Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
GVU Trojaner Windows 7

GVU Trojaner Windows 7


Plagegeister aller Art und deren Bekämpfung: GVU Trojaner Windows 7

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 01.09.2013, 12:30   #1
Sirkillalot
 
GVU Trojaner Windows 7 - Standard

GVU Trojaner Windows 7


Guten morgen,

habe mir gestern leider den GVU Trojaner zugezogen auf einem Laptop mit Windows 7 32Bit
STRG+ALT+Entf funktioniert bei gesperrten Bildschirm nicht. bei den Abgesicherten Modi fährt der Laptop gleich wieder runter
Habe wie schon in vielen Threads gelesen das FRST Tool im Reparaturmodus durchlaufen lassen. Hier der Code:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-08-2013 04
Ran by SYSTEM on MININT-1SG7KU2 on 01-09-2013 13:26:53
Running from F:\
Windows 7 Professional (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4562944 2009-07-17] (Dell Inc.)
HKLM\...\Run: [DBRMTray] - C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [203776 2009-11-12] (Microsoft)
HKLM\...\Run: [AVK Client] - C:\Program Files\G DATA\AVKClient\AVKCl.exe [1800696 2012-02-28] (G Data Software AG)
HKLM\...\Run: [DataCardMonitor] - C:\Program Files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe [253952 2010-05-06] (Huawei Technologies Co., Ltd.)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [217088 2009-06-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM\...\RunOnce: [DBRMTray] - C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2009-10-17] (Microsoft)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\efs\...\Run: [HW_OPENEYE_OUC_] - C:\Program Files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe [ 2009-12-31] (Huawei Technologies Co., Ltd.)
HKU\efs\...\Run: [ISUSScheduler] - C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe [ 2008-10-24] (Macrovision Corporation)
HKU\efs\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2010-04-16] (Google Inc.)
HKU\efs\...\Run: [ISUSPM Startup] - c:\progra~1\common~1\instal~1\update~1\isuspm.exe [ 2004-06-16] (InstallShield Software Corporation)
HKU\efs\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\efs\AppData\Local\Temp\gtaxdbiwqwvvdqbjv.exe [ 2013-08-31] (Valve Corporation) <===== ATTENTION
HKU\efs\...\Winlogon: [Shell] cmd.exe [ 2010-11-20] (Microsoft Corporation) <==== ATTENTION 
HKU\efs\...\Command Processor: "C:\Users\efs\AppData\Local\Temp\gtaxdbiwqwvvdqbjv.exe" <===== ATTENTION!
Lsa: [Notification Packages] scecli DPPWDFLT

========================== Services (Whitelisted) =================

S2 AntiVirusKit Client; C:\Program Files\G DATA\AVKClient\AvkCl.exe [1800696 2012-02-28] (G Data Software AG)
S2 AVKProxy; C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe [1501192 2012-02-29] (G Data Software AG)
S2 AVKWCtl; C:\Program Files\G DATA\AVKClient\AVKWCtl.exe [1554696 2012-02-28] (G Data Software AG)
S2 BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2847696 2013-07-26] ()
S3 GDBackupSvc; C:\Program Files\G DATA\AVKClient\AVKBackupService.exe [1498616 2012-02-28] (G Data Software AG)
S3 GDScan; C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe [459784 2012-02-29] (G Data Software AG)
S2 MSSQL$PEAREPVLIGHT; C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S2 O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [65536 2007-02-12] (O2Micro International)
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_25c3c9ef676ad202\STacSV.exe [229458 2009-11-06] (IDT, Inc.)
S2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3086848 2009-07-17] (Dell Inc.)
S2 msftesql$SQLEXPRESS; "c:\Program Files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\msftesql.exe" -s:MSSQL.3 -f:SQLEXPRESS [x]

