|
Plagegeister aller Art und deren Bekämpfung: Pc fährt nach Neustart nicht mehr hoch,zeit nur kryptische ZeichenketteWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
20.02.2015, 20:22 | #16 | ||
/// Winkelfunktion /// TB-Süch-Tiger™ | Pc fährt nach Neustart nicht mehr hoch,zeit nur kryptische Zeichenkette Zum Thema zusammenreimen: Zitat:
Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
20.02.2015, 20:32 | #17 |
/// Malwareteam | Pc fährt nach Neustart nicht mehr hoch,zeit nur kryptische Zeichenkette ich hab da mal ne kurze Frage... Cosinus machst du das jetzt hier ??? Ich hab das Thema eigendlich noch in Arbeit
__________________Versuchen wir mal folgendes: den Punkt Windows CD solltest du einmal versuchen... Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8) Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
__________________ Geändert von Aneri (20.02.2015 um 20:38 Uhr) |
20.02.2015, 20:39 | #18 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Pc fährt nach Neustart nicht mehr hoch,zeit nur kryptische Zeichenkette Ich wollte mich eigentlich nur kurz einklinken weil es nach der Fehlerbeschreibung eher nach einem Hardwaredefekt aussah
__________________Sunny-Melone hat's ja aber selber wieder hingekriegt...wie auch immer was für Formate umgewandelt worden...du kannst ja gerne jetzt weitermachen mit FRST und Co
__________________ |
20.02.2015, 20:49 | #19 |
/// the machine /// TB-Ausbilder | Pc fährt nach Neustart nicht mehr hoch,zeit nur kryptische Zeichenkette trotzdem kein Grund sich in einen laufenden Thread einzumischen. In diesen beiden Foren postet EINER in das Thema, ist das Thema bereits in Arbeit, bleibt man aus dem Thema raus. @Aneri weiter machen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
24.02.2015, 11:53 | #20 |
| Pc fährt nach Neustart nicht mehr hoch,zeit nur kryptische Zeichenkette vieln dank ihr beiden, aber der rechner geht im moment ich mag da jetzt nicht dran rumspielen. lg sunny |
24.02.2015, 12:58 | #21 |
/// Malwareteam | Pc fährt nach Neustart nicht mehr hoch,zeit nur kryptische Zeichenkette Schade dass du deinen Rechner nicht bereinigen willst. Er kann danach nur stabiler laufen
__________________ --> Pc fährt nach Neustart nicht mehr hoch,zeit nur kryptische Zeichenkette |
24.02.2015, 13:26 | #22 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Pc fährt nach Neustart nicht mehr hoch,zeit nur kryptische Zeichenkette Vllt hätte man in den FRST-Logs auch mal Hinweise auf die Ursache des Zeichensalats gefunden...
__________________ Logfiles bitte immer in CODE-Tags posten |
24.02.2015, 16:58 | #23 |
| Pc fährt nach Neustart nicht mehr hoch,zeit nur kryptische ZeichenketteNeustart gleiches Problem,also doch reinigen,eines weiß ich mit Sicherheit,nach der Reinigung wird der Computer vernagelt für die Familie hier das logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2015 01 Ran by SYSTEM on MININT-2D7NC68 on 24-02-2015 16:46:01 Running from P:\ Platform: Windows 7 Professional (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log. Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe [1575192 2013-09-27] (Bitdefender) HKLM\...\Run: [NUSB3MON] => C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe [97280 2012-04-11] (Advanced Micro Devices, Inc.) HKLM\...\Run: [OODefragTray] => C:\Windows\system32\oodtray.exe [3805704 2007-05-11] (O&O Software GmbH) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Skiller Pro] => C:\Program Files (x86)\Skiller Pro\Monitor.exe [475136 2014-02-26] () HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2014-03-18] (shbox.de) HKLM\...26dfa299cadb\InprocServer32: [Authentication UI Logon UI] authuitu.dll <==== ATTENTION! HKLM\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\Sherlock Holmes\...