|
Plagegeister aller Art und deren Bekämpfung: Laptop hängt beim booten von WindowsWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
06.03.2014, 19:10 | #1 |
| Laptop hängt beim booten von Windows Hallo allerseits ersteinmal! Mein Problem ist folgendes: Seit ich meinen Bruder auf meinem Laptop einen Film habe schauen lassen, hat er ganz furchtbar gehakt, obwohl er mir beteuert hat das er nichts getan hat. Das Problem ist der Computer lief zu dem Zeitpunkt ja noch, wenn auch mit furchtbaren laggs. Als ich ihn dann einmal neu gestartet habe, hat er sich beim booten von Windows aufgehängt. Die ,,reparieren'' Funktion von windows, die nach erneutem Starten gegeben wurde hat auch nicht geholfen. Auch den abgesicherten Modus konnte ich nicht starten, da das ,,programm'' stets bei >aswRvrt.sys< gehongen hat (soweit ich weiß gehört das zu avast meinem Virenschutz-programm) Ich hatte zwar vorher bereits einmal einen Virus konnte diesen aber gut entfernen und habe seitdem keine negative Beeinträchtigung meines Systems bemerkt. Ich bedanke mich im vorraus schoneinmal für jede Hilfe. |
06.03.2014, 19:33 | #2 |
/// the machine /// TB-Ausbilder | Laptop hängt beim booten von Windows Hi,
__________________welches Betriebssystem? Geht keiner der 3 Safe Modes?
__________________ |
07.03.2014, 08:54 | #3 |
| Laptop hängt beim booten von Windows Also mein Betriebssystem ist Windows 7 und ja jeder der 3 abgesicherten modi hängt bei dem oben genannten prozess.
__________________ |
08.03.2014, 12:25 | #4 |
/// the machine /// TB-Ausbilder | Laptop hängt beim booten von Windows hi, Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8) Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
08.03.2014, 13:56 | #5 |
| Laptop hängt beim booten von Windows Ersteinmal vielen Dank, dass du dich meinem problem angenommen hast FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-03-2014 01 Ran by SYSTEM on MININT-UH68N0H on 08-03-2014 13:37:55 Running from G:\ Windows 7 Home Premium (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SmartFaceVWatcher] - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation) HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [520760 2010-03-10] (Conexant Systems, Inc.) HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation) HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation) HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-03] (TOSHIBA Corporation) HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.) HKLM-x32\...\Run: [TWebCamera] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.) HKLM-x32\...\Run: [NBAgent] - c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe [1086760 2010-03-09] (Nero AG) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-15] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [amd_dc_opt] - C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-04] (AVAST Software) HKU\Default\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA) HKU\Default User\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA) HKU\Eduard\...\Run: [DVSSkypeRecorder] - C:\Program Files (x86)\DVDVideoSoft\Free Video Call Recorder for Skype\skyui.exe [869944 2013-12-30] (DVDVideoSoft Ltd.) HKU\Gast\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA) HKU\otto\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA) AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [1355040 2014-03-03] (Conduit) AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [1050912 2014-03-03] (Conduit) IFEO\Utilman.exe: [Debugger] cmd.exe Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) ==================== Services (Whitelisted) ================= S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-04] (AVAST Software) S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2454816 2014-03-03] (Conduit) S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [100864 2013-01-31] (Freemake) S2 ImDskSvc; C:\Windows\system32\imdsksvc.exe [11776 2012-11-02] (Olof Lagerkvist) S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [271920 2007-06-01] (Nero AG) S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-20] () S2 SrvUpdater; C:\Program Files (x86)\SoftwareUpdater\UpdaterService.exe [29696 2013-11-05] () S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-02-11] (Toshiba Europe GmbH) S2 Update SecretSauce; C:\Program Files (x86)\SecretSauce\updateSecretSauce.exe [111904 2014-02-25] () S2 Util SecretSauce; C:\Program Files (x86)\SecretSauce\bin\utilSecretSauce.exe [111904 2014-02-25] () S2 BstHdAndroidSvc; "C:\Program Files (x86)\BlueStacks\HD-Service.exe" BstHdAndroidSvc Android [X] S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [X] ==================== Drivers (Whitelisted) ==================== S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-04] (AVAST Software) S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-24] (AVAST Software) S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-24] () S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-04] (AVAST Software) S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-04] (AVAST Software) S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-02-04] (AVAST Software) S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2013-12-28] () S3 AWEAlloc; C:\Windows\System32\DRIVERS\awealloc.sys [18456 2012-11-02] (Olof Lagerkvist) S3 CnxtHdmiAudService; C:\Windows\System32\drivers\CHDMI64.sys [720952 2010-03-05] (Conexant Systems Inc.) S2 ImDisk; C:\Windows\System32\DRIVERS\imdisk.sys [39464 2012-11-02] (Olof Lagerkvist) S2 regi; C:\Windows\SysWOW64\drivers\regi.sys [11032 2007-04-17] (InterVideo) S1 tnetfilter2; C:\Windows\System32\drivers\tnetfilter2.sys [60096 2014-01-17] (NetFilterSDK.com) S2 BstHdDrv; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-08 13:37 - 2014-03-08 13:37 - 00000000 ____D () C:\FRST 2014-03-05 16:13 - 2014-03-05 16:13 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-03-05 