==================== Drivers (Whitelisted) ====================

S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2009-07-17] (Broadcom Corporation)
S0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S3 FTD2XX; C:\Windows\System32\Drivers\OPCOMUSB.sys [34639 2005-12-15] (FTDI Ltd.)
S0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [40440 2012-07-30] (G Data Software AG)
S1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [79992 2012-07-30] (G Data Software AG)
S1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd32.sys [54648 2012-07-30] (G Data Software AG)
S1 GRD; C:\Windows\system32\drivers\GRD.sys [30416 2012-07-30] (G Data Software)
S1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [41336 2012-07-30] (G Data Software AG)
S3 O2MDGRDR; C:\Windows\System32\DRIVERS\o2mdg.sys [58528 2009-05-22] (O2Micro )
S3 O2SDGRDR; C:\Windows\System32\DRIVERS\o2sdg.sys [41504 2009-05-07] (O2Micro )
S3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerflt.sys [8064 2008-05-02] (Windows (R) Codename Longhorn DDK provider)
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [361728 2007-01-29] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [39680 2007-01-29] (eMPIA Technology, Inc.)
S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys [8064 2008-05-02] (Windows (R) Codename Longhorn DDK provider)
S5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [198656 2009-10-21] (Huawei Technologies Co., Ltd.)
S3 SPLITCAM; system32\DRIVERS\splitcam.sys [x]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 9EBBBA55060F786F0FCAA3893BFA2806
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D320BF87125326F996D4904FE24300FC
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 46387FB17B086D16DEA267D5BE23A2F2
C:\Windows\System32\DRIVERS\Apfiltr.sys D7723A101C5CB4C0FA979E4DDA732EC0
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\system32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bxvbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
C:\Windows\System32\drivers\BCM42RLY.sys EB4434444E2721D721A8AC8D5D2AD26B
C:\Windows\System32\DRIVERS\bcmwl6.sys 919832D1A7D067119CD5EE29BA76327A
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\drivers\BMLoad.sys D002033C1A37F6AF51B5F0BA6D0211BC
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 42F158036BD4C2FF3122BF142E60E6FD
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ssudbus.sys 649705E3DAE598BC0F957BACBF9A2BD5
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 16498EBC04AE9DD07049A8884B205C05
C:\Windows\system32\DRIVERS\evbdx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legitB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05
C:\Windows\System32\Drivers\OPCOMUSB.sys 07A83A2E070357075C2056810C67C9E4
C:\Windows\System32\DRIVERS\fvevol.sys E306A24D9694C724FA2491278BF50FDB
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\drivers\GDBehave.sys 5DB6C6A2C2AE83A0FB31E4EF15734C81
C:\Windows\system32\drivers\MiniIcpt.sys 8DDD1D3ACFBF1C4335C2CC754154D2BF
C:\Windows\System32\drivers\gdwfpcd32.sys 4765C456E73235558D35894F48061478
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 185ADA973B5020655CEE342059A86CBB
C:\Windows\system32\drivers\GRD.sys AC996FC18469CD69DF855FCB77F6424E
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HookCentre.sys 039F9BC5D866C1E889E720805359D2B0
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ewusbmdm.sys 988C0A49F09D75D3341CB419141793C1
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ewusbdev.sys A259D3619AA23D4562581067F85E2006
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys D483687EACE0C065EE772481A96E05F5
C:\Windows\system32\drivers\iaStorV.sys 5CD5F9A5444E6CDCB0AC89BD62D8B76E
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys B7895B4182C0D16F6EFADEB8081E8D36
