Mal wieder der GVU-Trojaner, abgesicherter Modus nicht möglich

boulala · 20.07.2013, 15:54

Alles klar wird gemacht, hoffe es macht dir nichts aus wenn es erst in ca 2std Resultate gibt.

M-K-D-B · 20.07.2013, 15:57

Servus,

Zitat:

Zitat von boulala

Alles klar wird gemacht, hoffe es macht dir nichts aus wenn es erst in ca 2std Resultate gibt.

Mich stört das nicht... ich schau jeden Tag 1-2 mal hier rein und helfe dir auf jeden Fall.

boulala · 20.07.2013, 20:58

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-07-2013
Ran by SYSTEM on 20-07-2013 21:47:39
Running from G:\
Windows 7 Ultimate (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM Group Policy restriction on software: C:\Program Files\Avira\AntiVir Desktop\avnotify.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKU\David\...\Run: [AdobeBridge] -  [x]
HKU\David\...\Run: [SecureBanking] - C:\Program Files\Secure Banking\SecureBanking.exe [ 2012-09-13] (Secure Banking)
HKU\David\...\Run: [DAEMON Tools Lite] - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun [x]
HKU\David\...\Run: [Google Update] - C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe /c [x]
HKU\David\...\Run: [WebCake Desktop] - "C:\Users\David\AppData\Roaming\WebCake\WebCakeDesktop.exe" [x]
HKU\David\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe -update activex [ 2013-06-13] (Adobe Systems Incorporated)
HKU\David\...\Winlogon: [Shell] explorer.exe,C:\Users\David\AppData\Roaming\cache.dat <==== ATTENTION 
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [ 2009-07-13] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [ 2009-07-13] (Microsoft Corporation)

========================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86224 2012-05-10] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-10] (Avira Operations GmbH & Co. KG)
S2 lxbc_device; C:\Windows\system32\lxbccoms.exe [537520 2007-03-15] ( )
S2 lxedCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxedserv.exe [193192 2010-04-14] (Lexmark International, Inc.)
S2 lxed_device; C:\Windows\system32\lxedcoms.exe [598696 2010-04-14] ( )
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [366152 2011-08-31] (Malwarebytes Corporation)
S2 NitroDriverReadSpool8; C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe [196616 2012-11-29] (Nitro PDF Software)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [36352 2009-11-12] ()
S2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [66872 2010-12-04] ()
S2 SystemStoreService; C:\Program Files\SoftwareUpdater\SystemStore.exe [296448 2013-04-30] ()
S2 WebCake Desktop Updater; C:\Users\David\AppData\Roaming\WebCake\WebCakeDesktop.exe [47896 2013-05-24] (WebCake LLC)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [x]
S3 Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe /RunAsService [x]

