Interpool Trojaner, brauche Fixlist.txt

prostoj · 02.03.2014, 15:07

Hallo,

habe seid gestern ein Fullscreen mit Interpool und soll bezahlen.
Scan mit Fabar Recovery Scan Tool gemach.

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-03-2014 01
Ran by SYSTEM on MININT-EU4SO4H on 02-03-2014 14:58:24
Running from E:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2264168 2011-07-13] (Realtek Semiconductor)
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-08-11] (Alcor Micro Corp.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2785064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [IntelTBRunOnce] - wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [SynAsusAcpi] - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [Setwallpaper] - c:\programdata\SetWallpaper.cmd
HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1612504 2013-11-11] (COMODO)
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] - C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [328992 2008-11-03] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2018032 2011-04-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe [731472 2011-02-23] (ecareme)
HKLM-x32\...\Run: [SonicMasterTray] - C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2255360 2011-06-10] (ASUS)
HKLM-x32\...\Run: [UpdateLBPShortCut] - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [PrivDogService] - C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\trustedadssvc.exe [525480 2013-12-13] (AdTrustMedia)
HKLM-x32\...\Run: [tvncontrol] - C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-01-20] (Comodo Security Solutions, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\Bur\...\Run: [Syncables] - C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe [370480 2010-07-19] (syncables, LLC)
HKU\Bur\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\UpdatusUser\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-06] (Acresso Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [226920 2011-06-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [193128 2011-06-05] (NVIDIA Corporation)
Startup: C:\Users\Bur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8zmq9v7a.lnk
ShortcutTarget: 8zmq9v7a.lnk -> C:\ProgramData\a7v9qmz8.cpp (Microsoft Corporation)
Startup: C:\Users\Bur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.0.lnk
ShortcutTarget: Intel(R) Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)

