WIN / 32 bit BKA .BK .BPD Virus Befall

momorossi · 07.02.2014, 14:28

Hi

zuerst mal ein herzliches Dankeschön im Voraus in der Hoffnung auf Hilfe

Computer läßt sich nur mehr im DOS Modus booten :-( verzwiflung groß, weil wie immer (für mich) dringend - wahrscheinlich bei allen ...

lG
Peter

anbei der FRST64 scan result :

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2014
Ran by pe130296 (administrator) on PE1302961 on 07-02-2014 14:14:05
Running from E:\
Windows 7 Enterprise Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Safe Mode (minimal)


==================== Processes (Whitelisted) =================

(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\dinotify.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [acevents] - C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2009-06-03] (ActivIdentity)
HKLM\...\Run: [accrdsub] - C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [483880 2009-06-03] (ActivIdentity)
HKLM\...\Run: [PasswordRegistration] - C:\Windows\system32\MsPwdRegistration.exe [31080 2010-08-19] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-04-15] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2927928 2012-05-18] (Synaptics Incorporated)
HKLM\...\Run: [HPPowerAssistant] - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [3488640 2012-03-14] (Hewlett-Packard Company)
HKLM\...\Run: [HPRAService] - C:\Program Files\RA2HP\HPRAService.exe [139776 2012-12-18] (Hewlett-Packard Company)
HKLM\...\Run: [VX3000] - C:\Windows\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [COEMsgDisplay] - c:\Program Files (x86)\Hewlett-Packard\PC COE\COEMsgDisplay.exe [26624 2007-04-11] (Hewlett Packard)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2011-09-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [GetITIcon] - C:\Program Files (x86)\Hewlett-Packard\GetITIcon\GetITShell.exe [861696 2011-08-30] (Hewlett-Packard Company)
HKLM-x32\...\Run: [McAfee Host Intrusion Prevention Tray] - C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe [979104 2010-06-15] (McAfee, Inc.)
HKLM-x32\...\Run: [IDA] - C:\Program Files (x86)\Hewlett-Packard\PC COE\IDA.EXE [176128 2011-04-02] (Hewlett-Packard Company)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-03-01] (Intel Corporation)
HKLM-x32\...\Run: [QLBController] - c:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [322432 2012-04-04] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPConnectionManager] - c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [184704 2012-04-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [eepc_SmartClient] - C:\Program Files (x86)\SmartClient\Smart.exe [135168 2013-09-24] (Hewlett-Packard Company)
HKLM-x32\...\Run: [ShStatEXE] - C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [124224 2011-08-31] (McAfee, Inc.)
HKLM-x32\...\Run: [SafeBootTrayManager] - C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe [69632 2009-08-19] ()
HKLM-x32\...\Run: [SafeBootTokenWatcher] - C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbTokWatch.exe [172092 2011-09-15] (McAfee, Inc.)
HKLM-x32\...\Run: [McAfeeUpdaterUI] - C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [333416 2012-11-27] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Nikon Message Center 2] - C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM-x32\...\Run: [PlantronicsURE.exe] - C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsURE.exe [625040 2013-02-28] (Plantronics, Inc.)
HKLM-x32\...\Run: [PlantronicsBatteryStatus.exe] - C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsBatteryStatus.exe [356752 2013-02-28] (Plantronics, Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [Communicator] - C:\Program Files (x86)\Microsoft Lync\communicator.exe [12107944 2013-05-30] (Microsoft Corporation)
HKLM-x32\...\Run: [AgentUiRunKey] - C:\Program Files (x86)\PC Backup\Agent.exe [299856 2012-11-28] (Autonomy Corporation plc)
HKLM-x32\...\Run: [BambooCore] - C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKLM-x32\...\Run: [LifeCam] - C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-07-26] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Adobe Creative Cloud] - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2239376 2013-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoWebServices] 1
HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1
HKLM\...\Policies\Explorer: [NoPublishingWizard] 1
HKLM\...\Policies\Explorer: [NoAutorun] 1
HKU\S-1-5-21-1957994488-842925246-40105171-193186\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564016 2013-07-26] (Samsung)
HKU\S-1-5-21-1957994488-842925246-40105171-193186\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-1957994488-842925246-40105171-193186\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-07-26] (Samsung)
HKU\S-1-5-21-1957994488-842925246-40105171-193186\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe -update activex
Lsa: [Notification Packages] sbnp scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\pe130296\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\pe130296\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zj2o9rj2.lnk
ShortcutTarget: zj2o9rj2.lnk -> C:\ProgramData\2jr9o2jz.cpp (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://intranet.hp.com/Country/Austria/Pages/index.aspx
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {3A4BD30C-6ADE-4536-A668-BFFA1D20DE74} URL = hxxp://search.portal.hp.com/search/simple.asp?query={searchTerms}
SearchScopes: HKCU - {6C336C69-4D05-4234-956F-525EC5BB10C6} URL = hxxp://peoplefinder.portal.hp.com/peoplefinder/peoplefinder.asp?pf_SearchType=0&pf_SearchVal={searchTerms}&pf_SearchOption=0
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: DIALux Browser Helper Object - {F586CB96-7091-42ec-9829-F5D5CE65AFC1} - C:\Program Files (x86)\DIAL GmbH\DIALux\Dialux.BHO.dll (DIAL GmbH)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM-x32 {00000035-9593-4264-8B29-930B3E4EDCCD} https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall35.cab
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {AB01FF2E-A848-410C-B47B-CB467C476AD9} https://g5t0073.atlanta.hp.com/hp/HPPKI.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://forrester.webex.com/client/WBXclient-T28L10NSP10EP1-16277/webex/ieatgpc1.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 195.202.138.3 195.202.128.3 62.40.128.2

