| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Interpol Trojaner mit BildschirmsperreWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
04.10.2013, 00:48
| #1 |
| |  Windows 7: Interpol Trojaner mit Bildschirmsperre Habe leider auf meinem anderen PC einen Interpol Virus und benötige nun Hilfe, diesen zu entfernen. Ich habe dieser Anleitung http://www.trojaner-board.de/132035-...scan-tool.html folgend bereits eine Logfile mit FRST erstellt und hoffe ihr könnt mir helfen. Hier die Logfile und schon mal danke im vor raus. FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by SYSTEM on MININT-QNR36K0 on 04-10-2013 01:36:31
Running from F:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
==================== Registry (Whitelisted) ==================
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [21389] - C:\ProgramData\Local Settings\Temp\mseiwku.bat [757296 2009-07-14] ( (Microsoft Corporation))
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2345296 2013-10-01] (LogMeIn Inc.)
HKU\Grötzner\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\Grötzner\...\CurrentVersion\Windows: [Load] C:\Users\GRTZNE~1\LOCALS~1\Temp\msvujiazx.exe <===== ATTENTION
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [226920 2011-02-08] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll [192616 2011-02-08] (NVIDIA Corporation)
Startup: C:\Users\Grötzner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\No-IP DUC.lnk
ShortcutTarget: No-IP DUC.lnk -> C:\Program Files (x86)\No-IP\DUC20.exe (Vitalwerks LLC)
Startup: C:\Users\Grötzner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\v8j6wrlf.lnk
ShortcutTarget: v8j6wrlf.lnk -> C:\PROGRA~3\flrw6j8v.plz ()
==================== Services (Whitelisted) =================
S2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2938408 2013-07-02] (Emsisoft GmbH)
S2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-04] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-04] (Avira Operations GmbH & Co. KG)
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-08-02] ()
S2 StatusAgent4; C:\Windows\SysWOW64\SAgent4.exe [131072 2006-12-20] (SEIKO EPSON CORPORATION)
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2402080 2013-01-28] (TuneUp Software)
S2 WajamUpdater; C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [109064 2013-05-02] (Wajam)
S2 WebCakeUpdater; C:\Program Files (x86)\Web Cake\WebCakeDesktop.Updater.exe [51992 2013-08-02] (cake bake)
S2 Winmgmt; C:\PROGRA~3\v8j6wrlf.pzz [62052 2013-10-03] (Microsoft Corporation)
S2 Winmgmt; C:\PROGRA~3\v8j6wrlf.pzz [62052 2013-10-03] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [66320 2012-04-30] (Emsisoft GmbH)
S3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [66320 2012-04-30] (Emsisoft GmbH)
S1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-27] (Emsisoft GmbH)
S1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-27] (Emsisoft GmbH)
S1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [44688 2012-04-30] (Emsisoft GmbH)
S1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [44688 2012-04-30] (Emsisoft GmbH)
S1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [17384 2013-03-27] (Emsisoft GmbH)
S1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [17384 2013-03-27] (Emsisoft GmbH)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-04] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-04] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-28] (Avira Operations GmbH & Co. KG)
