GVU-Trojaner abgesicherter Modus in Win 7

marcy-ef · 28.04.2014, 18:46

Guten Abend zusammen,
auch ich habe leider diesen GVU Virus auf meinem Rechner.
Inzwischen habe ich wie im Forum hier beschrieben...Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8) auf nen USB Stick gezogen und den infizierten PC
gebootet.
Hoffe mir kann jemand hier helfen , wie es nun weitergeht.
Vielen Dank im Voraus
Gruss Marc

hier das logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2014
Ran by SYSTEM on MININT-97RO4M8 on 28-04-2014 18:48:24
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [15867936 2009-03-06] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] => C:\Windows\system32\NvMcTray.dll [82464 2009-03-06] (NVIDIA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1220392 2008-05-20] (Synaptics, Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-04-15] (Intel Corporation)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [229824 2013-10-09] (Trend Micro Inc.)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [317288 2009-05-26] (Sony Corporation)
HKLM-x32\...\Run: [AML] => C:\Program Files (x86)\Sony\VAIO Launcher\AML.exe [1101824 2009-07-15] (Sony)
HKLM-x32\...\Run: [SHTtray.exe] => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe [99624 2009-07-27] (Sony Corporation)
HKLM-x32\...\Run: [starter4g] => C:\Windows\starter4g.exe [157968 2009-06-17] (4G Systems GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310128 2013-02-13] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [TkBellExe] => c:\users\marcy\Update\realsched.exe [295512 2013-12-15] (RealNetworks, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SearchSettings] => C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe [1401152 2014-03-28] (Spigot, Inc.)
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-13] (Microsoft Corporation)
Winlogon\Notify\VESWinlogon-x32: VESWinlogon.dll [X]
HKU\Default\...\Run: [NSUFloatingUI] => C:\Program Files\Sony\Network Utility\LANUtil.exe [350640 2009-08-10] (Sony Corporation)
HKU\Default User\...\Run: [NSUFloatingUI] => C:\Program Files\Sony\Network Utility\LANUtil.exe [350640 2009-08-10] (Sony Corporation)
HKU\marcy\...\Run: [Me&My VAIO] => C:\Program Files (x86)\Sony\Me&My VAIO\MAMV.exe [8871936 2009-02-02] (Sony Corporation)
HKU\marcy\...\Run: [NSUFloatingUI] => C:\Program Files\Sony\Network Utility\LANUtil.exe [350640 2009-08-10] (Sony Corporation)
HKU\marcy\...\Run: [Advanced SystemCare 5] => "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
HKU\marcy\...\Run: [svñhîst] => %USERPROFILE%\wgsdgsdgdsgsd.exe
HKU\marcy\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-02-13] (Samsung)
HKU\marcy\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090040 2012-12-21] (Nokia)
HKU\marcy\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\marcy\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-01-23] (Google Inc.)
HKU\marcy\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
Startup: C:\Users\marcy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\g391rn.lnk
ShortcutTarget: g391rn.lnk -> C:\ProgramData\2992199F9A\nr193g.cpp (Microsoft Corporation)
Startup: C:\Users\marcy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WKCALREM.LNK
ShortcutTarget: WKCALREM.LNK -> C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE (No File)

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2008-08-01] (ArcSoft Inc.)
S2 AdvancedSystemCareService6; C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [528192 2013-02-25] (IObit)
S2 GtDetectSc; C:\Program Files\o2 Surfstick Speed\GlobeTrotter Connect\GtDetectSc.exe [314880 2008-05-07] (OptionNV)
S2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [140424 2014-03-24] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-15] (McAfee, Inc.)
S2 NSUService; C:\Program Files\sony\Network Utility\NSUService.exe [361472 2009-06-11] (Sony Corporation)
S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-06-26] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-06-26] (Sonic Solutions)
S2 SOHDBSvr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [70952 2009-07-27] (Sony Corporation)
S2 SOHPlMgr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [91432 2009-07-27] (Sony Corporation)
S2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2009-07-23] (Sony Corporation)
S2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [642920 2009-07-22] (Sony Corporation)
S3 Vcsw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [313264 2009-07-23] (Sony Corporation)
S2 VzCdbSvc; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [206336 2009-07-23] (Sony Corporation)
S2 Winmgmt; C:\ProgramData\2992199F9A\g391rn.faa [332532 2014-04-24] (Microsoft Corporation)
S2 WTGService; C:\Program Files (x86)\XSManager\WTGService.exe [304592 2009-06-22] ()
S2 XS Stick Service; C:\Windows\service4g.exe [125200 2009-06-17] (4G Systems GmbH & Co. KG)
S2 yksvc; C:\Windows\System32\ykx64mpcoinst.dll [382464 2009-02-10] (Marvell)
S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=nb -dt=60000 -ad -bt=0 [X]