==================== Drivers (Whitelisted) ====================

S2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [185472 2010-02-24] (Protect Software GmbH)
S3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [104512 2009-12-19] (SlySoft, Inc.)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2009-08-22] ()
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [83392 2012-05-10] (Avira GmbH)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137928 2012-05-10] (Avira GmbH)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2011-09-16] (Avira GmbH)
S1 CypressUsbDev; C:\Windows\System32\drivers\CyUsbGen.sys [14356 2012-01-10] (CYPRESS Corporation)
S1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2009-08-22] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22216 2011-08-31] (Malwarebytes Corporation)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [95304 2011-11-10] (MotioninJoy)
S3 NPF; C:\Windows\System32\drivers\npf.sys [34064 2009-06-18] (CACE Technologies)
S3 pnetmdm; C:\Windows\System32\DRIVERS\pnetmdm.sys [9472 2006-09-28] (June Fabrics Technology)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1749376 2007-08-13] ()
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-01-04] (Duplex Secure Ltd.)
S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2009-10-08] (Avira GmbH)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25984 2009-11-12] (The OpenVPN Project)
S3 vncmirror; C:\Windows\System32\DRIVERS\vncmirror.sys [4608 2013-03-04] (RealVNC Ltd.)
S3 xusb21; C:\Windows\System32\DRIVERS\xusb21.sys [61984 2010-08-19] (Microsoft Corporation)
S2 adfs; No ImagePath
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 UltraCrypt; \??\C:\Program Files\UltraLeecher\UltraCrypt.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
S0 vmci; system32\DRIVERS\vmci.sys [x]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [x]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\system32\drivers\acedrv11.sys E6F53D6C0DEA3D375362265E175CA638
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 9EBBBA55060F786F0FCAA3893BFA2806
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D320BF87125326F996D4904FE24300FC
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 46387FB17B086D16DEA267D5BE23A2F2
C:\Windows\System32\Drivers\AnyDVD.sys B8F9D3AE038810C6EA08E123CADA765E
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 04F09923A393E4E0E8453A8F78361E73
C:\Windows\System32\DRIVERS\atksgt.sys F0D933B42CD0594048E4D5200AE9E417
C:\Windows\System32\DRIVERS\avgntflt.sys D5541F0AFB767E85FC412FC609D96A74
C:\Windows\System32\DRIVERS\avipbb.sys 7D967A682D4694DF7FA57D63A2DB01FE
C:\Windows\System32\DRIVERS\avkmgr.sys 271CFD1A989209B1964E24D969552BF7
C:\Windows\system32\DRIVERS\bxvbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\BthEnum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BTHport.sys 1153DE2E4F5941E10C399CB5592F78A1
C:\Windows\System32\Drivers\BTHUSB.sys C81E9413A25A439F436B1D4B6A0CF9E9
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 247B4CE2DAB1160CD422D532D5241E1F
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\drivers\CyUsbGen.sys 9C8DC18C5363FD61DDEDE26739971D52
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\DKbFltr.sys 73BAF270D24FE726B9CD7F80BB17A23D
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 16498EBC04AE9DD07049A8884B205C05
C:\Windows\system32\DRIVERS\evbdx.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ElbyCDIO.sys D71233D7CCC2E64F8715A20428D5A33B
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legitB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05
C:\Windows\System32\DRIVERS\fvevol.sys E306A24D9694C724FA2491278BF50FDB
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 185ADA973B5020655CEE342059A86CBB
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys A5EF29D5315111C80A5C1ABAD14C8972
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys 5CD5F9A5444E6CDCB0AC89BD62D8B76E
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHDA.sys 9438FE15DA89C6AACE8A79DB2C6F60C1
C:\Windows\System32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\irda.sys 9F7E491FB0BA0F9E370163834FC1FE31
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys B7895B4182C0D16F6EFADEB8081E8D36
