Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Interpol Virus

Interpol Virus


Log-Analyse und Auswertung: Interpol Virus

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 16.12.2014, 21:09   #1
Schwencky
 
Interpol Virus - Standard

Interpol Virus


Hallo,
habe von einer Freundin meiner Frau ein Acer Aspire One, die sich den Interpol Virus eingefangen hat. Das Laptop fährt normal hoch und dann kommt sofort die Interpol Seite mit
eingeschalteter Web-Cam, IP-Adresse, Land, Standort, Benutzername und Betriebssystem. Ein riesen Text dabei, mit Sachen gegen die man verstoßen hat. Man wird gebeten 100,- Euro zu bezahlen über PaySafeCard Gutschein und dann wäre die PC-Sperre (40 Std.) wieder aufgehoben. Im Netz hatte ich gelesen über den abgesicherten Modus im Netzwerk ( ohne Internetverbindung am PC ) über Start/Programme "msconfig" alles im Autostart zu deaktivieren. Dieses ist nicht möglich einzugeben, da die Zeit viel zu kurz bzw. PC fährt gleich wieder runter. Habe dann einen Scan mit dem Farbar Recovery Scan Tool 64 Bit gemacht und hoffe ihr könnt mir helfen.


Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 01
Ran by SYSTEM on MININT-7DB7R0I on 16-12-2014 19:39:32
Running from F:\
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\Default\...\Run: [CONNMGRTRAY] => C:\Program Files\Acer\Acer 3G Connection Manager\ConnMgrLauncher.exe [363112 2011-06-20] ()
HKU\Default\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
HKU\Default User\...\Run: [CONNMGRTRAY] => C:\Program Files\Acer\Acer 3G Connection Manager\ConnMgrLauncher.exe [363112 2011-06-20] ()
HKU\Default User\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
HKU\Somphit Klata-in\...\Run: [CONNMGRTRAY] => C:\Program Files\Acer\Acer 3G Connection Manager\ConnMgrLauncher.exe [363112 2011-06-20] ()
Startup: C:\Users\Somphit Klata-in\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\76ADA9727.lnk
ShortcutTarget: 76ADA9727.lnk -> C:\Windows\System32\regsvr32.exe (Microsoft Corporation)

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-11-19] (WildTangent)
S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\mcafee\msc\McAWFwk.exe [224704 2011-03-08] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
S2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
S2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [501768 2011-03-17] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [197960 2011-03-13] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [208272 2011-03-13] (McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [158832 2011-03-13] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
S2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)
S2 Winmgmt; C:\ProgramData\76ADA9727.zot [361984 2014-12-15] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [65128 2011-03-13] (McAfee, Inc.)
S5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2010-07-26] (Huawei Technologies Co., Ltd.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [156792 2011-03-13] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [227856 2011-03-13] (McAfee, Inc.)
S3 mfeavfk01; No ImagePath
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [481376 2011-03-13] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [639216 2011-03-13] (McAfee, Inc.)
S1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75672 2011-03-13] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [98728 2011-03-13] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [281928 2011-03-13] (McAfee, Inc.)