C:\Windows\System32\Drivers\ksecpkg.sys 5FE1ABF1AF591A3458C9CF24ED9A4D35
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys 5D16C921E3671636C0EBA3BBAAC5FD25
C:\Windows\System32\DRIVERS\mrxsmb10.sys 6D17A4791ACA19328C685D256349FEFC
C:\Windows\System32\DRIVERS\mrxsmb20.sys B81F204D146000BE76651A50670A5E9E
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\Drivers\nx6000.sys 5119FFC2A6B51089CDB0EFDC75808C97
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 8C9C922D71F1CD4DEF73F186416B7896
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netaapl.sys 1352E1648213551923A0A822E441553C
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\drivers\ccdcmb.sys C82F4CC10AD315B6D6BCB14D0A7CAD66
C:\Windows\System32\drivers\ccdcmbo.sys 60EF5F5621D7832F00A3F190A0C905E2
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 5E43D2B0EE64123D4880DFA6626DEFDE
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvlddmkm.sys 77D0AF324BD10EF2C07882C3A2DD4966
C:\Windows\system32\drivers\nvraid.sys B3E25EE28883877076E0E1FF877D02E0
C:\Windows\system32\drivers\nvstor.sys 4380E59A170D88C4F1022EFF6719A8A4
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\o2mdg.sys 07AD3CDDF8984F56652CCE6BE8946526
C:\Windows\System32\DRIVERS\o2sdg.sys 45E4FE55DB8C0549B8CEF1B107F87B70
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B
C:\Windows\system32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\Drivers\PxHelp20.sys 40FEDD328F98245AD201CF5F9F311724
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 65375DF758CA1872AB7EBBBA457FD5E6
C:\Windows\System32\Drivers\RDPWD.sys F031683E6D1FEA157ABB2FF260B51E61
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RimUsb.sys F17713D108ACA124A139FDE877EEF68A
C:\Windows\System32\DRIVERS\RimSerial.sys 2C4FB2E9F039287767C384E46EE91030
C:\Windows\System32\Drivers\RootMdm.sys 564297827D213F52C7A3A2FF749568CA
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt86win7.sys 5283B9A27FF230F2FF70D92451FF409A
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys E4C2764065D66EA1D2D3EBC28FE99C46
C:\Windows\System32\DRIVERS\srv2.sys 03F0545BD8D4C77FA0AE1CEEDFCC71AB
C:\Windows\System32\DRIVERS\srvnet.sys BE6BD660CAA6F291AE06A718A4FA8ABC
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\stwrt.sys 0F3B1FA9E46BDD5B7A083341F445C263
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 4E8B9BE71B807B3BAEDB7F4243F85E3C
C:\Windows\System32\DRIVERS\tcpip.sys 4E8B9BE71B807B3BAEDB7F4243F85E3C
C:\Windows\System32\Drivers\tcpipBM.sys DCFEB82CA988598CEB8F83148616038E
C:\Windows\System32\drivers\tcpipreg.sys 3EEBD3BD93DA46A26E89893C7AB2FF3B
C:\Windows\System32\Drivers\tcusb.sys 56F3F2EA80865A888192F556DDA98155
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys B37B08F2E5EEB1A37E448E09BACE1101
C:\Windows\System32\drivers\tsusbflt.sys 9CE253214ACAA5A7D323327D2055EFAA
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbser_lowerflt.sys BB16932A4189E82D6C455042C11849B6
C:\Windows\System32\DRIVERS\emBDA.sys 9B01CE1EDA6AD1ACFD4F865D6CB0A790
C:\Windows\System32\DRIVERS\emOEM.sys C93E4F6BD1CBD163662E7C9BE021B895
C:\Windows\System32\Drivers\usbaapl.sys 6E421CCC57059B0186C6259CA3B6DFC9
C:\Windows\system32\drivers\usbaudio.sys 1D9F2BD026E8E2D45033A4DF3F16B78C
C:\Windows\System32\DRIVERS\usbccgp.sys BD9C55D7023C5DE374507ACC7A14E2AC
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys F92DE757E4B7CE9C07C5E65423F3AE3B
C:\Windows\System32\DRIVERS\usbhub.sys 8DC94AEC6A7E644A06135AE7506DC2E9
C:\Windows\system32\drivers\usbohci.sys E185D44FAC515A18D9DEDDC23C2CDF44
C:\Windows\system32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\drivers\usbser.sys 31181DE6190B39FC8007DFFD1A48FFD6
C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys E748D50B3B2EC7F40A2BA67FB094CF01
