Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   InternetExplorer Öffnet fenster bzw. ist von werbung verdeckt. (https://www.trojaner-board.de/160427-internetexplorer-offnet-fenster-bzw-werbung-verdeckt.html)

Ullrich2020 05.11.2014 16:58
InternetExplorer Öffnet fenster bzw. ist von werbung verdeckt.
 
Hi,
ich hoffe ihr könnt mir helfen.

innerhalb von meinem Internetexplorer sind kleine Bilder die nicht weggehen.
Mein System: Windows 7 Pro 64. IE11 Updates und Treiber aktuell.
Beim Schuhe shoppen im Netz sollte ich mein Java updaten °° ( Ja ich weiß nie wieder klicken).
jetzt habe ich das
hxxp://www.directupload.net/file/d/3797/yg6t5j4w_jpg.htm.

TDSS keine Funde.
MBAM keine Funde.
JRT keine funde.
ADW keine funde.

FRST 64.
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014
Ran by SYSTEM on MININT-FKC5G43 on 05-11-2014 16:08:18
Running from G:\
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Trend Micro Titanium] => C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [1382568 2013-09-16] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [216928 2013-08-29] (Trend Micro Inc.)
HKLM\...\Run: [WLM] => C:\Program Files\Trend Micro\Titanium\Plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe [39528 2013-01-31] (Trend Micro Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\Elisabeth\...\Run: [PC Suite Tray] => C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia)
HKU\User\...\Run: [OE] => C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
HKU\User\...\Run: [PC Suite Tray] => C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-05] (Malwarebytes Corporation)
S1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [109072 2013-09-04] (Trend Micro Inc.)
S0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [175528 2013-09-04] (Trend Micro Inc.)
S0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [46392 2012-08-24] (Trend Micro Inc.)
S1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [77184 2013-09-04] (Trend Micro Inc.)
S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2012-05-02] (Trend Micro Inc.)
S2 TMAgent; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-05 16:08 - 2014-11-05 16:08 - 00000000 ____D () C:\FRST
2014-11-05 15:24 - 2014-11-05 15:24 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-11-05 15:23 - 2014-11-05 15:23 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-05 15:23 - 2014-11-05 15:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-05 15:23 - 2014-11-05 15:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-05 15:23 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-11-05 15:23 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2014-11-05 15:23 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2014-11-05 14:52 - 2014-11-05 14:52 - 00000000 ____D () C:\Windows\ERUNT
2014-11-05 14:49 - 2014-11-05 14:49 - 00000000 ____D () C:\Users\User\Downloads\Ada
2014-11-04 15:16 - 2014-11-04 15:41 - 00014034 _____ () C:\Users\User\Documents\Kassenbuch Essen Okt.2014.xlsx
2014-11-04 13:34 - 2014-11-04 14:53 - 00016508 _____ () C:\Users\User\Documents\Kassenbuch GE Oktober 2014.xlsx
2014-11-04 13:10 - 2014-11-04 13:22 - 00012617 _____ () C:\Users\User\Documents\Inventur 31.12.2013 Essen.xlsx
2014-11-03 16:15 - 2014-11-03 16:15 - 00000175 _____ () C:\ProgramData\OutlookFail.20141103.log
2014-11-03 14:33 - 2014-11-04 12:37 - 00030355 _____ () C:\Users\User\Documents\Löhne Oktober 2014.xlsx
2014-10-29 10:07 - 2014-10-29 10:07 - 00001845 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-10-29 10:06 - 2014-10-29 10:07 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-10-29 10:04 - 2014-10-29 10:04 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-10-29 10:02 - 2014-10-29 10:04 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-29 10:02 - 2014-10-29 10:04 - 00000000 ____D () C:\Program Files\iTunes
2014-10-29 10:02 - 2014-10-29 10:04 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-29 10:02 - 2014-10-29 10:02 - 00000000 ____D () C:\Program Files\iPod
2014-10-28 16:04 - 2014-10-28 16:04 - 00000175 _____ () C:\ProgramData\OutlookFail.20141028.log
2014-10-25 08:42 - 2014-10-25 08:42 - 00000175 _____ () C:\ProgramData\OutlookFail.20141025.log
2014-10-24 12:33 - 2014-10-24 12:33 - 00000175 _____ () C:\ProgramData\OutlookFail.20141024.log
2014-10-17 12:25 - 2014-10-17 12:25 - 00000175 _____ () C:\ProgramData\OutlookFail.20141017.log
2014-10-17 10:14 - 2014-10-17 10:15 - 00014922 _____ () C:\Users\User\Documents\Personal A-Z  Stand Oktober 2014.xlsx
2014-10-15 12:07 - 2014-10-15 15:18 - 00000350 _____ () C:\ProgramData\OutlookFail.20141015.log
2014-10-15 08:16 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-10-15 08:16 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\System32\dfshim.dll
2014-10-15 08:16 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 08:16 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 08:16 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\System32\mscorier.dll
2014-10-15 08:16 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 08:16 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\System32\mscories.dll
2014-10-15 08:15 - 2014-10-10 03:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-10-15 08:15 - 2014-10-10 03:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll
2014-10-15 08:15 - 2014-10-10 03:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-10-15 08:15 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-10-15 08:15 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 08:15 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-10-15 08:15 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 08:15 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 08:15 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 08:15 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 08:15 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 08:15 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-10-15 08:15 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-10-15 08:15 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-10-15 08:15 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-10-15 08:15 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 08:15 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-10-15 08:15 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-10-15 08:15 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-10-15 08:15 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-10-15 08:15 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2014-10-15 08:15 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-10-15 08:15 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-10-15 08:15 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-10-15 08:15 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-10-15 08:15 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-10-15 08:15 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 08:15 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-10-15 