![]() |
|
Plagegeister aller Art und deren Bekämpfung: Windows 7 gvu, pc gesperrtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() |
|
![]() | #1 |
![]() ![]() | ![]() Windows 7 gvu, pc gesperrt Hallo ihr Lieben, ich habe ein dickes Problem und bräuchte ganz dringend Hilfe. Mein Rechner ist gesperrt und ich kriege ihn noch nicht mal mehr im abgesicherten Modus richtig zum Laufen. Da steht zwischen durch was von gvu bla bla, bezahlen bla und dann wieder erscheint der Bildschirm weiß und es steht in blau, mittig "Konnte nicht geladen werden". Die Daten auf C sind lebenswichtig für mich, ich arbeite gerade an meiner Bachelorarbeit und 4wochen Arbeit wäre dann hinüber. Wäre unendlich dankbar wenn man das retten könnte. Habe leider keinen zweiten Rechner hier, schreibe vom Handy. Danke! |
![]() | #2 |
/// TB-Ausbilder ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Windows 7 gvu, pc gesperrt![]() Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Du brauchst einen anderen, sauberen Rechner (Nachbar, Freunde, Bekannte) und einen USB-Stick, dann kann ich dir helfen. ![]() Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8) Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil) |
![]() | #3 |
![]() ![]() | ![]() Windows 7 gvu, pc gesperrt Hallo Matthias! Danke das du mir helfen möchtest!
__________________Hab Glück im Unglück. Meine Nachbarin konnte mir ihren Laptop zur Verfügung stellen für 2 Std. Ich brauche die Daten die auf C sind. Ich hoffe sehr das man die noch retten kann. Danke! FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2014 Ran by SYSTEM on MININT-0V300CI on 28-04-2014 12:31:21 Running from K:\ Windows 7 Professional N Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor) HKLM\...\Run: [VIRTU_MVP_AUTORUN] => C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.Exe [3010336 2012-02-05] () HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [] => [X] Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\Lila\...\Run: [Google Update] => C:\Users\Lila\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-06-12] (Google Inc.) HKU\Lila\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\Lila\...\Winlogon: [Userinit] C:\Users\Lila\AppData\Roaming\loadit.exe [696696 2014-04-28] () HKU\Lila\...\Winlogon: [Shell] C:\Users\Lila\AppData\Roaming\loadit.exe [696696 2014-04-28] () <==== ATTENTION AppInit_DLLs: C:\Windows\System32\appinit_dll.dll => C:\Windows\System32\appinit_dll.dll [475424 2012-02-05] (Lucidlogix Inc.) AppInit_DLLs-x32: C:\Windows\SysWOW64\appinit_dll.dll => C:\Windows\SysWOW64\appinit_dll.dll [429856 2012-02-05] (Lucidlogix Inc.) Startup: C:\Users\Lila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk ShortcutTarget: AutoStarter.lnk -> H:\down\priester\priester.exe () Startup: C:\Users\Lila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk ShortcutTarget: ja.lnk -> (No File) ==================== Services (Whitelisted) ================= S2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] () S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [121344 2012-02-07] () S2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] () S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation) S2 TabletServiceWacom; C:\Windows\system32\Wacom_Tablet.exe [1908520 2007-09-07] (Wacom Technology, Corp.) S2 Time; C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe [10752 2014-02-17] (Microsoft) S2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [598808 2013-06-06] (Wacom Technology, Corp.) ==================== Drivers (Whitelisted) ==================== S0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology) S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-04-25] (Disc Soft Ltd) S3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] () S3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] () S3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] () S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2012-05-14] (Realtek Semiconductor Corporation ) S2 SecDrv; C:\Windows\SysWOW64\drivers\SECDRV.SYS [11376 2004-07-08] () S3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-04-28] () S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X] S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [X] S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-28 10:50 - 2014-04-28 10:53 - 00094656 _____ (CACE Technologies) C:\Windows\System32\WPRO_41_2001woem.tmp 2014-04-28 10:41 - 2014-04-28 10:41 - 00696696 _____ () C:\Users\Lila\AppData\Roaming\loadit.exe 2014-04-27 19:09 - 2014-04-27 21:15 - 00000000 ____D () C:\Users\Lila\Desktop\herrscher 2014-04-26 16:36 - 2014-04-27 20:05 - 00000000 ____D () C:\Users\Lila\Desktop\hohepriesterin 2014-04-25 20:55 - 2014-04-25 20:55 - 00000000 ____D () C:\ProgramData\Age of Empires 3 2014-04-25 20:53 - 2014-04-25 21:06 - 00107120 _____ () C:\Windows\msxml4-KB973688-enu.LOG 2014-04-25 20:53 - 2014-04-25 21:05 - 00323630 _____ () C:\Windows\msxml4-KB954430-enu.LOG 2014-04-25 20:45 - 2014-04-25 20:45 - 00283064 _____ (Disc Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys 2014-04-25 20:45 - 2014-04-25 20:45 - 00001954 _____ () C:\Users\Public\Desktop\DAEMON Tools Lite.lnk 2014-04-25 20:45 - 2014-04-25 20:45 - 00000000 ____D () C:\Users\Lila\AppData\Roaming\OpenCandy 2014-04-25 20:45 - 2014-04-25 20:45 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite 2014-04-25 20:44 - 2014-04-25 20:44 - 13429504 _____ (Disc Soft Ltd) C:\Users\Lila\Downloads\DTLite4491-0356.exe 2014-04-23 17:00 - 2014-04-23 17:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-04-16 19:37 - 2014-04-16 19:37 - 00000000 ____D () C:\Users\Lila\Desktop\Adobe 2014-04-16 19:34 - 2014-04-26 14:33 - 00000000 ____D () C:\Users\Lila\Desktop\texte 2014-04-15 13:21 - 2014-04-16 22:35 - 00000000 ____D () C:\Users\Lila\Desktop\magier 2014-04-15 12:00 - 2014-04-15 12:00 - 34142193 _____ () C:\Users\Lila\Desktop\herrscher.psd 2014-04-15 09:39 - 2014-04-15 09:40 - 00000000 ____D () C:\Users\Lila\Desktop\narr_bilder 2014-04-12 20:23 - 2014-04-12 20:23 - 01088076 _____ () C:\Users\Lila\Documents\IMG_20140412_0002.tif 2014-04-09 21:45 - 2014-04-09 21:45 - 00002289 _____ () C:\Users\Lila\Desktop\Strange Cases The Tarot Card Mystery.lnk 2014-04-09 21:45 - 2014-04-09 21:45 - 00000000 ____D () C:\Users\Lila\AppData\Roaming\SulusGames 2014-04-09 21:45 - 2014-04-09 21:45 - 00000000 ____D () C:\ProgramData\SulusGames 2014-04-09 21:45 - 2014-04-09 21:45 - 00000000 ____D () C:\Program Files (x86)\Games 2014-04-09 18:53 - 2014-04-15 09:39 - 00000000 ____D () C:\Users\Lila\Desktop\tarotdecks 2014-04-09 18:11 - 2014-04-16 19:35 - 00000000 ____D () C:\Users\Lila\Desktop\inspiration 2014-04-09 18:11 - 2014-04-09 18:11 - 00000000 ____D () C:\Users\Lila\Desktop\rohre 2014-04-09 12:27 - 2014-04-23 12:32 - 00000000 ____D () C:\Users\Lila\Desktop\narr 2014-04-09 12:04 - 2014-03-31 02:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2014-04-09 12:04 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2014-04-09 12:04 - 2014-03-31 01:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-09 12:04 - 2014-03-31 00:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-09 12:04 - 2014-03-04 10:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll 2014-04-09 12:04 - 2014-03-04 10:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll 2014-04-09 12:04 - 2014-03-04 10:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll 2014-04-09 12:04 - 2014-03-04 10:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll 2014-04-09 12:04 - 2014-03-04 10:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll 2014-04-09 12:04 - 2014-03-04 10:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2014-04-09 12:04 - 2014-03-04 10:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-04-09 12:04 - 2014-03-04 10:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2014-04-09 12:04 - 2014-03-04 10:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2014-04-09 12:04 - 2014-03-04 09:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2014-04-09 12:04 - 2014-03-04 09:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2014-04-09 12:04 - 2014-02-04 03:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msiscsi.sys 2014-04-09 12:04 - 2014-02-04 03:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys 2014-04-09 12:04 - 2014-02-04 03:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys 2014-04-09 12:04 - 2014-02-04 03:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\iologmsg.dll 2014-04-09 12:04 - 2014-02-04 03:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll 2014-04-09 12:04 - 2014-01-24 03:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys 2014-04-06 17:45 - 2014-04-06 17:45 - 00002487 _____ () C:\Users\Lila\Downloads\E-Mail.txt ==================== One Month Modified Files and Folders ======= 2014-04-28 12:31 - 2013-08-12 10:15 - 00000000 ____D () C:\FRST 2014-04-28 10:53 - 2014-04-28 10:50 - 00094656 _____ (CACE Technologies) C:\Windows\System32\WPRO_41_2001woem.tmp 2014-04-28 10:53 - 2013-08-12 21:58 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-28 10:53 - 2013-03-01 17:40 - 00034752 _____ () C:\Windows\System32\Drivers\WPRO_41_2001.sys 2014-04-28 10:53 - 2013-03-01 17:38 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job 2014-04-28 10:53 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-28 10:53 - 2009-07-14 05:56 - 00076661 _____ () C:\Windows\setupact.log 2014-04-28 10:51 - 2013-06-12 12:00 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2891719752-1434430305-2529905461-1000UA.job 2014-04-28 10:49 - 2011-04-12 09:14 - 00699258 _____ () C:\Windows\System32\perfh007.dat 2014-04-28 10:49 - 2011-04-12 09:14 - 00149398 _____ () C:\Windows\System32\perfc007.dat 2014-04-28 10:49 - 2009-07-14 06:12 - 01619976 _____ () C:\Windows\System32\PerfStringBackup.INI 2014-04-28 10:48 - 2013-03-01 17:30 - 01207032 _____ () C:\Windows\WindowsUpdate.log 2014-04-28 10:48 - 2010-11-21 04:47 - 00353938 _____ () C:\Windows\PFRO.log 2014-04-28 10:48 - 2009-07-14 05:50 - 00020112 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-28 10:48 - 2009-07-14 05:50 - 00020112 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-28 10:41 - 2014-04-28 10:41 - 00696696 _____ () C:\Users\Lila\AppData\Roaming\loadit.exe 2014-04-28 10:41 - 2013-03-07 19:46 - 00003906 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{AE5A86A8-D88D-40C8-AA45-438AD91DF71B} 2014-04-28 10:36 - 2013-05-02 19:01 - 00000000 ____D () C:\Users\Lila\AppData\Local\CrashDumps 2014-04-28 10:36 - 2013-03-22 20:17 - 00000000 ____D () C:\Users\Lila\AppData\Roaming\UseNeXT 2014-04-28 10:15 - 2013-08-12 21:58 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-27 21:15 - 2014-04-27 19:09 - 00000000 ____D () C:\Users\Lila\Desktop\herrscher 2014-04-27 21:15 - 2014-03-24 11:48 - 00000000 ____D () C:\Users\Lila\Desktop\karten 2014-04-27 21:15 - 2013-12-22 17:22 - 00002076 _____ () C:\Users\Lila\Desktop\musii.txt 2014-04-27 20:05 - 2014-04-26 16:36 - 00000000 ____D () C:\Users\Lila\Desktop\hohepriesterin 2014-04-26 15:26 - 2013-03-01 17:38 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job 2014-04-26 14:33 - 2014-04-16 19:34 - 00000000 ____D () C:\Users\Lila\Desktop\texte 2014-04-25 21:42 - 2013-05-15 19:43 - 00000000 ____D () C:\Users\Lila\AppData\Roaming\vlc 2014-04-25 21:06 - 2014-04-25 20:53 - 00107120 _____ () C:\Windows\msxml4-KB973688-enu.LOG 2014-04-25 21:05 - 2014-04-25 20:53 - 00323630 _____ () C:\Windows\msxml4-KB954430-enu.LOG 2014-04-25 20:55 - 2014-04-25 20:55 - 00000000 ____D () C:\ProgramData\Age of Empires 3 2014-04-25 20:55 - 2013-03-03 15:01 - 00000000 ____D () C:\Users\Lila\Documents\My Games 2014-04-25 20:48 - 2013-08-13 18:25 - 00000000 ____D () C:\Program Files\Adobe 2014-04-25 20:48 - 2013-03-05 14:16 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2014-04-25 20:45 - 2014-04-25 20:45 - 00283064 _____ (Disc Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys 2014-04-25 20:45 - 2014-04-25 20:45 - 00001954 _____ () C:\Users\Public\Desktop\DAEMON Tools Lite.lnk 2014-04-25 20:45 - 2014-04-25 20:45 - 