Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
BKA - Virus neu "Mit Webcam Bild"

BKA - Virus neu "Mit Webcam Bild"


Log-Analyse und Auswertung: BKA - Virus neu "Mit Webcam Bild"

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 03.07.2013, 20:08   #1
Dude76
 
BKA - Virus neu "Mit Webcam Bild" - Standard

BKA - Virus neu "Mit Webcam Bild"


Erst einmal "Hallo" beim Trojaner Board - bin neu dabei und ihr seit auch meine letzte Hoffnung.

Habe einen BKA/Landeskriminalamt/U-Cash Virus (mit Webcam Bild) eingefangen.
Betriebssystem: Windows7 Build 7601 :SP1

Mit Kaspersky Rettungs-CD mit neuesten Update hat die "unlockwindows" Funktion nichts gebracht.
Bitte um Hilfe - bin am verzweifeln...

Hier der Scan mit FRST64:

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-07-2013 01
Ran by SYSTEM on 03-07-2013 20:47:50
Running from G:\
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10775584 2010-06-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3  [2040352 2010-06-21] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] %ProgramFiles%\Apoint\Apoint.exe [212480 2010-05-14] (Alps Electric Co., Ltd.)
HKLM\...\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden" [1123320 2010-06-15] (Check Point Software Technologies)
HKLM\...\Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [357936 2009-08-28] (Acronis)
HKLM\...\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-05] (Autodesk, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [600928 2010-06-01] (Sony Corporation)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [1043968 2010-06-28] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [85160 2009-06-17] (Elaborate Bytes AG)
HKLM-x32\...\Run: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe" [129584 2010-09-21] (VMware, Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5078416 2009-08-28] (Acronis)
HKLM-x32\...\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe [221256 2011-09-07] (Geek Software GmbH)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-07-01] (Avira Operations GmbH & Co. KG)
HKU\Admin\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-09-17] (Google Inc.)
HKU\Cary\...\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [719672 2012-01-20] (Microsoft Corporation)
HKU\Cary\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Cary\...\Run: [acSecurityLayer] C:\Program Files (x86)\A-Trust GmbH\Bürgerkartensoftware\acSecurityLayer.exe [3605704 2012-05-22] (A-Trust GmbH)
HKU\Cary\...\Run: [AdobeBridge]  [x]
HKU\Dummy\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-09-17] (Google Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\a.sign Client.lnk
ShortcutTarget: a.sign Client.lnk -> C:\Program Files (x86)\A-Trust GmbH\a.sign Client\ASignLauncher.exe ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Cary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
Startup: C:\Users\Cary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
ShortcutTarget: regmonstd.lnk -> C:\Users\Cary\AppData\Local\Temp\tldaqkrgqskqutuebig.bfg (Microsoft Corporation)
Startup: C:\Users\Dummy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)

==================== Services (Whitelisted) =================

S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-01] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-01] (Avira Operations GmbH & Co. KG)
S2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
S2 GtDetectSc; C:\Program Files (x86)\Option\GlobeTrotter Connect\GtDetectSc.exe [312320 2007-12-18] (OptionNV)
S2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [823288 2010-06-15] (Check Point Software Technologies)
S2 NitroDriverReadSpool; C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [341312 2011-09-24] (Nitro PDF Software)
S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S4 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2010-02-24] (Sonic Solutions)
S4 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2010-02-24] (Sonic Solutions)
S2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [252416 2010-05-25] (Sony Corporation)
S4 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 ufad-ws60; C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe [191024 2010-08-19] (VMware, Inc.)
S2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [245760 2011-02-18] ()
S2 VMCService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [9216 2010-03-25] (Vodafone)
S2 vsmon; C:\Windows\SysWOW64\ZoneLabs\vsmon.exe [2435592 2010-06-28] (Check Point Software Technologies LTD)
S3 VUAgent; C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [1021840 2011-04-20] (Sony Corporation)

==================== Drivers (Whitelisted) ====================

S3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138360 2012-05-02] (SlySoft, Inc.)
S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-06-20] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-06-20] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-06-20] (Avira Operations GmbH & Co. KG)
S0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2011-01-17] (Bytemobile, Inc.)
S3 GKUPRO2D; C:\Windows\System32\Drivers\GKUPRO2D.sys [120064 2012-06-10] (Gemalto)
S3 GTPTSER; C:\Windows\System32\DRIVERS\gtptser.sys [10624 2009-08-18] (Option N.V.)
S3 GTUQBUS; C:\Windows\System32\DRIVERS\gtuqbus.sys [50944 2009-08-18] (Option N.V.)
S2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33528 2010-06-15] (Check Point Software Technologies)
S1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2011-01-17] (Bytemobile, Inc.)
S1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2011-01-17] (Bytemobile, Inc.)
S0 tdrpman251; C:\Windows\System32\DRIVERS\tdrpm251.sys [1455648 2011-04-19] (Acronis)
S1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [458840 2010-05-15] (Check Point Software Technologies LTD)
S2 vstor2-ws60; C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys [32816 2010-08-19] (VMware, Inc.)
S2 vstor2-ws60; C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys [32816 2010-08-19] (VMware, Inc.)
S3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [254976 2010-07-15] (Jungo)