16:13 - 2014-03-05 16:13 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-05 16:13 - 2014-03-05 16:13 - 00000000 ____D () C:\Users\Eduard\AppData\Local\Skype 2014-03-03 09:13 - 2014-03-03 19:49 - 00001009 _____ () C:\Users\Eduard\.lmmsrc.xml 2014-03-03 09:12 - 2014-03-03 18:10 - 00000000 ____D () C:\Users\Eduard\lmms 2014-03-03 09:05 - 2014-03-03 09:05 - 00000936 _____ () C:\Users\Eduard\Desktop\Linux MultiMedia Studio.lnk 2014-03-03 09:04 - 2014-03-03 09:05 - 00000000 ____D () C:\Program Files (x86)\LMMS 2014-03-03 09:02 - 2014-03-03 09:03 - 00401776 _____ (Softonic ) C:\Users\Eduard\Downloads\SoftonicDownloader_fuer_linux-multimedia-studio.exe 2014-03-01 02:21 - 2014-03-01 02:21 - 00319657 _____ () C:\Users\Eduard\Downloads\msvcr90.zip 2014-03-01 02:09 - 2014-03-01 02:09 - 00134662 _____ () C:\Windows\SysWOW64\libfaad2.dll.7z 2014-03-01 02:06 - 2014-03-01 02:06 - 00134662 _____ () C:\Program Files\libfaad2.dll.7z 2014-02-21 14:21 - 2014-02-21 14:22 - 16526616 _____ () C:\Users\Eduard\Downloads\Additional Poses for Pinup Poser With Picture Reference Folder-50998-V1-21.rar 2014-02-21 14:21 - 2014-02-21 14:21 - 00114046 _____ () C:\Users\Eduard\Downloads\Newest version see changelog-50225-1-3Beta.7z 2014-02-21 10:14 - 2014-02-25 14:50 - 00374784 _____ () C:\Users\Eduard\Downloads\Längenkontraktion.ppt 2014-02-21 10:13 - 2014-02-21 10:13 - 00196217 _____ () C:\Users\Eduard\Downloads\Längenkontraktion.pptx 2014-02-14 10:27 - 2014-02-14 10:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-02-14 09:20 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2014-02-14 09:20 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-02-14 09:19 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2014-02-14 09:19 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2014-02-14 09:19 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll 2014-02-14 09:19 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2014-02-14 09:19 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2014-02-14 09:19 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll 2014-02-14 09:19 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2014-02-14 09:19 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2014-02-14 09:19 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2014-02-14 09:19 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2014-02-14 09:19 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll 2014-02-14 09:19 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe 2014-02-14 09:19 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-02-14 09:19 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2014-02-14 09:19 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-02-14 09:19 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll 2014-02-14 09:19 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2014-02-14 09:19 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-02-14 09:19 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-02-14 09:19 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-02-14 09:19 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2014-02-14 09:19 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-02-14 09:19 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-02-14 09:19 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2014-02-14 09:19 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-02-14 09:19 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-02-14 09:19 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-02-14 09:19 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-02-14 09:19 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-02-14 09:19 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2014-02-14 09:19 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2014-02-14 09:19 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-02-14 09:19 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-02-14 09:19 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-02-14 09:19 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2014-02-14 09:19 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-02-14 09:19 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2014-02-14 09:19 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-02-14 09:19 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-02-12 20:27 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-02-12 20:27 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll 2014-02-12 20:27 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2014-02-12 20:27 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll 2014-02-12 20:26 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls 2014-02-12 20:26 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\System32\locale.nls 2014-02-12 20:26 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2014-02-12 20:26 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml3r.dll 2014-02-12 20:26 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-02-12 20:26 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-02-12 20:26 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\System32\secproc.dll 2014-02-12 20:26 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\System32\secproc_isv.dll 2014-02-12 20:26 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\System32\secproc_ssp_isv.dll 2014-02-12 20:26 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\System32\secproc_ssp.dll 2014-02-12 20:26 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\System32\msdrm.dll 2014-02-12 20:26 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\System32\RMActivate_isv.exe 2014-02-12 20:26 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\System32\RMActivate.exe 2014-02-12 20:26 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\System32\RMActivate_ssp.exe 2014-02-12 20:26 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\System32\RMActivate_ssp_isv.exe 