00000000 ____D () C:\Users\Lila\AppData\Roaming\OpenCandy 2014-04-25 20:45 - 2014-04-25 20:45 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite 2014-04-25 20:44 - 2014-04-25 20:44 - 13429504 _____ (Disc Soft Ltd) C:\Users\Lila\Downloads\DTLite4491-0356.exe 2014-04-25 20:27 - 2013-03-09 15:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-04-23 17:00 - 2014-04-23 17:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-04-23 12:32 - 2014-04-09 12:27 - 00000000 ____D () C:\Users\Lila\Desktop\narr 2014-04-23 11:50 - 2013-12-11 11:48 - 00000576 _____ () C:\Users\Lila\Desktop\film.txt 2014-04-16 22:35 - 2014-04-15 13:21 - 00000000 ____D () C:\Users\Lila\Desktop\magier 2014-04-16 19:38 - 2013-03-01 19:46 - 00000000 ____D () C:\ProgramData\Adobe 2014-04-16 19:37 - 2014-04-16 19:37 - 00000000 ____D () C:\Users\Lila\Desktop\Adobe 2014-04-16 19:37 - 2013-03-01 19:47 - 00000000 ____D () C:\Users\Lila\AppData\Roaming\Adobe 2014-04-16 19:35 - 2014-04-09 18:11 - 00000000 ____D () C:\Users\Lila\Desktop\inspiration 2014-04-15 12:00 - 2014-04-15 12:00 - 34142193 _____ () C:\Users\Lila\Desktop\herrscher 2014-04-15 10:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-04-15 09:40 - 2014-04-15 09:39 - 00000000 ____D () C:\Users\Lila\Desktop\narr_bilder 2014-04-15 09:39 - 2014-04-09 18:53 - 00000000 ____D () C:\Users\Lila\Desktop\tarotdecks 2014-04-12 20:25 - 2013-04-06 15:37 - 00000000 ____D () C:\ProgramData\CanonIJPLM 2014-04-12 20:23 - 2014-04-12 20:23 - 01088076 _____ () C:\Users\Lila\Documents\IMG_20140412_0002.tif 2014-04-09 22:28 - 2013-09-02 14:59 - 00000000 ____D () C:\Windows\System32\MRT 2014-04-09 22:28 - 2013-03-01 17:57 - 90655440 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe 2014-04-09 21:45 - 2014-04-09 21:45 - 00002289 _____ () C:\Users\Lila\Desktop\Strange Cases The Tarot Card Mystery.lnk 2014-04-09 21:45 - 2014-04-09 21:45 - 00000000 ____D () C:\Users\Lila\AppData\Roaming\SulusGames 2014-04-09 21:45 - 2014-04-09 21:45 - 00000000 ____D () C:\ProgramData\SulusGames 2014-04-09 21:45 - 2014-04-09 21:45 - 00000000 ____D () C:\Program Files (x86)\Games 2014-04-09 18:58 - 2013-10-30 00:04 - 00000000 ____D () C:\Users\Lila\AppData\Local\Windows Live 2014-04-09 18:11 - 2014-04-09 18:11 - 00000000 ____D () C:\Users\Lila\Desktop\rohre 2014-04-06 17:45 - 2014-04-06 17:45 - 00002487 _____ () C:\Users\Lila\Downloads\E-Mail.txt 2014-04-06 01:51 - 2013-06-12 12:00 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2891719752-1434430305-2529905461-1000Core.job 2014-04-06 01:46 - 2013-06-12 12:00 - 00004084 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2891719752-1434430305-2529905461-1000UA 2014-04-06 01:46 - 2013-06-12 12:00 - 00003688 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2891719752-1434430305-2529905461-1000Core 2014-04-05 20:10 - 2013-08-12 21:58 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-04-05 20:10 - 2013-08-12 21:58 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-03-31 08:35 - 2010-11-21 04:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe 2014-03-31 02:16 - 2014-04-09 12:04 - 23134208 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2014-03-31 02:13 - 2014-04-09 12:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2014-03-31 01:13 - 2014-04-09 12:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-31 00:57 - 2014-04-09 12:04 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll Some content of TEMP: ==================== C:\Users\Lila\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe C:\Users\Lila\AppData\Local\Temp\FP_PL_MSI_INSTALLER.exe C:\Users\Lila\AppData\Local\Temp\_is44BD.exe C:\Users\Lila\AppData\Local\Temp\_is7458.