==================== Services (Whitelisted) =================

S2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70352 2014-01-20] (Comodo Security Solutions, Inc.)
S2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6254152 2013-10-20] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [164056 2013-09-24] (COMODO)
S2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-01-20] (Comodo Security Solutions, Inc.)
S2 Winmgmt; C:\ProgramData\8zmq9v7a.zvv [333560 2014-02-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2013-09-24] (COMODO)
S1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [709144 2013-11-14] (COMODO)
S1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48872 2013-09-24] (COMODO)
S1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [96800 2013-09-24] (COMODO)
S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys 4C016FD76ED5C05E84CA8CAB77993961
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys 0ACC06FCF46F64ED4F11E57EE461C1F4
C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys AC31727F9946E9009480708E4D1B9986
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cmderd.sys E34DF9613C8D24C5CB6F8DF8D74E5586
C:\Windows\System32\DRIVERS\cmdguard.sys D8E4A9A691BBA24EE242A1FDDF6EBAA1
C:\Windows\System32\DRIVERS\cmdhlp.sys F6B424B925B67C306BAA85AC79F7A5CC
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fssfltr.sys 6C06701BF1DB05405804D7EB610991CE
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys 26CF4275034214ECEDD8EC17B0A18A99
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys 93C8115D4BAEB1BD047AB0A9B265EE7A
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\inspect.sys 7D3B8880385ACFA47174847983C4A7FA
C:\Windows\System32\drivers\RTKVHD64.sys DDFADF2FA49C078A9C8270F29D6958B1
C:\Windows\System32\DRIVERS\IntcDAud.sys FC727061C0F47C8059E88E05D5C8E381
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbfiltr.sys E63EF8C3271D014F14E2469CE75FECB4
C:\Windows\System32\Drivers\ksecdd.sys 8F489706472F7E9A06BAAA198703FA64
C:\Windows\System32\Drivers\ksecpkg.sys 868A2CAAB12EFC7A021682BCA0EEC54C
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\L1C62x64.sys 655A5D8E80869781CCE23760ADA7E695
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys 1C6E73FC46B509EFF9D0086AA37132DF
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netr28x.sys F1814E62EB6E50472AFC9903525ECEC1
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvlddmkm.sys 70E89A21827B2669AF906B703C7C48B5
C:\Windows\System32\DRIVERS\nvpciflt.sys 4B9C0C2BF78289513101EB0D44834701
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SiSG664.sys 1BC348CF6BAA90EC8E533EF6E6A69933
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys 7E8902F9929A5D9FFD0F545332CE0F10
C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\TurboB.sys FD24F98D2898BE093FE926604BE7DB99
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wimfltr.sys 52DED146E4797E6CCF94799E8E22BB2A
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-02 14:47 - 2014-03-02 14:58 - 00000000 ____D () C:\FRST
2014-03-01 22:35 - 2014-03-01 22:35 - 00000000 ____D () C:\Users\Bur\AppData\Local\{017C767A-23AC-4A2D-91DB-42F17069D394}
2014-02-27 11:54 - 2014-02-27 11:54 - 17858952 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-02-27 11:11 - 2014-02-27 11:11 - 00000000 ____D () C:\Users\Bur\AppData\Local\Windows Live
2014-02-27 11:11 - 2014-02-27 11:11 - 00000000 ____D () C:\Users\Bur\AppData\Local\{AE7790FD-15C1-4920-9E1B-B8247D50B5AE}
2014-02-18 17:18 - 2014-02-18 17:19 - 00000000 ____D () C:\Users\Bur\AppData\Local\{800B6E84-585D-4CE6-815E-8252C7F8F9BD}
2014-02-15 14:14 - 2014-02-15 14:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-15 14:12 - 2014-02-15 14:12 - 00001022 _____ () C:\Users\Public\Desktop\LifeFrame.lnk
2014-02-15 13:57 - 2014-02-15 13:57 - 00000033 _____ () C:\ATKPF.ini
2014-02-14 12:00 - 2014-02-14 12:01 - 95027928 ____T () C:\ProgramData\8zmq9v7a.fee
2014-02-14 12:00 - 2014-02-14 12:00 - 00333560 ____T (Microsoft Corporation) C:\ProgramData\8zmq9v7a.zvv
2014-02-14 12:00 - 2014-02-14 12:00 - 00146321 _____ (Microsoft Corporation) C:\ProgramData\a7v9qmz8.cpp
