Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Windows 7 Sperrbildschirm UKASH cyberpolice

Windows 7 Sperrbildschirm UKASH cyberpolice


Plagegeister aller Art und deren Bekämpfung: Windows 7 Sperrbildschirm UKASH cyberpolice

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 12.08.2013, 16:03   #1
mierski
 
Windows 7 Sperrbildschirm UKASH cyberpolice - Standard

Windows 7 Sperrbildschirm UKASH cyberpolice


Hallo,

wie der Titel schon besagt, habe ich einen Sperrbildschirm.
Hab bereits einen Scan mit Farbar gemacht.

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-08-2013 02
Ran by SYSTEM on 12-08-2013 16:56:47
Running from F:\
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [38984 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840768 2013-05-10] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296056 2012-06-13] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] - C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [1667072 2012-02-28] (AimerSoft)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime Alternative\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKU\Admin\...\Run: [msnmsgr] - "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [x]
HKU\Admin\...\Run: [Adobe Acrobat Synchronizer] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe [1272912 2013-05-10] (Adobe Systems Incorporated)
HKU\Admin\...\Run: [AdobeBridge] -  [x]
HKU\Admin\...\Policies\Explorer\Run: [LlamaWare] - C:\Users\Admin\AppData\Roaming\eweuhcvd\vguvcbrs.exe [78848 2010-11-21] ()

==================== Services (Whitelisted) =================

S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S1 Ext2Fsd; C:\Windows\System32\Drivers\Ext2Fsd.sys [769816 2011-07-09] (www.ext2fsd.com)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S2 Parclass; C:\Windows\SysWow64\Drivers\Parclass.sys [20272 2006-12-08] (Microsoft Corporation)
S2 PARCLASS1; C:\Windows\SysWow64\drivers\PARCLASS1.sys [2368 2011-08-04] ()
S2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
S1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [59184 2011-11-17] (Windows (R) 2000 DDK provider)
S1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [572336 2011-11-17] (Paragon)
S1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [352816 2011-11-17] (Paragon)
S1 vBszKyhV2; C:\Windows\system32\drivers\vBszKyhV2.sys [46528 2013-08-09] ()
S3 WsAudio_Device(1); C:\Windows\System32\drivers\VirtualAudio1.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(2); C:\Windows\System32\drivers\VirtualAudio2.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(3); C:\Windows\System32\drivers\VirtualAudio3.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(4); C:\Windows\System32\drivers\VirtualAudio4.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(5); C:\Windows\System32\drivers\VirtualAudio5.sys [31080 2013-01-25] (Wondershare)
S2 Parclass; \SystemRoot\System32\Drivers\Parclass.sys [x]
S2 PARCLASS1; \??\C:\Windows\system32\drivers\PARCLASS1.sys [x]

