Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Anruf von angeblichen Microsoft Mitarbeiter - nun ist Computer gesperrt 2015 (https://www.trojaner-board.de/172088-anruf-angeblichen-microsoft-mitarbeiter-computer-gesperrt-2015-a.html)

DonTrojaner 14.10.2015 20:34
Anruf von angeblichen Microsoft Mitarbeiter - nun ist Computer gesperrt 2015
 
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:12-10-2015
durchgeführt von SYSTEM auf MININT-SP6BB8D (14-10-2015 20:47:49)
Gestartet von E:\
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11
Start-Modus: Recovery
Standard: ControlSet001
ACHTUNG!:=====> Wenn das System startfähig ist sollte FRST im normalen oder abgesicherten Modus ausgeführt werden, um ein vollständiges Ergebnis zu erhalten.

Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-20] (IDT, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2874168 2012-09-14] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-08-24] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [782520 2015-09-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Wondershare Helper Compact] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2020704 2014-07-09] (Wondershare)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2020704 2014-07-09] (Wondershare)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-09-10] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\Elmetik\...\Run: [Wondershare Helper Compact] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2020704 2014-07-09] (Wondershare)
HKU\Elmetik\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22344224 2015-07-29] (Google)
HKU\Elmetik\...\Run: [HP Officejet Pro 8620 (NET)] => C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\Elmetik\...\Run: [CAHeadless] => C:\Program Files (x86)\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [835224 2011-09-14] (Adobe Systems Incorporated)
HKU\Elmetik\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [57981568 2015-09-27] (Skype Technologies S.A.)