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys D5B031C308A409A0A576BFF4CF083D30
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 9A4B92150A5E259A7159D914CC3A60D7
C:\Windows\System32\DRIVERS\atikmpag.sys 9DEB889D152F9C9DBA98BE8986084535
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\btath_flt.sys 185F180536188C1A4ED605234721A5B9
C:\Windows\System32\DRIVERS\athrx.sys 5493ED5D300AFC7A9A0A87FCA08E5381
C:\Windows\System32\drivers\AtihdW76.sys CBD14F698DEF12EE3557604B726CB8EB
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bcmwl664.sys 43AD3D3E7674833FCA9A7C4E7180AD54
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\system32\drivers\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\drivers\btath_a2dp.sys D74A81CCF0372C955862692B7AF272C9
C:\Windows\System32\drivers\btath_avdt.sys 3118072D09DAA1961A9F6549A4E8433A
C:\Windows\System32\DRIVERS\btath_bus.sys E6B734A37ADE36FE1A77035F4E484C8C
C:\Windows\System32\DRIVERS\btath_hcrp.sys FB3833E63FF602B69C2FF085846DCF43
C:\Windows\System32\DRIVERS\btath_lwflt.sys 8008D892A2BDA67EEFBE25E14EB5DC83
C:\Windows\System32\DRIVERS\btath_rcp.sys ABCD3C16CA850A7594CEB9AD5D966810
C:\Windows\System32\DRIVERS\btfilter.sys 65350DC9B058B34BBD3AC837C38C2817
C:\Windows\System32\DRIVERS\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 64C198198501F7560EE41D8D1EFA7952
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\cdrom.sys ==> MD5 is legit
C:\Windows\System32\drivers\cfwids.sys E8DDAAF635A4EA6F24927544E97C6DE8
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys ==> MD5 is legit
C:\Windows\System32\drivers\CHDRT64.sys 87FF942B1954F31AD09028BCCC9DCCA2
C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ETD.sys 9D8739A2A2173C9D27C499A3FC6EDA3F
C:\Windows\System32\DRIVERS\ewusbwwan.sys F673E476EAE320AD07278396A05B4AAC
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ewusbmdm.sys 48BD20F0D9DE15000D2F4FE1A927AEA2
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecpkg.sys ==> MD5 is legit
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\L1C62x64.sys 6DD5383C9413AAE3113FAF89E345663D
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\mfeapfk.sys FB752FEB1ED4E660FF51712892905C04
C:\Windows\System32\drivers\mfeavfk.sys 3257CF681999A47D8C552DFBBEB7844E
C:\Windows\System32\drivers\mfefirek.sys 00016D7ED29A95D6F7E7B6A3F591FD2D
C:\Windows\System32\drivers\mfehidk.sys 39030C98198F02A2F3A1C3166BF56253
C:\Windows\System32\DRIVERS\mfenlfk.sys 217FA02439DE74844B6A39AEBEED24E1
C:\Windows\System32\drivers\mferkdet.sys 8474E6EE0B5EAB108CF005C6C4956E75
C:\Windows\System32\drivers\mfewfpk.sys D4CF36F1EBA374FCC35903AE4F4E46BC
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mwlPSDFilter.sys C009123B206C56854F4E88596035231D
C:\Windows\System32\DRIVERS\mwlPSDNServ.sys BF3739EEB9F008B1DEBAC115089A53F8
C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys 38DD143D95E7A01B86F219DDA9C28779
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys A2F74975097F52A00745F9637451FDD8
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RtsUStor.sys 135A64530D7699AD48F29D73A658DD11
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys F0E98C00A09FDF791525829A1D14240F
C:\Windows\System32\DRIVERS\tcpip.sys F0E98C00A09FDF791525829A1D14240F
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbehci.sys C025055FE7B87701EB042095DF1A2D7B
C:\Windows\System32\DRIVERS\usbfilter.sys 76E2FFAD301490BA27B947C6507752FB
C:\Windows\system32\drivers\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24
C:\Windows\system32\drivers\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\system32\drivers\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD
C:\Windows\System32\Drivers\usbvideo.sys 454800C2BC7F3927CE030141EE4F4C50
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-16 19:38 - 2014-12-16 19:39 - 00000000 ____D () C:\FRST
2014-12-15 15:12 - 2014-12-15 15:29 - 00000000 ____D () C:\Windows\pss
2014-12-15 14:24 - 2014-12-15 14:24 - 00361984 ____T () C:\ProgramData\76ADA9727.zot
2014-12-15 14:18 - 2014-12-15 14:18 - 00098304 _____ (Microsoft Corporation) C:\ProgramData\7279ADA67.cpp
2014-12-15 14:13 - 2014-12-15 15:07 - 00000000 ____D () C:\Users\Somphit Klata-in\AppData\Local\CrashDumps
2014-12-15 14:08 - 2014-12-15 14:08 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-12-15 14:07 - 2014-12-15 15:29 - 00000000 ____D () C:\Users\Somphit Klata-in\AppData\Roaming\WildTangent
2014-12-15 13:31 - 2014-06-30 14:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\System32\icardres.dll
2014-12-15 13:31 - 2014-06-30 14:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-12-15 13:31 - 2014-03-09 13:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\System32\icardagt.exe
2014-12-15 13:31 - 2014-03-09 13:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\System32\infocardapi.dll
2014-12-15 13:31 - 2014-03-09 13:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-12-15 13:31 - 2014-03-09 13:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-12-15 13:30 - 2014-06-05 22:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-12-15 13:30 - 2014-06-05 22:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\System32\TsWpfWrp.exe
2014-12-15 11:05 - 2014-05-14 08:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2014-12-15 11:05 - 2014-05-14 08:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2014-12-15 11:05 - 2014-05-14 08:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\System32\wups2.dll