========================== Drivers MD5 =======================

C:\Windows\System32\DRIVERS\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 52BD95CAA9CAE8977FE043E9AD6D2D0E
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys AAFCB52FE0037207FB6FBEA070D25EFE
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys AF2E16242AA723F68F461B6EAE2EAD3D
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ext2Fsd.sys 86B0FBC17425B0A00D431B3C8F4D2F9D
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fssfltr.sys 2BF3B36B96D015AF666B6AA63AE2E38F
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ANDROIDUSB.sys F47CEC45FB85791D4AB237563AD0FA8F
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys BFBABCB231628A4551DBB10D0EA25D62
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 97A7070AEA4C058B6418519E869A63B4
C:\Windows\System32\Drivers\ksecpkg.sys 7EFB9333E4ECCE6AE4AE9D777D9E553E
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MpFilter.sys FC1D590039EF06A381768710E6C07E75
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys 8FB3C853E886E1E4D57271672486111C
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\SysWow64\Drivers\Parclass.sys F637694A01480E406A65E360C4B5E598
C:\Windows\SysWow64\drivers\PARCLASS1.sys DA332DD148AA72700C37F360352EAF7D
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\Drivers\pcouffin.sys AF7CE12C4F3DC8CB2B07685C916BBCFE
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys ABCB5A38A0D85BDF69B7877E1AD1EED5
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Sentinel64.sys 255476B54C82A89416EFDF09FD62F107
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 9849EA3843A2ADBDD1497E97A85D8CAE
C:\Windows\System32\DRIVERS\tcpip.sys 9849EA3843A2ADBDD1497E97A85D8CAE
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys 17C6B51CBCCDED95B3CC14E22791F85E
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\uimx64.sys 34859D3801F4BD3DACFA131DD928455A
C:\Windows\System32\Drivers\Uim_IMx64.sys D3CE4776E7FFB25E6935B1C797F4650C
C:\Windows\System32\Drivers\uim_vimx64.sys 532E4BED5C7803B2EE5681818B2528B7
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys C025055FE7B87701EB042095DF1A2D7B
C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24
C:\Windows\system32\drivers\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\drivers\usbser.sys 4ACEE387FA8FD39F83564FCD2FC234F2
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\System32\DRIVERS\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD
C:\Windows\system32\drivers\vBszKyhV2.sys 6D9D13D0061011F46FB2AC5C62E9BFA2
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\VirtualAudio1.sys ADD2FE1A9F4EE41A6D724819550D4E1F
C:\Windows\System32\drivers\VirtualAudio2.sys ADD2FE1A9F4EE41A6D724819550D4E1F
C:\Windows\System32\drivers\VirtualAudio3.sys ADD2FE1A9F4EE41A6D724819550D4E1F
C:\Windows\System32\drivers\VirtualAudio4.sys ADD2FE1A9F4EE41A6D724819550D4E1F
C:\Windows\System32\drivers\VirtualAudio5.sys ADD2FE1A9F4EE41A6D724819550D4E1F
C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys AD12F5C7251BB8D575D560894E73CBBA
C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys AD12F5C7251BB8D575D560894E73CBBA
C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys AD12F5C7251BB8D575D560894E73CBBA
C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys AD12F5C7251BB8D575D560894E73CBBA
C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys AD12F5C7251BB8D575D560894E73CBBA
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-12 16:31 - 2013-08-12 16:31 - 00000000 ____D C:\Windows\System32\Printing_Admin_Scripts
2013-08-09 15:09 - 2013-08-12 11:32 - 00031232 _____ C:\Windows\System32\vBszKyhVp.dll
2013-08-09 15:09 - 2013-08-09 15:09 - 02359352 _____ C:\Windows\System32\vBszKyhV.bmp
2013-08-09 15:09 - 2013-08-09 15:09 - 00702464 _____ C:\Windows\System32\vBszKyhV2.exe
2013-08-09 15:09 - 2013-08-09 15:09 - 00680448 _____ C:\Windows\System32\vBszKyhV1.exe
2013-08-09 15:09 - 2013-08-09 15:09 - 00046528 _____ C:\Windows\System32\Drivers\vBszKyhV2.sys