==================== Drivers (Whitelisted) ====================

S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2008-04-24] (ArcSoft, Inc.)
S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [117888 2010-06-08] (Mobile Connector)
S3 cmnsusbser; C:\Windows\SysWOW64\DRIVERS\cmnsusbser.sys [117888 2008-10-31] (Mobile Connector)
S3 GTUHSBUS; C:\Windows\System32\DRIVERS\gtuhsbus.sys [85504 2008-12-08] (Option N.V.)
S3 GTUHSNDISIPXP; C:\Windows\System32\DRIVERS\gtuhs51.sys [124928 2008-12-08] (Option N.V.)
S3 GTUHSOMS; C:\Windows\System32\DRIVERS\gtuhsoms.sys [29184 2008-12-08] (Option N.V.)
S3 GTUHSSER; C:\Windows\System32\DRIVERS\gtuhsser.sys [10624 2008-12-08] (Option N.V.)
S3 JMCR_CFS; C:\Windows\System32\DRIVERS\jmcr_cfs.sys [76688 2008-11-05] (JMicron Technology Corporation)
S2 risdptsk; C:\Windows\System32\DRIVERS\risdsn64.sys [76288 2008-10-22] (REDC)
S1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [116264 2013-09-03] (Trend Micro Inc.)
S0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [282624 2013-09-03] (Trend Micro Inc.)
S0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [50976 2013-07-01] (Trend Micro Inc.)
S2 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [100640 2013-06-12] (Trend Micro Inc.)
S1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [85424 2013-09-03] (Trend Micro Inc.)
S2 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [303392 2013-05-15] (Trend Micro Inc.)
S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2011-08-22] (Trend Micro Inc.)
S5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-13] (Microsoft Corporation)
S2 TMAgent; 

