| |
| |||||||
Log-Analyse und Auswertung: GZV Trojaner - abgesichter Modus startet nicht - Schritt 1 bis 4 erledigtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
03.09.2013, 12:25
| #1 |
| |  GZV Trojaner - abgesichter Modus startet nicht - Schritt 1 bis 4 erledigt Hallo zusammen, ich hab den Trojaner "Gesellschaft zur..." auf dem Laptop meiner Mutter(bei mir war/ist er auch drauf,aber da hab ich das mit Norton in den Griff bekommen). Problem bei dem Rechner meiner Mutter ist,dass ich den abgesicherten Modus nicht starten kann(fährt immer nur hoch und direkt wieder runter). Habe nun bisschen hier nachgelesen und bin auf eine Anleitung mit frst.exe gekommen.Habe die ersten 4 Schritte schon durchgeführt und ich werde im ersten Post das log reinkopieren.Wäre für (schnelle) Hilfe echt dankbar.(Habe kaum Ahnung von der Materie) Windows 7 , 64Bit hoffe es fehlen keine Infos(?!) LG Alex FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2013 01
Ran by SYSTEM on MININT-D9JKF0Q on 03-09-2013 13:10:54
Running from I:\
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-26] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1486392 2011-04-05] (McAfee, Inc.)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-26] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-10] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-10] (Egis Technology Inc.)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [968272 2010-06-21] (Dritek System Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [281768 2011-03-28] (Avira GmbH)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-02] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1646216 2013-03-31] (Ask)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-14] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-14] ()
HKU\Margret Dresen\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-07-13] (Google Inc.)
HKU\Margret Dresen\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\MARGRE~1\AppData\Local\Temp\blrwtejtdkunanypp.exe [80896 2013-09-03] (Valve Corporation) <===== ATTENTION
HKU\Margret Dresen\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION
HKU\Margret Dresen\...\Command Processor: "C:\Users\MARGRE~1\AppData\Local\Temp\blrwtejtdkunanypp.exe" <===== ATTENTION!
Startup: C:\Users\Margret Dresen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
==================== Services (Whitelisted) =================
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [136360 2011-03-28] (Avira GmbH)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [269480 2011-07-10] (Avira GmbH)
S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
S2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
S2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [509416 2010-10-07] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [200056 2011-04-14] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [245352 2011-04-14] (McAfee, Inc.)
S2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [149032 2011-04-14] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-26] (Egis Technology Inc.)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
==================== Drivers (Whitelisted) ====================
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88288 2011-07-10] (Avira GmbH)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [123784 2011-07-10] (Avira GmbH)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [63056 2011-04-14] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121376 2011-04-14] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [190520 2011-04-14] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [441840 2011-04-14] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [530304 2011-04-14] (McAfee, Inc.)
S1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75160 2011-04-14] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [94992 2011-04-14] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [283744 2011-04-14] (McAfee, Inc.)