2014-02-12 21:11 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-02-12 21:11 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-02-12 21:11 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-02-12 21:11 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-02-12 21:11 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-02-12 21:11 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-02-12 21:11 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-02-12 21:11 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-02-12 21:11 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-02-12 21:11 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-02-12 21:11 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-02-12 21:11 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 21:11 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-02-12 21:11 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-12 21:11 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-12 21:11 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-02-12 21:11 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 21:11 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-12 21:11 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-12 21:11 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-12 21:11 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-12 21:11 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-12 21:11 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 21:11 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-02-12 21:11 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 21:10 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-02-12 21:10 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-02-12 21:10 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 21:10 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-02-12 21:10 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 21:10 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-02-12 21:10 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 21:10 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-02-12 21:10 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-02-12 21:10 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-12 21:10 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 21:10 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-02-12 21:10 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 21:10 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-02-12 21:10 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-12 21:10 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 17:24 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 17:24 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\System32\locale.nls
2014-02-12 17:24 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2014-02-12 17:24 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2014-02-12 17:24 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 17:24 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 17:23 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 17:23 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2014-02-12 17:23 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\System32\secproc.dll
2014-02-12 17:23 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\System32\secproc_isv.dll
2014-02-12 17:23 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\System32\secproc_ssp_isv.dll
2014-02-12 17:23 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\System32\secproc_ssp.dll
2014-02-12 17:23 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\System32\msdrm.dll
2014-02-12 17:23 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\System32\RMActivate_isv.exe
2014-02-12 17:23 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\System32\RMActivate.exe
2014-02-12 17:23 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\System32\RMActivate_ssp.exe
2014-02-12 17:23 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\System32\RMActivate_ssp_isv.exe
2014-02-12 17:23 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 17:23 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 17:23 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 17:23 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 17:23 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 17:23 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 17:23 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 17:23 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 17:23 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 17:23 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 17:23 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2014-02-10 19:19 - 2014-02-10 19:19 - 00000000 ____D () C:\Users\Bur\AppData\Local\Macromedia
2014-02-10 18:51 - 2014-02-16 13:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-10 18:51 - 2014-02-10 18:52 - 00000000 ____D () C:\Users\Bur\AppData\Roaming\Mozilla
2014-02-10 18:51 - 2014-02-10 18:52 - 00000000 ____D () C:\Users\Bur\AppData\Local\Mozilla
2014-02-10 18:51 - 2014-02-10 18:51 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-10 18:51 - 2014-02-10 18:51 - 00000000 ____D () C:\ProgramData\Mozilla
2014-02-10 18:46 - 2014-02-10 18:47 - 24900816 _____ (Mozilla) C:\Users\Bur\Downloads\Firefox Setup 27.0.exe
2014-02-03 16:52 - 2014-02-03 16:52 - 00000000 ____D () C:\Users\Bur\AppData\Local\{0704548B-5776-40D2-A316-E71C6B5B0822}