2014-12-15 11:05 - 2014-05-14 08:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2014-12-15 11:04 - 2014-05-14 00:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2014-12-15 11:04 - 2014-05-14 00:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-12-15 11:04 - 2014-05-14 00:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2014-12-15 11:04 - 2014-05-14 00:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-12-14 21:10 - 2014-12-15 10:59 - 00643866 _____ () C:\Windows\System32\perfh007.dat
2014-12-14 21:10 - 2014-12-15 10:59 - 00126394 _____ () C:\Windows\System32\perfc007.dat
2014-12-14 21:10 - 2014-12-14 21:09 - 00295922 _____ () C:\Windows\System32\perfi007.dat
2014-12-14 21:10 - 2014-12-14 21:09 - 00038104 _____ () C:\Windows\System32\perfd007.dat
2014-12-14 21:09 - 2014-12-14 21:09 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2014-12-14 21:09 - 2014-12-14 21:09 - 00000000 ____D () C:\Windows\SysWOW64\de
2014-12-14 21:09 - 2014-12-14 21:09 - 00000000 ____D () C:\Windows\SysWOW64\0407
2014-12-14 21:09 - 2014-12-14 21:09 - 00000000 ____D () C:\Windows\System32\de
2014-12-14 21:09 - 2014-12-14 21:09 - 00000000 ____D () C:\Windows\System32\0407
2014-12-14 20:59 - 2014-12-14 20:59 - 00000000 ____D () C:\Windows\NAPP_Dism_Log
2014-12-14 14:19 - 2014-12-14 14:19 - 00000000 ____D () C:\Users\Somphit Klata-in\AppData\Roaming\Adobe
2014-12-14 14:09 - 2014-12-14 14:09 - 00000000 ____D () C:\Users\Somphit Klata-in\AppData\Local\OEM
2014-12-14 14:08 - 2014-12-14 14:08 - 00000000 ____D () C:\Users\Somphit Klata-in\AppData\Roaming\Atheros
2014-12-14 14:07 - 2014-12-14 14:07 - 00000000 ____D () C:\Users\Somphit Klata-in\AppData\Local\VirtualStore
2014-12-14 14:03 - 2014-12-15 15:29 - 00000000 ____D () C:\users\Somphit Klata-in
2014-12-14 14:03 - 2014-12-14 14:03 - 00057560 _____ () C:\Users\Somphit Klata-in\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-14 14:03 - 2014-12-14 14:03 - 00000020 ___SH () C:\Users\Somphit Klata-in\ntuser.ini
2014-12-14 14:03 - 2014-12-14 14:03 - 00000000 _SHDL () C:\Users\Somphit Klata-in\Vorlagen
2014-12-14 14:03 - 2014-12-14 14:03 - 00000000 _SHDL () C:\Users\Somphit Klata-in\Startmenü
2014-12-14 14:03 - 2014-12-14 14:03 - 00000000 _SHDL () C:\Users\Somphit Klata-in\Netzwerkumgebung
2014-12-14 14:03 - 2014-12-14 14:03 - 00000000 _SHDL () C:\Users\Somphit Klata-in\Lokale Einstellungen
2014-12-14 14:03 - 2014-12-14 14:03 - 00000000 _SHDL () C:\Users\Somphit Klata-in\Eigene Dateien
2014-12-14 14:03 - 2014-12-14 14:03 - 00000000 _SHDL () C:\Users\Somphit Klata-in\Druckumgebung
2014-12-14 14:03 - 2014-12-14 14:03 - 00000000 _SHDL () C:\Users\Somphit Klata-in\Documents\Eigene Musik
2014-12-14 14:03 - 2014-12-14 14:03 - 00000000 _SHDL () C:\Users\Somphit Klata-in\Documents\Eigene Bilder
2014-12-14 14:03 - 2014-12-14 14:03 - 00000000 _SHDL () C:\Users\Somphit Klata-in\AppData\Local\Verlauf
2014-12-14 14:03 - 2014-12-14 14:03 - 00000000 _SHDL () C:\Users\Somphit Klata-in\AppData\Local\Anwendungsdaten
2014-12-14 14:03 - 2014-12-14 14:03 - 00000000 _SHDL () C:\Users\Somphit Klata-in\Anwendungsdaten
2014-12-14 14:03 - 2014-12-14 14:03 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-12-14 14:03 - 2014-12-14 14:03 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-12-14 14:03 - 2014-12-14 14:03 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2014-12-14 14:03 - 2014-12-14 14:03 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-12-14 14:03 - 2014-12-14 14:03 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-12-14 14:03 - 2014-12-14 14:03 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2014-12-14 14:03 - 2014-12-14 14:03 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2014-12-14 14:03 - 2014-12-14 14:03 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-12-14 14:03 - 2014-12-14 14:03 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-12-14 14:03 - 2014-12-14 14:03 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-12-14 14:03 - 2014-12-14 14:03 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-12-14 14:03 - 2014-12-14 14:03 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2014-12-14 14:03 - 2014-12-14 14:03 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2014-12-14 14:03 - 2014-12-14 14:03 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2014-12-14 14:03 - 2014-12-14 14:03 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2014-12-14 14:03 - 2014-12-14 14:03 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2014-12-14 14:03 - 2014-12-14 14:03 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2014-12-14 14:03 - 2014-12-14 14:03 - 00000000 _SHDL () C:\Programme
2014-12-14 14:03 - 2014-12-14 14:03 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2014-12-14 14:03 - 2014-12-14 14:03 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-12-14 14:03 - 2014-12-14 14:03 - 00000000 _SHDL () C:\ProgramData\Favoriten
2014-12-14 14:03 - 2014-12-14 14:03 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-12-14 14:03 - 2014-12-14 14:03 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2014-12-14 14:03 - 2014-12-14 14:03 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2014-12-14 14:03 - 2014-12-14 14:03 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2014-12-14 14:03 - 2014-12-14 14:03 - 00000000 __SHD () C:\Recovery