==================== Services (Whitelisted) =================

S2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-09-26] (Adobe Systems)
S2 AgentService; C:\Program Files (x86)\PC Backup\AgentService.exe [6777680 2012-11-28] (Autonomy Corporation plc)
S3 DialComService; C:\Program Files (x86)\DIAL GmbH\DIAL Communication Framework\DialComService.exe [1931536 2013-03-29] (DIAL GmbH)
S2 enterceptAgent; C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe [1498224 2010-06-15] (McAfee, Inc.)
S2 FIMPasswordReset; C:\Program Files\Microsoft Forefront Identity Manager\2010\Password Reset Client Service\PwdMgmtProxy.exe [75608 2010-08-19] (Microsoft Corporation)
S2 hips; C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe [39840 2010-01-26] (McAfee, Inc.)
S2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [368512 2012-04-04] (Hewlett-Packard Company)
S2 McAfee SiteAdvisor Enterprise Service; C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [222528 2009-12-16] (McAfee, Inc.)
R2 McAfeeEngineService; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [20792 2011-08-31] (McAfee, Inc.)
S2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [132712 2012-11-27] (McAfee, Inc.)
S2 McShield; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe [181480 2011-08-31] (McAfee, Inc.)
S2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [66880 2011-08-31] (McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [158832 2011-08-31] (McAfee, Inc.)
S2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
S2 radexecd; C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe [300776 2010-04-21] (Hewlett-Packard)
S2 radsched; C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe [190184 2010-04-21] (Hewlett-Packard)
S2 Radstgms; C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe [333544 2010-04-21] (Hewlett-Packard)
S2 SafeBootClientManager; C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbClientManager.exe [385084 2011-09-15] (McAfee, Inc.)
S2 svctimehpc; C:\Program Files (x86)\Products\Time Service\svctimehpc.exe [13387128 2012-09-11] ()
S2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2012-02-01] (Broadcom Corporation.)
S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2012-02-01] (Broadcom Corporation.)
S3 Firehk; C:\Windows\System32\DRIVERS\firehk.sys [56648 2008-10-17] (McAfee, Inc.)
S3 FirehkMP; C:\Windows\System32\DRIVERS\firehk.sys [56648 2008-10-17] (McAfee, Inc.)
S3 firelm01; C:\Windows\system32\drivers\firelm01.sys [38968 2010-06-15] (McAfee, Inc.)
R0 FirePM; C:\Windows\System32\Drivers\FirePM.sys [186784 2010-06-15] (McAfee, Inc.)
S1 FireTDI; C:\Windows\system32\Drivers\FireTDI.sys [254520 2010-06-15] (McAfee, Inc.)
S3 HIPK; C:\Windows\System32\drivers\HIPK.sys [138904 2010-01-26] (McAfee, Inc.)
S3 HIPPSK; C:\Windows\System32\drivers\HIPPSK.sys [45424 2010-01-26] (McAfee, Inc.)
S3 HIPQK; C:\Windows\System32\drivers\HIPQK.sys [40152 2010-01-26] (McAfee, Inc.)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R3 johci; C:\Windows\System32\DRIVERS\johci.sys [26200 2012-02-27] (JMicron Technology Corp.)