==================== One Month Modified Files and Folders =======

2014-03-02 14:58 - 2014-03-02 14:47 - 00000000 ____D () C:\FRST
2014-03-02 09:33 - 2011-04-13 03:33 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-02 09:33 - 2011-04-13 03:33 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-02 09:32 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-02 09:32 - 2009-07-14 05:51 - 00070553 _____ () C:\Windows\setupact.log
2014-03-01 22:44 - 2013-09-14 19:17 - 01474832 _____ () C:\Windows\System32\Drivers\sfi.dat
2014-03-01 22:44 - 2009-07-14 05:45 - 00009696 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-01 22:44 - 2009-07-14 05:45 - 00009696 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-01 22:42 - 2013-09-15 02:42 - 01939698 _____ () C:\Windows\WindowsUpdate.log
2014-03-01 22:37 - 2013-09-14 18:33 - 00045056 _____ () C:\Windows\SysWOW64\acovcnt.exe
2014-03-01 22:35 - 2014-03-01 22:35 - 00000000 ____D () C:\Users\Bur\AppData\Local\{017C767A-23AC-4A2D-91DB-42F17069D394}
2014-03-01 22:35 - 2013-12-26 11:52 - 00000896 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-27 11:54 - 2014-02-27 11:54 - 17858952 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-02-27 11:54 - 2013-12-26 11:52 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-27 11:54 - 2013-12-26 11:52 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-27 11:54 - 2013-12-26 11:52 - 00003834 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-27 11:11 - 2014-02-27 11:11 - 00000000 ____D () C:\Users\Bur\AppData\Local\Windows Live
2014-02-27 11:11 - 2014-02-27 11:11 - 00000000 ____D () C:\Users\Bur\AppData\Local\{AE7790FD-15C1-4920-9E1B-B8247D50B5AE}
2014-02-18 17:19 - 2014-02-18 17:18 - 00000000 ____D () C:\Users\Bur\AppData\Local\{800B6E84-585D-4CE6-815E-8252C7F8F9BD}
2014-02-16 13:54 - 2014-02-10 18:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-16 01:16 - 2013-09-14 19:26 - 15634256 _____ () C:\Windows\System32\Drivers\fvstore.dat
2014-02-15 14:28 - 2011-04-13 03:33 - 00003908 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-15 14:28 - 2011-04-13 03:33 - 00003656 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-15 14:14 - 2014-02-15 14:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-15 14:12 - 2014-02-15 14:12 - 00001022 _____ () C:\Users\Public\Desktop\LifeFrame.lnk
2014-02-15 14:12 - 2011-04-13 03:47 - 00000000 ____D () C:\Program Files (x86)\ASUS
2014-02-15 13:57 - 2014-02-15 13:57 - 00000033 _____ () C:\ATKPF.ini
2014-02-14 12:04 - 2013-09-14 18:33 - 00000000 ____D () C:\Users\Bur\AppData\Local\VirtualStore
2014-02-14 12:01 - 2014-02-14 12:00 - 95027928 ____T () C:\ProgramData\8zmq9v7a.fee
2014-02-14 12:00 - 2014-02-14 12:00 - 00333560 ____T (Microsoft Corporation) C:\ProgramData\8zmq9v7a.zvv
2014-02-14 12:00 - 2014-02-14 12:00 - 00146321 _____ (Microsoft Corporation) C:\ProgramData\a7v9qmz8.cpp
2014-02-12 21:19 - 2011-03-17 12:52 - 00687370 _____ () C:\Windows\System32\perfh019.dat
2014-02-12 21:19 - 2011-03-17 12:52 - 00136268 _____ () C:\Windows\System32\perfc019.dat
2014-02-12 21:19 - 2009-07-14 06:13 - 01575604 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-02-12 20:02 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-12 18:06 - 2009-07-14 06:08 - 00032582 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-10 19:59 - 2013-09-15 02:58 - 00001292 _____ () C:\Windows\System32\ServiceFilter.ini
2014-02-10 19:19 - 2014-02-10 19:19 - 00000000 ____D () C:\Users\Bur\AppData\Local\Macromedia
2014-02-10 18:52 - 2014-02-10 18:51 - 00000000 ____D () C:\Users\Bur\AppData\Roaming\Mozilla
2014-02-10 18:52 - 2014-02-10 18:51 - 00000000 ____D () C:\Users\Bur\AppData\Local\Mozilla
2014-02-10 18:51 - 2014-02-10 18:51 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-10 18:51 - 2014-02-10 18:51 - 00000000 ____D () C:\ProgramData\Mozilla
2014-02-10 18:47 - 2014-02-10 18:46 - 24900816 _____ (Mozilla) C:\Users\Bur\Downloads\Firefox Setup 27.0.exe
2014-02-06 13:16 - 2014-02-12 21:11 - 23170048 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-02-06 12:30 - 2014-02-12 21:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-02-06 12:30 - 2014-02-12 21:11 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 12:12 - 2014-02-12 21:10 - 02765824 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-02-06 12:07 - 2014-02-12 21:11 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-02-06 12:06 - 2014-02-12 21:11 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-12 21:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-02-06 11:56 - 2014-02-12 21:11 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-02-06 11:52 - 2014-02-12 21:11 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-02-06 11:49 - 2014-02-12 21:11 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-02-06 11:48 - 2014-02-12 21:11 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-02-06 11:48 - 2014-02-12 21:10 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-02-06 11:38 - 2014-02-12 21:10 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 11:32 - 2014-02-12 21:11 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-02-06 11:20 - 2014-02-12 21:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 11:17 - 2014-02-12 21:11 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-02-06 11:11 - 2014-02-12 21:10 - 05768704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-02-06 11:01 - 2014-02-12 21:11 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 11:00 - 2014-02-12 21:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-12 21:11 - 00627200 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-02-06 10:57 - 2014-02-12 21:10 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 10:52 - 2014-02-12 21:11 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 10:52 - 2014-02-12 21:11 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 10:50 - 2014-02-12 21:10 - 02041856 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-02-06 10:49 - 2014-02-12 21:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 10:47 - 2014-02-12 21:11 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 10:46 - 2014-02-12 21:11 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 10:25 - 2014-02-12 21:11 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 10:25 - 2014-02-12 21:10 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 10:24 - 2014-02-12 21:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-02-06 10:22 - 2014-02-12 21:10 - 13051392 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-02-06 10:13 - 2014-02-12 21:11 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 10:09 - 2014-02-12 21:10 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 10:03 - 2014-02-12 21:10 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 09:55 - 2014-02-12 21:10 - 01393664 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-02-06 09:41 - 2014-02-12 21:10 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 09:40 - 2014-02-12 21:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-02-06 09:36 - 2014-02-12 21:10 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 09:34 - 2014-02-12 21:10 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-05 14:30 - 2013-09-22 15:17 - 00002181 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-03 16:52 - 2014-02-03 16:52 - 00000000 ____D () C:\Users\Bur\AppData\Local\{0704548B-5776-40D2-A316-E71C6B5B0822}
2014-02-03 16:01 - 2013-09-14 19:07 - 00000000 ____D () C:\Users\Bur\AppData\Local\Google

