| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU Virus, abgesicherter Modus mit Eingabeaufforderung funktioniert nichtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
01.08.2013, 15:11
| #1 |
 |  GVU Virus, abgesicherter Modus mit Eingabeaufforderung funktioniert nicht Hallo zusammen, habe mir den GVU-Virus eingefangen. Beim Starten im abgesicherten Modus fährt der Rechner nach ganz kurzem Auftauchen des Terminals direkt wieder runter. Windows 7 Premium Home 64bit. Hab mir eine OTLPE CD erstellt (nach Suchen hier im Forum) aber nachdem der Ladescrollbar für OTL beim Booten voll war, kam nach ein paar Sekunden komischerweise das Windowslogo und dann ein Bluescreen ("A problem has been detected and windows has been shut down to prevent damage to your computer"). Ich habe auch eine Ubuntu Boot Cd erstellt, mit der ich zumindest booten konnte. Habe vorher ein paar komische Probleme gehabt (Hinweise auf Fehler in der AVG.exe, Probleme mit dem Router Login, Hohen Ramverbrauch der Browser), Scans mit Malware und AVG haben aber nie auch nur einen Fund ausgespuckt. Für Hilfe wäre ich sehr dankbar. |
|
01.08.2013, 15:19
| #2 |
| /// TB-Ausbilder   | GVU Virus, abgesicherter Modus mit Eingabeaufforderung funktioniert nicht Hallo,
__________________dann versuchen wir es so: Downloade dir bitte Farbar Recovery Scan Tool 64-Bit und speichere diese auf einen USB Stick (nicht in einen Unterordner!). Schliesse den USB Stick an den infizierten Rechner an. Du musst das System nun in die System Reparatur Option booten: Variante 1 - Über den Boot Manager Wenn du jetzt in den Reparaturoptionen bist, wähle Eingabeaufforderung.
__________________ |
|
01.08.2013, 16:13
| #3 |
| | GVU Virus, abgesicherter Modus mit Eingabeaufforderung funktioniert nicht Hi Leo,
__________________das hat soweit geklappt. .txt file im anhang |
|
01.08.2013, 19:02
| #4 |
| /// TB-Ausbilder | GVU Virus, abgesicherter Modus mit Eingabeaufforderung funktioniert nicht Hi, startet der Rechner nach diesem Fix wieder normal? Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\Ich\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\Ich\AppData\Local\Temp\exngoqqilcksnvlkw.exe [71168 2013-08-01] () <===== ATTENTION
HKU\Ich\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION
HKU\Ich\...\Command Processor: "C:\Users\Ich\AppData\Local\Temp\exngoqqilcksnvlkw.exe" <===== ATTENTION!
C:\Users\Ich\AppData\Local\Temp\exngoqqilcksnvlkw.exe
C:\Users\Ich\AppData\Local\Temp\exngoqqilcksnvlkw.dll
2013-08-01 09:53 - 2013-08-01 09:53 - 01084721 _____ C:\Users\Ich\AppData\Roaming\2433f433
2013-08-01 09:53 - 2013-08-01 09:53 - 01084718 _____ C:\Users\Ich\AppData\Local\2433f433
2013-08-01 09:53 - 2013-08-01 09:53 - 01084679 _____ C:\ProgramData\2433f433
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.
__________________ cheers, Leo |
|
01.08.2013, 19:19
| #5 |
| | GVU Virus, abgesicherter Modus mit Eingabeaufforderung funktioniert nicht Hi Leo, ja der Rechner startet jetzt normal. Hier das Log Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-07-2013 03
Ran by SYSTEM at 2013-08-01 23:16:26 Run:1
Running from G:\
Boot Mode: Recovery
==============================================
HKU\Ich\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kk1e7pnbb19m52fx => Value deleted successfully.
HKU\Ich\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKU\Ich\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully.
C:\Users\Ich\AppData\Local\Temp\exngoqqilcksnvlkw.exe => Moved successfully.
"C:\Users\Ich\AppData\Local\Temp\exngoqqilcksnvlkw.dll" => File/Directory not found.
C:\Users\Ich\AppData\Roaming\2433f433 => Moved successfully.
C:\Users\Ich\AppData\Local\2433f433 => Moved successfully.
C:\ProgramData\2433f433 => Moved successfully.
==== End of Fixlog ====
Geändert von notagain (01.08.2013 um 19:22 Uhr) Grund: Vergessen Start zu prüfen |
|
01.08.2013, 20:22
| #6 |
| /// TB-Ausbilder | GVU Virus, abgesicherter Modus mit Eingabeaufforderung funktioniert nicht Prima. Dann verschiebe die frst64.exe vom USB-Stick auf den Desktop.
__________________ --> GVU Virus, abgesicherter Modus mit Eingabeaufforderung funktioniert nicht |
|
01.08.2013, 20:32
| #7 |
| | GVU Virus, abgesicherter Modus mit Eingabeaufforderung funktioniert nicht FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-07-2013 03
Ran by Ich (administrator) on 02-08-2013 00:25:13
Running from E:\Users\Ich\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
() C:\Program Files\Macrium\Reflect\ReflectService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Synaptics, Inc.) C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\Hotkey\Hotkey.exe
(Synaptics Incorporated) C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(VIA Technologies, Inc.) C:\Windows\system32\viakaraokesrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2735400 2011-03-31] (Synaptics Incorporated)
HKLM\...\InprocServer32: [Default-cscui] <==== ATTENTION!
MountPoints2: {e35176a0-0192-11e2-87e2-806e6f6e6963} - H:\SETUP.EXE
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [KeePass 2 PreLoad] - C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [1895424 2012-05-01] (Dominik Reichl)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440 2013-07-01] (AVG Technologies CZ, s.r.o.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [250504 2013-02-10] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [205184 2013-02-10] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk
ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\Hotkey.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nach Updates suchen.lnk
ShortcutTarget: Nach Updates suchen.lnk -> C:\Program Files (x86)\Common Files\PCTV Systems\WebUpdater\WebUpdater.exe (PCTV Systems)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scrybe.lnk
ShortcutTarget: Scrybe.lnk -> C:\Windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe (Acresso Software Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2210608 2006-10-27] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
==================== Services (Whitelisted) =================
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-04-17] ()
R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [32256 2010-09-03] ()
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [301760 2012-08-21] ()
R2 ScrybeUpdater; C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [1300264 2011-05-27] (Synaptics, Inc.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-03-23] (VIA Technologies, Inc.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2671376 2012-04-17] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-07-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R3 azvusb; C:\Windows\System32\DRIVERS\azvusb.sys [54784 2009-08-24] (AzureWave Technologies, Inc.)
R2 cpuz135; C:\Windows\system32\drivers\cpuz135_x64.sys [21992 2011-09-21] (CPUID)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-09-01] (DT Soft Ltd)
S3 firefaceu64; C:\Windows\System32\drivers\fireface_usb_64.sys [100736 2013-02-19] (RME)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [1077840 2010-11-19] (DiBcom SA)
S3 MODRC; C:\Windows\System32\DRIVERS\modrc.sys [24272 2010-11-19] (DiBcom S.A.)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw00.sys [11471872 2012-03-12] (Intel Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-09-18] (Duplex Secure Ltd.)