S3 LV_Tracker; C:\Windows\System32\DRIVERS\LV_Tracker64.sys [54824 2012-11-28] ()
S3 Mandiant_Tools; C:\ProgramData\Application Data\Time Service\mktools.sys [25168 2013-05-08] ()
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [158584 2011-08-31] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [228752 2011-08-31] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [642824 2011-08-31] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [100904 2011-08-31] (McAfee, Inc.)
S4 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [86368 2011-08-31] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [283744 2011-08-31] (McAfee, Inc.)
S3 RadiaMsi; C:\Windows\System32\DRIVERS\radiamsi.sys [43032 2010-01-13] (Hewlett Packard)
S1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [58184 2011-09-15] (McAfee, Inc.)
S1 RsvLock; C:\Windows\SysWow64\Drivers\RsvLock.sys [58184 2011-09-15] (McAfee, Inc.)
R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [62792 2011-09-15] (McAfee, Inc.)
R0 SafeBoot; C:\Windows\SysWow64\Drivers\SafeBoot.sys [62792 2011-09-15] (McAfee, Inc.)
R0 SBAlg; C:\Windows\System32\Drivers\SBAlg.sys [60128 2008-08-13] (SafeBoot N.V.)
R0 SBAlg; C:\Windows\SysWow64\Drivers\SBAlg.sys [60128 2008-08-13] (SafeBoot N.V.)
S1 SbFlop; C:\Windows\System32\Drivers\SbFlop.sys [23368 2011-09-15] (McAfee, Inc.)
S1 SbFlop; C:\Windows\SysWow64\Drivers\SbFlop.sys [23368 2011-09-15] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [15688 2011-09-15] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\SysWow64\Drivers\SbFsLock.sys [15688 2011-09-15] (McAfee, Inc.)
S1 SbRegFlt; C:\Windows\System32\Drivers\SbRegFlt.sys [15688 2011-09-15] (McAfee, Inc.)
S1 SbRegFlt; C:\Windows\SysWow64\Drivers\SbRegFlt.sys [15688 2011-09-15] (McAfee, Inc.)
S3 SmbDrvAMDASF; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [25912 2012-05-18] (Synaptics Incorporated)
S3 SmbDrvIntel; C:\Windows\system32\drivers\Smb_driver_Intel.sys [26936 2012-05-18] (Synaptics Incorporated)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [X]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-07 14:08 - 2014-02-07 14:08 - 00133028 _____ () C:\Windows\SysWOW64\api_hook_list.dat
2014-02-07 14:08 - 2014-02-07 14:08 - 00002033 _____ () C:\Windows\system32\api_hook_list.dat
2014-02-07 13:42 - 2014-02-07 13:42 - 00334076 ____T (Microsoft Corporation) C:\ProgramData\zj2o9rj2.zvv
2014-02-07 13:41 - 2014-02-07 14:08 - 95027928 ____T () C:\ProgramData\zj2o9rj2.fee
2014-02-07 13:41 - 2014-02-07 13:41 - 00224145 _____ (Microsoft Corporation) C:\ProgramData\2jr9o2jz.cpp
2014-01-26 18:00 - 2014-01-26 18:03 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-01-26 17:57 - 2014-01-26 17:57 - 41404760 _____ (Apple Inc.) C:\Users\pe130296\Downloads\QuickTimeInstaller.exe
2014-01-26 17:56 - 2014-01-26 17:56 - 00000000 ____D () C:\Users\pe130296\Documents\Adobe
2014-01-26 17:46 - 2014-01-26 17:46 - 00000000 ____D () C:\Users\pe130296\Downloads\Adobe
