {current}
device                  ramdisk=[C:]\Recovery\fd5a51a2-cdbd-11df-8573-f58f51f0d469\Winre.wim,{fd5a51a3-cdbd-11df-8573-f58f51f0d469}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\fd5a51a2-cdbd-11df-8573-f58f51f0d469\Winre.wim,{fd5a51a3-cdbd-11df-8573-f58f51f0d469}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner              {fd5a51a0-cdbd-11df-8573-f58f51f0d469}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  de-DE
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows-Speichertestprogramm
----------------------------
Bezeichner              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows-Speicherdiagnose
locale                  de-DE
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS-Einstellungen
-----------------
Bezeichner              {emssettings}
bootems                 Yes

Debuggereinstellungen
---------------------
Bezeichner              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM-Defekte
-----------
Bezeichner              {badmemory}

Globale Einstellungen
---------------------
Bezeichner              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Startladeprogramm-Einstellungen
-------------------------------
Bezeichner              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisoreinstellungen
-------------------
Bezeichner              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner              {resumeloadersettings}
inherit                 {globalsettings}

Ger„teoptionen
--------------
Bezeichner              {fd5a51a3-cdbd-11df-8573-f58f51f0d469}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\fd5a51a2-cdbd-11df-8573-f58f51f0d469\boot.sdi


==================== Memory info =========================== 

Percentage of memory in use: 17%
Total physical RAM: 3831.49 MB
Available physical RAM: 3172.82 MB
Total Pagefile: 3829.64 MB
Available Pagefile: 3188.31 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: (WinPro) (Fixed) (Total:111.79 GB) (Free:37.45 GB) NTFS (Disk=3 Partition=1) ==>[Drive with boot components (obtained from BCD)]
Drive e: ((XP) Programme ) (Fixed) (Total:29.29 GB) (Free:21.36 GB) NTFS (Disk=2 Partition=1)
Drive g: ((XP) Dateien II ) (Fixed) (Total:95.33 GB) (Free:59.81 GB) NTFS (Disk=1 Partition=2)
Drive h: ((XP) Dateien ) (Fixed) (Total:82.49 GB) (Free:64.61 GB) NTFS (Disk=2 Partition=2)
Drive i: (Dateien (I)) (Fixed) (Total:440.2 GB) (Free:377.08 GB) NTFS (Disk=0 Partition=2)
Drive j: (Dateien (II)) (Fixed) (Total:491.21 GB) (Free:444.1 GB) NTFS (Disk=0 Partition=3)
Drive r: () (Removable) (Total:3.8 GB) (Free:3.8 GB) FAT32 (Disk=9 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.08 GB) NTFS (Disk=0 Partition=1)

  Datentr„ger ###  Status         Gr”áe    Frei     Dyn  GPT
  ---------------  -------------  -------  -------  ---  ---
  Datentr„ger 0    Online          931 GB      0 B         
  Datentr„ger 1    Online          149 GB     8 MB         
  Datentr„ger 2    Online          111 GB     8 MB         
  Datentr„ger 3    Online          111 GB      0 B         
  Datentr„ger 4    Kein Medium        0 B      0 B         
  Datentr„ger 5    Kein Medium        0 B      0 B         
  Datentr„ger 6    Kein Medium        0 B      0 B         
  Datentr„ger 7    Kein Medium        0 B      0 B         
  Datentr„ger 8    Kein Medium        0 B      0 B         
  Datentr„ger 9    Online         3900 MB      0 B         

Partitions of Disk 0:
===============

Datentr„ger-ID: 71ED8D7B

  Partition ###  Typ               GrӇe    Offset
  -------------  ----------------  -------  -------
  Partition 1    Prim„r             100 MB  1024 KB
  Partition 2    Prim„r             440 GB   101 MB
  Partition 3    Prim„r             491 GB   440 GB

==================================================================================

