Win7 64bit Home Trojaner Bundesamt f. Informationssicherheit Kein abgesicherter Modus

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2014
Ran by SYSTEM on MININT-9IB8GU2 on 23-11-2014 18:12:02
Running from G:\
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5028464 2012-01-12] (VIA)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-27] (Intel Corporation)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [383544 2012-12-14] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\Falko\...\Run: [DT Emphelungstool] => "C:\Users\Falko\AppData\Local\Deutsche Telekom\Empfehlungstool\DTEmpfehlungstool.exe" 1
AppInit_DLLs-x32: C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll => C:\Program Files (x86)\Citrix\ICA Client\RSHook.dll [256568 2012-12-14] (Citrix Systems, Inc.)
Startup: C:\Users\Falko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
ShortcutTarget: program.lnk -> C:\ProgramData\DF46C89A.cpp (Sun Microsystems, Inc.)

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
S2 TP_SERVICE_71_ENGINE; C:\TaiPan\TPSVC.EXE [345088 2010-05-12] (Lenz+Partner AG)
S2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-01-10] (VIA Technologies, Inc.)
S2 Winmgmt; C:\ProgramData\A98C64FD.dot [332800 2014-10-26] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [60488 2013-03-15] (SafeNet Inc.)
S3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [303624 2013-08-09] (SafeNet Inc.)
S1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-06-06] ()
S2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [331328 2013-08-09] (SafeNet Inc.)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-23 18:11 - 2014-11-23 18:12 - 00000000 ____D () C:\FRST
2014-10-26 21:36 - 2014-10-26 21:36 - 00332800 ____T () C:\ProgramData\A98C64FD.dot
2014-10-26 21:36 - 2014-10-26 21:36 - 00200704 _____ (Sun Microsystems, Inc.) C:\ProgramData\DF46C89A.cpp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-23 17:21 - 2013-06-06 09:04 - 01489227 _____ () C:\Windows\WindowsUpdate.log
2014-11-23 17:21 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-23 17:21 - 2009-07-14 05:51 - 00092992 _____ () C:\Windows\setupact.log
2014-11-23 17:16 - 2009-07-14 05:45 - 00028720 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-23 17:16 - 2009-07-14 05:45 - 00028720 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-23 17:14 - 2013-06-06 22:20 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-23 17:14 - 2013-06-06 22:19 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-23 17:13 - 2013-06-06 22:20 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-23 17:13 - 2013-06-06 22:20 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-28 21:14 - 2013-06-06 22:20 - 00002181 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-28 21:14 - 2013-06-06 22:20 - 00002181 _____ () C:\ProgramData\Desktop\Google Chrome.lnk
2014-10-27 15:35 - 2013-07-14 10:17 - 00000000 ____D () C:\Users\Silvi\Documents\Outlook-Dateien
2014-10-27 15:33 - 2013-06-06 17:43 - 00000000 ____D () C:\Users\Falko\Documents\Outlook-Dateien
2014-10-27 14:50 - 2013-08-16 20:35 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-27 13:49 - 2011-04-12 08:43 - 00702926 _____ () C:\Windows\System32\perfh007.dat
2014-10-27 13:49 - 2011-04-12 08:43 - 00150566 _____ () C:\Windows\System32\perfc007.dat
2014-10-27 13:49 - 2009-07-14 06:13 - 01629276 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-10-26 19:31 - 2013-07-27 18:29 - 00000040 _____ () C:\Users\Falko\AppData\Roaming\cdr.ini
2014-10-26 19:30 - 2013-06-20 05:37 - 00000000 ____D () C:\Users\Falko\AppData\Roaming\AccurateRip

Files to move or delete:
====================
C:\Users\Falko\msjava.dll


Some content of TEMP:
====================
C:\Users\Falko\AppData\Local\Temp\c1B6.dll
C:\Users\Falko\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Falko\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Falko\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Falko\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Falko\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2014-10-16 06:24:41
Restore point made on: 2014-10-16 10:28:24
Restore point made on: 2014-10-17 00:42:50
Restore point made on: 2014-10-20 13:33:15
Restore point made on: 2014-10-26 14:18:04

==================== Memory info =========================== 

Percentage of memory in use: 10%
Total physical RAM: 8085.95 MB
Available physical RAM: 7222.83 MB
Total Pagefile: 8084.15 MB
Available Pagefile: 7201.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:488.06 GB) (Free:420.84 GB) NTFS
Drive e: (Daten) (Fixed) (Total:1374.73 GB) (Free:1198.03 GB) NTFS
Drive f: (GSP1RMCHPXFREO_DE_DVD) (CDROM) (Total:3.04 GB) (Free:0 GB) UDF
Drive g: (USB DISK) (Fixed) (Total:3.77 GB) (Free:3.76 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (Filme) (Fixed) (Total:931.51 GB) (Free:28.21 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 22CD1D13)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: DFB19BFC)

Partition: GPT Partition Type.

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 3.8 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=3.8 GB) - (Type=0B)


LastRegBack: 2014-10-26 15:24

==================== End Of Log ============================