========================== Drivers MD5 =======================

C:\Windows\System32\DRIVERS\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ACPI.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys DB9D6C6B2CD95A9CA414D045B627422E
C:\Windows\system32\DRIVERS\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\aliide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys ==> MD5 is legit
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys 1CE3822B05A5E229286A15EA39369870
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atapi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\System32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys D59773C7FDD3D795D6FE402EEEA8D71E
C:\Windows\System32\Drivers\BTHUSB.sys 8504842634DD144C075B6B0C982CCEC4
C:\Windows\System32\drivers\btwaudio.sys 6BCFDC2B5B7F66D484486D4BD4B39A6B
C:\Windows\System32\drivers\btwavdt.sys 82DC8B7C626E526681C1BEBED2BC3FF9
C:\Windows\System32\DRIVERS\btwl2cap.sys 6149301DC3F81D6F9667A3FBAC410975
C:\Windows\System32\DRIVERS\btwrchid.sys 28E105AD3B79F440BF94780F507BF66A
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\cmdide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cmnsusbser.sys 2B3B8CBEA1BA1BCE5700607FBDB31034
C:\Windows\SysWOW64\DRIVERS\cmnsusbser.sys 2B3B8CBEA1BA1BCE5700607FBDB31034
C:\Windows\System32\Drivers\cng.sys CA7720B73446FDDEC5C69519C1174C98
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dc3d.sys C6E1C081C0849E08FECEC18DF73B10C4
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ssudbus.sys 421D371E96480DD3A14EA37D0D2757D1
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys D3E3F93D67821A2DB2B3D9FAC2DC2064
C:\Windows\System32\DRIVERS\fvevol.sys 1F44F8559E61A8306ECC67BB1E168B7C
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\gtuhsbus.sys 96441919FCBF65BB9B39B714E3133046
C:\Windows\System32\DRIVERS\gtuhs51.sys 24C95A3850A1441DE9FC84CA800BAB1D
C:\Windows\System32\DRIVERS\gtuhsoms.sys 9D4CD66AB0914F50145220CF620BF746
C:\Windows\System32\DRIVERS\gtuhsser.sys 254C2C1052729B925EC76CEC74E87EDA
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys 8D58627FEF3F8767665D9F4DC91CBD97
C:\Windows\system32\drivers\iaStorV.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\isapnp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\jmcr_cfs.sys 8B4BA38AC7D233AFC61F0C84D0EC548C
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 4F4B5FDE429416877DE7143044582EB5
C:\Windows\System32\Drivers\ksecpkg.sys 6F40465A44ECDC1731BEFAFEC5BDD03C
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb10.sys F0067552F8F9B33D7C59403AB808A3CB
C:\Windows\System32\DRIVERS\mrxsmb20.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netw5v64.sys 705283C02177809CA9FA7CC58A4F1E77
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\drivers\ccdcmbx64.sys 4903177FC90E77ABEB19021451E9475E
C:\Windows\System32\drivers\ccdcmbox64.sys E6844A4C97E5409BBE24BB4ED000320D
C:\Windows\System32\drivers\nmwcdnsucx64.sys F59F8CF59F7905622686637177E2A828
C:\Windows\System32\drivers\nmwcdnsux64.sys A0E7F80157AF77B1CEAA8ADD3A3E7D85
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 9A6089B056EA1B83B36424FC9D0A300E
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\drivers\nvhda64v.sys 29A70AD61FB913B4E6C587924B23B62C
C:\Windows\System32\DRIVERS\nvlddmkm.sys 6A6C2EB973CB3762C4C9CDE095DBCF8F
C:\Windows\system32\drivers\nvraid.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvstor.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 90061B1ACFE8CCAA5345750FFE08D8B8
C:\Windows\System32\DRIVERS\pccsmcfdx64.sys 3FDE033DFB0D07F8B7D5C9A3044AA121
C:\Windows\System32\DRIVERS\pci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\point64.sys 520D48ECB54A33821C95EE496A4235AF
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\Drivers\PxHlpa64.sys AED797CCA02783296C68AA10D0CFF8A9
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys 447DE7E3DEA39D422C1504F245B668B1
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\system32\drivers\regi.sys 4D9AFDDDA0EFE97CDBFD3B5FA48B05F6
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\rimssn64.sys 7EAE3999B94A8CE60BFBAA83462B89A1
C:\Windows\System32\DRIVERS\risdsn64.sys FA6D7CD63AD08A01D9259F58E0C5C09E
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SFEP.sys 70F9C476B62DE4F2823E918A6C181ADE
C:\Windows\system32\DRIVERS\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srvnet.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ssudmdm.sys A97BFF59B3B983FDBDCD8AE6CF3C1E2D
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys 465E1231ADF3CB6E0BE5372C0FA83462
C:\Windows\System32\drivers\tcpip.sys 5CFB7AB8F9524D1A1E14369DE63B83CC
C:\Windows\System32\DRIVERS\tcpip.sys 5CFB7AB8F9524D1A1E14369DE63B83CC
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\Drivers\tcusb.sys 03F3B34E066B6983DC6CADE1D41F0E2C
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 7518F7BCFD4B308ABC9192BACAF6C970
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tmactmon.sys C2E4842327230ABF1D099C85B8843A65
C:\Windows\System32\DRIVERS\tmcomm.sys 74AE819FDE325C80BD03C6D3EB781A30
C:\Windows\System32\DRIVERS\TMEBC64.sys 4068D01A407C5F3B9AD3DF523E6BCEF6
C:\Windows\System32\DRIVERS\tmeevw.sys 3A10F5BDF66013B13AAB032B549E934D
C:\Windows\System32\DRIVERS\tmevtmgr.sys F8B7C333CAB63140B617C91BE75A5AB2
C:\Windows\System32\DRIVERS\tmnciesc.sys C91EB6CEC1A7FE02BB54760ABF79FBA6
C:\Windows\System32\DRIVERS\tmtdi.sys 48951FBFFFCAE52FADFCDFB76ED19749
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbser_lowerfltx64.sys 907F50B8695DAA65A9445D27AD306E65
C:\Windows\System32\DRIVERS\usbccgp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\usbcir.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbehci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbhub.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\drivers\usbser.sys 0F0C72A657C622286013788B886968AD
C:\Windows\System32\DRIVERS\usbser_lowerfltjx64.sys 3F7498527B48657091C355F683BEB0DD
C:\Windows\System32\DRIVERS\USBSTOR.SYS ==> MD5 is legit
C:\Windows\system32\drivers\usbuhci.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbvideo.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viaide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys 9E425AC5C9A5A973273D169F43B4F5E1
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wimfltr.sys 52DED146E4797E6CCF94799E8E22BB2A
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\DRIVERS\yk62x64.sys B3EEACF62445E24FBB2CD4B0FB4DB026
C:\Windows\System32\DRIVERS\yk60x64.sys 4D7BD04B794478ABA95EA1E03BE39C47