\Run: [SandboxieControl] => "d:\Program Files\Sandboxie\SbieCtrl.exe" HKU\Sherlock Holmes\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\Sherlock Holmes\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 BootExecute: autocheck autochk * OODBS ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-09-15] (Advanced Micro Devices, Inc.) S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [69392 2013-08-07] (Bitdefender) S2 O&O Defrag; C:\Windows\system32\oodag.exe [1418248 2007-05-11] (O&O Software GmbH) S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [239176 2013-02-19] (Realtek Semiconductor) S2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [95184 2012-06-25] (Bitdefender) S2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe [67320 2013-08-07] (Bitdefender) S2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe [1645256 2013-09-30] (Bitdefender) S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S4 AHDDC2; C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe [X] S2 MBAMScheduler; "d:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe" [X] S2 MBAMService; "d:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe" [X] S2 SbieSvc; "d:\Program Files\Sandboxie\SbieSvc.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11904 2014-10-31] (Advanced Micro Devices Inc.) S0 amdkmafd; C:\Windows\System32\DRIVERS\amdkmafd.sys [21160 2014-11-04] (Advanced Micro Devices, Inc.) S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) S3 AsrDrv101; C:\Windows\SysWOW64\Drivers\AsrDrv101.sys [22280 2014-08-16] (ASRock Incorporation) S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2014-09-14] () S0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [727592 2013-07-19] (BitDefender) S3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender) S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [601360 2013-07-19] (BitDefender) S1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2013-02-22] (BitDefender LLC) S1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC) S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-07-23] (BitDefender SRL) S1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [76944 2012-04-17] (BitDefender) S3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-09-01] (Disc Soft Ltd) S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] () S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14920 2013-03-07] () S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] () S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () S3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [77480 2014-08-16] (Fresco Logic) S0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC) S3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [129224 2013-07-18] (Qualcomm Atheros Co., Ltd.) S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2014-09-14] () S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-24] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) S0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] () S5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [465624 2014-01-03] (Realsil Semiconductor Corporation) S0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [389240 2013-08-07] (BitDefender S.R.L.) S1 ISODrive; \??\D:\UltraISO\drivers\ISODrv64.sys [X] S3 SbieDrv; \??\d:\Program Files\Sandboxie\SbieDrv.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-24 16:45 - 2015-02-24 16:46 - 00000000 ____D () C:\FRST 2015-02-24 15:26 - 2015-02-24 15:44 - 00000000 ____D () C:\Users\Sherlock Holmes\.VirtualBox 2015-02-24 15:25 - 2015-02-24 15:25 - 00001084 _____ () C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk 2015-02-24 15:25 - 2013-04-12 11:41 - 00237840 _____ (Oracle Corporation) C:\Windows\System32\Drivers\VBoxDrv.sys 2015-02-24 15:25 - 2013-04-12 11:40 - 00120080 _____ (Oracle Corporation) C:\Windows\System32\Drivers\VBoxUSBMon.sys 2015-02-24 15:24 - 2015-02-24 15:24 - 00000000 ____D () C:\Program Files\Oracle 2015-02-24 15:22 - 2015-02-24 15:37 - 00000000 ____D () C:\VirtualBox 2015-02-24 15:21 - 2015-02-24 15:21 - 00000000 ____D () C:\Austausch 2015-02-20 19:03 - 2015-02-20 19:03 - 00000861 _____ () C:\Users\Public\Desktop\EaseUS Data Recovery Wizard 8.6.lnk 2015-02-20 14:54 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\System32\perftrack.dll 2015-02-20 14:54 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\System32\wdi.dll 2015-02-20 14:54 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\System32\powertracker.dll 