2014-02-12 20:26 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll 2014-02-12 20:26 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll 2014-02-12 20:26 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll 2014-02-12 20:26 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll 2014-02-12 20:26 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll 2014-02-12 20:26 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe 2014-02-12 20:26 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe 2014-02-12 20:26 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe 2014-02-12 20:26 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe ==================== One Month Modified Files and Folders ======= 2014-03-08 13:37 - 2014-03-08 13:37 - 00000000 ____D () C:\FRST 2014-03-06 19:21 - 2013-02-08 14:12 - 00385772 _____ () C:\Windows\PFRO.log 2014-03-06 14:49 - 2013-02-06 13:51 - 01212791 _____ () C:\Windows\WindowsUpdate.log 2014-03-06 14:31 - 2013-02-06 20:14 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-03-06 14:29 - 2013-05-14 15:12 - 00281392 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2014-03-06 14:29 - 2013-02-11 17:51 - 00281392 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr 2014-03-06 13:57 - 2014-01-22 21:58 - 00000000 ____D () C:\Program Files (x86)\SearchProtect 2014-03-06 13:56 - 2009-07-14 18:58 - 00699682 _____ () C:\Windows\System32\perfh007.dat 2014-03-06 13:56 - 2009-07-14 18:58 - 00149790 _____ () C:\Windows\System32\perfc007.dat 2014-03-06 13:56 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\System32\PerfStringBackup.INI 2014-03-06 13:52 - 2009-07-14 05:51 - 00129414 _____ () C:\Windows\setupact.log 2014-03-06 11:01 - 2013-06-01 18:09 - 00003516 _____ () C:\Windows\System32\Tasks\Eduard NBAgent 2014-03-05 21:33 - 2013-02-06 18:56 - 00000328 _____ () C:\Windows\Tasks\GlaryInitialize.job 2014-03-05 20:59 - 2013-12-08 22:15 - 00000000 ____D () C:\Users\Eduard\AppData\Roaming\vlc 2014-03-05 20:30 - 2013-02-06 17:17 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{AB324698-245C-4293-AA54-46A2FECB7A8E} 2014-03-05 17:50 - 2013-05-14 15:12 - 00291944 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0 2014-03-05 16:17 - 2009-07-14 05:45 - 00016080 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-05 16:17 - 2009-07-14 05:45 - 00016080 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-05 16:13 - 2014-03-05 16:13 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-03-05 16:13 - 2014-03-05 16:13 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-05 16:13 - 2014-03-05 16:13 - 00000000 ____D () C:\Users\Eduard\AppData\Local\Skype 2014-03-05 16:13 - 2013-02-23 17:13 - 00000000 ____D () C:\Users\Eduard\AppData\Roaming\Skype 2014-03-05 16:13 - 2010-04-01 12:13 - 00000000 ____D () C:\ProgramData\Skype 2014-03-05 16:08 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-04 18:14 - 2013-02-06 17:36 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-03-04 16:35 - 2013-02-19 15:16 - 00000000 ____D () C:\Users\Eduard\dwhelper 2014-03-04 13:17 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-03-03 19:49 - 2014-03-03 09:13 - 00001009 _____ () C:\Users\Eduard\.lmmsrc.xml 2014-03-03 18:10 - 2014-03-03 09:12 - 00000000 ____D () C:\Users\Eduard\lmms 2014-03-03 09:18 - 2013-02-10 20:56 - 00000000 ____D () C:\Users\Eduard\AppData\Roaming\dvdcss 2014-03-03 09:13 - 2013-02-06 14:34 - 00000000 ____D () C:\users\Eduard 2014-03-03 09:05 - 2014-03-03 09:05 - 00000936 _____ () C:\Users\Eduard\Desktop\Linux MultiMedia Studio.lnk 2014-03-03 09:05 - 2014-03-03 09:04 - 00000000 ____D () C:\Program Files (x86)\LMMS 2014-03-03 09:03 - 2014-03-03 09:02 - 00401776 _____ (Softonic ) C:\Users\Eduard\Downloads\SoftonicDownloader_fuer_linux-multimedia-studio.exe 2014-03-03 08:58 - 2014-01-07 21:24 - 00000000 ____D () C:\Program Files (x86)\SecretSauce 2014-03-02 19:58 - 2013-02-06 17:20 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-03-01 20:42 - 2013-07-15 10:40 - 00000000 ____D () C:\Users\Eduard\AppData\Roaming\TS3Client 2014-03-01 02:21 - 2014-03-01 02:21 - 00319657 _____ () C:\Users\Eduard\Downloads\msvcr90.zip 2014-03-01 02:09 - 2014-03-01 02:09 - 00134662 _____ () C:\Windows\SysWOW64\libfaad2.dll.7z 2014-03-01 02:06 - 2014-03-01 02:06 - 00134662 _____ () C:\Program Files\libfaad2.dll.7z 2014-02-27 08:15 - 2010-04-01 12:00 - 00000000 ____D () C:\ProgramData\Adobe 2014-02-26 22:58 - 2013-09-12 08:08 - 01594964 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-02-25 14:50 - 2014-02-21 10:14 - 00374784 _____ () C:\Users\Eduard\Downloads\Längenkontraktion.ppt 2014-02-24 20:44 - 2013-02-26 16:58 - 00000000 ____D () C:\Users\Eduard\AppData\Local\Adobe 2014-02-24 20:44 - 2013-02-06 20:14 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-02-24 20:44 - 2013-02-06 20:14 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-02-24 20:44 - 2013-02-06 20:14 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-02-24 18:53 - 2013-02-11 13:04 - 00000000 ____D () C:\Users\Eduard\AppData\Local\Microsoft Games 2014-02-23 13:40 - 2014-01-07 21:29 - 00000000 ____D () C:\Users\Eduard\AppData\Local\genienext 2014-02-22 23:13 - 2013-04-22 10:14 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\vlc 2014-02-22 22:32 - 2013-04-22 10:16 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\dvdcss 2014-02-21 14:22 - 2014-02-21 14:21 - 16526616 _____ () C:\Users\Eduard\Downloads\Additional Poses for Pinup Poser With Picture Reference Folder-50998-V1-21.rar 2014-02-21 14:21 - 2014-02-21 14:21 - 00114046 _____ () C:\Users\Eduard\Downloads\Newest version see changelog-50225-1-3Beta.7z 2014-02-21 10:13 - 2014-02-21 10:13 - 00196217 _____ () C:\Users\Eduard\Downloads\Längenkontraktion.pptx 2014-02-17 10:41 - 2013-08-16 23:08 - 00000000 ____D () C:\Windows\System32\MRT 2014-02-17 10:38 - 2013-02-11 18:44 - 88567024 