Windows 8 mit polizeiseite gesperrt

pauls · 19.06.2013, 07:59

Hallo,

ich bin dzt. im abgesicherten Modus von Windows 8.
Hier der scans mit FRST64

OTL als zip
(gmer : c:\windows\system32\config\system: Der Prozess kann nicht auf die Datei zugreifen, da von einem anderen Prozess verwendet)

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-06-2013 02
Ran by p (administrator) on 19-06-2013 08:45:35
Running from F:\
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\helppane.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe /t [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)
HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2872720 2012-10-03] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BtPreLoad] "C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe" [64640 2012-09-29] ()
HKLM\...\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17079376 2013-02-13] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191568 2013-02-13] (Lenovo(beijing) Limited)
HKCU\...\Run: [SearchProtect] C:\Users\p\AppData\Roaming\SearchProtect\bin\cltmng.exe [2852640 2013-05-08] (Conduit)
HKCU\...\Run: [ctfmon.exe] C:\PROGRA~3\rundll32.exe C:\PROGRA~3\j2jmni.dat,FG00 [176128 2013-06-18] (?????????? ??????????)
MountPoints2: {1be75e96-b1b4-11e2-be7f-2cd05a1338a1} - "F:\.\Autorun.exe" AUTORUN=1
MountPoints2: {4f10d884-b945-11e2-be86-2cd05a1338a1} - "F:\.\Autorun.exe" AUTORUN=1
MountPoints2: {6f1192ea-b8e7-11e2-be85-2cd05a1338a1} - "F:\.\Autorun.exe" AUTORUN=1
MountPoints2: {6f1192fe-b8e7-11e2-be85-2cd05a1338a1} - "F:\.\Autorun.exe" AUTORUN=1
MountPoints2: {a2d6737e-9c12-11e2-be76-2cd05a1338a1} - "F:\.\Autorun.exe" AUTORUN=1
MountPoints2: {d6a3cef5-9bf3-11e2-be75-2cd05a1338a1} - "F:\.\Autorun.exe" AUTORUN=1
MountPoints2: {d6a3cfaa-9bf3-11e2-be75-2cd05a1338a1} - "F:\.\Autorun.exe" AUTORUN=1
MountPoints2: {e3d8ff09-b968-11e2-be87-2cd05a1338a1} - "F:\.\Autorun.exe" AUTORUN=1
HKLM-x32\...\Run: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2012-05-02] (Vimicro)
HKLM-x32\...\Run: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe" [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe" [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4 [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload [1960448 2013-04-05] (Dominik Reichl)
HKLM-x32\...\Run: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe [2852640 2013-05-08] (Conduit)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NcpBudgetGui] "C:\Program Files (x86)\NCP\SecureClient\NcpBudgetGui.exe" -start [1001472 2013-01-07] (NCP engineering GmbH)
HKLM-x32\...\Run: [NcpPopup] "C:\Program Files (x86)\NCP\SecureClient\ncppopup.exe" noerrmsg [1011280 2012-03-20] (NCP engineering GmbH)
HKLM-x32\...\Run: [NcpMonitor] "C:\Program Files (x86)\NCP\SecureClient\ncpmon.exe" autorun [7148048 2013-01-15] (NCP engineering GmbH)
HKLM-x32\...\Run: [NcpRsuGui] "C:\Program Files (x86)\NCP\SecureClient\rwsrsu.exe" -gui [883792 2011-08-22] (NCP engineering GmbH)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345312 2013-04-04] (Avira Operations GmbH & Co. KG)
HKU\Default\...\RunOnce: [Lenovo.ShowBand] C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe /show [52584 2013-03-14] (Lenovo)
HKU\Default User\...\RunOnce: [Lenovo.ShowBand] C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe /show [52584 2013-03-14] (Lenovo)
HKU\MSSQL$SQLEXPRESS\...\RunOnce: [Lenovo.ShowBand] C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe /show [52584 2013-03-14] (Lenovo)
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll [247144 2012-11-06] (NVIDIA Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Launcher.lnk
ShortcutTarget: Launcher.lnk -> C:\Program Files (x86)\3DataManager\3DataManager_Launcher.exe ()
Startup: C:\Users\p\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
ShortcutTarget: msconfig.lnk -> C:\PROGRA~3\j2jmni.dat (?????????? ??????????)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?ctid=CT3279453&octid=CT3279453&SearchSource=61&CUI=UN97881329228565519&UM=2&UP=SP2D1C508E-0CDC-45E5-9E71-52CDC28AF846
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKCU SearchScopes: DefaultScope {21AFF41B-CA1F-4DC3-A355-2F0FC6C669DA} URL = 
SearchScopes: HKCU - {21AFF41B-CA1F-4DC3-A355-2F0FC6C669DA} URL = 
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\..\Interfaces\{22AA48EA-8CAB-4305-8D35-250D2801F839}: [NameServer]216.216.216.217 216.216.216.217
Tcpip\..\Interfaces\{99DB1E21-C62B-4180-B2A2-AA25AADF1187}: [NameServer]216.216.216.217 216.216.216.217