S3 SynUSB64; C:\Windows\System32\DRIVERS\SynUSB64.sys [30352 2009-06-26] (Steinberg Media Technologies GmbH)
U3 ae1lbxia; C:\Windows\System32\Drivers\ae1lbxia.sys [0 ] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-02 00:24 - 2013-07-30 08:17 - 01781589 _____ (Farbar) E:\Users\Ich\Desktop\FRST64.exe
2013-08-01 21:09 - 2013-08-01 21:09 - 00000000 ____D C:\FRST
2013-07-27 18:51 - 2013-07-29 00:03 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-07-27 18:49 - 2013-07-27 18:51 - 00000000 ____D C:\Users\Ich\AppData\Roaming\Riot Games
2013-07-24 15:14 - 2013-07-24 15:14 - 00000000 ____D C:\Users\Ich\AppData\Roaming\AVG2013
2013-07-24 15:11 - 2013-07-31 12:49 - 00000981 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-07-24 15:11 - 2013-07-24 15:11 - 00000000 ____D C:\Users\Ich\AppData\Roaming\TuneUp Software
2013-07-24 15:10 - 2013-07-24 15:13 - 00000000 ____D C:\ProgramData\AVG2013
2013-07-20 01:51 - 2013-07-20 01:51 - 00311608 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00246072 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00206648 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00071480 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2013-07-14 03:54 - 2013-07-14 03:56 - 00000000 ____D C:\Windows\system32\MRT
2013-07-11 02:04 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-11 02:04 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-11 02:04 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-11 02:04 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-11 02:04 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-11 02:04 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-11 02:04 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-11 02:04 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-11 02:04 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-11 02:04 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-11 02:04 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-11 02:04 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-11 02:04 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-11 02:04 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 02:04 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 02:04 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-11 02:04 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 02:04 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 02:04 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 02:04 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 02:04 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 02:04 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 02:04 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 02:04 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-11 02:04 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-11 02:04 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 02:04 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-11 02:04 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-11 02:04 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-11 02:04 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 02:04 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 13:14 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 13:14 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 13:14 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 13:14 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 13:13 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 13:13 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 13:13 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-10 01:32 - 2013-07-10 01:32 - 00045880 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
==================== One Month Modified Files and Folders =======
2013-08-01 23:34 - 2012-09-07 12:45 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-01 23:29 - 2009-07-14 06:45 - 00014928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-01 23:29 - 2009-07-14 06:45 - 00014928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-01 23:25 - 2012-08-31 23:47 - 00000000 ____D C:\ProgramData\MFAData
2013-08-01 23:21 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-01 23:21 - 2009-07-14 06:51 - 00075022 _____ C:\Windows\setupact.log
2013-08-01 21:09 - 2013-08-01 21:09 - 00000000 ____D C:\FRST
2013-08-01 13:42 - 2012-08-31 20:58 - 01840693 _____ C:\Windows\WindowsUpdate.log
2013-07-31 21:29 - 2012-09-18 15:29 - 00000000 ____D E:\Users\Ich\Documents\Texte
2013-07-31 20:12 - 2012-09-12 12:41 - 00000000 ____D E:\Users\Ich\Documents\Reflect
2013-07-31 12:49 - 2013-07-24 15:11 - 00000981 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-07-31 12:48 - 2012-08-31 23:52 - 00000000 ___HD C:\$AVG
2013-07-30 08:17 - 2013-08-02 00:24 - 01781589 _____ (Farbar) E:\Users\Ich\Desktop\FRST64.exe
2013-07-29 00:13 - 2012-08-31 20:58 - 00000000 ____D C:\Users\Ich
2013-07-29 00:03 - 2013-07-27 18:51 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-07-29 00:00 - 2012-09-01 22:55 - 00000000 ____D C:\Users\Ich\AppData\Local\PMB Files
2013-07-29 00:00 - 2012-09-01 22:55 - 00000000 ____D C:\ProgramData\PMB Files
2013-07-27 20:29 - 2009-07-14 19:58 - 00713538 _____ C:\Windows\system32\perfh007.dat
2013-07-27 20:29 - 2009-07-14 19:58 - 00153590 _____ C:\Windows\system32\perfc007.dat
2013-07-27 20:29 - 2009-07-14 07:13 - 01646580 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-27 20:26 - 2013-06-01 20:00 - 00000349 _____ C:\Users\Public\Documents\PCLECHAL.INI
2013-07-27 18:51 - 2013-07-27 18:49 - 00000000 ____D C:\Users\Ich\AppData\Roaming\Riot Games
2013-07-24 18:12 - 2013-04-03 18:49 - 00000000 ____D C:\Users\Ich\AppData\Local\Avg2013
2013-07-24 15:27 - 2012-09-02 03:17 - 00030116 _____ C:\Windows\PFRO.log
2013-07-24 15:26 - 2012-08-31 23:51 - 00000000 ____D C:\Program Files (x86)\AVG
2013-07-24 15:14 - 2013-07-24 15:14 - 00000000 ____D C:\Users\Ich\AppData\Roaming\AVG2013
2013-07-24 15:13 - 2013-07-24 15:10 - 00000000 ____D C:\ProgramData\AVG2013
2013-07-24 15:11 - 2013-07-24 15:11 - 00000000 ____D C:\Users\Ich\AppData\Roaming\TuneUp Software
2013-07-21 05:20 - 2012-09-01 00:30 - 00000000 ____D C:\Users\Ich\AppData\Roaming\KeePass
2013-07-20 01:51 - 2013-07-20 01:51 - 00311608 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00246072 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00206648 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00071480 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2013-07-18 14:51 - 2012-09-18 15:30 - 00000000 ____D E:\Users\Ich\Documents\Work
2013-07-17 14:07 - 2012-09-18 16:35 - 00000000 ____D C:\Users\Ich\AppData\Local\Adobe
2013-07-17 14:07 - 2012-09-07 12:45 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-17 14:07 - 2012-09-01 02:45 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-17 14:07 - 2012-09-01 02:45 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-16 17:00 - 2012-09-18 15:33 - 00000000 ____D C:\Users\Ich\AppData\Roaming\Spotify
2013-07-16 15:25 - 2012-09-18 15:34 - 00000000 ____D C:\Users\Ich\AppData\Local\Spotify
2013-07-14 03:56 - 2013-07-14 03:54 - 00000000 ____D C:\Windows\system32\MRT
2013-07-12 18:18 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-11 12:08 - 2009-07-14 06:45 - 05042688 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-11 12:06 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-11 12:06 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-11 12:06 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-10 01:32 - 2013-07-10 01:32 - 00045880 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2013-07-07 14:54 - 2012-08-31 23:39 - 00000000 ____D C:\Program Files\Opera x64
2013-07-07 14:54 - 2012-08-31 23:39 - 00000000 ____D C:\Program Files (x86)\Opera x64
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-02 00:04
==================== End Of Log ============================
--- --- --- Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-07-2013 03 Ran by Ich at 2013-08-02 00:25:39 Running from E:\Users\Ich\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= 2013 (Version: 2013.0.3392) Adobe AIR (x32 Version: 1.5.3.9120) Adobe Community Help (x32 Version: 3.0.0) Adobe Community Help (x32 Version: 3.0.0.400) Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224) Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94) Adobe Media Player (x32 Version: 1.8) Adobe Photoshop CS5 (x32 Version: 12.0) Adobe Reader X (10.1.4) - Deutsch (x32 Version: 10.1.4) Apple Application Support (x32 Version: 2.3) Apple Software Update (x32 Version: 2.1.3.127) Autodesk DWG TrueView 2014 (Version: 19.1.18.0) AutoUpdate (x32 Version: 1.1) AVG 2013 (Version: 13.0.3209) AVG 2013 (Version: 13.0.3392) Canon IJ Network Scan Utility (x32) Canon IJ Network Tool (x32) Canon MP Navigator EX 1.1 (x32) Canon MX850 series Canon My Printer CPUID HWMonitor 1.19 DAEMON Tools Lite (x32 Version: 4.45.4.0314) DivX Codec (x32 Version: 6.6.1) doPDF 7.3 printer eLicenser Control (x32) FileZilla Client 3.7.0.2 (x32 Version: 3.7.0.2) Google SketchUp 8 (x32 Version: 3.0.14358) Hotkey 3.3007 (x32 Version: 3.3007) Intel PROSet Wireless Intel(R) Processor Graphics (x32 Version: 8.15.10.2622) Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 15.1.1.0170) Intel® PROSet/Wireless WiFi-Software (Version: 15.01.1500.1034) Java 7 Update 9 (64-bit) (Version: 7.0.90) JMicron Ethernet Adapter NDIS Driver (x32 Version: 6.0.33.3) JMicron Flash Media Controller Driver (x32 Version: 1.0.67.0) KeePass Password Safe 2.19 (x32) Macrium Reflect Free Edition (Version: 5.0.4995) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) Mass Effect (x32 Version: 1.00) Mein Büro (x32 Version: 13.0) Microsoft .NET Framework 4.5 (Version: 4.5.50709) Microsoft .NET Framework 4.5 DEU Language Pack (Version: 4.5.50709) Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014) Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Proof (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053) Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000) Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000) Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000) Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000) Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000) Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000) NVIDIA Grafiktreiber 314.07 (Version: 314.07) NVIDIA Install Application (Version: 2.1002.109.706) NVIDIA Optimus 1.12.12 (Version: 1.12.12) NVIDIA PhysX (x32 Version: 9.12.1031) NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031) NVIDIA Systemsteuerung 314.07 (Version: 314.07) NVIDIA Update 1.12.12 (Version: 1.12.12) NVIDIA Update Components (Version: 1.12.12) Opera 12.16 (Version: 12.16.1860) Pando Media Booster (x32 Version: 2.6.0.8) PDF Settings CS5 (x32 Version: 10.0) PDF24 Creator 5.3.0 (x32) Platform (x32 Version: 1.39) QuickTime (x32 Version: 7.73.80.64) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.32.0) RME Fireface USB (Version: 1.0.30.0) Skype™ 6.5 (x32 Version: 6.5.158) Spotify (HKCU Version: 0.9.1.57.ge7405149) StarCraft II (x32 Version: 2.0.7.25293) Steinberg Cubase 5 (x32 Version: 5.5.3) Steinberg Groove Agent ONE Content (x32 Version: 1.0.0.003) Steinberg Groove Agent ONE Vintage Beatboxes (x32 Version: 1.0.0.000) Steinberg HALionOne (x32 Version: 1.1.0.457) Steinberg HALionOne Expression Set (x32 Version: 1.0.1.0) Steinberg HALionOne GM Drum Set (x32 Version: 1.0.1.457) Steinberg HALionOne GM Set (x32 Version: 1.0.1.457) Steinberg HALionOne Pro Set (x32 Version: 1.0.1.457) Steinberg HALionOne Studio Drum Set (x32 Version: 1.0.1.457) Steinberg HALionOne Studio Set (x32 Version: 1.0.1.457) Steinberg LoopMash Content (x32 Version: 1.0.0.005) Steinberg REVerence Content 01 (x32 Version: 1.0.0.006) Synaptics Gesture Suite featuring SYNAPTICS | Scrybe (x32 Version: 1.6.5.17120) Synaptics Pointing Device Driver (Version: 15.2.20.0) TVCenter (Version: 6.4.5.933) US122 Driver 3.40 (Version: 3.40) VIA Plattform-Geräte-Manager (x32 Version: 1.39) Visual Studio 2008 x64 Redistributables (x32 Version: 10.0.0.2) Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1) VLC media player 2.0.3 (x32 Version: 2.0.3) ==================== Restore Points ========================= 27-07-2013 16:50:41 Installed League of Legends 27-07-2013 16:51:05 DirectX wurde installiert 28-07-2013 22:02:43 Removed League of Legends 28-07-2013 22:11:22 Steam wird entfernt ==================== Hosts content: ========================== 2009-07-14 04:34 - 2010-04-30 14:56 - 00001798 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 activate.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 ereg.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 wip3.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 adobe-dns.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com 127.0.0.1 ereg.wip3.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com 127.0.0.1 activate-sjc0.adobe.com 127.0.0.1 adobe.activate.com 127.0.0.1 adobeereg.com 127.0.0.1 www.adobeereg.com 127.0.0.1 wwis-dubc1-vip60.adobe.com 127.0.0.1 125.252.224.90 127.0.0.1 125.252.224.91 127.0.0.1 hl2rcv.adobe.com ==================== Scheduled Tasks (whitelisted) ============= Task: {76038F2C-C5DC-4B2F-887C-696B755DCDAC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-17] (Adobe Systems Incorporated) Task: {8C459877-1E7E-4C82-AFDA-2224D6FDE1D5} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation) Task: {96F5AFB9-330B-46F9-B6E4-4E68F7A367FC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {BFA1317D-F651-440C-835B-15A732DC38C5} - System32\Tasks\AdobeAAMUpdater-1.0-MartinsBrain-Ich => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated) Task: {CEC47F04-4319-4075-9B83-6A9E8CD7897A} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-16] () Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/01/2013 11:23:17 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c9db Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000002d562 ID des fehlerhaften Prozesses: 0xadc Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_SysMain0 Pfad der fehlerhaften Anwendung: svchost.exe_SysMain1 Pfad des fehlerhaften Moduls: svchost.exe_SysMain2 Berichtskennung: svchost.exe_SysMain3 Error: (08/01/2013 02:15:49 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c9db Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000002d562 ID des fehlerhaften Prozesses: 0xf98 Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_SysMain0 Pfad der fehlerhaften Anwendung: svchost.exe_SysMain1 Pfad des fehlerhaften Moduls: svchost.exe_SysMain2 Berichtskennung: svchost.exe_SysMain3 Error: (08/01/2013 02:10:07 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error: (08/01/2013 01:42:13 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c9db Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000002d562 ID des fehlerhaften Prozesses: 0xcec Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_SysMain0 Pfad der fehlerhaften Anwendung: svchost.exe_SysMain1 Pfad des fehlerhaften Moduls: svchost.exe_SysMain2 Berichtskennung: svchost.exe_SysMain3 Error: (08/01/2013 01:40:22 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c9db Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000002d562 ID des fehlerhaften Prozesses: 0x9e4 Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_SysMain0 Pfad der fehlerhaften Anwendung: svchost.exe_SysMain1 Pfad des fehlerhaften Moduls: svchost.exe_SysMain2 Berichtskennung: svchost.exe_SysMain3 Error: (08/01/2013 00:56:42 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c9db Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000002d562 ID des fehlerhaften Prozesses: 0xcd0 Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_SysMain0 Pfad der fehlerhaften Anwendung: svchost.exe_SysMain1 Pfad des fehlerhaften Moduls: svchost.exe_SysMain2 Berichtskennung: svchost.exe_SysMain3 Error: (08/01/2013 00:54:51 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c9db Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000002d562 ID des fehlerhaften Prozesses: 0xb28 Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_SysMain0 Pfad der fehlerhaften Anwendung: svchost.exe_SysMain1 Pfad des fehlerhaften Moduls: svchost.exe_SysMain2 Berichtskennung: svchost.exe_SysMain3 Error: (08/01/2013 11:03:53 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c9db Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000002d562 ID des fehlerhaften Prozesses: 0x9ec Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_SysMain0 Pfad der fehlerhaften Anwendung: svchost.exe_SysMain1 Pfad des fehlerhaften Moduls: svchost.exe_SysMain2 Berichtskennung: svchost.exe_SysMain3 Error: (08/01/2013 10:39:26 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c9db Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000002d562 ID des fehlerhaften Prozesses: 0x1370 Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_SysMain0 Pfad der fehlerhaften Anwendung: svchost.exe_SysMain1 Pfad des fehlerhaften Moduls: svchost.exe_SysMain2 Berichtskennung: svchost.exe_SysMain3 Error: (08/01/2013 10:37:34 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c9db Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000002d562 ID des fehlerhaften Prozesses: 0xa3c Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_SysMain0 Pfad der fehlerhaften Anwendung: svchost.exe_SysMain1 Pfad des fehlerhaften Moduls: svchost.exe_SysMain2 Berichtskennung: svchost.exe_SysMain3 System errors: ============= Error: (08/01/2013 11:24:09 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (08/01/2013 11:24:09 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (08/01/2013 11:23:17 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Superfetch" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error: (08/01/2013 11:21:13 PM) (Source: EventLog) (User: ) Description: Das System wurde zuvor am 01.08.2013 um 14:23:40 unerwartet heruntergefahren. Error: (08/01/2013 02:15:49 PM) (Source: Service Control Manager) (User: ) Description: Dienst "Superfetch" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert. Error: (08/01/2013 01:42:13 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Superfetch" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error: (08/01/2013 01:41:34 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (08/01/2013 01:41:34 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (08/01/2013 01:40:22 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Superfetch" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error: (08/01/2013 01:37:54 PM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: AFD AVGIDSDriver Avgldx64 Avgtdia DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf Microsoft Office Sessions: ========================= ==================== Memory info =========================== Percentage of memory in use: 39% Total physical RAM: 3764.32 MB Available physical RAM: 2281.34 MB Total Pagefile: 7526.83 MB Available Pagefile: 5646.03 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:97.66 GB) (Free:32.99 GB) NTFS (Disk=0 Partition=2) Drive e: (Daten) (Fixed) (Total:368 GB) (Free:254.47 GB) NTFS (Disk=0 Partition=3) Drive f: () (Removable) (Total:0.95 GB) (Free:0.94 GB) FAT32 (Disk=1 Partition=1) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 1F4416A8) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=98 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=368 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 980 MB) (Disk ID: 00000000) Partition 1: (Active) - (Size=973 MB) - (Type=0B) ==================== End Of Log ============================ |
|
01.08.2013, 20:48
| #8 |
| /// TB-Ausbilder | GVU Virus, abgesicherter Modus mit Eingabeaufforderung funktioniert nicht Hm, wir müssen nochmals in die Reperaturoptionen, um etwas zu überprüfen: Verschiebe die frst64.exe nochmals auf den USB-Stick und schliesse ihn an den infizierten Rechner an.