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\afcdp.sys 7F64EA2FCE77830C020B2E387C0FAC05
C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\Drivers\AnyDVD.sys 147866AF11F5EAB84C52436C9CAE3693
C:\Windows\system32\drivers\Apfiltr.sys 2D45F2DFBC3D8F53DF7EBEFFA8C9BC38
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys C130BC4A51B1382B2BE8E44579EC4C0A
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\system32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys 08BAAA2432E81031A6C3B11AD5A67E2B
C:\Windows\System32\DRIVERS\avgntflt.sys 09E6069EF94B345061B4BD3CEBD974C8
C:\Windows\System32\DRIVERS\avipbb.sys 488486DAD09A5B6C6DBB8B990A8B2307
C:\Windows\System32\DRIVERS\avkmgr.sys 490FA25161BF3E51993EB724ECF0ACEB
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\system32\drivers\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\drivers\BMLoad.sys 8B1E76B5F86DF4396D77AB09787F6D37
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\System32\drivers\btwampfl.sys 59E3510784548C6939C1B3B985C232E3
C:\Windows\System32\drivers\btwaudio.sys 1872074ED0A3FB22E3F1E3197B984BFA
C:\Windows\System32\DRIVERS\btwavdt.sys 691CF076C33AB1C3A5B2FD5450300733
C:\Windows\System32\DRIVERS\btwl2cap.sys 07096D2BC22CCB6CEA5A532DF0BE8A75
C:\Windows\System32\DRIVERS\btwrchid.sys C9273B20DEC8CE38DBCE5D29DE63C907
C:\Windows\System32\DRIVERS\busenum.sys FC278504BFA3AC7E9ED92359D0EE7282
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 9AC4F97C2D3E93367E2148EA940CD2CD
C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4Prt.sys E9F5969233C5D89F3C35E3A66A52A361
C:\Windows\System32\DRIVERS\dot4usb.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys AF2E16242AA723F68F461B6EAE2EAD3D
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ElbyCDIO.sys A05FC7ECA0966EBB70E4D17B855A853B
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\System32\Drivers\GKUPRO2D.sys 1A2D1C54C3731A8D511032884EC53339
C:\Windows\System32\drivers\grmnusb.sys 2ED7FF3E1ADA4092632393781518B3A7
C:\Windows\System32\DRIVERS\gtptser.sys 2F3DBA5CDC388BC0500DE0EEDC8C81AE
C:\Windows\System32\DRIVERS\gtuqbus.sys 3DDC61C7F44238285990EACEA448C68B
C:\Windows\system32\drivers\hcmon.sys 94D46DED293C216822FB39DF2EC6ADD4
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\drivers\iaStor.sys ABBF174CB394F5C437410A788B7E404A
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\Impcd.sys 4B6363CD4610BB848531BB260B15DFCC
C:\Windows\System32\drivers\RTKVHD64.sys 526E482AFB586CB1CDD687869DECF686
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys 01F2AB91DE44A98834C27D265E8EBECB
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 97A7070AEA4C058B6418519E869A63B4
C:\Windows\System32\Drivers\ksecpkg.sys 26C43A7C2862447EC59DEDA188D1DA07
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netaapl64.sys 6F4607E2333FE21E9E3FF8133A88B35B
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NETw5s64.sys 18555F48844C2861D9DCE8F2B7223AE5
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nusb3hub.sys 285ACEC1B13A15BA520AAE06BACB9CFF
C:\Windows\system32\drivers\nusb3xhc.sys F6D625FF7B56BB6EA063F0D3A5BBC996
C:\Windows\System32\drivers\nvhda64v.sys 857FB74754EBFF94EE3AD40788740916
C:\Windows\System32\DRIVERS\nvlddmkm.sys FBE6AC1C3591CB67543FAD15ABD26BCB
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\Drivers\PxHlpa64.sys 87B04878A6D59D6C79251DC960C674C1
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\system32\drivers\regi.sys 4D9AFDDDA0EFE97CDBFD3B5FA48B05F6
C:\Windows\system32\drivers\regi.sys 4D9AFDDDA0EFE97CDBFD3B5FA48B05F6
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\system32\drivers\rimssne64.sys FA6ABC06B629DA29634D31F1FE0347BD
C:\Windows\system32\drivers\risdsne64.sys 8F8539A7F5C117D4407B2985995671F2
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\system32\drivers\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\SFEP.sys 286D3889E6AB5589646FF8A63CB928AE
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\snapman.sys 20635287FAA016E4E2A07E86C02759B8
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 9849EA3843A2ADBDD1497E97A85D8CAE
C:\Windows\System32\DRIVERS\tcpip.sys 9849EA3843A2ADBDD1497E97A85D8CAE
C:\Windows\system32\drivers\tcpipBM.sys FBA939B917976B2C37F1B235DFCD4876
C:\Windows\system32\drivers\tcpipBM.sys FBA939B917976B2C37F1B235DFCD4876
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tdrpm251.sys DF9179B7BDF0C5B71F9C3D93C016BAE5
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\timntr.sys F7546EAD58CC3000AC02CF9529B9934E
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys AF1B9474D67897D0C2CFF58E0ACEACCC
C:\Windows\System32\drivers\usbaudio.sys 82E8F44688E6FAC57B5B7C6FC7ADBC2A
C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbehci.sys C025055FE7B87701EB042095DF1A2D7B
C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24
C:\Windows\system32\drivers\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD
C:\Windows\System32\Drivers\usbvideo.sys 454800C2BC7F3927CE030141EE4F4C50
C:\Windows\System32\DRIVERS\VClone.sys 84BB306B7863883018D7F3EB0C453BD5
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\system32\drivers\vmci.sys 72433D7CFE64134C7D1492785C79EFD6
C:\Windows\system32\drivers\VMkbd.sys 95569794560DB9AA8CF27F890096FFE9
C:\Windows\System32\DRIVERS\vmnetadapter.sys 9D54F1339E78C95BF3D9939EBCB66378
C:\Windows\System32\DRIVERS\vmnetbridge.sys FB54EF3AA613D2832FD3812E7CB2FC75
C:\Windows\system32\drivers\vmnetuserif.sys C220E38410A4E4BA359A366DB081D2EA
C:\Windows\System32\Drivers\vmusb.sys 415B167695C4B5960A13098622EF3D80
C:\Windows\system32\drivers\vmx86.sys 8BAF654FDAD3420D1DAFD57196147457
C:\Windows\System32\DRIVERS\vodafone_K3805-z_dc_enum.sys 3BB37A860A72ED211E66E539943A7B3E
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vsdatant.sys 48BFA6276BCC0535F5F8898107ED489A
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys E61C910E2DDF4797C1B1F9239636E894
C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys E61C910E2DDF4797C1B1F9239636E894
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\drivers\windrvr6.sys 62A3E830ACC39EAD6CBB69095001F7B0
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\DRIVERS\yk62x64.sys 5250193EF8E173AA7491250F00EB367F