S3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57032 2013-07-02] (Emsisoft GmbH)
S3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57032 2013-07-02] (Emsisoft GmbH)
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-09-30] (DT Soft Ltd)
S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-11-16] (TuneUp Software)
S3 athr; system32\DRIVERS\athrx.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [x]
========================== Drivers MD5 =======================
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys 2D6434E957F7CFA0035C20890F77BBC6
C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys 2D6434E957F7CFA0035C20890F77BBC6
C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys D27A8B7BB0E15DFBFC6B4E774EE17AD9
C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys D27A8B7BB0E15DFBFC6B4E774EE17AD9
C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys 3D55CE53128C81E06CD6B024C3B9FAC3
C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys 3D55CE53128C81E06CD6B024C3B9FAC3
C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys 0932B29AA1B9372FFE6D3AF8BA2ABA3A
C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys 0932B29AA1B9372FFE6D3AF8BA2ABA3A
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\drivers\AmUStor.SYS 9C7F164B49CADC658D1B3C575782F346
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys 4C016FD76ED5C05E84CA8CAB77993961
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys 4C016FD76ED5C05E84CA8CAB77993961
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys 1F7238A37389ED92E9D8EEE975CABD54
C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys 1F7238A37389ED92E9D8EEE975CABD54
C:\Windows\System32\DRIVERS\avgntflt.sys 0D5C96FD25D6455D97A5C4D7706DFAB1
C:\Windows\System32\DRIVERS\avipbb.sys E26B3C8E9C3DDE047B32C5719955D715
C:\Windows\System32\DRIVERS\avkmgr.sys 490FA25161BF3E51993EB724ECF0ACEB
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys 3C6A8D415FF38AFEB03A6206213D9D96
C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys 3C6A8D415FF38AFEB03A6206213D9D96
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys AAFCB52FE0037207FB6FBEA070D25EFE
C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dtsoftbus01.sys 46571ED73AE84469DCA53081D33CF3C8
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hamachi.sys 1E6438D4EA6E1174A3B3B1EDC4DE660B
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys D7921D5A870B11CC1ADAB198A519D50A
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys EFE5A0AF39A8E179624117C521F1E012
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys C15A21B1E2291952424F361093734F95
C:\Windows\System32\DRIVERS\IntcDAud.sys FC727061C0F47C8059E88E05D5C8E381
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbfiltr.sys E63EF8C3271D014F14E2469CE75FECB4
C:\Windows\System32\Drivers\ksecdd.sys 97A7070AEA4C058B6418519E869A63B4
C:\Windows\System32\Drivers\ksecpkg.sys 7EFB9333E4ECCE6AE4AE9D777D9E553E
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\L1C62x64.sys A4A9CA24E54E81C6C3E469EAEB4B3F42
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys 1C6E73FC46B509EFF9D0086AA37132DF
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netr28x.sys F1814E62EB6E50472AFC9903525ECEC1
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys E453ACF4E7D44E5530B5D5F2B9CA8563