__________________ cheers, Leo |
|
01.08.2013, 21:07
| #9 |
| | GVU Virus, abgesicherter Modus mit Eingabeaufforderung funktioniert nichtCode:
ATTFilter Farbar Recovery Scan Tool (x64) Version: 30-07-2013 03
Ran by SYSTEM at 2013-08-02 01:05:48
Running from G:\
Boot Mode: Recovery
================== Search: "ae1lbxia.sys" ===================
====== End Of Search ======
|
|
01.08.2013, 21:08
| #10 |
| /// TB-Ausbilder | GVU Virus, abgesicherter Modus mit Eingabeaufforderung funktioniert nicht Hm, dann bitte im normalen Modus nochmals einen Scan machen: Starte noch einmal FRST.
__________________ cheers, Leo |
|
01.08.2013, 21:16
| #11 |
| | GVU Virus, abgesicherter Modus mit Eingabeaufforderung funktioniert nicht Hier das neue Frst: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-07-2013 03
Ran by Ich (administrator) on 02-08-2013 01:13:07
Running from E:\Users\Ich\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
() C:\Program Files\Macrium\Reflect\ReflectService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Synaptics, Inc.) C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(VIA Technologies, Inc.) C:\Windows\system32\viakaraokesrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\Hotkey\Hotkey.exe
(Synaptics Incorporated) C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2735400 2011-03-31] (Synaptics Incorporated)
HKLM\...\InprocServer32: [Default-cscui] <==== ATTENTION!
MountPoints2: {e35176a0-0192-11e2-87e2-806e6f6e6963} - H:\SETUP.EXE
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [KeePass 2 PreLoad] - C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [1895424 2012-05-01] (Dominik Reichl)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440 2013-07-01] (AVG Technologies CZ, s.r.o.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [250504 2013-02-10] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [205184 2013-02-10] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk
ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\Hotkey.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nach Updates suchen.lnk
ShortcutTarget: Nach Updates suchen.lnk -> C:\Program Files (x86)\Common Files\PCTV Systems\WebUpdater\WebUpdater.exe (PCTV Systems)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scrybe.lnk
ShortcutTarget: Scrybe.lnk -> C:\Windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe (Acresso Software Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2210608 2006-10-27] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
==================== Services (Whitelisted) =================
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-04-17] ()
R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [32256 2010-09-03] ()
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [301760 2012-08-21] ()
R2 ScrybeUpdater; C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [1300264 2011-05-27] (Synaptics, Inc.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-03-23] (VIA Technologies, Inc.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2671376 2012-04-17] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-07-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R3 azvusb; C:\Windows\System32\DRIVERS\azvusb.sys [54784 2009-08-24] (AzureWave Technologies, Inc.)
R2 cpuz135; C:\Windows\system32\drivers\cpuz135_x64.sys [21992 2011-09-21] (CPUID)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-09-01] (DT Soft Ltd)
S3 firefaceu64; C:\Windows\System32\drivers\fireface_usb_64.sys [100736 2013-02-19] (RME)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [1077840 2010-11-19] (DiBcom SA)
S3 MODRC; C:\Windows\System32\DRIVERS\modrc.sys [24272 2010-11-19] (DiBcom S.A.)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw00.sys [11471872 2012-03-12] (Intel Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-09-18] (Duplex Secure Ltd.)
S3 SynUSB64; C:\Windows\System32\DRIVERS\SynUSB64.sys [30352 2009-06-26] (Steinberg Media Technologies GmbH)
U3 ayeb0osm; C:\Windows\System32\Drivers\ayeb0osm.sys [0 ] (Advanced Micro Devices)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-02 01:12 - 2013-08-02 01:12 - 00000000 ____D E:\Users\Ich\Desktop\old
2013-08-02 00:24 - 2013-07-30 08:17 - 01781589 _____ (Farbar) E:\Users\Ich\Desktop\FRST64.exe
2013-08-01 21:09 - 2013-08-01 21:09 - 00000000 ____D C:\FRST
2013-07-27 18:51 - 2013-07-29 00:03 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-07-27 18:49 - 2013-07-27 18:51 - 00000000 ____D C:\Users\Ich\AppData\Roaming\Riot Games
2013-07-24 15:14 - 2013-07-24 15:14 - 00000000 ____D C:\Users\Ich\AppData\Roaming\AVG2013
2013-07-24 15:11 - 2013-07-31 12:49 - 00000981 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-07-24 15:11 - 2013-07-24 15:11 - 00000000 ____D C:\Users\Ich\AppData\Roaming\TuneUp Software
2013-07-24 15:10 - 2013-07-24 15:13 - 00000000 ____D C:\ProgramData\AVG2013
2013-07-20 01:51 - 2013-07-20 01:51 - 00311608 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00246072 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00206648 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00071480 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2013-07-14 03:54 - 2013-07-14 03:56 - 00000000 ____D C:\Windows\system32\MRT
2013-07-11 02:04 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-11 02:04 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-11 02:04 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-11 02:04 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-11 02:04 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-11 02:04 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-11 02:04 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-11 02:04 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-11 02:04 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-11 02:04 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-11 02:04 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-11 02:04 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-11 02:04 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-11 02:04 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 02:04 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 02:04 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-11 02:04 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 02:04 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 02:04 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 02:04 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 02:04 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 02:04 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 02:04 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 02:04 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-11 02:04 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-11 02:04 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 02:04 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-11 02:04 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-11 02:04 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-11 02:04 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 02:04 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 13:14 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 13:14 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 13:14 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 13:14 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 13:13 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 13:13 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 13:13 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-10 01:32 - 2013-07-10 01:32 - 00045880 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