C:\Windows\System32\Drivers\ksecpkg.sys D30159AC9237519FBC62C6EC247D2D46
C:\Windows\System32\DRIVERS\lirsgt.sys F8A7212D0864EF5E9185FB95E6623F4D
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mbam.sys 69A6268D7F81E53D568AB4E7E991CAF3
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MijXfilt.sys 9960B18D55E7BD0F265C3C1953D19592
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys 5D16C921E3671636C0EBA3BBAAC5FD25
C:\Windows\System32\DRIVERS\mrxsmb10.sys 6D17A4791ACA19328C685D256349FEFC
C:\Windows\System32\DRIVERS\mrxsmb20.sys B81F204D146000BE76651A50670A5E9E
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 8C9C922D71F1CD4DEF73F186416B7896
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netaapl.sys 1352E1648213551923A0A822E441553C
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netw5v32.sys 58218EC6B61B1169CF54AAB0D00F5FE2
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\drivers\npf.sys 6623E51595C0076755C29C00846C4EB2
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nscirda.sys 6D8D2E5652FC2442C810C5D8BE784148
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 5E43D2B0EE64123D4880DFA6626DEFDE
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys B3E25EE28883877076E0E1FF877D02E0
C:\Windows\system32\drivers\nvstor.sys 4380E59A170D88C4F1022EFF6719A8A4
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B
C:\Windows\system32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pnetmdm.sys DA19E3401F39C10DF193BE029C7E7BBA
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys F031683E6D1FEA157ABB2FF260B51E61
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys CB928D9E6DAF51879DD6BA8D02F01321
C:\Windows\System32\Drivers\RootMdm.sys 564297827D213F52C7A3A2FF749568CA
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\system32\drivers\sdbus.sys 0328BE1C7F1CBA23848179F8762E391C
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\snp2uvc.sys D79FE8FF4C1A11CD650A8BBEAC62BE9F
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\sptd.sys CDDDEC541BC3C96F91ECB48759673505
C:\Windows\System32\DRIVERS\srv.sys E4C2764065D66EA1D2D3EBC28FE99C46
C:\Windows\System32\DRIVERS\srv2.sys 03F0545BD8D4C77FA0AE1CEEDFCC71AB
C:\Windows\System32\DRIVERS\VSTAZL3.SYS E00FDFAFF025E94F9821153750C35A6D
C:\Windows\System32\DRIVERS\VSTDPV3.SYS CEB4E3B6890E1E42DCA6694D9E59E1A0
C:\Windows\System32\DRIVERS\VSTCNXT3.SYS BC0C7EA89194C299F051C24119000E17
C:\Windows\System32\DRIVERS\srvnet.sys BE6BD660CAA6F291AE06A718A4FA8ABC
C:\Windows\System32\DRIVERS\ssmdrv.sys A36EE93698802CD899F98BFD553D8185
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys C5F25D490D0915732508FD421BF76D93
C:\Windows\System32\DRIVERS\tap0901.sys DC3F19FB9FE6BE9981109D2CD6421242
C:\Windows\System32\drivers\tcpip.sys D32FDAC73FCD76B85389C39BC1087F2A
C:\Windows\System32\DRIVERS\tcpip.sys D32FDAC73FCD76B85389C39BC1087F2A
C:\Windows\System32\drivers\tcpipreg.sys 3EEBD3BD93DA46A26E89893C7AB2FF3B
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\tifm21.sys 78213F01CE781F93180BEF5EB5B3AD81
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl.sys 8BF5D980CDCE35FB26F05047144BB57E
C:\Windows\System32\DRIVERS\usbccgp.sys BD9C55D7023C5DE374507ACC7A14E2AC
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys F92DE757E4B7CE9C07C5E65423F3AE3B
C:\Windows\System32\DRIVERS\usbhub.sys 8DC94AEC6A7E644A06135AE7506DC2E9
C:\Windows\system32\drivers\usbohci.sys E185D44FAC515A18D9DEDDC23C2CDF44
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 576096CCBC07E7C4EA4F5E6686D6888F
C:\Windows\System32\DRIVERS\USBSTOR.SYS F991AB9CC6B908DB552166768176896A
C:\Windows\System32\DRIVERS\usbuhci.sys 68DF884CF41CDADA664BEB01DAF67E3D
C:\Windows\System32\Drivers\usbvideo.sys 45F4E7BF43DB40A6C6B4D92C76CBC3F2
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viac7.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vncmirror.sys 3B8F222B23917C041E4DA29CCC57E7D0
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys A840213F1ACDCC175B4D1D5AAEAC0D7A
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys A67E5F9A400F3BD1BE3D80613B45F708
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF
C:\Windows\System32\DRIVERS\xusb21.sys EE9144207EE0211EB5656BA6808AC4A0