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-28 18:45 - 2014-04-28 18:48 - 00000000 ____D () C:\FRST
2014-04-24 11:23 - 2014-04-27 09:38 - 00003340 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-750969999-1738938419-3713293095-1000
2014-04-24 11:23 - 2014-04-27 09:38 - 00003206 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-750969999-1738938419-3713293095-1000
2014-04-24 10:57 - 2014-04-24 10:58 - 00002960 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateFiles_marcy
2014-04-24 10:57 - 2014-04-24 10:58 - 00000376 _____ () C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_marcy.job
2014-04-24 10:57 - 2014-04-24 10:58 - 00000370 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_marcy.job
2014-04-24 10:57 - 2014-04-24 10:57 - 00003612 _____ () C:\Windows\System32\Tasks\RNUpgradeHelperResumePrompt_marcy
2014-04-24 10:57 - 2014-04-24 10:57 - 00002966 _____ () C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_marcy
2014-04-24 10:57 - 2014-04-24 10:57 - 00002956 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateXML_marcy
2014-04-24 10:57 - 2014-04-24 10:57 - 00000366 _____ () C:\Windows\Tasks\ReclaimerUpdateXML_marcy.job
2014-04-24 10:49 - 2014-04-27 10:11 - 00000000 ____D () C:\ProgramData\2992199F9A
2014-04-16 23:19 - 2014-04-16 23:19 - 00018138 _____ () C:\Users\marcy\Desktop\DB BAHN - Verbindungen - Ihre Auskunft 1.htm
2014-04-16 23:19 - 2014-04-16 23:19 - 00000000 ____D () C:\Users\marcy\Desktop\DB BAHN - Verbindungen - Ihre Auskunft 1-Dateien
2014-04-16 23:16 - 2014-04-16 23:18 - 00019788 _____ () C:\Users\marcy\Desktop\DB BAHN - Verbindungen - Ihre Auskunft.htm
2014-04-16 23:16 - 2014-04-16 23:16 - 00000000 ____D () C:\Users\marcy\Desktop\DB BAHN - Verbindungen - Ihre Auskunft-Dateien
2014-04-16 22:48 - 2014-04-16 22:48 - 00000000 ____D () C:\Program Files (x86)\IObit Apps Toolbar
2014-04-16 22:48 - 2014-04-16 22:48 - 00000000 ____D () C:\Program Files (x86)\Application Updater
2014-04-01 10:20 - 2014-04-24 09:39 - 00003362 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-750969999-1738938419-3713293095-1000
2014-04-01 10:20 - 2014-04-24 09:39 - 00003228 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-750969999-1738938419-3713293095-1000
2014-03-29 12:33 - 2014-03-29 12:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-04-28 18:48 - 2014-04-28 18:45 - 00000000 ____D () C:\FRST
2014-04-27 19:19 - 2013-11-18 14:44 - 00000000 ____D () C:\ProgramData\Trend Micro
2014-04-27 19:19 - 2012-06-22 03:29 - 00000000 ____D () C:\ProgramData\IObit
2014-04-27 19:19 - 2012-03-23 10:11 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-04-27 19:19 - 2011-09-25 12:52 - 00000000 ____D () C:\Users\marcy\AppData\Roaming\Skype
2014-04-27 19:19 - 2010-02-03 13:40 - 00000000 ____D () C:\ProgramData\Real
2014-04-27 19:19 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
2014-04-27 10:11 - 2014-04-24 10:49 - 00000000 ____D () C:\ProgramData\2992199F9A
2014-04-27 10:11 - 2010-03-26 12:02 - 00078159 _____ () C:\ProgramData\nvModes.001
2014-04-27 10:11 - 2010-02-03 12:43 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-27 10:09 - 2013-11-02 16:17 - 00304770 _____ () C:\Windows\setupact.log
2014-04-27 10:09 - 2012-06-26 14:31 - 00065536 _____ () C:\Windows\System32\Ikeext.etl
2014-04-27 10:09 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-27 09:38 - 2014-04-24 11:23 - 00003340 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-750969999-1738938419-3713293095-1000
2014-04-27 09:38 - 2014-04-24 11:23 - 00003206 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-750969999-1738938419-3713293095-1000
2014-04-27 09:37 - 2010-01-23 06:01 - 00000000 ____D () C:\users\marcy
2014-04-24 11:05 - 2012-12-12 22:55 - 02017196 _____ () C:\Windows\WindowsUpdate.log