==================== One Month Modified Files and Folders =======
2013-08-02 01:12 - 2013-08-02 01:12 - 00000000 ____D E:\Users\Ich\Desktop\old
2013-08-02 01:11 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-02 01:11 - 2009-07-14 06:51 - 00075078 _____ C:\Windows\setupact.log
2013-08-02 00:55 - 2012-08-31 20:58 - 01841326 _____ C:\Windows\WindowsUpdate.log
2013-08-02 00:34 - 2012-09-07 12:45 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-02 00:25 - 2009-07-14 19:58 - 00713538 _____ C:\Windows\system32\perfh007.dat
2013-08-02 00:25 - 2009-07-14 19:58 - 00153590 _____ C:\Windows\system32\perfc007.dat
2013-08-02 00:25 - 2009-07-14 07:13 - 01646580 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-01 23:29 - 2009-07-14 06:45 - 00014928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-01 23:29 - 2009-07-14 06:45 - 00014928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-01 23:25 - 2012-08-31 23:47 - 00000000 ____D C:\ProgramData\MFAData
2013-08-01 21:09 - 2013-08-01 21:09 - 00000000 ____D C:\FRST
2013-07-31 21:29 - 2012-09-18 15:29 - 00000000 ____D E:\Users\Ich\Documents\Texte
2013-07-31 20:12 - 2012-09-12 12:41 - 00000000 ____D E:\Users\Ich\Documents\Reflect
2013-07-31 12:49 - 2013-07-24 15:11 - 00000981 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-07-31 12:48 - 2012-08-31 23:52 - 00000000 ___HD C:\$AVG
2013-07-30 08:17 - 2013-08-02 00:24 - 01781589 _____ (Farbar) E:\Users\Ich\Desktop\FRST64.exe
2013-07-29 00:13 - 2012-08-31 20:58 - 00000000 ____D C:\Users\Ich
2013-07-29 00:03 - 2013-07-27 18:51 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-07-29 00:00 - 2012-09-01 22:55 - 00000000 ____D C:\Users\Ich\AppData\Local\PMB Files
2013-07-29 00:00 - 2012-09-01 22:55 - 00000000 ____D C:\ProgramData\PMB Files
2013-07-27 20:26 - 2013-06-01 20:00 - 00000349 _____ C:\Users\Public\Documents\PCLECHAL.INI
2013-07-27 18:51 - 2013-07-27 18:49 - 00000000 ____D C:\Users\Ich\AppData\Roaming\Riot Games
2013-07-24 18:12 - 2013-04-03 18:49 - 00000000 ____D C:\Users\Ich\AppData\Local\Avg2013
2013-07-24 15:27 - 2012-09-02 03:17 - 00030116 _____ C:\Windows\PFRO.log
2013-07-24 15:26 - 2012-08-31 23:51 - 00000000 ____D C:\Program Files (x86)\AVG
2013-07-24 15:14 - 2013-07-24 15:14 - 00000000 ____D C:\Users\Ich\AppData\Roaming\AVG2013
2013-07-24 15:13 - 2013-07-24 15:10 - 00000000 ____D C:\ProgramData\AVG2013
2013-07-24 15:11 - 2013-07-24 15:11 - 00000000 ____D C:\Users\Ich\AppData\Roaming\TuneUp Software
2013-07-21 05:20 - 2012-09-01 00:30 - 00000000 ____D C:\Users\Ich\AppData\Roaming\KeePass
2013-07-20 01:51 - 2013-07-20 01:51 - 00311608 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00246072 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00206648 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00071480 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2013-07-18 14:51 - 2012-09-18 15:30 - 00000000 ____D E:\Users\Ich\Documents\Work
2013-07-17 14:07 - 2012-09-18 16:35 - 00000000 ____D C:\Users\Ich\AppData\Local\Adobe
2013-07-17 14:07 - 2012-09-07 12:45 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-17 14:07 - 2012-09-01 02:45 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-17 14:07 - 2012-09-01 02:45 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-16 17:00 - 2012-09-18 15:33 - 00000000 ____D C:\Users\Ich\AppData\Roaming\Spotify
2013-07-16 15:25 - 2012-09-18 15:34 - 00000000 ____D C:\Users\Ich\AppData\Local\Spotify
2013-07-14 03:56 - 2013-07-14 03:54 - 00000000 ____D C:\Windows\system32\MRT
2013-07-12 18:18 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-11 12:08 - 2009-07-14 06:45 - 05042688 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-11 12:06 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-11 12:06 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-11 12:06 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-10 01:32 - 2013-07-10 01:32 - 00045880 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2013-07-07 14:54 - 2012-08-31 23:39 - 00000000 ____D C:\Program Files\Opera x64
2013-07-07 14:54 - 2012-08-31 23:39 - 00000000 ____D C:\Program Files (x86)\Opera x64
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-02 00:04
==================== End Of Log ============================
--- --- --- --- --- --- The last line of drivers with the former ae1lbxia.sys has changed to sth completely different(ayeb0osm.sys)? So the search couldnt find it. Is that what is wrong? Geändert von notagain (01.08.2013 um 21:24 Uhr) Grund: Hab noch ne Frage angehängt |
|
01.08.2013, 21:28
| #12 | |
| /// TB-Ausbilder | GVU Virus, abgesicherter Modus mit Eingabeaufforderung funktioniert nicht edit: Zitat:
Da ist was faul. Wir müssen nochmals in die Reperaturoptionen. Belasse danach den infizierten Rechner wenn möglich noch in diesen Reperaturoptionen (bis wir den nächsten Schritt gemacht haben) und starte ihn noch nicht nach Windows. Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter CMD: dir /a "C:\Windows\System32\Drivers\*.sys"
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.
__________________ cheers, Leo |
|
01.08.2013, 21:42
| #13 |
| | GVU Virus, abgesicherter Modus mit Eingabeaufforderung funktioniert nicht Yo leo, hier das fixlog. Sry für den englischen Satz oben, arbeite gerade parallel am anderen Computer auf Englisch und bin durcheinandergekommen. Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-07-2013 03
Ran by SYSTEM at 2013-08-02 01:38:34 Run:2
Running from G:\
Boot Mode: Recovery
==============================================
========= dir /a "C:\Windows\System32\Drivers\*.sys" =========
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 38B8-3F0E
Verzeichnis von C:\Windows\System32\Drivers
14.07.2009 01:06 68.096 1394bus.sys
20.11.2010 11:44 229.888 1394ohci.sys
20.11.2010 14:32 334.208 acpi.sys
20.11.2010 10:30 12.800 acpipmi.sys
14.07.2009 02:52 491.088 adp94xx.sys
14.07.2009 02:52 339.536 adpahci.sys
14.07.2009 02:52 182.864 adpu320.sys
28.12.2011 04:59 498.688 afd.sys
14.07.2009 01:10 60.416 agilevpn.sys
14.07.2009 02:52 61.008 AGP440.sys
14.07.2009 02:52 15.440 aliide.sys
14.07.2009 02:52 15.440 amdide.sys
14.07.2009 00:19 64.512 amdk8.sys
14.07.2009 00:19 60.928 amdppm.sys