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-14] (Adobe Systems Incorporated)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [932912 2015-09-24] (Avira Operations GmbH & Co. KG)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [461672 2015-09-24] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [461672 2015-09-24] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1147720 2015-10-14] (Avira Operations GmbH & Co. KG)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [240872 2015-09-10] (Avira Operations GmbH & Co. KG)
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2774104 2015-09-11] (Microsoft Corporation)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
S2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-20] (Intel Corporation)
S2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [149032 2012-08-16] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-08] ()
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exe [143928 2012-06-14] (Symantec Corporation)
S2 postgresql-8.4; c:\postgreSQL\bin\pg_ctl.exe [66048 2014-02-18] (PostgreSQL Global Development Group)
S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448976 2015-04-17] (TeamViewer GmbH)
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-08-09] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2014-01-08] (Intel® Corporation)
S2 Service Mgr RollAround; "C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugincontainer.exe" [X]
S2 Update Mgr RollAround; "C:\Program Files (x86)\Common Files\2a617352-d396-46a3-a71b-5d89535356cf\updater.exe" [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [137800 2015-09-24] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [148632 2015-07-28] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-07-23] (Avira Operations GmbH & Co. KG)
S2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [74440 2015-09-24] (Avira Operations GmbH & Co. KG)
S3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20120615.003\BHDrvx64.sys [1377440 2012-06-11] (Symantec Corporation)
S3 bthav; C:\Windows\system32\drivers\bthav.sys [40448 2008-07-10] (CSR, plc)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [857472 2012-08-29] (Motorola Solutions, Inc.)
S3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1400000.088\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20120611.002\IDSVia64.sys [509088 2012-06-11] (Symantec Corporation)
S3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [20968 2012-08-16] ()
S3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [19944 2012-08-16] ()
S3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-21] (Intel Corporation)
S3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46016 2012-08-16] ()
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20120616.009\ENG64.SYS [120440 2012-06-16] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20120616.009\EX64.SYS [2068600 2012-06-16] (Symantec Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3349984 2014-04-17] (Intel Corporation)
S0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-12] (Corel Corporation)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [273040 2012-09-07] (Realtek Semiconductor Corp.)
S3 SAlphamHid; C:\Windows\System32\drivers\SAlpham64.sys [39168 2014-05-27] (SteelSeries Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-14] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-09-14] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\system32\drivers\NISx64\1400000.088\SRTSP64.SYS [753312 2012-05-25] (Symantec Corporation)
S3 SRTSPX; C:\Windows\system32\drivers\NISx64\1400000.088\SRTSPX64.SYS [37496 2012-01-11] (Symantec Corporation)
S3 SymDS; C:\Windows\system32\drivers\NISx64\1400000.088\SYMDS64.SYS [485024 2012-05-25] (Symantec Corporation)
S3 SymEFA; C:\Windows\system32\drivers\NISx64\1400000.088\SYMEFA64.SYS [1129120 2012-05-21] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1400000.088\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2012-11-01] (Symantec Corporation)
S3 SymIRON; C:\Windows\system32\drivers\NISx64\1400000.088\Ironx64.SYS [222368 2012-05-25] (Symantec Corporation)
S3 SymNetS; C:\Windows\system32\drivers\NISx64\1400000.088\SYMNETS.SYS [431224 2012-05-09] (Symantec Corporation)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-06-23] (TuneUp Software)
S3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-11-29] (Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
S3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2015-09-23] ()
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-11-29] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-10-14 20:46 - 2015-10-14 20:46 - 00000000 ____D C:\FRST
2015-10-14 08:01 - 2015-09-10 19:02 - 25851392 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2015-10-14 08:01 - 2015-09-10 18:18 - 02886656 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2015-10-14 08:01 - 2015-09-10 18:14 - 05990400 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2015-10-14 08:01 - 2015-09-10 18:09 - 20358144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-10-14 08:01 - 2015-09-10 17:33 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-10-14 08:01 - 2015-09-10 17:24 - 14456832 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2015-10-14 08:01 - 2015-09-10 17:02 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-10-14 08:01 - 2015-09-10 17:00 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-10-14 08:01 - 2015-09-10 16:57 - 02487808 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2015-10-14 08:01 - 2015-08-27 03:43 - 22372152 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2015-10-14 08:01 - 2015-08-27 03:42 - 19795904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-10-14 08:01 - 2015-08-07 22:40 - 01134752 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2015-10-14 08:01 - 2015-08-07 22:40 - 00686960 _____ (Microsoft Corporation) C:\Windows\System32\advapi32.dll
2015-10-14 08:01 - 2015-08-07 22:40 - 00507176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-10-14 08:01 - 2015-08-07 15:13 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-10-14 08:01 - 2015-08-06 18:05 - 00669184 _____ (Microsoft Corporation) C:\Windows\System32\hhctrl.ocx
2015-10-14 08:01 - 2015-08-06 17:47 - 04710400 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2015-10-14 08:01 - 2015-08-06 17:37 - 00536576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
2015-10-14 08:01 - 2015-08-06 17:18 - 04068352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-10-14 08:00 - 2015-09-29 13:31 - 07457624 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2015-10-14 08:00 - 2015-09-29 13:31 - 01658536 _____ (Microsoft Corporation) C:\Windows\System32\winload.efi
2015-10-14 08:00 - 2015-09-29 13:31 - 01519592 _____ (Microsoft Corporation) C:\Windows\System32\winload.exe
2015-10-14 08:00 - 2015-09-29 13:31 - 01487008 _____ (Microsoft Corporation) C:\Windows\System32\winresume.efi
2015-10-14 08:00 - 2015-09-29 13:31 - 01355848 _____ (Microsoft Corporation) C:\Windows\System32\winresume.exe
2015-10-14 08:00 - 2015-09-29 13:29 - 00136904 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2015-10-14 08:00 - 2015-09-28 19:45 - 03705344 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2015-10-14 08:00 - 2015-09-28 19:26 - 00409088 _____ (Microsoft Corporation) C:\Windows\System32\WUSettingsProvider.dll
