Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Nach "Microsoft Anruf" Gerät gesperrt -> "Kennwort für Systemstart"

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Alt 26.06.2015, 12:12   #1
scaR81
 
Nach "Microsoft Anruf" Gerät gesperrt -> "Kennwort für Systemstart" - Standard

Nach "Microsoft Anruf" Gerät gesperrt -> "Kennwort für Systemstart"



Hallo zusammen,

versuche soeben ein Gerät, Windows 8.1, von einem Virus / Trojaner zu befreien.
Wenn ich das Gerät starte erscheint die Meldung "Kennwort für Systemstart" in einer Windows 98 Optik.

Habe bisher mit autoruns alles was komisch aussah gelöscht, das hat aber nichts gebracht.

Das FRST Tool sagt folgendes :
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-06-2015
Ran by SYSTEM on MINWINPC on 26-06-2015 11:45:53
Running from F:\
Platform: Windows 8.1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
ATTENTION!:=====> THE OPERATING SYSTEM IS A X64 SYSTEM BUT THE BOOT DISK THAT IS USED TO BOOT TO RECOVERY ENVIRONMENT IS A X86 SYSTEM DISK.
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13261456 2012-12-10] (Realtek Semiconductor)
HKLM\...\Run: [SRS Premium Sound 3D] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-07-27] (SRS Labs, Inc.)
HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1548952 2012-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-05] ()
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2609064 2012-08-30] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-08-28] (Synaptics Incorporated)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\Stefan\...\Run: [MailTab] => C:\Program Files (x86)\FIPLAB Ltd\MailTab for Gmail\MailTabWin.exe [2734080 2012-10-09] ()
HKU\Stefan\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\Stefan\...\Run: [DelayShred] => c:\Program Files\McAfee\MQS\ShrCL.exe [101272 2015-04-08] (McAfee, Inc.)
HKU\Stefan\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1938624 2014-10-21] (Valve Corporation)
HKU\Stefan\...\Run: [Device Smart Session Net.Tcp] => C:\sxeracq\nadintj.exe
Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2015-03-30]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-07-09]
ShortcutTarget: Dropbox.lnk -> C:\Users\Default\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 0099681433230856mcinstcleanup; C:\WINDOWS\TEMP\009968~1.EXE [883024 2015-05-04] (McAfee, Inc.)
S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [81088 2014-12-19] (Adobe Systems Incorporated)
S3 AdobeFlashPlayerUpdateSvc; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [268464 2015-06-23] (Adobe Systems Incorporated)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
S3 cphs; C:\Windows\SysWow64\IntelCpHeciSvc.exe [279000 2013-11-04] (Intel Corporation)
S3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [43696 2013-08-03] (Microsoft Corporation)
S3 GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [206072 2010-10-12] (WildTangent, Inc.)
S2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648 2014-01-17] (Google Inc.)
S3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648 2014-01-17] (Google Inc.)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
S2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [635104 2012-04-20] (Intel(R) Corporation)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
S2 irstrtsv; C:\windows\SysWOW64\irstrtsv.exe [193576 2012-07-20] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [277824 2012-07-17] (Intel Corporation)
S2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-06-04] (McAfee, Inc.)
S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [753768 2015-04-07] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.5.450.0\McCSPServiceHost.exe [207344 2015-04-08] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [612688 2015-04-09] (McAfee, Inc.)
S2 McOobeSv2; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
S2 McSchedulerSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-02-17] (McAfee, Inc.)
S2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [372144 2015-04-06] (McAfee, Inc.)
S2 mfevtp; C:\windows\system32\mfevtps.exe [250672 2015-02-17] (McAfee, Inc.)
S3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [119408 2015-05-20] (Mozilla Foundation)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-08] ()
