![]() |
|
Log-Analyse und Auswertung: Nach "Microsoft Anruf" Gerät gesperrt -> "Kennwort für Systemstart"Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
| ![]() Nach "Microsoft Anruf" Gerät gesperrt -> "Kennwort für Systemstart" Hallo zusammen, versuche soeben ein Gerät, Windows 8.1, von einem Virus / Trojaner zu befreien. Wenn ich das Gerät starte erscheint die Meldung "Kennwort für Systemstart" in einer Windows 98 Optik. Habe bisher mit autoruns alles was komisch aussah gelöscht, das hat aber nichts gebracht. Das FRST Tool sagt folgendes : FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-06-2015 Ran by SYSTEM on MINWINPC on 26-06-2015 11:45:53 Running from F:\ Platform: Windows 8.1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log. ATTENTION!:=====> THE OPERATING SYSTEM IS A X64 SYSTEM BUT THE BOOT DISK THAT IS USED TO BOOT TO RECOVERY ENVIRONMENT IS A X86 SYSTEM DISK. Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13261456 2012-12-10] (Realtek Semiconductor) HKLM\...\Run: [SRS Premium Sound 3D] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-07-27] (SRS Labs, Inc.) HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1548952 2012-08-05] (TOSHIBA Corporation) HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-05] () HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2609064 2012-08-30] () HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-08-28] (Synaptics Incorporated) HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKU\Stefan\...\Run: [MailTab] => C:\Program Files (x86)\FIPLAB Ltd\MailTab for Gmail\MailTabWin.exe [2734080 2012-10-09] () HKU\Stefan\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation) HKU\Stefan\...\Run: [DelayShred] => c:\Program Files\McAfee\MQS\ShrCL.exe [101272 2015-04-08] (McAfee, Inc.) HKU\Stefan\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1938624 2014-10-21] (Valve Corporation) HKU\Stefan\...\Run: [Device Smart Session Net.Tcp] => C:\sxeracq\nadintj.exe Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2015-03-30] ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-07-09] ShortcutTarget: Dropbox.lnk -> C:\Users\Default\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File) ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 0099681433230856mcinstcleanup; C:\WINDOWS\TEMP\009968~1.EXE [883024 2015-05-04] (McAfee, Inc.) S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [81088 2014-12-19] (Adobe Systems Incorporated) S3 AdobeFlashPlayerUpdateSvc; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [268464 2015-06-23] (Adobe Systems Incorporated) S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation) S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation) S3 cphs; C:\Windows\SysWow64\IntelCpHeciSvc.exe [279000 2013-11-04] (Intel Corporation) S3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [43696 2013-08-03] (Microsoft Corporation) S3 GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [206072 2010-10-12] (WildTangent, Inc.) S2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648 2014-01-17] (Google Inc.) S3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648 2014-01-17] (Google Inc.) S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.) S2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [635104 2012-04-20] (Intel(R) Corporation) S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation) S2 irstrtsv; C:\windows\SysWOW64\irstrtsv.exe [193576 2012-07-20] (Intel Corporation) S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) S2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [277824 2012-07-17] (Intel Corporation) S2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-06-04] (McAfee, Inc.) S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [753768 2015-04-07] (McAfee, Inc.) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.5.450.0\McCSPServiceHost.exe [207344 2015-04-08] (McAfee, Inc.) S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.) S2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.) S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [612688 2015-04-09] (McAfee, Inc.) S2 McOobeSv2; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.) S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.) S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.) S2 McSchedulerSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.) S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-02-17] (McAfee, Inc.) S2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [372144 2015-04-06] (McAfee, Inc.) S2 mfevtp; C:\windows\system32\mfevtps.exe [250672 2015-02-17] (McAfee, Inc.) S3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [119408 2015-05-20] (Mozilla Foundation) S2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-08] () S2 NAUpdate; C:\Program Files (x86)\Nero\Update\NASvc.exe [769432 2012-07-13] (Nero AG) S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139856 2013-08-10] (Microsoft Corporation) S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [150600 2013-06-01] (Microsoft Corporation) S2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.) S3 PerfHost; C:\Windows\SysWow64\perfhost.exe [21504 2013-08-22] (Microsoft Corporation) S3 PrintNotify; C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll [2899968 2014-08-16] (Microsoft Corporation) S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-08-31] (Realtek Semiconductor) S3 ScDeviceEnum; C:\Windows\System32\ScDeviceEnum.dll [131072 2014-10-29] (Microsoft Corporation) S3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [833728 2014-10-21] (Valve Corporation) S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-09-25] (Toshiba Europe GmbH) S3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [53384 2012-08-23] (TOSHIBA Corporation) S2 TNSSVC; C:\Program Files\Toshiba\LANDriver\TNSSVC.exe [40944 2012-09-07] () S3 TOSHIBA Bluetooth Service; C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [179608 2014-11-01] (TOSHIBA CORPORATION) S2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\Teco\TecoService.exe [291240 2012-08-25] (TOSHIBA Corporation) S3 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [458152 2012-07-28] (TOSHIBA Corporation) S2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [365376 2012-07-17] (Intel Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [0 2015-05-12] () <==== ATTENTION (zero byte File/Folder) S3 WEPHOSTSVC; C:\Windows\system32\wephostsvc.dll [26112 2014-10-29] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [0 2015-05-12] () <==== ATTENTION (zero byte File/Folder) S3 workfolderssvc; C:\Windows\system32\workfolderssvc.dll [1668096 2014-10-29] (Microsoft Corporation) S4 wuauserv; C:\Windows\system32\wuaueng.dll [0 2015-05-12] () <==== ATTENTION (zero byte File/Folder) S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2014-01-08] (Intel® Corporation) S2 CouponarificService64; C:\Program Files (x86)\08F60977-C840-42C6-A2D3-06E8FE3787F5\xtloowpkjv64.exe [X] S2 Level Quality Watcher; C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe run options=01110010010000000000000000000000 sourceguid=F59A0002-F007-46FB-97D3-3BC5D2551041 [X] S2 sarconsogulpe; C:\Program Files\sarconsogulpe\sarconsogulpe.exe run options=00001009990000000000000000000000 sourceguid=F59A0002-F007-46FB-97D3-3BC5D2551041 [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S0 b06bdrv; C:\Windows\System32\drivers\bxvbda.sys [531296 2013-08-22] (Broadcom Corporation) S1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [33280 2014-02-22] (Microsoft Corporation) S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [68784 2015-02-17] (McAfee, Inc.) S3 e1cexpress; C:\Windows\system32\DRIVERS\e1c64x64.sys [468752 2014-09-26] (Intel Corporation) S3 e1iexpress; C:\Windows\system32\DRIVERS\e1i63x64.sys [460288 2013-06-18] (Intel Corporation) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.) S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation) S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation) S0 iaStorA; C:\Windows\System32\drivers\iaStorA.sys [645952 2012-07-31] (Intel Corporation) S3 igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [4195840 2013-11-04] (Intel Corporation) S3 intaud_WaveExtensible; C:\Windows\system32\drivers\intelaud.sys [39320 2013-10-17] (Intel Corporation) S3 IntcAzAudAddService; C:\Windows\system32\drivers\RTKVHD64.sys [3242896 2012-12-10] (Realtek Semiconductor Corp.) S3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation) S3 iwdbus; C:\Windows\System32\drivers\iwdbus.sys [27032 2013-10-17] (Intel Corporation) S3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [21248 2013-08-22] (Microsoft Corporation) S3 MEIx64; C:\Windows\System32\drivers\HECIx64.sys [62784 2012-07-03] (Intel Corporation) S3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [401736 2015-02-17] (McAfee, Inc.) S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [337888 