2014-12-14 14:03 - 2014-12-14 14:03 - 00000000 ____D () C:\Program Files\Accessory Store
2014-12-14 14:03 - 2011-10-19 09:08 - 00000000 ____D () C:\Users\Somphit Klata-in\AppData\Roaming\Macromedia
2014-12-14 13:10 - 2014-12-14 13:10 - 00000000 ____D () C:\ProgramData\EgisTec
2014-12-14 13:01 - 2014-12-14 13:01 - 00000000 ____D () C:\ProgramData\Temp
2014-12-14 13:00 - 2014-12-14 13:01 - 00000000 ____D () C:\Program Files (x86)\EgisTec Shredder
2014-12-14 13:00 - 2014-12-14 13:00 - 00062776 _____ (Egis Technology Inc.) C:\Windows\System32\Drivers\mwlPSDVDisk.sys
2014-12-14 13:00 - 2014-12-14 13:00 - 00022648 _____ (Egis Technology Inc.) C:\Windows\System32\Drivers\mwlPSDFilter.sys
2014-12-14 13:00 - 2014-12-14 13:00 - 00020520 _____ (Egis Technology Inc.) C:\Windows\System32\Drivers\mwlPSDNserv.sys
2014-12-14 12:59 - 2014-12-14 13:00 - 00000000 ____D () C:\ProgramData\EgisTec IPS
2014-12-14 12:59 - 2014-12-14 12:59 - 00000000 ____D () C:\Program Files (x86)\EgisTec IPS
2014-12-14 12:58 - 2014-12-14 13:00 - 00000000 ____D () C:\Program Files (x86)\EgisTec MyWinLocker
2014-12-14 12:58 - 2014-12-14 12:58 - 00000000 ____D () C:\Program Files\EgisTec IPS
2014-12-14 12:57 - 2014-12-14 12:57 - 00000000 ____D () C:\Program Files (x86)\EgisTec MyWinLockerSuite
2014-12-14 12:56 - 2014-12-14 12:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-12-14 12:54 - 2014-12-14 12:54 - 00000000 ____D () C:\ProgramData\Atheros
2014-12-14 12:53 - 2014-12-14 12:53 - 00000000 _____ () C:\Windows\ativpsrm.bin
2014-12-14 12:48 - 2010-12-16 15:18 - 00198784 ____N (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
2014-12-14 12:47 - 2014-12-14 12:48 - 00000000 ____D () C:\Program Files\CONEXANT
2014-12-14 12:44 - 2014-12-15 15:29 - 00000000 ____D () C:\Program Files\Elantech
2014-12-14 12:44 - 2014-12-14 12:44 - 00004786 _____ () C:\Windows\DPINST.LOG
2014-12-14 12:42 - 2014-12-14 12:42 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2014-12-14 12:42 - 2014-12-14 12:42 - 00000000 ____D () C:\Program Files (x86)\AMD APP
2014-12-14 12:42 - 2010-11-28 12:50 - 00044672 _____ (Advanced Micro Devices) C:\Windows\System32\Drivers\usbfilter.sys
2014-12-14 12:39 - 2014-12-14 12:41 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-12-14 12:39 - 2014-12-14 12:39 - 00000000 ____D () C:\Program Files\ATI
2014-12-14 12:38 - 2014-12-14 12:38 - 00000184 _____ () C:\Windows\LMv4.UNI
2014-12-14 12:38 - 2014-12-14 12:38 - 00000000 ____D () C:\Program Files (x86)\Launch Manager
2014-12-14 12:36 - 2014-12-14 12:36 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_Kernel_btath_hcrp_01009.Wdf
2014-12-14 12:33 - 2014-12-15 15:29 - 00000000 ____D () C:\Program Files (x86)\Bluetooth Suite
2014-12-14 12:32 - 2014-12-14 12:51 - 00000166 _____ () C:\Windows\Driver_install.log
2014-12-14 12:29 - 2014-12-14 12:29 - 00001956 _____ () C:\Users\Public\Desktop\Acer 3G Connection Manager.lnk
2014-12-14 12:28 - 2014-12-14 12:28 - 00000000 ____D () C:\Program Files (x86)\HUAWEI Modem Driver
2014-12-14 12:28 - 2011-06-10 00:26 - 00416768 _____ (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ewusbwwan.sys
2014-12-14 12:28 - 2011-06-10 00:26 - 00222976 _____ (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ewusbmdm.sys
2014-12-14 12:28 - 2010-10-08 00:59 - 00032768 _____ (Huawei Tech. Co., Ltd.) C:\Windows\System32\Drivers\ewdcsc.sys
2014-12-14 12:28 - 2010-08-05 15:43 - 01001472 _____ (DiBcom SA) C:\Windows\System32\Drivers\mod7700.sys
2014-12-14 12:28 - 2010-07-26 17:52 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ew_hwusbdev.sys
2014-12-14 12:28 - 2010-03-19 20:06 - 00013952 _____ (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ew_usbenumfilter.sys
2014-12-14 12:25 - 2014-12-14 12:25 - 00000000 ___HD () C:\book
2014-12-14 12:22 - 2014-12-15 15:58 - 01826382 _____ () C:\Windows\WindowsUpdate.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-15 16:10 - 2011-10-19 08:22 - 00001832 _____ () C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
2014-12-15 16:10 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-15 16:10 - 2009-07-13 20:51 - 00033763 _____ () C:\Windows\setupact.log
2014-12-15 15:58 - 2009-07-13 20:45 - 00016752 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-15 15:58 - 2009-07-13 20:45 - 00016752 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-15 15:52 - 2009-07-13 20:45 - 00024576 _____ () C:\Windows\System32\umstartup.etl
2014-12-15 15:29 - 2011-10-19 07:48 - 00000000 ____D () C:\ProgramData\WildTangent
2014-12-15 15:29 - 2010-11-20 23:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-12-15 15:29 - 2010-11-20 23:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-12-15 15:29 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-12-15 15:29 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-12-15 15:29 - 2009-07-13 19:20 - 00000000 __RSD () C:\Windows\Media
2014-12-15 15:29 - 2009-07-13 19:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-12-15 15:29 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\IME
2014-12-15 15:29 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Cursors
2014-12-15 15:29 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-12-15 15:28 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\migwiz