2015-02-20 14:54 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll 2015-02-20 14:28 - 2015-02-20 14:28 - 00000000 ____D () C:\Users\Sherlock Holmes\AppData\Temp 2015-02-20 14:14 - 2015-02-20 15:26 - 00002659 _____ () C:\Windows\System32\oodbs.lor 2015-02-19 18:13 - 2015-02-19 18:13 - 00000000 ____D () C:\Users\Sherlock Holmes\Calibre Library 2015-02-18 20:52 - 2015-02-18 20:52 - 00000000 _____ () C:\Windows\oodcnt.INI 2015-02-18 16:35 - 2015-02-18 18:41 - 00000000 ____D () C:\Windows\System32\oodag 2015-02-18 16:23 - 2015-02-18 16:23 - 00000000 ____D () C:\Users\Sherlock Holmes\Documents\O&O 2015-02-18 16:22 - 2015-02-18 16:22 - 00002068 _____ () C:\Users\Public\Desktop\O&O Defrag.lnk 2015-02-18 16:22 - 2015-02-18 16:22 - 00000000 ____D () C:\Program Files\OO Software 2015-02-18 15:05 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll 2015-02-18 15:05 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2015-02-18 15:05 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-02-18 15:05 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-02-18 14:57 - 2015-02-18 14:58 - 00002481 ____H () C:\Windows\EPMBatch.ept 2015-02-18 11:29 - 2015-02-18 11:29 - 00000991 _____ () C:\Users\Public\Desktop\EaseUS Partition Master 10.1.lnk 2015-02-18 11:28 - 2014-04-04 00:42 - 03382440 _____ () C:\Windows\System32\BootMan.exe 2015-02-18 11:28 - 2014-04-04 00:25 - 02499752 _____ () C:\Windows\SysWOW64\BootMan.exe 2015-02-18 11:28 - 2013-03-07 09:49 - 00100936 _____ () C:\Windows\System32\setupempdrvx64.exe 2015-02-18 11:28 - 2013-03-07 09:49 - 00087112 _____ () C:\Windows\SysWOW64\setupempdrv03.exe 2015-02-18 11:28 - 2013-03-07 09:49 - 00019840 _____ () C:\Windows\SysWOW64\EuEpmGdi.dll 2015-02-18 11:28 - 2013-03-07 09:49 - 00017480 _____ () C:\Windows\System32\epmntdrv.sys 2015-02-18 11:28 - 2013-03-07 09:49 - 00016256 _____ () C:\Windows\System32\EuEpmGdi.dll 2015-02-18 11:28 - 2013-03-07 09:49 - 00014920 _____ () C:\Windows\SysWOW64\epmntdrv.sys 2015-02-18 11:28 - 2013-03-07 09:49 - 00009800 _____ () C:\Windows\System32\EuGdiDrv.sys 2015-02-18 11:28 - 2013-03-07 09:49 - 00009160 _____ () C:\Windows\SysWOW64\EuGdiDrv.sys 2015-02-17 21:29 - 2015-02-22 15:09 - 00000000 ____D () C:\Users\Sherlock Holmes\Documents\MEMENTO 2015-02-17 16:18 - 2015-02-17 16:18 - 00000725 _____ () C:\Users\Sherlock Holmes\Desktop\Memento Mori.lnk 2015-02-17 16:08 - 2015-02-17 16:08 - 00335288 _____ (Protect Software GmbH) C:\Windows\System32\Drivers\acedrv11.sys 2015-02-17 16:08 - 2015-02-17 16:08 - 00004096 _____ () C:\Users\Public\Documents\00000A51.LCS 2015-02-17 16:05 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll 2015-02-17 16:05 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_2.dll 2015-02-17 16:05 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_1.dll 2015-02-17 16:05 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll 2015-02-17 16:05 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_2.dll 2015-02-17 16:05 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll 2015-02-17 16:05 - 2008-07-12 08:18 - 04992520 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_39.dll 2015-02-17 16:05 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll 2015-02-17 16:05 - 2008-07-12 08:18 - 01942552 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_39.dll 2015-02-17 16:05 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll 2015-02-17 16:05 - 2008-07-12 08:18 - 00540688 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_39.dll 2015-02-17 16:05 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll 2015-02-17 16:03 - 2015-02-17 16:04 - 00017627 _____ () C:\Windows\DirectX.log 2015-02-17 15:36 - 2015-02-17 15:36 - 00002921 _____ () C:\Windows\PWCMDLST.BAK 2015-02-17 15:06 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll 2015-02-17 15:06 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-02-17 15:06 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2015-02-17 15:06 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2015-02-17 15:06 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll 2015-02-17 15:06 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2015-02-17 