Files to move or delete:
====================
C:\ProgramData\8zmq9v7a.fee
C:\ProgramData\8zmq9v7a.zvv


Some content of TEMP:
====================
C:\Users\Bur\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2014-02-12 20:02:22
Restore point made on: 2014-02-12 21:10:50

==================== BCD ================================

Windows-Start-Manager
---------------------
Bezeichner              {bootmgr}
device                  partition=C:
path                    \bootmgr
description             Windows Boot Manager
locale                  ru-RU
inherit                 {globalsettings}
default                 {default}
resumeobject            {8cb2d9b0-7c05-11de-842e-b4611d44fefa}
displayorder            {default}
toolsdisplayorder       {memdiag}
timeout                 30

Windows-Startladeprogramm
-------------------------
Bezeichner              {8cb2d9b1-7c05-11de-842e-b4611d44fefa}
device                  unknown
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  ru-RU
inherit                 {bootloadersettings}
recoverysequence        {8cb2d9b4-7c05-11de-842e-b4611d44fefa}
recoveryenabled         Yes
osdevice                unknown
systemroot              \Windows
resumeobject            {8cb2d9b0-7c05-11de-842e-b4611d44fefa}
nx                      OptIn

Windows-Startladeprogramm
-------------------------
Bezeichner              {8cb2d9b4-7c05-11de-842e-b4611d44fefa}

Windows-Startladeprogramm
-------------------------
Bezeichner              {default}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7 Home Premium (wiederhergestellt) 
locale                  ru-RU
recoverysequence        {8cb2d9b4-7c05-11de-842e-b4611d44fefa}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows

Windows-Startladeprogramm
-------------------------
Bezeichner              {8cb2d9b7-7c05-11de-842e-b4611d44fefa}
device                  ramdisk=[C:]\Recovery\8cb2d9b4-7c05-11de-842e-b4611d44fefa\Winre.wim,{8cb2d9b8-7c05-11de-842e-b4611d44fefa}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment (wiederhergestellt) 
locale                  
osdevice                ramdisk=[C:]\Recovery\8cb2d9b4-7c05-11de-842e-b4611d44fefa\Winre.wim,{8cb2d9b8-7c05-11de-842e-b4611d44fefa}
systemroot              \windows
winpe                   Yes

Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner              {8cb2d9b0-7c05-11de-842e-b4611d44fefa}
device                  unknown
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  ru-RU
inherit                 {resumeloadersettings}
filedevice              unknown
filepath                \hiberfil.sys
debugoptionenabled      No

Windows-Speichertestprogramm
----------------------------
Bezeichner              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  ru-RU
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS-Einstellungen
-----------------
Bezeichner              {emssettings}
bootems                 Yes

Debuggereinstellungen
---------------------
Bezeichner              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM-Defekte
-----------
Bezeichner              {badmemory}

Globale Einstellungen
---------------------
Bezeichner              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Startladeprogramm-Einstellungen
-------------------------------
Bezeichner              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisoreinstellungen
-------------------
Bezeichner              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner              {resumeloadersettings}
inherit                 {globalsettings}

