Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Computer gesperrt durch Interpol Trojaner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 01.04.2014, 13:05   #1
Hakan232
 
Computer gesperrt durch Interpol Trojaner - Standard

Computer gesperrt durch Interpol Trojaner



Hallo Community,
Ich habe folgendes Problem. Mein Computer ist durch einen Interpol Trojaner gesperrt und ich kann nicht drauf zugreifen. Ich habe FRST schon gestartet und brauche nun weitere Anweisungen wie ich vorzugehen habe. Mein Computer hat mir folgendes beim Durchlaufen von FRST.exe als Notepad hinterlassen.
Zitat:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by SYSTEM on MININT-RHVMMLQ on 01-04-2014 12:49:19
Running from J:\
Windows 7 Home Premium (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9288296 2010-06-14] (Realtek Semiconductor)
HKLM\...\Run: [BullGuard] - C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe [2074424 2011-03-09] (BullGuard Ltd.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-28] ()
HKLM\...\Run: [SSDMonitor] - C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe [103896 2012-02-03] (PC Tools)
HKLM\...\Run: [RMAlert] - C:\Program Files\PC Tools Registry Mechanic\Alert.exe [1018328 2012-02-03] (PC Tools)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-24] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-01] (Apple Inc.)
HKLM\...\Run: [mobilegeni daemon] - C:\Program Files\Mobogenie\DaemonProcess.exe [761536 2013-12-25] ()
HKLM\...\Run: [BService] - C:\Program Files\Bench\BService\bservice.exe [49664 2014-03-03] ()
HKLM\...\Run: [Wd] - C:\Program Files\Bench\Wd\wd.exe [60416 2014-03-03] ()
HKLM\...\Runonce: [Savings Wizard-repairJob] - wscript.exe "C:\Users\vural\AppData\Local\Savings Wizard\repair.js" "Savings Wizard-repairJob"
HKU\Default\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] ()
HKU\Default\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-22] ()
HKU\Default User\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] ()
HKU\Default User\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-22] ()
HKU\Gast\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-03-09] (Google Inc.)
HKU\Gast\...\Run: [EPSON SX125 Series] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE [200704 2009-09-13] (SEIKO EPSON CORPORATION)
HKU\UpdatusUser\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] ()
HKU\UpdatusUser\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-22] ()
HKU\UpdatusUser.vural-PC\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] ()
HKU\UpdatusUser.vural-PC\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-22] ()
HKU\vural\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation)
HKU\vural\...\Run: [Registry Reviver] - C:\Program Files\Reviversoft\Registry Reviver\RegistryReviver.exe [20231288 2012-11-16] (ReviverSoft LLC)
HKU\vural\...\Run: [EPSON SX125 Series] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE [200704 2009-09-13] (SEIKO EPSON CORPORATION)
HKU\vural\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-03-09] (Google Inc.)
HKU\vural\...\Run: [Akamai NetSession Interface] - C:\Users\vural\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-04] (Akamai Technologies, Inc.)
HKU\vural\...\Run: [Optimizer Pro] - C:\Program Files\Optimizer Pro\OptProLauncher.exe [81952 2012-10-30] (PC Utilities Pro)
HKU\vural\...\Run: [Yontoo Desktop] - C:\Users\vural\AppData\Roaming\Yontoo\YontooDesktop.exe [42784 2013-01-31] (Yontoo LLC)
HKU\vural\...\Run: [Browser Infrastructure Helper] - C:\Users\vural\AppData\Local\Smartbar\Application\QuickShare.exe [20248 2013-05-12] (Smartbar)
HKU\vural\...\Run: [NextLive] - C:\Windows\system32\rundll32.exe "C:\Users\vural\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKU\vural\...\Run: [Esun] - C:\Users\vural\AppData\Local\Temp\Owyr\esun.exe [497664 2011-03-13] (Ashkon Technology L.L.C.) <===== ATTENTION
HKU\vural\...\Run: [lollipop_04010844] - c:\users\vural\appdata\local\lollipop\lollipop_04010844.exe [3952640 2014-04-01] (ensauvons)
Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e398vd.lnk
ShortcutTarget: e398vd.lnk -> C:\ProgramData\dv893e.gsa ()
Startup: C:\Users\vural\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e398vd.lnk
ShortcutTarget: e398vd.lnk -> C:\ProgramData\dv893e.gsa ()
Startup: C:\Users\vural\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PricePeepUpdater.lnk
ShortcutTarget: PricePeepUpdater.lnk -> C:\Program Files\PricePeep\PricePeepUpdater.exe ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