Disk: 0
Partition 1
Typ      : 07
Versteckt: Nein
Aktiv    : Ja

  Volume ###  Bst  Bezeichnung  DS     Typ         GrӇe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     Y   System-rese  NTFS   Partition    100 MB  Fehlerfre          

=========================================================

Disk: 0
Partition 2
Typ      : 07
Versteckt: Nein
Aktiv    : Nein

  Volume ###  Bst  Bezeichnung  DS     Typ         GrӇe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     I   Dateien (I)  NTFS   Partition    440 GB  Fehlerfre          

=========================================================

Disk: 0
Partition 3
Typ      : 07
Versteckt: Nein
Aktiv    : Nein

  Volume ###  Bst  Bezeichnung  DS     Typ         GrӇe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4     J   Dateien (II  NTFS   Partition    491 GB  Fehlerfre          

=========================================================

Partitions of Disk 1:
===============

Datentr„ger-ID: 18B918B8

  Partition ###  Typ               GrӇe    Offset
  -------------  ----------------  -------  -------
  Partition 1    Prim„r              53 GB    31 KB
  Partition 0    Erweitert           95 GB    53 GB
  Partition 2    Logisch             95 GB    53 GB

==================================================================================

Disk: 1
Partition 1
Typ      : 07
Versteckt: Nein
Aktiv    : Ja

  Volume ###  Bst  Bezeichnung  DS     Typ         GrӇe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 5         (XP) Window  NTFS   Partition     53 GB  Fehlerfre          

=========================================================

Disk: 1
Partition 2
Typ      : 07
Versteckt: Nein
Aktiv    : Nein

  Volume ###  Bst  Bezeichnung  DS     Typ         GrӇe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 6     G   (XP) Dateie  NTFS   Partition     95 GB  Fehlerfre          

=========================================================

Partitions of Disk 2:
===============

Datentr„ger-ID: F681F681

  Partition ###  Typ               GrӇe    Offset
  -------------  ----------------  -------  -------
  Partition 1    Prim„r              29 GB    31 KB
  Partition 0    Erweitert           82 GB    29 GB
  Partition 2    Logisch             82 GB    29 GB

==================================================================================

Disk: 2
Partition 1
Typ      : 07
Versteckt: Nein
Aktiv    : Nein

  Volume ###  Bst  Bezeichnung  DS     Typ         GrӇe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 7     E   (XP) Progra  NTFS   Partition     29 GB  Fehlerfre          

=========================================================

Disk: 2
Partition 2
Typ      : 07
Versteckt: Nein
Aktiv    : Nein

  Volume ###  Bst  Bezeichnung  DS     Typ         GrӇe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 8     H   (XP) Dateie  NTFS   Partition     82 GB  Fehlerfre          

=========================================================

Partitions of Disk 3:
===============

Datentr„ger-ID: E9A523B4

  Partition ###  Typ               GrӇe    Offset
  -------------  ----------------  -------  -------
  Partition 1    Prim„r             111 GB  1024 KB

==================================================================================

Disk: 3
Partition 1
Typ      : 07
Versteckt: Nein
Aktiv    : Ja

  Volume ###  Bst  Bezeichnung  DS     Typ         GrӇe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 9     C   WinPro       NTFS   Partition    111 GB  Fehlerfre          

=========================================================

Partitions of Disk 9:
===============

Datentr„ger-ID: 00000000

  Partition ###  Typ               GrӇe    Offset
  -------------  ----------------  -------  -------
  Partition 1    Prim„r            3899 MB   380 KB

==================================================================================

Disk: 9
Partition 1
Typ      : 0B
Versteckt: Nein
Aktiv    : Nein

  Volume ###  Bst  Bezeichnung  DS     Typ         GrӇe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 15    R                FAT32  Wechselmed  3899 MB  Fehlerfre          

=========================================================
============================== MBR & Partition Table ==================

====================================================================
Disk: 0 (Size: 932 GB) (Disk ID: 71ED8D7B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=440 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=491 GB) - (Type=07 NTFS)