2014-12-15 15:28 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-12-15 15:28 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\migwiz
2014-12-15 15:28 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\Dism
2014-12-15 15:28 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\AdvancedInstallers
2014-12-15 15:28 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\servicing
2014-12-15 15:26 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
2014-12-15 14:50 - 2010-11-20 19:47 - 00006918 _____ () C:\Windows\PFRO.log
2014-12-15 14:07 - 2011-10-19 07:48 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2014-12-15 14:06 - 2011-10-19 07:48 - 00002662 ____N () C:\Users\Public\Desktop\WildTangent Games App - acer.lnk
2014-12-15 13:18 - 2011-10-19 08:18 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2014-12-15 13:17 - 2011-10-19 08:18 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-12-15 12:54 - 2011-10-19 07:34 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-15 11:06 - 2011-10-19 08:18 - 00000000 ____D () C:\ProgramData\McAfee
2014-12-15 11:03 - 2009-07-13 21:32 - 00000000 ____D () C:\Windows\System32\restore
2014-12-15 10:59 - 2009-07-13 21:13 - 01472002 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-12-14 21:15 - 2010-11-20 23:06 - 00000000 ____D () C:\Windows\SysWOW64\winrm
2014-12-14 21:15 - 2010-11-20 23:06 - 00000000 ____D () C:\Windows\SysWOW64\WCN
2014-12-14 21:15 - 2010-11-20 23:06 - 00000000 ____D () C:\Windows\SysWOW64\sysprep
2014-12-14 21:15 - 2010-11-20 23:06 - 00000000 ____D () C:\Windows\SysWOW64\slmgr
2014-12-14 21:15 - 2010-11-20 23:06 - 00000000 ____D () C:\Windows\System32\winrm
2014-12-14 21:15 - 2010-11-20 23:06 - 00000000 ____D () C:\Windows\System32\WCN
2014-12-14 21:15 - 2010-11-20 23:06 - 00000000 ____D () C:\Windows\System32\slmgr
2014-12-14 21:15 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\oobe
2014-12-14 21:15 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2014-12-14 21:15 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\MUI
2014-12-14 21:09 - 2010-11-20 23:06 - 00000000 ____D () C:\Windows\SysWOW64\Printing_Admin_Scripts
2014-12-14 21:09 - 2010-11-20 23:06 - 00000000 ____D () C:\Windows\System32\Printing_Admin_Scripts
2014-12-14 21:09 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\DigitalLocker
2014-12-14 21:09 - 2009-07-13 21:32 - 00000000 ____D () C:\Windows\System32\WinBioPlugIns
2014-12-14 21:09 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-12-14 21:09 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-12-14 21:09 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files\DVD Maker
2014-12-14 21:09 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2014-12-14 21:09 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2014-12-14 21:09 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\Setup
2014-12-14 21:09 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\com
2014-12-14 21:09 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\Setup
2014-12-14 21:09 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\oobe
2014-12-14 21:09 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\com
2014-12-14 21:09 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-14 20:55 - 2009-07-13 21:38 - 00025600 ___SH () C:\Windows\System32\config\BCD-Template.LOG
2014-12-14 20:55 - 2009-07-13 21:32 - 00028672 _____ () C:\Windows\System32\config\BCD-Template
2014-12-14 14:09 - 2011-10-19 08:15 - 00011415 _____ () C:\Windows\patch.log
2014-12-14 14:08 - 2011-10-19 09:00 - 00000000 ____D () C:\ProgramData\oem
2014-12-14 14:07 - 2011-10-19 08:07 - 00000000 ___HD () C:\OEM
2014-12-14 14:03 - 2009-07-13 19:20 - 00000000 __RHD () C:\users\Default
2014-12-14 14:03 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-12-14 14:03 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Windows NT
2014-12-14 13:30 - 2009-07-13 20:46 - 00004059 _____ () C:\Windows\DtcInstall.log
2014-12-14 13:30 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\sysprep
2014-12-14 13:30 - 2007-07-11 17:49 - 00000000 ____D () C:\Windows\Panther
2014-12-14 13:10 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Help
2014-12-14 13:07 - 2011-10-19 08:23 - 00000000 ____D () C:\Program Files (x86)\Acer
2014-12-14 13:05 - 2011-10-19 08:23 - 00000000 ____D () C:\Program Files\Acer
2014-12-14 12:39 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-12-14 12:35 - 2011-09-16 06:16 - 00246804 _____ () C:\Windows\System32\Drivers\AtherosBt.bin
2014-12-14 12:35 - 2011-09-16 06:16 - 00001242 _____ () C:\Windows\System32\Drivers\ramps_0x01020200_40_0x01.dfu
2014-12-14 12:35 - 2011-09-16 06:16 - 00001204 _____ () C:\Windows\System32\Drivers\ramps_0x01020200_40_0x02.dfu
2014-12-14 12:35 - 2011-09-16 06:16 - 00001204 _____ () C:\Windows\System32\Drivers\ramps_0x01020200_40.dfu
2014-12-14 12:35 - 2011-09-16 06:16 - 00001198 _____ () C:\Windows\System32\Drivers\ramps_0x01020200_26.dfu
2014-12-14 12:29 - 2011-10-19 08:22 - 00000000 ____D () C:\Windows\oem
2014-12-14 12:25 - 2011-02-11 19:43 - 00000000 ____D () C:\Windows\DeployWinRE2
2014-12-14 12:25 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\Recovery
2014-12-14 12:24 - 2009-07-13 20:45 - 00274464 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-12-14 12:21 - 2011-10-19 07:18 - 00003652 _____ () C:\Windows\TSSysprep.log