S2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 mfeavfk01; No ImagePath
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-03 01:50 - 2013-09-03 01:50 - 01084737 _____ C:\Users\Margret Dresen\AppData\Local\2433f433
2013-09-03 01:50 - 2013-09-03 01:50 - 01084736 _____ C:\Users\Margret Dresen\AppData\Roaming\2433f433
2013-09-03 01:50 - 2013-09-03 01:50 - 01084717 _____ C:\ProgramData\2433f433
2013-08-26 08:26 - 2013-08-26 08:26 - 00001035 _____ C:\Users\Public\Desktop\PDFCreator.lnk
2013-08-26 08:26 - 2013-08-26 08:26 - 00000000 ____D C:\Users\Margret Dresen\AppData\Roaming\pdfforge
2013-08-26 08:26 - 2013-08-26 08:26 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-08-26 08:26 - 2013-04-09 05:13 - 00110264 _____ (pdfforge GmbH) C:\Windows\System32\pdfcmon.dll
2013-08-26 08:26 - 2013-01-09 05:52 - 01070152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2013-08-26 08:26 - 2012-05-05 01:54 - 00662288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX
2013-08-26 08:26 - 2012-05-05 01:54 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX
2013-08-26 08:26 - 2012-05-05 01:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL
2013-08-26 08:26 - 1998-07-06 08:56 - 00125712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6DE.DLL
2013-08-26 08:26 - 1998-07-06 08:55 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCDE.DLL
2013-08-26 08:26 - 1998-07-06 08:55 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCC2DE.DLL
2013-08-26 08:22 - 2013-08-26 08:24 - 17810632 _____ (pdfforge GmbH) C:\Users\Margret Dresen\Downloads\PDFCreator-1_7_1_setup.exe
2013-08-18 09:30 - 2013-08-18 09:30 - 00000040 _____ C:\Windows\System32\ꮰµ
2013-08-18 07:02 - 2013-07-25 21:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-08-18 07:02 - 2013-07-25 21:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-08-18 07:02 - 2013-07-25 21:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-08-18 07:02 - 2013-07-25 21:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-08-18 07:02 - 2013-07-25 21:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-08-18 07:02 - 2013-07-25 21:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-08-18 07:02 - 2013-07-25 21:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-08-18 07:02 - 2013-07-25 21:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-08-18 07:02 - 2013-07-25 21:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-08-18 07:02 - 2013-07-25 21:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-08-18 07:02 - 2013-07-25 21:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-08-18 07:02 - 2013-07-25 21:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-08-18 07:02 - 2013-07-25 21:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-08-18 07:02 - 2013-07-25 21:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-08-18 07:02 - 2013-07-25 19:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-08-18 07:02 - 2013-07-25 19:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-18 07:02 - 2013-07-25 19:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-18 07:02 - 2013-07-25 19:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-18 07:02 - 2013-07-25 19:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-18 07:02 - 2013-07-25 19:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-18 07:02 - 2013-07-25 19:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-18 07:02 - 2013-07-25 19:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-18 07:02 - 2013-07-25 19:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-18 07:02 - 2013-07-25 19:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-18 07:02 - 2013-07-25 19:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-18 07:02 - 2013-07-25 19:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-18 07:02 - 2013-07-25 19:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-18 07:02 - 2013-07-25 19:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-18 07:02 - 2013-07-25 18:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-18 07:02 - 2013-07-25 18:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-18 07:02 - 2013-07-25 17:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-18 05:59 - 2013-07-25 01:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-08-18 05:59 - 2013-07-25 00:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-18 05:59 - 2013-07-18 17:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-08-18 05:59 - 2013-07-18 17:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-18 05:59 - 2013-07-08 21:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-08-18 05:59 - 2013-07-08 21:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2013-08-18 05:59 - 2013-07-08 21:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-08-18 05:59 - 2013-07-08 20:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-18 05:59 - 2013-07-08 20:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-18 05:59 - 2013-07-08 20:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-18 05:58 - 2013-07-05 22:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-08-16 09:47 - 2013-08-16 09:47 - 00000000 ____D C:\Users\Margret Dresen\AppData\Roaming\Avira