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe 2014-02-14 18:25 - 2014-01-18 16:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-02-14 10:27 - 2014-02-14 10:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-02-07 20:37 - 2014-02-07 20:37 - 00000161 _____ () C:\Users\Eduard\Desktop\Neue Internetverknüpfung.url 2014-02-07 11:07 - 2013-02-06 20:47 - 00000000 ____D () C:\Users\Eduard\Documents\Schule 2014-02-06 13:16 - 2014-02-14 09:19 - 23170048 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2014-02-06 12:30 - 2014-02-14 09:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2014-02-06 12:30 - 2014-02-14 09:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll 2014-02-06 12:12 - 2014-02-14 09:19 - 02765824 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2014-02-06 12:07 - 2014-02-14 09:19 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2014-02-06 12:06 - 2014-02-14 09:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll 2014-02-06 11:57 - 2014-02-14 09:19 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2014-02-06 11:56 - 2014-02-14 09:19 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2014-02-06 11:52 - 2014-02-14 09:19 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2014-02-06 11:49 - 2014-02-14 09:19 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2014-02-06 11:48 - 2014-02-14 09:19 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll 2014-02-06 11:48 - 2014-02-14 09:19 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe 2014-02-06 11:38 - 2014-02-14 09:19 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-02-06 11:32 - 2014-02-14 09:19 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2014-02-06 11:20 - 2014-02-14 09:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-02-06 11:17 - 2014-02-14 09:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll 2014-02-06 11:11 - 2014-02-14 09:19 - 05768704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2014-02-06 11:01 - 2014-02-14 09:19 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-02-06 11:00 - 2014-02-14 09:19 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-02-06 10:57 - 2014-02-14 09:19 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-02-06 10:57 - 2014-02-14 09:19 - 00627200 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2014-02-06 10:52 - 2014-02-14 09:19 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-02-06 10:52 - 2014-02-14 09:19 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-02-06 10:50 - 2014-02-14 09:19 - 02041856 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2014-02-06 10:49 - 2014-02-14 09:19 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-02-06 10:47 - 2014-02-14 09:19 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-02-06 10:46 - 2014-02-14 09:19 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-02-06 10:25 - 2014-02-14 09:19 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-02-06 10:25 - 2014-02-14 09:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-02-06 10:24 - 2014-02-14 09:19 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2014-02-06 10:22 - 2014-02-14 09:19 - 13051392 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2014-02-06 10:13 - 2014-02-14 09:19 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-02-06 10:09 - 2014-02-14 09:19 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-02-06 10:03 - 2014-02-14 09:19 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-02-06 09:55 - 2014-02-14 09:19 - 01393664 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2014-02-06 09:41 - 2014-02-14 09:19 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-02-06 09:40 - 2014-02-14 09:19 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2014-02-06 09:36 - 2014-02-14 09:19 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-02-06 09:34 - 2014-02-14 09:19 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll Some content of TEMP: ==================== C:\Users\Eduard\AppData\Local\Temp\SPSetup.exe C:\Users\Gast\AppData\Local\Temp\SPSetup.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 14% Total physical RAM: 3958.85 MB Available physical RAM: 3371.69 MB Total Pagefile: 3957 MB Available Pagefile: 3366.5 MB Total Virtual: 8192 MB Available Virtual: 8191.88 MB ==================== Drives ================================ Drive c: (WINDOWS) (Fixed) (Total:232.65 GB) (Free:30.45 GB) NTFS Drive d: (Data) (Fixed) (Total:232.72 GB) (Free:47.09 GB) NTFS Drive e: (SYSTEM) (Fixed) (Total:0.39 GB) (Free:0.18 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive f: (THE_DARK_KNIGHT) (CDROM) (Total:7.9 GB) (Free:0 GB) UDF Drive g: () (Removable) (Total:1.87 GB) (Free:1.87 GB) FAT Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 354B0B60) Partition 1: (Active) - (Size=400 MB) - (Type=27) Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=233 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 2 GB) (Disk ID: C99324F0) Partition: GPT Partition Type. LastRegBack: 2014-03-04 13:11 ==================== End Of Log ============================ --- --- --- Ich bin mir zwar nicht sicher ob es wichtig ist, aber ich habe den Computer vor ungefähr einem 3/4 Jahr von einem Freund gekauft (er hat sich damals einen neuen geholt). Aber bevor ich ihn für mich verwendet habe, hatte ich ersteinmal Windows neu aufgesetzt. Gruß Bartholomäus |
09.03.2014, 07:44 | #6 |
/// the machine /// TB-Ausbilder | Laptop hängt beim booten von Windows Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-04] (AVAST Software) AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [1355040 2014-03-03] (Conduit) AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [1050912 2014-03-03] (Conduit) IFEO\Utilman.exe: [Debugger] cmd.exe S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-24] () C:\Windows\System32\Drivers\aswRvrt.sys
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier. Rechner normal starten.