Ger„teoptionen
--------------
Bezeichner              {8cb2d9b5-7c05-11de-842e-b4611d44fefa}
description             Ramdisk Options
ramdisksdidevice        unknown
ramdisksdipath          \Recovery\8cb2d9b4-7c05-11de-842e-b4611d44fefa\boot.sdi

Ger„teoptionen
--------------
Bezeichner              {8cb2d9b8-7c05-11de-842e-b4611d44fefa}
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\8cb2d9b4-7c05-11de-842e-b4611d44fefa\boot.sdi


==================== Memory info =========================== 

Percentage of memory in use: 11%
Total physical RAM: 6050.14 MB
Available physical RAM: 5334.11 MB
Total Pagefile: 6048.34 MB
Available Pagefile: 5336.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:440.76 GB) (Free:291.56 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (GSP1RMCULXFRER_DE_DVD) (CDROM) (Total:3.04 GB) (Free:0 GB) UDF
Drive e: () (Removable) (Total:15.02 GB) (Free:14.91 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 9B94EF39)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=441 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 15 GB) (Disk ID: 00109E22)
Partition 1: (Active) - (Size=15 GB) - (Type=07 NTFS)


LastRegBack: 2014-02-10 22:17

==================== End Of Log ============================

Brauche Fixlist.txt
Falls das natürlich hilft

))

Gruss Prostoj

schrauber · 02.03.2014, 15:28

hi,

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

Startup: C:\Users\Bur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8zmq9v7a.lnk
ShortcutTarget: 8zmq9v7a.lnk -> C:\ProgramData\a7v9qmz8.cpp (Microsoft Corporation)
S2 Winmgmt; C:\ProgramData\8zmq9v7a.zvv [333560 2014-02-14] (Microsoft Corporation)
2014-02-14 12:00 - 2014-02-14 12:01 - 95027928 ____T () C:\ProgramData\8zmq9v7a.fee
2014-02-14 12:00 - 2014-02-14 12:00 - 00333560 ____T (Microsoft Corporation) C:\ProgramData\8zmq9v7a.zvv
2014-02-14 12:00 - 2014-02-14 12:00 - 00146321 _____ (Microsoft Corporation) C:\ProgramData\a7v9qmz8.cpp

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

prostoj · 02.03.2014, 15:57

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-03-2014 01
Ran by SYSTEM at 2014-03-02 15:37:04 Run:1
Running from E:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
Startup: C:\Users\Bur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8zmq9v7a.lnk
ShortcutTarget: 8zmq9v7a.lnk -> C:\ProgramData\a7v9qmz8.cpp (Microsoft Corporation)
S2 Winmgmt; C:\ProgramData\8zmq9v7a.zvv [333560 2014-02-14] (Microsoft Corporation)
2014-02-14 12:00 - 2014-02-14 12:01 - 95027928 ____T () C:\ProgramData\8zmq9v7a.fee
2014-02-14 12:00 - 2014-02-14 12:00 - 00333560 ____T (Microsoft Corporation) C:\ProgramData\8zmq9v7a.zvv
2014-02-14 12:00 - 2014-02-14 12:00 - 00146321 _____ (Microsoft Corporation) C:\ProgramData\a7v9qmz8.cpp
*****************

C:\Users\Bur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8zmq9v7a.lnk => Moved successfully.
C:\ProgramData\a7v9qmz8.cpp => Moved successfully.
Winmgmt => Service restored successfully.
C:\ProgramData\8zmq9v7a.fee => Moved successfully.
C:\ProgramData\8zmq9v7a.zvv => Moved successfully.
"C:\ProgramData\a7v9qmz8.cpp" => File/Directory not found.

==== End of Fixlog ====

Danke, läuft wieder wie gewohnt

Werde noch mit Malwarebytes durchlaufen lassen.

schrauber · 03.03.2014, 13:45

Ab jetzt alles im normalen Modus:

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Interpool Trojaner, brauche Fixlist.txt

Plagegeister aller Art und deren Bekämpfung: Interpool Trojaner, brauche Fixlist.txt