15:06 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2015-02-17 15:06 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2015-02-17 15:06 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll 2015-02-17 15:06 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll 2015-02-17 15:06 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2015-02-17 15:06 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2015-02-17 15:06 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2015-02-17 15:06 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2015-02-17 15:06 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe 2015-02-17 15:06 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-02-17 15:06 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe 2015-02-17 15:06 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-02-17 15:06 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll 2015-02-17 15:06 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll 2015-02-17 15:06 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-02-17 15:06 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll 2015-02-17 15:06 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2015-02-17 15:06 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-02-17 15:06 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-02-17 15:06 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-02-17 15:06 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll 2015-02-17 15:06 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-02-17 15:06 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-02-17 15:06 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-02-17 15:06 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-02-17 15:06 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-02-17 15:06 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2015-02-17 15:06 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2015-02-17 15:06 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2015-02-17 15:06 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll 2015-02-17 15:06 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-02-17 15:06 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2015-02-17 15:06 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-02-17 15:06 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-02-17 15:06 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-02-17 15:06 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-02-17 15:06 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2015-02-17 15:06 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-02-17 15:06 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-02-17 15:06 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-02-17 15:06 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-02-17 15:06 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2015-02-17 15:06 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2015-02-17 15:06 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-02-17 15:06 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-02-17 15:06 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-02-17 15:05 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\System32\appraiser.dll 2015-02-17 15:05 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\System32\invagent.dll 2015-02-17 15:05 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll 2015-02-17 15:05 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\System32\devinv.dll 2015-02-17 15:05 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll 2015-02-17 15:05 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\System32\aepic.dll 2015-02-17 15:05 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll 2015-02-17 15:05 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\System32\aitstatic.exe 2015-02-17 15:05 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2015-02-17 15:05 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2015-02-17 15:04 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2015-02-17 15:04 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2015-02-17 