__________________ --> Laptop hängt beim booten von Windows |
09.03.2014, 10:54 | #7 |
| Laptop hängt beim booten von Windows So hier ist das dokument Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-03-2014 01 Ran by SYSTEM at 2014-03-09 10:50:18 Run:1 Running from G:\ Boot Mode: Recovery ============================================== Content of fixlist: ***************** HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-04] (AVAST Software) AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [1355040 2014-03-03] (Conduit) AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [1050912 2014-03-03] (Conduit) IFEO\Utilman.exe: [Debugger] cmd.exe S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-24] () C:\Windows\System32\Drivers\aswRvrt.sys ***************** HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AvastUI.exe => Value deleted successfully. "C:\\PROGRA~2\\SearchProtect\\SearchProtect\\bin\\SPVC64Loader.dll" => Value Data removed successfully. "C:\\PROGRA~2\\SearchProtect\\SearchProtect\\bin\\SPVC32Loader.dll" => Value Data removed successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Utilman.exe => Key deleted successfully. aswRvrt => Service deleted successfully. C:\Windows\System32\Drivers\aswRvrt.sys => Moved successfully. ==== End of Fixlog ==== |
10.03.2014, 10:59 | #8 |
/// the machine /// TB-Ausbilder | Laptop hängt beim booten von Windows Startet der Rechner normal.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
10.03.2014, 14:51 | #9 |
| Laptop hängt beim booten von Windows Ach so. Nein leider hängt er immernoch an derselben stelle. Allerdings hängen alle drei abgesicherten modi jetzt bei dem Prozess aswVmm.sys gruß Bartholomäus |
11.03.2014, 09:41 | #10 |
/// the machine /// TB-Ausbilder | Laptop hängt beim booten von Windows Poste bitte nochmal nen frisches FRST log.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
11.03.2014, 12:32 | #11 |
| Laptop hängt beim booten von Windows Ok hier ist der neue frst-scan-log FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-03-2014 01 Ran by SYSTEM on MININT-GVM617E on 11-03-2014 12:27:57 Running from G:\ Windows 7 Home Premium (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SmartFaceVWatcher] - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation) HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [520760 2010-03-10] (Conexant Systems, Inc.) HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation) HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation) HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-03] (TOSHIBA Corporation) HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.) HKLM-x32\...\Run: [TWebCamera] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.) HKLM-x32\...\Run: [NBAgent] - c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe [1086760 2010-03-09] (Nero AG) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-15] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [amd_dc_opt] - C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKU\Default\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA) HKU\Default User\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA) HKU\Eduard\...\Run: [DVSSkypeRecorder] - C:\Program Files (x86)\DVDVideoSoft\Free Video Call Recorder for Skype\skyui.exe [869944 2013-12-30] (DVDVideoSoft Ltd.) HKU\Gast\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA) HKU\otto\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) ==================== Services (Whitelisted) ================= S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-04] (AVAST Software) S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2454816 2014-03-03] (Conduit) S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [100864 2013-01-31] (Freemake) S2 ImDskSvc; C:\Windows\system32\imdsksvc.exe [11776 2012-11-02] (Olof Lagerkvist) S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [271920 2007-06-01] (Nero AG) S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-20] () S2 SrvUpdater; C:\Program Files (x86)\SoftwareUpdater\UpdaterService.exe [29696 2013-11-05] () S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-02-11] (Toshiba Europe GmbH) S2 Update SecretSauce; C:\Program Files (x86)\SecretSauce\updateSecretSauce.exe [111904 2014-02-25] () S2 Util SecretSauce; C:\Program Files (x86)\SecretSauce\bin\utilSecretSauce.exe [111904 2014-02-25] () S2 BstHdAndroidSvc; "C:\Program Files (x86)\BlueStacks\HD-Service.exe" BstHdAndroidSvc Android [X] S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [X] ==================== Drivers (Whitelisted) ==================== S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-04] (AVAST Software) S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-24] (AVAST Software) S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-04] (AVAST Software) S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-04] (AVAST Software) S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-02-04] (AVAST Software) S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2013-12-28] () S3 AWEAlloc; C:\Windows\System32\DRIVERS\awealloc.sys [18456 2012-11-02] (Olof Lagerkvist) S3 CnxtHdmiAudService; C:\Windows\System32\drivers\CHDMI64.sys [720952 2010-03-05] (Conexant Systems Inc.) S2 ImDisk; C:\Windows\System32\DRIVERS\imdisk.sys [39464 2012-11-02] (Olof