Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Neuer GVU Trojaner lässt sich nicht entfernen (https://www.trojaner-board.de/160642-neuer-gvu-trojaner-laesst-entfernen.html)

Jackson3006 12.11.2014 00:58
Neuer GVU Trojaner lässt sich nicht entfernen
 
Hallo,

ich komme weder in den abges. Modus noch kann windowsunlocker oder Kaspersky R-.Disk das Teil entfernen.

OTL Scan Log:
Code:
OTL logfile created on: 11/12/2014 12:52:33 AM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
64bit-Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.11.9600.17358)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 84.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 75.43 Mb Free Space | 75.43% Space Free | Partition Type: NTFS
Drive D: | 59.80 Gb Total Space | 34.45 Gb Free Space | 57.61% Space Free | Partition Type: NTFS
Drive E: | 232.79 Gb Total Space | 194.97 Gb Free Space | 83.76% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2014/09/18 20:25:49 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/01/15 08:13:17 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2014/11/09 17:17:52 | 000,332,288 | ---- | M] () [Auto] -- E:\ProgramData\D64FB17A.dot -- (Winmgmt)
SRV - [2014/11/09 12:15:56 | 000,090,696 | ---- | M] (Mindspark) [Auto] -- E:\Program Files (x86)\Allin1Convert_8h\bar\2.bin\8hbarsvc.exe -- (Allin1Convert_8hService)
SRV - [2014/09/25 09:32:51 | 000,090,696 | ---- | M] (Mindspark) [Auto] -- E:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39barsvc.exe -- (MapsGalaxy_39Service)
SRV - [2014/09/24 15:35:46 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- E:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled] -- E:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/10/27 02:03:44 | 001,364,256 | ---- | M] (NVIDIA Corporation) [Auto] -- E:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/09/11 09:54:32 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/01/15 08:19:22 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2014/01/15 08:19:22 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/07/02 04:04:36 | 000,582,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2013/07/02 04:04:36 | 000,027,120 | ---- | M] (Intel Corporation) [Kernel | Boot] -- E:\Windows\System32\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/10/26 08:36:22 | 001,202,688 | ---- | M] (Motorola Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 19:10:49 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- E:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/03/01 16:05:32 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand] -- E:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2007/08/08 10:39:46 | 000,060,928 | ---- | M] (REDC) [Kernel | Auto] -- E:\Windows\System32\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2007/07/27 12:45:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto] -- E:\Windows\System32\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/07/26 13:33:54 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto] -- E:\Windows\System32\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2007/07/10 19:30:34 | 000,009,088 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2013/11/21 03:22:08 | 000,115,448 | ---- | M] (EZB Systems, Inc.) [File_System | System] -- E:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
 
IE - HKU\User_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.tb.ask.com/index.jhtml?n=780CE4C6&p2=^AYY^xdm070^S11124^de&ptb=767D62C9-C914-4C1A-8D00-43A186B33D93&si=flvrunner
IE - HKU\User_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
IE - HKU\User_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\User_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7E F9 16 EB 2A 8E CF 01  [binary data]
IE - HKU\User_ON_E\..\URLSearchHook: {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - Reg Error: Key error. File not found
IE - HKU\User_ON_E\..\URLSearchHook: {5bcf818d-78c8-41b8-ba89-65c5fdac4fc4} - Reg Error: Key error. File not found
IE - HKU\User_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: E:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: E:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: E:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: E:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: E:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: E:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
 
