| |
| |||||||
Log-Analyse und Auswertung: Paysafecard Trojaner(GVU,Interpol,BKA)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
19.07.2013, 07:22
| #1 |
| |  Paysafecard Trojaner(GVU,Interpol,BKA) Hallo Zusammen, ich habe es auch geschafft: Mein Laptop ist befallen. Im Betrieb kam irgendwann eine Warnung mit den genannten Stellen als "Absender" und Frau Merkel im Kopfbereich der Seite. Hochfahren im abgesicherten Modus ist nicht möglich, da der PC gleich wieder runterfährt und normal hochfährt(und dann eben nur diese "Warnung" anzeigt). Nachdem ich auf eure Seite stieß, hab ich mit Farbars Recovery gescannt und folgende Datei erhalten. Ich hoffe, mir ist noch zu helfen und jemand nimmt sich dieser Aufgabe freundlicherweise an. Zur Info: Ich wollte mein Betriebssystem im Sommer(also bald...) neu auflegen. Vielleicht habt ihr dafür dann gleich Tips, bzw evtl. ändert es ja das weitere Vorgehen... Jetzt schon mal: Dankeschön für eure Mühen! Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-07-2013 02
Ran by SYSTEM on 18-07-2013 16:01:31
Running from H:\
Windows 7 Professional (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.
==================== Registry (Whitelisted) ==================
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [ 2009-07-14] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [ 2009-07-14] (Microsoft Corporation)
Cisco Systems, Inc.)
HKLM\...\RunOnce: [*Restore] - C:\Windows\system32\rstrui.exe /RUNONCE [262656 2010-11-20] (Microsoft Corporation)
Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3050A J611 series (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 3050A J611 series (Netzwerk).lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\bin\HPStatusBL.dll (Hewlett-Packard Co.)
========================== Services (Whitelisted) =================
S2 N360; C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\diMaster.dll [556336 2013-05-30] (Symantec Corporation)
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe [229458 2010-03-23] (IDT, Inc.)
S2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [555408 2013-03-26] (Cisco Systems, Inc.)
==================== Drivers (Whitelisted) ====================
S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [92112 2013-03-26] (Cisco Systems, Inc.)
S1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20130531.001\BHDrvx86.sys [1002072 2013-05-31] (Symantec Corporation)
S1 ccSet_N360; C:\Windows\system32\drivers\N360\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-11-15] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-11-15] (Symantec Corporation)
S1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20130620.001\IDSvix86.sys [386720 2012-11-15] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130620.023\NAVENG.SYS [93272 2013-05-26] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130620.023\NAVEX15.SYS [1611992 2013-05-26] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\N360\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\N360\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\N360\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\N360\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-20] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\N360\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\N360\1404000.028\SYMNETS.SYS [339544 2013-04-25] (Symantec Corporation)
========================== Drivers MD5 =======================
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Accelerometer.sys CC1F1D3D70DC13C2C281488D347D4415
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\acsock.sys 9BC0D1B4D9CCEC2DC9F010E466738A38
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 9EBBBA55060F786F0FCAA3893BFA2806
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D320BF87125326F996D4904FE24300FC
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 46387FB17B086D16DEA267D5BE23A2F2