08:15 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-10-15 08:15 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-10-15 08:15 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 08:15 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-10-15 08:15 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-10-15 08:15 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 08:15 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-10-15 08:15 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 08:15 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 08:15 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-10-15 08:15 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 08:15 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-10-15 08:15 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 08:15 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 08:15 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 08:15 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 08:15 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 08:15 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 08:15 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-10-15 08:15 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-10-15 08:15 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2014-10-15 08:15 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 08:15 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-10-15 08:15 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 08:15 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 08:15 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 08:15 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-10-15 08:15 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 08:15 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-10-15 08:15 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 08:15 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 08:15 - 2014-08-19 04:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\System32\winload.efi
2014-10-15 08:15 - 2014-08-19 04:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\System32\winresume.efi
2014-10-15 08:15 - 2014-08-19 04:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll
2014-10-15 08:15 - 2014-08-19 04:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\System32\setbcdlocale.dll
2014-10-15 08:15 - 2014-08-19 04:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\System32\srclient.dll
2014-10-15 08:15 - 2014-08-19 04:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\rstrui.exe
2014-10-15 08:15 - 2014-08-19 04:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\System32\appidpolicyconverter.exe
2014-10-15 08:15 - 2014-08-19 04:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\System32\appidapi.dll
2014-10-15 08:15 - 2014-08-19 04:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\System32\appidsvc.dll
2014-10-15 08:15 - 2014-08-19 04:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\System32\appidcertstorecheck.exe
2014-10-15 08:15 - 2014-08-19 03:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-15 08:15 - 2014-08-19 03:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-15 08:15 - 2014-08-19 03:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\appid.sys
2014-10-15 08:15 - 2014-07-07 03:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\System32\wmp.dll
2014-10-15 08:15 - 2014-07-07 03:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\System32\wmdrmsdk.dll
2014-10-15 08:15 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2014-10-15 08:15 - 2014-07-07 03:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2014-10-15 08:15 - 2014-07-07 03:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\System32\mf.dll
2014-10-15 08:15 - 2014-07-07 03:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\System32\quartz.dll
2014-10-15 08:15 - 2014-07-07 03:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2014-10-15 08:15 - 2014-07-07 03:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\System32\drmv2clt.dll
2014-10-15 08:15 - 2014-07-07 03:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\System32\cryptui.dll
2014-10-15 08:15 - 2014-07-07 03:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\System32\blackbox.dll
2014-10-15 08:15 - 2014-07-07 03:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
2014-10-15 08:15 - 2014-07-07 03:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\System32\msscp.dll
2014-10-15 08:15 - 2014-07-07 03:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\System32\evr.dll
2014-10-15 08:15 - 2014-07-07 03:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\System32\AUDIOKSE.dll
2014-10-15 08:15 - 2014-07-07 03:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\System32\drmmgrtn.dll
2014-10-15 08:15 - 2014-07-07 03:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
2014-10-15 08:15 - 2014-07-07 03:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\System32\mfplat.dll
2014-10-15 08:15 - 2014-07-07 03:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\System32\msnetobj.dll
2014-10-15 08:15 - 2014-07-07 03:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\System32\AudioSes.dll
2014-10-15 08:15 - 2014-07-07 03:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\System32\EncDump.dll
2014-10-15 08:15 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\System32\mfps.dll
2014-10-15 08:15 - 2014-07-07 03:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\System32\pcasvc.dll
2014-10-15 08:15 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2014-10-15 08:15 - 2014-07-07 03:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\System32\cryptsp.dll
2014-10-15 08:15 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\System32\rrinstaller.exe
2014-10-15 08:15 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\mfpmp.exe
2014-10-15 08:15 - 2014-07-07 03:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\System32\spwmp.dll
2014-10-15 08:15 - 2014-07-07 03:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\System32\msdxm.ocx
2014-10-15 08:15 - 2014-07-07 03:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\System32\dxmasf.dll
2014-10-15 08:15 - 2014-07-07 03:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\System32\wmploc.DLL
2014-10-15 08:15 - 2014-07-07 03:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\System32\audiodg.exe
2014-10-15 08:15 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\mferror.dll
2014-10-15 08:15 - 2014-07-07 02:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\PEAuth.sys