2015-10-14 08:00 - 2015-09-28 19:25 - 00140288 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2015-10-14 08:00 - 2015-09-28 19:25 - 00095744 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2015-10-14 08:00 - 2015-09-28 19:25 - 00035840 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2015-10-14 08:00 - 2015-09-28 19:22 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-10-14 08:00 - 2015-09-28 19:22 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-10-14 08:00 - 2015-09-28 19:22 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-10-14 08:00 - 2015-09-28 19:15 - 02243072 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2015-10-14 08:00 - 2015-09-28 19:13 - 00891904 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2015-10-14 08:00 - 2015-09-28 19:12 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-10-14 08:00 - 2015-09-24 17:42 - 00348672 _____ (Microsoft Corporation) C:\Windows\System32\bdesvc.dll
2015-10-14 08:00 - 2015-09-24 17:40 - 00737280 _____ (Microsoft Corporation) C:\Windows\System32\fveapi.dll
2015-10-14 08:00 - 2015-09-10 18:19 - 00585728 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2015-10-14 08:00 - 2015-09-10 18:18 - 00088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2015-10-14 08:00 - 2015-09-10 18:06 - 00616960 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2015-10-14 08:00 - 2015-09-10 18:04 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2015-10-14 08:00 - 2015-09-10 17:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2015-10-14 08:00 - 2015-09-10 17:39 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-10-14 08:00 - 2015-09-10 17:37 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2015-10-14 08:00 - 2015-09-10 17:37 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-10-14 08:00 - 2015-09-10 17:35 - 00315392 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2015-10-14 08:00 - 2015-09-10 17:28 - 01032704 _____ (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
2015-10-14 08:00 - 2015-09-10 17:28 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-10-14 08:00 - 2015-09-10 17:27 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-10-14 08:00 - 2015-09-10 17:21 - 00262144 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2015-10-14 08:00 - 2015-09-10 17:19 - 00801280 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2015-10-14 08:00 - 2015-09-10 17:19 - 00720896 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2015-10-14 08:00 - 2015-09-10 17:19 - 00374784 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2015-10-14 08:00 - 2015-09-10 17:17 - 02126336 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2015-10-14 08:00 - 2015-09-10 17:17 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-10-14 08:00 - 2015-09-10 17:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-10-14 08:00 - 2015-09-10 17:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-10-14 08:00 - 2015-09-10 17:01 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-10-14 08:00 - 2015-09-10 16:57 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-10-14 08:00 - 2015-09-10 16:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-10-14 08:00 - 2015-09-10 16:55 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-10-14 08:00 - 2015-09-10 16:55 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-10-14 08:00 - 2015-09-10 16:45 - 01546752 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2015-10-14 08:00 - 2015-09-10 16:34 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2015-10-14 08:00 - 2015-09-10 16:31 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-10-14 08:00 - 2015-09-10 16:27 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-10-14 08:00 - 2015-09-10 16:26 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-10-14 08:00 - 2015-08-22 14:42 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-10-14 08:00 - 2015-08-22 14:42 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 08:00 - 2015-08-22 14:42 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 08:00 - 2015-08-22 14:42 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 08:00 - 2015-08-22 14:42 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 08:00 - 2015-08-22 14:42 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 08:00 - 2015-08-22 14:42 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 08:00 - 2015-08-22 14:42 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 08:00 - 2015-08-22 14:42 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 08:00 - 2015-08-22 14:42 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 08:00 - 2015-08-22 14:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 08:00 - 2015-08-22 14:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 08:00 - 2015-08-22 14:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 08:00 - 2015-08-22 14:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 08:00 - 2015-08-22 14:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 08:00 - 2015-08-22 14:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 08:00 - 2015-08-22 14:35 - 00984448 _____ (Microsoft Corporation) C:\Windows\System32\ucrtbase.dll
2015-10-14 08:00 - 2015-08-22 14:35 - 00063840 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 08:00 - 2015-08-22 14:35 - 00020832 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 08:00 - 2015-08-22 14:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 08:00 - 2015-08-22 14:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 08:00 - 2015-08-22 14:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 08:00 - 2015-08-22 14:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 08:00 - 2015-08-22 14:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 08:00 - 2015-08-22 14:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 08:00 - 2015-08-22 14:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 08:00 - 2015-08-22 14:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 08:00 - 2015-08-22 14:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 08:00 - 2015-08-22 14:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 08:00 - 2015-08-22 14:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 08:00 - 2015-08-22 14:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 08:00 - 2015-08-22 14:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 08:00 - 2015-08-07 22:40 - 01736520 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2015-10-14 08:00 - 2015-08-07 22:40 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-10-14 08:00 - 2015-07-16 19:58 - 00074752 _____ (Microsoft Corporation) C:\Windows\System32\NcdAutoSetup.dll
2015-10-09 10:48 - 2015-10-09 10:48 - 03495920 _____ (Nanosystems S.r.l.) C:\Users\Elmetik\Downloads\Supremo.exe
2015-10-09 10:48 - 2015-10-09 10:48 - 03495920 _____ (Nanosystems S.r.l.) C:\Users\Elmetik\Downloads\Supremo (1).exe
2015-10-04 12:15 - 2015-10-05 07:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-09-21 08:16 - 2015-09-21 08:16 - 00001205 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2015-09-21 08:16 - 2015-09-21 08:16 - 00000000 ____D C:\Users\Elmetik\AppData\Roaming\Thunderbird
2015-09-21 08:16 - 2015-09-21 08:16 - 00000000 ____D C:\Users\Elmetik\AppData\Local\Thunderbird
2015-09-21 08:14 - 2015-09-21 08:15 - 33860488 _____ (Mozilla) C:\Users\Elmetik\Downloads\Thunderbird Setup 38.2.0.exe