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bxvbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20130531.001\BHDrvx86.sys 6C6AC7CA8A034C15C52B35189BAD58EE
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\BrSerId.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\BthEnum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BTHport.sys 1153DE2E4F5941E10C399CB5592F78A1
C:\Windows\System32\Drivers\BTHUSB.sys C81E9413A25A439F436B1D4B6A0CF9E9
C:\Windows\system32\drivers\N360\1404000.028\ccSetx86.sys 3BEE52611F22C9C0023A98A4425E084F
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 42F158036BD4C2FF3122BF142E60E6FD
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 16498EBC04AE9DD07049A8884B205C05
C:\Windows\system32\DRIVERS\evbdx.sys ==> MD5 is legit
C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 85B8B4032A895A746D46A288A9B30DED
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys B5A8A04A6E5B4E86B95B1553AA918F5F
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legitB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05
C:\Windows\System32\DRIVERS\fvevol.sys E306A24D9694C724FA2491278BF50FDB
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys A5EF29D5315111C80A5C1ABAD14C8972
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hpdskflt.sys 4EF10B866C62ABBEAF7511CDD05A19BE
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys 5CD5F9A5444E6CDCB0AC89BD62D8B76E
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20130620.001\IDSvix86.sys 404FB2AAF532BC7BBACC8880BE401C74
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys B7895B4182C0D16F6EFADEB8081E8D36
C:\Windows\System32\Drivers\ksecpkg.sys 5FE1ABF1AF591A3458C9CF24ED9A4D35
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys 5D16C921E3671636C0EBA3BBAAC5FD25
C:\Windows\System32\DRIVERS\mrxsmb10.sys 6D17A4791ACA19328C685D256349FEFC
C:\Windows\System32\DRIVERS\mrxsmb20.sys B81F204D146000BE76651A50670A5E9E
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130620.023\NAVENG.SYS CE2156DF796D41614AB60E68D107D573
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130620.023\NAVEX15.SYS 19CEB8F4EC8C800A53D0B67E658E0367
C:\Windows\System32\drivers\ndis.sys 8C9C922D71F1CD4DEF73F186416B7896
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NETw5s32.sys 5B2DFA9C5C02DDF2A113CC0F551B59DF
C:\Windows\System32\DRIVERS\netw5v32.sys 58218EC6B61B1169CF54AAB0D00F5FE2
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 5E43D2B0EE64123D4880DFA6626DEFDE
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvlddmkm.sys 24000B817CC84AC1555F41929879AF5A
C:\Windows\system32\drivers\nvraid.sys B3E25EE28883877076E0E1FF877D02E0
C:\Windows\system32\drivers\nvstor.sys 4380E59A170D88C4F1022EFF6719A8A4
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B
C:\Windows\system32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\point32.sys 60A044879C4FA76314494F5FDDC43B93
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 65375DF758CA1872AB7EBBBA457FD5E6
C:\Windows\System32\Drivers\RDPWD.sys F031683E6D1FEA157ABB2FF260B51E61
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys CB928D9E6DAF51879DD6BA8D02F01321
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt86win7.sys 3983CEA05BB855351D75F5482B6C42CE
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\system32\drivers\sdbus.sys 0328BE1C7F1CBA23848179F8762E391C
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\N360\1404000.028\SRTSP.SYS C743E384E9EFCA10B41C60D406DE39C0
C:\Windows\system32\drivers\N360\1404000.028\SRTSPX.SYS FE9BD381778A344F0E39AE2D5E607D7F
C:\Windows\System32\DRIVERS\srv.sys E4C2764065D66EA1D2D3EBC28FE99C46
C:\Windows\System32\DRIVERS\srv2.sys 03F0545BD8D4C77FA0AE1CEEDFCC71AB
C:\Windows\System32\DRIVERS\srvnet.sys BE6BD660CAA6F291AE06A718A4FA8ABC
C:\Windows\System32\DRIVERS\sscdbus.sys D5DFFEAA1E15D4EFFABB9D9A3068AC5B
C:\Windows\System32\DRIVERS\sscdmdfl.sys 1C925BE223A5C0F9F469252292A48DF6