========================== Services (Whitelisted) =================

S3 BgRaSvc; C:\Program Files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe [122760 2010-08-19] (BullGuard Ltd.)
S2 BsBrowser; C:\Program Files\BullGuard Ltd\BullGuard\BsBrowser.dll [58248 2010-08-19] (BullGuard Ltd.)
S2 BsFileScan; C:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll [272216 2011-03-09] (BullGuard Ltd.)
S2 BsMailProxy; C:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll [175496 2011-03-09] (BullGuard Ltd.)
S2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll [171136 2011-03-09] (BullGuard Ltd.)
S3 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [305032 2011-03-09] (BullGuard Ltd.)
S2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [331096 2012-05-26] (BullGuard Ltd.)
S2 EPSON_EB_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [153600 2009-09-13] (SEIKO EPSON CORPORATION)
S2 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [121856 2009-09-13] (SEIKO EPSON CORPORATION)
S2 IB Updater; C:\Program Files\IB Updater\ExtensionUpdaterService.exe [188760 2013-01-29] ()
S2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1527600 2014-02-04] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-15] (McAfee, Inc.)
S2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [3791872 2010-10-19] (Native Instruments GmbH)
S3 npggsvc; C:\Windows\system32\GameMon.des [4159984 2010-12-07] (INCA Internet Co., Ltd.)
S2 PCToolsSSDMonitorSvc; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [793048 2012-02-03] (PC Tools)
S2 Re-markit; C:\Program Files\Re-markit\Re-markit155.exe [182272 2014-02-19] ()
S2 Winmgmt; C:\ProgramData\dv893e.gsa [110592 2014-03-22] ()
S2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [499856 2014-01-05] (Cherished Technololgy LIMITED)