2014-04-24 10:58 - 2014-04-24 10:57 - 00002960 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateFiles_marcy
2014-04-24 10:58 - 2014-04-24 10:57 - 00000376 _____ () C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_marcy.job
2014-04-24 10:58 - 2014-04-24 10:57 - 00000370 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_marcy.job
2014-04-24 10:57 - 2014-04-24 10:57 - 00003612 _____ () C:\Windows\System32\Tasks\RNUpgradeHelperResumePrompt_marcy
2014-04-24 10:57 - 2014-04-24 10:57 - 00002966 _____ () C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_marcy
2014-04-24 10:57 - 2014-04-24 10:57 - 00002956 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateXML_marcy
2014-04-24 10:57 - 2014-04-24 10:57 - 00000366 _____ () C:\Windows\Tasks\ReclaimerUpdateXML_marcy.job
2014-04-24 10:48 - 2013-02-02 16:23 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-24 10:46 - 2010-02-03 12:43 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-24 09:39 - 2014-04-01 10:20 - 00003362 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-750969999-1738938419-3713293095-1000
2014-04-24 09:39 - 2014-04-01 10:20 - 00003228 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-750969999-1738938419-3713293095-1000
2014-04-24 09:35 - 2013-11-02 17:39 - 00000000 ____D () C:\Users\marcy\Desktop\belamico
2014-04-24 09:28 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\tracing
2014-04-24 08:37 - 2010-01-23 05:56 - 00010896 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-24 08:37 - 2010-01-23 05:56 - 00010896 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-24 08:33 - 2010-01-23 11:23 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{C53C64BB-3207-46AD-AE55-53A036B8EA2C}
2014-04-22 08:58 - 2013-11-18 14:24 - 00015350 _____ () C:\Windows\PFRO.log
2014-04-16 23:19 - 2014-04-16 23:19 - 00018138 _____ () C:\Users\marcy\Desktop\DB BAHN - Verbindungen - Ihre Auskunft 1.htm
2014-04-16 23:19 - 2014-04-16 23:19 - 00000000 ____D () C:\Users\marcy\Desktop\DB BAHN - Verbindungen - Ihre Auskunft 1-Dateien
2014-04-16 23:18 - 2014-04-16 23:16 - 00019788 _____ () C:\Users\marcy\Desktop\DB BAHN - Verbindungen - Ihre Auskunft.htm
2014-04-16 23:16 - 2014-04-16 23:16 - 00000000 ____D () C:\Users\marcy\Desktop\DB BAHN - Verbindungen - Ihre Auskunft-Dateien
2014-04-16 22:48 - 2014-04-16 22:48 - 00000000 ____D () C:\Program Files (x86)\IObit Apps Toolbar
2014-04-16 22:48 - 2014-04-16 22:48 - 00000000 ____D () C:\Program Files (x86)\Application Updater
2014-04-14 14:24 - 2010-01-23 03:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-14 14:16 - 2013-08-14 08:31 - 00000000 ____D () C:\Windows\System32\MRT
2014-04-14 14:16 - 2010-01-25 00:11 - 90655440 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-04-14 10:22 - 2010-01-23 04:55 - 00000000 ____D () C:\Users\marcy\AppData\Local\Google
2014-04-02 11:41 - 2010-02-03 12:43 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-02 11:41 - 2010-02-03 12:43 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-01 10:25 - 2009-08-24 18:49 - 00648704 _____ () C:\Windows\System32\perfh007.dat
2014-04-01 10:25 - 2009-08-24 18:49 - 00128930 _____ () C:\Windows\System32\perfc007.dat
2014-04-01 10:25 - 2009-07-13 21:13 - 01486084 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-03-31 12:50 - 2012-05-16 08:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-30 10:42 - 2014-02-17 02:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2014-03-29 12:34 - 2014-03-29 12:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-29 11:33 - 2010-01-23 06:35 - 00093184 _____ () C:\Users\marcy\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-29 11:32 - 2009-07-13 20:45 - 00387104 _____ () C:\Windows\System32\FNTCACHE.DAT

