|
Log-Analyse und Auswertung: Systemdoctor 2014 - frst64.exe - logfile erstelltWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
02.06.2013, 10:34 | #1 |
| Systemdoctor 2014 - frst64.exe - logfile erstellt Hallo, auf meinem Laptop den Virus Systemdoctor 2014. ich habe folgende Anleitung ausgeführt, die ich bei euch gefunden habe: http://www.trojaner-board.de/135756-...-loeschen.html Ich hoffe es ist richtig, wenn ich den frst64.exe erstellten logfile hier in einem neuen Thema veröffentliche? Ich hoffe sie können mir helfen. Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-05-2013 01 Ran by SYSTEM on 02-06-2013 10:56:22 Running from G:\ Windows 7 Home Premium (X64) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7938080 2009-07-24] (Realtek Semiconductor) HKLM\...\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-07-24] (Realtek Semiconductor Corp.) HKLM\...\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation) HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [171520 2009-08-17] (Sun Microsystems, Inc.) HKLM\...\Runonce: [GrpConv] grpconv -o [x] HKLM-x32\...\RunOnce: [awde7zip23012] "C:\Users\CHRIST~1\AppData\Local\Temp\BI_RunOnce.exe" /affid "awde7zip23012" /id "7zip" /name "Zip - 7-Zip" [222208 2012-09-06] (Somoto Ltd.) HKLM-x32\...\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" [317288 2009-05-26] (Sony Corporation) HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-07-10] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [MarketingTools] C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe [26624 2009-09-07] (Sony Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [248552 2010-05-14] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.) HKLM-x32\...\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [648032 2010-11-27] (Sony Corporation) HKLM-x32\...\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [89456 2011-03-07] (Elaborate Bytes AG) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.) HKLM-x32\...\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" [979328 2010-10-12] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345312 2013-05-02] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.) HKU\Christoph\...\Run: [msnmsgr] "C:\Program Files (x86)\MSN Messenger\MsnMsgr.Exe" /background [x] HKU\Christoph\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x] HKU\Christoph\...\Run: [Sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background [448736 2013-03-18] (Sony) HKU\Christoph\...\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHAE.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus SX430" [283232 2012-11-11] (SEIKO EPSON CORPORATION) HKU\Christoph\...\Run: [EPLTarget\P0000000000000001] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHAE.EXE /EPT "EPLTarget\P0000000000000001" /M "Epson Stylus SX430" [283232 2012-11-11] (SEIKO EPSON CORPORATION) HKU\Christoph\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18642024 2013-02-28] (Skype Technologies S.A.) HKU\Christoph\...\Run: [SD2014] C:\Users\Christoph\AppData\Roaming\dVi4NR4a\dVi4NR4a.exe [729088 2013-05-31] () AppInit_DLLs: acaptuser64.dll [119160 2008-06-11] (Adobe Systems, Inc.) Startup: C:\ProgramData\Start Menu\Programs\Startup\Audible Download Manager.lnk ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.) Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) Startup: C:\ProgramData\Start Menu\Programs\Startup\SolidWorks Hintergrund-Downloader.lnk ShortcutTarget: SolidWorks Hintergrund-Downloader.lnk -> C:\Program Files (x86)\Common Files\SolidWorks Installations-Manager\BackgroundDownloading\sldBgDwld.exe (Dassault Systèmes SolidWorks Corp.) ==================== Services (Whitelisted) ================= S2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY) S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86752 2013-03-27] (Avira Operations GmbH & Co. KG) S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110816 2013-03-27] (Avira Operations GmbH & Co. KG) S2 IBUpdaterService; C:\ProgramData\IBUpdaterService\ibsvc.exe [693016 2013-02-28] () S2 ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [247096 2010-09-06] () S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.) S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-06-26] (Sonic Solutions) S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-06-26] (Sonic Solutions) S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [189984 2009-07-24] (Realtek Semiconductor) S3 SOHDBSvr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [70952 2009-07-27] (Sony Corporation) S3 SOHPlMgr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [91432 2009-07-27] (Sony Corporation) S2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [1025408 2013-05-07] (Enigma Software Group