Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: BKA Trojaner -.-

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 24.07.2013, 00:16   #1
Kivi1991
 
BKA Trojaner -.- - Standard

BKA Trojaner -.-



Hallo oder auch guten morgen Leute ich hab ein ziemlich beschissenes Problem :(

Ich bekomm auf einmal das son Welt berühmte Fenster von dem BKA Trojaner bekomm es natuerlich nicht weg

Und hab auch keine Ahnung wie ich das machen soll..

Kurze Info. Mein Laptop laeuft nur noch ueber hdmi da ich einen Bildschirmbruch habe..
Seh dadurch nicht ob ich in den abgesicherten Modus komme oder nicht..

Hab win7 64Bit home und nen hp Laptop..

Habt ihr ne Idee wie ich den irgendwie runter bekomme..

MfG Kivi :)

Alt 24.07.2013, 06:55   #2
schrauber
/// the machine
/// TB-Ausbilder
 

BKA Trojaner -.- - Standard

BKA Trojaner -.-



hi,

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)
Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
  • Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST Download FRST 32-Bit | FRST 64-Bit
  • Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
  • Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:
Über den Boot Manager:
  • Starte den Rechner neu.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Mit Windows CD/DVD (auch bei Windows 8 möglich):
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu und starte von der CD.
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Wähle in den Reparaturoptionen: Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe bzw. e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Ja und klicke Untersuchen
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

__________________

__________________

Alt 24.07.2013, 13:53   #3
Kivi1991
 
BKA Trojaner -.- - Standard

BKA Trojaner -.-



Hi schrauber..

Ja das habe ich jetzt schon öfter gelesen mein Problem ist daher ich seh nicht was im System steht da ich halt ueber hdmi am Tv bin er zeigt mir auch nicht den BIOS an.. Ich sehe erst ab dann wo steht Willkommen und kurz danach kommt das BKA Virus :/
Hast du irgendwie eine Idee ?
__________________

Alt 24.07.2013, 14:52   #4
schrauber
/// the machine
/// TB-Ausbilder
 

BKA Trojaner -.- - Standard

BKA Trojaner -.-



Drück doch einfach beim Start solange F8 bis Du das Auswahlmenü siehst. Oder F2 um ins Bios zu kommen.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 24.07.2013, 15:00   #5
Kivi1991
 
BKA Trojaner -.- - Standard

BKA Trojaner -.-



Auf die Idee bin ich auch schon gekommen.. Ich seh aber nichts da Laptop Display kaputt ist und tv erst ab dem Willkommen anspringen bzw Bild anzeigt :/


Alt 24.07.2013, 16:00   #6
schrauber
/// the machine
/// TB-Ausbilder
 

BKA Trojaner -.- - Standard

BKA Trojaner -.-



Anderen externen Monitor organisieren?
__________________
--> BKA Trojaner -.-

Alt 24.07.2013, 17:50   #7
Kivi1991
 
BKA Trojaner -.- - Standard

BKA Trojaner -.-



Schon probiert funktionier auch nicht kommt das selbe bei raus :/

Alt 25.07.2013, 07:12   #8
schrauber
/// the machine
/// TB-Ausbilder
 

BKA Trojaner -.- - Standard

BKA Trojaner -.-



Das wird intressant.....
mit nem externen Monitor sollte es aber eigentlich funktionieren.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 25.07.2013, 14:11   #9
Kivi1991
 