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-20 21:43 - 2013-07-20 21:43 - 00000000 ____D C:\FRST
2013-07-20 00:20 - 2013-07-20 00:32 - 00000004 _____ C:\Users\David\AppData\Roaming\cache.ini
2013-07-15 15:08 - 2013-07-15 15:08 - 02202122 _____ C:\Users\David\Desktop\bc480c02_american-psycho-04.jpeg
2013-07-12 12:37 - 2013-06-11 15:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-12 12:37 - 2013-06-11 15:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-12 12:37 - 2013-06-11 15:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-12 12:37 - 2013-06-11 15:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-12 12:37 - 2013-06-11 15:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-12 12:37 - 2013-06-11 15:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-12 12:37 - 2013-06-11 15:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-12 12:37 - 2013-06-11 15:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-12 12:37 - 2013-06-11 15:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-12 12:37 - 2013-06-11 15:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-12 12:37 - 2013-06-11 15:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-12 12:37 - 2013-06-11 15:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-12 12:37 - 2013-06-11 15:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-12 12:37 - 2013-06-11 15:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-12 12:37 - 2013-06-11 14:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-12 12:37 - 2013-06-06 18:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-12 08:14 - 2013-07-15 07:38 - 00013945 _____ C:\Users\David\Desktop\Microsoft Excel-Arbeitsblatt (neu).xlsx
2013-07-11 09:12 - 2013-06-04 19:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-11 09:12 - 2013-06-03 20:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-11 09:12 - 2013-05-05 20:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-11 09:12 - 2013-04-09 15:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-07-06 10:21 - 2013-04-16 23:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-07-05 22:01 - 2013-07-05 22:01 - 01441280 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-07-05 22:01 - 2013-07-05 22:01 - 01400416 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-07-05 22:01 - 2013-07-05 22:01 - 00745472 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-07-05 22:01 - 2013-07-05 22:01 - 00719360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-07-05 22:01 - 2013-07-05 22:01 - 00629248 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-07-05 22:01 - 2013-07-05 22:01 - 00523264 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-07-05 22:01 - 2013-07-05 22:01 - 00361984 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-07-05 22:01 - 2013-07-05 22:01 - 00357888 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-07-05 22:01 - 2013-07-05 22:01 - 00242200 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-07-05 22:01 - 2013-07-05 22:01 - 00232960 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-07-05 22:01 - 2013-07-05 22:01 - 00226816 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-07-05 22:01 - 2013-07-05 22:01 - 00204800 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-07-05 22:01 - 2013-07-05 22:01 - 00185344 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-07-05 22:01 - 2013-07-05 22:01 - 00163840 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-07-05 22:01 - 2013-07-05 22:01 - 00158720 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-07-05 22:01 - 2013-07-05 22:01 - 00150528 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-07-05 22:01 - 2013-07-05 22:01 - 00138752 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-07-05 22:01 - 2013-07-05 22:01 - 00137216 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-07-05 22:01 - 2013-07-05 22:01 - 00125440 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-07-05 22:01 - 2013-07-05 22:01 - 00117248 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-07-05 22:01 - 2013-07-05 22:01 - 00110592 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-07-05 22:01 - 2013-07-05 22:01 - 00082432 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-07-05 22:01 - 2013-07-05 22:01 - 00079872 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-07-05 22:01 - 2013-07-05 22:01 - 00073728 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-07-05 22:01 - 2013-07-05 22:01 - 00069120 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-07-05 22:01 - 2013-07-05 22:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-07-05 22:01 - 2013-07-05 22:01 - 00057344 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-07-05 22:01 - 2013-07-05 22:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-07-05 22:01 - 2013-07-05 22:01 - 00041984 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-07-05 22:01 - 2013-07-05 22:01 - 00038400 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-07-05 22:01 - 2013-07-05 22:01 - 00023040 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-07-05 22:01 - 2013-07-05 22:01 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-07-05 22:01 - 2013-07-05 22:01 - 00011776 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-07-05 22:00 - 2013-07-05 22:00 - 03419136 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-07-05 22:00 - 2013-07-05 22:00 - 02284544 _____ (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-07-05 22:00 - 2013-07-05 22:00 - 01988096 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-07-05 22:00 - 2013-07-05 22:00 - 01158144 _____ (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-07-05 22:00 - 2013-07-05 22:00 - 01080832 _____ (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-07-05 22:00 - 2013-07-05 22:00 - 00906240 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-07-05 22:00 - 2013-07-05 22:00 - 00604160 _____ (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-07-05 22:00 - 2013-07-05 22:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-07-05 22:00 - 2013-07-05 22:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-07-05 22:00 - 2013-07-05 22:00 - 00293376 _____ (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-07-05 22:00 - 2013-07-05 22:00 - 00249856 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-07-05 22:00 - 2013-07-05 22:00 - 00220160 _____ (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-07-05 22:00 - 2013-07-05 22:00 - 00207872 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-07-05 22:00 - 2013-07-05 22:00 - 00187392 _____ (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-07-05 22:00 - 2013-07-05 22:00 - 00161792 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-07-05 22:00 - 2013-07-05 22:00 - 00010752 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-05 22:00 - 2013-07-05 22:00 - 00009728 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-05 22:00 - 2013-07-05 22:00 - 00005632 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-05 22:00 - 2013-07-05 22:00 - 00005632 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-05 22:00 - 2013-07-05 22:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-05 22:00 - 2013-07-05 22:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-05 22:00 - 2013-07-05 22:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-05 22:00 - 2013-07-05 22:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-05 22:00 - 2013-07-05 22:00 - 00002560 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-05 21:58 - 2013-07-05 22:04 - 00009589 _____ C:\Windows\IE10_main.log