==================== Drivers (Whitelisted) ====================

S0 687878f5c2d8deab; C:\Windows\System32\Drivers\687878f5c2d8deab.sys [56832 2014-03-21] () <===== ATTENTION Necurs Rootkit?
S1 BdSpy; C:\Windows\System32\DRIVERS\BdSpy.sys [58592 2011-03-09] (BullGuard Ltd.)
S3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [64904 2010-04-27] (Renesas Electronics Corporation)
S3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [146568 2010-04-27] (Renesas Electronics Corporation)
S3 Profos; C:\program files\bullguard ltd\bullguard\antirootkit\profos.sys [14720 2010-07-08] (BitDefender S.R.L.)
S3 RL_DJIFIE2_MIDI; C:\Windows\System32\drivers\rldjif2m.sys [25088 2009-04-16] (Ploytec GmbH)
S3 RL_DJIFIE2_USB; C:\Windows\System32\Drivers\rldjif2u.sys [371200 2009-04-16] (Ploytec GmbH)
S3 RL_DJIFIE2_WDM; C:\Windows\System32\drivers\rldjif2a.sys [33792 2009-04-16] (Ploytec GmbH)
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\Drivers\687878f5c2d8deab.sys A2F2B24BD6FA13095C319F7F61C21D2F
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 9EBBBA55060F786F0FCAA3893BFA2806
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 51610B74A9A1D84DC86FCE1019BEAFF4
C:\Windows\System32\DRIVERS\atikmpag.sys CD1D86AB81EECE67D7BD6F7EF9786CCC
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D320BF87125326F996D4904FE24300FC
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 46387FB17B086D16DEA267D5BE23A2F2
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\system32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\drivers\AtiHdmi.sys 8DF873D0587596C1D35A9CECECC61DA1
C:\Windows\system32\DRIVERS\bxvbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\BdSpy.sys BD53DE6AC86263E3EAC616A697FD8032
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 247B4CE2DAB1160CD422D532D5241E1F
C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\evbdx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legitB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 185ADA973B5020655CEE342059A86CBB
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys A5EF29D5315111C80A5C1ABAD14C8972
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys 26541A068572F650A2FA490726FE81BE
C:\Windows\system32\drivers\iaStorV.sys 5CD5F9A5444E6CDCB0AC89BD62D8B76E
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHDA.sys 4BE85CF5831A41104C2DDED55FBC3565
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys B7895B4182C0D16F6EFADEB8081E8D36
C:\Windows\System32\Drivers\ksecpkg.sys D30159AC9237519FBC62C6EC247D2D46
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys 5D16C921E3671636C0EBA3BBAAC5FD25
C:\Windows\System32\DRIVERS\mrxsmb10.sys 6D17A4791ACA19328C685D256349FEFC
C:\Windows\System32\DRIVERS\mrxsmb20.sys B81F204D146000BE76651A50670A5E9E
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 8C9C922D71F1CD4DEF73F186416B7896
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netaapl.sys 1352E1648213551923A0A822E441553C
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 0D87503986BB3DFED58E343FE39DDE13
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nusb3hub.sys 03AD379554B50FA1802BE4EC2E291E92
C:\Windows\System32\DRIVERS\nusb3xhc.sys 06FE87C9D181AF5F04D192E604E10E6C
C:\Windows\System32\drivers\nvhda32v.sys A0A9E53B4AAC3C6534A063ABA69BC19F
C:\Windows\System32\DRIVERS\nvlddmkm.sys B69E6F70CE1151C8D62ABC9DEF64DFBE
C:\Windows\system32\drivers\nvraid.sys B3E25EE28883877076E0E1FF877D02E0