 
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - E:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - E:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Toolbar BHO) - {1e91a655-bb4b-4693-a05e-2edebc4c9d89} - E:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll (Mindspark)
O2 - BHO: (Search Assistant BHO) - {71c1d63a-c944-428a-a5bd-ba513190e5d2} - E:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrcAs.dll (Mindspark)
O2 - BHO: (Search Assistant BHO) - {a4c2fb10-84c3-44eb-9f9e-860fa1d9a797} - E:\Program Files (x86)\Allin1Convert_8h\bar\2.bin\8hSrcAs.dll (Mindspark)
O2 - BHO: (Toolbar BHO) - {fbcbc43a-dca9-4192-a4c8-b57fd0f77d4d} - E:\Program Files (x86)\Allin1Convert_8h\bar\2.bin\8hbar.dll (Mindspark)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - E:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (MapsGalaxy) - {364ea597-e728-4ce4-bb4a-ed846ef47970} - E:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll (Mindspark)
O3 - HKLM\..\Toolbar: (Allin1Convert) - {cd1a63ba-a08c-431b-9a34-f240aadc728d} - E:\Program Files (x86)\Allin1Convert_8h\bar\2.bin\8hbar.dll (Mindspark)
O3:64bit: - HKU\User_ON_E\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - E:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\User_ON_E\..\Toolbar\WebBrowser: (MapsGalaxy) - {364EA597-E728-4CE4-BB4A-ED846EF47970} - E:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll (Mindspark)
O3 - HKU\User_ON_E\..\Toolbar\WebBrowser: (Allin1Convert) - {CD1A63BA-A08C-431B-9A34-F240AADC728D} - E:\Program Files (x86)\Allin1Convert_8h\bar\2.bin\8hbar.dll (Mindspark)
O4:64bit: - HKLM..\Run: [SMSERIAL] E:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Allin1Convert AppIntegrator 32-bit] E:\Program Files (x86)\Allin1Convert_8h\bar\2.bin\APPINTEGRATOR.EXE (Mindspark)
O4 - HKLM..\Run: [Allin1Convert AppIntegrator 64-bit] E:\Program Files (x86)\Allin1Convert_8h\bar\2.bin\AppIntegrator64.exe (Mindspark)
O4 - HKLM..\Run: [Allin1Convert EPM Support] E:\Program Files (x86)\Allin1Convert_8h\bar\2.bin\8hmedint.exe (Mindspark)
O4 - HKLM..\Run: [Allin1Convert Search Scope Monitor]  File not found
O4 - HKLM..\Run: [MapsGalaxy AppIntegrator 32-bit] E:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\APPINTEGRATOR.EXE (Mindspark)
O4 - HKLM..\Run: [MapsGalaxy AppIntegrator 64-bit] E:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\AppIntegrator64.exe (Mindspark)
O4 - HKLM..\Run: [MapsGalaxy EPM Support] E:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39medint.exe (Mindspark)
O4 - HKLM..\Run: [MapsGalaxy Search Scope Monitor] E:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrchMn.exe (Mindspark)
O4 - HKU\LocalService_ON_E..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_E..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_E..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\User_ON_E..\Run: [HP Officejet 4620 series (NET)] E:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\LocalService_ON_E..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_E..\RunOnce: [mctadmin]  File not found
O4 - HKU\UpdatusUser_ON_E..\RunOnce: [mctadmin]  File not found
O4 - Startup: E:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk ()
O4 - Startup: E:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 4620 series (Netzwerk).lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - E:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - E:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/12 04:19:48 | 000,000,122 | ---- | M] () - D:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/11/11 13:10:08 | 000,000,000 | ---D | C] -- E:\ea8a29270e2f52870a2dd1
[2014/11/11 13:10:02 | 000,000,000 | ---D | C] -- E:\5af824b076ec7f925f8098
[2014/11/11 13:09:48 | 000,000,000 | ---D | C] -- E:\0edf65ee09773d8c030610813986e9
[2014/11/11 13:08:54 | 000,000,000 | ---D | C] -- E:\882c6f437331e26657
[2014/11/11 10:41:07 | 000,000,000 | ---D | C] -- E:\Kaspersky Rescue Disk 10.0
[2014/11/09 17:17:51 | 000,530,432 | ---- | C] (u890789ow3445t Corporation) -- E:\ProgramData\A71BF46D.cpp
[2014/10/31 06:09:34 | 000,000,000 | ---D | C] -- E:\Users\User\AppData\Roaming\Google
[2014/10/16 16:52:55 | 001,943,696 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\dfshim.dll
[2014/10/16 16:52:55 | 001,131,664 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\dfshim.dll
[2014/10/16 16:52:55 | 000,156,824 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\mscorier.dll
[2014/10/16 16:52:55 | 000,156,312 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mscorier.dll
[2014/10/16 16:52:55 | 000,081,560 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\mscories.dll
[2014/10/16 16:52:55 | 000,073,880 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mscories.dll
[2014/10/16 16:52:47 | 000,507,392 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\aepdu.dll
[2014/10/16 16:52:47 | 000,276,480 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\generaltel.dll
[2014/10/16 16:52:45 | 000,424,448 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\aeinv.dll
[2014/10/16 16:52:39 | 000,597,504 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\jscript9diag.dll