15:04 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll 2015-02-17 15:04 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll 2015-02-17 15:04 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe 2015-02-17 15:04 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll 2015-02-17 15:04 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll 2015-02-17 15:04 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\System32\auditpol.exe 2015-02-17 15:04 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll 2015-02-17 15:04 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\msobjs.dll 2015-02-17 15:04 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll 2015-02-17 15:04 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-02-17 15:04 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-02-17 15:04 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-02-17 15:04 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-02-17 15:04 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-02-17 15:04 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-02-17 15:04 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2015-02-17 15:04 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2015-02-17 15:04 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll 2015-02-17 15:04 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\System32\srclient.dll 2015-02-17 15:04 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\rstrui.exe 2015-02-17 15:04 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-02-17 15:04 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-02-17 15:04 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-02-17 15:04 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll 2015-02-17 15:04 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll 2015-02-17 15:04 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll 2015-02-17 15:04 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2015-02-17 15:04 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll 2015-02-17 15:04 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll 2015-02-17 15:04 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll 2015-02-17 15:04 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-02-17 15:04 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-02-17 15:04 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-02-17 15:04 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-02-17 15:04 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-02-17 15:04 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-02-17 15:04 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-02-17 15:03 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll 2015-02-17 15:03 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2015-02-17 15:03 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\System32\scesrv.dll 2015-02-17 15:03 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll 2015-02-17 15:03 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\System32\oleaut32.dll 2015-02-17 15:03 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2015-02-17 14:58 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys 2015-02-16 17:01 - 2015-01-14 11:28 - 03066880 _____ () C:\Windows\System32\pwNative.exe 2015-02-16 17:01 - 2013-09-30 16:26 - 00019152 ____N () C:\Windows\System32\pwdrvio.sys 2015-02-16 17:01 - 2013-09-30 16:26 - 00012504 ____N () C:\Windows\System32\pwdspio.sys 2015-02-16 17:00 - 2015-02-16 17:00 - 00000846 _____ () C:\Users\Public\Desktop\MiniTool Partition Wizard Free.lnk 2015-02-16 15:29 - 2015-02-16 15:29 - 00000000 ____D () C:\Users\Sherlock Holmes\AppData\Roaming\FreeFLVConverter 2015-02-16 15:29 - 2011-09-22 11:05 - 00364544 _____ () C:\Windows\SysWOW64\PropertyGrid.ocx 2015-02-16 15:29 - 2011-09-22 11:05 - 00208500 _____ () C:\Windows\SysWOW64\ReyXpBasics.tlb 2015-02-16 15:29 - 2011-09-22 11:05 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCFR.DLL 2015-02-16 15:29 - 2011-09-22 11:05 - 00119568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6FR.DLL 2015-02-16 15:29 - 2011-09-22 11:05 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6STKIT.DLL 