BKA Trojaner -.- - Standard

BKA Trojaner -.-




FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2013
Ran by kiviis (administrator) on 25-07-2013 15:01:42
Running from G:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\XSManager\WTGService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTSched.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Yuna Software) C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe
(Creative Technology Ltd.) C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Creative Technology Ltd.) C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-10] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-06-08] (IDT, Inc.)
HKLM\...\Run: [SetDefault] - C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [42808 2011-06-27] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [Creative SB Monitoring Utility] - RunDll32 sbavmon.dll,SBAVMonitor [x]
HKCU\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe [1475584 2010-11-21] (Microsoft Corporation)
HKCU\...\Run: [Linkury Chrome Smartbar] - C:\Program Files (x86)\Linkury\Linkury.exe [103224 2011-08-25] (Linkury)
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Valve\Steam\steam.exe [1610664 2013-06-13] (Valve Corporation)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59872 2012-12-17] (Apple Inc.)
HKCU\...\Run: [CreativeTaskScheduler] - C:\Program Files (x86)\Creative\Shared Files\CTSched.exe [53341 2006-11-17] (Creative Technology Ltd)
HKCU\...\Run: [Facebook Update] - C:\Users\kiviis\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-10-17] (Facebook Inc.)
HKCU\...\Run: [Creative Software Update] - C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe [623416 2009-06-19] (Creative Technology Ltd)
MountPoints2: {0d8e388f-ecbb-11e2-9985-101f74c3dcd0} - G:\HTC_Sync_Manager_PC.exe
MountPoints2: {8b1e62f9-71b1-11e1-9b8f-101f74c3dcd0} - G:\autorun.exe
MountPoints2: {f6b8465d-f959-11e0-9c1e-101f74c3dcd0} - G:\.\autorun.exe
HKLM-x32\...\Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-05-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-30] (Intel Corporation)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [HPQuickWebProxy] - "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [168504 2011-06-28] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586808 2011-04-08] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-27] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [x]
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [PlusService] - C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe [801792 2011-09-07] (Yuna Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-08-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [starter4g] - C:\Windows\starter4g.exe [x]
HKLM-x32\...\Run: [VolPanel] - "C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe" /r [241789 2010-02-18] (Creative Technology Ltd)
HKLM-x32\...\Run: [Module Loader] - C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe -StartUpRun [57344 2007-07-23] (Creative Technology Ltd.)
HKLM-x32\...\Run: [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152544 2012-12-12] (Apple Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\kiviis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
ShortcutTarget: regmonstd.lnk -> C:\Users\kiviis\AppData\Local\Temp\b34btbztdb0vavaw.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://facebook.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM - {42218EA0-A1A3-4FAE-BBF7-7482498E8022} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {42218EA0-A1A3-4FAE-BBF7-7482498E8022} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKCU - {42218EA0-A1A3-4FAE-BBF7-7482498E8022} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 212.23.115.132 212.23.115.148

FireFox:
========
FF ProfilePath: C:\Users\kiviis\AppData\Roaming\Mozilla\Firefox\Profiles\vdy5otns.default
FF Homepage: hxxp://www.facebook.com/
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\kiviis\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\kiviis\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn\