C:\Windows\system32\drivers\nvstor.sys 4380E59A170D88C4F1022EFF6719A8A4
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B
C:\Windows\system32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\program files\bullguard ltd\bullguard\antirootkit\profos.sys DE11F5C3E9BDA993B65E1518D46BC438
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys F031683E6D1FEA157ABB2FF260B51E61
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\drivers\rldjif2m.sys 10490E0F1C2351AB1299DC6FF5810087
C:\Windows\System32\Drivers\rldjif2u.sys 9FB0CE7F7FED0DFEDC387A05DA8C0FA9
C:\Windows\System32\drivers\rldjif2a.sys CE77B94B7DFCF79EA45F8DFFF44B2612
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt86win7.sys 0516998076AD894AE7E362C3110AA071
C:\Windows\System32\DRIVERS\RTL8192su.sys 51ADEF77E4C929535FD50DA153774E79
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Sftfslh.sys D9B734638DD8DBA9D59AAD3189CD0FAD
C:\Windows\System32\DRIVERS\Sftplaylh.sys 2F61BD46C0BFF4EB36E1E359CA17BFC5
C:\Windows\System32\DRIVERS\Sftredirlh.sys 518BAC0179F94304F422696B47C0EC12
C:\Windows\System32\DRIVERS\Sftvollh.sys 747325236D88B3F05FFD27FF9EC711C5
C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys E4C2764065D66EA1D2D3EBC28FE99C46
C:\Windows\System32\DRIVERS\srv2.sys 03F0545BD8D4C77FA0AE1CEEDFCC71AB
C:\Windows\System32\DRIVERS\srvnet.sys BE6BD660CAA6F291AE06A718A4FA8ABC
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys E23A56F843E2AEBBB209D0ACCA73C640
C:\Windows\System32\DRIVERS\tcpip.sys E23A56F843E2AEBBB209D0ACCA73C640
C:\Windows\System32\drivers\tcpipreg.sys 3EEBD3BD93DA46A26E89893C7AB2FF3B
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl.sys 8BF5D980CDCE35FB26F05047144BB57E
C:\Windows\system32\drivers\usbaudio.sys 1D9F2BD026E8E2D45033A4DF3F16B78C
C:\Windows\System32\DRIVERS\usbccgp.sys BD9C55D7023C5DE374507ACC7A14E2AC
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbehci.sys F92DE757E4B7CE9C07C5E65423F3AE3B
C:\Windows\System32\DRIVERS\usbhub.sys 8DC94AEC6A7E644A06135AE7506DC2E9
C:\Windows\system32\drivers\usbohci.sys E185D44FAC515A18D9DEDDC23C2CDF44
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS F991AB9CC6B908DB552166768176896A
C:\Windows\system32\drivers\usbuhci.sys 68DF884CF41CDADA664BEB01DAF67E3D
C:\Windows\System32\Drivers\usbvideo.sys 45F4E7BF43DB40A6C6B4D92C76CBC3F2
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viac7.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys 7090D3436EEB4E7DA3373090A23448F7
C:\Windows\System32\DRIVERS\vwifimp.sys A3F04CBEA6C2A10E6CB01F8B47611882
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys A840213F1ACDCC175B4D1D5AAEAC0D7A
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys A67E5F9A400F3BD1BE3D80613B45F708
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-01 12:48 - 2014-04-01 12:49 - 00000000 ____D () C:\FRST
2014-03-23 07:39 - 2014-03-23 07:39 - 00000000 ____D () C:\Program Files\MediaWatchV1
2014-03-22 03:47 - 2014-03-22 03:48 - 95027928 ____T () C:\ProgramData\e398vd.bbr
2014-03-22 03:47 - 2014-03-22 03:47 - 00110592 _____ () C:\ProgramData\dv893e.gsa
2014-03-21 06:48 - 2014-03-21 06:48 - 00056832 _____ () C:\Windows\System32\Drivers\687878f5c2d8deab.sys
2014-03-10 09:38 - 2014-03-10 09:38 - 00159808 _____ () C:\Windows\Minidump\031014-16489-01.dmp
2014-03-05 00:29 - 2014-03-05 00:29 - 00000000 ____D () C:\Windows\System32\jmdp