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-03 19:30 - 2010-11-20 14:24 - 00345088 ____A (Microsoft Corporation) C:\Windows\System32\Utilman.exe
2013-07-03 16:31 - 2013-07-03 16:31 - 00000000 ____D C:\FRST
2013-07-03 16:22 - 2013-07-03 16:22 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes
2013-07-03 16:21 - 2013-07-03 16:21 - 00001113 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-03 16:21 - 2013-07-03 16:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-03 16:21 - 2013-07-03 16:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-03 16:21 - 2013-04-04 13:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-07-03 16:20 - 2013-07-03 16:20 - 00231217 ____A C:\Users\Admin\Desktop\Bka Virus Detective V1.1.zip
2013-07-03 15:56 - 2013-07-03 15:56 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Intel
2013-07-03 15:52 - 2013-07-03 15:53 - 00018443 ____A C:\AdwCleaner[S1].txt
2013-07-03 15:52 - 2013-07-03 15:52 - 00018282 ____A C:\Users\Admin\Desktop\AdwCleaner[R1].txt
2013-07-03 15:51 - 2013-07-03 15:52 - 00018282 ____A C:\AdwCleaner[R1].txt
2013-07-03 15:50 - 2013-07-03 15:50 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\Admin\Desktop\mbam-setup-1.75.0.1300.exe
2013-07-03 15:47 - 2013-07-03 15:47 - 00650027 ____A C:\Users\Admin\Desktop\adwcleaner.exe
2013-07-03 13:38 - 2013-07-03 13:38 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Avira
2013-07-03 13:37 - 2013-07-03 16:29 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Orbit
2013-07-03 13:37 - 2013-07-03 13:39 - 299798528 ____A C:\Users\Admin\Downloads\kav_rescue_10.iso
2013-07-03 13:37 - 2013-07-03 13:37 - 00000000 ____D C:\Users\Admin\AppData\Roaming\ProgSense
2013-07-03 13:35 - 2013-07-03 13:35 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Google
2013-07-03 13:34 - 2013-07-03 13:35 - 00000000 ____D C:\Users\Admin\AppData\Local\Google
2013-07-03 13:34 - 2013-07-03 13:34 - 00000000 ____D C:\Users\Admin\Documents\Bluetooth-Exchange-Ordner
2013-07-03 13:34 - 2013-07-03 13:34 - 00000000 ____D C:\Users\Admin\AppData\Local\Broadcom
2013-07-03 13:33 - 2013-07-03 13:33 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Apple Computer
2013-07-03 13:33 - 2013-07-03 13:33 - 00000000 ____D C:\Users\Admin\AppData\Local\Autodesk
2013-07-03 13:33 - 2013-07-03 13:33 - 00000000 ____D C:\Users\Admin\AppData\Local\Adobe
2013-07-03 13:32 - 2013-07-03 13:33 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Adobe
2013-07-03 13:32 - 2013-07-03 13:32 - 00000000 ____D C:\Users\Admin\Documents\ForceField Shared Files
2013-07-03 13:32 - 2013-07-03 13:32 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Sony Corporation
2013-07-03 13:32 - 2013-07-03 13:32 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Mozilla
2013-07-03 13:32 - 2013-07-03 13:32 - 00000000 ____D C:\Users\Admin\AppData\Roaming\CheckPoint
2013-07-03 13:32 - 2013-07-03 13:32 - 00000000 ____D C:\Users\Admin\AppData\Local\VirtualStore
2013-07-03 13:32 - 2013-07-03 13:32 - 00000000 ____D C:\Users\Admin\AppData\Local\Mozilla
2013-07-03 13:28 - 2013-07-03 13:28 - 00000165 ____A C:\ProgramData\gibeutuqksqgrkqadlt.reg
2013-07-03 13:28 - 2013-07-03 13:28 - 00000070 ____A C:\ProgramData\gibeutuqksqgrkqadlt.bat
2013-06-20 13:16 - 2013-06-20 13:16 - 00000000 ____D C:\Users\Cary\AppData\Roaming\Avira
2013-06-20 13:11 - 2013-07-01 09:21 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-06-20 13:10 - 2013-06-20 13:10 - 00001994 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
2013-06-20 13:10 - 2013-06-20 13:10 - 00000000 ____D C:\ProgramData\Avira
2013-06-20 13:10 - 2013-06-20 13:10 - 00000000 ____D C:\Program Files (x86)\Avira
2013-06-20 13:10 - 2013-06-20 13:04 - 00130016 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-06-20 13:10 - 2013-06-20 13:04 - 00100712 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-06-20 13:10 - 2013-06-20 13:04 - 00028600 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-06-20 13:02 - 2013-06-20 13:02 - 02092792 ____A C:\Users\Cary\Desktop\avira_free_antivirus.exe
2013-06-19 21:01 - 2013-06-19 21:19 - 00000000 ____D C:\Users\Cary\Desktop\Bus
2013-06-17 19:46 - 2013-06-17 19:48 - 00000000 ____D C:\Users\Dummy\AppData\Roaming\Google
2013-06-17 19:46 - 2013-06-17 19:46 - 00000000 ____D C:\Users\Dummy\AppData\Local\Google
2013-06-17 19:39 - 2013-06-17 19:56 - 00000000 ____D C:\Users\Dummy\AppData\Roaming\Adobe
2013-06-17 19:35 - 2013-06-17 19:35 - 00000072 ____A C:\Users\Cary\Desktop\EUM - Kopie.bat