2014-01-26 17:40 - 2014-01-26 17:46 - 914255640 _____ (Adobe Systems Incorporated) C:\Users\pe130296\Downloads\Lightroom_5_LS11.exe
2014-01-23 14:25 - 2014-01-23 14:25 - 00024049 _____ () C:\Users\pe130296\Desktop\Copy of people moving to FSC (2).xlsx
2014-01-22 20:31 - 2014-01-22 20:31 - 00000275 _____ () C:\Users\pe130296\AppData\Local\HamsterAudioConverterSettings.cfg
2014-01-22 20:30 - 2014-01-22 20:30 - 00000000 ____D () C:\Program Files (x86)\Hamster Soft
2014-01-22 20:29 - 2014-01-22 20:29 - 05350072 _____ (Hamster Soft ) C:\Users\pe130296\Downloads\hamsterfreeaudioconverter_1.0.0.18.exe
2014-01-22 17:40 - 2014-01-22 17:40 - 00000000 ____D () C:\Users\pe130296\Documents\VST3 Presets
2014-01-22 14:26 - 2014-01-22 14:26 - 39841403 _____ () C:\Users\pe130296\Downloads\WaveLab_LE_7.2.1_Win8_Patch64.exe
2014-01-19 12:38 - 2014-02-07 14:01 - 00003106 _____ () C:\Windows\System32\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001
2014-01-19 12:38 - 2014-02-07 14:01 - 00000278 ____H () C:\Windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001.job
2014-01-19 12:38 - 2014-02-07 13:57 - 00000412 ____H () C:\Windows\Tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000.job
2014-01-19 12:38 - 2014-02-07 13:57 - 00000392 ____H () C:\Windows\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000.job
2014-01-19 12:38 - 2014-02-07 13:57 - 00000370 ____H () C:\Windows\Tasks\IDA{96A23EF4-3F38-4839-B12A-860409AC2861}000.job
2014-01-19 12:38 - 2014-02-07 13:57 - 00000338 ____H () C:\Windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000.job
2014-01-19 12:38 - 2014-02-07 13:56 - 00000370 ____H () C:\Windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000.job
2014-01-19 12:38 - 2014-02-07 13:56 - 00000346 ____H () C:\Windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001.job
2014-01-19 12:38 - 2014-02-07 13:48 - 00003346 _____ () C:\Windows\System32\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000
2014-01-19 12:38 - 2014-02-07 13:48 - 00003122 _____ () C:\Windows\System32\Tasks\IDA{96A23EF4-3F38-4839-B12A-860409AC2861}000
2014-01-19 12:38 - 2014-02-07 13:48 - 00003098 _____ () C:\Windows\System32\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001
2014-01-19 12:38 - 2014-02-07 13:48 - 00003022 _____ () C:\Windows\System32\Tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000
2014-01-19 12:38 - 2014-02-07 13:48 - 00002980 _____ () C:\Windows\System32\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000
2014-01-19 12:38 - 2014-02-07 13:48 - 00002884 _____ () C:\Windows\System32\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000
2014-01-19 12:38 - 2010-01-26 18:56 - 00040328 _____ (McAfee, Inc.) C:\Windows\SysWOW64\HIPIS0e011b5.dll
2014-01-19 12:38 - 2010-01-26 18:44 - 00047080 _____ (McAfee, Inc.) C:\Windows\system32\HIPIS0e011b5.dll
2014-01-19 12:36 - 2014-01-19 12:36 - 00007606 _____ () C:\Users\pe130296\AppData\Local\Resmon.ResmonCfg
2014-01-09 09:55 - 2014-01-09 09:55 - 00003193 _____ () C:\Users\pe130296\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook Diagnostics.lnk