FireFox:
========
FF ProfilePath: C:\Users\p\AppData\Roaming\Mozilla\Firefox\Profiles\rl91cfdw.default
FF SelectedSearchEngine: DVDvideoSoft 2.0 Customized Web Search
FF Homepage: https://www.google.at/
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279453&SearchSource=2&CUI=UN15579548631034125&UM=&q=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Ant Video Downloader - C:\Users\p\AppData\Roaming\Mozilla\Firefox\Profiles\rl91cfdw.default\Extensions\anttoolbar@ant.com
FF Extension: DownloadHelper - C:\Users\p\AppData\Roaming\Mozilla\Firefox\Profiles\rl91cfdw.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: No Name - C:\Users\p\AppData\Roaming\Mozilla\Firefox\Profiles\rl91cfdw.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi

Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Nitro PDF plugin for Firefox and Chrome) - C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File

==================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86752 2013-02-25] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110816 2013-02-25] (Avira Operations GmbH & Co. KG)
S2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [220288 2012-09-29] (Qualcomm Atheros Commnucations)
S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [93984 2013-03-06] (Conduit)
S2 CxAudMsg; C:\WINDOWS\system32\CxAudMsg64.exe [201376 2012-06-08] (Conexant Systems Inc.)
S2 ETDService; C:\Program Files\Elantech\ETDService.exe [83968 2012-09-05] (ELAN Microelectronics Corp.)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [191064 2012-02-11] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-08] (Microsoft Corporation)
S2 ncpclcfg; C:\Program Files (x86)\NCP\SecureClient\ncpclcfg.exe [139896 2012-07-12] (NCP engineering GmbH)
S2 ncprwsnt; C:\Program Files (x86)\NCP\SecureClient\ncprwsnt.exe [1650736 2013-01-16] (NCP Engineering GmbH)
S2 NcpSec; C:\Program Files (x86)\NCP\SecureClient\NCPSEC.EXE [119808 2011-04-21] ()
S2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-11-18] (Nitro PDF Software)
S2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1900728 2013-06-06] (Microsoft Corporation)
S2 rwsrsu; C:\Program Files (x86)\NCP\SecureClient\rwsrsu.exe [883792 2011-08-22] (NCP engineering GmbH)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-11] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)
S2 WTGService; C:\Program Files (x86)\3DataManager\WTGService.exe [346832 2012-12-12] ()
S2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-29] (Atheros)