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvlddmkm.sys 41A7C6ED2BAB4C304633B785C884A912
C:\Windows\System32\DRIVERS\nvpciflt.sys D542153CB23459B8AAD88CF17E36B670
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\Synth3dVsc.sys C3A39C4079305480972D29C44B868C78
C:\Windows\System32\DRIVERS\SynTP.sys F0D7C68CDA9784689CAA72C17AF393B2
C:\Windows\System32\drivers\tcpip.sys B62A953F2BF3922C8764A29C34A22899
C:\Windows\System32\DRIVERS\tcpip.sys B62A953F2BF3922C8764A29C34A22899
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\system32\drivers\terminpt.sys EF4469AB69EB15E5D3754E6AEAFBCD3D
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys 17C6B51CBCCDED95B3CC14E22791F85E
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\system32\drivers\tsusbhub.sys E1748D04AE40118B62BC18AC86032192
C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys 7BC3381C0713F613B31ACDE38B71CB53
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\TurboB.sys FD24F98D2898BE093FE926604BE7DB99
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys C025055FE7B87701EB042095DF1A2D7B
C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24
C:\Windows\system32\drivers\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD
C:\Windows\System32\Drivers\usbvideo.sys 454800C2BC7F3927CE030141EE4F4C50
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wimfltr.sys 52DED146E4797E6CCF94799E8E22BB2A
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-04 01:36 - 2013-10-04 01:36 - 00000000 ____D C:\FRST
2013-10-03 23:53 - 2013-10-03 23:53 - 99176917 _____ C:\Windows\SysWOW64\쾜R
2013-10-03 23:46 - 2013-10-03 23:46 - 00016196 ____T C:\ProgramData\g7t.exe
2013-10-03 23:41 - 2013-10-04 00:21 - 95025368 ____T C:\ProgramData\v8j6wrlf.pff
2013-10-03 23:41 - 2013-10-04 00:10 - 00000000 _____ C:\ProgramData\v8j6wrlf.ctrl
2013-10-03 23:41 - 2013-10-03 23:41 - 00099328 _____ C:\ProgramData\flrw6j8v.plz
2013-10-03 23:41 - 2013-10-03 23:41 - 00062052 ____T (Microsoft Corporation) C:\ProgramData\v8j6wrlf.pzz
2013-10-03 20:55 - 2013-10-03 20:55 - 00000000 ____D C:\Users\Grötzner\AppData\Local\LogMeIn
2013-10-03 20:55 - 2013-10-03 20:55 - 00000000 ____D C:\ProgramData\LogMeIn
2013-10-03 18:10 - 2013-10-03 18:10 - 00192099 _____ C:\Users\Grötzner\Downloads\wejct20g.exe
2013-10-03 18:02 - 2013-10-03 18:02 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-09-30 12:48 - 2013-09-30 12:48 - 00816954 _____ C:\Users\Grötzner\Downloads\worldedit-5.5.8.zip
2013-09-30 12:48 - 2013-09-30 12:48 - 00320559 _____ C:\Users\Grötzner\Downloads\worldguard-5.8.zip
2013-09-30 12:41 - 2013-09-30 12:41 - 00001950 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2013-09-30 12:40 - 2013-09-30 12:40 - 00283200 _____ (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
2013-09-30 12:40 - 2013-09-30 12:40 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2013-09-30 06:18 - 2013-09-30 06:20 - 53538132 _____ C:\Users\Grötzner\Downloads\Updates.rar
2013-09-30 05:59 - 2013-09-30 05:59 - 22845858 _____ C:\Users\Grötzner\Downloads\Stock_TeknoMW3_2.7.0.9 .rar
2013-09-29 16:57 - 2013-09-29 16:57 - 00032768 _____ C:\Users\Grötzner\Downloads\MW3_Ãœberlebenskampf_Wellenanalyse.xls
2013-09-29 15:50 - 2013-09-29 15:50 - 00000738 _____ C:\Users\Grötzner\Documents\Skillet .txt
2013-09-29 14:13 - 2013-10-03 17:53 - 99131034 _____ C:\Windows\SysWOW64\ﴆ톤´
2013-09-28 14:40 - 2013-09-29 08:13 - 98442955 _____ C:\Windows\SysWOW64\閆튯
2013-09-28 08:41 - 2013-09-28 08:41 - 98372650 _____ C:\Windows\SysWOW64\汘