Files to move or delete:
====================
C:\ProgramData\mjdzoc4.pad
C:\Users\marcy\autoplaylist.dat
C:\Users\marcy\cddbcontrol.dll
C:\Users\marcy\cddblink.dll
C:\Users\marcy\cddbmusicid.dll
C:\Users\marcy\convert.exe
C:\Users\marcy\dbghelp.dll
C:\Users\marcy\dunzip32.dll
C:\Users\marcy\fixrjb.exe
C:\Users\marcy\hxaudiodevicehook.dll
C:\Users\marcy\ierjplug.dll
C:\Users\marcy\keys.dat
C:\Users\marcy\mc_enc_h263.dll
C:\Users\marcy\mediainfo.dll
C:\Users\marcy\mmcdda32.dll
C:\Users\marcy\rdsf3260.dll
C:\Users\marcy\realcleaner.exe
C:\Users\marcy\realconverter.exe
C:\Users\marcy\realjbox.exe
C:\Users\marcy\realplay.exe
C:\Users\marcy\realshare.exe
C:\Users\marcy\realtrimmer.exe
C:\Users\marcy\rjbres.dll
C:\Users\marcy\rjdlg.dll
C:\Users\marcy\rjprog.dll
C:\Users\marcy\rjwmapln.dll
C:\Users\marcy\rndevicedbbuilder.exe
C:\Users\marcy\rpau3260.dll
C:\Users\marcy\rphelperapp.exe
C:\Users\marcy\rpplugprot.dll
C:\Users\marcy\rpshell.dll
C:\Users\marcy\rpshellextension.dll
C:\Users\marcy\rpshellsearch.dll
C:\Users\marcy\rpwa3260.dll
C:\Users\marcy\strs23.dat
C:\Users\marcy\strs26.dat
C:\Users\marcy\tnetdtct.dll
C:\Users\marcy\tpasdk.dll
C:\Users\marcy\tsasdk.dll
C:\Users\marcy\wmdmhelper.dll