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2014-12-15 11:04:14
Restore point made on: 2014-12-15 12:39:06
Restore point made on: 2014-12-15 12:41:06
Restore point made on: 2014-12-15 12:45:51
Restore point made on: 2014-12-15 12:49:38
Restore point made on: 2014-12-15 12:51:26
Restore point made on: 2014-12-15 12:53:39
Restore point made on: 2014-12-15 13:29:50
Restore point made on: 2014-12-15 15:16:09

==================== BCD ================================

Windows-Start-Manager
---------------------
Bezeichner              {bootmgr}
device                  partition=Y:
description             Windows Boot Manager
locale                  de-DE
inherit                 {globalsettings}
default                 {default}
resumeobject            {a092136a-8416-11e4-b465-aab8d8a7fe9c}
displayorder            {default}
toolsdisplayorder       {memdiag}
timeout                 30

Windows-Startladeprogramm
-------------------------
Bezeichner              {default}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  de-DE
inherit                 {bootloadersettings}
recoverysequence        {current}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {a092136a-8416-11e4-b465-aab8d8a7fe9c}
nx                      OptIn

Windows-Startladeprogramm
-------------------------
Bezeichner              {current}
device                  ramdisk=[C:]\Recovery\a092136c-8416-11e4-b465-aab8d8a7fe9c\Winre.wim,{a092136d-8416-11e4-b465-aab8d8a7fe9c}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\a092136c-8416-11e4-b465-aab8d8a7fe9c\Winre.wim,{a092136d-8416-11e4-b465-aab8d8a7fe9c}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner              {a092136a-8416-11e4-b465-aab8d8a7fe9c}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  de-DE
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows-Speichertestprogramm
----------------------------
Bezeichner              {memdiag}
device                  partition=Y:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  de-DE
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS-Einstellungen
-----------------
Bezeichner              {emssettings}
bootems                 Yes