2013-09-25 12:49 - 2013-09-25 12:49 - 03819328 _____ C:\Users\Grötzner\Downloads\battlelog-web-plugins_2.3.0_118.exe
2013-09-25 12:49 - 2013-09-25 12:49 - 00000000 ____D C:\Users\Grötzner\AppData\Local\ESN
2013-09-24 05:38 - 2013-09-27 05:57 - 98009570 _____ C:\Windows\SysWOW64\穈걇¡
2013-09-23 12:35 - 2013-09-23 12:35 - 98646441 _____ C:\Windows\SysWOW64\뺷0
2013-09-22 13:01 - 2013-09-22 13:15 - 00000000 ____D C:\Users\Grötzner\Desktop\Neuer Ordner (2)
2013-09-20 10:53 - 2013-09-20 10:53 - 00000000 _____ C:\end
2013-09-16 13:12 - 2013-09-17 23:44 - 98071447 _____ C:\Windows\SysWOW64\ꂻ刬•
2013-09-16 07:46 - 2006-12-20 02:14 - 00131072 _____ (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\SAgent4.exe
2013-09-13 14:33 - 2013-09-13 14:33 - 00000961 _____ C:\Users\Grötzner\Desktop\No-IP DUC.lnk
2013-09-13 14:32 - 2013-09-13 14:32 - 00000000 ____D C:\Program Files (x86)\No-IP
2013-09-12 20:37 - 2013-09-12 20:37 - 00108617 _____ C:\Users\Grötzner\Documents\Präsentation1.pptx
2013-09-11 12:30 - 2013-09-12 05:55 - 97238077 _____ C:\Windows\SysWOW64\溌雠
2013-09-10 13:06 - 2013-09-11 04:29 - 97021647 _____ C:\Windows\SysWOW64\숆ꖢ£
2013-09-09 12:30 - 2013-09-10 05:49 - 96866131 _____ C:\Windows\SysWOW64\쒣�¤
==================== One Month Modified Files and Folders =======
2013-10-04 01:36 - 2013-10-04 01:36 - 00000000 ____D C:\FRST
2013-10-04 00:33 - 2013-02-17 16:40 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2013-10-04 00:33 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-04 00:32 - 2012-12-13 10:36 - 00048381 _____ C:\Windows\setupact.log
2013-10-04 00:21 - 2013-10-03 23:41 - 95025368 ____T C:\ProgramData\v8j6wrlf.pff
2013-10-04 00:14 - 2009-07-14 05:45 - 00021072 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-04 00:14 - 2009-07-14 05:45 - 00021072 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-04 00:13 - 2013-03-09 10:31 - 00000000 ____D C:\Users\Grötzner\AppData\Local\LogMeIn Hamachi
2013-10-04 00:10 - 2013-10-03 23:41 - 00000000 _____ C:\ProgramData\v8j6wrlf.ctrl
2013-10-04 00:10 - 2013-02-09 19:57 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-03 23:53 - 2013-10-03 23:53 - 99176917 _____ C:\Windows\SysWOW64\쾜R
2013-10-03 23:46 - 2013-10-03 23:46 - 00016196 ____T C:\ProgramData\g7t.exe
2013-10-03 23:41 - 2013-10-03 23:41 - 00099328 _____ C:\ProgramData\flrw6j8v.plz
2013-10-03 23:41 - 2013-10-03 23:41 - 00062052 ____T (Microsoft Corporation) C:\ProgramData\v8j6wrlf.pzz
2013-10-03 23:39 - 2013-02-09 19:57 - 00001114 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-03 23:06 - 2013-05-12 09:39 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-03 20:55 - 2013-10-03 20:55 - 00000000 ____D C:\Users\Grötzner\AppData\Local\LogMeIn
2013-10-03 20:55 - 2013-10-03 20:55 - 00000000 ____D C:\ProgramData\LogMeIn
2013-10-03 18:10 - 2013-10-03 18:10 - 00192099 _____ C:\Users\Grötzner\Downloads\wejct20g.exe
2013-10-03 18:02 - 2013-10-03 18:02 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-10-03 18:02 - 2013-05-23 12:31 - 00000926 _____ C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2013-10-03 17:59 - 2010-11-21 04:47 - 00314718 _____ C:\Windows\PFRO.log
2013-10-03 17:53 - 2013-09-29 14:13 - 99131034 _____ C:\Windows\SysWOW64\ﴆ톤´
2013-10-03 17:53 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-10-03 17:52 - 2013-08-10 08:05 - 00000000 ____D C:\Users\Grötzner\AppData\Roaming\Movdap