C:\Windows\System32\DRIVERS\sscdmdm.sys AE3E77AE0FBDB07EB1AC3FED74A0695E
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\stwrt.sys DADB74BF26766757DBBA9C5912969EBF
C:\Windows\System32\DRIVERS\serscan.sys EDB05BD63148796F23EA78506404A538
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\N360\1404000.028\SYMDS.SYS 5A193E5E0F0A776430E5D62A051C1E16
C:\Windows\System32\drivers\N360\1404000.028\SYMEFA.SYS 1773FB2920EBB3A8BAD0360618091470
C:\Windows\system32\Drivers\SYMEVENT.SYS F50D81D3E0C7A353F205562B89CD06D6
C:\Windows\system32\drivers\N360\1404000.028\Ironx86.SYS 8C9B9036E301A9965CF15BEC91C58A12
C:\Windows\System32\Drivers\N360\1404000.028\SYMNETS.SYS AF879C2A9DBF8529E1F8169B8BAC643C
C:\Windows\System32\DRIVERS\SynTP.sys 6DD49E1A5FA0F01824652F1A0A8866FB
C:\Windows\System32\drivers\tcpip.sys D32FDAC73FCD76B85389C39BC1087F2A
C:\Windows\System32\DRIVERS\tcpip.sys D32FDAC73FCD76B85389C39BC1087F2A
C:\Windows\System32\drivers\tcpipreg.sys 3EEBD3BD93DA46A26E89893C7AB2FF3B
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys 9CE253214ACAA5A7D323327D2055EFAA
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys BD9C55D7023C5DE374507ACC7A14E2AC
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys F92DE757E4B7CE9C07C5E65423F3AE3B
C:\Windows\System32\DRIVERS\usbhub.sys 8DC94AEC6A7E644A06135AE7506DC2E9
C:\Windows\system32\drivers\usbohci.sys E185D44FAC515A18D9DEDDC23C2CDF44
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 576096CCBC07E7C4EA4F5E6686D6888F
C:\Windows\System32\DRIVERS\USBSTOR.SYS F991AB9CC6B908DB552166768176896A
C:\Windows\System32\DRIVERS\usbuhci.sys 68DF884CF41CDADA664BEB01DAF67E3D
C:\Windows\System32\Drivers\usbvideo.sys 45F4E7BF43DB40A6C6B4D92C76CBC3F2
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viac7.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vpnva.sys EA39F36302DACBCDCDB113313718E768
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys 7090D3436EEB4E7DA3373090A23448F7
C:\Windows\System32\DRIVERS\vwifimp.sys A3F04CBEA6C2A10E6CB01F8B47611882
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys A840213F1ACDCC175B4D1D5AAEAC0D7A
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\winusb.sys A67E5F9A400F3BD1BE3D80613B45F708
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WSDPrint.sys 553F6CCD7C58EB98D4A8FBDAF283D7A9
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-18 16:00 - 2013-07-18 16:00 - 00000000 ____D C:\FRST
2013-07-16 13:26 - 2013-07-16 22:36 - 00000000 ____D C:\Users\Stefan\AppData\Local\Vidalia
2013-07-16 13:08 - 2013-07-16 13:08 - 00000000 ____D C:\Users\Stefan\AppData\Local\Mozilla
2013-07-06 18:33 - 2013-07-06 18:37 - 00000000 ____D C:\Users\Stefan\Desktop\Outlook
2013-07-06 18:33 - 2013-07-06 18:33 - 02509245 _____ C:\Users\Stefan\Desktop\Outlook.zip
2013-06-24 22:29 - 2013-06-24 22:29 - 00000000 ____D C:\Users\Stefan\Desktop\lp2
2013-06-24 22:27 - 2013-06-24 22:27 - 00000000 ____D C:\Users\Stefan\Desktop\Material
2013-06-24 22:24 - 2013-07-16 22:45 - 00000000 ___RD C:\Users\Stefan\Desktop\Shortcuts2
2013-06-20 21:42 - 2013-06-20 21:42 - 00000949 _____ C:\Users\Stefan\Desktop\EUKLID DynaGeo.lnk
2013-06-20 21:42 - 2013-06-20 21:42 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\DynaGeo
2013-06-20 21:42 - 2013-06-20 21:42 - 00000000 ____D C:\Users\Public\Documents\DynaGeo
2013-06-20 21:42 - 2013-06-20 21:42 - 00000000 ____D C:\Program Files\DynaGeo
==================== One Month Modified Files and Folders =======
2013-07-18 16:00 - 2013-07-18 16:00 - 00000000 ____D C:\FRST
2013-07-16 22:45 - 2013-06-24 22:24 - 00000000 ___RD C:\Users\Stefan\Desktop\Shortcuts2
2013-07-16 22:45 - 2013-01-31 11:14 - 00000000 ___RD C:\Program Files\Skype
2013-07-16 22:45 - 2013-01-31 11:14 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-07-16 22:45 - 2012-03-09 11:31 - 00000000 ____D C:\Users\Stefan\Downloads\Tor Browser