20.11.2010 14:32 107.904 amdsata.sys
14.07.2009 02:52 194.128 amdsbs.sys
20.11.2010 14:32 27.008 amdxata.sys
01.03.2012 09:55 195.584 AmpPal.sys
20.11.2010 11:14 61.440 appid.sys
14.07.2009 02:52 87.632 arc.sys
14.07.2009 02:52 97.856 arcsas.sys
14.07.2009 01:10 23.040 asyncmac.sys
14.07.2009 02:52 24.128 atapi.sys
20.11.2010 14:32 155.520 ataport.sys
20.07.2013 00:50 246.072 avgidsdrivera.sys
20.07.2013 00:50 71.480 avgidsha.sys
20.07.2013 00:50 206.648 avgldx64.sys
20.07.2013 00:51 311.608 avgloga.sys
01.07.2013 00:45 116.536 avgmfx64.sys
10.07.2013 00:32 45.880 avgrkx64.sys
21.03.2013 02:08 240.952 avgtdia.sys
24.08.2009 09:14 54.784 azvusb.sys
10.06.2009 21:34 270.848 b57nd60a.sys
14.07.2009 02:52 28.240 battc.sys
14.07.2009 01:06 16.000 BdaSup.sys
14.07.2009 01:00 6.656 beep.sys
14.07.2009 00:35 45.056 blbdrive.sys
23.02.2011 05:55 90.624 bowser.sys
10.06.2009 21:41 18.432 BrFiltLo.sys
10.06.2009 21:41 8.704 BrFiltUp.sys
14.07.2009 02:01 95.232 bridge.sys
14.07.2009 02:19 286.720 BrSerId.sys
10.06.2009 21:41 47.104 BrSerWdm.sys
10.06.2009 21:41 14.976 BrUsbMdm.sys
10.06.2009 21:41 14.720 BrUsbSer.sys
14.07.2009 01:06 72.192 bthmodem.sys
10.06.2009 21:34 468.480 bxvbda.sys
14.07.2009 00:19 92.160 cdfs.sys
20.11.2010 10:19 147.456 cdrom.sys
14.07.2009 01:06 45.568 circlass.sys
20.11.2010 14:32 179.072 Classpnp.sys
14.07.2009 00:31 17.664 CmBatt.sys
14.07.2009 02:52 17.488 cmdide.sys
02.06.2012 06:50 458.704 cng.sys
14.07.2009 02:52 21.584 compbatt.sys
20.11.2010 11:33 38.912 CompositeBus.sys
21.09.2011 09:25 21.992 cpuz135_x64.sys
14.07.2009 02:47 39.504 crashdmp.sys
14.07.2009 02:47 24.144 crcdisk.sys
20.11.2010 10:26 102.400 dfsc.sys
14.07.2009 00:37 40.448 discache.sys
14.07.2009 02:47 73.280 disk.sys
22.04.2011 23:15 27.520 Diskdump.sys
14.07.2009 02:01 116.224 drmk.sys
14.07.2009 01:06 5.632 drmkaud.sys
01.09.2012 18:13 283.200 dtsoftbus01.sys
14.07.2009 02:47 28.736 Dumpata.sys
14.07.2009 02:43 55.128 dumpfve.sys
14.07.2009 00:38 16.896 dxapi.sys
14.07.2009 00:38 98.816 dxg.sys
10.04.2013 07:01 983.400 dxgkrnl.sys
10.04.2013 07:01 265.064 dxgmms1.sys
14.07.2009 02:47 530.496 elxstor.sys
14.07.2009 00:31 9.728 errdev.sys
10.06.2009 21:34 3.286.016 evbda.sys
14.07.2009 00:23 195.072 exfat.sys
14.07.2009 00:23 204.800 fastfat.sys
14.07.2009 01:00 29.696 fdc.sys
14.07.2009 02:47 70.224 fileinfo.sys
14.07.2009 00:25 34.304 filetrace.sys
19.02.2013 12:14 82.944 fireface_usb.sys
19.02.2013 12:23 100.736 fireface_usb_64.sys
14.07.2009 01:00 24.576 flpydisk.sys
20.11.2010 14:33 289.664 fltMgr.sys
14.07.2009 02:47 55.376 fsdepends.sys
01.03.2012 07:46 23.408 fs_rec.sys
20.11.2010 14:28 223.248 fvevol.sys
03.01.2013 07:00 288.088 FWPKCLNT.SYS
14.07.2009 02:47 65.088 GAGP30KX.SYS
10.06.2009 21:31 31.232 hcw85cir.sys
20.11.2010 11:43 122.368 hdaudbus.sys
20.11.2010 11:44 350.208 HdAudio.sys
17.09.2009 18:54 56.344 HECIx64.sys
14.07.2009 00:31 26.624 hidbatt.sys
14.07.2009 01:06 100.864 hidbth.sys
20.11.2010 11:43 76.800 hidclass.sys
14.07.2009 01:06 46.592 hidir.sys
14.07.2009 01:06 32.896 hidparse.sys
20.11.2010 11:43 30.208 hidusb.sys
20.11.2010 14:33 78.720 HpSAMD.sys
20.11.2010 10:25 753.664 http.sys
20.11.2010 14:33 14.720 hwpolicy.sys
14.07.2009 00:19 105.472 i8042prt.sys
20.11.2010 14:33 410.496 iaStorV.sys
10.01.2012 13:28 12.311.904 igdkmd64.sys
14.07.2009 02:48 44.112 iirsp.sys
26.02.2010 22:32 158.976 Impcd.sys
23.08.2011 04:12 317.440 IntcDAud.sys
14.07.2009 02:48 16.960 intelide.sys
14.07.2009 00:19 62.464 intelppm.sys
20.11.2010 11:52 82.944 ipfltdrv.sys
20.11.2010 11:04 78.848 IPMIDrv.sys
14.07.2009 01:10 116.224 ipnat.sys
14.07.2009 01:09 120.320 irda.sys
14.07.2009 01:08 17.920 irenum.sys
14.07.2009 02:48 20.544 isapnp.sys
31.01.2012 16:37 173.656 jmcr.sys
17.11.2011 16:11 145.424 JME.sys
14.07.2009 02:48 50.768 kbdclass.sys
20.11.2010 11:33 33.280 kbdhid.sys
20.11.2010 11:33 243.712 ks.sys
02.06.2012 06:48 95.600 ksecdd.sys
02.06.2012 06:48 151.920 ksecpkg.sys
14.07.2009 01:00 20.992 ksthunk.sys
14.07.2009 01:08 60.928 lltdio.sys
14.07.2009 02:48 114.752 lsi_fc.sys
14.07.2009 02:48 106.560 lsi_sas.sys
14.07.2009 02:48 65.600 lsi_sas2.sys
14.07.2009 02:48 115.776 lsi_scsi.sys
14.07.2009 00:26 113.152 luafv.sys
04.04.2013 13:50 25.928 mbam.sys
14.07.2009 01:01 22.016 mcd.sys
14.07.2009 02:48 35.392 megasas.sys
14.07.2009 02:48 284.736 MegaSR.sys
19.11.2010 10:23 1.077.840 mod7700.sys
14.07.2009 01:10 40.448 modem.sys
19.11.2010 10:23 24.272 modrc.sys
14.07.2009 00:38 30.208 monitor.sys
14.07.2009 02:48 49.216 mouclass.sys
14.07.2009 01:00 31.232 mouhid.sys
20.11.2010 14:33 94.592 mountmgr.sys
20.11.2010 14:33 155.008 mpio.sys
14.07.2009 01:08 77.312 mpsdrv.sys
20.11.2010 10:26 140.800 mrxdav.sys
27.04.2011 03:40 158.208 mrxsmb.sys
09.07.2011 03:46 288.768 mrxsmb10.sys
27.04.2011 03:39 128.000 mrxsmb20.sys
20.11.2010 14:33 31.104 msahci.sys
20.11.2010 14:33 140.672 msdsm.sys
14.07.2009 00:19 26.112 msfs.sys
14.07.2009 01:06 8.192 mshidkmdf.sys
14.07.2009 02:48 15.424 msisadrv.sys
20.11.2010 14:33 273.792 msiscsi.sys
14.07.2009 01:00 11.136 mskssrv.sys
14.07.2009 01:00 7.168 mspclock.sys
14.07.2009 01:00 6.784 mspqm.sys
20.11.2010 14:33 366.976 msrpc.sys
14.07.2009 02:48 32.320 mssmbios.sys
14.07.2009 01:00 8.064 mstee.sys
14.07.2009 01:02 15.360 MTConfig.sys
14.07.2009 02:48 60.496 mup.sys
20.11.2010 14:33 951.680 ndis.sys
14.07.2009 01:08 35.328 ndiscap.sys
14.07.2009 01:10 24.064 ndistapi.sys
20.11.2010 11:50 56.832 ndisuio.sys
20.11.2010 11:52 164.352 ndiswan.sys
20.11.2010 11:52 57.856 ndproxy.sys
14.07.2009 01:09 44.544 netbios.sys
20.11.2010 10:23 261.632 netbt.sys
22.08.2012 19:12 376.688 netio.sys
12.03.2012 13:06 11.471.872 Netwsw00.sys
14.07.2009 02:48 51.264 nfrd960.sys
14.07.2009 00:19 44.032 npfs.sys
14.07.2009 00:21 24.576 nsiproxy.sys
12.04.2013 15:45 1.656.680 ntfs.sys
14.07.2009 00:19 6.144 null.sys
15.03.2012 08:17 97.280 nusb3hub.sys
15.03.2012 08:17 217.088 nusb3xhc.sys
10.02.2013 04:25 11.040.544 nvlddmkm.sys
10.02.2013 04:25 30.496 nvpciflt.sys
20.11.2010 14:33 148.352 nvraid.sys
20.11.2010 14:33 166.272 nvstor.sys
14.07.2009 02:48 122.960 NV_AGP.SYS
14.07.2009 01:07 318.976 nwifi.sys
14.07.2009 01:06 72.832 ohci1394.sys
20.11.2010 11:52 131.584 pacer.sys
14.07.2009 01:00 97.280 parport.sys
17.03.2012 08:58 75.120 partmgr.sys
20.11.2010 14:33 184.704 pci.sys
14.07.2009 02:45 12.352 pciide.sys
14.07.2009 02:45 48.720 pciidex.sys
14.07.2009 02:45 220.752 pcmcia.sys
14.07.2009 02:45 50.768 pcw.sys
14.07.2009 02:01 651.264 PEAuth.sys
14.07.2009 01:06 230.400 portcls.sys
14.07.2009 00:19 60.416 processr.sys
21.08.2012 04:15 57.536 psmounter.sys
21.08.2012 04:16 13.504 PSVolAcc.sys
14.07.2009 02:45 1.524.816 ql2300.sys
14.07.2009 02:45 128.592 ql40xx.sys
14.07.2009 01:09 46.592 qwavedrv.sys
14.07.2009 01:10 14.848 rasacd.sys
20.11.2010 11:52 129.536 rasl2tp.sys
14.07.2009 01:10 92.672 raspppoe.sys
20.11.2010 11:52 111.104 raspptp.sys
14.07.2009 01:10 83.968 rassstp.sys