[2014/10/16 16:52:39 | 000,069,632 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\mshtmled.dll
[2014/10/16 16:52:39 | 000,051,200 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\ieetwproxystub.dll
[2014/10/16 16:52:39 | 000,032,768 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\iernonce.dll
[2014/10/16 16:52:38 | 000,710,656 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ie4uinit.exe
[2014/10/16 16:52:38 | 000,607,744 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\msfeeds.dll
[2014/10/16 16:52:38 | 000,365,056 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\dxtmsft.dll
[2014/10/16 16:52:38 | 000,072,704 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\JavaScriptCollectionAgent.dll
[2014/10/16 16:52:38 | 000,060,416 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/10/16 16:52:38 | 000,048,640 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieetwproxystub.dll
[2014/10/16 16:52:38 | 000,033,792 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\iernonce.dll
[2014/10/16 16:52:36 | 002,017,280 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\inetcpl.cpl
[2014/10/16 16:52:36 | 000,061,952 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\iesetup.dll
[2014/10/16 16:52:35 | 000,004,096 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieetwcollectorres.dll
[2014/10/16 16:52:34 | 000,731,136 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msfeeds.dll
[2014/10/16 16:52:34 | 000,446,464 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\dxtmsft.dll
[2014/10/16 16:52:34 | 000,440,320 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\ieui.dll
[2014/10/16 16:52:34 | 000,243,200 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\dxtrans.dll
[2014/10/16 16:52:34 | 000,111,616 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieetwcollector.exe
[2014/10/16 16:52:33 | 002,108,416 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\inetcpl.cpl
[2014/10/16 16:52:33 | 000,066,048 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\iesetup.dll
[2014/10/16 16:52:32 | 004,201,472 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\jscript9.dll
[2014/10/16 16:52:32 | 001,068,032 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\mshtmlmedia.dll
[2014/10/16 16:52:32 | 000,678,400 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\ieapfltr.dll
[2014/10/16 16:52:32 | 000,112,128 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\ieUnatt.exe
[2014/10/16 16:52:31 | 000,289,280 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\dxtrans.dll
[2014/10/16 16:52:31 | 000,164,864 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\msrating.dll
[2014/10/16 16:52:31 | 000,061,952 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\MshtmlDac.dll
[2014/10/16 16:52:30 | 000,595,968 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieui.dll
[2014/10/16 16:52:29 | 005,829,632 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\jscript9.dll
[2014/10/16 16:52:29 | 001,249,280 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mshtmlmedia.dll
[2014/10/16 16:52:29 | 000,758,272 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\jscript9diag.dll
[2014/10/16 16:52:29 | 000,139,264 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieUnatt.exe
[2014/10/16 16:52:29 | 000,085,504 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mshtmled.dll
[2014/10/16 16:52:28 | 000,775,168 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieapfltr.dll
[2014/10/16 16:52:28 | 000,547,328 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\vbscript.dll
[2014/10/16 16:52:27 | 000,195,584 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msrating.dll
[2014/10/16 16:52:27 | 000,083,968 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\MshtmlDac.dll
[2014/10/16 16:52:26 | 000,940,032 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\MsSpellCheckingFacility.exe
[2014/10/16 16:52:06 | 003,241,472 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msi.dll
[2014/10/16 16:52:05 | 002,363,904 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\msi.dll
[2014/10/16 16:51:55 | 000,424,448 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\rastls.dll
[2014/10/16 16:51:55 | 000,372,736 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\rastls.dll
[2014/10/16 16:51:46 | 000,235,520 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\winsta.dll
[2014/10/16 16:51:45 | 000,455,168 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\winlogon.exe
[2014/10/16 16:51:45 | 000,157,696 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\winsta.dll
[2014/10/16 16:51:45 | 000,150,528 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\rdpcorekmts.dll
[2014/10/16 16:51:13 | 006,584,320 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mstscax.dll
[2014/10/16 16:51:12 | 005,703,168 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\mstscax.dll
[2014/10/16 16:51:11 | 000,077,312 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\packager.dll
[2014/10/16 16:51:11 | 000,067,072 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\packager.dll
 