C:\Windows\System32\DRIVERS\USBSTOR.SYS F991AB9CC6B908DB552166768176896A
C:\Windows\System32\DRIVERS\usbuhci.sys 68DF884CF41CDADA664BEB01DAF67E3D
C:\Windows\System32\Drivers\usbvideo.sys 45F4E7BF43DB40A6C6B4D92C76CBC3F2
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viac7.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys 7090D3436EEB4E7DA3373090A23448F7
C:\Windows\System32\DRIVERS\vwifimp.sys A3F04CBEA6C2A10E6CB01F8B47611882
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys A840213F1ACDCC175B4D1D5AAEAC0D7A
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys A67E5F9A400F3BD1BE3D80613B45F708
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-31 19:12 - 2013-08-31 19:12 - 00163104 _____ C:\Users\efs\AppData\Roaming\2433f433
2013-08-31 19:12 - 2013-08-31 19:12 - 00163060 _____ C:\ProgramData\2433f433
2013-08-31 19:12 - 2013-08-31 19:12 - 00163043 _____ C:\Users\efs\AppData\Local\2433f433
2013-08-27 07:45 - 2013-08-27 07:45 - 00000000 ____D C:\Users\efs\Desktop\Urlaub
2013-08-20 06:49 - 2013-08-20 06:49 - 00001755 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-20 06:49 - 2013-08-20 06:49 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-20 06:49 - 2013-08-20 06:49 - 00000000 ____D C:\Program Files\iTunes
2013-08-20 06:49 - 2013-08-20 06:49 - 00000000 ____D C:\Program Files\iPod
2013-08-18 19:22 - 2013-07-26 04:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-08-18 19:22 - 2013-07-26 04:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-08-18 19:22 - 2013-07-26 04:13 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-08-18 19:22 - 2013-07-26 04:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-08-18 19:22 - 2013-07-26 04:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-08-18 19:22 - 2013-07-26 04:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-08-18 19:22 - 2013-07-26 04:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-08-18 19:22 - 2013-07-26 04:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-08-18 19:22 - 2013-07-26 04:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-08-18 19:22 - 2013-07-26 04:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-08-18 19:22 - 2013-07-26 04:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-08-18 19:22 - 2013-07-26 04:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-08-18 19:22 - 2013-07-26 04:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-08-18 19:22 - 2013-07-26 03:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-08-18 19:22 - 2013-07-26 02:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-18 19:21 - 2013-07-26 04:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-08-15 18:03 - 2013-07-25 09:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-08-15 18:03 - 2013-07-19 02:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-08-15 18:03 - 2013-07-09 06:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-08-15 18:03 - 2013-07-09 06:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-08-15 18:03 - 2013-07-09 05:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-08-15 18:03 - 2013-07-09 05:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-08-15 18:03 - 2013-07-09 05:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2013-08-15 18:03 - 2013-07-09 05:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-08-15 18:03 - 2013-07-09 05:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-08-15 18:03 - 2013-07-09 05:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-08-15 18:03 - 2013-07-06 06:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-08-15 18:03 - 2013-06-15 04:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys
2013-08-13 13:03 - 2013-08-13 13:08 - 00023552 _____ C:\Users\efs\Desktop\Urlaubsantrag.xls
2013-08-03 18:14 - 2013-08-18 19:31 - 00000000 ____D C:\Windows\System32\MRT