2013-09-30 15:19 - 2013-07-07 06:37 - 00000000 ____D C:\Program Files (x86)\Steam
2013-09-30 15:18 - 2013-02-13 19:01 - 00000000 ____D C:\Users\Grötzner\AppData\Roaming\Skype
2013-09-30 12:48 - 2013-09-30 12:48 - 00816954 _____ C:\Users\Grötzner\Downloads\worldedit-5.5.8.zip
2013-09-30 12:48 - 2013-09-30 12:48 - 00320559 _____ C:\Users\Grötzner\Downloads\worldguard-5.8.zip
2013-09-30 12:42 - 2013-02-17 12:05 - 00000000 ____D C:\Users\Grötzner\AppData\Roaming\DAEMON Tools Lite
2013-09-30 12:42 - 2013-02-17 12:05 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2013-09-30 12:42 - 2011-04-12 08:43 - 00696870 _____ C:\Windows\System32\perfh007.dat
2013-09-30 12:42 - 2011-04-12 08:43 - 00148134 _____ C:\Windows\System32\perfc007.dat
2013-09-30 12:42 - 2009-07-14 06:13 - 01612484 _____ C:\Windows\System32\PerfStringBackup.INI
2013-09-30 12:41 - 2013-09-30 12:41 - 00001950 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2013-09-30 12:40 - 2013-09-30 12:40 - 00283200 _____ (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
2013-09-30 12:40 - 2013-09-30 12:40 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2013-09-30 06:25 - 2013-02-20 14:57 - 00000000 ____D C:\Users\Grötzner\AppData\Local\TeknoGods
2013-09-30 06:20 - 2013-09-30 06:18 - 53538132 _____ C:\Users\Grötzner\Downloads\Updates.rar
2013-09-30 06:14 - 2013-04-14 15:40 - 00000000 ____D C:\Users\Grötzner\AppData\Local\TeknoGods_TotalKillaz.eu
2013-09-30 05:59 - 2013-09-30 05:59 - 22845858 _____ C:\Users\Grötzner\Downloads\Stock_TeknoMW3_2.7.0.9 .rar
2013-09-29 16:57 - 2013-09-29 16:57 - 00032768 _____ C:\Users\Grötzner\Downloads\MW3_Ãœberlebenskampf_Wellenanalyse.xls
2013-09-29 15:50 - 2013-09-29 15:50 - 00000738 _____ C:\Users\Grötzner\Documents\Skillet .txt
2013-09-29 08:13 - 2013-09-28 14:40 - 98442955 _____ C:\Windows\SysWOW64\閆튯
2013-09-28 12:59 - 2013-08-10 08:57 - 00003694 _____ C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2013-09-28 08:41 - 2013-09-28 08:41 - 98372650 _____ C:\Windows\SysWOW64\汘
2013-09-27 14:15 - 2013-08-02 16:54 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-09-27 14:15 - 2013-08-02 07:42 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-09-27 14:14 - 2013-08-02 07:42 - 00280904 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-09-27 13:16 - 2013-02-09 18:21 - 00000000 ____D C:\Program Files (x86)\Origin
2013-09-27 10:55 - 2013-08-02 16:53 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-09-27 05:57 - 2013-09-24 05:38 - 98009570 _____ C:\Windows\SysWOW64\穈걇¡
2013-09-25 18:09 - 2013-07-16 05:39 - 00000000 ____D C:\Users\Grötzner\AppData\Local\Adobe
2013-09-25 12:49 - 2013-09-25 12:49 - 03819328 _____ C:\Users\Grötzner\Downloads\battlelog-web-plugins_2.3.0_118.exe
2013-09-25 12:49 - 2013-09-25 12:49 - 00000000 ____D C:\Users\Grötzner\AppData\Local\ESN
2013-09-23 12:35 - 2013-09-23 12:35 - 98646441 _____ C:\Windows\SysWOW64\뺷0
2013-09-22 13:15 - 2013-09-22 13:01 - 00000000 ____D C:\Users\Grötzner\Desktop\Neuer Ordner (2)
2013-09-20 16:06 - 2013-05-12 09:39 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-20 16:06 - 2013-02-08 22:55 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-20 16:06 - 2013-02-08 22:55 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-20 10:53 - 2013-09-20 10:53 - 00000000 _____ C:\end
2013-09-17 23:44 - 2013-09-16 13:12 - 98071447 _____ C:\Windows\SysWOW64\ꂻ刬•
2013-09-17 11:33 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\NDF