Debuggereinstellungen
---------------------
Bezeichner              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM-Defekte
-----------
Bezeichner              {badmemory}

Globale Einstellungen
---------------------
Bezeichner              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Startladeprogramm-Einstellungen
-------------------------------
Bezeichner              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisoreinstellungen
-------------------
Bezeichner              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner              {resumeloadersettings}
inherit                 {globalsettings}

Ger„teoptionen
--------------
Bezeichner              {a092136d-8416-11e4-b465-aab8d8a7fe9c}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\a092136c-8416-11e4-b465-aab8d8a7fe9c\boot.sdi


==================== Memory info =========================== 

Percentage of memory in use: 32%
Total physical RAM: 1770.9 MB
Available physical RAM: 1192.1 MB
Total Pagefile: 1770.9 MB
Available Pagefile: 1184.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:283.99 GB) (Free:254.1 GB) NTFS
Drive e: (PQSERVICE) (Fixed) (Total:14 GB) (Free:3.77 GB) NTFS
Drive f: (AS  R-LINK) (Removable) (Total:7.26 GB) (Free:7.26 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: F197D30E)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=284 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7.3 GB) (Disk ID: 2612E218)
Partition 1: (Not Active) - (Size=7.3 GB) - (Type=0B)


LastRegBack: 2014-12-14 13:29

==================== End Of Log ============================

MfG
Schwencky

Alt 16.12.2014, 21:16   #2
Machiavelli
 
Interpol Virus - Standard

Interpol Virus


Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
Startup: C:\Users\Somphit Klata-in\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\76ADA9727.lnk
ShortcutTarget: 76ADA9727.lnk -> C:\Windows\System32\regsvr32.exe (Microsoft Corporation)
S2 Winmgmt; C:\ProgramData\76ADA9727.zot [361984 2014-12-15] ()
2014-12-15 14:24 - 2014-12-15 14:24 - 00361984 ____T () C:\ProgramData\76ADA9727.zot
2014-12-15 14:18 - 2014-12-15 14:18 - 00098304 _____ (Microsoft Corporation) C:\ProgramData\7279ADA67.cpp
C:\Users\Somphit Klata-in\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\76ADA9727.lnk
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.
__________________

__________________
Alt 16.12.2014, 21:41   #3
Schwencky
 
Interpol Virus - Standard

Interpol Virus


Ihr die Fixlog.txt

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-12-2014 01
Ran by SYSTEM at 2014-12-16 21:37:01 Run:1
Running from F:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
Startup: C:\Users\Somphit Klata-in\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\76ADA9727.lnk
ShortcutTarget: 76ADA9727.lnk -> C:\Windows\System32\regsvr32.exe (Microsoft Corporation)
S2 Winmgmt; C:\ProgramData\76ADA9727.zot [361984 2014-12-15] ()
2014-12-15 14:24 - 2014-12-15 14:24 - 00361984 ____T () C:\ProgramData\76ADA9727.zot
2014-12-15 14:18 - 2014-12-15 14:18 - 00098304 _____ (Microsoft Corporation) C:\ProgramData\7279ADA67.cpp
C:\Users\Somphit Klata-in\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\76ADA9727.lnk
*****************

C:\Users\Somphit Klata-in\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\76ADA9727.lnk => Moved successfully.
C:\Windows\System32\regsvr32.exe => Moved successfully.
Winmgmt => Service restored successfully.
C:\ProgramData\76ADA9727.zot => Moved successfully.
C:\ProgramData\7279ADA67.cpp => Moved successfully.
"C:\Users\Somphit Klata-in\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\76ADA9727.lnk" => File/Directory not found.

==== End of Fixlog ====
Bitte schön, was muss ich noch machen
MfG Schwencky
__________________
Alt 16.12.2014, 22:22   #4
Machiavelli
 
Interpol Virus - Standard

Interpol Virus


Startet das System wieder?
__________________
Proud member of Unite

Alt 16.12.2014, 22:52   #5
Schwencky
 
Interpol Virus - Standard

Interpol Virus


Hallo Machiavelli,
erst mal Danke für deine schnelle Hilfe.
Ja System startet wieder.

Ist es jetzt angebracht den PC auf Werkseinstellung zurück zu setzen
und ihn neu auf zu bauen, um ganz sicher zu gehen das alles weg ist von Virus ???