2013-08-16 09:41 - 2013-08-16 09:41 - 00001998 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-14 11:16 - 2013-07-08 21:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-08-14 11:16 - 2013-07-08 21:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-08-14 11:16 - 2013-07-08 20:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 11:14 - 2013-07-08 20:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 11:13 - 2013-06-14 20:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys
2013-08-14 11:10 - 2013-08-14 11:10 - 00002216 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-08-14 06:38 - 2013-08-18 07:00 - 00000000 ____D C:\Windows\System32\MRT
==================== One Month Modified Files and Folders =======
2013-09-03 03:00 - 2009-07-13 20:51 - 00118917 _____ C:\Windows\setupact.log
2013-09-03 02:59 - 2011-04-28 13:06 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-03 02:59 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-03 02:49 - 2010-09-21 19:07 - 01516866 _____ C:\Windows\WindowsUpdate.log
2013-09-03 02:49 - 2009-07-13 20:45 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-03 02:49 - 2009-07-13 20:45 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-03 02:39 - 2013-04-05 06:37 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-03 01:50 - 2013-09-03 01:50 - 01084737 _____ C:\Users\Margret Dresen\AppData\Local\2433f433
2013-09-03 01:50 - 2013-09-03 01:50 - 01084736 _____ C:\Users\Margret Dresen\AppData\Roaming\2433f433
2013-09-03 01:50 - 2013-09-03 01:50 - 01084717 _____ C:\ProgramData\2433f433
2013-09-03 01:37 - 2011-04-28 13:06 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-03 00:40 - 2013-01-20 09:28 - 00000000 ___RD C:\Users\Margret Dresen\Dropbox
2013-09-03 00:40 - 2013-01-20 09:25 - 00000000 ____D C:\Users\Margret Dresen\AppData\Roaming\Dropbox
2013-08-26 08:26 - 2013-08-26 08:26 - 00001035 _____ C:\Users\Public\Desktop\PDFCreator.lnk
2013-08-26 08:26 - 2013-08-26 08:26 - 00000000 ____D C:\Users\Margret Dresen\AppData\Roaming\pdfforge
2013-08-26 08:26 - 2013-08-26 08:26 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-08-26 08:24 - 2013-08-26 08:22 - 17810632 _____ (pdfforge GmbH) C:\Users\Margret Dresen\Downloads\PDFCreator-1_7_1_setup.exe
2013-08-26 02:40 - 2013-01-23 08:55 - 00002018 _____ C:\Users\Public\Desktop\Adobe Reader 9.lnk
2013-08-21 09:22 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-08-18 13:44 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-08-18 13:44 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-08-18 13:43 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-08-18 13:42 - 2011-05-01 13:00 - 00000000 ____D C:\ProgramData\Avira
2013-08-18 13:42 - 2011-05-01 13:00 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-18 09:30 - 2013-08-18 09:30 - 00000040 _____ C:\Windows\System32\ꮰµ
2013-08-18 07:02 - 2013-08-14 06:38 - 00000000 ____D C:\Windows\System32\MRT
2013-08-18 07:00 - 2013-04-12 11:55 - 78161360 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-08-18 03:59 - 2011-04-28 12:50 - 00000000 ____D C:\users\Margret Dresen
2013-08-16 09:47 - 2013-08-16 09:47 - 00000000 ____D C:\Users\Margret Dresen\AppData\Roaming\Avira
2013-08-16 09:41 - 2013-08-16 09:41 - 00001998 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-14 20:44 - 2009-07-13 23:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-08-14 20:42 - 2010-07-13 03:56 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-14 11:10 - 2013-08-14 11:10 - 00002216 _____ C:\Users\Public\Desktop\Google Earth.lnk
Files to move or delete:
====================
C:\Users\MARGRE~1\AppData\Local\Temp\blrwtejtdkunanypp.exe
C:\Users\Margret Dresen\AppData\Local\Temp\APNStub.exe
C:\Users\Margret Dresen\AppData\Local\Temp\AskSLib.dll
C:\Users\Margret Dresen\AppData\Local\Temp\blrwtejtdkunanypp.exe
C:\Users\Margret Dresen\AppData\Local\Temp\install_reader10_de_mssa_aih(1).exe
C:\Users\Margret Dresen\AppData\Local\Temp\jre-6u38-windows-i586-iftw.exe
C:\Users\Margret Dresen\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Margret Dresen\AppData\Local\Temp\nswF2C8.tmp\DropboxNSISTools.dll
C:\Users\Margret Dresen\AppData\Local\Temp\nssD318.tmp\DropboxNSISTools.dll
C:\Users\Margret Dresen\AppData\Local\Temp\nssD318.tmp\UAC.dll
C:\Users\Margret Dresen\AppData\Local\Temp\nsf95F9.tmp\DropboxNSISTools.dll
C:\Users\Margret Dresen\AppData\Local\Temp\D99C.dir\InstallFlashPlayer.exe
C:\Users\Margret Dresen\AppData\Local\Temp\D365.dir\InstallFlashPlayer.exe
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\GoogleEarth.exe
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemyext.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\earthps.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\geplugin.exe