2013-09-16 08:57 - 2013-02-06 01:04 - 00001388 _____ C:\Windows\System32\ServiceFilter.ini
2013-09-15 14:23 - 2013-09-02 14:26 - 00000000 ____D C:\Users\Grötzner\minecraft
2013-09-15 14:23 - 2013-06-26 14:19 - 00000000 ____D C:\Users\Grötzner\Desktop\Minecraft 1.6.2 Bukkit Server
2013-09-15 07:48 - 2013-02-06 01:04 - 00002154 _____ C:\Windows\System32\AutoRunFilter.ini
2013-09-13 14:33 - 2013-09-13 14:33 - 00000961 _____ C:\Users\Grötzner\Desktop\No-IP DUC.lnk
2013-09-13 14:32 - 2013-09-13 14:32 - 00000000 ____D C:\Program Files (x86)\No-IP
2013-09-12 20:37 - 2013-09-12 20:37 - 00108617 _____ C:\Users\Grötzner\Documents\Präsentation1.pptx
2013-09-12 05:55 - 2013-09-11 12:30 - 97238077 _____ C:\Windows\SysWOW64\溌雠
2013-09-11 04:29 - 2013-09-10 13:06 - 97021647 _____ C:\Windows\SysWOW64\숆ꖢ£
2013-09-10 13:07 - 2013-02-13 19:00 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-09-10 13:07 - 2013-02-13 19:00 - 00000000 ____D C:\ProgramData\Skype
2013-09-10 05:49 - 2013-09-09 12:30 - 96866131 _____ C:\Windows\SysWOW64\쒣�¤
2013-09-07 06:35 - 2013-07-04 14:44 - 00000000 ____D C:\Users\Grötzner\AppData\Roaming\DVDVideoSoft
2013-09-04 12:43 - 2013-05-07 17:05 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-09-04 12:43 - 2013-03-28 20:56 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-09-04 12:43 - 2013-03-28 20:56 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
Files to move or delete:
====================
C:\Users\Grötzner\AppData\Roaming\Camdata.ini
C:\Users\Grötzner\AppData\Roaming\CamLayout.ini
C:\Users\Grötzner\AppData\Roaming\CamShapes.ini
C:\Users\Grötzner\AppData\Roaming\CamStudio.Producer.Data.ini
C:\ProgramData\flrw6j8v.plz
C:\ProgramData\g7t.exe
C:\ProgramData\v8j6wrlf.ctrl
C:\ProgramData\v8j6wrlf.pff
Some content of TEMP:
====================
C:\Users\Grötzner\AppData\Local\Temp\gjwvwcyrqwudcvdshuo.exe
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
3
Restore point made on: 2013-09-19 15:08:24
Restore point made on: 2013-09-29 10:51:52
Restore point made on: 2013-09-30 12:40:51
==================== BCD ================================
Windows-Start-Manager
---------------------
Bezeichner {bootmgr}
device partition=Y:
description Windows Boot Manager
locale de-DE
inherit {globalsettings}
default {default}
resumeobject {0090f5b0-6fe2-11e2-82da-8cfa14324515}
displayorder {default}
toolsdisplayorder {memdiag}
timeout 30
Windows-Startladeprogramm
-------------------------
Bezeichner {default}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale de-DE
inherit {bootloadersettings}
recoverysequence {current}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {0090f5b0-6fe2-11e2-82da-8cfa14324515}
nx OptIn
increaseuserva 3072
Windows-Startladeprogramm
-------------------------
Bezeichner {current}
device ramdisk=[C:]\Recovery\0090f5b2-6fe2-11e2-82da-8cfa14324515\Winre.wim,{0090f5b3-6fe2-11e2-82da-8cfa14324515}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\0090f5b2-6fe2-11e2-82da-8cfa14324515\Winre.wim,{0090f5b3-6fe2-11e2-82da-8cfa14324515}
systemroot \windows
nx OptIn
winpe Yes
Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner {0090f5b0-6fe2-11e2-82da-8cfa14324515}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale de-DE
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No
Windows-Speichertestprogramm
----------------------------
Bezeichner {memdiag}
device partition=Y:
path \boot\memtest.exe