==================== One Month Modified Files and Folders =======

2013-08-31 20:43 - 2009-07-14 05:55 - 01360126 _____ C:\Windows\WindowsUpdate.log
2013-08-31 20:35 - 2013-02-20 11:26 - 00011536 _____ C:\Windows\setupact.log
2013-08-31 19:12 - 2013-08-31 19:12 - 00163104 _____ C:\Users\efs\AppData\Roaming\2433f433
2013-08-31 19:12 - 2013-08-31 19:12 - 00163060 _____ C:\ProgramData\2433f433
2013-08-31 19:12 - 2013-08-31 19:12 - 00163043 _____ C:\Users\efs\AppData\Local\2433f433
2013-08-30 06:42 - 2009-07-14 05:34 - 00014256 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-30 06:42 - 2009-07-14 05:34 - 00014256 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-27 09:42 - 2012-07-20 09:42 - 00000000 ____D C:\Users\efs\Desktop\Bilder frima
2013-08-27 09:30 - 2012-12-10 13:32 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-08-27 07:45 - 2013-08-27 07:45 - 00000000 ____D C:\Users\efs\Desktop\Urlaub
2013-08-27 06:28 - 2013-05-05 16:02 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-23 08:20 - 2012-07-27 09:53 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-08-23 08:20 - 2012-07-27 09:53 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-08-23 07:20 - 2010-04-09 05:59 - 00391268 _____ C:\Windows\System32\PerfStringBackup.INI
2013-08-20 07:18 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-20 06:57 - 2013-06-04 08:25 - 00000000 ____D C:\Users\efs\AppData\Roaming\Apple Computer
2013-08-20 06:51 - 2013-06-05 03:39 - 00008060 _____ C:\Windows\PFRO.log
2013-08-20 06:49 - 2013-08-20 06:49 - 00001755 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-20 06:49 - 2013-08-20 06:49 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-20 06:49 - 2013-08-20 06:49 - 00000000 ____D C:\Program Files\iTunes
2013-08-20 06:49 - 2013-08-20 06:49 - 00000000 ____D C:\Program Files\iPod
2013-08-20 06:49 - 2013-06-04 08:23 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-08-18 19:32 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-08-18 19:31 - 2013-08-03 18:14 - 00000000 ____D C:\Windows\System32\MRT
2013-08-18 19:28 - 2010-04-15 17:51 - 75778376 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-08-18 19:28 - 2010-04-09 06:03 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-14 07:59 - 2009-07-14 03:04 - 00000760 _____ C:\Windows\win.ini
2013-08-13 19:41 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\LogFiles
2013-08-13 13:08 - 2013-08-13 13:03 - 00023552 _____ C:\Users\efs\Desktop\Urlaubsantrag.xls
2013-08-09 12:16 - 2012-09-28 11:13 - 00000000 ____D C:\Users\efs\Desktop\Bgva 3 Protikolle
2013-08-06 08:47 - 2013-06-04 08:54 - 00000000 ____D C:\ProgramData\BrowserDefender