==================== One Month Modified Files and Folders =======

2013-07-20 21:43 - 2013-07-20 21:43 - 00000000 ____D C:\FRST
2013-07-20 00:32 - 2013-07-20 00:20 - 00000004 _____ C:\Users\David\AppData\Roaming\cache.ini
2013-07-20 00:31 - 2009-08-12 09:11 - 00783310 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-20 00:28 - 2013-05-26 21:20 - 00000000 ____D C:\Users\David\AppData\Roaming\WebCake
2013-07-20 00:28 - 2012-05-02 02:15 - 00026394 _____ C:\ProgramData\lxedscan.log
2013-07-20 00:26 - 2009-07-13 20:39 - 00119819 _____ C:\Windows\setupact.log
2013-07-20 00:20 - 2009-07-13 20:34 - 00020480 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-20 00:20 - 2009-07-13 20:34 - 00020480 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-20 00:15 - 2009-08-12 08:51 - 01468692 _____ C:\Windows\WindowsUpdate.log
2013-07-19 11:58 - 2009-12-14 03:30 - 00000000 ____D C:\Users\David\AppData\Roaming\vlc
2013-07-17 22:49 - 2009-08-12 09:15 - 00000000 ___RD C:\Users\David\Desktop
2013-07-17 22:32 - 2012-05-02 02:20 - 00000000 ____D C:\ProgramData\Lx_cats
2013-07-17 22:31 - 2012-05-02 02:20 - 00305932 _____ C:\ProgramData\lxedJSW.log
2013-07-15 15:08 - 2013-07-15 15:08 - 02202122 _____ C:\Users\David\Desktop\bc480c02_american-psycho-04.jpeg
2013-07-15 09:20 - 2013-03-09 11:10 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-15 07:38 - 2013-07-12 08:14 - 00013945 _____ C:\Users\David\Desktop\Microsoft Excel-Arbeitsblatt (neu).xlsx
2013-07-15 06:50 - 2012-05-07 23:51 - 00001092 _____ C:\ProgramData\lxed.log
2013-07-13 14:04 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-13 13:16 - 2009-07-13 20:33 - 02503736 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-13 13:15 - 2010-11-05 12:12 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-13 13:15 - 2009-08-18 06:55 - 00207106 _____ C:\Windows\PFRO.log
2013-07-13 13:15 - 2009-07-13 23:50 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-13 13:15 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 12:38 - 2009-08-25 08:57 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-12 12:33 - 2009-09-13 11:21 - 75699896 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-07-09 08:53 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache
2013-07-07 14:18 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-07-07 14:17 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\zh-TW
2013-07-07 14:17 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\zh-HK
2013-07-07 14:17 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\zh-CN
2013-07-07 14:17 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\tr-TR
2013-07-07 14:17 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\sv-SE
2013-07-07 14:17 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\ru-RU
2013-07-07 14:17 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\pt-PT
2013-07-07 14:17 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\pt-BR
2013-07-07 14:17 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\pl-PL
2013-07-07 14:17 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\nl-NL
2013-07-07 14:17 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\nb-NO
2013-07-07 14:17 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\ko-KR
2013-07-07 14:17 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\ja-JP
2013-07-07 14:17 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\it-IT
2013-07-07 14:17 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\hu-HU
2013-07-07 14:17 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\fr-FR
2013-07-07 14:17 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\fi-FI
2013-07-07 14:17 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\el-GR
2013-07-07 10:11 - 2013-04-09 08:21 - 00000000 ____D C:\Users\David\AppData\Local\FreePDF_XP
2013-07-05 22:04 - 2013-07-05 21:58 - 00009589 _____ C:\Windows\IE10_main.log
2013-07-05 22:01 - 2013-07-05 22:01 - 01441280 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-07-05 22:01 - 2013-07-05 22:01 - 01400416 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-07-05 22:01 - 2013-07-05 22:01 - 00745472 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-07-05 22:01 - 2013-07-05 22:01 - 00719360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-07-05 22:01 - 2013-07-05 22:01 - 00629248 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-07-05 22:01 - 2013-07-05 22:01 - 00523264 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-07-05 22:01 - 2013-07-05 22:01 - 00361984 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-07-05 22:01 - 2013-07-05 22:01 - 00357888 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-07-05 22:01 - 2013-07-05 