==================== One Month Modified Files and Folders =======

2014-02-07 14:14 - 2013-07-06 15:13 - 00000000 ____D () C:\FRST
2014-02-07 14:08 - 2014-02-07 14:08 - 00133028 _____ () C:\Windows\SysWOW64\api_hook_list.dat
2014-02-07 14:08 - 2014-02-07 14:08 - 00002033 _____ () C:\Windows\system32\api_hook_list.dat
2014-02-07 14:08 - 2014-02-07 13:41 - 95027928 ____T () C:\ProgramData\zj2o9rj2.fee
2014-02-07 14:08 - 2013-05-28 07:54 - 00003244 _____ () C:\Windows\System32\Tasks\pcpm-collector
2014-02-07 14:08 - 2013-05-28 07:54 - 00002906 _____ () C:\Windows\System32\Tasks\pcpm-consolidator
2014-02-07 14:08 - 2013-05-28 07:54 - 00000314 _____ () C:\Windows\Tasks\pcpm-consolidator.job
2014-02-07 14:08 - 2013-05-28 07:54 - 00000308 _____ () C:\Windows\Tasks\pcpm-collector.job
2014-02-07 14:08 - 2013-04-29 08:46 - 00000000 ____D () C:\Program Files (x86)\PC Backup
2014-02-07 14:08 - 2013-04-26 09:32 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-07 14:08 - 2013-04-24 11:23 - 00002882 _____ () C:\Windows\System32\Tasks\Maint
2014-02-07 14:08 - 2013-04-24 11:23 - 00000290 _____ () C:\Windows\Tasks\Maint.job
2014-02-07 14:08 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-07 14:08 - 2009-07-14 05:51 - 00084623 _____ () C:\Windows\setupact.log
2014-02-07 14:01 - 2014-01-19 12:38 - 00003106 _____ () C:\Windows\System32\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001
2014-02-07 14:01 - 2014-01-19 12:38 - 00000278 ____H () C:\Windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001.job
2014-02-07 13:57 - 2014-01-19 12:38 - 00000412 ____H () C:\Windows\Tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000.job
2014-02-07 13:57 - 2014-01-19 12:38 - 00000392 ____H () C:\Windows\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000.job
2014-02-07 13:57 - 2014-01-19 12:38 - 00000370 ____H () C:\Windows\Tasks\IDA{96A23EF4-3F38-4839-B12A-860409AC2861}000.job
2014-02-07 13:57 - 2014-01-19 12:38 - 00000338 ____H () C:\Windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000.job
2014-02-07 13:56 - 2014-01-19 12:38 - 00000370 ____H () C:\Windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000.job
2014-02-07 13:56 - 2014-01-19 12:38 - 00000346 ____H () C:\Windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001.job
2014-02-07 13:55 - 2013-04-24 11:32 - 00003322 _____ () C:\Windows\System32\Tasks\Smart Client
2014-02-07 13:52 - 2013-04-26 09:32 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-07 13:51 - 2009-07-14 05:45 - 00019104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-07 13:51 - 2009-07-14 05:45 - 00019104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-07 13:49 - 2013-04-24 11:32 - 00000000 ____D () C:\Windows\SmartClient
2014-02-07 13:48 - 2014-01-19 12:38 - 00003346 _____ () C:\Windows\System32\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000
2014-02-07 13:48 - 2014-01-19 12:38 - 00003122 _____ () C:\Windows\System32\Tasks\IDA{96A23EF4-3F38-4839-B12A-860409AC2861}000
2014-02-07 13:48 - 2014-01-19 12:38 - 00003098 _____ () C:\Windows\System32\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001
2014-02-07 13:48 - 2014-01-19 12:38 - 00003022 _____ () C:\Windows\System32\Tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000
2014-02-07 13:48 - 2014-01-19 12:38 - 00002980 _____ () C:\Windows\System32\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000
2014-02-07 13:48 - 2014-01-19 12:38 - 00002884 _____ () C:\Windows\System32\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000
2014-02-07 13:48 - 2013-04-24 11:23 - 00000000 ____D () C:\Users\pe130296\tracing
2014-02-07 13:44 - 2013-05-08 13:31 - 00000000 ____D () C:\ProgramData\Time Service
2014-02-07 13:44 - 2010-11-21 04:47 - 00021416 _____ () C:\Windows\PFRO.log
2014-02-07 13:42 - 2014-02-07 13:42 - 00334076 ____T (Microsoft Corporation) C:\ProgramData\zj2o9rj2.zvv
2014-02-07 13:41 - 2014-02-07 13:41 - 00224145 _____ (Microsoft Corporation) C:\ProgramData\2jr9o2jz.cpp
2014-02-07 13:41 - 2013-04-24 11:23 - 00000000 ___RD () C:\Users\pe130296\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-07 13:40 - 2013-07-09 07:22 - 00000000 ____D () C:\data