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2014-04-09 12:04:21 Restore point made on: 2014-04-09 22:28:11 Restore point made on: 2014-04-15 09:11:28 Restore point made on: 2014-04-16 19:38:05 Restore point made on: 2014-04-22 20:34:36 Restore point made on: 2014-04-25 20:45:40 Restore point made on: 2014-04-25 20:45:45 Restore point made on: 2014-04-25 20:46:25 Restore point made on: 2014-04-25 20:48:20 ==================== Memory info =========================== Percentage of memory in use: 7% Total physical RAM: 16268.42 MB Available physical RAM: 15080.25 MB Total Pagefile: 16266.62 MB Available Pagefile: 15076.88 MB Total Virtual: 8192 MB Available Virtual: 8191.89 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:111.69 GB) (Free:14.79 GB) NTFS Drive d: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive e: (Ablage) (Fixed) (Total:10 GB) (Free:1.32 GB) NTFS Drive f: (Datensammlung) (Fixed) (Total:50.01 GB) (Free:7.45 GB) NTFS Drive g: (Musik) (Fixed) (Total:100.01 GB) (Free:94.05 GB) NTFS Drive h: (Down) (Fixed) (Total:305.74 GB) (Free:57.88 GB) NTFS Drive k: (LILA) (Removable) (Total:7.53 GB) (Free:7.53 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (Volume) (Fixed) (Total:931.51 GB) (Free:752.36 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: E792C529) Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 862E84D4) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=112 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (Size: 466 GB) (Disk ID: 086D086C) Partition 1: (Active) - (Size=10 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=456 GB) - (Type=05) ======================================================== Disk: 3 (MBR Code: Windows XP) (Size: 8 GB) (Disk ID: 23BEEECB) Partition 1: (Active) - (Size=8 GB) - (Type=0B) LastRegBack: 2014-04-23 14:23 ==================== End Of Log ============================ --- --- --- Geändert von joycelle (28.04.2014 um 12:22 Uhr) |
![]() | #4 |
/// TB-Ausbilder ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Windows 7 gvu, pc gesperrt Servus, ok, deine Daten sollten nicht gefährdet sein. Zuerst müssen wir auf einem sauberen Rechner den Fix erstellen. Das geht so: Drücke bitte die ![]() Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start HKU\Lila\...\Winlogon: [Userinit] C:\Users\Lila\AppData\Roaming\loadit.exe [696696 2014-04-28] () HKU\Lila\...\Winlogon: [Shell] C:\Users\Lila\AppData\Roaming\loadit.exe [696696 2014-04-28] () <==== ATTENTION C:\Users\Lila\AppData\Roaming\loadit.exe Startup: C:\Users\Lila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk ShortcutTarget: ja.lnk -> (No File) end
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier. Bitte berichte mir, ob du nach dem Fix deinen Rechner wieder normal starten kannst! Wir sind dann aber noch nicht fertig! |
![]() | #5 |
![]() ![]() | ![]() Windows 7 gvu, pc gesperrt Der Rechner ist jetzt problemlos hochgefahren!! ![]() ![]() Vielen Dank schon Mal bis hier hin!!! Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-04-2014 Ran by SYSTEM at 2014-04-28 13:52:58 Run:1 Running from K:\ Boot Mode: Recovery ============================================== Content of fixlist: ***************** start HKU\Lila\...\Winlogon: [Userinit] C:\Users\Lila\AppData\Roaming\loadit.exe [696696 2014-04-28] () HKU\Lila\...\Winlogon: [Shell] C:\Users\Lila\AppData\Roaming\loadit.exe [696696 2014-04-28] () <==== ATTENTION C:\Users\Lila\AppData\Roaming\loadit.exe Startup: C:\Users\Lila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk ShortcutTarget: ja.lnk -> (No File) end ***************** HKU\Lila\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => Value deleted successfully. HKU\Lila\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully. C:\Users\Lila\AppData\Roaming\loadit.exe => Moved successfully. C:\Users\Lila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk => Moved successfully. ShortcutTarget: ja.lnk -> (No File) not found. ==== End of Fixlog ==== |
![]() | #6 |
/// TB-Ausbilder ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Windows 7 gvu, pc gesperrt Servus, sehr gut. ![]() ok, damit ich einen besseren Überblick bekomme, FRST direkt vom infizierten Rechner auf den Desktop downloaden und von dort neu starten: Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: ![]() (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
|
![]() |