2013-07-16 22:45 - 2011-01-07 21:56 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\vlc
2013-07-16 22:45 - 2010-12-21 11:32 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-16 22:45 - 2010-12-20 20:47 - 00000000 ____D C:\Windows\System32\Macromed
2013-07-16 22:45 - 2010-12-19 21:44 - 00000000 ____D C:\Users\Stefan\AppData\Local\Microsoft Help
2013-07-16 22:45 - 2010-12-19 21:44 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-16 22:45 - 2010-12-19 21:30 - 00000000 ____D C:\ProgramData\Norton
2013-07-16 22:45 - 2010-12-19 14:23 - 00000000 ___RD C:\Users\Stefan\Desktop
2013-07-16 22:45 - 2010-12-19 14:23 - 00000000 ____D C:\users\Stefan
2013-07-16 22:45 - 2009-07-14 09:57 - 00000000 ____D C:\Windows\ShellNew
2013-07-16 22:45 - 2009-07-14 09:57 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-16 22:45 - 2009-07-14 05:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-16 22:45 - 2009-07-14 03:37 - 00000000 __RHD C:\Users\Public\Desktop
2013-07-16 22:45 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\wfp
2013-07-16 22:45 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\DriverStore
2013-07-16 22:45 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-07-16 22:44 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\registration
2013-07-16 22:44 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-16 22:42 - 2010-12-19 21:24 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\Skype
2013-07-16 22:41 - 2011-02-12 16:49 - 00000000 ____D C:\Users\Stefan\AppData\Local\Google
2013-07-16 22:41 - 2010-12-19 21:24 - 00000000 ____D C:\ProgramData\Skype
2013-07-16 22:40 - 2011-02-12 16:49 - 00000000 ____D C:\Program Files\Google
2013-07-16 22:36 - 2013-07-16 13:26 - 00000000 ____D C:\Users\Stefan\AppData\Local\Vidalia
2013-07-16 13:08 - 2013-07-16 13:08 - 00000000 ____D C:\Users\Stefan\AppData\Local\Mozilla
2013-07-16 13:08 - 2012-03-09 11:34 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\Mozilla
2013-07-06 18:37 - 2013-07-06 18:33 - 00000000 ____D C:\Users\Stefan\Desktop\Outlook
2013-07-06 18:33 - 2013-07-06 18:33 - 02509245 _____ C:\Users\Stefan\Desktop\Outlook.zip
2013-06-24 22:29 - 2013-06-24 22:29 - 00000000 ____D C:\Users\Stefan\Desktop\lp2
2013-06-24 22:27 - 2013-06-24 22:27 - 00000000 ____D C:\Users\Stefan\Desktop\Material
2013-06-21 18:47 - 2009-07-14 05:34 - 00015936 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-21 18:47 - 2009-07-14 05:34 - 00015936 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-21 18:44 - 2010-12-19 14:11 - 01942630 _____ C:\Windows\WindowsUpdate.log
2013-06-21 18:41 - 2012-10-29 13:25 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\Dropbox
2013-06-21 18:39 - 2010-12-19 14:28 - 02284216 _____ C:\Windows\PFRO.log
2013-06-21 18:39 - 2009-07-14 05:39 - 00134834 _____ C:\Windows\setupact.log
2013-06-20 21:42 - 2013-06-20 21:42 - 00000949 _____ C:\Users\Stefan\Desktop\EUKLID DynaGeo.lnk
2013-06-20 21:42 - 2013-06-20 21:42 - 00000000 ____D C:\Users\***\AppData\Roaming\DynaGeo
2013-06-20 21:42 - 2013-06-20 21:42 - 00000000 ____D C:\Users\Public\Documents\DynaGeo
2013-06-20 21:42 - 2013-06-20 21:42 - 00000000 ____D C:\Program Files\DynaGeo
2013-06-20 12:27 - 2012-11-16 15:13 - 00002417 _____ C:\Users\Public\Desktop\Norton 360.lnk
2013-06-20 12:27 - 2012-11-16 15:12 - 00000000 ____D C:\Windows\System32\Drivers\N360
2013-06-20 09:52 - 2012-11-16 15:13 - 00142496 _____ (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT.SYS
2013-06-20 09:52 - 2012-11-16 15:13 - 00007611 _____ C:\Windows\System32\Drivers\SYMEVENT.CAT
2013-06-18 22:10 - 2010-12-19 14:24 - 01498742 _____ C:\Windows\System32\PerfStringBackup.INI
Files to move or delete:
====================
C:\Users\*******\AppData\Roaming\cache.dat
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2013-05-27 01:18:48
Restore point made on: 2013-06-14 18:50:40
Restore point made on: 2013-06-21 18:50:15