description Windows-Speicherdiagnose
locale de-DE
inherit {globalsettings}
badmemoryaccess Yes
EMS-Einstellungen
-----------------
Bezeichner {emssettings}
bootems Yes
Debuggereinstellungen
---------------------
Bezeichner {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200
RAM-Defekte
-----------
Bezeichner {badmemory}
Globale Einstellungen
---------------------
Bezeichner {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
Startladeprogramm-Einstellungen
-------------------------------
Bezeichner {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}
Hypervisoreinstellungen
-------------------
Bezeichner {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner {resumeloadersettings}
inherit {globalsettings}
Ger„teoptionen
--------------
Bezeichner {0090f5b3-6fe2-11e2-82da-8cfa14324515}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\0090f5b2-6fe2-11e2-82da-8cfa14324515\boot.sdi
==================== Memory info ===========================
Percentage of memory in use: 10%
Total physical RAM: 8104.14 MB
Available physical RAM: 7243.14 MB
Total Pagefile: 8102.34 MB
Available Pagefile: 7283.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:596.07 GB) (Free:380.71 GB) NTFS
Drive f: () (Removable) (Total:7.26 GB) (Free:6.57 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: AA9693FE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=596 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7 GB) - (Type=0C)
LastRegBack: 2013-10-01 19:23
==================== End Of Log ============================
Geändert von Anonym2000 (04.10.2013 um 00:55 Uhr) |
|
04.10.2013, 00:54
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7: Interpol Trojaner mit Bildschirmsperre hi,
__________________Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKLM\...\Policies\Explorer\Run: [21389] - C:\ProgramData\Local Settings\Temp\mseiwku.bat [757296 2009-07-14] ( (Microsoft Corporation))
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\Grötzner\...\CurrentVersion\Windows: [Load] C:\Users\GRTZNE~1\LOCALS~1\Temp\msvujiazx.exe <===== ATTENTION
Startup: C:\Users\Grötzner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\v8j6wrlf.lnk
ShortcutTarget: v8j6wrlf.lnk -> C:\PROGRA~3\flrw6j8v.plz ()
S2 Winmgmt; C:\PROGRA~3\v8j6wrlf.pzz [62052 2013-10-03] (Microsoft Corporation)
S2 Winmgmt; C:\PROGRA~3\v8j6wrlf.pzz [62052 2013-10-03] (Microsoft Corporation)
2013-10-03 23:46 - 2013-10-03 23:46 - 00016196 ____T C:\ProgramData\g7t.exe
2013-10-03 23:41 - 2013-10-04 00:21 - 95025368 ____T C:\ProgramData\v8j6wrlf.pff
2013-10-03 23:41 - 2013-10-04 00:10 - 00000000 _____ C:\ProgramData\v8j6wrlf.ctrl
2013-10-03 23:41 - 2013-10-03 23:41 - 00099328 _____ C:\ProgramData\flrw6j8v.plz
2013-10-03 23:41 - 2013-10-03 23:41 - 00062052 ____T (Microsoft Corporation) C:\ProgramData\v8j6wrlf.pzz
C:\Users\Grötzner\AppData\Roaming\Camdata.ini
C:\Users\Grötzner\AppData\Roaming\CamLayout.ini
C:\Users\Grötzner\AppData\Roaming\CamShapes.ini
C:\Users\Grötzner\AppData\Roaming\CamStudio.Producer.Data.ini
C:\ProgramData\flrw6j8v.plz
C:\ProgramData\g7t.exe
C:\ProgramData\v8j6wrlf.ctrl
C:\ProgramData\v8j6wrlf.pff
C:\Users\Grötzner\AppData\Local\Temp\gjwvwcyrqwudcvdshuo.exe
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier. Rechner normal starten.
__________________ |
|
04.10.2013, 01:14
| #3 |
| | Windows 7: Interpol Trojaner mit Bildschirmsperre Danke für die schnelle Antwort, bin grade dabei.