2014-02-07 13:40 - 2013-04-24 20:54 - 00000000 ____D () C:\mail
2014-02-07 13:15 - 2013-10-12 13:44 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-07 07:57 - 2013-04-24 11:23 - 00000000 ____D () C:\Users\pe130296\AppData\Local\Adobe
2014-02-06 16:49 - 2013-07-06 12:04 - 00004552 _____ () C:\Windows\system32\config\netlogon.ftl
2014-02-06 16:49 - 2013-04-24 11:23 - 00028152 __RSH () C:\Users\pe130296\ntuser.pol
2014-02-06 16:49 - 2013-04-24 11:22 - 00000000 ____D () C:\Users\pe130296
2014-02-06 16:16 - 2012-05-15 14:05 - 00122111 __RSH () C:\ProgramData\ntuser.pol
2014-02-06 11:55 - 2013-04-24 20:59 - 00000000 ____D () C:\Users\pe130296\AppData\Local\CrashDumps
2014-02-05 15:15 - 2013-10-12 13:44 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-05 15:15 - 2013-07-11 08:14 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-05 15:15 - 2013-07-11 08:14 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-05 13:03 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-05 10:42 - 2012-05-15 14:27 - 00000000 ____D () C:\Program Files\RA2HP
2014-02-04 16:06 - 2013-04-24 20:56 - 00000000 ____D () C:\Users\pe130296\Documents\!!!Privat
2014-01-27 08:53 - 2013-04-24 20:54 - 00000000 ___RD () C:\Users\pe130296\Desktop\CEE HP
2014-01-26 18:03 - 2014-01-26 18:00 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-01-26 17:57 - 2014-01-26 17:57 - 41404760 _____ (Apple Inc.) C:\Users\pe130296\Downloads\QuickTimeInstaller.exe
2014-01-26 17:56 - 2014-01-26 17:56 - 00000000 ____D () C:\Users\pe130296\Documents\Adobe
2014-01-26 17:56 - 2013-04-24 11:23 - 00000000 ____D () C:\Users\pe130296\AppData\Roaming\Adobe
2014-01-26 17:52 - 2013-09-26 10:09 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-01-26 17:52 - 2012-05-15 13:07 - 00000000 ____D () C:\ProgramData\Adobe
2014-01-26 17:50 - 2013-09-26 10:13 - 00000000 ____D () C:\Program Files\Adobe
2014-01-26 17:46 - 2014-01-26 17:46 - 00000000 ____D () C:\Users\pe130296\Downloads\Adobe
2014-01-26 17:46 - 2014-01-26 17:40 - 914255640 _____ (Adobe Systems Incorporated) C:\Users\pe130296\Downloads\Lightroom_5_LS11.exe
2014-01-26 17:45 - 2013-07-11 12:58 - 00000020 ____H () C:\ProgramData\PKP_DLet.DAT
2014-01-24 16:12 - 2013-07-06 14:28 - 00006352 _____ () C:\Windows\system32\PerfStringBackup.TMP
2014-01-23 14:25 - 2014-01-23 14:25 - 00024049 _____ () C:\Users\pe130296\Desktop\Copy of people moving to FSC (2).xlsx
2014-01-22 20:31 - 2014-01-22 20:31 - 00000275 _____ () C:\Users\pe130296\AppData\Local\HamsterAudioConverterSettings.cfg
2014-01-22 20:30 - 2014-01-22 20:30 - 00000000 ____D () C:\Program Files (x86)\Hamster Soft
2014-01-22 20:29 - 2014-01-22 20:29 - 05350072 _____ (Hamster Soft ) C:\Users\pe130296\Downloads\hamsterfreeaudioconverter_1.0.0.18.exe
2014-01-22 17:40 - 2014-01-22 17:40 - 00000000 ____D () C:\Users\pe130296\Documents\VST3 Presets
2014-01-22 14:36 - 2013-05-02 18:13 - 00000000 ____D () C:\Users\pe130296\AppData\Roaming\Steinberg
2014-01-22 14:26 - 2014-01-22 14:26 - 39841403 _____ () C:\Users\pe130296\Downloads\WaveLab_LE_7.2.1_Win8_Patch64.exe
2014-01-21 16:35 - 2013-04-24 11:32 - 00000000 ____D () C:\Program Files (x86)\SmartClient
2014-01-21 14:04 - 2013-04-24 10:58 - 01286315 _____ () C:\Windows\WindowsUpdate.log
2014-01-20 15:08 - 2012-05-15 12:54 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-01-19 12:36 - 2014-01-19 12:36 - 00007606 _____ () C:\Users\pe130296\AppData\Local\Resmon.ResmonCfg
2014-01-16 08:27 - 2013-04-24 20:56 - 00000000 ___RD () C:\Users\pe130296\Desktop\OrderFunnel
2014-01-15 17:06 - 2013-04-24 22:14 - 00000000 ___RD () C:\Users\pe130296\Documents\TS Ops CEE
2014-01-15 10:40 - 2013-04-24 21:47 - 00000000 ____D () C:\Users\pe130296\Documents\!LBS
2014-01-14 14:26 - 2013-04-24 20:56 - 00000000 ____D () C:\Quarantine
2014-01-09 18:07 - 2013-04-24 12:56 - 00000000 ____D () C:\Users\pe130296\AppData\Roaming\Seiqme
2014-01-09 09:55 - 2014-01-09 09:55 - 00003193 _____ () C:\Users\pe130296\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook Diagnostics.lnk
2014-01-09 09:54 - 2012-05-15 12:15 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard

ZeroAccess:
C:\Users\pe130296\AppData\Local\{69b202c0-2858-b795-3da1-b2788082b446}

Files to move or delete:
====================
C:\Users\Administrator\create_shortcut.vbs
C:\Users\Administrator\reg_off2k7.vbs
C:\ProgramData\PKP_DLbx.DAT
C:\ProgramData\PKP_DLeo.DAT
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
C:\ProgramData\zj2o9rj2.fee
C:\ProgramData\zj2o9rj2.zvv
C:\Users\Default\create_shortcut.vbs
C:\Users\Default\reg_off2k7.vbs


Some content of TEMP:
====================
C:\Users\pe130296\AppData\Local\Temp\2SKKKKKKK.exe
C:\Users\pe130296\AppData\Local\Temp\AutoUpdate.exe
C:\Users\pe130296\AppData\Local\Temp\CpqMC.dll
C:\Users\pe130296\AppData\Local\Temp\psWinControl.dll
C:\Users\pe130296\AppData\Local\Temp\RA_LOG.dll
C:\Users\pe130296\AppData\Local\Temp\~tmf4874249892318953491.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-29 10:36

==================== End Of Log ============================

--- --- ---
[\CODE]

WIN / 32 bit BKA .BK .BPD Virus Befall

Log-Analyse und Auswertung: WIN / 32 bit BKA .BK .BPD Virus Befall

WIN / 32 bit BKA .BK .BPD Virus Befall

Ähnliche Themen: WIN / 32 bit BKA .BK .BPD Virus Befall