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-05-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-10] (Avira Operations GmbH & Co. KG)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [138272 2012-06-16] (Symantec Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-10-29] ()
R2 WTGService; C:\Program Files (x86)\XSManager\WTGService.exe [329168 2010-04-12] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-05-10] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-05-10] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2011-12-09] (Avira GmbH)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20111210.003\BHDrvx64.sys [1156216 2011-11-14] (Symantec Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20111210.003\BHDrvx64.sys [1156216 2011-11-14] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys [167072 2012-06-07] (Symantec Corporation)
S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [117888 2012-03-19] (Mobile Connector)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2011-12-14] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2011-12-14] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20111216.001\IDSvia64.sys [488568 2011-10-19] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20111216.001\IDSvia64.sys [488568 2011-10-19] (Symantec Corporation)
R3 ksaud; C:\Windows\System32\drivers\ksaud.sys [1588608 2010-07-30] (Creative Technology Ltd.)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20111217.009\ENG64.SYS [117880 2011-12-18] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20111217.009\ENG64.SYS [117880 2011-12-18] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20111217.009\EX64.SYS [2048632 2011-12-18] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20111217.009\EX64.SYS [2048632 2011-12-18] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1309010.00E\SRTSP64.SYS [737952 2012-07-06] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS [37536 2012-07-06] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1309010.00E\SYMDS64.SYS [451192 2011-05-16] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1309010.00E\SYMEFA64.SYS [1129120 2012-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-03-30] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS [190072 2012-04-18] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS [405624 2012-04-18] (Symantec Corporation)
S3 tmnsusbser; C:\Windows\System32\DRIVERS\tmnsusbser.sys [124416 2010-04-21] (Wireless Device)
S3 tmusbnet; C:\Windows\System32\DRIVERS\tmusbnet.sys [129024 2010-04-20] (QUALCOMM Incorporated)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-25 15:01 - 2013-07-25 15:01 - 00000000 ____D C:\FRST
2013-07-24 00:09 - 2013-07-24 00:09 - 00000162 _____ C:\ProgramData\wavav0bdtzbtb43b.reg
2013-07-24 00:09 - 2013-07-24 00:09 - 00000067 _____ C:\ProgramData\wavav0bdtzbtb43b.bat
2013-07-24 00:01 - 2013-07-24 14:07 - 00000000 ____D C:\Users\kiviis\Desktop\Bewerbungen
2013-07-18 21:18 - 2013-07-18 21:18 - 00000000 ____D C:\Users\kiviis\Desktop\Shindy
2013-07-18 20:40 - 2013-07-18 21:08 - 85681108 _____ C:\Users\kiviis\Downloads\tjio35u289023u8912zugh214ui781tz587zwuz763.zip
2013-07-17 13:18 - 2013-07-17 13:18 - 00000000 ____D C:\Windows\system32\MRT
2013-07-13 16:49 - 2013-05-29 08:15 - 17829376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-13 16:49 - 2013-05-29 07:50 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-13 16:49 - 2013-05-29 07:43 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-13 16:49 - 2013-05-29 07:36 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-13 16:49 - 2013-05-29 07:35 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-13 16:49 - 2013-05-29 07:34 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-13 16:49 - 2013-05-29 07:33 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-13 16:49 - 2013-05-29 07:31 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-13 16:49 - 2013-05-29 07:29 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-13 16:49 - 2013-05-29 07:29 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-13 16:49 - 2013-05-29 07:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-13 16:49 - 2013-05-29 07:27 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-13 16:49 - 2013-05-29 07:27 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-13 16:49 - 2013-05-29 07:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-13 16:49 - 2013-05-29 07:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-13 16:49 - 2013-05-29 07:18 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-13 16:49 - 2013-05-29 03:56 - 12333568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-13 16:49 - 2013-05-29 03:50 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-13 16:49 - 2013-05-29 03:48 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-13 16:49 - 2013-05-29 03:41 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-13 16:49 - 2013-05-29 03:41 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-13 16:49 - 2013-05-29 03:41 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-13 16:49 - 2013-05-29 03:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-13 16:49 - 2013-05-29 03:38 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-13 16:49 - 2013-05-29 03:37 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-13 16:49 - 2013-05-29 03:36 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-13 16:49 - 2013-05-29 03:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-13 16:49 - 2013-05-29 03:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-13 16:49 - 2013-05-29 03:33 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-13 16:49 - 2013-05-29 03:33 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-13 16:49 - 2013-05-29 03:33 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-13 16:49 - 2013-05-29 03:29 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-10 23:41 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 23:41 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 23:41 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 23:41 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 23:41 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 23:41 - 2013-04-10 07:45 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-10 23:41 - 2013-04-10 07:02 - 01077760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 17:34 - 2013-07-18 19:46 - 00000000 ____D C:\Users\kiviis\Desktop\RAF_3.0-Hoch2-Premium_Edition-DE-2013-VOiCE
2013-07-10 16:53 - 2013-07-10 16:53 - 00000000 ____D C:\Users\kiviis\AppData\Local\Macromedia
2013-07-10 16:52 - 2013-07-10 16:52 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-04 17:50 - 2013-07-04 17:50 - 00008877 _____ C:\Users\kiviis\AppData\Local\recently-used.xbel
2013-07-04 16:38 - 2013-07-04 17:29 - 155868316 _____ C:\Users\kiviis\Downloads\RAF3.0-2013--.rar
2013-07-03 01:51 - 2013-07-07 01:24 - 00000000 ____D C:\Users\kiviis\Desktop\iphone ftw
2013-07-02 22:44 - 2013-07-02 22:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-02 22:39 - 2013-07-02 22:39 - 00000000 ____D C:\Users\kiviis\Desktop\Genetikk--D.N.A.-DE-2013-OMA
2013-07-02 21:59 - 2013-07-02 22:38 - 119944535 _____ C:\Users\kiviis\Downloads\zrt.rar
2013-06-29 14:08 - 2013-07-04 16:43 - 00000000 ____D C:\Users\kiviis\AppData\Local\gtk-2.0
2013-06-29 13:48 - 2013-06-29 13:48 - 00000000 ____D C:\Users\kiviis\.thumbnails
2013-06-29 13:44 - 2013-07-04 17:51 - 00000000 ____D C:\Users\kiviis\.gimp-2.8
2013-06-29 13:44 - 2013-06-29 13:44 - 00000000 ____D C:\Users\kiviis\AppData\Local\gegl-0.2
2013-06-29 13:38 - 2013-06-29 13:39 - 00000000 ____D C:\Program Files\GIMP 2
2013-06-29 13:37 - 2013-06-29 13:38 - 90116160 _____ (The GIMP Team                                               ) C:\Users\kiviis\Downloads\gimp-2.8.6-setup.exe