S2 NAUpdate; C:\Program Files (x86)\Nero\Update\NASvc.exe [769432 2012-07-13] (Nero AG)
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139856 2013-08-10] (Microsoft Corporation)
S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [150600 2013-06-01] (Microsoft Corporation)
S2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
S3 PerfHost; C:\Windows\SysWow64\perfhost.exe [21504 2013-08-22] (Microsoft Corporation)
S3 PrintNotify; C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll [2899968 2014-08-16] (Microsoft Corporation)
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-08-31] (Realtek Semiconductor)
S3 ScDeviceEnum; C:\Windows\System32\ScDeviceEnum.dll [131072 2014-10-29] (Microsoft Corporation)
S3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [833728 2014-10-21] (Valve Corporation)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-09-25] (Toshiba Europe GmbH)
S3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [53384 2012-08-23] (TOSHIBA Corporation)
S2 TNSSVC; C:\Program Files\Toshiba\LANDriver\TNSSVC.exe [40944 2012-09-07] ()
S3 TOSHIBA Bluetooth Service; C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [179608 2014-11-01] (TOSHIBA CORPORATION)
S2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\Teco\TecoService.exe [291240 2012-08-25] (TOSHIBA Corporation)
S3 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [458152 2012-07-28] (TOSHIBA Corporation)
S2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [365376 2012-07-17] (Intel Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [0 2015-05-12] () <==== ATTENTION (zero byte File/Folder)
S3 WEPHOSTSVC; C:\Windows\system32\wephostsvc.dll [26112 2014-10-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [0 2015-05-12] () <==== ATTENTION (zero byte File/Folder)
S3 workfolderssvc; C:\Windows\system32\workfolderssvc.dll [1668096 2014-10-29] (Microsoft Corporation)
S4 wuauserv; C:\Windows\system32\wuaueng.dll [0 2015-05-12] () <==== ATTENTION (zero byte File/Folder)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2014-01-08] (Intel® Corporation)
S2 CouponarificService64; C:\Program Files (x86)\08F60977-C840-42C6-A2D3-06E8FE3787F5\xtloowpkjv64.exe [X]
S2 Level Quality Watcher; C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe run options=01110010010000000000000000000000 sourceguid=F59A0002-F007-46FB-97D3-3BC5D2551041 [X]
S2 sarconsogulpe; C:\Program Files\sarconsogulpe\sarconsogulpe.exe run options=00001009990000000000000000000000 sourceguid=F59A0002-F007-46FB-97D3-3BC5D2551041 [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 b06bdrv; C:\Windows\System32\drivers\bxvbda.sys [531296 2013-08-22] (Broadcom Corporation)
S1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [33280 2014-02-22] (Microsoft Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [68784 2015-02-17] (McAfee, Inc.)
S3 e1cexpress; C:\Windows\system32\DRIVERS\e1c64x64.sys [468752 2014-09-26] (Intel Corporation)
S3 e1iexpress; C:\Windows\system32\DRIVERS\e1i63x64.sys [460288 2013-06-18] (Intel Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorA; C:\Windows\System32\drivers\iaStorA.sys [645952 2012-07-31] (Intel Corporation)
S3 igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [4195840 2013-11-04] (Intel Corporation)
S3 intaud_WaveExtensible; C:\Windows\system32\drivers\intelaud.sys [39320 2013-10-17] (Intel Corporation)
S3 IntcAzAudAddService; C:\Windows\system32\drivers\RTKVHD64.sys [3242896 2012-12-10] (Realtek Semiconductor Corp.)
S3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation)
S3 iwdbus; C:\Windows\System32\drivers\iwdbus.sys [27032 2013-10-17] (Intel Corporation)
S3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [21248 2013-08-22] (Microsoft Corporation)
S3 MEIx64; C:\Windows\System32\drivers\HECIx64.sys [62784 2012-07-03] (Intel Corporation)
S3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [401736 2015-02-17] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [337888 2015-02-17] (McAfee, Inc.)
S0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [101872 2015-02-17] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80160 2015-02-13] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [488000 2015-02-17] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [864072 2015-02-17] (McAfee, Inc.)