2013-06-15 20:09 - 2013-06-08 15:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-15 20:09 - 2013-06-08 13:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-15 20:09 - 2013-06-08 12:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-15 20:09 - 2013-06-08 12:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-15 20:09 - 2013-06-08 12:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-15 20:08 - 2013-06-08 15:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-15 20:08 - 2013-06-08 15:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-15 20:08 - 2013-06-08 15:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-15 20:08 - 2013-06-08 15:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-15 20:08 - 2013-06-08 12:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-15 20:08 - 2013-06-08 12:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-15 20:08 - 2013-06-08 12:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-12 17:05 - 2013-06-12 17:05 - 00564416 ____A (Microsoft Corporation) C:\Users\Cary\Desktop\setupproplusretail.x86.de-de_act_1_.exe
2013-06-12 17:04 - 2013-06-12 17:04 - 00000000 ____A C:\Users\Cary\Desktop\setupproplusretail.x86.de-de_act_1_.exe.4b6qubz.partial
2013-06-12 16:44 - 2013-06-12 16:44 - 01034464 ____A (Solid State Networks) C:\Users\Cary\Downloads\install_flashplayer11x32_mssd_aaa_aih.exe
2013-06-12 16:39 - 2013-06-12 16:39 - 00000000 ____D C:\ProgramData\Mozilla
2013-06-12 16:39 - 2013-06-12 16:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-11 22:47 - 2013-05-17 02:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-11 22:47 - 2013-05-17 02:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-11 22:47 - 2013-05-17 02:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-11 22:47 - 2013-05-17 02:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-11 22:47 - 2013-05-17 02:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-11 22:47 - 2013-05-17 02:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-11 22:47 - 2013-05-17 01:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-11 22:47 - 2013-05-17 01:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-11 22:47 - 2013-05-17 01:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-11 22:47 - 2013-05-17 01:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-11 22:47 - 2013-05-17 01:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-11 22:47 - 2013-05-17 01:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-11 22:47 - 2013-05-17 01:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-11 22:47 - 2013-05-14 13:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-11 22:47 - 2013-05-14 09:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-11 22:46 - 2013-05-17 02:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-11 22:46 - 2013-05-17 02:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-11 22:46 - 2013-05-17 01:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-11 22:46 - 2013-05-17 01:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-11 18:55 - 2013-05-08 07:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-11 18:54 - 2013-04-26 06:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-11 18:54 - 2013-04-26 05:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-11 18:52 - 2013-05-10 06:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-11 18:52 - 2013-05-10 04:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-11 18:51 - 2013-04-17 08:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-11 18:51 - 2013-04-17 07:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-11 18:49 - 2013-05-13 06:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-11 18:49 - 2013-05-13 06:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-11 18:49 - 2013-05-13 06:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-11 18:49 - 2013-05-13 06:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-11 18:49 - 2013-05-13 05:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-11 18:49 - 2013-05-13 05:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-11 18:49 - 2013-05-13 05:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-11 18:49 - 2013-05-13 04:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-11 18:49 - 2013-05-13 04:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-11 18:49 - 2013-05-13 04:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-11 18:48 - 2013-04-26 00:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-11 18:48 - 2013-03-31 23:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-03 00:52 - 2013-06-03 00:52 - 00000132 ____A C:\Users\Cary\AppData\Roaming\Adobe IllExport Filter CS6 Prefs