==================== One Month Modified Files and Folders =======

2013-07-25 15:01 - 2013-07-25 15:01 - 00000000 ____D C:\FRST
2013-07-25 15:00 - 2012-05-01 14:23 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-07-25 15:00 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-25 15:00 - 2009-07-14 06:51 - 00033200 _____ C:\Windows\setupact.log
2013-07-24 14:37 - 2012-03-25 01:33 - 01904514 _____ C:\Windows\WindowsUpdate.log
2013-07-24 14:37 - 2009-07-14 06:45 - 00031856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-24 14:37 - 2009-07-14 06:45 - 00031856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-24 14:15 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing
2013-07-24 14:13 - 2011-10-24 19:44 - 00000000 ____D C:\Users\kiviis\AppData\Roaming\SoftGrid Client
2013-07-24 14:07 - 2013-07-24 00:01 - 00000000 ____D C:\Users\kiviis\Desktop\Bewerbungen
2013-07-24 14:03 - 2011-10-18 19:37 - 00003938 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{9EB26621-B30E-40E1-B07B-90F20CE1DF68}
2013-07-24 13:39 - 2011-07-16 07:32 - 00654844 _____ C:\Windows\system32\perfh007.dat
2013-07-24 13:39 - 2011-07-16 07:32 - 00130426 _____ C:\Windows\system32\perfc007.dat
2013-07-24 13:39 - 2009-07-14 07:13 - 01500254 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-24 13:36 - 2012-08-19 23:43 - 00000932 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1544860817-3619579024-2749951792-1000UA.job
2013-07-24 13:36 - 2012-08-19 23:43 - 00000910 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1544860817-3619579024-2749951792-1000Core.job
2013-07-24 00:12 - 2011-10-18 19:35 - 00318696 _____ C:\Users\kiviis\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-24 00:09 - 2013-07-24 00:09 - 00000162 _____ C:\ProgramData\wavav0bdtzbtb43b.reg
2013-07-24 00:09 - 2013-07-24 00:09 - 00000067 _____ C:\ProgramData\wavav0bdtzbtb43b.bat
2013-07-24 00:09 - 2011-10-18 19:37 - 00000000 ___RD C:\Users\kiviis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-18 21:18 - 2013-07-18 21:18 - 00000000 ____D C:\Users\kiviis\Desktop\Shindy
2013-07-18 21:08 - 2013-07-18 20:40 - 85681108 _____ C:\Users\kiviis\Downloads\tjio35u289023u8912zugh214ui781tz587zwuz763.zip
2013-07-18 19:46 - 2013-07-10 17:34 - 00000000 ____D C:\Users\kiviis\Desktop\RAF_3.0-Hoch2-Premium_Edition-DE-2013-VOiCE
2013-07-18 19:42 - 2013-04-22 14:08 - 00000000 ____D C:\Users\kiviis\Desktop\Alpa_Gun-Alles_Kommt_Zurueck-Premium_Edition-DE-2013-VOiCE
2013-07-18 13:58 - 2012-06-27 14:32 - 00000336 _____ C:\Windows\Tasks\HPCeeScheduleForkiviis.job
2013-07-17 22:48 - 2012-06-27 14:32 - 00003192 _____ C:\Windows\System32\Tasks\HPCeeScheduleForkiviis
2013-07-17 22:48 - 2011-11-02 15:09 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-07-17 22:48 - 2011-10-27 18:59 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-07-17 13:20 - 2013-07-17 13:18 - 00000000 ____D C:\Windows\system32\MRT
2013-07-15 19:30 - 2011-10-18 19:33 - 00000000 ____D C:\Users\kiviis
2013-07-15 07:24 - 2012-03-25 11:20 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-07-15 07:24 - 2012-03-25 01:43 - 00000000 ____D C:\ProgramData\Norton
2013-07-15 07:24 - 2012-03-25 01:42 - 00000000 ____D C:\Users\Public\Documents\YouCam
2013-07-15 07:24 - 2011-10-21 00:32 - 00000000 ____D C:\Users\kiviis\Documents\Meine empfangenen Dateien
2013-07-15 07:24 - 2011-10-20 23:26 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-07-15 07:24 - 2011-10-19 22:03 - 00000000 ____D C:\Users\kiviis\Documents\Youcam
2013-07-15 07:24 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-15 07:24 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-15 07:24 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2013-07-15 07:24 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-07-14 21:27 - 2012-05-17 10:52 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-14 21:27 - 2012-05-17 10:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-14 21:27 - 2010-11-21 05:47 - 00094784 _____ C:\Windows\PFRO.log
2013-07-14 21:27 - 2009-07-14 06:45 - 00955576 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-10 16:53 - 2013-07-10 16:53 - 00000000 ____D C:\Users\kiviis\AppData\Local\Macromedia
2013-07-10 16:52 - 2013-07-10 16:52 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-10 16:52 - 2011-10-18 20:23 - 00000000 ____D C:\Users\kiviis\AppData\Local\Adobe
2013-07-10 16:52 - 2011-07-15 22:03 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-07 18:10 - 2013-04-23 16:46 - 00000000 ____D C:\Users\kiviis\Desktop\Macklemore and Ryan Lewis - The Heist (Deluxe Edition) (2012)
2013-07-07 01:24 - 2013-07-03 01:51 - 00000000 ____D C:\Users\kiviis\Desktop\iphone ftw
2013-07-04 17:51 - 2013-06-29 13:44 - 00000000 ____D C:\Users\kiviis\.gimp-2.8
2013-07-04 17:50 - 2013-07-04 17:50 - 00008877 _____ C:\Users\kiviis\AppData\Local\recently-used.xbel
2013-07-04 17:29 - 2013-07-04 16:38 - 155868316 _____ C:\Users\kiviis\Downloads\RAF3.0-2013--.rar
2013-07-04 16:43 - 2013-06-29 14:08 - 00000000 ____D C:\Users\kiviis\AppData\Local\gtk-2.0
2013-07-03 02:06 - 2012-05-06 22:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-03 01:11 - 2013-04-04 16:47 - 00000000 ____D C:\Users\kiviis\Desktop\iphone pics
2013-07-02 22:44 - 2013-07-02 22:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-02 22:39 - 2013-07-02 22:39 - 00000000 ____D C:\Users\kiviis\Desktop\Genetikk--D.N.A.-DE-2013-OMA
2013-07-02 22:38 - 2013-07-02 21:59 - 119944535 _____ C:\Users\kiviis\Downloads\zrt.rar
2013-06-29 13:48 - 2013-06-29 13:48 - 00000000 ____D C:\Users\kiviis\.thumbnails
2013-06-29 13:44 - 2013-06-29 13:44 - 00000000 ____D C:\Users\kiviis\AppData\Local\gegl-0.2
2013-06-29 13:39 - 2013-06-29 13:38 - 00000000 ____D C:\Program Files\GIMP 2
2013-06-29 13:38 - 2013-06-29 13:37 - 90116160 _____ (The GIMP Team                                               ) C:\Users\kiviis\Downloads\gimp-2.8.6-setup.exe
2013-06-28 23:28 - 2012-10-12 16:36 - 00000000 ____D C:\Users\kiviis\Desktop\iphone