========== Files - Modified Within 30 Days ==========
 
[2014/11/11 17:51:13 | 000,067,584 | --S- | M] () -- E:\Windows\bootstat.dat
[2014/11/11 17:50:12 | 1609,375,744 | -HS- | M] () -- E:\hiberfil.sys
[2014/11/11 13:30:48 | 000,031,088 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/11/11 13:30:48 | 000,031,088 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/11/11 13:23:47 | 000,001,950 | ---- | M] () -- E:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 4620 series (Netzwerk).lnk
[2014/11/11 13:23:35 | 000,001,106 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/11/09 17:35:17 | 000,000,884 | ---- | M] () -- E:\Windows\tasks\Adobe Flash Player Updater.job
[2014/11/09 17:17:52 | 000,332,288 | ---- | M] () -- E:\ProgramData\D64FB17A.dot
[2014/11/09 17:17:51 | 000,530,432 | ---- | M] (u890789ow3445t Corporation) -- E:\ProgramData\A71BF46D.cpp
[2014/11/09 17:17:51 | 000,000,810 | ---- | M] () -- E:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
[2014/11/09 17:17:02 | 000,001,110 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/11/08 05:45:07 | 000,697,694 | ---- | M] () -- E:\Windows\System32\perfh007.dat
[2014/11/08 05:45:07 | 000,654,244 | ---- | M] () -- E:\Windows\System32\perfh009.dat
[2014/11/08 05:45:07 | 000,147,718 | ---- | M] () -- E:\Windows\System32\perfc007.dat
[2014/11/08 05:45:07 | 000,121,310 | ---- | M] () -- E:\Windows\System32\perfc009.dat
[2014/10/17 00:34:48 | 000,408,392 | ---- | M] () -- E:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2014/11/09 17:17:52 | 000,332,288 | ---- | C] () -- E:\ProgramData\D64FB17A.dot
[2014/11/09 17:17:51 | 000,000,810 | ---- | C] () -- E:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
[2014/09/23 14:16:31 | 000,000,057 | ---- | C] () -- E:\ProgramData\Ament.ini
[2014/08/29 17:03:31 | 000,000,017 | ---- | C] () -- E:\Users\User\AppData\Local\resmon.resmoncfg
[2014/01/15 08:22:35 | 001,590,574 | ---- | C] () -- E:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/20 22:24:49 | 000,252,928 | ---- | C] () -- E:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- E:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- E:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- E:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- E:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- E:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- E:\Windows\SysWow64\ir32_32.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- E:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- E:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2014/09/23 12:10:10 | 000,000,000 | ---D | M] -- E:\ProgramData\374311380
[2014/06/21 16:53:44 | 000,000,000 | -HSD | M] -- E:\ProgramData\Anwendungsdaten
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Application Data
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Desktop
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Documents
[2014/06/21 16:53:44 | 000,000,000 | -HSD | M] -- E:\ProgramData\Dokumente
[2014/06/21 16:53:44 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favoriten
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favorites
[2014/09/23 13:06:01 | 000,000,000 | ---D | M] -- E:\ProgramData\IePluginServices
[2014/07/28 16:41:59 | 000,000,000 | ---D | M] -- E:\ProgramData\Package Cache
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Start Menu
[2014/06/21 16:53:44 | 000,000,000 | -HSD | M] -- E:\ProgramData\Startmenü
[2014/09/23 07:50:59 | 000,000,000 | ---D | M] -- E:\ProgramData\Systweak
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Templates
[2014/06/21 16:53:44 | 000,000,000 | -HSD | M] -- E:\ProgramData\Vorlagen
[2014/09/23 13:06:01 | 000,000,000 | ---D | M] -- E:\ProgramData\WindowsMangerProtect
[2014/10/31 05:17:57 | 000,032,632 | ---- | M] () -- E:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
Gruß
Jackson

schrauber 12.11.2014 06:46
hi,

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)
Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
  • Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST Download FRST 32-Bit | FRST 64-Bit
  • Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
  • Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:
Über den Boot Manager:
  • Starte den Rechner neu.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Mit Windows CD/DVD (auch bei Windows 8 möglich):
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu und starte von der CD.
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Wähle in den Reparaturoptionen: Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe bzw. e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Ja und klicke Untersuchen
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).