==================== One Month Modified Files and Folders =======

2013-07-03 19:45 - 2011-01-17 17:05 - 00393216 ____A C:\Windows\System32\Ikeext.etl
2013-07-03 19:45 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\tracing
2013-07-03 19:43 - 2012-09-03 16:16 - 00000000 ____D C:\Users\Cary\AppData\Roaming\Dropbox
2013-07-03 19:43 - 2011-01-23 12:31 - 00000000 ____D C:\ProgramData\VMware
2013-07-03 19:43 - 2010-08-17 09:28 - 00001120 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-03 19:42 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-03 19:41 - 2009-07-14 05:51 - 00166611 ____A C:\Windows\setupact.log
2013-07-03 19:40 - 2011-01-14 13:32 - 01784470 ____A C:\Windows\WindowsUpdate.log
2013-07-03 19:00 - 2009-07-14 05:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-03 19:00 - 2009-07-14 05:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-03 18:52 - 2012-09-03 16:21 - 00000000 ___RD C:\Users\Cary\Dropbox
2013-07-03 17:52 - 2009-07-14 06:08 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-03 17:47 - 2010-08-17 09:28 - 00001124 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-03 16:31 - 2013-07-03 16:31 - 00000000 ____D C:\FRST
2013-07-03 16:30 - 2010-07-29 19:04 - 00093092 ____A C:\Windows\PFRO.log
2013-07-03 16:29 - 2013-07-03 13:37 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Orbit
2013-07-03 16:25 - 2013-04-30 14:12 - 00000000 ____D C:\Users\Cary\AppData\Roaming\Lyhe
2013-07-03 16:22 - 2013-07-03 16:22 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes
2013-07-03 16:21 - 2013-07-03 16:21 - 00001113 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-03 16:21 - 2013-07-03 16:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-03 16:21 - 2013-07-03 16:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-03 16:20 - 2013-07-03 16:20 - 00231217 ____A C:\Users\Admin\Desktop\Bka Virus Detective V1.1.zip
2013-07-03 15:56 - 2013-07-03 15:56 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Intel
2013-07-03 15:53 - 2013-07-03 15:52 - 00018443 ____A C:\AdwCleaner[S1].txt
2013-07-03 15:52 - 2013-07-03 15:52 - 00018282 ____A C:\Users\Admin\Desktop\AdwCleaner[R1].txt
2013-07-03 15:52 - 2013-07-03 15:51 - 00018282 ____A C:\AdwCleaner[R1].txt
2013-07-03 15:50 - 2013-07-03 15:50 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\Admin\Desktop\mbam-setup-1.75.0.1300.exe
2013-07-03 15:47 - 2013-07-03 15:47 - 00650027 ____A C:\Users\Admin\Desktop\adwcleaner.exe
2013-07-03 15:27 - 2010-08-17 19:01 - 00702466 ____A C:\Windows\System32\perfh007.dat
2013-07-03 15:27 - 2010-08-17 19:01 - 00150782 ____A C:\Windows\System32\perfc007.dat
2013-07-03 15:27 - 2009-07-14 06:13 - 01629470 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-03 13:39 - 2013-07-03 13:37 - 299798528 ____A C:\Users\Admin\Downloads\kav_rescue_10.iso
2013-07-03 13:38 - 2013-07-03 13:38 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Avira
2013-07-03 13:37 - 2013-07-03 13:37 - 00000000 ____D C:\Users\Admin\AppData\Roaming\ProgSense
2013-07-03 13:35 - 2013-07-03 13:35 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Google
2013-07-03 13:35 - 2013-07-03 13:34 - 00000000 ____D C:\Users\Admin\AppData\Local\Google
2013-07-03 13:34 - 2013-07-03 13:34 - 00000000 ____D C:\Users\Admin\Documents\Bluetooth-Exchange-Ordner
2013-07-03 13:34 - 2013-07-03 13:34 - 00000000 ____D C:\Users\Admin\AppData\Local\Broadcom
2013-07-03 13:33 - 2013-07-03 13:33 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Apple Computer
2013-07-03 13:33 - 2013-07-03 13:33 - 00000000 ____D C:\Users\Admin\AppData\Local\Autodesk
2013-07-03 13:33 - 2013-07-03 13:33 - 00000000 ____D C:\Users\Admin\AppData\Local\Adobe
2013-07-03 13:33 - 2013-07-03 13:32 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Adobe
2013-07-03 13:33 - 2012-09-16 23:07 - 00157312 ____A C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-03 13:32 - 2013-07-03 13:32 - 00000000 ____D C:\Users\Admin\Documents\ForceField Shared Files
2013-07-03 13:32 - 2013-07-03 13:32 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Sony Corporation
2013-07-03 13:32 - 2013-07-03 13:32 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Mozilla
2013-07-03 13:32 - 2013-07-03 13:32 - 00000000 ____D C:\Users\Admin\AppData\Roaming\CheckPoint
2013-07-03 13:32 - 2013-07-03 13:32 - 00000000 ____D C:\Users\Admin\AppData\Local\VirtualStore
2013-07-03 13:32 - 2013-07-03 13:32 - 00000000 ____D C:\Users\Admin\AppData\Local\Mozilla
2013-07-03 13:32 - 2012-09-16 23:07 - 00000000 ____D C:\users\Admin
2013-07-03 13:30 - 2011-01-15 13:28 - 00000000 ____D C:\Users\Cary\Documents\Outlook-Dateien
2013-07-03 13:28 - 2013-07-03 13:28 - 00000165 ____A C:\ProgramData\gibeutuqksqgrkqadlt.reg