USA, LLC.) S2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.) S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2009-07-23] (Sony Corporation) S3 Vcsw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [313264 2009-07-23] (Sony Corporation) S2 VzCdbSvc; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [206336 2009-07-23] (Sony Corporation) ==================== Drivers (Whitelisted) ==================== S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.) S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] () S2 risdptsk; C:\Windows\system32\DRIVERS\risdsn64.sys [76288 2009-07-31] (REDC) S2 avgntflt; system32\DRIVERS\avgntflt.sys [x] S1 avipbb; system32\DRIVERS\avipbb.sys [x] S1 avkmgr; system32\DRIVERS\avkmgr.sys [x] S1 ElbyCDIO; System32\Drivers\ElbyCDIO.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-06-02 10:55 - 2013-06-02 10:55 - 00000000 ____D C:\FRST 2013-06-02 01:25 - 2013-06-02 01:25 - 00161992 ____A () C:\Users\Christoph\Downloads\7ZipSetup.exe 2013-06-02 01:25 - 2013-06-02 01:25 - 00161992 ____A () C:\Users\Christoph\Downloads\7ZipSetup(1).exe 2013-06-02 01:15 - 2013-06-02 01:15 - 00774592 ____A C:\Users\Christoph\Downloads\ZipOpenerSetup(1).exe 2013-06-02 01:09 - 2013-06-02 01:09 - 00774592 ____A C:\Users\Christoph\Downloads\ZipOpenerSetup.exe 2013-06-01 14:11 - 2013-06-01 14:11 - 00002266 ____A C:\Users\Christoph\Desktop\SpyHunter.lnk 2013-06-01 14:11 - 2013-06-01 14:11 - 00000000 ____D C:\Windows\E63D89610BA94CF39E94407ACA42846C.TMP 2013-06-01 14:11 - 2013-06-01 14:11 - 00000000 ____D C:\sh4ldr 2013-06-01 14:11 - 2013-06-01 14:11 - 00000000 ____D C:\Program Files\Enigma Software Group 2013-06-01 14:11 - 2012-06-22 11:01 - 00022704 ____A C:\Windows\System32\Drivers\EsgScanner.sys 2013-05-31 21:18 - 2013-05-31 21:24 - 00728960 ____A (Enigma Software Group USA, LLC.) C:\Users\Christoph\Downloads\explorer.exe 2013-05-31 21:17 - 2013-05-31 21:17 - 00728960 ____A (Enigma Software Group USA, LLC.) C:\Users\Christoph\Downloads\SpyHunter-Installer.exe 2013-05-31 20:04 - 2013-05-31 20:15 - 00001846 ____A C:\Users\Christoph\Desktop\System Doctor 2014.lnk 2013-05-31 20:04 - 2013-05-31 20:15 - 00000112 ____A C:\Users\Christoph\Desktop\System Doctor 2014 support.url 2013-05-31 19:59 - 2013-05-31 20:04 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\dVi4NR4a 2013-05-24 09:55 - 2013-05-24 09:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-05-21 19:08 - 2013-05-21 19:08 - 00013312 __ASH C:\Users\Christoph\Documents\Thumbs.db 2013-05-16 22:37 - 2013-05-05 22:36 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-05-16 22:37 - 2013-05-05 22:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-05-16 22:37 - 2013-05-05 20:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-05-16 22:37 - 2013-05-05 20:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-05-16 22:36 - 2013-04-05 02:19 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-05-16 22:36 - 2013-04-05 02:08 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-05-16 22:36 - 2013-04-05 02:01 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-05-16 22:36 - 2013-04-05 02:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-05-16 22:36 - 2013-04-05 01:59 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-05-16 22:36 - 2013-04-05 01:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-05-16 22:36 - 2013-04-05 01:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-05-16 22:36 - 2013-04-05 01:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-05-16 22:36 - 2013-04-05 01:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-05-16 22:36 - 2013-04-05 01:55 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-05-16 22:36 - 2013-04-05 01:54 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-05-16 22:36 - 2013-04-05 01:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-05-16 22:36 - 2013-04-05 01:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-05-16 22:36 - 2013-04-05 01:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-05-16 22:36 - 2013-04-04 23:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-05-16 22:36 - 2013-04-04 23:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-05-16 22:36 - 2013-04-04 23:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-05-16 22:36 - 2013-04-04 23:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-05-16 22:36 - 2013-04-04 23:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-05-16 22:36 - 2013-04-04 23:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-05-16 22:36 - 2013-04-04 22:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-05-16 22:36 - 2013-04-04 22:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-05-16 22:36 - 2013-04-04 22:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-05-16 22:36 - 2013-04-04 22:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-05-16 22:36 - 2013-04-04 22:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-05-16 22:36 - 2013-04-04 22:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-05-16 22:36 - 2013-04-04 22:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-05-16 22:36 - 2013-04-04 22:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-05-16 14:56 - 2013-04-10 07:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys 2013-05-16 14:56 - 2013-04-10 07:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys 2013-05-16 14:56 - 2013-04-10 04:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-05-16 14:56 - 2013-02-27 06:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2013-05-16 14:56 - 2011-02-03 12:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll 2013-05-16 14:55 - 2013-03-19 06:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll 2013-05-16 14:55 - 2013-03-19 06:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll 2013-05-16 14:55 - 2013-02-27 07:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe 2013-05-16 14:55 - 2013-02-27 06:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll 2013-05-16 14:55 - 2013-02-27 06:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll 2013-05-16 14:55 - 2013-02-27 06:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll 2013-05-16 14:55 - 2013-02-27 05:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2013-05-16 14:55 - 2013-02-27 05:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2013-05-16 14:55 - 2013-02-27 05:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2013-05-10 21:57 - 2013-05-10 21:57 - 00001977 ____A C:\Users\Christoph\Downloads\Amazon-MP3-1368219450.amz 2013-05-10 21:39 - 2013-05-10 21:39 - 00000000 ____D C:\Users\Christoph\Documents\Amazon MP3 ==================== One Month Modified Files and Folders ======= 2013-06-02 10:55 - 2013-06-02 10:55 - 00000000 ____D C:\FRST 2013-06-02 09:42 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-06-02 09:42 - 2009-07-14 05:51 - 00180844 ____A C:\Windows\setupact.log 2013-06-02 01:25 - 2013-06-02 01:25 - 00161992 ____A () C:\Users\Christoph\Downloads\7ZipSetup.exe 2013-06-02 01:25 - 2013-06-02 01:25 - 00161992 ____A () C:\Users\Christoph\Downloads\7ZipSetup(1).exe 2013-06-02 01:15 - 2013-06-02 01:15 - 00774592 ____A C:\Users\Christoph\Downloads\ZipOpenerSetup(1).exe 2013-06-02 01:09 - 2013-06-02 01:09 - 00774592 ____A C:\Users\Christoph\Downloads\ZipOpenerSetup.exe 2013-06-01 14:11 - 2013-06-01 14:11 - 00002266 ____A C:\Users\Christoph\Desktop\SpyHunter.lnk 2013-06-01 14:11 - 2013-06-01 14:11 - 00000000 ____D C:\Windows\E63D89610BA94CF39E94407ACA42846C.TMP 2013-06-01 14:11 - 2013-06-01 14:11 - 00000000 ____D C:\sh4ldr 2013-06-01 14:11 - 2013-06-01 14:11 - 00000000 ____D C:\Program Files\Enigma Software Group 2013-05-31 21:57 - 2009-09-07 05:36 - 00001120 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-05-31 21:56 - 2009-12-05 23:33 - 01865381 ____A C:\Windows\WindowsUpdate.log 2013-05-31 21:56 - 2009-07-14 18:58 - 00662748 ____A C:\Windows\System32\perfh007.dat 2013-05-31 21:56 - 2009-07-14 18:58 - 00133786 ____A C:\Windows\System32\perfc007.dat 2013-05-31 21:56 - 2009-07-14 06:13 - 01521082 ____A C:\Windows\System32\PerfStringBackup.INI 2013-05-31 21:47 - 2009-09-07 05:36 - 00001124 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-05-31 21:24 - 2013-05-31 21:18 - 00728960 ____A (Enigma Software Group USA, LLC.) C:\Users\Christoph\Downloads\explorer.exe 2013-05-31 21:17 - 2013-05-31 21:17 - 00728960 ____A (Enigma Software Group USA, LLC.) C:\Users\Christoph\Downloads\SpyHunter-Installer.exe 2013-05-31 21:17 - 2012-10-23 19:40 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-05-31 20:25 - 2009-07-14 05:45 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-05-31 20:25 - 2009-07-14 05:45 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-05-31 20:15 - 2013-05-31 20:04 - 00001846 ____A C:\Users\Christoph\Desktop\System Doctor 2014.lnk 2013-05-31 20:15 - 2013-05-31 20:04 - 00000112 ____A C:\Users\Christoph\Desktop\System Doctor 2014 support.url 2013-05-31 20:04 - 2013-05-31 19:59 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\dVi4NR4a 2013-05-31 19:32 - 2010-10-26 21:51 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\Skype 2013-05-31 19:32 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\System32\FxsTmp 2013-05-27 13:35 - 2012-12-30 21:43 - 00000000 ____D C:\ProgramData\Sony Ericsson 2013-05-27 13:35 - 2012-12-30 21:43 - 00000000 ____D C:\Program Files (x86)\Sony Ericsson 2013-05-25 10:20 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2013-05-24 21:22 - 2012-11-25 12:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-05-24 09:55 - 2013-05-24 09:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-05-21 19:08 - 2013-05-21 19:08 - 00013312 __ASH C:\Users\Christoph\Documents\Thumbs.db 