S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [482600 2015-01-15] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100720 2015-01-15] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340448 2015-02-17] (McAfee, Inc.)
S1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [41168 2014-11-19] (NetFilterSDK.com)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3349984 2014-04-17] (Intel Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [921920 2014-10-15] (Microsoft Corporation)
S3 risdxc; C:\Windows\System32\drivers\risdxc64.sys [106496 2013-07-30] (REDC)
S3 silabenm; C:\Windows\system32\DRIVERS\silabenm.sys [27336 2013-11-25] (Silicon Laboratories)
S3 silabser; C:\Windows\system32\DRIVERS\silabser.sys [73216 2013-11-25] (Silicon Laboratories)
S3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [33168 2013-11-01] (Windows (R) Win 7 DDK provider)
S0 tos_sps64; C:\Windows\System32\drivers\tos_sps64.sys [499096 2012-06-18] (TOSHIBA Corporation)
S2 TVALZFL; C:\Windows\system32\DRIVERS\TVALZFL.sys [16768 2012-07-22] (TOSHIBA Corporation)
S3 vpci; C:\Windows\System32\drivers\vpci.sys [69952 2014-10-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation)
S3 WUDFSensorLP; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-10] (Windows (R) Win 7 DDK provider)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-26 11:45 - 2015-06-26 11:45 - 00000000 ____D C:\FRST
2015-06-25 13:08 - 2015-06-25 17:37 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2015-06-17 08:35 - 2015-06-17 08:35 - 00088576 _____ C:\Users\Stefan\Downloads\68239.zip
2015-06-07 16:58 - 2013-09-23 12:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\System32\Drivers\HipShieldK.sys
2015-06-02 12:29 - 2015-06-02 12:29 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\TeamViewer
2015-06-02 12:28 - 2015-06-02 12:29 - 02234136 _____ C:\Users\Stefan\Downloads\TeamViewer_Cliente.exe
2015-06-02 08:36 - 2015-06-02 08:36 - 04203552 _____ C:\Windows\binaries_burst6y.zip
2015-06-02 08:36 - 2015-05-30 23:52 - 00000000 ____D C:\Windows\binaries_burst6y
2015-05-28 20:25 - 2015-05-28 20:25 - 02066112 _____ C:\Users\Stefan\Downloads\1815165846_lanrentuku.com.zip
2015-05-28 20:25 - 2015-05-28 20:25 - 02066112 _____ C:\Users\Stefan\Downloads\1815165846_lanrentuku.com (1).zip
2015-05-28 09:07 - 2015-05-28 09:07 - 00059190 _____ C:\Users\Stefan\Downloads\RundkursRuhrgebiet.zip
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-24 21:12 - 2013-09-29 20:04 - 00097354 _____ C:\Windows\PFRO.log
2015-06-24 21:12 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\System32\config\BBI
2015-06-24 21:00 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\System32\sru
2015-06-24 09:00 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\Microsoft.NET
2015-06-24 08:59 - 2013-11-12 09:45 - 01572895 _____ C:\Windows\WindowsUpdate.log
2015-06-24 08:32 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\System32\config\ELAM
2015-06-23 20:45 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\SysWOW64
2015-06-23 13:54 - 2013-09-30 05:14 - 01776918 _____ C:\Windows\System32\PerfStringBackup.INI
2015-06-23 13:52 - 2013-08-22 15:46 - 00348429 _____ C:\Windows\setupact.log
2015-06-23 12:17 - 2013-08-30 09:54 - 00000000 ____D C:\05_Jennmar
2015-06-23 06:01 - 2014-01-17 18:24 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-18 10:52 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\System32\FxsTmp
2015-06-16 10:58 - 2014-07-09 19:52 - 00000000 ___RD C:\Users\Stefan\Dropbox
2015-06-16 10:58 - 2014-07-09 19:51 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\Dropbox
2015-06-16 10:46 - 2013-11-12 09:53 - 00000000 ___DO C:\Users\Stefan\SkyDrive
2015-06-08 11:34 - 2015-05-11 11:38 - 00000000 ___HD C:\sxeracq
2015-06-07 16:58 - 2013-02-02 09:11 - 00000000 ____D C:\Program Files\Common Files\McAfee
2015-06-07 16:57 - 2015-05-15 10:16 - 00000000 ___HD C:\lxiktqcagqa4b
2015-06-07 16:57 - 2012-07-26 09:12 - 00000000 ___HD C:\Windows\ELAMBKUP
2015-06-07 16:48 - 2015-05-15 10:16 - 00000000 ____D C:\Windows\lxiktqcagqa4b
2015-06-06 12:21 - 2015-05-11 21:06 - 00000000 ___HD C:\recyclebin
2015-06-02 13:56 - 2014-02-13 20:34 - 00000000 ____D C:\ProgramData\Oracle
2015-06-02 12:54 - 2013-08-22 14:36 - 00000000 ___RD C:\Program Files (x86)
2015-05-27 12:22 - 2015-01-14 18:24 - 00000000 ____D C:\Users\Stefan\Documents\WISO Konto Online
 