Files to move or delete:
====================
C:\Users\efs\AppData\Local\Temp\gtaxdbiwqwvvdqbjv.exe
C:\Users\administrator\AppData\Local\Temp\atl80.dll
C:\Users\administrator\AppData\Local\Temp\mfc80.dll
C:\Users\administrator\AppData\Local\Temp\mfc80u.dll
C:\Users\administrator\AppData\Local\Temp\mfcm80.dll
C:\Users\administrator\AppData\Local\Temp\mfcm80u.dll
C:\Users\administrator\AppData\Local\Temp\msvcm80.dll
C:\Users\administrator\AppData\Local\Temp\msvcp80.dll
C:\Users\administrator\AppData\Local\Temp\msvcr80.dll
C:\Users\administrator\AppData\Local\Temp\TmDbg32.dll
C:\Users\efs\AppData\Local\Temp\AutoRun.exe
C:\Users\efs\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\efs\AppData\Local\Temp\bstrapInstall.exe
C:\Users\efs\AppData\Local\Temp\gtaxdbiwqwvvdqbjv.dll
C:\Users\efs\AppData\Local\Temp\VSD1E5B.tmp\setup-de.exe
C:\Users\efs\AppData\Local\Temp\VSD1E5B.tmp\vcredist_2008_x86\vcredist_x86.exe
C:\Users\efs\AppData\Local\Temp\VSD1E5B.tmp\DotNetFX40\dotNetFx40LP_Full_x86_x64de.exe
C:\Users\efs\AppData\Local\Temp\VSD1E5B.tmp\DotNetFX40\dotNetFx40_Full_x86_x64.exe
C:\Users\efs\AppData\Local\Temp\TeamViewer\Version7\TeamViewer_Desktop.exe
C:\Users\efs\AppData\Local\Temp\TeamViewer\Version7\TeamViewer_Resource_de.dll
C:\Users\efs\AppData\Local\Temp\TeamViewer\Version7\TeamViewer_Service.exe
C:\Users\efs\AppData\Local\Temp\TeamViewer\Version7\TeamViewer_StaticRes.dll
C:\Users\efs\AppData\Local\Temp\TeamViewer\Version7\tv_w32.dll
C:\Users\efs\AppData\Local\Temp\TeamViewer\Version7\tv_w32.exe
C:\Users\efs\AppData\Local\Temp\TeamViewer\Version7\tv_x64.dll
C:\Users\efs\AppData\Local\Temp\TeamViewer\Version7\tv_x64.exe
C:\Users\efs\AppData\Local\Temp\ckz_L0WK\DPInstx64.exe
C:\Users\efs\AppData\Local\Temp\ckz_L0WK\DPInstx86.exe
C:\Users\efs\AppData\Local\Temp\ckz_L0WK\DPInst_Monx64.exe
C:\Users\efs\AppData\Local\Temp\ckz_L0WK\DPInst_Monx86.exe
C:\Users\efs\AppData\Local\Temp\ckz_L0WK\OS_Detect.exe
C:\Users\efs\AppData\Local\Temp\ckz_L0WK\i386\ftbusui.dll
C:\Users\efs\AppData\Local\Temp\ckz_L0WK\i386\ftcserco.dll
C:\Users\efs\AppData\Local\Temp\ckz_L0WK\i386\ftd2xx.dll
C:\Users\efs\AppData\Local\Temp\ckz_L0WK\i386\ftlang.dll
C:\Users\efs\AppData\Local\Temp\ckz_L0WK\i386\ftserui2.dll
C:\Users\efs\AppData\Local\Temp\ckz_L0WK\amd64\ftbusui.dll
C:\Users\efs\AppData\Local\Temp\ckz_L0WK\amd64\ftcserco.dll
C:\Users\efs\AppData\Local\Temp\ckz_L0WK\amd64\ftd2xx64.dll
C:\Users\efs\AppData\Local\Temp\ckz_L0WK\amd64\ftlang.dll
C:\Users\efs\AppData\Local\Temp\ckz_L0WK\amd64\ftserui2.dll
C:\Users\efs\AppData\Local\Temp\bus97CC\BUSolution.dll
C:\Users\efs\AppData\Local\Temp\96A9B981-BAB0-7891-B3F6-7BB9E678E42D\Latest\BabMaint.exe
C:\Users\efs\AppData\Local\Temp\96A9B981-BAB0-7891-B3F6-7BB9E678E42D\Latest\BExternal.dll
C:\Users\efs\AppData\Local\Temp\96A9B981-BAB0-7891-B3F6-7BB9E678E42D\Latest\BUSolForMontiera.dll
C:\Users\efs\AppData\Local\Temp\96A9B981-BAB0-7891-B3F6-7BB9E678E42D\Latest\BUSolution.dll
C:\Users\efs\AppData\Local\Temp\96A9B981-BAB0-7891-B3F6-7BB9E678E42D\Latest\ccp.exe
C:\Users\efs\AppData\Local\Temp\96A9B981-BAB0-7891-B3F6-7BB9E678E42D\Latest\GUninstaller.exe
C:\Users\efs\AppData\Local\Temp\96A9B981-BAB0-7891-B3F6-7BB9E678E42D\Latest\IEHelper.dll
C:\Users\efs\AppData\Local\Temp\96A9B981-BAB0-7891-B3F6-7BB9E678E42D\Latest\MyBabylonTB.exe
C:\Users\efs\AppData\Local\Temp\96A9B981-BAB0-7891-B3F6-7BB9E678E42D\Latest\Setup.exe
C:\Users\efs\AppData\Local\Temp\96A9B981-BAB0-7891-B3F6-7BB9E678E42D\Latest\sqlite3.dll