2014-10-15 08:15 - 2014-07-07 02:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-15 08:15 - 2014-07-07 02:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-15 08:15 - 2014-07-07 02:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-15 08:15 - 2014-07-07 02:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-15 08:15 - 2014-07-07 02:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-15 08:15 - 2014-07-07 02:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-15 08:15 - 2014-07-07 02:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-15 08:15 - 2014-07-07 02:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-15 08:15 - 2014-07-07 02:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-15 08:15 - 2014-07-07 02:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-15 08:15 - 2014-07-07 02:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-15 08:15 - 2014-07-07 02:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-15 08:15 - 2014-07-07 02:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-15 08:15 - 2014-07-07 02:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-15 08:15 - 2014-07-07 02:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-15 08:15 - 2014-07-07 02:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-15 08:15 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-15 08:15 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-15 08:15 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-15 08:15 - 2014-07-07 02:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-15 08:15 - 2014-07-07 02:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-15 08:15 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-15 08:15 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-15 08:15 - 2014-07-07 02:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-15 08:15 - 2014-07-07 02:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-15 08:15 - 2014-07-07 02:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-15 08:15 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-15 08:15 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-15 08:15 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-15 08:15 - 2014-06-28 01:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\System32\winload.exe
2014-10-15 08:15 - 2014-06-28 01:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\System32\winresume.exe
2014-10-15 08:15 - 2014-06-28 01:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\System32\ci.dll
2014-10-15 08:13 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\System32\msi.dll
2014-10-15 08:13 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 08:13 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\rastls.dll
2014-10-15 08:13 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 08:13 - 2014-08-29 03:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2014-10-15 08:12 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\System32\packager.dll
2014-10-15 08:12 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 08:12 - 2014-09-05 03:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2014-10-15 08:12 - 2014-09-05 02:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 08:12 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\System32\termsrv.dll
2014-10-15 08:12 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\System32\winlogon.exe
2014-10-15 08:12 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\System32\winsta.dll
2014-10-15 08:12 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2014-10-15 08:12 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2014-10-15 08:12 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2014-10-15 08:12 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 08:12 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 08:12 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 08:12 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2014-10-15 08:12 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys
2014-10-10 07:14 - 2014-10-10 13:48 - 00000350 _____ () C:\ProgramData\OutlookFail.20141010.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-05 16:01 - 2012-06-18 12:36 - 01617575 _____ () C:\Windows\WindowsUpdate.log
2014-11-05 15:52 - 2012-08-31 14:33 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-05 15:51 - 2012-07-16 09:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-05 15:45 - 2009-07-14 05:45 - 00031856 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-05 15:45 - 2009-07-14 05:45 - 00031856 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-05 15:22 - 2012-08-31 14:33 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-05 15:17 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-05 15:17 - 2009-07-14 05:51 - 00088173 _____ () C:\Windows\setupact.log
2014-11-05 15:16 - 2010-11-21 04:47 - 00092952 _____ () C:\Windows\PFRO.log
2014-11-05 14:51 - 2011-04-12 08:43 - 00714354 _____ () C:\Windows\System32\perfh007.dat
2014-11-05 14:51 - 2011-04-12 08:43 - 00154334 _____ () C:\Windows\System32\perfc007.dat
2014-11-05 14:51 - 2009-07-14 06:13 - 01660108 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-11-04 15:45 - 2012-06-19 13:19 - 00000000 ____D () C:\Users\User\Documents\Outlook-Dateien
2014-11-04 15:42 - 2014-02-05 14:23 - 00000000 ____D () C:\Users\User\Documents\Kassenbücher 2014
2014-10-29 10:02 - 2014-09-24 13:12 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-29 10:02 - 2013-04-02 14:31 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-28 04:53 - 2012-08-31 14:34 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-27 08:10 - 2012-08-13 16:57 - 00016479 _____ () C:\Users\User\Documents\Abrechnung Stadion Neu  Gesamt Kasse.xlsx
2014-10-24 12:49 - 2012-07-25 17:20 - 00042496 _____ () C:\Users\User\Documents\Personal Getränke Stadion.xls
2014-10-24 12:46 - 2012-07-24 13:10 - 00013128 _____ () C:\Users\User\Desktop\Wurst Personal Stadion.xlsx
2014-10-23 12:05 - 2012-06-20 11:34 - 00000000 ____D () C:\Users\User\Documents\Schilder RWE
2014-10-23 08:47 - 2012-08-31 14:33 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-23 08:47 - 2012-08-31 14:33 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-21 07:30 - 2014-08-22 11:33 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2014-10-21 07:29 - 2012-07-16 09:42 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-21 07:29 - 2012-06-20 08:39 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-21 07:29 - 2012-06-20 08:39 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-21 07:25 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\System32\NDF
2014-10-17 10:02 - 2009-07-14 05:45 - 00353456 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-10-17 09:57 - 2014-05-05 11:50 - 00000000 ___SD () C:\Windows\System32\CompatTel
2014-10-17 09:57 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-17 09:57 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\System32\Dism
2014-10-15 15:45 - 2012-06-19 12:09 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-15 15:37 - 2013-08-15 16:33 - 00000000 ____D () C:\Windows\System32\MRT
2014-10-15 15:29 - 2012-06-19 16:50 - 103265616 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-10-13 12:56 - 2012-06-20 11:34 - 00000000 ____D () C:\Users\User\Documents\Marl Saturn
2014-10-06 07:26 - 2014-09-29 15:31 - 00022647 _____ () C:\Users\User\Documents\Löhne September 2014.xlsx

Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\atl80.dll
C:\Users\User\AppData\Local\Temp\libexpat.dll
C:\Users\User\AppData\Local\Temp\mfc80.dll
C:\Users\User\AppData\Local\Temp\mfc80u.dll
C:\Users\User\AppData\Local\Temp\mfcm80.dll
C:\Users\User\AppData\Local\Temp\mfcm80u.dll
C:\Users\User\AppData\Local\Temp\msvcm80.dll
C:\Users\User\AppData\Local\Temp\msvcp80.dll
C:\Users\User\AppData\Local\Temp\msvcr80.dll
C:\Users\User\AppData\Local\Temp\nlsdl.dll
C:\Users\User\AppData\Local\Temp\Quarantine.exe
C:\Users\User\AppData\Local\Temp\TmDbg64.dll


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe
[2014-10-15 08:12] - [2014-07-17 03:07] - 0455168 ____A (Microsoft Corporation) 8CEBD9D0A0A879CDE9F36F4383B7CAEA

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2014-07-10 07:19:55
Restore point made on: 2014-07-24 13:09:35
Restore point made on: 2014-08-14 15:10:37
Restore point made on: 2014-08-26 07:56:06
Restore point made on: 2014-08-28 15:25:45
Restore point made on: 2014-09-10 15:00:05
Restore point made on: 2014-09-24 13:21:00
Restore point made on: 2014-10-01 02:00:28
Restore point made on: 2014-10-15 15:28:36

==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 4094.33 MB
Available physical RAM: 3438.5 MB
Total Pagefile: 4092.53 MB
Available Pagefile: 3429.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:231.8 GB) (Free:156.64 GB) NTFS
Drive g: (MICROX) (Fixed) (Total:14.6 GB) (Free:13.76 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 231.9 GB) (Disk ID: C1B5D672)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=231.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 14.6 GB) (Disk ID: 5CBDCF47)
Partition 1: (Active) - (Size=14.6 GB) - (Type=0C)


LastRegBack: 2012-06-18 13:50

==================== End Of Log ============================
--- --- ---

schrauber 05.11.2014 17:11
Hi,

FRST bitte im normalen Modus vom Desktop aus ausführen.

Ullrich2020 06.11.2014 07:46
Frische Logs.
 