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\ge_expat.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\googleearth_free.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\icudt.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGAttrs.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGCore.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGExportCommon.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGGfx.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGMath.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGOpt.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGSg.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGUtils.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\msvcp100.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\msvcr100.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\npgeplugin.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\plugin_ax.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\QtCore4.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\QtGui4.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\QtNetwork4.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\QtWebKit4.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\imageformats\qgif4.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\imageformats\qjpeg4.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\optimizations\IGOptExtension.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\D3DCompiler_43.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\d3dx9_43.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGAttrs.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGGfx.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGSg.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\libEGL.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\libGLESv2.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogl\IGAttrs.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogl\IGGfx.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogl\IGSg.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemyext.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\earthflashsol.exe
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\earthps.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\ge_expat.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\googleearth.exe
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\googleearth_free.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\gpsbabel.exe
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\icudt.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGAttrs.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGCore.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGExportCommon.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGGfx.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGMath.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGOpt.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGSg.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGUtils.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\msvcp100.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\msvcr100.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\QtCore4.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\QtGui4.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\QtNetwork4.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\QtWebKit4.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\Plugins\npgeinprocessplugin.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\imageformats\qgif4.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\imageformats\qjpeg4.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\optimizations\IGOptExtension.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\D3DCompiler_43.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\d3dx9_43.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\IGAttrs.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\IGGfx.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\IGSg.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\libEGL.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\libGLESv2.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogl\IGAttrs.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogl\IGGfx.dll
C:\Users\Margret Dresen\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogl\IGSg.dll
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2013-07-14 11:33:47
Restore point made on: 2013-07-29 10:51:31
Restore point made on: 2013-08-14 06:37:57
Restore point made on: 2013-08-14 12:06:47
Restore point made on: 2013-08-18 07:00:07
Restore point made on: 2013-08-25 15:09:37
==================== Memory info ===========================
Percentage of memory in use: 18%
Total physical RAM: 3958.71 MB
Available physical RAM: 3235.74 MB
Total Pagefile: 3956.86 MB
Available Pagefile: 3232.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:197.26 GB) (Free:146.61 GB) NTFS
Drive d: (Eigene Dateien) (Fixed) (Total:341.8 GB) (Free:339.9 GB) NTFS
Drive e: (Volume) (Fixed) (Total:146.48 GB) (Free:146.39 GB) NTFS
Drive g: (PQSERVICE) (Fixed) (Total:13 GB) (Free:1.42 GB) NTFS
Drive h: (KRD10) (CDROM) (Total:0.28 GB) (Free:0 GB) CDFS
Drive i: () (Removable) (Total:0.12 GB) (Free:0.12 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: F1420C4E)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=197 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=488 GB) - (Type=OF Extended)
========================================================
Disk: 1 (Size: 125 MB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=124 MB) - (Type=06)
LastRegBack: 2013-08-25 15:01
==================== End Of Log ============================
|
| Themen zu GZV Trojaner - abgesichter Modus startet nicht - Schritt 1 bis 4 erledigt |
| abgesicherte, abgesicherten, ahnung, anleitung, association, direkt, durchgeführt, erledigt, farbar, farbar recovery scan tool, fehlen, griff, hallo zusammen, infos, laptop, log, modus, norton, pmmupdate.exe, rechner, runter, schnelle, starte, starten, startet, startet nicht, troja, trojaner, zusammen |
Baum-Darstellung