Lagerkvist) S2 regi; C:\Windows\SysWOW64\drivers\regi.sys [11032 2007-04-17] (InterVideo) S1 tnetfilter2; C:\Windows\System32\drivers\tnetfilter2.sys [60096 2014-01-17] (NetFilterSDK.com) S2 BstHdDrv; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-08 13:37 - 2014-03-11 12:27 - 00000000 ____D () C:\FRST 2014-03-05 16:13 - 2014-03-05 16:13 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-03-05 16:13 - 2014-03-05 16:13 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-05 16:13 - 2014-03-05 16:13 - 00000000 ____D () C:\Users\Eduard\AppData\Local\Skype 2014-03-03 09:13 - 2014-03-03 19:49 - 00001009 _____ () C:\Users\Eduard\.lmmsrc.xml 2014-03-03 09:12 - 2014-03-03 18:10 - 00000000 ____D () C:\Users\Eduard\lmms 2014-03-03 09:05 - 2014-03-03 09:05 - 00000936 _____ () C:\Users\Eduard\Desktop\Linux MultiMedia Studio.lnk 2014-03-03 09:04 - 2014-03-03 09:05 - 00000000 ____D () C:\Program Files (x86)\LMMS 2014-03-03 09:02 - 2014-03-03 09:03 - 00401776 _____ (Softonic ) C:\Users\Eduard\Downloads\SoftonicDownloader_fuer_linux-multimedia-studio.exe 2014-03-01 02:21 - 2014-03-01 02:21 - 00319657 _____ () C:\Users\Eduard\Downloads\msvcr90.zip 2014-03-01 02:09 - 2014-03-01 02:09 - 00134662 _____ () C:\Windows\SysWOW64\libfaad2.dll.7z 2014-03-01 02:06 - 2014-03-01 02:06 - 00134662 _____ () C:\Program Files\libfaad2.dll.7z 2014-02-21 14:21 - 2014-02-21 14:22 - 16526616 _____ () C:\Users\Eduard\Downloads\Additional Poses for Pinup Poser With Picture Reference Folder-50998-V1-21.rar 2014-02-21 14:21 - 2014-02-21 14:21 - 00114046 _____ () C:\Users\Eduard\Downloads\Newest version see changelog-50225-1-3Beta.7z 2014-02-21 10:14 - 2014-02-25 14:50 - 00374784 _____ () C:\Users\Eduard\Downloads\Längenkontraktion.ppt 2014-02-21 10:13 - 2014-02-21 10:13 - 00196217 _____ () C:\Users\Eduard\Downloads\Längenkontraktion.pptx 2014-02-14 10:27 - 2014-02-14 10:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-02-14 09:20 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2014-02-14 09:20 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-02-14 09:19 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2014-02-14 09:19 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2014-02-14 09:19 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll 2014-02-14 09:19 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2014-02-14 09:19 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2014-02-14 09:19 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll 2014-02-14 09:19 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2014-02-14 09:19 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2014-02-14 09:19 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2014-02-14 09:19 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2014-02-14 09:19 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll 2014-02-14 09:19 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe 2014-02-14 09:19 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-02-14 09:19 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2014-02-14 09:19 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-02-14 09:19 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll 2014-02-14 09:19 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2014-02-14 09:19 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-02-14 09:19 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-02-14 09:19 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-02-14 09:19 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2014-02-14 09:19 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-02-14 09:19 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-02-14 09:19 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2014-02-14 09:19 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-02-14 09:19 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-02-14 09:19 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-02-14 09:19 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-02-14 09:19 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-02-14 09:19 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2014-02-14 09:19 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2014-02-14 09:19 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-02-14 09:19 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-02-14 09:19 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-02-14 09:19 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2014-02-14 09:19 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-02-14 09:19 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2014-02-14 09:19 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-02-14 09:19 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-02-12 20:27 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-02-12 20:27 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll 2014-02-12 20:27 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2014-02-12 20:27 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll 2014-02-12 20:26 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls 2014-02-12 20:26 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\System32\locale.nls 2014-02-12 20:26 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2014-02-12 20:26 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml3r.dll 2014-02-12 20:26 