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-10-14 20:43 - 2012-11-02 06:03 - 00000000 _____ C:\Recovery.txt
2015-10-14 16:34 - 2014-03-18 02:50 - 00261196 _____ C:\Windows\PFRO.log
2015-10-14 15:35 - 2013-08-22 16:36 - 00000000 ___RD C:\Windows\ToastData
2015-10-14 15:35 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-14 15:35 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\System32\config\BBI
2015-10-14 15:34 - 2014-08-09 14:01 - 01469241 _____ C:\Windows\WindowsUpdate.log
2015-10-14 15:09 - 2015-01-25 11:57 - 00000000 ____D C:\Users\Elmetik\AppData\Roaming\Skype
2015-10-14 15:00 - 2014-08-05 12:19 - 00001138 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-14 15:00 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\System32\sru
2015-10-14 14:55 - 2015-06-18 08:57 - 00000434 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job
2015-10-14 08:04 - 2012-07-26 08:59 - 00000000 ____D C:\Windows\CbsTemp
2015-10-14 08:00 - 2014-08-05 12:19 - 00001134 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-14 07:53 - 2015-04-27 13:18 - 00000000 ___RD C:\Users\Elmetik\Google Drive
2015-10-14 07:53 - 2014-08-09 14:04 - 00000000 ___DO C:\Users\Elmetik\OneDrive
2015-10-13 14:59 - 2015-05-18 13:19 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-13 09:59 - 2014-08-05 12:20 - 00003592 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-714625973-787634973-11193706-1001
2015-10-13 09:48 - 2012-11-01 19:37 - 00000000 ____D C:\ProgramData\Package Cache
2015-10-09 11:44 - 2014-03-18 11:03 - 01984420 _____ C:\Windows\System32\PerfStringBackup.INI
2015-10-09 11:44 - 2014-03-18 10:25 - 00843606 _____ C:\Windows\System32\perfh007.dat
2015-10-09 11:44 - 2014-03-18 10:25 - 00192300 _____ C:\Windows\System32\perfc007.dat
2015-10-09 11:42 - 2013-08-22 15:46 - 00344340 _____ C:\Windows\setupact.log
2015-10-08 07:17 - 2015-01-25 11:57 - 00000000 ____D C:\ProgramData\Skype
2015-10-06 12:04 - 2015-04-04 21:41 - 00000000 ___SD C:\Windows\System32\GWX
2015-10-06 09:51 - 2015-04-04 21:41 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-10-05 07:18 - 2015-05-19 11:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-02 15:24 - 2013-08-22 16:38 - 00810488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-02 15:24 - 2013-08-22 16:38 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-30 14:26 - 2014-07-31 00:33 - 00000000 ____D C:\Users\Elmetik\AppData\Local\Packages
2015-09-26 10:09 - 2015-08-31 09:25 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-09-25 16:46 - 2015-07-21 10:27 - 00000000 _____ C:\Users\Elmetik\Documents\CN4COEK1NY_FAX
2015-09-24 13:02 - 2014-08-05 12:53 - 00137800 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2015-09-24 13:02 - 2014-08-05 12:53 - 00074440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2015-09-23 07:27 - 2012-11-01 19:33 - 00034752 _____ C:\Windows\System32\Drivers\WPRO_41_2001.sys
2015-09-17 07:55 - 2014-08-05 12:19 - 00004110 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-17 07:55 - 2014-08-05 12:19 - 00003874 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-16 08:00 - 2015-03-11 11:44 - 00003102 _____ C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-714625973-787634973-11193706-1001
2015-09-14 09:38 - 2014-08-04 12:47 - 00000000 ____D C:\Windows\System32\MRT