Some files in TEMP:
====================
C:\Users\Stefan\AppData\Local\Temp\APNSetup.exe
C:\Users\Stefan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpulbzlk.dll
C:\Users\Stefan\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Stefan\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Stefan\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Stefan\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Stefan\AppData\Local\Temp\nsf7BDD.exe
C:\Users\Stefan\AppData\Local\Temp\nsn8266.exe
C:\Users\Stefan\AppData\Local\Temp\nsn9949.exe
C:\Users\Stefan\AppData\Local\Temp\nst2C11.exe
C:\Users\Stefan\AppData\Local\Temp\nsu8804.exe
C:\Users\Stefan\AppData\Local\Temp\nsv3142.exe
C:\Users\Stefan\AppData\Local\Temp\nsy3710.exe
C:\Users\Stefan\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Stefan\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Stefan\AppData\Local\Temp\unrar.dll
C:\Users\Stefan\AppData\Local\Temp\vlc-2.2.1-win32.exe
C:\Users\Stefan\AppData\Local\Temp\wusetup.exE
 
 
==================== Known DLLs (Whitelisted) ============
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe
[2015-03-11 14:43] - [2015-01-28 00:47] - 2501368 ____A (Microsoft Corporation) C10A66189DC8C090E7C84873EDCEBC88
 
C:\Windows\System32\winlogon.exe
[2014-12-17 19:43] - [2014-10-29 02:22] - 0572416 ____A (Microsoft Corporation) EC498BAE1F0D3E0E401C963F8D76C437
 
C:\Windows\System32\wininit.exe
[2014-12-17 19:42] - [2014-10-29 02:25] - 0145920 ____A (Microsoft Corporation) A570A64292214C43E0BA50E6A72A6380
 
C:\Windows\System32\svchost.exe
[2014-12-17 19:42] - [2014-10-29 05:11] - 0038792 ____A (Microsoft Corporation) E3A2AD05E24105B35E986CF9CB38EC47
 
C:\Windows\System32\services.exe
[2014-12-17 19:43] - [2014-10-29 04:53] - 0411128 ____A (Microsoft Corporation) 5BF02EBEFEDC706318C96E2E60EDCB91
 
C:\Windows\System32\User32.dll
[2014-12-17 19:43] - [2014-10-29 05:00] - 1540696 ____A (Microsoft Corporation) 25026E350BC3BE37631634EC72B10BD5
 
C:\Windows\System32\userinit.exe
[2014-12-17 19:42] - [2014-10-29 02:28] - 0026112 ____A (Microsoft Corporation) 5C131534A3EA4A461A793FB507A8004F
 
C:\Windows\System32\rpcss.dll
[2014-12-17 19:43] - [2014-10-29 02:19] - 0817664 ____A (Microsoft Corporation) A6F17C299A03BAFEFB9257C462A19E00
 
ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys
[2014-09-15 06:57] - [2014-06-19 03:13] - 0310080 ___AC (Microsoft Corporation) 64CA2B4A49A8EAF495E435623ECCE7DB
 
 
==================== Restore Points =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 29%
Total physical RAM: 3232.17 MB
Available physical RAM: 2286.69 MB
Total Pagefile: 3230.45 MB
Available Pagefile: 2314.16 MB
Total Virtual: 2047.88 MB
Available Virtual: 1947.4 MB
 
==================== Drives ================================
 
Drive c: (Speicher I) (Fixed) (Total:219.15 GB) (Free:10.84 GB) NTFS
Drive d: (System) (Fixed) (Total:0.44 GB) (Free:0.12 GB) NTFS
Drive f: (_STICK) (Removable) (Total:29.81 GB) (Free:6.67 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.08 GB) (Free:0.08 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (Size: 29.8 GB) (Disk ID: 8C014770)
Partition 1: (Active) - (Size=29.8 GB) - (Type=0C)
 
 
LastRegBack: 2015-06-22 09:11
 
==================== End of log ============================
         
--- --- ---



Für Tipps wäre ich dankbar.