Jackson3006 12.11.2014 15:46
Hallo, hier ist der Scan:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-11-2014
Ran by SYSTEM on MININT-EOFHC3G on 12-11-2014 14:23:38
Running from F:\TOOLS&SOFTWARE\Anitvirus Tools
Platform: Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.


ATTENTION!:=====> THE OPERATING SYSTEM IS A X64 SYSTEM BUT THE BOOT DISK THAT IS USED TO BOOT TO RECOVERY ENVIRONMENT IS A X86 SYSTEM DISK.
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [SMSERIAL] => C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1702400 2009-10-26] (Motorola Inc.)
HKU\User\...\Run: [HP Officejet 4620 series (NET)] => C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
ShortcutTarget: program.lnk -> C:\ProgramData\A71BF46D.cpp (u890789ow3445t Corporation)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 4620 series (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 4620 series (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 4620 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [267440 2014-09-24] (Adobe Systems Incorporated)
S2 Allin1Convert_8hService; C:\Program Files (x86)\Allin1Convert_8h\bar\2.bin\8hbarsvc.exe [90696 2014-11-09] (Mindspark)
S4 aspnet_state; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [51808 2013-09-11] (Microsoft Corporation)
S4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [90776 2014-03-20] (Microsoft Corporation)
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [124088 2013-09-11] (Microsoft Corporation)
S3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-21] (Microsoft Corporation)
S2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648 2014-07-28] (Google Inc.)
S3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648 2014-07-28] (Google Inc.)
S3 gusvc; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [194032 2014-07-28] (Google)
S3 idsvc; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [859280 2014-06-30] (Microsoft Corporation)
S2 MapsGalaxy_39Service; C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39barsvc.exe [90696 2014-09-25] (Mindspark)
S4 NetMsmqActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139856 2013-09-11] (Microsoft Corporation)
S4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139856 2013-09-11] (Microsoft Corporation)
S4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139856 2013-09-11] (Microsoft Corporation)
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139856 2013-09-11] (Microsoft Corporation)
S2 nvUpdatusService; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1364256 2013-10-27] (NVIDIA Corporation)
S3 ose64; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [174440 2010-01-09] (Microsoft Corporation)
S3 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2009-07-14] (Microsoft Corporation)
S2 Winmgmt; C:\ProgramData\D64FB17A.dot [332288 2014-11-09] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 b06bdrv; C:\Windows\system32\drivers\bxvbda.sys [468480 2009-06-10] (Broadcom Corporation)
S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] (Broadcom Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [9088 2007-07-11] (Hewlett-Packard Development Company, L.P.)
S3 iaStorA; C:\Windows\system32\drivers\iaStorA.sys [582128 2013-07-02] (Intel Corporation)
S0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [27120 2013-07-02] (Intel Corporation)
S1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.)
S3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-14] (Microsoft Corporation)
S3 netw5v64; C:\Windows\System32\DRIVERS\netw5v64.sys [5434368 2009-06-10] (Intel Corporation)
S2 rimmptsk; C:\Windows\System32\DRIVERS\rimmpx64.sys [60928 2007-08-08] (REDC)
S2 rimsptsk; C:\Windows\System32\DRIVERS\rimspx64.sys [55296 2007-07-26] (REDC)
S2 rismxdp; C:\Windows\System32\DRIVERS\rixdpx64.sys [57856 2007-07-27] (REDC)
S3 RTL8167; C:\Windows\System32\DRIVERS\Rt64win7.sys [187392 2009-03-01] (Realtek Corporation                                            )