2013-07-03 13:28 - 2013-07-03 13:28 - 00000070 ____A C:\ProgramData\gibeutuqksqgrkqadlt.bat
2013-07-03 12:18 - 2012-08-14 11:53 - 00000000 ____D C:\Users\Cary\Desktop\Monatsberichte
2013-07-03 12:11 - 2011-01-17 16:24 - 00000000 ____D C:\Users\Cary\AppData\Local\Adobe
2013-07-02 22:14 - 2011-01-19 16:37 - 00000000 ____D C:\Users\Cary\AppData\Roaming\Usenet.nl
2013-07-02 22:10 - 2011-01-19 16:38 - 00000000 ____D C:\usenext
2013-07-01 09:21 - 2013-06-20 13:11 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-06-27 18:59 - 2012-11-10 18:31 - 00000000 ____D C:\Users\Dummy\AppData\Roaming\Dropbox
2013-06-23 18:14 - 2012-12-17 20:05 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-23 18:14 - 2012-12-17 20:05 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-20 13:16 - 2013-06-20 13:16 - 00000000 ____D C:\Users\Cary\AppData\Roaming\Avira
2013-06-20 13:10 - 2013-06-20 13:10 - 00001994 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
2013-06-20 13:10 - 2013-06-20 13:10 - 00000000 ____D C:\ProgramData\Avira
2013-06-20 13:10 - 2013-06-20 13:10 - 00000000 ____D C:\Program Files (x86)\Avira
2013-06-20 13:04 - 2013-06-20 13:10 - 00130016 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-06-20 13:04 - 2013-06-20 13:10 - 00100712 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-06-20 13:04 - 2013-06-20 13:10 - 00028600 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-06-20 13:02 - 2013-06-20 13:02 - 02092792 ____A C:\Users\Cary\Desktop\avira_free_antivirus.exe
2013-06-19 22:09 - 2012-11-10 18:30 - 00000000 ____D C:\users\Dummy
2013-06-19 21:19 - 2013-06-19 21:01 - 00000000 ____D C:\Users\Cary\Desktop\Bus
2013-06-17 19:57 - 2012-11-10 18:30 - 00000000 ____D C:\Users\Dummy\AppData\Local\Adobe
2013-06-17 19:56 - 2013-06-17 19:39 - 00000000 ____D C:\Users\Dummy\AppData\Roaming\Adobe
2013-06-17 19:48 - 2013-06-17 19:46 - 00000000 ____D C:\Users\Dummy\AppData\Roaming\Google
2013-06-17 19:46 - 2013-06-17 19:46 - 00000000 ____D C:\Users\Dummy\AppData\Local\Google
2013-06-17 19:42 - 2012-11-10 18:38 - 00001016 ____A C:\Users\Dummy\Desktop\Dropbox.lnk
2013-06-17 19:35 - 2013-06-17 19:35 - 00000072 ____A C:\Users\Cary\Desktop\EUM - Kopie.bat
2013-06-16 14:03 - 2013-03-01 22:46 - 00000000 ____D C:\Users\Cary\AppData\Roaming\Orbit
2013-06-14 18:26 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-06-12 17:05 - 2013-06-12 17:05 - 00564416 ____A (Microsoft Corporation) C:\Users\Cary\Desktop\setupproplusretail.x86.de-de_act_1_.exe
2013-06-12 17:04 - 2013-06-12 17:04 - 00000000 ____A C:\Users\Cary\Desktop\setupproplusretail.x86.de-de_act_1_.exe.4b6qubz.partial
2013-06-12 16:44 - 2013-06-12 16:44 - 01034464 ____A (Solid State Networks) C:\Users\Cary\Downloads\install_flashplayer11x32_mssd_aaa_aih.exe
2013-06-12 16:39 - 2013-06-12 16:39 - 00000000 ____D C:\ProgramData\Mozilla
2013-06-12 16:39 - 2013-06-12 16:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-12 16:39 - 2012-06-26 12:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-11 22:48 - 2011-03-17 23:53 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-09 19:04 - 2011-05-15 12:54 - 00000000 ____D C:\Users\Cary\Desktop\FH
2013-06-09 14:37 - 2013-04-01 13:16 - 00000000 ____D C:\Users\Cary\Desktop\Schupfn
2013-06-08 15:08 - 2013-06-15 20:09 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 15:07 - 2013-06-15 20:08 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 15:06 - 2013-06-15 20:08 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 15:06 - 2013-06-15 20:08 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 15:06 - 2013-06-15 20:08 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 13:28 - 2013-06-15 20:09 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 12:42 - 2013-06-15 20:09 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 12:40 - 2013-06-15 20:09 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 12:40 - 2013-06-15 20:08 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 12:40 - 2013-06-15 20:08 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 12:40 - 2013-06-15 20:08 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 12:13 - 2013-06-15 20:09 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-07 19:31 - 2012-09-03 16:21 - 00001013 ____A C:\Users\Cary\Desktop\Dropbox.lnk
2013-06-05 20:43 - 2011-10-11 14:41 - 00000000 ____D C:\Users\Cary\AppData\Roaming\Nitro PDF
2013-06-03 00:52 - 2013-06-03 00:52 - 00000132 ____A C:\Users\Cary\AppData\Roaming\Adobe IllExport Filter CS6 Prefs
2013-06-03 00:52 - 2011-05-14 19:03 - 00000000 ____D C:\Users\Cary\Documents\Adobe
2013-06-03 00:52 - 2011-01-14 13:42 - 00000000 ____D C:\Users\Cary\AppData\Roaming\Adobe