2013-08-09 15:09 - 2013-08-09 15:09 - 00004096 _____ C:\Windows\System32\vBszKyhV.dll
2013-08-09 13:03 - 2013-08-09 13:03 - 00000000 ____D C:\Users\Admin\AppData\Local\IsolatedStorage
2013-08-09 12:27 - 2013-08-09 12:28 - 00011776 ___SH C:\Users\Admin\Thumbs.db
2013-08-01 18:06 - 2013-08-09 10:39 - 00000000 ____D C:\Windows\pss
2013-08-01 18:06 - 2013-08-01 18:06 - 00000000 ____D C:\Users\Admin\AppData\Local\NeoSmart_Technologies
2013-08-01 18:03 - 2013-08-12 11:35 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{14B56AED-0380-44E1-9B09-1474CE9F2923}
2013-08-01 18:03 - 2013-08-01 18:17 - 00000000 ____D C:\Program Files (x86)\NeoSmart Technologies
2013-08-01 18:03 - 2013-08-01 18:03 - 00024576 _____ C:\Users\Admin\Documents\EasyBCD Backup (2013-08-01).bcd
2013-07-24 18:36 - 2013-07-24 18:38 - 00000000 ____D C:\Windows\System32\MRT
2013-07-24 17:52 - 2013-07-24 17:52 - 00000000 ____D C:\Program Files (x86)\dreamset239x64
2013-07-24 17:40 - 2013-06-12 00:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-24 17:40 - 2013-06-12 00:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-24 17:40 - 2013-06-12 00:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-24 17:40 - 2013-06-12 00:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-24 17:40 - 2013-06-12 00:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-24 17:40 - 2013-06-12 00:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-24 17:40 - 2013-06-12 00:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-24 17:40 - 2013-06-12 00:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-24 17:40 - 2013-06-12 00:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-24 17:40 - 2013-06-12 00:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-24 17:40 - 2013-06-12 00:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-24 17:40 - 2013-06-12 00:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-24 17:40 - 2013-06-12 00:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-24 17:40 - 2013-06-12 00:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-24 17:40 - 2013-06-12 00:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-24 17:40 - 2013-06-12 00:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-24 17:40 - 2013-06-12 00:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-24 17:40 - 2013-06-12 00:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-24 17:40 - 2013-06-12 00:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-24 17:40 - 2013-06-12 00:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-24 17:40 - 2013-06-12 00:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-24 17:40 - 2013-06-12 00:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-24 17:40 - 2013-06-12 00:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-24 17:40 - 2013-06-12 00:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-24 17:40 - 2013-06-12 00:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-24 17:40 - 2013-06-12 00:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-24 17:40 - 2013-06-12 00:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-24 17:40 - 2013-06-11 23:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-24 17:40 - 2013-06-11 23:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-24 17:40 - 2013-06-07 04:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-24 17:40 - 2013-06-07 03:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-24 17:30 - 2013-06-05 04:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-24 17:30 - 2013-06-04 07:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-24 17:30 - 2013-06-04 05:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-24 17:30 - 2013-05-06 07:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-24 17:30 - 2013-05-06 05:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-24 17:30 - 2013-04-10 00:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-24 17:30 - 2013-04-02 23:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll

==================== One Month Modified Files and Folders =======

2013-08-12 16:44 - 2013-08-12 16:44 - 00000000 ____D C:\FRST
2013-08-12 16:31 - 2013-08-12 16:31 - 00000000 ____D C:\Windows\System32\Printing_Admin_Scripts
2013-08-12 15:39 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-12 15:39 - 2009-07-14 05:51 - 00044727 _____ C:\Windows\setupact.log
2013-08-12 12:03 - 2011-06-17 15:23 - 01999211 _____ C:\Windows\WindowsUpdate.log
2013-08-12 11:43 - 2012-04-25 09:44 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-12 11:42 - 2011-06-26 13:53 - 00000000 ____D C:\Users\Admin\AppData\Local\Adobe
2013-08-12 11:39 - 2009-07-14 05:45 - 00020288 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-12 11:39 - 2009-07-14 05:45 - 00020288 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-12 11:35 - 2013-08-01 18:03 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{14B56AED-0380-44E1-9B09-1474CE9F2923}
2013-08-12 11:32 - 2013-08-09 15:09 - 00031232 _____ C:\Windows\System32\vBszKyhVp.dll
2013-08-09 19:54 - 2010-11-21 04:47 - 00929774 _____ C:\Windows\PFRO.log
2013-08-09 15:15 - 2012-07-31 14:23 - 00000000 ____D C:\Users\Admin\.Virtualbox.sav
2013-08-09 15:14 - 2012-12-17 17:07 - 00000000 ____D C:\ProgramData\launcher
2013-08-09 15:14 - 2012-12-17 17:07 - 00000000 ____D C:\ProgramData\explauncher
2013-08-09 15:14 - 2011-10-25 12:53 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-08-09 15:10 - 2012-12-17 17:07 - 00000000 ____D C:\archive_db
2013-08-09 15:10 - 2011-06-26 13:51 - 00000000 ____D C:\Users\Admin\AppData\Local\Google
2013-08-09 15:09 - 2013-08-09 15:09 - 02359352 _____ C:\Windows\System32\vBszKyhV.bmp
2013-08-09 15:09 - 2013-08-09 15:09 - 00702464 _____ C:\Windows\System32\vBszKyhV2.exe
2013-08-09 15:09 - 2013-08-09 15:09 - 00680448 _____ C:\Windows\System32\vBszKyhV1.exe
2013-08-09 15:09 - 2013-08-09 15:09 - 00046528 _____ C:\Windows\System32\Drivers\vBszKyhV2.sys
2013-08-09 15:09 - 2013-08-09 15:09 - 00004096 _____ C:\Windows\System32\vBszKyhV.dll
2013-08-09 15:09 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\sysprep
2013-08-09 14:50 - 2011-07-28 12:28 - 00000000 ____D C:\Users\Admin\AppData\Roaming\vlc
2013-08-09 14:46 - 2009-07-14 05:45 - 04905312 _____ C:\Windows\System32\FNTCACHE.DAT
2013-08-09 13:03 - 2013-08-09 13:03 - 00000000 ____D C:\Users\Admin\AppData\Local\IsolatedStorage
2013-08-09 12:33 - 2011-06-26 13:51 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-09 12:28 - 2013-08-09 12:27 - 00011776 ___SH C:\Users\Admin\Thumbs.db
2013-08-09 12:27 - 2011-06-17 15:27 - 00000000 ____D C:\users\Admin
2013-08-09 12:23 - 2011-06-17 16:40 - 00061656 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-09 11:32 - 2013-01-08 12:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-09 11:31 - 2012-01-23 10:44 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-08-09 11:30 - 2011-06-26 13:52 - 00000000 ____D C:\ProgramData\Adobe
2013-08-09 11:30 - 2011-06-26 13:52 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-08-09 11:30 - 2011-06-17 16:25 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Adobe
2013-08-09 10:39 - 2013-08-01 18:06 - 00000000 ____D C:\Windows\pss
2013-08-08 11:44 - 2011-10-25 12:50 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-08-01 18:17 - 2013-08-01 18:03 - 00000000 ____D C:\Program Files (x86)\NeoSmart Technologies
2013-08-01 18:06 - 2013-08-01 18:06 - 00000000 ____D C:\Users\Admin\AppData\Local\NeoSmart_Technologies
2013-08-01 18:03 - 2013-08-01 18:03 - 00024576 _____ C:\Users\Admin\Documents\EasyBCD Backup (2013-08-01).bcd
2013-07-27 12:43 - 2012-04-25 14:43 - 00000000 ____D C:\ProgramData\Apple Computer
2013-07-27 12:43 - 2012-04-25 14:43 - 00000000 ____D C:\Program Files (x86)\QuickTime Alternative
2013-07-24 18:38 - 2013-07-24 18:36 - 00000000 ____D C:\Windows\System32\MRT
2013-07-24 18:13 - 2012-04-25 09:44 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-24 18:13 - 2012-04-25 09:44 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-24 18:13 - 2011-06-17 16:25 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-24 18:08 - 2012-05-09 17:31 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-24 18:08 - 2012-05-09 17:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-24 18:07 - 2011-04-12 08:55 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-24 18:07 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-24 18:07 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-24 17:53 - 2011-04-12 08:43 - 00654150 _____ C:\Windows\System32\perfh007.dat
2013-07-24 17:53 - 2011-04-12 08:43 - 00130022 _____ C:\Windows\System32\perfc007.dat
2013-07-24 17:53 - 2009-07-14 06:13 - 01519798 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-24 17:52 - 2013-07-24 17:52 - 00000000 ____D C:\Program Files (x86)\dreamset239x64
2013-07-24 17:48 - 2011-06-17 16:40 - 00002155 _____ C:\Windows\epplauncher.mif
2013-07-24 17:47 - 2011-06-17 16:40 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-07-24 17:47 - 2011-06-17 16:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2012-12-09 12:56:23
Restore point made on: 2012-12-11 19:20:23
Restore point made on: 2012-12-11 19:20:43
Restore point made on: 2012-12-11 19:21:00
Restore point made on: 2012-12-11 19:21:17
Restore point made on: 2012-12-11 19:21:33
Restore point made on: 2012-12-13 15:09:50
Restore point made on: 2012-12-13 15:12:07
Restore point made on: 2012-12-17 14:02:37
Restore point made on: 2012-12-17 14:05:53
Restore point made on: 2012-12-17 14:06:30
Restore point made on: 2012-12-17 14:58:53
Restore point made on: 2012-12-17 14:59:40