====================================================================
Disk: 1 (Size: 149 GB) (Disk ID: 18B918B8)
Partition 1: (Active) - (Size=54 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=95 GB) - (Type=OF Extended)

====================================================================
Disk: 2 (Size: 112 GB) (Disk ID: F681F681)
Partition 1: (Not Active) - (Size=29 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=82 GB) - (Type=OF Extended)

====================================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: E9A523B4)
Partition 1: (Active) - (Size=112 GB) - (Type=07 NTFS)

====================================================================
Disk: 9 (Size: 4 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)


Last Boot: 2013-04-22 07:45

==================== End Of Log ============================
         

 

Themen zu JS/Ransom-ABJ Trojaner
ad-aware, association, bildschirm, bootmgr, browser, continue, desktop, dllhost.exe, enigma, entfernen, explorer, farbar recovery scan tool, flash player, fontcache, frst.txt, google, java/exploit.agent.obl, js/ransom-abj, lws.exe, mipony, ms office 2010, msiexec.exe, netzwerk, opera, policyagent, realtek, registry, scan, security, services.exe, software, system, trojan.agent, trojaner, win32/kryptik.badu, win32/reveton.m, winlogon.exe, wmi




Ähnliche Themen: JS/Ransom-ABJ Trojaner


  1. Bundestrojaner (JS/Ransom-ABJ Trojaner)
    Log-Analyse und Auswertung - 14.06.2013 (5)
  2. GVU Trojaner - Trojan.Ransom.RRE
    Log-Analyse und Auswertung - 13.05.2013 (19)
  3. BKA Trojaner (Trojan.ransom)
    Plagegeister aller Art und deren Bekämpfung - 02.03.2013 (18)
  4. Trojaner: Ransom und PUM.UserWLoad
    Plagegeister aller Art und deren Bekämpfung - 14.02.2013 (30)
  5. GVU Ransom Trojaner
    Plagegeister aller Art und deren Bekämpfung - 08.01.2013 (36)
  6. (2x) BKA Trojaner (Trojan.ransom)
    Mülltonne - 05.12.2012 (1)
  7. Ransom Trojaner
    Log-Analyse und Auswertung - 05.09.2012 (12)
  8. Trojaner Ransom
    Plagegeister aller Art und deren Bekämpfung - 12.08.2012 (23)
  9. GVU Ransom/Trojaner v2.07 (Win7 64)
    Log-Analyse und Auswertung - 08.08.2012 (2)
  10. TR/Ransom.294912 (Antivir) / Trojan-Ransom.Win32.Gimemo.vyp (Kaspersky)
    Log-Analyse und Auswertung - 20.07.2012 (18)
  11. Trojaner.Ransom dringend!
    Log-Analyse und Auswertung - 16.03.2012 (9)
  12. Wie beseitige ich den Trojaner TR/Ransom.EJ.80 ?
    Log-Analyse und Auswertung - 15.03.2012 (23)
  13. Trojaner ransom.ej
    Plagegeister aller Art und deren Bekämpfung - 15.02.2012 (1)
  14. Trojaner Ransom EJ
    Plagegeister aller Art und deren Bekämpfung - 14.02.2012 (1)
  15. Ransom-Trojaner
    Log-Analyse und Auswertung - 09.02.2012 (9)
  16. Trojaner Win32/ransom.ej
    Log-Analyse und Auswertung - 21.01.2012 (3)
  17. Trojaner Ransom EJ
    Log-Analyse und Auswertung - 10.01.2012 (24)

Zum Thema JS/Ransom-ABJ Trojaner - Hoi zäme Ich hoffe Ihr könnt mir helfen mit einem Trojaner, welchen ich mir eingefangen habe und welcher mich aus dem System aussperrt. Ich bin zufällig beim stöbern heute über - JS/Ransom-ABJ Trojaner...
Archiv
Du betrachtest: JS/Ransom-ABJ Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.