MfG
Andreas


Alt 16.12.2014, 23:05   #6
Machiavelli
 
Interpol Virus - Standard

Interpol Virus


Zitat:
Ist es jetzt angebracht den PC auf Werkseinstellung zurück zu setzen
und ihn neu auf zu bauen, um ganz sicher zu gehen das alles weg ist von Virus ???
Wenn Du das für angebracht hälst, dann ja. Es ist jedenfalls die rationalere Entscheidung.
__________________
--> Interpol Virus

Alt 16.12.2014, 23:09   #7
Schwencky
 
Interpol Virus - Standard

Interpol Virus


Bei dem Acer Aspire One ist ja keine CD bei der Auslieferung dabei (nur Vorinstalliert).
Sonst hätte ich den PC gleich neu auf gesetzt, da sie keine wichtigen Daten drauf hat. Aber leider kam ich ja nicht an die Option Werkseinstellung dran, wegen dem Virus.
Bin morgen ab ca. 19 Uhr wieder Online ( muss leider lange Arbeiten ).

Danke Andreas

Ich habe nicht soviel Ahnung !!!
Was würdest Du machen ???

MfG
Andreas

Alt 17.12.2014, 16:56   #8
Machiavelli
 
Interpol Virus - Standard

Interpol Virus


Zitat:
Was würdest Du machen ???
Bereinigen.

Du kannst Dir eine iso vom Internet downloaden und auf eine CD brennen. Willst Du jetzt Neuaufsetzen oder bereinigen?
__________________
Proud member of Unite

Alt 17.12.2014, 20:33   #9
Schwencky
 
Interpol Virus - Standard

Interpol Virus


Hallo Machiavelli,

soll Dir erst mal schönen Dank von der Laptop-Besitzerin sagen, dass es wieder läuft.
Habe Sie gefragt, was sie möchte und sie ist für ein Neuaufsetzen des Laptops.
Wir wollen es am Wochenende zusammen machen ( Sie und ich ).

Vielen Dank
Mit freundlichen Grüßen
Schwencky ( Andreas )

Alt 17.12.2014, 20:46   #10
Machiavelli
 
Interpol Virus - Standard

Interpol Virus


Roger
__________________
Proud member of Unite

Antwort

Themen zu Interpol Virus
acer, acer aspire, autostart, bootmgr, desktop, euro, explorer, explorer.exe, file, home, i8042prt.sys, installation, laptop, microsoft, netzwerk, registry, scan, security, seite, service.exe, services.exe, siteadvisor, svchost.exe, system32, usbvideo.sys, virus, windows, winlogon.exe


« Windows7 Antivir Pro zeigt Rogue.kdv 891789 | Win7 | Scheinbar unsichtbare, überlappende Fenster verhindern Eingabe »


Ähnliche Themen: Interpol Virus


  1. Interpol Virus
    Log-Analyse und Auswertung - 02.03.2015 (22)
  2. Interpol Virus
    Plagegeister aller Art und deren Bekämpfung - 25.01.2015 (3)
  3. Interpol Virus
    Plagegeister aller Art und deren Bekämpfung - 09.01.2015 (11)
  4. Interpol Virus
    Log-Analyse und Auswertung - 02.11.2014 (51)
  5. Interpol Virus / Bin ich infiziert?
    Plagegeister aller Art und deren Bekämpfung - 11.04.2014 (7)
  6. Interpol hat zugeschlagen! Interpol Troyaner/Virus legt Rechner Lahm!
    Log-Analyse und Auswertung - 30.03.2014 (7)
  7. Interpol Virus
    Plagegeister aller Art und deren Bekämpfung - 21.02.2014 (18)
  8. Interpol Virus
    Plagegeister aller Art und deren Bekämpfung - 08.02.2014 (3)
  9. Bundespolizei-GVU-Interpol Virus
    Log-Analyse und Auswertung - 23.12.2013 (7)
  10. Interpol Virus eingefangen
    Log-Analyse und Auswertung - 17.12.2013 (11)
  11. Interpol Virus
    Plagegeister aller Art und deren Bekämpfung - 08.11.2013 (5)
  12. Interpol BKA virus Win 7
    Log-Analyse und Auswertung - 03.11.2013 (3)
  13. Interpol Virus
    Log-Analyse und Auswertung - 22.10.2013 (3)
  14. Interpol-Virus
    Log-Analyse und Auswertung - 10.10.2013 (9)
  15. Interpol Virus
    Plagegeister aller Art und deren Bekämpfung - 26.09.2013 (16)
  16. Interpol Computersperre Virus
    Plagegeister aller Art und deren Bekämpfung - 12.09.2013 (3)
  17. Interpol Virus eingefangen
    Log-Analyse und Auswertung - 08.09.2013 (27)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Interpol Virus - Hallo, habe von einer Freundin meiner Frau ein Acer Aspire One, die sich den Interpol Virus eingefangen hat. Das Laptop fährt normal hoch und dann kommt sofort die Interpol Seite - Interpol Virus...
Archiv
Du betrachtest: Interpol Virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19