2015-02-17] (McAfee, Inc.) S0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [101872 2015-02-17] (McAfee, Inc.) S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80160 2015-02-13] (McAfee, Inc.) S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [488000 2015-02-17] (McAfee, Inc.) S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [864072 2015-02-17] (McAfee, Inc.) S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [482600 2015-01-15] (McAfee, Inc.) S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100720 2015-01-15] (McAfee, Inc.) S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340448 2015-02-17] (McAfee, Inc.) S1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [41168 2014-11-19] (NetFilterSDK.com) S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3349984 2014-04-17] (Intel Corporation) S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [921920 2014-10-15] (Microsoft Corporation) S3 risdxc; C:\Windows\System32\drivers\risdxc64.sys [106496 2013-07-30] (REDC) S3 silabenm; C:\Windows\system32\DRIVERS\silabenm.sys [27336 2013-11-25] (Silicon Laboratories) S3 silabser; C:\Windows\system32\DRIVERS\silabser.sys [73216 2013-11-25] (Silicon Laboratories) S3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [33168 2013-11-01] (Windows (R) Win 7 DDK provider) S0 tos_sps64; C:\Windows\System32\drivers\tos_sps64.sys [499096 2012-06-18] (TOSHIBA Corporation) S2 TVALZFL; C:\Windows\system32\DRIVERS\TVALZFL.sys [16768 2012-07-22] (TOSHIBA Corporation) S3 vpci; C:\Windows\System32\drivers\vpci.sys [69952 2014-10-07] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation) S0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation) S3 WUDFSensorLP; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation) S3 WUDFWpdMtp; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation) S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-10] (Windows (R) Win 7 DDK provider) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-26 11:45 - 2015-06-26 11:45 - 00000000 ____D C:\FRST 2015-06-25 13:08 - 2015-06-25 17:37 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0 2015-06-17 08:35 - 2015-06-17 08:35 - 00088576 _____ C:\Users\Stefan\Downloads\68239.zip 2015-06-07 16:58 - 2013-09-23 12:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\System32\Drivers\HipShieldK.sys 2015-06-02 12:29 - 2015-06-02 12:29 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\TeamViewer 2015-06-02 12:28 - 2015-06-02 12:29 - 02234136 _____ C:\Users\Stefan\Downloads\TeamViewer_Cliente.exe 2015-06-02 08:36 - 2015-06-02 08:36 - 04203552 _____ C:\Windows\binaries_burst6y.zip 2015-06-02 08:36 - 2015-05-30 23:52 - 00000000 ____D C:\Windows\binaries_burst6y 2015-05-28 20:25 - 2015-05-28 20:25 - 02066112 _____ C:\Users\Stefan\Downloads\1815165846_lanrentuku.com.zip 2015-05-28 20:25 - 2015-05-28 20:25 - 02066112 _____ C:\Users\Stefan\Downloads\1815165846_lanrentuku.com (1).zip 2015-05-28 09:07 - 2015-05-28 09:07 - 00059190 _____ C:\Users\Stefan\Downloads\RundkursRuhrgebiet.zip ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-24 21:12 - 2013-09-29 20:04 - 00097354 _____ C:\Windows\PFRO.log 2015-06-24 21:12 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\System32\config\BBI 2015-06-24 21:00 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\System32\sru 2015-06-24 09:00 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\Microsoft.NET 2015-06-24 08:59 - 2013-11-12 09:45 - 01572895 _____ C:\Windows\WindowsUpdate.log 2015-06-24 08:32 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\System32\config\ELAM 2015-06-23 20:45 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\SysWOW64 2015-06-23 13:54 - 2013-09-30 05:14 - 01776918 _____ C:\Windows\System32\PerfStringBackup.INI 2015-06-23 13:52 - 2013-08-22 15:46 - 00348429 _____ C:\Windows\setupact.log 2015-06-23 12:17 - 2013-08-30 09:54 - 00000000 ____D C:\05_Jennmar 2015-06-23 06:01 - 2014-01-17 18:24 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-06-18 10:52 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\System32\FxsTmp 2015-06-16 10:58 - 2014-07-09 19:52 - 00000000 ___RD C:\Users\Stefan\Dropbox 2015-06-16 10:58 - 2014-07-09 19:51 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\Dropbox 2015-06-16 10:46 - 2013-11-12 09:53 - 00000000 ___DO C:\Users\Stefan\SkyDrive 2015-06-08 11:34 - 2015-05-11 11:38 - 00000000 ___HD C:\sxeracq 2015-06-07 16:58 - 2013-02-02 09:11 - 00000000 ____D C:\Program Files\Common Files\McAfee 2015-06-07 16:57 - 2015-05-15 10:16 - 00000000 ___HD C:\lxiktqcagqa4b 2015-06-07 16:57 - 2012-07-26 09:12 - 00000000 ___HD C:\Windows\ELAMBKUP 2015-06-07 16:48 - 2015-05-15 10:16 - 00000000 ____D C:\Windows\lxiktqcagqa4b 2015-06-06 12:21 - 2015-05-11 21:06 - 00000000 ___HD C:\recyclebin 2015-06-02 13:56 - 2014-02-13 20:34 - 00000000 ____D C:\ProgramData\Oracle 2015-06-02 12:54 - 2013-08-22 14:36 - 00000000 ___RD C:\Program Files (x86) 2015-05-27 12:22 - 2015-01-14 18:24 - 00000000 ____D C:\Users\Stefan\Documents\WISO Konto Online Some files in TEMP: ==================== C:\Users\Stefan\AppData\Local\Temp\APNSetup.exe C:\Users\Stefan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpulbzlk.dll C:\Users\Stefan\AppData\Local\Temp\DseShExt-x64.dll C:\Users\Stefan\AppData\Local\Temp\DseShExt-x86.dll C:\Users\Stefan\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\Stefan\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe C:\Users\Stefan\AppData\Local\Temp\nsf7BDD.exe C:\Users\Stefan\AppData\Local\Temp\nsn8266.exe C:\Users\Stefan\AppData\Local\Temp\nsn9949.exe C:\Users\Stefan\AppData\Local\Temp\nst2C11.exe C:\Users\Stefan\AppData\Local\Temp\nsu8804.exe C:\Users\Stefan\AppData\Local\Temp\nsv3142.exe C:\Users\Stefan\AppData\Local\Temp\nsy3710.exe C:\Users\Stefan\AppData\Local\Temp\SDShelEx-win32.dll C:\Users\Stefan\AppData\Local\Temp\SDShelEx-x64.dll C:\Users\Stefan\AppData\Local\Temp\unrar.dll C:\Users\Stefan\AppData\Local\Temp\vlc-2.2.1-win32.exe C:\Users\Stefan\AppData\Local\Temp\wusetup.exE ==================== Known DLLs (Whitelisted) ============ ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe [2015-03-11 14:43] - [2015-01-28 00:47] - 2501368 ____A (Microsoft Corporation) C10A66189DC8C090E7C84873EDCEBC88 C:\Windows\System32\winlogon.exe [2014-12-17 19:43] - [2014-10-29 02:22] - 0572416 ____A (Microsoft Corporation) EC498BAE1F0D3E0E401C963F8D76C437 C:\Windows\System32\wininit.exe [2014-12-17 19:42] - [2014-10-29 02:25] - 0145920 ____A (Microsoft Corporation) A570A64292214C43E0BA50E6A72A6380 C:\Windows\System32\svchost.exe [2014-12-17 19:42] - [2014-10-29 05:11] - 0038792 ____A (Microsoft Corporation) E3A2AD05E24105B35E986CF9CB38EC47 C:\Windows\System32\services.exe [2014-12-17 19:43] - [2014-10-29 04:53] - 0411128 ____A (Microsoft Corporation) 5BF02EBEFEDC706318C96E2E60EDCB91 C:\Windows\System32\User32.dll [2014-12-17 19:43] - [2014-10-29 05:00] - 1540696 ____A (Microsoft Corporation) 25026E350BC3BE37631634EC72B10BD5 C:\Windows\System32\userinit.exe [2014-12-17 19:42] - [2014-10-29 02:28] - 0026112 ____A (Microsoft Corporation) 5C131534A3EA4A461A793FB507A8004F C:\Windows\System32\rpcss.dll [2014-12-17 19:43] - [2014-10-29 02:19] - 0817664 ____A (Microsoft Corporation) A6F17C299A03BAFEFB9257C462A19E00 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. C:\Windows\System32\Drivers\volsnap.sys [2014-09-15 06:57] - [2014-06-19 03:13] - 0310080 ___AC (Microsoft Corporation) 64CA2B4A49A8EAF495E435623ECCE7DB ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 29% Total physical RAM: 3232.17 MB Available physical RAM: 2286.69 MB Total Pagefile: 3230.45 MB Available Pagefile: 2314.16 MB Total Virtual: 2047.88 MB Available Virtual: 1947.4 MB ==================== Drives ================================ Drive c: (Speicher I) (Fixed) (Total:219.15 GB) (Free:10.84 GB) NTFS Drive d: (System) (Fixed) (Total:0.44 GB) (Free:0.12 GB) NTFS Drive f: (_STICK) (Removable) (Total:29.81 GB) (Free:6.67 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.08 GB) (Free:0.08 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 238.5 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ======================================================== Disk: 1 (Size: 29.8 GB) (Disk ID: 8C014770) Partition 1: (Active) - (Size=29.8 GB) - (Type=0C) LastRegBack: 2015-06-22 09:11 ==================== End of log ============================ Für Tipps wäre ich dankbar. Grüße Nachtrag : ...davor habe ich die Platte mit der Kaspersky Rescue Disk bearbeitet, gefunden wurde ein Trojaner und 2 Malware Einträge, die wurden durch die Disk gelöscht |
Themen zu Nach "Microsoft Anruf" Gerät gesperrt -> "Kennwort für Systemstart" |
adware, defender, desktop, explorer, file, gelöscht, gesperrt, google, home, hotkey, ics, kaspersky, microsoft, microsoft anruf, opera, realtek, registry, security, siteadvisor, sound, stick, temp, trojaner, virus, windows, wiso |