Grüße


Nachtrag :

...davor habe ich die Platte mit der Kaspersky Rescue Disk bearbeitet, gefunden wurde ein Trojaner und 2 Malware Einträge, die wurden durch die Disk gelöscht

 

Themen zu Nach "Microsoft Anruf" Gerät gesperrt -> "Kennwort für Systemstart"
adware, defender, desktop, explorer, file, gelöscht, gesperrt, google, home, hotkey, ics, kaspersky, microsoft, microsoft anruf, opera, realtek, registry, security, siteadvisor, sound, stick, temp, trojaner, virus, windows, wiso




Ähnliche Themen: Nach "Microsoft Anruf" Gerät gesperrt -> "Kennwort für Systemstart"


  1. PC nach betrügerischem Anruf vom "Support" gesperrt -> Lösung
    Diskussionsforum - 24.01.2017 (8)
  2. Nach Photo Transfer mit "MPE" nach"D", auf "C" ca. 5GB verloren? Rest: 5,6GB auf "C"!
    Alles rund um Windows - 17.04.2016 (21)
  3. Nach "Microsoft Anruf" Gerät gesperrt -> "Kennwort für Systemstart" Nach "Microsoft Anruf" Gerät gesperrt -> "Kennwort für Systemstart"
    Log-Analyse und Auswertung - 19.11.2015 (3)
  4. Sykey Sperre nach "Microsoft Anruf"
    Log-Analyse und Auswertung - 11.07.2015 (6)
  5. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  6. Fehlermeldung bei Systemstart von WINDOWS 7 64-bit: RegSvr32 "Fehler beim Laden des Moduls ""."
    Log-Analyse und Auswertung - 17.08.2014 (10)
  7. Windows 7: Fehlermeldung bei Systemstart- RegSvr32 "Fehler beim Laden des Moduls ""."
    Alles rund um Windows - 12.08.2014 (18)
  8. Windows 7: Fehlermeldung bei Systemstart- RegSvr32 "Fehler beim Laden des Moduls ""."
    Log-Analyse und Auswertung - 16.06.2014 (11)
  9. Trojaner nach "Anruf von Microsoft Service Center"?
    Plagegeister aller Art und deren Bekämpfung - 21.02.2014 (9)
  10. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  11. "The document has moved. Redirecting"+"Popup unten rechts"+"Nicht alle Links anklickbar"
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (38)
  12. "rundll-Problem" und "USB-Gerät wird nicht erkannt....." - bin am verzweifeln!
    Plagegeister aller Art und deren Bekämpfung - 04.10.2012 (48)
  13. Weißer Bildschirm nach Systemstart: "Achtung ihr Computer wurde gesperrt"
    Plagegeister aller Art und deren Bekämpfung - 11.02.2012 (24)
  14. "muxyi.exe" und Fehler bei Rechte zu "C:\ProgramData\Microsoft\Windows"
    Plagegeister aller Art und deren Bekämpfung - 08.01.2011 (5)
  15. Frage zum Neuaufsetzen ( "Client für Microsoft Netzwerke" / "Druckerfreigabe")
    Alles rund um Windows - 28.04.2010 (1)
  16. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)
  17. ">"">><meta http-equiv="Refresh" content="0;url=http://askimizsonsuza.com/code/">"">
    Plagegeister aller Art und deren Bekämpfung - 04.09.2006 (4)

Zum Thema Nach "Microsoft Anruf" Gerät gesperrt -> "Kennwort für Systemstart" - Hallo zusammen, versuche soeben ein Gerät, Windows 8.1, von einem Virus / Trojaner zu befreien. Wenn ich das Gerät starte erscheint die Meldung "Kennwort für Systemstart" in einer Windows 98 - Nach "Microsoft Anruf" Gerät gesperrt -> "Kennwort für Systemstart"...
Archiv
Du betrachtest: Nach "Microsoft Anruf" Gerät gesperrt -> "Kennwort für Systemstart" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.