Some content of TEMP:
====================
C:\Users\marcy\AppData\Local\Temp\abgnl.dll
C:\Users\marcy\AppData\Local\Temp\MouseKeyboardCenterx64_1031.exe
C:\Users\marcy\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\marcy\AppData\Local\Temp\stubhelper.dll


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2014-01-20 16:37:41
Restore point made on: 2014-01-21 04:02:43
Restore point made on: 2014-01-21 06:18:33
Restore point made on: 2014-01-21 09:44:06
Restore point made on: 2014-01-21 10:37:23
Restore point made on: 2014-01-21 15:23:03
Restore point made on: 2014-01-22 15:58:04
Restore point made on: 2014-01-23 09:14:11
Restore point made on: 2014-01-26 05:03:07
Restore point made on: 2014-01-27 16:28:39
Restore point made on: 2014-01-28 03:03:07
Restore point made on: 2014-01-28 08:17:43
Restore point made on: 2014-01-28 13:40:17
Restore point made on: 2014-01-29 06:22:20
Restore point made on: 2014-01-30 14:41:56
Restore point made on: 2014-01-31 14:17:20
Restore point made on: 2014-02-01 09:12:35
Restore point made on: 2014-02-01 11:41:08
Restore point made on: 2014-02-02 13:47:32
Restore point made on: 2014-02-03 03:34:14
Restore point made on: 2014-02-03 05:06:45
Restore point made on: 2014-02-03 07:55:24
Restore point made on: 2014-02-03 15:39:37
Restore point made on: 2014-02-04 05:35:56
Restore point made on: 2014-02-07 04:51:38
Restore point made on: 2014-02-07 15:51:29
Restore point made on: 2014-02-08 17:02:12
Restore point made on: 2014-02-09 05:26:21
Restore point made on: 2014-02-17 06:04:12
Restore point made on: 2014-02-17 08:47:29
Restore point made on: 2014-02-18 14:49:08
Restore point made on: 2014-02-19 15:21:43
Restore point made on: 2014-02-20 15:08:55
Restore point made on: 2014-02-21 14:04:29
Restore point made on: 2014-02-22 15:23:29
Restore point made on: 2014-02-23 08:43:14
Restore point made on: 2014-02-23 10:57:20
Restore point made on: 2014-02-23 14:13:53
Restore point made on: 2014-02-25 15:05:49
Restore point made on: 2014-03-01 14:28:20
Restore point made on: 2014-03-02 15:05:12
Restore point made on: 2014-03-03 08:59:19
Restore point made on: 2014-03-03 13:27:41
Restore point made on: 2014-03-10 14:53:15
Restore point made on: 2014-03-19 16:02:05
Restore point made on: 2014-03-20 22:41:00
Restore point made on: 2014-03-24 08:41:01
Restore point made on: 2014-03-24 11:16:39
Restore point made on: 2014-03-24 16:38:45
Restore point made on: 2014-03-25 03:58:31
Restore point made on: 2014-03-25 10:54:47
Restore point made on: 2014-03-25 15:36:05
Restore point made on: 2014-03-26 01:35:51
Restore point made on: 2014-03-27 15:39:41
Restore point made on: 2014-03-28 14:12:55
Restore point made on: 2014-03-28 15:07:01
Restore point made on: 2014-03-29 13:06:14
Restore point made on: 2014-03-30 11:59:36
Restore point made on: 2014-03-31 14:30:13
Restore point made on: 2014-04-01 13:00:20
Restore point made on: 2014-04-14 14:15:15
Restore point made on: 2014-04-17 00:05:37
Restore point made on: 2014-04-22 10:30:34
Restore point made on: 2014-04-24 11:07:17