22:01 - 00242200 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-07-05 22:01 - 2013-07-05 22:01 - 00232960 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-07-05 22:01 - 2013-07-05 22:01 - 00226816 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-07-05 22:01 - 2013-07-05 22:01 - 00204800 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-07-05 22:01 - 2013-07-05 22:01 - 00185344 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-07-05 22:01 - 2013-07-05 22:01 - 00163840 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-07-05 22:01 - 2013-07-05 22:01 - 00158720 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-07-05 22:01 - 2013-07-05 22:01 - 00150528 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-07-05 22:01 - 2013-07-05 22:01 - 00138752 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-07-05 22:01 - 2013-07-05 22:01 - 00137216 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-07-05 22:01 - 2013-07-05 22:01 - 00125440 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-07-05 22:01 - 2013-07-05 22:01 - 00117248 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-07-05 22:01 - 2013-07-05 22:01 - 00110592 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-07-05 22:01 - 2013-07-05 22:01 - 00082432 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-07-05 22:01 - 2013-07-05 22:01 - 00079872 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-07-05 22:01 - 2013-07-05 22:01 - 00073728 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-07-05 22:01 - 2013-07-05 22:01 - 00069120 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-07-05 22:01 - 2013-07-05 22:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-07-05 22:01 - 2013-07-05 22:01 - 00057344 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-07-05 22:01 - 2013-07-05 22:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-07-05 22:01 - 2013-07-05 22:01 - 00041984 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-07-05 22:01 - 2013-07-05 22:01 - 00038400 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-07-05 22:01 - 2013-07-05 22:01 - 00023040 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-07-05 22:01 - 2013-07-05 22:01 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-07-05 22:01 - 2013-07-05 22:01 - 00011776 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-07-05 22:00 - 2013-07-05 22:00 - 03419136 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-07-05 22:00 - 2013-07-05 22:00 - 02284544 _____ (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-07-05 22:00 - 2013-07-05 22:00 - 01988096 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-07-05 22:00 - 2013-07-05 22:00 - 01158144 _____ (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-07-05 22:00 - 2013-07-05 22:00 - 01080832 _____ (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-07-05 22:00 - 2013-07-05 22:00 - 00906240 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-07-05 22:00 - 2013-07-05 22:00 - 00604160 _____ (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-07-05 22:00 - 2013-07-05 22:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-07-05 22:00 - 2013-07-05 22:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-07-05 22:00 - 2013-07-05 22:00 - 00293376 _____ (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-07-05 22:00 - 2013-07-05 22:00 - 00249856 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-07-05 22:00 - 2013-07-05 22:00 - 00220160 _____ (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-07-05 22:00 - 2013-07-05 22:00 - 00207872 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-07-05 22:00 - 2013-07-05 22:00 - 00187392 _____ (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-07-05 22:00 - 2013-07-05 22:00 - 00161792 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-07-05 22:00 - 2013-07-05 22:00 - 00010752 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-05 22:00 - 2013-07-05 22:00 - 00009728 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-05 22:00 - 2013-07-05 22:00 - 00005632 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-05 22:00 - 2013-07-05 22:00 - 00005632 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-05 22:00 - 2013-07-05 22:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-05 22:00 - 2013-07-05 22:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-05 22:00 - 2013-07-05 22:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-05 22:00 - 2013-07-05 22:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-05 22:00 - 2013-07-05 22:00 - 00002560 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-23 13:03 - 2010-01-25 13:50 - 00000000 ____D C:\Users\David\AppData\Roaming\Skype