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-07-04 10:43:22
Restore point made on: 2013-07-10 06:23:30
Restore point made on: 2013-07-13 12:29:05
Restore point made on: 2013-07-18 06:15:53
Restore point made on: 2013-07-26 06:24:49
Restore point made on: 2013-08-03 18:14:07
Restore point made on: 2013-08-07 07:59:13
Restore point made on: 2013-08-12 09:38:21
Restore point made on: 2013-08-18 19:20:23
Restore point made on: 2013-08-23 21:11:46
Restore point made on: 2013-08-28 20:37:13

==================== BCD ================================

Windows-Start-Manager
---------------------
Bezeichner              {bootmgr}
device                  partition=Y:
description             Windows Boot Manager
locale                  de-DE
inherit                 {globalsettings}
default                 {default}
resumeobject            {4a48d5ba-43ab-11df-b170-e9013fa8f7c3}
displayorder            {default}
toolsdisplayorder       {memdiag}
timeout                 30

Windows-Startladeprogramm
-------------------------
Bezeichner              {default}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  de-DE
inherit                 {bootloadersettings}
recoverysequence        {current}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {4a48d5ba-43ab-11df-b170-e9013fa8f7c3}
nx                      OptIn

Windows-Startladeprogramm
-------------------------
Bezeichner              {current}
device                  ramdisk=[Y:]\Recovery\WindowsRE\Winre.wim,{4a48d5bd-43ab-11df-b170-e9013fa8f7c3}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[Y:]\Recovery\WindowsRE\Winre.wim,{4a48d5bd-43ab-11df-b170-e9013fa8f7c3}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner              {4a48d5ba-43ab-11df-b170-e9013fa8f7c3}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  de-DE
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
pae                     Yes
debugoptionenabled      No

Windows-Speichertestprogramm
----------------------------
Bezeichner              {memdiag}
device                  partition=Y:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  de-DE
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS-Einstellungen
-----------------
Bezeichner              {emssettings}
bootems                 Yes

Debuggereinstellungen
---------------------
Bezeichner              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM-Defekte
-----------
Bezeichner              {badmemory}

Globale Einstellungen
---------------------
Bezeichner              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Startladeprogramm-Einstellungen
-------------------------------
Bezeichner              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisoreinstellungen
-------------------
Bezeichner              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner              {resumeloadersettings}
inherit                 {globalsettings}

Ger„teoptionen
--------------
Bezeichner              {4a48d5bd-43ab-11df-b170-e9013fa8f7c3}
description             Ramdisk Options
ramdisksdidevice        partition=Y:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi


==================== Memory info =========================== 

Percentage of memory in use: 13%
Total physical RAM: 4090.96 MB
Available physical RAM: 3552.77 MB
Total Pagefile: 4089.23 MB
Available Pagefile: 3558.48 MB
Total Virtual: 2047.88 MB
Available Virtual: 1944.2 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:190.85 GB) NTFS
Drive f: () (Removable) (Total:7.53 GB) (Free:7.53 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:10.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 40167EE6)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 8 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=8 GB) - (Type=0B)