FRST
Code:

LastRegBack: 2014-11-05 18:10

==================== End Of Log ============================
Addition.txt
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2014
Ran by User at 2014-11-06 07:38:41
Running from F:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Trend Micro Titanium Maximum Security (Enabled - Up to date) {B7599298-8445-728A-A5C7-A26A082C8BDA}
AS: Trend Micro Titanium Maximum Security (Enabled - Up to date) {0C38737C-A27F-7D04-9F77-991873ABC167}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Lexware faktura+auftrag 2012 (HKLM-x32\...\{E8033CB5-A8DF-47B3-BDE9-1796626994C6}) (Version: 16.03.00.0140 - Haufe-Lexware GmbH & Co.KG)
Lexware Info Service (HKLM-x32\...\{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}) (Version: 2.80.00.0007 - Haufe-Lexware GmbH & Co.KG)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
Nokia Connectivity Cable Driver (HKLM-x32\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia)
Nokia PC Suite (HKLM-x32\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia)
Nokia PC Suite (x32 Version: 7.1.180.94 - Nokia) Hidden
PC Connectivity Solution (HKLM-x32\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Trend Micro Titanium (Version: 6.00 - Trend Micro Inc.) Hidden
Trend Micro Titanium Maximum Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 6.0 - Trend Micro Inc.)
Windows-Treiberpaket - Nokia Modem  (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
Windows-Treiberpaket - Nokia Modem  (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinRAR 4.20 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

10-09-2014 13:59:52 Windows Update
24-09-2014 12:20:45 Windows Update
01-10-2014 01:00:13 Windows Update
15-10-2014 14:28:21 Windows Update
05-11-2014 17:12:53 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05355A5E-D0C2-4023-98EE-7D1F586D4030} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {4E302DD3-9F26-4F66-9DE0-06CE6DDCDBF4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {7DFFF5F4-67A7-49D6-B97A-307EA3CE7809} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {9991C64B-77B4-40FB-B0B2-83008EA4DEEA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-21] (Adobe Systems Incorporated)
Task: {EA57C274-C4B3-43AC-B4E9-467F3B33507E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-03-23 19:34 - 2012-05-02 20:27 - 00049664 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_49.dll
2013-03-23 19:34 - 2012-05-02 20:24 - 00731136 _____ () C:\Program Files\Trend Micro\AMSP\sqlite3.dll
2013-03-23 19:34 - 2012-05-02 20:24 - 00064512 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_49.dll
2013-03-23 19:34 - 2012-05-02 20:25 - 01719808 _____ () C:\Program Files\Trend Micro\AMSP\libprotobuf.dll
2013-03-23 19:34 - 2012-05-02 20:25 - 00016896 _____ () C:\Program Files\Trend Micro\AMSP\boost_system-vc80-mt-1_49.dll
2013-03-23 19:21 - 2012-07-25 16:53 - 00289088 _____ () C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-23 09:15 - 2013-09-16 16:44 - 00719248 _____ () C:\Program Files\Trend Micro\Titanium\plugin\TMAS\TMAS_WLM\WLMailApiCore.dll
2012-06-26 13:11 - 2012-06-26 13:11 - 02302040 _____ () C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtCore4.dll
2012-06-26 13:11 - 2012-06-26 13:11 - 08197208 _____ () C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtGui4.dll
2012-06-26 13:11 - 2012-06-26 13:11 - 00345688 _____ () C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtXml4.dll
2012-06-26 13:10 - 2012-06-26 13:10 - 00202328 _____ () C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll
2012-06-26 13:10 - 2012-06-26 13:10 - 00027736 _____ () C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll
2012-06-26 13:11 - 2012-06-26 13:11 - 00282200 _____ () C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtSvg4.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-619536701-2779497087-1137625536-500 - Administrator - Disabled)
Elisabeth (S-1-5-21-619536701-2779497087-1137625536-1003 - Limited - Enabled) => C:\Users\Elisabeth
Gast (S-1-5-21-619536701-2779497087-1137625536-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-619536701-2779497087-1137625536-1002 - Limited - Enabled)
User (S-1-5-21-619536701-2779497087-1137625536-1001 - Administrator - Enabled) => C:\Users\User

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/05/2014 06:15:36 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (11/05/2014 04:14:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/05/2014 03:18:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (11/05/2014 06:15:36 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\Nokia\Nokia PC Suite 7\TIS_Windows7PIM.dll

Error: (11/05/2014 04:14:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/05/2014 03:18:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU E5300 @ 2.60GHz
Percentage of memory in use: 29%
Total physical RAM: 4094.33 MB
Available physical RAM: 2892.21 MB
Total Pagefile: 8186.84 MB
Available Pagefile: 6847.28 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:231.8 GB) (Free:157.14 GB) NTFS
Drive f: (MICROX) (Fixed) (Total:14.6 GB) (Free:13.76 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 231.9 GB) (Disk ID: C1B5D672)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=231.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 14.6 GB) (Disk ID: 5CBDCF47)
Partition 1: (Active) - (Size=14.6 GB) - (Type=0C)

==================== End Of Log ============================

schrauber 06.11.2014 20:29
Du siehst doch selbst dass die FRST.txt leer ist oder? :)
FRST bitte nochmal :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:12 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129