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-12 14:23 - 2014-11-12 14:23 - 00000000 ____D () C:\FRST
2014-11-12 06:51 - 2014-11-12 06:54 - 00053454 _____ () C:\OTL.Txt
2014-11-11 19:10 - 2014-11-11 19:10 - 00000000 ____D () C:\ea8a29270e2f52870a2dd1
2014-11-11 19:10 - 2014-11-11 19:10 - 00000000 ____D () C:\5af824b076ec7f925f8098
2014-11-11 19:09 - 2014-11-11 19:10 - 00000000 ____D () C:\0edf65ee09773d8c030610813986e9
2014-11-11 19:08 - 2014-11-11 19:09 - 00000000 ____D () C:\882c6f437331e26657
2014-11-11 16:41 - 2014-11-12 01:34 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-11-09 23:17 - 2014-11-09 23:17 - 00530432 _____ (u890789ow3445t Corporation) C:\ProgramData\A71BF46D.cpp
2014-11-09 23:17 - 2014-11-09 23:17 - 00332288 ____T () C:\ProgramData\D64FB17A.dot
2014-10-31 12:09 - 2014-10-31 12:09 - 00000000 ____D () C:\Users\User\AppData\Roaming\Google
2014-10-16 22:52 - 2014-10-10 03:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-10-16 22:52 - 2014-10-10 03:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll
2014-10-16 22:52 - 2014-10-10 03:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-10-16 22:52 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-10-16 22:52 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-10-16 22:52 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-10-16 22:52 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-10-16 22:52 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-10-16 22:52 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-10-16 22:52 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-10-16 22:52 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-10-16 22:52 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-10-16 22:52 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-10-16 22:52 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-10-16 22:52 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2014-10-16 22:52 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-10-16 22:52 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-10-16 22:52 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-10-16 22:52 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-10-16 22:52 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-10-16 22:52 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-10-16 22:52 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-10-16 22:52 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-10-16 22:52 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-10-16 22:52 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-10-16 22:52 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-10-16 22:52 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-10-16 22:52 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-10-16 22:52 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-10-16 22:52 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-10-16 22:52 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2014-10-16 22:52 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-10-16 22:52 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-10-16 22:52 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-10-16 22:52 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\System32\msi.dll
2014-10-16 22:52 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\System32\dfshim.dll
2014-10-16 22:52 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\System32\mscorier.dll
2014-10-16 22:52 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\System32\mscories.dll
2014-10-16 22:51 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\System32\packager.dll
2014-10-16 22:51 - 2014-09-05 03:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2014-10-16 22:51 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\rastls.dll
2014-10-16 22:51 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\System32\termsrv.dll
2014-10-16 22:51 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\System32\winlogon.exe
2014-10-16 22:51 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\System32\winsta.dll
2014-10-16 22:51 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2014-10-16 22:51 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2014-10-16 22:51 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2014-10-16 22:51 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2014-10-16 22:51 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-11 19:30 - 2014-06-21 17:20 - 01818421 _____ () C:\Windows\WindowsUpdate.log
2014-11-11 19:30 - 2009-07-14 05:45 - 00031088 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-11 19:30 - 2009-07-14 05:45 - 00031088 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-11 19:23 - 2009-07-14 05:51 - 00032346 _____ () C:\Windows\setupact.log
2014-11-11 15:27 - 2010-11-21 04:47 - 00051242 _____ () C:\Windows\PFRO.log
2014-11-09 23:32 - 2009-07-14 04:20 - 00000000 ___RD () C:\Program Files (x86)
2014-11-09 20:06 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\System32\NDF
2014-11-09 18:17 - 2014-09-23 13:39 - 00000000 ____D () C:\Users\User\AppData\Local\Allin1Convert_8h
2014-11-08 11:45 - 2009-07-14 06:13 - 01616110 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-11-08 11:38 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\System32\wfp
2014-11-08 11:37 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-11-02 12:53 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\System32\LogFiles
2014-10-31 12:09 - 2014-06-27 23:35 - 00000000 ____D () C:\Users\User\AppData\Local\Google
2014-10-28 06:34 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2014-10-17 11:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-10-17 08:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-17 06:34 - 2009-07-14 05:45 - 00408392 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-10-17 06:32 - 2014-06-21 23:25 - 00000000 ___SD () C:\Windows\System32\CompatTel
2014-10-17 06:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64
2014-10-16 23:43 - 2014-06-21 23:24 - 00000000 ____D () C:\Windows\System32\MRT
2014-10-16 23:32 - 2014-06-21 23:24 - 103265616 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe

Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
C:\Users\User\AppData\Local\Temp\delay.exe
C:\Users\User\AppData\Local\Temp\EXITCODE.exe
C:\Users\User\AppData\Local\Temp\FoxySecurity6_FF_IE_Setup-GIGA.exe
C:\Users\User\AppData\Local\Temp\ICReinstall_Setup-Passbild-Generator_CB-DL-Manager.exe
C:\Users\User\AppData\Local\Temp\sdan.exe
C:\Users\User\AppData\Local\Temp\sdapk.exe
C:\Users\User\AppData\Local\Temp\sdaspwn.exe
C:\Users\User\AppData\Local\Temp\showmsg1.exe