2015-02-16 15:29 - 2011-09-22 11:05 - 00084512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PICCLP32.OCX 2015-02-16 15:29 - 2011-09-22 11:05 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CMDLGFR.DLL 2015-02-16 15:29 - 2011-09-22 11:05 - 00024576 _____ () C:\Windows\SysWOW64\ControlSubX.ocx 2015-02-16 15:29 - 2011-09-22 11:05 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCCLPFR.DLL 2015-02-16 15:28 - 2015-02-17 01:42 - 00000000 ____D () C:\Program Files (x86)\Free FLV Converter 2015-02-15 18:15 - 2015-02-15 18:15 - 00000000 ____D () C:\ProgramData\rokapublish 2015-02-15 18:03 - 2015-02-15 18:03 - 00000000 ____D () C:\ProgramData\Solidshield 2015-02-15 15:01 - 2015-02-15 15:01 - 00034816 ___SH () C:\Users\Sherlock Holmes\Documents\Thumbs.db 2015-02-15 15:00 - 2014-12-24 18:46 - 00000326 _____ () C:\Users\Sherlock Holmes\Documents\Verknüpfung mit Recycled.lnk 2015-02-15 15:00 - 2013-10-27 09:06 - 04156350 _____ () C:\Users\Sherlock Holmes\Documents\Scannen0001.bmp 2015-02-15 15:00 - 2013-10-27 09:04 - 04157110 _____ () C:\Users\Sherlock Holmes\Documents\Scannen0001.bmp.orig 2015-02-15 14:59 - 2015-02-15 14:59 - 00000000 ____D () C:\Users\Sherlock Holmes\Documents\Bewerbung_Aktuell_2014 2015-02-15 14:59 - 2014-08-08 14:55 - 1114717902 _____ (n/a) C:\Users\Sherlock Holmes\Documents\Grim Tales - Die Vergeltung Sammleredition.exe 2015-02-14 18:56 - 2015-02-14 18:56 - 00000000 ____D () C:\Users\Sherlock Holmes\AppData\Roaming\FinewayStudios 2015-02-13 20:23 - 2015-02-13 20:23 - 00000000 ____D () C:\Users\Sherlock Holmes\AppData\Roaming\ERS G-Studio 2015-02-10 20:27 - 2015-02-10 20:27 - 00000000 ____D () C:\Users\Sherlock Holmes\AppData\Roaming\VendelGAMES 2015-02-10 20:12 - 2015-02-10 20:12 - 00000000 ____D () C:\Users\Sherlock Holmes\AppData\Roaming\EleFun Games 2015-02-10 19:13 - 2015-02-10 19:13 - 00000000 ____D () C:\Users\Sherlock Holmes\AppData\Roaming\Frogwares 2015-02-10 18:42 - 2015-02-10 18:42 - 00000000 ____D () C:\Users\Sherlock Holmes\AppData\Roaming\IsolatedStorage 2015-02-10 18:42 - 2015-02-10 18:42 - 00000000 ____D () C:\Users\Sherlock Holmes\AppData\Roaming\DigitalVolcano 2015-02-10 18:42 - 2015-02-10 18:42 - 00000000 ____D () C:\ProgramData\IsolatedStorage 2015-02-10 12:49 - 2015-02-10 12:49 - 00000000 ____D () C:\Users\Sherlock Holmes\Documents\HP Photosmart Projects 2015-02-10 12:48 - 2015-02-10 12:48 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia 2015-02-10 12:48 - 2015-02-10 12:48 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia 2015-02-07 16:12 - 2015-01-09 15:11 - 00046075 _____ () C:\Users\Sherlock Holmes\Documents\Wunschserien.docx.lnk 2015-02-07 16:12 - 2014-09-14 11:37 - 00000083 _____ () C:\Users\Sherlock Holmes\Documents\dc addy.txt 2015-02-07 09:39 - 2015-02-20 15:27 - 00000000 ____D () C:\Users\Sherlock Holmes\AppData\Local\FreePDF_XP 2015-02-07 09:34 - 2015-02-07 09:34 - 00000000 ____D () C:\ProgramData\FreePDF 2015-02-07 09:34 - 2015-02-07 09:34 - 00000000 ____D () C:\Program Files (x86)\FreePDF_XP 2015-02-07 09:34 - 2012-06-21 07:25 - 00113152 _____ () C:\Windows\System32\redmon64.dll 2015-02-07 09:34 - 2012-06-21 07:25 - 00044032 _____ () C:\Windows\System32\unredmon64.exe 2015-02-07 09:34 - 2012-06-21 07:25 - 00028435 _____ () C:\Windows\System32\redmon.chm 2015-02-07 09:31 - 2015-02-07 09:31 - 00000000 ____D () C:\Program Files\gs 2015-02-07 09:25 - 2015-02-07 09:25 - 00000135 _____ () C:\Windows\SysWOW64\debug.log 2015-02-07 09:23 - 2015-02-07 09:23 - 23737820 _____ () C:\Users\Sherlock Holmes\Documents\Optimal Lernen.xps 2015-02-06 20:54 - 2015-02-06 20:54 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2015-02-06 12:11 - 2015-02-06 12:11 - 00000000 ____H () C:\Users\Sherlock Holmes\Documents\Default.rdp 2015-02-05 19:32 - 2015-02-05 19:32 - 00003050 _____ () C:\Windows\System32\Tasks\{C368D411-8AEF-457F-BDFC-4346540C31BB} 2015-02-05 19:31 - 2015-02-05 19:31 - 00003250 _____ () C:\Windows\System32\Tasks\{69079650-C5EF-4F24-B366-0BCE7920D9A3} 2015-02-05 18:47 - 2015-02-05 18:47 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk 2015-02-03 22:18 - 2015-02-03 