==================== One Month Modified Files and Folders =======

2014-04-01 12:49 - 2014-04-01 12:48 - 00000000 ____D () C:\FRST
2014-04-01 02:43 - 2014-01-05 09:22 - 00013264 _____ () C:\Users\vural\daemonprocess.txt
2014-04-01 02:38 - 2009-07-13 20:34 - 00009696 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-01 02:38 - 2009-07-13 20:34 - 00009696 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-01 02:33 - 2013-04-14 17:06 - 00000000 ____D () C:\users\UpdatusUser.vural-PC
2014-04-01 02:32 - 2011-03-10 05:04 - 00000000 ____D () C:\Users\vural\Tracing
2014-04-01 02:32 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\System32\LogFiles
2014-04-01 02:31 - 2009-07-13 20:39 - 00198226 _____ () C:\Windows\setupact.log
2014-04-01 02:30 - 2013-01-10 07:17 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-01 01:53 - 2014-02-10 06:06 - 00000606 _____ () C:\Users\Gast\daemonprocess.txt
2014-04-01 00:47 - 2014-01-05 09:19 - 00000000 ____D () C:\Users\vural\AppData\Local\Lollipop
2014-04-01 00:38 - 2014-01-05 09:22 - 00000000 ____D () C:\Users\vural\AppData\Roaming\newnext.me
2014-04-01 00:38 - 2013-02-03 02:14 - 00000000 ____D () C:\Users\vural\AppData\Roaming\Yontoo
2014-03-25 04:18 - 2010-08-30 01:48 - 00202758 _____ () C:\Windows\PFRO.log
2014-03-23 07:55 - 2014-01-05 09:24 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-03-23 07:40 - 2014-01-05 09:23 - 00000522 _____ () C:\extensions.ini
2014-03-23 07:39 - 2014-03-23 07:39 - 00000000 ____D () C:\Program Files\MediaWatchV1
2014-03-22 03:53 - 2011-04-02 23:53 - 00000000 ____D () C:\Users\Gast\AppData\Local\VirtualStore
2014-03-22 03:49 - 2011-03-09 12:04 - 00000000 ____D () C:\Users\vural\AppData\Local\VirtualStore
2014-03-22 03:48 - 2014-03-22 03:47 - 95027928 ____T () C:\ProgramData\e398vd.bbr
2014-03-22 03:47 - 2014-03-22 03:47 - 00110592 _____ () C:\ProgramData\dv893e.gsa
2014-03-22 03:44 - 2011-04-02 23:52 - 00000000 ____D () C:\users\Gast
2014-03-21 06:48 - 2014-03-21 06:48 - 00056832 _____ () C:\Windows\System32\Drivers\687878f5c2d8deab.sys
2014-03-20 21:55 - 2011-03-09 10:28 - 01940874 _____ () C:\Windows\WindowsUpdate.log
2014-03-20 07:43 - 2010-08-27 16:49 - 01648918 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-03-20 07:42 - 2014-01-04 18:23 - 00478237 _____ () C:\Windows\IE11_main.log
2014-03-20 07:41 - 2013-08-16 17:00 - 00471585 _____ () C:\Windows\IE10_main.log
2014-03-16 03:07 - 2014-02-27 08:07 - 00000000 ____D () C:\Program Files\MediaViewV1
2014-03-15 09:34 - 2011-03-09 11:38 - 00002333 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-14 09:38 - 2012-04-08 05:38 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-13 21:06 - 2010-08-30 08:46 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-10 19:37 - 2011-03-09 12:04 - 00000000 ____D () C:\users\vural
2014-03-10 09:38 - 2014-03-10 09:38 - 00159808 _____ () C:\Windows\Minidump\031014-16489-01.dmp
2014-03-10 09:38 - 2012-04-10 02:04 - 436694275 _____ () C:\Windows\MEMORY.DMP
2014-03-10 09:38 - 2012-04-10 02:04 - 00000000 ____D () C:\Windows\Minidump
2014-03-05 00:29 - 2014-03-05 00:29 - 00000000 ____D () C:\Windows\System32\jmdp
2014-03-05 00:29 - 2012-12-17 03:52 - 00000000 ____D () C:\Windows\System32\WNLT
2014-03-05 00:29 - 2012-12-17 03:52 - 00000000 ____D () C:\Windows\System32\ARFC
2014-03-04 05:49 - 2014-01-05 09:24 - 00000000 ____D () C:\Users\vural\AppData\Local\Savings Wizard
2014-03-04 05:49 - 2014-01-05 09:24 - 00000000 ____D () C:\Program Files\Savings Wizard
2014-03-04 05:49 - 2014-01-05 09:24 - 00000000 ____D () C:\Program Files\Bench

Files to move or delete:
====================
C:\Users\vural\AppData\Local\Temp\Owyr\esun.exe
C:\Users\vural\War_Rock_20100921.exe


Some content of TEMP:
====================
C:\Users\vural\AppData\Local\Temp\appinstall.exe
C:\Users\vural\AppData\Local\Temp\cci.exe
C:\Users\vural\AppData\Local\Temp\contentDATs.exe
C:\Users\vural\AppData\Local\Temp\DivXSetup.exe
C:\Users\vural\AppData\Local\Temp\DivXWebPlayerInstaller.exe
C:\Users\vural\AppData\Local\Temp\dlLogic.exe
C:\Users\vural\AppData\Local\Temp\EnableExtDll.dll
C:\Users\vural\AppData\Local\Temp\ffunzip.exe
C:\Users\vural\AppData\Local\Temp\GLFF9ED.tmp.ConduitEngineSetup.exe
C:\Users\vural\AppData\Local\Temp\installhelper.dll
C:\Users\vural\AppData\Local\Temp\NGM.exe
C:\Users\vural\AppData\Local\Temp\NGMDll.dll
C:\Users\vural\AppData\Local\Temp\NGMResource.dll
C:\Users\vural\AppData\Local\Temp\NGMSetup.exe
C:\Users\vural\AppData\Local\Temp\nvStInst.exe
C:\Users\vural\AppData\Local\Temp\prxGLFF9ED.tmp.tbDVDV.dll
C:\Users\vural\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\vural\AppData\Local\Temp\setapp.exe
C:\Users\vural\AppData\Local\Temp\Setup-a.exe
C:\Users\vural\AppData\Local\Temp\Setup.exe
C:\Users\vural\AppData\Local\Temp\Setup1.exe
C:\Users\vural\AppData\Local\Temp\Setup2.exe
C:\Users\vural\AppData\Local\Temp\SmartbarExeInstaller.exe
C:\Users\vural\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\vural\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\vural\AppData\Local\Temp\tbXfir.dll
C:\Users\vural\AppData\Local\Temp\unicows.dll
C:\Users\vural\AppData\Local\Temp\uninst1.exe
C:\Users\vural\AppData\Local\Temp\YontooSetup-S.exe
C:\Users\vural\AppData\Local\Temp\_ReMarkit_up.exe