Restore point made on: 2013-06-28 07:46:13
Restore point made on: 2013-07-13 22:54:02
==================== BCD ================================
Windows-Start-Manager
---------------------
Bezeichner {bootmgr}
device partition=C:
description Windows Boot Manager
locale de-DE
inherit {globalsettings}
default {default}
resumeobject {e1419c8f-0b70-11e0-81d5-a5442dc794e4}
displayorder {default}
toolsdisplayorder {memdiag}
timeout 30
Windows-Startladeprogramm
-------------------------
Bezeichner {default}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale de-DE
inherit {bootloadersettings}
recoverysequence {current}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {e1419c8f-0b70-11e0-81d5-a5442dc794e4}
nx OptIn
Windows-Startladeprogramm
-------------------------
Bezeichner {current}
device ramdisk=[C:]\Recovery\e1419c91-0b70-11e0-81d5-a5442dc794e4\Winre.wim,{e1419c92-0b70-11e0-81d5-a5442dc794e4}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\e1419c91-0b70-11e0-81d5-a5442dc794e4\Winre.wim,{e1419c92-0b70-11e0-81d5-a5442dc794e4}
systemroot \windows
nx OptIn
winpe Yes
Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner {e1419c8f-0b70-11e0-81d5-a5442dc794e4}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale de-DE
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
pae Yes
debugoptionenabled No
Windows-Speichertestprogramm
----------------------------
Bezeichner {memdiag}
device partition=C:
path \boot\memtest.exe
description Windows-Speicherdiagnose
locale de-DE
inherit {globalsettings}
badmemoryaccess Yes
EMS-Einstellungen
-----------------
Bezeichner {emssettings}
bootems Yes
Debuggereinstellungen
---------------------
Bezeichner {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200
RAM-Defekte
-----------
Bezeichner {badmemory}
Globale Einstellungen
---------------------
Bezeichner {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
Startladeprogramm-Einstellungen
-------------------------------
Bezeichner {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}
Hypervisoreinstellungen
-------------------
Bezeichner {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner {resumeloadersettings}
inherit {globalsettings}
Ger„teoptionen
--------------
Bezeichner {e1419c92-0b70-11e0-81d5-a5442dc794e4}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\e1419c91-0b70-11e0-81d5-a5442dc794e4\boot.sdi
==================== Memory info ===========================
Percentage of memory in use: 11%
Total physical RAM: 4063.21 MB
Available physical RAM: 3581.57 MB
Total Pagefile: 4061.48 MB
Available Pagefile: 3585.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 1930.94 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:157.41 GB) (Free:80.11 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (*** Platte) (Fixed) (Total:81.05 GB) (Free:14.11 GB) NTFS
Drive e: (*** Platte) (Fixed) (Total:49.03 GB) (Free:20.34 GB) NTFS
Drive f: (RECOVERY) (Fixed) (Total:10.6 GB) (Free:1.79 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive h: (STORE N GO) (Removable) (Total:7.2 GB) (Free:7.2 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 149FF503)
Partition 1: (Active) - (Size=157 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=49 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=81 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=11 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0C)
LastRegBack: 2013-07-04 18:44
==================== End Of Log ============================
|
| Themen zu Paysafecard Trojaner(GVU,Interpol,BKA) |
| agent, association, bootmgr, check, datei, desktop, explorer, explorer.exe, farbar recovery scan tool, farbars recovery, file, free, frst.txt, hdaudio.sys, i8042prt.sys, icon, laptop, log, microsoft, netzwerk, neu, nicht möglich, registry, secure, services.exe, svchost.exe, symantec, system32, trojaner, usbvideo.sys, warnung, windows xp, winlogon.exe |
Baum-Darstellung