2013-05-21 09:14 - 2012-05-08 18:12 - 00000000 ____D C:\Users\Christoph\AppData\Local\Paint.NET 2013-05-21 08:54 - 2009-07-14 05:45 - 05150648 ____A C:\Windows\System32\FNTCACHE.DAT 2013-05-16 22:48 - 2009-09-07 05:48 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-05-16 22:43 - 2009-12-08 22:15 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-05-16 00:22 - 2012-11-25 13:00 - 00000000 ____D C:\Users\Christoph\Documents\Sony PMB 2013-05-15 21:05 - 2009-12-05 23:33 - 00000000 ____D C:\users\Christoph 2013-05-15 19:18 - 2012-10-23 19:40 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-05-15 19:18 - 2011-06-06 16:40 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-05-10 21:57 - 2013-05-10 21:57 - 00001977 ____A C:\Users\Christoph\Downloads\Amazon-MP3-1368219450.amz 2013-05-10 21:39 - 2013-05-10 21:39 - 00000000 ____D C:\Users\Christoph\Documents\Amazon MP3 2013-05-05 22:36 - 2013-05-16 22:37 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-05-05 22:16 - 2013-05-16 22:37 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-05-05 20:25 - 2013-05-16 22:37 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-05-05 20:12 - 2013-05-16 22:37 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-05-25 10:19:37 Restore point made on: 2013-05-27 13:36:21 Restore point made on: 2013-05-27 13:36:53 ==================== Memory info =========================== Percentage of memory in use: 16% Total physical RAM: 4063.03 MB Available physical RAM: 3390.62 MB Total Pagefile: 4061.18 MB Available Pagefile: 3393.82 MB Total Virtual: 8192 MB Available Virtual: 8191.86 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:456.11 GB) (Free:4.86 GB) NTFS (Disk=0 Partition=3) Drive e: (Recovery) (Fixed) (Total:9.55 GB) (Free:0.83 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)] Drive g: () (Removable) (Total:1.88 GB) (Free:1.88 GB) FAT (Disk=1 Partition=1) Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 35EE29C6) Partition 1: (Not Active) - (Size=10 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=456 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 2 GB) (Disk ID: 91F72D24) Partition 1: (Active) - (Size=2 GB) - (Type=06) Last Boot: 2013-05-25 10:12 ==================== End Of Log ============================ |
02.06.2013, 10:38 | #2 |
/// the machine /// TB-Ausbilder | Systemdoctor 2014 - frst64.exe - logfile erstellt in arbeit.
__________________
__________________ |
02.06.2013, 10:42 | #3 |
/// the machine /// TB-Ausbilder | Systemdoctor 2014 - frst64.exe - logfile erstellt Hi,
__________________Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKLM\...\Runonce: [GrpConv] grpconv -o [x] HKLM-x32\...\RunOnce: [awde7zip23012] "C:\Users\CHRIST~1\AppData\Local\Temp\BI_RunOnce.exe" /affid "awde7zip23012" /id "7zip" /name "Zip - 7-Zip" [222208 2012-09-06] (Somoto Ltd.) HKU\Christoph\...\Run: [SD2014] C:\Users\Christoph\AppData\Roaming\dVi4NR4a\dVi4NR4a.exe [729088 2013-05-31] () AppInit_DLLs: acaptuser64.dll [119160 2008-06-11] (Adobe Systems, Inc.) 2013-05-31 20:15 - 2013-05-31 20:04 - 00001846 ____A C:\Users\Christoph\Desktop\System Doctor 2014.lnk 2013-05-31 20:15 - 2013-05-31 20:04 - 00000112 ____A C:\Users\Christoph\Desktop\System Doctor 2014 support.url 2013-05-31 20:04 - 2013-05-31 19:59 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\dVi4NR4a
__________________ |
02.06.2013, 15:02 | #4 |
| Systemdoctor 2014 - frst64.exe - logfile erstellt Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-05-2013 01 Ran by SYSTEM at 2013-06-02 16:01:28 Run:1 Running from G:\ Boot Mode: Recovery ============================================== HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\GrpConv => Value deleted successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\awde7zip23012 => Value deleted successfully. HKEY_USERS\Christoph\Software\Microsoft\Windows\CurrentVersion\Run\\SD2014 => Value deleted successfully. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully. C:\Users\Christoph\Desktop\System Doctor 2014.lnk => Moved successfully. C:\Users\Christoph\Desktop\System Doctor 2014 support.url => Moved successfully. C:\Users\Christoph\AppData\Roaming\dVi4NR4a => Moved successfully. ==== End of Fixlog ==== |
02.06.2013, 15:04 | #5 |
/// the machine /// TB-Ausbilder | Systemdoctor 2014 - frst64.exe - logfile erstellt Normal booten?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Systemdoctor 2014 - frst64.exe - logfile erstellt |
.dll, 7-zip, adobe, adobe flash player, antivir, association, avg, avira, desktop, download, esgscanner.sys, explorer, farbar, farbar recovery scan tool, flash player, frst.txt, frst64.exe, home, icq, logfile, microsoft, mozilla, opera, realtek, registry, security, services.exe, software, somoto, svchost.exe, systemdoctor 2014, temp, virus, winlogon.exe |