Files to move or delete:
====================
C:\Users\David\AppData\Roaming\cache.dat
C:\Users\David\AppData\Roaming\cache.ini
C:\ProgramData\ahc__0poi.pad

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-07-05 21:57:40
Restore point made on: 2013-07-09 07:39:19
Restore point made on: 2013-07-12 12:28:24
Restore point made on: 2013-07-17 22:24:38

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=C:
description             Windows Boot Manager
locale                  de-DE
inherit                 {globalsettings}
default                 {default}
resumeobject            {7f44da4b-87b3-11de-875e-de919d4b7c3a}
displayorder            {default}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {572bcd55-ffa7-11d9-aae0-0007e994107d}
device                  partition=E:
path                    \windows\system32\boot\winload.exe
description             Windows Recovery Environment
osdevice                partition=E:
systemroot              \windows
nx                      OptIn
detecthal               Yes
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {default}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  de-DE
inherit                 {bootloadersettings}
recoverysequence        {current}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {7f44da4b-87b3-11de-875e-de919d4b7c3a}
nx                      OptIn

Windows Boot Loader
-------------------
identifier              {current}
device                  ramdisk=[C:]\Recovery\7f44da4d-87b3-11de-875e-de919d4b7c3a\Winre.wim,{7f44da4e-87b3-11de-875e-de919d4b7c3a}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\7f44da4d-87b3-11de-875e-de919d4b7c3a\Winre.wim,{7f44da4e-87b3-11de-875e-de919d4b7c3a}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {7f44da4b-87b3-11de-875e-de919d4b7c3a}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
pae                     Yes
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

Windows Legacy OS Loader
------------------------
identifier              {ntldr}
device                  unknown
path                    \ntldr
description             Earlier Version of Windows

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {7f44da4e-87b3-11de-875e-de919d4b7c3a}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\7f44da4d-87b3-11de-875e-de919d4b7c3a\boot.sdi


==================== Memory info =========================== 

Percentage of memory in use: 14%
Total physical RAM: 3070.43 MB
Available physical RAM: 2617.76 MB
Total Pagefile: 3068.71 MB
Available Pagefile: 2623.7 MB
Total Virtual: 2047.88 MB
Available Virtual: 1953.59 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:144.17 GB) (Free:48.68 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:144.15 GB) (Free:22.23 GB) NTFS
Drive e: (PQSERVICE) (Fixed) (Total:9.76 GB) (Free:3.37 GB) FAT32
Drive g: (STORE N GO) (Removable) (Total:7.53 GB) (Free:7.53 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 476B141C)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=144 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=144 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 8 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=8 GB) - (Type=0C)


LastRegBack: 2013-07-13 14:54

==================== End Of Log ============================

--- --- ---

[/CODE]

M-K-D-B · 21.07.2013, 10:50

Servus,

Schritt 1
Zuerst müssen wir auf einem sauberen Rechner den Fix erstellen. Das geht so:
Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
HKLM Group Policy restriction on software: C:\Program Files\Avira\AntiVir Desktop\avnotify.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKU\David\...\Winlogon: [Shell] explorer.exe,C:\Users\David\AppData\Roaming\cache.dat <==== ATTENTION 
C:\Users\David\AppData\Roaming\cache.ini
C:\Users\David\AppData\Roaming\cache.dat
C:\ProgramData\ahc__0poi.pad
end

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Schritt 2
Rechner normal starten und freuen.

Schritt 3
Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Schritt 4
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 5

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei von FRST,
die Logdatei von ComboFix,
die Logdatei von AdwCleaner,
die Logdatei von JRT.

Mal wieder der GVU-Trojaner, abgesicherter Modus nicht möglich

Plagegeister aller Art und deren Bekämpfung: Mal wieder der GVU-Trojaner, abgesicherter Modus nicht möglich