LastRegBack: 2013-08-22 08:46

==================== End Of Log ============================
--- --- ---
 

Themen zu GVU Trojaner Windows 7
administrator, association, bootmgr, farbar, farbar recovery scan tool, i8042prt.sys, microsoft, pup.babylon.a, pup.optional.babsolution.a, pup.optional.babylon.a, pup.optional.browserdefender.a, pup.optional.datamngr, pup.optional.delta, pup.optional.delta.a, pup.optional.installcore, pup.optional.installcore.a, pup.optional.lyricsad, pup.optional.lyricsad.gen, pup.optional.opencandy, pup.optional.startpage, services.exe, software, svchost.exe, usbvideo.sys, vcredist, windows, windows xp, winlogon, winlogon.exe


« Virus: Interpol Bundesamt für Sicherheit und Informationstechnik. 100 Euro-Forderung. | unachtsam browser addons und co installiert bereinigung unmöglich »


Ähnliche Themen: GVU Trojaner Windows 7


  1. Windows 7 SP 1 mit Trojaner infiziert - Windows Update Fehlercode 8007002
    Log-Analyse und Auswertung - 11.09.2015 (60)
  2. Windows 7: Trojaner - Windows Updates, Firewall defekt
    Log-Analyse und Auswertung - 20.03.2015 (24)
  3. Windows 7: Nach BKA Trojaner Fehlermeldung beim Starten, Windows Sicherheitscenter kann nicht gestartet werden
    Log-Analyse und Auswertung - 18.11.2014 (9)
  4. Windows-Verschlüsselungs-Trojaner unter Windows 7 auf einem MAC
    Log-Analyse und Auswertung - 14.06.2012 (3)
  5. windows verschlüsselungs Flirtfever-Trojaner, Windows XP
    Log-Analyse und Auswertung - 13.06.2012 (1)
  6. Nach BKA Trojaner, Windows Firewall deaktiviert sich (Windows XP)
    Plagegeister aller Art und deren Bekämpfung - 10.06.2012 (1)
  7. Willkomen bei Windows Update, Sie haben sich mit einen Windows-Verschlüsselungs Trojaner infiziert.
    Log-Analyse und Auswertung - 06.06.2012 (1)
  8. UKash Windows Secure Trojaner mit Windows XP eingefangen
    Plagegeister aller Art und deren Bekämpfung - 05.06.2012 (1)
  9. Windows Notfall Sicherheits Update Center - Windows XP Trojaner
    Log-Analyse und Auswertung - 21.05.2012 (2)
  10. Windows-Verschlüsselungs-Trojaner unter Windows XP
    Log-Analyse und Auswertung - 16.05.2012 (9)
  11. Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner)
    Plagegeister aller Art und deren Bekämpfung - 07.05.2012 (19)
  12. Windows-Verschlüsselungs Trojaner Windows 7 Starter
    Plagegeister aller Art und deren Bekämpfung - 06.05.2012 (10)
  13. Infiziert mit Windows-Verschlüsselungs Trojaner -Mail mit Telefonrechnung - windows vista
    Plagegeister aller Art und deren Bekämpfung - 06.05.2012 (12)
  14. "Willkommen bei Windows Update Sie haben sich mit einen Windows-Verschlüsselungs Trojaner infiziert.
    Log-Analyse und Auswertung - 27.04.2012 (3)
  15. 'Windows Security Center' Trojaner - Windows-Benutzer gesperrt !
    Log-Analyse und Auswertung - 16.03.2012 (5)
  16. Windows Vista Home Premium 32-Bit Trojaner Windows gesperrt 50€ zahlen.
    Log-Analyse und Auswertung - 23.01.2012 (1)
  17. Trojaner Fake.AV c:\Users\Sexgott\AppData\Roaming\microsoft\Windows\start menu\Programs\windows reco
    Mülltonne - 28.04.2011 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema GVU Trojaner Windows 7 - Guten morgen, habe mir gestern leider den GVU Trojaner zugezogen auf einem Laptop mit Windows 7 32Bit STRG+ALT+Entf funktioniert bei gesperrten Bildschirm nicht. bei den Abgesicherten Modi fährt der Laptop - GVU Trojaner Windows 7...
Archiv
Du betrachtest: GVU Trojaner Windows 7 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19