==================== Drivers (Whitelisted) ====================

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-02-26] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130016 2013-02-26] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-02-26] (Avira Operations GmbH & Co. KG)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-09-29] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S3 ncpfilt; C:\Windows\system32\DRIVERS\ncplelhp.sys [102800 2013-01-16] (NCP Engineering GmbH)
R3 ncplelhp; C:\Windows\system32\DRIVERS\ncplelhp.sys [102800 2013-01-16] (NCP Engineering GmbH)
S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
S3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [975104 2012-08-24] (Vimicro Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 ewusbnet; \SystemRoot\system32\DRIVERS\ewusbnet.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-19 08:35 - 2013-06-19 08:35 - 00000000 ____D C:\FRST
2013-06-18 08:28 - 2013-06-18 09:55 - 95023320 ___AT C:\ProgramData\inmj2j.pad
2013-06-18 08:28 - 2013-06-18 09:42 - 00000000 ____A C:\ProgramData\as98213.txt
2013-06-18 08:28 - 2013-06-18 08:28 - 00176128 ____A (?????????? ??????????) C:\ProgramData\j2jmni.dat
2013-06-18 08:28 - 2013-06-18 08:28 - 00048640 ____A (Microsoft Corporation) C:\ProgramData\rundll32.exe
2013-06-18 08:28 - 2013-06-18 08:28 - 00002628 ____A C:\ProgramData\inmj2j.js
2013-06-18 08:28 - 2013-06-18 08:28 - 00000152 ____A C:\ProgramData\inmj2j.reg
2013-06-18 08:28 - 2013-06-18 08:28 - 00000056 ____A C:\ProgramData\inmj2j.bat
2013-06-15 09:59 - 2013-06-15 10:00 - 00001578 ____A C:\Users\p\Desktop\Radfahrprüfung.lnk
2013-06-14 18:17 - 2013-06-19 08:30 - 01989470 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-13 17:07 - 2013-06-18 07:05 - 00001143 ____A C:\Users\p\Documents\todo_today.txt
2013-06-13 12:12 - 2013-04-03 01:37 - 00025088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-13 12:12 - 2013-04-03 01:12 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 17:22 - 2013-06-12 17:22 - 00004700 ____A C:\Users\p\Documents\Mappe1.ods
2013-06-12 17:20 - 2013-06-12 17:20 - 00004890 ____A C:\Users\p\Documents\Gewinnspiel auf Facebook.odt
2013-06-12 07:49 - 2013-06-12 07:50 - 00000000 ____D C:\Program Files (x86)\DerWegzurRadfahrpruefung
2013-06-12 07:35 - 2013-04-24 01:13 - 01013248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 07:35 - 2013-04-24 01:12 - 01569792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 07:35 - 2013-04-24 01:12 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 07:35 - 2013-04-24 00:56 - 01255936 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 07:35 - 2013-04-24 00:55 - 01889280 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 07:35 - 2013-04-24 00:55 - 00141312 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 07:35 - 2013-04-24 00:55 - 00068096 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 07:34 - 2013-05-16 00:37 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-06-12 07:34 - 2013-05-16 00:36 - 14320640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-12 07:34 - 2013-05-16 00:35 - 19230720 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-12 07:34 - 2013-05-16 00:35 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\UXInit.dll
2013-06-12 07:34 - 2013-05-14 15:14 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-12 07:34 - 2013-05-14 11:23 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-12 07:34 - 2013-05-04 09:45 - 02233600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 07:34 - 2013-04-29 00:30 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-12 07:34 - 2013-04-29 00:30 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 07:34 - 2013-04-29 00:30 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-12 07:34 - 2013-04-29 00:30 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 07:34 - 2013-04-29 00:30 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-12 07:34 - 2013-04-29 00:30 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 07:34 - 2013-04-29 00:30 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 07:34 - 2013-04-29 00:28 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 07:34 - 2013-04-29 00:28 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 07:34 - 2013-04-29 00:28 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-12 07:34 - 2013-04-29 00:28 - 00915968 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll
2013-06-12 07:34 - 2013-04-29 00:28 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 07:34 - 2013-04-29 00:28 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 07:34 - 2013-04-29 00:27 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-12 07:34 - 2013-04-29 00:27 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 07:34 - 2013-04-29 00:27 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 07:34 - 2013-04-27 07:20 - 00733184 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 07:27 - 2013-06-12 07:27 - 45976109 ____A C:\Users\p\Downloads\DerWegzurRadfahrpruefung.zip
2013-06-11 15:57 - 2013-06-11 15:57 - 00000000 ____D C:\Users\p\AppData\Local\Citrix
2013-06-11 15:52 - 2013-06-11 15:52 - 04808816 ____A (FileZilla Project) C:\Users\p\Downloads\FileZilla_3.7.0.2_win32-setup.exe
2013-06-10 08:13 - 2013-06-10 08:14 - 00795040 ____A C:\Windows\Minidump\061013-30859-01.dmp
2013-05-28 15:38 - 2013-05-28 15:38 - 00000000 ____D C:\Users\p\Documents\tutorial
2013-05-27 12:13 - 2013-05-27 12:14 - 00315752 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-24 12:48 - 2013-05-24 12:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-20 10:05 - 2013-05-20 10:05 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-05-20 10:05 - 2013-05-20 10:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