Files to move or delete:
====================
C:\ProgramData\gibeutuqksqgrkqadlt.bat
C:\ProgramData\gibeutuqksqgrkqadlt.reg

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== BCD ================================

Windows-Start-Manager
---------------------
Bezeichner              {bootmgr}
device                  partition=Y:
description             Windows Boot Manager
locale                  de-DE
inherit                 {globalsettings}
default                 {default}
resumeobject            {a0fa39eb-aa29-11df-841e-5442496601ec}
displayorder            {default}
toolsdisplayorder       {memdiag}
timeout                 30

Windows-Startladeprogramm
-------------------------
Bezeichner              {default}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  de-DE
inherit                 {bootloadersettings}
recoverysequence        {current}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {a0fa39eb-aa29-11df-841e-5442496601ec}
nx                      OptIn

Windows-Startladeprogramm
-------------------------
Bezeichner              {current}
device                  ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{a0fa39ee-aa29-11df-841e-5442496601ec}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{a0fa39ee-aa29-11df-841e-5442496601ec}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner              {a0fa39eb-aa29-11df-841e-5442496601ec}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  de-DE
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows-Speichertestprogramm
----------------------------
Bezeichner              {memdiag}
device                  partition=Y:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  de-DE
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS-Einstellungen
-----------------
Bezeichner              {emssettings}
bootems                 Yes

Debuggereinstellungen
---------------------
Bezeichner              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM-Defekte
-----------
Bezeichner              {badmemory}

Globale Einstellungen
---------------------
Bezeichner              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Startladeprogramm-Einstellungen
-------------------------------
Bezeichner              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisoreinstellungen
-------------------
Bezeichner              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner              {resumeloadersettings}
inherit                 {globalsettings}

Ger„teoptionen
--------------
Bezeichner              {a0fa39ee-aa29-11df-841e-5442496601ec}
description             Ramdisk Options
ramdisksdidevice        partition=E:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi


==================== Memory info =========================== 

Percentage of memory in use: 10%
Total physical RAM: 8172.93 MB
Available physical RAM: 7306.91 MB
Total Pagefile: 8171.08 MB
Available Pagefile: 7312.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:451.94 GB) (Free:2.74 GB) NTFS (Disk=0 Partition=3)
Drive e: (Recovery) (Fixed) (Total:13.72 GB) (Free:0.37 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]
Drive f: (KRD10) (CDROM) (Total:0.28 GB) (Free:0 GB) CDFS
Drive g: () (Removable) (Total:0.49 GB) (Free:0.47 GB) FAT (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 5C92AE1E)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 498 MB) (Disk ID: 000FB349)
Partition 1: (Active) - (Size=498 MB) - (Type=0E)


LastRegBack: 2013-06-24 09:40

==================== End Of Log ============================

Alt 03.07.2013, 20:15   #2
aharonov
/// TB-Ausbilder
 
BKA - Virus neu "Mit Webcam Bild" - Standard

BKA - Virus neu "Mit Webcam Bild"


Hi,

kannst du nach folgendem Fix den Rechner wieder normal starten?


Drücke auf einem Zweitrechner bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument:
Code:
ATTFilter
C:\Users\Cary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
C:\ProgramData\gibeutuqksqgrkqadlt.*
C:\ProgramData\tldaqkrgqskqutuebig.*
C:\Users\Cary\AppData\Local\Temp\tldaqkrgqskqutuebig.*
C:\Users\Cary\AppData\Local\Temp\gibeutuqksqgrkqadlt.*
Speichere dieses dann bitte unter dem Dateinamen Fixlist.txt auf deinen USB Stick neben FRST.
  • Schliesse den USB Stick wieder an den infizierten Rechner an.
  • Starte deinen Rechner erneut in die Reparaturoptionen.
  • Starte nun wiederum FRST, aber klicke dieses Mal auf den Fix Button.
Das Tool erstellt eine Datei Fixlog.txt auf deinem USB Stick. Poste deren Inhalt bitte hier.
__________________

__________________
Alt 03.07.2013, 20:35   #3
Dude76
 
BKA - Virus neu "Mit Webcam Bild" - Standard

BKA - Virus neu "Mit Webcam Bild"


WOW!!!
Das ging schnell und funktioniert prächtig - Vielen Dank!

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-07-2013 01
Ran by SYSTEM at 2013-07-03 21:22:18 Run:1
Running from G:\
Boot Mode: Recovery
==============================================

C:\Users\Cary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk => Moved successfully.
C:\ProgramData\gibeutuqksqgrkqadlt.* => Moved successfully.
"C:\ProgramData\tldaqkrgqskqutuebig.*" => File/Directory not found.
C:\Users\Cary\AppData\Local\Temp\tldaqkrgqskqutuebig.* => Moved successfully.
C:\Users\Cary\AppData\Local\Temp\gibeutuqksqgrkqadlt.* => Moved successfully.

==== End of Fixlog ====
__________________
Alt 03.07.2013, 21:30   #4
aharonov
/// TB-Ausbilder
 
BKA - Virus neu "Mit Webcam Bild" - Standard

BKA - Virus neu "Mit Webcam Bild"


Prima, wir sind aber noch nicht fertig.