20.11.2010 10:27 309.248 rdbss.sys
14.07.2009 01:17 24.064 rdpbus.sys
14.07.2009 01:16 7.680 RDPCDD.sys
14.07.2009 01:16 7.680 RDPENCDD.sys
14.07.2009 01:16 8.192 RDPREFMP.sys
28.04.2012 04:55 210.944 rdpwd.sys
20.11.2010 14:33 213.888 rdyboost.sys
20.11.2010 11:49 146.432 rmcast.sys
14.07.2009 01:09 41.472 RNDISMP.sys
14.07.2009 01:10 11.264 rootmdm.sys
14.07.2009 01:08 76.800 rspndr.sys
20.11.2010 14:33 103.808 sbp2port.sys
20.11.2010 11:09 29.696 scfilter.sys
20.11.2010 14:33 171.392 scsiport.sys
20.11.2010 10:37 109.056 sdbus.sys
10.06.2009 21:37 23.040 secdrv.sys
14.07.2009 01:00 23.552 serenum.sys
14.07.2009 01:00 94.208 serial.sys
14.07.2009 01:00 26.624 sermouse.sys
14.07.2009 01:35 12.288 serscan.sys
14.07.2009 01:01 14.336 sffdisk.sys
14.07.2009 01:01 13.824 sffp_mmc.sys
20.11.2010 11:34 14.336 sffp_sd.sys
14.07.2009 01:01 16.896 sfloppy.sys
14.07.2009 02:45 43.584 sisraid2.sys
14.07.2009 02:45 80.464 sisraid4.sys
14.07.2009 01:09 93.184 smb.sys
14.07.2009 01:00 20.992 smclib.sys
14.07.2009 02:45 19.008 spldr.sys
10.06.2009 21:48 426.496 spsys.sys
18.09.2012 14:14 560.184 sptd.sys
29.04.2011 04:06 467.456 srv.sys
29.04.2011 04:05 410.112 srv2.sys
29.04.2011 04:05 168.448 srvnet.sys
14.07.2009 02:45 24.656 stexstor.sys
20.11.2010 14:33 189.824 storport.sys
14.07.2009 01:06 68.864 stream.sys
14.07.2009 02:45 12.496 swenum.sys
31.03.2011 18:32 1.424.944 SynTP.sys
26.06.2009 14:36 30.352 synusb64.sys
14.07.2009 01:01 29.184 tape.sys
08.05.2013 07:39 1.910.632 tcpip.sys
20.11.2010 11:51 45.056 tcpipreg.sys
20.11.2010 10:22 26.624 tdi.sys
14.07.2009 01:16 15.872 tdpipe.sys
17.02.2012 05:57 23.552 tdtcp.sys
20.11.2010 10:21 119.296 tdx.sys
20.11.2010 14:33 63.360 termdd.sys
20.11.2010 12:04 39.424 tssecsrv.sys
20.11.2010 12:07 59.392 TsUsbFlt.sys
20.11.2010 11:51 125.440 tunnel.sys
14.07.2009 02:45 64.080 UAGP35.SYS
20.11.2010 10:26 328.192 udfs.sys
14.07.2009 02:45 64.592 ULIAGPKX.SYS
20.11.2010 11:44 48.640 umbus.sys
14.07.2009 01:06 9.728 umpass.sys
12.02.2013 05:12 19.968 usb8023.sys
20.11.2010 11:43 109.696 USBAUDIO.sys
20.11.2010 11:44 32.896 USBCAMD2.sys
20.11.2010 11:44 98.816 usbccgp.sys
14.07.2009 01:06 100.352 usbcir.sys
14.07.2009 01:06 7.936 usbd.sys
20.11.2010 11:43 52.224 usbehci.sys
20.11.2010 11:44 343.040 usbhub.sys
14.07.2009 01:06 25.600 usbohci.sys
20.11.2010 11:44 325.120 usbport.sys
14.07.2009 01:38 25.088 usbprint.sys
20.11.2010 12:37 31.744 usbrpm.sys
20.11.2010 11:44 91.648 USBSTOR.SYS
14.07.2009 01:06 30.720 usbuhci.sys
20.11.2010 11:44 184.960 usbvideo.sys
14.07.2009 02:45 36.432 vdrvroot.sys
14.07.2009 00:38 29.184 vga.sys
14.07.2009 00:38 29.184 vgapnp.sys
20.11.2010 14:34 215.936 vhdmp.sys
23.03.2012 14:07 2.193.008 viahduaa.sys
14.07.2009 02:45 17.488 viaide.sys
14.07.2009 00:38 129.024 videoprt.sys
20.11.2010 14:34 71.552 volmgr.sys
20.11.2010 14:34 363.392 volmgrx.sys
20.11.2010 14:34 295.808 volsnap.sys
14.07.2009 02:45 161.872 vsmraid.sys
14.07.2009 01:07 24.576 vwifibus.sys
14.07.2009 01:07 59.904 vwififlt.sys
14.07.2009 01:07 17.920 vwifimp.sys
14.07.2009 01:02 27.776 wacompen.sys
20.11.2010 11:52 88.576 wanarp.sys
14.07.2009 00:37 42.496 watchdog.sys
14.07.2009 02:45 21.056 wd.sys
14.07.2009 02:45 654.928 Wdf01000.sys
14.07.2009 02:45 42.064 WdfLdr.sys
14.07.2009 01:09 12.800 wfplwf.sys
14.07.2009 02:45 22.096 wimmount.sys
20.11.2010 11:43 41.984 winusb.sys
14.07.2009 00:31 14.336 wmiacpi.sys
14.07.2009 02:45 16.464 wmilib.sys
14.07.2009 01:10 21.504 ws2ifsl.sys
20.11.2010 11:42 112.128 WUDFPf.sys
20.11.2010 11:43 172.544 WUDFRd.sys
305 Datei(en), 82.196.672 Bytes
0 Verzeichnis(se), 35.457.568.768 Bytes frei
========= End of CMD: =========
==== End of Fixlog ====
|
|
01.08.2013, 22:00
| #14 |
| /// TB-Ausbilder | GVU Virus, abgesicherter Modus mit Eingabeaufforderung funktioniert nicht Hm, seh ich da nichts.. Bitte trotzdem wieder in den normalen Modus von Windows starten und einen neuen Scan machen. Entschuldige das hin und her. Irgendwas passt da nicht und ich bin grad dabei, dem nachzugehen. (Wenn du es nicht erwähnt hättest, wäre mir gar nicht aufgefallen, dass der Satz englisch war.  )Starte noch einmal FRST.
__________________ cheers, Leo |
|
01.08.2013, 22:11
| #15 | |
| | GVU Virus, abgesicherter Modus mit Eingabeaufforderung funktioniert nichtZitat:
Und hör auf dich für das hin und her zu entschuldigen, du tust hier was für mich!  Also Danke!!!zum File: Jetzt ist es a4u8rxoc.sys  FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-07-2013 03
Ran by Ich (administrator) on 02-08-2013 02:05:32
Running from E:\Users\Ich\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
() C:\Program Files\Macrium\Reflect\ReflectService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Synaptics, Inc.) C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(VIA Technologies, Inc.) C:\Windows\system32\viakaraokesrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\Hotkey\Hotkey.exe
(Synaptics Incorporated) C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2735400 2011-03-31] (Synaptics Incorporated)
HKLM\...\InprocServer32: [Default-cscui] <==== ATTENTION!
MountPoints2: {e35176a0-0192-11e2-87e2-806e6f6e6963} - H:\SETUP.EXE
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [KeePass 2 PreLoad] - C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [1895424 2012-05-01] (Dominik Reichl)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440 2013-07-01] (AVG Technologies CZ, s.r.o.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [250504 2013-02-10] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [205184 2013-02-10] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk
ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\Hotkey.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nach Updates suchen.lnk
ShortcutTarget: Nach Updates suchen.lnk -> C:\Program Files (x86)\Common Files\PCTV Systems\WebUpdater\WebUpdater.exe (PCTV Systems)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scrybe.lnk
ShortcutTarget: Scrybe.lnk -> C:\Windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe (Acresso Software Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2210608 2006-10-27] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
==================== Services (Whitelisted) =================
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-04-17] ()
R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [32256 2010-09-03] ()
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [301760 2012-08-21] ()
R2 ScrybeUpdater; C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [1300264 2011-05-27] (Synaptics, Inc.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-03-23] (VIA Technologies, Inc.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2671376 2012-04-17] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-07-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R3 azvusb; C:\Windows\System32\DRIVERS\azvusb.sys [54784 2009-08-24] (AzureWave Technologies, Inc.)