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2014-03-10 18:00:29
Restore point made on: 2014-03-12 13:44:37
Restore point made on: 2014-03-13 01:04:49
Restore point made on: 2014-03-13 21:15:21
Restore point made on: 2014-03-14 09:36:46
Restore point made on: 2014-03-16 02:50:13
Restore point made on: 2014-03-16 03:10:05
Restore point made on: 2014-03-17 03:36:21
Restore point made on: 2014-03-18 05:01:49
Restore point made on: 2014-03-19 02:47:11
Restore point made on: 2014-03-19 03:34:05
Restore point made on: 2014-03-20 07:39:19
Restore point made on: 2014-03-21 07:07:14
Restore point made on: 2014-03-23 10:00:40
Restore point made on: 2014-04-01 01:07:31

==================== BCD ================================

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=Y:
description Windows Boot Manager
locale de-DE
inherit {globalsettings}
default {default}
resumeobject {a54ddbe0-4a59-11e0-9d42-99d6980d1538}
displayorder {default}
toolsdisplayorder {memdiag}
timeout 30

Windows Boot Loader
-------------------
identifier {default}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale de-DE
inherit {bootloadersettings}
recoverysequence {current}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {a54ddbe0-4a59-11e0-9d42-99d6980d1538}
nx OptIn

Windows Boot Loader
-------------------
identifier {current}
device ramdisk=[C:]\Recovery\a54ddbe2-4a59-11e0-9d42-99d6980d1538\Winre.wim,{a54ddbe3-4a59-11e0-9d42-99d6980d1538}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\a54ddbe2-4a59-11e0-9d42-99d6980d1538\Winre.wim,{a54ddbe3-4a59-11e0-9d42-99d6980d1538}
systemroot \windows
nx OptIn
winpe Yes

Resume from Hibernate
---------------------
identifier {a54ddbe0-4a59-11e0-9d42-99d6980d1538}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale de-DE
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
pae Yes
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=Y:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale de-DE
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {a54ddbe3-4a59-11e0-9d42-99d6980d1538}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\a54ddbe2-4a59-11e0-9d42-99d6980d1538\boot.sdi


==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 4023.11 MB
Available physical RAM: 3485.85 MB
Total Pagefile: 4021.39 MB
Available Pagefile: 3486.83 MB
Total Virtual: 2047.88 MB
Available Virtual: 1940.26 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:1356.17 GB) (Free:1239.83 GB) NTFS
Drive e: (Recover) (Fixed) (Total:40 GB) (Free:0 GB) NTFS
Drive j: (TOSHIBA) (Removable) (Total:14.43 GB) (Free:14.43 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1397 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=-742852132864) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

========================================================
Disk: 4 (Size: 14 GB) (Disk ID: 5D9E4594)
Partition 1: (Not Active) - (Size=14 GB) - (Type=0B)


LastRegBack: 2014-03-10 07:09

==================== End Of Log ============================
Vielen Dank schon mal im Vorraus.!!