==================== BCD ================================

Windows-Start-Manager
---------------------
Bezeichner              {bootmgr}
device                  partition=Y:
path                    \bootmgr
description             Windows Boot Manager
locale                  de-DE
inherit                 {globalsettings}
default                 {default}
resumeobject            {41d639c1-98f5-11e0-b411-8a7fc46c97b1}
displayorder            {default}
toolsdisplayorder       {memdiag}
timeout                 0
displaybootmenu         Yes

Windows-Startladeprogramm
-------------------------
Bezeichner              {default}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  de-DE
inherit                 {bootloadersettings}
recoverysequence        {41d639c3-98f5-11e0-b411-8a7fc46c97b1}
recoveryenabled         Yes
testsigning             Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {41d639c1-98f5-11e0-b411-8a7fc46c97b1}
nx                      OptIn

Windows-Startladeprogramm
-------------------------
Bezeichner              {41d639c3-98f5-11e0-b411-8a7fc46c97b1}

Windows-Startladeprogramm
-------------------------
Bezeichner              {41d639c6-98f5-11e0-b411-8a7fc46c97b1}
device                  ramdisk=[C:]\Recovery\41d639c3-98f5-11e0-b411-8a7fc46c97b1\Winre.wim,{41d639c7-98f5-11e0-b411-8a7fc46c97b1}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment (wiederhergestellt) 
locale                  
osdevice                ramdisk=[C:]\Recovery\41d639c3-98f5-11e0-b411-8a7fc46c97b1\Winre.wim,{41d639c7-98f5-11e0-b411-8a7fc46c97b1}
systemroot              \windows
winpe                   Yes

Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner              {41d639c1-98f5-11e0-b411-8a7fc46c97b1}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  de-DE
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows-Speichertestprogramm
----------------------------
Bezeichner              {memdiag}
device                  partition=Y:
path                    \boot\memtest.exe
description             Windows-Speicherdiagnose
locale                  de-DE
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS-Einstellungen
-----------------
Bezeichner              {emssettings}
bootems                 Yes

Debuggereinstellungen
---------------------
Bezeichner              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM-Defekte
-----------
Bezeichner              {badmemory}

Globale Einstellungen
---------------------
Bezeichner              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Startladeprogramm-Einstellungen
-------------------------------
Bezeichner              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisoreinstellungen
-------------------
Bezeichner              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner              {resumeloadersettings}
inherit                 {globalsettings}

Ger„teoptionen
--------------
Bezeichner              {41d639c4-98f5-11e0-b411-8a7fc46c97b1}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\41d639c3-98f5-11e0-b411-8a7fc46c97b1\boot.sdi

Ger„teoptionen
--------------
Bezeichner              {41d639c7-98f5-11e0-b411-8a7fc46c97b1}
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\41d639c3-98f5-11e0-b411-8a7fc46c97b1\boot.sdi


==================== Memory info =========================== 

Percentage of memory in use: 26%
Total physical RAM: 2047.3 MB
Available physical RAM: 1505.18 MB
Total Pagefile: 2047.3 MB
Available Pagefile: 1489.65 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:335.25 GB) (Free:198.76 GB) NTFS (Disk=0 Partition=2)
Drive e: (GSP1RMCPRXFRER_DE_DVD) (CDROM) (Total:3.04 GB) (Free:0 GB) UDF
Drive f: () (Removable) (Total:1.88 GB) (Free:1.88 GB) FAT32 (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 335 GB) (Disk ID: 0ED0BC64)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=335 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 73696D20)
No partition Table on disk 1.