Einige Dateien in TEMP:
====================
C:\Users\Elmetik\AppData\Local\Temp\avgnt.exe
C:\Users\Elmetik\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Elmetik\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Elmetik\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Elmetik\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Elmetik\AppData\Local\Temp\x2blapi.dll
C:\Users\Elmetik\AppData\Local\Temp\_unps.exe


==================== Known DLLs (Nicht auf der Ausnahmeliste) =========================


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\System32\winlogon.exe
[2015-03-06 12:49] - [2014-10-29 02:22] - 0572416 ____A (Microsoft Corporation) EC498BAE1F0D3E0E401C963F8D76C437

C:\Windows\System32\wininit.exe
[2015-03-06 12:46] - [2014-10-29 02:25] - 0145920 ____A (Microsoft Corporation) A570A64292214C43E0BA50E6A72A6380

C:\Windows\explorer.exe
[2015-03-11 15:51] - [2015-01-28 00:47] - 2501368 ____A (Microsoft Corporation) C10A66189DC8C090E7C84873EDCEBC88

C:\Windows\SysWOW64\explorer.exe
[2015-03-11 15:51] - [2015-01-28 00:41] - 2207488 ____A (Microsoft Corporation) 91E24273FCA076EA9E65DAFA98901225

C:\Windows\System32\svchost.exe
[2015-03-06 12:45] - [2014-10-29 05:11] - 0038792 ____A (Microsoft Corporation) E3A2AD05E24105B35E986CF9CB38EC47

C:\Windows\SysWOW64\svchost.exe
[2015-03-06 12:45] - [2014-10-29 04:17] - 0033088 ____A (Microsoft Corporation) D0ABC231C0B3E88C6B612B28ABBF734D

C:\Windows\System32\services.exe
[2015-05-13 13:21] - [2015-04-08 23:55] - 0410128 ____A (Microsoft Corporation) E0C7813A97CA7947FF5C18A8F3B61A45

C:\Windows\System32\User32.dll
[2015-03-06 12:52] - [2014-10-29 05:00] - 1540696 ____A (Microsoft Corporation) 25026E350BC3BE37631634EC72B10BD5

C:\Windows\SysWOW64\User32.dll
[2015-03-06 12:52] - [2014-10-29 02:04] - 1376256 ____A (Microsoft Corporation) 76C5CF09F53A3B089B5581B9938F8CAE