==================== One Month Modified Files and Folders =======

2013-06-19 08:35 - 2013-06-19 08:35 - 00000000 ____D C:\FRST
2013-06-19 08:30 - 2013-06-14 18:17 - 01989470 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-19 08:30 - 2013-02-14 02:54 - 00837728 ____A C:\Windows\System32\perfh007.dat
2013-06-19 08:30 - 2013-02-14 02:54 - 00189334 ____A C:\Windows\System32\perfc007.dat
2013-06-19 07:46 - 2013-04-02 20:10 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-19 07:41 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\System32\sru
2013-06-19 07:36 - 2012-07-26 09:22 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-19 07:30 - 2013-04-02 20:43 - 00001120 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-18 18:32 - 2013-02-13 18:48 - 02085120 ____A C:\Windows\WindowsUpdate.log
2013-06-18 09:55 - 2013-06-18 08:28 - 95023320 ___AT C:\ProgramData\inmj2j.pad
2013-06-18 09:53 - 2013-04-02 20:43 - 00001124 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-18 09:51 - 2013-04-02 19:44 - 00000000 ____D C:\Users\p\AppData\Roaming\Nitro PDF
2013-06-18 09:42 - 2013-06-18 08:28 - 00000000 ____A C:\ProgramData\as98213.txt
2013-06-18 08:40 - 2012-10-10 01:08 - 00124242 ____A C:\Windows\PFRO.log
2013-06-18 08:40 - 2012-07-26 07:26 - 00262144 __ASH C:\Windows\System32\config\BBI
2013-06-18 08:39 - 2013-04-02 22:06 - 00000000 ____D C:\Users\p\AppData\Roaming\KeePass
2013-06-18 08:33 - 2013-04-03 10:04 - 00000000 ____D C:\Users\p\Documents\Bluetooth Folder
2013-06-18 08:28 - 2013-06-18 08:28 - 00176128 ____A (?????????? ??????????) C:\ProgramData\j2jmni.dat
2013-06-18 08:28 - 2013-06-18 08:28 - 00048640 ____A (Microsoft Corporation) C:\ProgramData\rundll32.exe
2013-06-18 08:28 - 2013-06-18 08:28 - 00002628 ____A C:\ProgramData\inmj2j.js
2013-06-18 08:28 - 2013-06-18 08:28 - 00000152 ____A C:\ProgramData\inmj2j.reg
2013-06-18 08:28 - 2013-06-18 08:28 - 00000056 ____A C:\ProgramData\inmj2j.bat
2013-06-18 07:05 - 2013-06-13 17:07 - 00001143 ____A C:\Users\p\Documents\todo_today.txt
2013-06-17 09:31 - 2013-04-09 22:18 - 00000000 ____D C:\Users\p\AppData\Local\CrashDumps
2013-06-17 00:38 - 2013-05-15 09:08 - 00000000 ____D C:\Users\p\Documents\family
2013-06-15 10:00 - 2013-06-15 09:59 - 00001578 ____A C:\Users\p\Desktop\Radfahrprüfung.lnk
2013-06-14 08:17 - 2013-04-02 19:59 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-06-13 17:38 - 2013-05-10 09:19 - 00000000 ____D C:\Users\p\AppData\Roaming\3DataManager
2013-06-13 13:40 - 2013-04-03 01:21 - 00000000 ____D C:\Users\p\Documents\work
2013-06-13 12:51 - 2013-04-03 03:28 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 17:59 - 2013-04-03 01:07 - 00000000 ____D C:\Users\p\Documents\im
2013-06-12 17:52 - 2013-04-03 05:18 - 00031646 ____A C:\Users\p\nkeys.kdbx
2013-06-12 17:52 - 2013-04-02 19:33 - 00000000 ____D C:\users\p
2013-06-12 17:22 - 2013-06-12 17:22 - 00004700 ____A C:\Users\p\Documents\Mappe1.ods
2013-06-12 17:20 - 2013-06-12 17:20 - 00004890 ____A C:\Users\p\Documents\Gewinnspiel auf Facebook.odt
2013-06-12 14:29 - 2013-04-22 17:08 - 00000000 ____D C:\Users\p\AppData\Roaming\FileZilla
2013-06-12 14:28 - 2013-04-03 01:09 - 00000000 ____D C:\Users\p\Documents\personal
2013-06-12 07:50 - 2013-06-12 07:49 - 00000000 ____D C:\Program Files (x86)\DerWegzurRadfahrpruefung
2013-06-12 07:27 - 2013-06-12 07:27 - 45976109 ____A C:\Users\p\Downloads\DerWegzurRadfahrpruefung.zip
2013-06-11 15:57 - 2013-06-11 15:57 - 00000000 ____D C:\Users\p\AppData\Local\Citrix