LastRegBack: 2013-06-18 11:35

==================== End Of Log ============================
Was soll ich tun?

 

Themen zu Windows 7 Sperrbildschirm UKASH cyberpolice
adobe flash player, alternative, association, bootmgr, check, explorer, explorer.exe, farbar, farbar recovery scan tool, flash player, free, hdaudio.sys, helper, i8042prt.sys, icon, log, messenger, microsoft, mozilla, realplayer, registry, rootkit, scan, security, services.exe, svchost.exe, system, system32, windows, winlogon.exe


« vermutlich von einem Trojaner infiziert - TR/Crypt.XPACK.Gen3 wurde von Antivir gefunden | Trojaner: fehlende verknüpfungen, leeres startmenü »


Ähnliche Themen: Windows 7 Sperrbildschirm UKASH cyberpolice


  1. AKM Trojaner mit Sperrbildschirm auf Windows 7 32 Bit
    Log-Analyse und Auswertung - 30.09.2015 (9)
  2. Windows 8: AKM Trojaner - Sperrbildschirm
    Log-Analyse und Auswertung - 30.03.2015 (1)
  3. Windows 7: Sperrbildschirm nach Schädlingsbefall
    Log-Analyse und Auswertung - 01.02.2015 (18)
  4. Windows 7: Sperrbildschirm nach GVU Trojaner
    Log-Analyse und Auswertung - 12.08.2014 (16)
  5. Windows 7 Sperrbildschirm - BKA Virus
    Log-Analyse und Auswertung - 12.07.2014 (13)
  6. Windows 7: GVU/BKA Trojaner mit Sperrbildschirm
    Log-Analyse und Auswertung - 30.06.2014 (11)
  7. Windows 7 64Bit Sperrbildschirm
    Plagegeister aller Art und deren Bekämpfung - 08.12.2013 (11)
  8. Windows 7: Trojaner mit sperrbildschirm
    Plagegeister aller Art und deren Bekämpfung - 14.11.2013 (1)
  9. Windows 7: Browserfenster Bundespolizei mit Sperrbildschirm
    Log-Analyse und Auswertung - 22.10.2013 (11)
  10. Sperrbildschirm unter windows xp
    Log-Analyse und Auswertung - 09.10.2013 (29)
  11. Vindowa Vista Sperrbildschirm, Ukash 100€, kein Taskmngr, Abgesicherter Modus fährt sofort runter
    Plagegeister aller Art und deren Bekämpfung - 07.09.2013 (7)
  12. Vindowa Vista Sperrbildschirm, Ukash 100€, kein Taskmngr, Abgesicherter Modus fährt sofort runter
    Log-Analyse und Auswertung - 06.09.2013 (1)
  13. Sperrbildschirm, Ukash 100€, kein Taskmngr, Abgesicherter Modus fährt sofort runter
    Plagegeister aller Art und deren Bekämpfung - 31.05.2013 (15)
  14. Sperrbildschirm Bundespolizei Ukash 100€
    Plagegeister aller Art und deren Bekämpfung - 25.05.2013 (6)
  15. Sperrbildschirm, Ukash 100€, kein Taskmngr, Abgesicherter Modus fährt sofort runter
    Plagegeister aller Art und deren Bekämpfung - 06.04.2013 (12)
  16. Bundespolizei - Sperrbildschirm (Ukash 100€)
    Plagegeister aller Art und deren Bekämpfung - 10.06.2012 (1)
  17. 50€ Virus Ukash, Sperrbildschirm nix funktioniert mehr
    Log-Analyse und Auswertung - 26.04.2012 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows 7 Sperrbildschirm UKASH cyberpolice - Hallo, wie der Titel schon besagt, habe ich einen Sperrbildschirm. Hab bereits einen Scan mit Farbar gemacht. Code: Alles auswählen Aufklappen ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) - Windows 7 Sperrbildschirm UKASH cyberpolice...
Archiv
Du betrachtest: Windows 7 Sperrbildschirm UKASH cyberpolice auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131