C:\Windows\System32\userinit.exe
[2015-03-06 12:43] - [2014-10-29 02:28] - 0026112 ____A (Microsoft Corporation) 5C131534A3EA4A461A793FB507A8004F

C:\Windows\SysWOW64\userinit.exe
[2015-03-06 12:44] - [2014-10-29 02:05] - 0022528 ____A (Microsoft Corporation) D10643FC0095434C819316CA6CD748C0

C:\Windows\System32\rpcss.dll
[2015-03-06 12:51] - [2014-10-29 02:19] - 0817664 ____A (Microsoft Corporation) A6F17C299A03BAFEFB9257C462A19E00

C:\Windows\System32\dnsapi.dll
[2015-03-06 12:50] - [2014-10-29 02:30] - 0657920 ____A (Microsoft Corporation) A5675939CF0F99B20B5A3CFCC3C1B46A

C:\Windows\SysWOW64\dnsapi.dll
[2015-03-06 12:50] - [2014-10-29 02:06] - 0498688 ____A (Microsoft Corporation) BD9C7A068C46053F8747CEA73B5930AB

C:\Windows\System32\Drivers\volsnap.sys => MD5 ist legitim

==================== Wiederherstellungspunkte =========================

Wiederherstellungspunkt Datum: 2015-09-21 07:52:04
Wiederherstellungspunkt Datum: 2015-09-29 09:17:35
Wiederherstellungspunkt Datum: 2015-09-29 09:17:36
Wiederherstellungspunkt Datum: 2015-09-29 09:17:37
Wiederherstellungspunkt Datum: 2015-09-29 09:17:40
Wiederherstellungspunkt Datum: 2015-09-29 09:17:41
Wiederherstellungspunkt Datum: 2015-09-30 08:50:23
Wiederherstellungspunkt Datum: 2015-10-06 09:17:35
Wiederherstellungspunkt Datum: 2015-10-06 09:17:36
Wiederherstellungspunkt Datum: 2015-10-06 09:17:37
Wiederherstellungspunkt Datum: 2015-10-06 09:17:40
Wiederherstellungspunkt Datum: 2015-10-06 09:17:41
Wiederherstellungspunkt Datum: 2015-10-06 09:51:01
Wiederherstellungspunkt Datum: 2015-10-13 09:17:35
Wiederherstellungspunkt Datum: 2015-10-13 09:17:36
Wiederherstellungspunkt Datum: 2015-10-13 09:17:37
Wiederherstellungspunkt Datum: 2015-10-13 09:17:40
Wiederherstellungspunkt Datum: 2015-10-13 09:17:41
Wiederherstellungspunkt Datum: 2015-10-14 08:03:40

==================== Speicherinformationen ===========================

Prozentuale Nutzung des RAM: 18%
Installierter physikalischer RAM: 3992.28 MB
Verfügbarer physikalischer RAM: 3258.47 MB
Summe virtueller Speicher: 3992.28 MB
Verfügbarer virtueller Speicher: 3285.06 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:212.6 GB) (Free:116.55 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (RECOVERY) (Fixed) (Total:20.66 GB) (Free:2.55 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive e: (STORE N GO) (Removable) (Total:7.2 GB) (Free:7.2 GB) FAT32
Drive f: (ESD-ISO) (CDROM) (Total:3.32 GB) (Free:0 GB) UDF
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.5 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 2FA32760)

Partition: GPT.

========================================================
Disk: 1 (Size: 7.2 GB) (Disk ID: 2C6B7369)
No partition Table on disk 1.


LastRegBack: 2015-10-10 09:40

==================== Ende von FRST.txt ============================

schrauber 15.10.2015 05:56
Hi,

nochmal mit FRST in der Recovery scannen, alle Haken raus unter Whitelist.


Alle Zeitangaben in WEZ +1. Es ist jetzt 12:39 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131