2013-06-11 15:53 - 2013-04-22 17:08 - 00002015 ____A C:\Users\Public\Desktop\FileZilla Client.lnk
2013-06-11 15:53 - 2013-04-22 17:08 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2013-06-11 15:52 - 2013-06-11 15:52 - 04808816 ____A (FileZilla Project) C:\Users\p\Downloads\FileZilla_3.7.0.2_win32-setup.exe
2013-06-10 08:14 - 2013-06-10 08:13 - 00795040 ____A C:\Windows\Minidump\061013-30859-01.dmp
2013-06-10 08:13 - 2013-04-30 18:18 - 00000000 ____D C:\Windows\Minidump
2013-06-10 08:13 - 2013-04-30 18:17 - 3173755167 ____A C:\Windows\MEMORY.DMP
2013-06-08 10:02 - 2012-07-26 09:21 - 00038277 ____A C:\Windows\setupact.log
2013-06-06 07:55 - 2013-04-02 20:43 - 00002194 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-05 00:09 - 2013-04-05 08:37 - 00693112 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-05 00:09 - 2013-04-05 08:37 - 00078200 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-04 07:57 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-06-01 19:50 - 2013-05-08 18:09 - 00000000 ____D C:\Users\p\Documents\Visual Studio 2008
2013-06-01 19:49 - 2013-05-08 18:31 - 00000413 ____A C:\Windows\ODBC.INI
2013-06-01 18:38 - 2013-05-17 19:31 - 00000000 ____D C:\Users\p\Documents\SQL Server Management Studio
2013-06-01 18:37 - 2013-04-02 22:07 - 00001691 ____A C:\Users\p\Desktop\Todo.txt
2013-06-01 17:42 - 2013-05-17 11:48 - 00000000 ____D C:\MGS Projects
2013-06-01 17:35 - 2013-04-29 22:04 - 00183296 __ASH C:\Users\p\Desktop\Thumbs.db
2013-06-01 17:17 - 2013-05-17 12:11 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2013-06-01 17:17 - 2013-05-08 18:34 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2013-05-31 07:49 - 2013-05-08 18:09 - 00000000 ____D C:\Users\p\AppData\Local\Microsoft Help
2013-05-28 15:38 - 2013-05-28 15:38 - 00000000 ____D C:\Users\p\Documents\tutorial
2013-05-27 12:14 - 2013-05-27 12:13 - 00315752 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-27 12:13 - 2013-04-02 20:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-24 12:48 - 2013-05-24 12:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-22 13:14 - 2013-04-02 20:23 - 00000000 ____D C:\Users\p\AppData\Roaming\IrfanView
2013-05-22 12:06 - 2013-04-13 16:50 - 00006144 ____A C:\Users\p\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-21 06:41 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache
2013-05-20 22:57 - 2012-07-26 10:12 - 00000000 ___RD C:\Windows\ToastData
2013-05-20 22:57 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\WinStore
2013-05-20 21:47 - 2013-04-03 01:07 - 00000000 ____D C:\Users\p\Documents\fin
2013-05-20 10:05 - 2013-05-20 10:05 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-05-20 10:05 - 2013-05-20 10:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

Files to move or delete:
====================
C:\ProgramData\rundll32.exe
C:\Users\p\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
C:\ProgramData\inmj2j.bat
C:\ProgramData\inmj2j.pad
C:\ProgramData\inmj2j.reg
C:\ProgramData\j2jmni.dat

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-12 07:40

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

ich würde mich über Hinweise zu den nächsten Schritten freuen!

vielen Dank

lg
Paul

Windows 8 mit polizeiseite gesperrt

Plagegeister aller Art und deren Bekämpfung: Windows 8 mit polizeiseite gesperrt

Windows 8 mit polizeiseite gesperrt

Ähnliche Themen: Windows 8 mit polizeiseite gesperrt