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=C:
description             Windows Boot Manager
locale                  de-DE
inherit                 {globalsettings}
default                 {default}
resumeobject            {fcb32d97-189f-11de-97a1-001dbaaf2598}
displayorder            {default}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {current}
device                  ramdisk=[C:]\Recovery\3e480a61-082c-11df-8e88-00f1d000f1d0\Winre.wim,{3e480a62-082c-11df-8e88-00f1d000f1d0}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\3e480a61-082c-11df-8e88-00f1d000f1d0\Winre.wim,{3e480a62-082c-11df-8e88-00f1d000f1d0}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {572bcd55-ffa7-11d9-aae0-0007e994107d}
device                  ramdisk=[D:]\sources\boot.wim,{ramdiskoptions}
path                    \windows\system32\boot\winload.exe
description             Windows Recovery Environment
osdevice                ramdisk=[D:]\sources\boot.wim,{ramdiskoptions}
systemroot              \windows
nx                      OptIn
detecthal               Yes
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {default}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  de-DE
inherit                 {bootloadersettings}
recoverysequence        {current}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {fcb32d97-189f-11de-97a1-001dbaaf2598}
nx                      OptIn

Resume from Hibernate
---------------------
identifier              {fcb32d97-189f-11de-97a1-001dbaaf2598}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  de-DE
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows-Speicherdiagnose
locale                  de-DE
inherit                 {globalsettings}
badmemoryaccess         Yes

Windows Legacy OS Loader
------------------------
identifier              {ntldr}
device                  unknown
path                    \ntldr
description             Frhere Windows-Version

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {3e480a62-082c-11df-8e88-00f1d000f1d0}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\3e480a61-082c-11df-8e88-00f1d000f1d0\boot.sdi

Setup Ramdisk Options
---------------------
identifier              {ramdiskoptions}
description             Ramdisk options
ramdisksdidevice        partition=D:
ramdisksdipath          \boot\boot.sdi


==================== Memory info =========================== 

Percentage of memory in use: 11%
Total physical RAM: 6111.06 MB
Available physical RAM: 5437.57 MB
Total Pagefile: 6109.21 MB
Available Pagefile: 5423.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:451.1 GB) (Free:221.4 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:14.66 GB) (Free:0.38 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: () (Removable) (Total:7.37 GB) (Free:7.36 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 9A01C710)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=451 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7 GB) - (Type=0C)


LastRegBack: 2013-04-16 06:13

==================== End Of Log ============================

mort · 28.04.2014, 19:18

Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen.

Ich bedanke mich für deine Geduld

mort · 28.04.2014, 19:37

Hallo marcy-ef und

Ich werde dir bei der Bereinigung des Computers helfen.

Arbeite meine Anleitungen nacheinander ab.
Poste deine Logs in Code-Tags: [code]Hier der Inhalt des Logs[/code]
Bedenke, dass wir in unserer Freizeit tätig sind. Bekommst du von mir innerhalb von 2 Tagen keine Antwort, schreibe mir eine PM.

Schritt 1

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKU\marcy\...\Run: [svñhîst] => %USERPROFILE%\wgsdgsdgdsgsd.exe
Startup: C:\Users\marcy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\g391rn.lnk
ShortcutTarget: g391rn.lnk -> C:\ProgramData\2992199F9A\nr193g.cpp (Microsoft Corporation)
S2 Winmgmt; C:\ProgramData\2992199F9A\g391rn.faa [332532 2014-04-24] (Microsoft Corporation)
2014-04-24 10:49 - 2014-04-27 10:11 - 00000000 ____D () C:\ProgramData\2992199F9A
C:\ProgramData\mjdzoc4.pad

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Wenn dein Computer nach dem ersten Schritt wieder normal läuft, mach so weiter:
Schritt 2

Verschiebe FRST vom USB-Stick auf den Desktop.

Starte dann FRST.
Setze bei Optional Scan den Haken bei Addition.txt und drücke Scan.
Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und Addition.txt erstellt und auf dem Desktop gespeichert.
Poste den Inhalt dieser beiden Logfiles bitte hier in deinen Thread.

mort · 01.05.2014, 22:40

Hallo,
benötigst Du noch weiterhin Hilfe?

Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten.

Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist

GVU-Trojaner abgesicherter Modus in Win 7

Log-Analyse und Auswertung: GVU-Trojaner abgesicherter Modus in Win 7