Verschiebe die frst64.exe vom USB-Stick auf den Desktop.
  • Starte dann FRST.
  • Setze bei Optional Scan den Haken bei Addition.txt und drücke Scan.
  • Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und Addition.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieser beiden Logfiles bitte hier in deinen Thread.
__________________
cheers,
Leo

Alt 08.07.2013, 10:48   #5
aharonov
/// TB-Ausbilder
 
BKA - Virus neu "Mit Webcam Bild" - Standard

BKA - Virus neu "Mit Webcam Bild"


Hi,

ich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe?

Wenn ich in den nächsten 24 Stunden nichts von dir höre, gehe ich davon aus, dass sich das Thema erledigt hat und lösche es aus meinen Abos.

Hinweis: Wir sind noch nicht fertig! Auch wenn die Symptome verschwunden sein sollten, kann dein System weiterhin infiziert sein und über Sicherheitslücken verfügen, welche eine erneute Infektion möglich machen.

__________________
cheers,
Leo

Alt 12.07.2013, 00:07   #6
aharonov
/// TB-Ausbilder
 
BKA - Virus neu "Mit Webcam Bild" - Standard

BKA - Virus neu "Mit Webcam Bild"


Fehlende Rückmeldung
Dieses Thema wurde aus meinen Abos gelöscht. Somit bekomme ich keine Benachrichtigung mehr über neue Antworten.
Schreib mir eine PM, falls du das Thema doch wieder fortsetzen möchtest. Dann machen wir hier weiter.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass dein Rechner schon sauber ist.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
__________________
--> BKA - Virus neu "Mit Webcam Bild"

Antwort

Themen zu BKA - Virus neu "Mit Webcam Bild"
antivir, association, avg, avira, bootmgr, desktop, explorer, farbar, farbar recovery scan tool, frst.txt, google, hdaudio.sys, home, kaspersky, log, neu, opera, realtek, registry, scan, server, services.exe, software, svchost.exe, symantec, synology, temp, trojaner, trojaner board, usbvideo.sys, virus, virus neu, windows, winlogon.exe


« Trojaner? Virus? Maleware? http://www.searchnu.com/406?appid=20 entfernen. | TR/Crypt.ZPACK.Gen2, Adware/InstallCore.Gen, TR/black.Gen2: Wie kann ich diese Trojaner entfernen? »


Ähnliche Themen: BKA - Virus neu "Mit Webcam Bild"


  1. Fehlerhinweis "Ungültiges Bild" unter WINDOWS 7: "C:\PROGRA~2\SEARCH~2\SEARCH~1\bin\VC32LO~1.DLL" +
    Log-Analyse und Auswertung - 19.04.2015 (9)
  2. "Program".exe - Ungültiges Bild" bei mehreren bis nahezu allen Programmen
    Plagegeister aller Art und deren Bekämpfung - 08.04.2015 (17)
  3. Problem beim Öffnen aller Programme ("Ungültiges Bild -..*.dll."st entweder..")
    Log-Analyse und Auswertung - 09.02.2015 (11)
  4. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  5. WIN7 - "ungültiges Bild" Error nach Anitmalwarebyte Bereinigung
    Plagegeister aller Art und deren Bekämpfung - 04.06.2014 (6)
  6. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  7. Sicherheitscenter deaktiviert und Virus "ADWARE/InstallCo.HA" "ADWARE/bProtect.D" "TR/Mevade.A.95" gefunden
    Log-Analyse und Auswertung - 10.09.2013 (10)
  8. Gerade GVU Trojaner mit Webcam "gehabt", ist es wirklich dank Malewarebytes weg? Wo ist die "Lücke"?
    Plagegeister aller Art und deren Bekämpfung - 10.08.2012 (23)
  9. "Ungültiges Bild" - Avast5/snxhk.dll ist entweder nicht für die Ausführung...
    Plagegeister aller Art und deren Bekämpfung - 20.01.2011 (1)
  10. ICQ-Virus, "Sieh dir das Bild an" :D
    Antiviren-, Firewall- und andere Schutzprogramme - 10.11.2010 (1)
  11. ICQ-Virus, "Sieh dir das Bild an" :D
    Plagegeister aller Art und deren Bekämpfung - 10.11.2010 (5)
  12. MSN Virus erhalten "Guck mal dieses Bild" [...] Proxy Umleitung? :x
    Log-Analyse und Auswertung - 05.09.2010 (1)
  13. ICQ Virus "Wie findest du das Bild?"
    Plagegeister aller Art und deren Bekämpfung - 23.06.2010 (9)
  14. icq virus "wie findest du das bild"
    Plagegeister aller Art und deren Bekämpfung - 20.06.2010 (23)
  15. Msn/ICQ - Virus "Wie findest du dieses Bild" (winscdvn.exe)
    Plagegeister aller Art und deren Bekämpfung - 14.06.2010 (52)
  16. Virus "Wie findest du dieses Bild" (winscdvn.exe)
    Plagegeister aller Art und deren Bekämpfung - 13.06.2010 (1)
  17. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema BKA - Virus neu "Mit Webcam Bild" - Erst einmal "Hallo" beim Trojaner Board - bin neu dabei und ihr seit auch meine letzte Hoffnung. Habe einen BKA/Landeskriminalamt/U-Cash Virus (mit Webcam Bild) eingefangen. Betriebssystem: Windows7 Build 7601 :SP1 - BKA - Virus neu "Mit Webcam Bild"...
Archiv
Du betrachtest: BKA - Virus neu "Mit Webcam Bild" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129