R2 cpuz135; C:\Windows\system32\drivers\cpuz135_x64.sys [21992 2011-09-21] (CPUID)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-09-01] (DT Soft Ltd)
S3 firefaceu64; C:\Windows\System32\drivers\fireface_usb_64.sys [100736 2013-02-19] (RME)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [1077840 2010-11-19] (DiBcom SA)
S3 MODRC; C:\Windows\System32\DRIVERS\modrc.sys [24272 2010-11-19] (DiBcom S.A.)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw00.sys [11471872 2012-03-12] (Intel Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-09-18] (Duplex Secure Ltd.)
S3 SynUSB64; C:\Windows\System32\DRIVERS\SynUSB64.sys [30352 2009-06-26] (Steinberg Media Technologies GmbH)
U3 a4u8rxoc; C:\Windows\System32\Drivers\a4u8rxoc.sys [0 ] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-02 01:12 - 2013-08-02 01:12 - 00000000 ____D E:\Users\Ich\Desktop\old
2013-08-02 00:24 - 2013-07-30 08:17 - 01781589 _____ (Farbar) E:\Users\Ich\Desktop\FRST64.exe
2013-08-01 21:09 - 2013-08-01 21:09 - 00000000 ____D C:\FRST
2013-07-27 18:51 - 2013-07-29 00:03 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-07-27 18:49 - 2013-07-27 18:51 - 00000000 ____D C:\Users\Ich\AppData\Roaming\Riot Games
2013-07-24 15:14 - 2013-07-24 15:14 - 00000000 ____D C:\Users\Ich\AppData\Roaming\AVG2013
2013-07-24 15:11 - 2013-07-31 12:49 - 00000981 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-07-24 15:11 - 2013-07-24 15:11 - 00000000 ____D C:\Users\Ich\AppData\Roaming\TuneUp Software
2013-07-24 15:10 - 2013-07-24 15:13 - 00000000 ____D C:\ProgramData\AVG2013
2013-07-20 01:51 - 2013-07-20 01:51 - 00311608 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00246072 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00206648 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00071480 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2013-07-14 03:54 - 2013-07-14 03:56 - 00000000 ____D C:\Windows\system32\MRT
2013-07-11 02:04 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-11 02:04 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-11 02:04 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-11 02:04 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-11 02:04 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-11 02:04 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-11 02:04 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-11 02:04 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-11 02:04 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-11 02:04 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-11 02:04 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-11 02:04 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-11 02:04 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-11 02:04 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 02:04 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 02:04 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-11 02:04 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 02:04 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 02:04 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 02:04 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 02:04 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 02:04 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 02:04 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 02:04 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-11 02:04 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-11 02:04 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 02:04 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-11 02:04 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-11 02:04 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-11 02:04 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 02:04 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 13:14 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 13:14 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 13:14 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 13:14 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 13:13 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 13:13 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 13:13 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-10 01:32 - 2013-07-10 01:32 - 00045880 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
==================== One Month Modified Files and Folders =======
2013-08-02 02:04 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-02 02:04 - 2009-07-14 06:51 - 00075134 _____ C:\Windows\setupact.log
2013-08-02 01:32 - 2012-08-31 20:58 - 01844977 _____ C:\Windows\WindowsUpdate.log
2013-08-02 01:18 - 2009-07-14 06:45 - 00014928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-02 01:18 - 2009-07-14 06:45 - 00014928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-02 01:12 - 2013-08-02 01:12 - 00000000 ____D E:\Users\Ich\Desktop\old
2013-08-02 00:34 - 2012-09-07 12:45 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-02 00:25 - 2009-07-14 19:58 - 00713538 _____ C:\Windows\system32\perfh007.dat
2013-08-02 00:25 - 2009-07-14 19:58 - 00153590 _____ C:\Windows\system32\perfc007.dat
2013-08-02 00:25 - 2009-07-14 07:13 - 01646580 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-01 23:25 - 2012-08-31 23:47 - 00000000 ____D C:\ProgramData\MFAData
2013-08-01 21:09 - 2013-08-01 21:09 - 00000000 ____D C:\FRST
2013-07-31 21:29 - 2012-09-18 15:29 - 00000000 ____D E:\Users\Ich\Documents\Texte
2013-07-31 20:12 - 2012-09-12 12:41 - 00000000 ____D E:\Users\Ich\Documents\Reflect
2013-07-31 12:49 - 2013-07-24 15:11 - 00000981 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-07-31 12:48 - 2012-08-31 23:52 - 00000000 ___HD C:\$AVG
2013-07-30 08:17 - 2013-08-02 00:24 - 01781589 _____ (Farbar) E:\Users\Ich\Desktop\FRST64.exe
2013-07-29 00:13 - 2012-08-31 20:58 - 00000000 ____D C:\Users\Ich
2013-07-29 00:03 - 2013-07-27 18:51 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-07-29 00:00 - 2012-09-01 22:55 - 00000000 ____D C:\Users\Ich\AppData\Local\PMB Files
2013-07-29 00:00 - 2012-09-01 22:55 - 00000000 ____D C:\ProgramData\PMB Files
2013-07-27 20:26 - 2013-06-01 20:00 - 00000349 _____ C:\Users\Public\Documents\PCLECHAL.INI
2013-07-27 18:51 - 2013-07-27 18:49 - 00000000 ____D C:\Users\Ich\AppData\Roaming\Riot Games
2013-07-24 18:12 - 2013-04-03 18:49 - 00000000 ____D C:\Users\Ich\AppData\Local\Avg2013
2013-07-24 15:27 - 2012-09-02 03:17 - 00030116 _____ C:\Windows\PFRO.log
2013-07-24 15:26 - 2012-08-31 23:51 - 00000000 ____D C:\Program Files (x86)\AVG
2013-07-24 15:14 - 2013-07-24 15:14 - 00000000 ____D C:\Users\Ich\AppData\Roaming\AVG2013
2013-07-24 15:13 - 2013-07-24 15:10 - 00000000 ____D C:\ProgramData\AVG2013
2013-07-24 15:11 - 2013-07-24 15:11 - 00000000 ____D C:\Users\Ich\AppData\Roaming\TuneUp Software
2013-07-21 05:20 - 2012-09-01 00:30 - 00000000 ____D C:\Users\Ich\AppData\Roaming\KeePass
2013-07-20 01:51 - 2013-07-20 01:51 - 00311608 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00246072 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00206648 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00071480 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2013-07-18 14:51 - 2012-09-18 15:30 - 00000000 ____D E:\Users\Ich\Documents\Work
2013-07-17 14:07 - 2012-09-18 16:35 - 00000000 ____D C:\Users\Ich\AppData\Local\Adobe
2013-07-17 14:07 - 2012-09-07 12:45 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-17 14:07 - 2012-09-01 02:45 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-17 14:07 - 2012-09-01 02:45 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-16 17:00 - 2012-09-18 15:33 - 00000000 ____D C:\Users\Ich\AppData\Roaming\Spotify
2013-07-16 15:25 - 2012-09-18 15:34 - 00000000 ____D C:\Users\Ich\AppData\Local\Spotify
2013-07-14 03:56 - 2013-07-14 03:54 - 00000000 ____D C:\Windows\system32\MRT
2013-07-12 18:18 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-11 12:08 - 2009-07-14 06:45 - 05042688 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-11 12:06 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-11 12:06 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-11 12:06 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-10 01:32 - 2013-07-10 01:32 - 00045880 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2013-07-07 14:54 - 2012-08-31 23:39 - 00000000 ____D C:\Program Files\Opera x64
2013-07-07 14:54 - 2012-08-31 23:39 - 00000000 ____D C:\Program Files (x86)\Opera x64
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-02 00:04
==================== End Of Log ============================
|
|
| Themen zu GVU Virus, abgesicherter Modus mit Eingabeaufforderung funktioniert nicht |
| beim starten, bluescreen, booten, browser, computer, detected, down, fehler, forum, fund, funktioniert, funktioniert nicht, hohe, home, malware, problem, probleme, rechner, router, sekunden, starten, suche, virus, voll, windows |
Linear-Darstellung