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-02-12 20:26 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-02-12 20:26 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\System32\secproc.dll 2014-02-12 20:26 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\System32\secproc_isv.dll 2014-02-12 20:26 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\System32\secproc_ssp_isv.dll 2014-02-12 20:26 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\System32\secproc_ssp.dll 2014-02-12 20:26 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\System32\msdrm.dll 2014-02-12 20:26 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\System32\RMActivate_isv.exe 2014-02-12 20:26 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\System32\RMActivate.exe 2014-02-12 20:26 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\System32\RMActivate_ssp.exe 2014-02-12 20:26 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\System32\RMActivate_ssp_isv.exe 2014-02-12 20:26 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll 2014-02-12 20:26 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll 2014-02-12 20:26 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll 2014-02-12 20:26 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll 2014-02-12 20:26 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll 2014-02-12 20:26 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe 2014-02-12 20:26 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe 2014-02-12 20:26 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe 2014-02-12 20:26 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe ==================== One Month Modified Files and Folders ======= 2014-03-11 12:27 - 2014-03-08 13:37 - 00000000 ____D () C:\FRST 2014-03-06 19:21 - 2013-02-08 14:12 - 00385772 _____ () C:\Windows\PFRO.log 2014-03-06 14:49 - 2013-02-06 13:51 - 01212791 _____ () C:\Windows\WindowsUpdate.log 2014-03-06 14:31 - 2013-02-06 20:14 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-03-06 14:29 - 2013-05-14 15:12 - 00281392 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2014-03-06 14:29 - 2013-02-11 17:51 - 00281392 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr 2014-03-06 13:57 - 2014-01-22 21:58 - 00000000 ____D () C:\Program Files (x86)\SearchProtect 2014-03-06 13:56 - 2009-07-14 18:58 - 00699682 _____ () C:\Windows\System32\perfh007.dat 2014-03-06 13:56 - 2009-07-14 18:58 - 00149790 _____ () C:\Windows\System32\perfc007.dat 2014-03-06 13:56 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\System32\PerfStringBackup.INI 2014-03-06 13:52 - 2009-07-14 05:51 - 00129414 _____ () C:\Windows\setupact.log 2014-03-06 11:01 - 2013-06-01 18:09 - 00003516 _____ () C:\Windows\System32\Tasks\Eduard NBAgent 2014-03-05 21:33 - 2013-02-06 18:56 - 00000328 _____ () C:\Windows\Tasks\GlaryInitialize.job 2014-03-05 20:59 - 2013-12-08 22:15 - 00000000 ____D () C:\Users\Eduard\AppData\Roaming\vlc 2014-03-05 20:30 - 2013-02-06 17:17 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{AB324698-245C-4293-AA54-46A2FECB7A8E} 2014-03-05 17:50 - 2013-05-14 15:12 - 00291944 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0 2014-03-05 16:17 - 2009-07-14 05:45 - 00016080 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-05 16:17 - 2009-07-14 05:45 - 00016080 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-05 16:13 - 2014-03-05 16:13 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-03-05 16:13 - 2014-03-05 16:13 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-05 16:13 - 2014-03-05 16:13 - 00000000 ____D () C:\Users\Eduard\AppData\Local\Skype 2014-03-05 16:13 - 2013-02-23 17:13 - 00000000 ____D () C:\Users\Eduard\AppData\Roaming\Skype 2014-03-05 16:13 - 2010-04-01 12:13 - 00000000 ____D () C:\ProgramData\Skype 2014-03-05 16:08 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-04 18:14 - 2013-02-06 17:36 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-03-04 16:35 - 2013-02-19 15:16 - 00000000 ____D () C:\Users\Eduard\dwhelper 2014-03-04 13:17 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-03-03 19:49 - 2014-03-03 09:13 - 00001009 _____ () C:\Users\Eduard\.lmmsrc.xml 2014-03-03 18:10 - 2014-03-03 09:12 - 00000000 ____D () C:\Users\Eduard\lmms 2014-03-03 09:18 - 2013-02-10 20:56 - 00000000 ____D () C:\Users\Eduard\AppData\Roaming\dvdcss 2014-03-03 09:13 - 2013-02-06 14:34 - 00000000 ____D () C:\users\Eduard 2014-03-03 09:05 - 2014-03-03 09:05 - 00000936 _____ () C:\Users\Eduard\Desktop\Linux MultiMedia Studio.lnk 2014-03-03 09:05 - 2014-03-03 09:04 - 00000000 ____D () C:\Program Files (x86)\LMMS 2014-03-03 09:03 - 2014-03-03 09:02 - 00401776 _____ (Softonic ) C:\Users\Eduard\Downloads\SoftonicDownloader_fuer_linux-multimedia-studio.exe 2014-03-03 08:58 - 2014-01-07 21:24 - 00000000 ____D () C:\Program Files (x86)\SecretSauce 2014-03-02 19:58 - 2013-02-06 17:20 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-03-01 20:42 - 2013-07-15 10:40 - 00000000 ____D () C:\Users\Eduard\AppData\Roaming\TS3Client 2014-03-01 02:21 - 2014-03-01 02:21 - 00319657 _____ () C:\Users\Eduard\Downloads\msvcr90.zip 2014-03-01 02:09 - 2014-03-01 02:09 - 00134662 _____ () C:\Windows\SysWOW64\libfaad2.dll.7z 2014-03-01 02:06 - 2014-03-01 02:06 - 00134662 _____ () C:\Program Files\libfaad2.dll.7z 2014-02-27 08:15 - 2010-04-01 12:00 - 