Alt 01.04.2014, 13:16   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Computer gesperrt durch Interpol Trojaner - Standard

Computer gesperrt durch Interpol Trojaner



hi,

Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e398vd.lnk
ShortcutTarget: e398vd.lnk -> C:\ProgramData\dv893e.gsa ()
Startup: C:\Users\vural\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e398vd.lnk
ShortcutTarget: e398vd.lnk -> C:\ProgramData\dv893e.gsa ()
S2 Winmgmt; C:\ProgramData\dv893e.gsa [110592 2014-03-22] ()
2014-03-22 03:47 - 2014-03-22 03:48 - 95027928 ____T () C:\ProgramData\e398vd.bbr
2014-03-22 03:47 - 2014-03-22 03:47 - 00110592 _____ () C:\ProgramData\dv893e.gsa
C:\Users\vural\AppData\Local\Temp\Owyr
         
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.


Rechner normal starten.

Wir sind aber dann noch nicht fertig!!
__________________

__________________

Antwort

Themen zu Computer gesperrt durch Interpol Trojaner
adobe, akamai, association, bootmgr, browser, computer, defender, desktop, dll, download, explorer, gesperrt, google, home, interpol trojaner hat pc gesperrt, minidump, nextlive, realtek, registry, rootkit, rundll, scan, security, services.exe, svchost.exe, system, temp, trojaner, usb, usbvideo.sys, winlogon.exe, wscript.exe



Ähnliche Themen: Computer gesperrt durch Interpol Trojaner


  1. Computer gesperrt durch GVU
    Plagegeister aller Art und deren Bekämpfung - 04.07.2015 (12)
  2. hp computer durch interpol Trojaner gesperrt
    Log-Analyse und Auswertung - 20.09.2014 (1)
  3. PC durch interpol Trojaner gesperrt
    Log-Analyse und Auswertung - 01.06.2014 (10)
  4. Computer wurde gesperrt laut interpol soll ich 100 Euro strafe zahlen
    Log-Analyse und Auswertung - 08.02.2014 (7)
  5. Computer gesperrt durch Trojaner - Interpol
    Log-Analyse und Auswertung - 07.10.2013 (15)
  6. PC durch "Interpol Trojaner" gesperrt
    Log-Analyse und Auswertung - 08.08.2013 (3)
  7. Computer gesperrt durch die GVU
    Log-Analyse und Auswertung - 29.05.2013 (8)
  8. computer gesperrt durch bundespolizei
    Plagegeister aller Art und deren Bekämpfung - 29.01.2013 (2)
  9. Bundestrojaner Variante: "Ihr Computer wurde gesperrt"; " Ihr Computer wurde durch das Speichern der autom. Informationskontrolle gesperrt"
    Log-Analyse und Auswertung - 25.11.2012 (10)
  10. Computer gesperrt durch Bundespolizei-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 28.10.2012 (19)
  11. Ihr Computer wurde von Interpol gesperrt da sich illegale Dateien darauf befinden sollen!
    Plagegeister aller Art und deren Bekämpfung - 18.10.2012 (20)
  12. Trojaner :Ihr Computer wurde durch das System der automatischen Informationskontrolle gesperrt
    Log-Analyse und Auswertung - 05.10.2012 (1)
  13. Computer gesperrt durch Bundespolizei
    Plagegeister aller Art und deren Bekämpfung - 04.10.2012 (35)
  14. Trojaner: "ihr Computer wurde durch das System der automatischen Informationskontrolle gesperrt"
    Plagegeister aller Art und deren Bekämpfung - 29.09.2012 (2)
  15. Computer komplett gesperrt durch GVU
    Plagegeister aller Art und deren Bekämpfung - 08.08.2012 (2)
  16. Ihr Computer wurde durch das System der automatischen Informationskontrolle gesperrt - Trojaner?!!
    Plagegeister aller Art und deren Bekämpfung - 05.08.2012 (2)
  17. Computer gesperrt durch BKA o.Ä. Trojaner, 100€ zahlen etc.
    Log-Analyse und Auswertung - 01.08.2012 (17)

Zum Thema Computer gesperrt durch Interpol Trojaner - Hallo Community, Ich habe folgendes Problem. Mein Computer ist durch einen Interpol Trojaner gesperrt und ich kann nicht drauf zugreifen. Ich habe FRST schon gestartet und brauche nun weitere Anweisungen - Computer gesperrt durch Interpol Trojaner...
Archiv
Du betrachtest: Computer gesperrt durch Interpol Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.