__________________So hier die Fixlog.txt : Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013
Ran by SYSTEM at 2013-10-04 02:09:37 Run:1
Running from F:\
Boot Mode: Recovery
==============================================
Content of fixlist:
*****************
HKLM\...\Policies\Explorer\Run: [21389] - C:\ProgramData\Local Settings\Temp\mseiwku.bat [757296 2009-07-14] ( (Microsoft Corporation))
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\Grötzner\...\CurrentVersion\Windows: [Load] C:\Users\GRTZNE~1\LOCALS~1\Temp\msvujiazx.exe <===== ATTENTION
Startup: C:\Users\Grötzner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\v8j6wrlf.lnk
ShortcutTarget: v8j6wrlf.lnk -> C:\PROGRA~3\flrw6j8v.plz ()
S2 Winmgmt; C:\PROGRA~3\v8j6wrlf.pzz [62052 2013-10-03] (Microsoft Corporation)
S2 Winmgmt; C:\PROGRA~3\v8j6wrlf.pzz [62052 2013-10-03] (Microsoft Corporation)
2013-10-03 23:46 - 2013-10-03 23:46 - 00016196 ____T C:\ProgramData\g7t.exe
2013-10-03 23:41 - 2013-10-04 00:21 - 95025368 ____T C:\ProgramData\v8j6wrlf.pff
2013-10-03 23:41 - 2013-10-04 00:10 - 00000000 _____ C:\ProgramData\v8j6wrlf.ctrl
2013-10-03 23:41 - 2013-10-03 23:41 - 00099328 _____ C:\ProgramData\flrw6j8v.plz
2013-10-03 23:41 - 2013-10-03 23:41 - 00062052 ____T (Microsoft Corporation) C:\ProgramData\v8j6wrlf.pzz
C:\Users\Grötzner\AppData\Roaming\Camdata.ini
C:\Users\Grötzner\AppData\Roaming\CamLayout.ini
C:\Users\Grötzner\AppData\Roaming\CamShapes.ini
C:\Users\Grötzner\AppData\Roaming\CamStudio.Producer.Data.ini
C:\ProgramData\flrw6j8v.plz
C:\ProgramData\g7t.exe
C:\ProgramData\v8j6wrlf.ctrl
C:\ProgramData\v8j6wrlf.pff
C:\Users\Grötzner\AppData\Local\Temp\gjwvwcyrqwudcvdshuo.exe
*****************
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\21389 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => Value deleted successfully.
HKU\Grötzner\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load => Value was restored successfully.
C:\Users\Grötzner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\v8j6wrlf.lnk => Moved successfully.
C:\PROGRA~3\flrw6j8v.plz => Moved successfully.
Winmgmt => Service restored successfully.
Winmgmt => Service restored successfully.
C:\ProgramData\g7t.exe => Moved successfully.
C:\ProgramData\v8j6wrlf.pff => Moved successfully.
C:\ProgramData\v8j6wrlf.ctrl => Moved successfully.
"C:\ProgramData\flrw6j8v.plz" => File/Directory not found.
C:\ProgramData\v8j6wrlf.pzz => Moved successfully.
C:\Users\Grötzner\AppData\Roaming\Camdata.ini => Moved successfully.
C:\Users\Grötzner\AppData\Roaming\CamLayout.ini => Moved successfully.
C:\Users\Grötzner\AppData\Roaming\CamShapes.ini => Moved successfully.
C:\Users\Grötzner\AppData\Roaming\CamStudio.Producer.Data.ini => Moved successfully.
"C:\ProgramData\flrw6j8v.plz" => File/Directory not found.
"C:\ProgramData\g7t.exe" => File/Directory not found.
"C:\ProgramData\v8j6wrlf.ctrl" => File/Directory not found.
"C:\ProgramData\v8j6wrlf.pff" => File/Directory not found.
C:\Users\Grötzner\AppData\Local\Temp\gjwvwcyrqwudcvdshuo.exe => Moved successfully.
==== End of Fixlog ====
|
|
04.10.2013, 02:20
| #4 |
| /// the machine /// TB-Ausbilder | Windows 7: Interpol Trojaner mit Bildschirmsperre Startet den der Rechner normal?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows 7: Interpol Trojaner mit Bildschirmsperre |
| adobe, adobe flash player, antivir, association, asus, avg, avira, bildschirmsperre, bootmgr, desktop, emsisoft, explorer, farbar recovery scan tool, flash player, hdaudio.sys, interpol, logfile, no-ip, nvidia, nvpciflt.sys, opera, ordner, registry, services.exe, software, svchost.exe, system, temp, trojaner, usbvideo.sys, virus, windows, windows 7, windows xp, winlogon.exe |
Linear-Darstellung