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe
[2014-01-15 13:58] - [2014-01-15 13:58] - 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3

C:\Windows\System32\winlogon.exe
[2014-10-16 22:51] - [2014-07-17 03:07] - 0455168 ____A (Microsoft Corporation) 8CEBD9D0A0A879CDE9F36F4383B7CAEA

C:\Windows\System32\wininit.exe
[2009-07-14 00:52] - [2009-07-14 02:39] - 0129024 ____A (Microsoft Corporation) 94355C28C1970635A31B3FE52EB7CEBA

C:\Windows\System32\svchost.exe
[2009-07-14 00:31] - [2009-07-14 02:39] - 0027136 ____A (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D

C:\Windows\System32\services.exe
[2009-07-14 00:19] - [2009-07-14 02:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\User32.dll
[2010-11-21 04:24] - [2010-11-21 04:24] - 1008128 ____A (Microsoft Corporation) FE70103391A64039A921DBFFF9C7AB1B

C:\Windows\System32\userinit.exe
[2010-11-21 04:24] - [2010-11-21 04:24] - 0030720 ____A (Microsoft Corporation) BAFE84E637BF7388C96EF48D4D3FDD53

C:\Windows\System32\rpcss.dll
[2010-11-21 04:24] - [2010-11-21 04:24] - 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys
[2010-11-21 04:23] - [2010-11-21 04:23] - 0295808 ____A (Microsoft Corporation) 0D08D2F3B3FF84E433346669B5E0F639


==================== Restore Points  =========================

Restore point made on: 2014-10-29 01:34:07
Restore point made on: 2014-10-29 15:27:37
Restore point made on: 2014-10-29 15:35:05
Restore point made on: 2014-10-30 01:33:02
Restore point made on: 2014-10-31 01:00:38
Restore point made on: 2014-10-31 14:52:50
Restore point made on: 2014-10-31 15:04:31
Restore point made on: 2014-11-01 01:46:49
Restore point made on: 2014-11-02 01:20:06
Restore point made on: 2014-11-02 01:29:12
Restore point made on: 2014-11-02 01:38:56
Restore point made on: 2014-11-03 01:53:02
Restore point made on: 2014-11-04 01:38:02
Restore point made on: 2014-11-04 13:42:05
Restore point made on: 2014-11-04 15:23:54
Restore point made on: 2014-11-05 00:55:22
Restore point made on: 2014-11-06 00:51:22
Restore point made on: 2014-11-07 00:43:58
Restore point made on: 2014-11-08 01:14:15
Restore point made on: 2014-11-08 08:57:15
Restore point made on: 2014-11-08 09:04:01
Restore point made on: 2014-11-08 09:44:56
Restore point made on: 2014-11-08 09:51:45
Restore point made on: 2014-11-08 11:35:08
Restore point made on: 2014-11-08 11:42:17
Restore point made on: 2014-11-09 00:30:11
Restore point made on: 2014-11-11 19:08:41

==================== Memory info ===========================

Percentage of memory in use: 22%
Total physical RAM: 2046.43 MB
Available physical RAM: 1596.05 MB
Total Pagefile: 2046.43 MB
Available Pagefile: 1594.33 MB
Total Virtual: 2047.88 MB
Available Virtual: 1935.47 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:194.89 GB) NTFS
Drive f: (UBS) (Removable) (Total:59.8 GB) (Free:34.68 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 0E5F0E5F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 57.7 GB) (Disk ID: 00092BC1)
Partition 1: (Active) - (Size=59.8 GB) - (Type=07 NTFS)


LastRegBack: 2014-11-05 11:09

==================== End Of Log ============================
--- --- ---

--- --- ---


Hallo,

Thema kann geschlossen werden da gelöst, ich konnte doch auf die Systemwiederherstellung zugreifen...

Danke!

Gruß
Jackson

schrauber 13.11.2014 09:53
ok.


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:31 Uhr.

Copyright ©2000-2026, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55