00000000 ____D () C:\ProgramData\Adobe 2014-02-26 22:58 - 2013-09-12 08:08 - 01594964 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-02-25 14:50 - 2014-02-21 10:14 - 00374784 _____ () C:\Users\Eduard\Downloads\Längenkontraktion.ppt 2014-02-24 20:44 - 2013-02-26 16:58 - 00000000 ____D () C:\Users\Eduard\AppData\Local\Adobe 2014-02-24 20:44 - 2013-02-06 20:14 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-02-24 20:44 - 2013-02-06 20:14 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-02-24 20:44 - 2013-02-06 20:14 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-02-24 18:53 - 2013-02-11 13:04 - 00000000 ____D () C:\Users\Eduard\AppData\Local\Microsoft Games 2014-02-23 13:40 - 2014-01-07 21:29 - 00000000 ____D () C:\Users\Eduard\AppData\Local\genienext 2014-02-22 23:13 - 2013-04-22 10:14 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\vlc 2014-02-22 22:32 - 2013-04-22 10:16 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\dvdcss 2014-02-21 14:22 - 2014-02-21 14:21 - 16526616 _____ () C:\Users\Eduard\Downloads\Additional Poses for Pinup Poser With Picture Reference Folder-50998-V1-21.rar 2014-02-21 14:21 - 2014-02-21 14:21 - 00114046 _____ () C:\Users\Eduard\Downloads\Newest version see changelog-50225-1-3Beta.7z 2014-02-21 10:13 - 2014-02-21 10:13 - 00196217 _____ () C:\Users\Eduard\Downloads\Längenkontraktion.pptx 2014-02-17 10:41 - 2013-08-16 23:08 - 00000000 ____D () C:\Windows\System32\MRT 2014-02-17 10:38 - 2013-02-11 18:44 - 88567024 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe 2014-02-14 18:25 - 2014-01-18 16:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-02-14 10:27 - 2014-02-14 10:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox Some content of TEMP: ==================== C:\Users\Eduard\AppData\Local\Temp\SPSetup.exe C:\Users\Gast\AppData\Local\Temp\SPSetup.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 14% Total physical RAM: 3958.85 MB Available physical RAM: 3366.71 MB Total Pagefile: 3957 MB Available Pagefile: 3361.5 MB Total Virtual: 8192 MB Available Virtual: 8191.87 MB ==================== Drives ================================ Drive c: (WINDOWS) (Fixed) (Total:232.65 GB) (Free:30.46 GB) NTFS Drive d: (Data) (Fixed) (Total:232.72 GB) (Free:47.09 GB) NTFS Drive e: (SYSTEM) (Fixed) (Total:0.39 GB) (Free:0.18 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive f: (THE_DARK_KNIGHT) (CDROM) (Total:7.9 GB) (Free:0 GB) UDF Drive g: () (Removable) (Total:1.87 GB) (Free:1.87 GB) FAT Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 354B0B60) Partition 1: (Active) - (Size=400 MB) - (Type=27) Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=233 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 2 GB) (Disk ID: C99324F0) Partition: GPT Partition Type. LastRegBack: 2014-03-04 13:11 ==================== End Of Log ============================ --- --- --- Gruß Bartholomäus |
12.03.2014, 09:36 | #12 |
/// the machine /// TB-Ausbilder | Laptop hängt beim booten von Windows Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-04] (AVAST Software) S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-04] (AVAST Software) S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-24] (AVAST Software) S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-04] (AVAST Software) S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-04] (AVAST Software) S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-02-04] (AVAST Software) S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2013-12-28] ()
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
12.03.2014, 17:30 | #13 |
| Laptop hängt beim booten von Windows So hier ist die Datei Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-03-2014 01 Ran by SYSTEM at 2014-03-12 17:25:46 Run:2 Running from G:\ Boot Mode: Recovery ============================================== Content of fixlist: ***************** S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-04] (AVAST Software) S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-04] (AVAST Software) S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-24] (AVAST Software) S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-04] (AVAST Software) S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-04] (AVAST Software) S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-02-04] (AVAST Software) S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2013-12-28] () ***************** avast! Antivirus => Service deleted successfully. aswMonFlt => Service deleted successfully. aswRdr => Service deleted successfully. aswSnx => Service deleted successfully. aswSP => Service deleted successfully. aswStm => Service deleted successfully. aswVmm => Service deleted successfully. ==== End of Fixlog ==== Gruß Bartholomäus |
13.03.2014, 10:48 | #14 |
/// the machine /// TB-Ausbilder | Laptop hängt beim booten von Windows Das wird so nix. Win DVD da?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
13.03.2014, 17:52 | #15 |
| Laptop hängt beim booten von Windows Leider nein |
Themen zu Laptop hängt beim booten von Windows |
abgesicherten, aswrvrt.sys, avast, booten, bruder, computer, entfernen, ersteinmal, film, folge, folgendes, funktion, gestartet, hängt, konnte, laptop, laptop hängt, modus, neu, nichts, problem, programm, reparieren, starten, virus, window, windows |