Files to move or delete:
====================
C:\ProgramData\wavav0bdtzbtb43b.bat
C:\ProgramData\wavav0bdtzbtb43b.reg

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-15 17:28

==================== End Of Log ============================
         
--- --- ---

Alt 26.07.2013, 07:28   #10
schrauber
/// the machine
/// TB-Ausbilder
 

BKA Trojaner -.- - Standard

BKA Trojaner -.-



Wo ist das Log denn her? Ich denk du kannst nicht booten wegen Sperrbildschirm?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 26.07.2013, 09:41   #11
Kivi1991
 
BKA Trojaner -.- - Standard

BKA Trojaner -.-



Ja dachte ich auch.. Ich hab ihn normal hochgefahren und aufeinmal kam ich normal rein. Beim 2 mal wieder bka bild

Alt 26.07.2013, 09:50   #12
schrauber
/// the machine
/// TB-Ausbilder
 

BKA Trojaner -.- - Standard

BKA Trojaner -.-



Mach bitte den Scan us der Recovery wie oben angegeben.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu BKA Trojaner -.-
64bit, abgesicherte, abgesicherten, abgesicherten modus, ahnung, auf einmal, berühmte, bka trojaner, fenster, guten, home, keine ahnung, laptop, leute, modus, morgen, problem, runter, troja, trojaner, win, win7, win7 64bit, ziemlich




Zum Thema BKA Trojaner -.- - Hallo oder auch guten morgen Leute ich hab ein ziemlich beschissenes Problem :( Ich bekomm auf einmal das son Welt berühmte Fenster von dem BKA Trojaner bekomm es natuerlich nicht - BKA Trojaner -.-...
Archiv
Du betrachtest: BKA Trojaner -.- auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.