22:18 - 00000000 ____D () C:\Users\Sherlock Holmes\AppData\Local\Adobe_Systems_Incorporate 2015-02-03 22:17 - 2015-02-03 22:24 - 00000000 ____D () C:\Users\Sherlock Holmes\Documents\My Digital Editions 2015-02-03 22:17 - 2015-02-03 22:17 - 00003090 _____ () C:\Windows\System32\Tasks\{55D0A493-F2BE-41C4-947D-119C9D648949} 2015-02-03 22:17 - 2015-02-03 22:17 - 00002178 _____ () C:\Users\Public\Desktop\Adobe Digital Editions 3.0.lnk 2015-01-30 11:02 - 2015-01-30 11:02 - 00001357 _____ () C:\Users\Sherlock Holmes\Desktop\HP Solution Center.lnk 2015-01-28 10:35 - 2015-01-28 10:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-27 00:23 - 2015-01-27 00:23 - 00014464 _____ (Western Digital Technologies) C:\Windows\System32\Drivers\wdcsam64.sys 2015-01-26 15:05 - 2015-01-30 12:03 - 00000000 ____D () C:\Users\Sherlock Holmes\Documents\Eigene Scans 2015-01-26 15:00 - 2015-02-02 16:45 - 00000000 ____D () C:\Scans ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-24 15:58 - 2014-05-11 20:43 - 01369653 _____ () C:\Windows\WindowsUpdate.log 2015-02-24 15:26 - 2014-05-11 19:57 - 00000000 ____D () C:\users\Sherlock Holmes 2015-02-24 14:54 - 2014-08-08 16:26 - 00000501 _____ () C:\Windows\System32\checkdnsid.xml 2015-02-24 13:01 - 2014-05-14 09:13 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys 2015-02-24 02:01 - 2011-04-12 08:43 - 00699416 _____ () C:\Windows\System32\perfh007.dat 2015-02-24 02:01 - 2011-04-12 08:43 - 00149556 _____ () C:\Windows\System32\perfc007.dat 2015-02-24 02:01 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\System32\PerfStringBackup.INI 2015-02-23 19:43 - 2014-05-12 21:23 - 00000000 ____D () C:\Users\Sherlock Holmes\AppData\Roaming\vlc 2015-02-23 17:47 - 2014-05-14 06:32 - 00003998 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{CAEDF7C5-6BE4-40C6-A7D7-838E0CB1CD24} 2015-02-23 15:27 - 2014-11-06 11:17 - 00000372 _____ () C:\Windows\Tasks\powersuite_monitor.job 2015-02-23 15:27 - 2014-08-14 17:23 - 00000360 _____ () C:\Windows\Tasks\dsmonitor.job 2015-02-23 06:53 - 2015-01-11 01:00 - 00008835 _____ () C:\Windows\setupact.log 2015-02-21 11:33 - 2009-07-14 05:45 - 00031984 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-21 11:33 - 2009-07-14 05:45 - 00031984 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-20 15:27 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-20 15:25 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing 2015-02-20 14:14 - 2015-01-14 13:16 - 00002130 _____ () C:\Windows\PFRO.log 2015-02-19 14:47 - 2015-01-01 15:28 - 00011776 _____ () C:\Users\Sherlock Holmes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-02-19 06:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2015-02-18 22:17 - 2015-01-05 15:45 - 00002830 _____ () C:\Windows\Sandboxie.ini 2015-02-18 15:02 - 2014-05-13 13:34 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-02-18 15:02 - 2014-05-13 13:34 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-02-18 11:57 - 2014-08-13 23:00 - 00000000 ____D () C:\Users\Sherlock Holmes\AppData\Roaming\DC++ 2015-02-18 11:57 - 2014-08-13 23:00 - 00000000 ____D () C:\Users\Sherlock Holmes\AppData\Local\DC++ 2015-02-17 21:28 - 2014-11-06 11:34 - 00000000 ____D () C:\Users\Sherlock Holmes\Documents\My ISO Files 2015-02-17 16:08 - 2014-11-06 13:49 - 00000000 ____D () C:\Users\Sherlock Holmes\AppData\Roaming\ProtectDISC 2015-02-17 15:41 - 2009-07-14 05:45 - 05033688 _____ () C:\Windows\System32\FNTCACHE.DAT 2015-02-17 15:37 - 2014-12-12 03:23 - 00000000 ____D () C:\Windows\System32\appraiser 2015-02-17 15:37 - 2014-05-12 00:18 - 00000000 ___SD () C:\Windows\System32\CompatTel 2015-02-17 15:37 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2015-02-17 15:19 - 2014-05-11 20:13 - 00000000 ____D () C:\ProgramData\Package Cache 2015-02-17 15:18 - 2014-05-15 20:08 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-02-17 15:18 - 2009-07-14 03:34 - 00000513 _____ () C:\Windows\win.ini 2015-02-17 15:14 - 2014-05-11 22:23 - 00000000 ____D () C:\Windows\System32\MRT 2015-02-17 15:10 - 2014-05-11 22:23 - 116773704 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe 2015-02-17 14:53 - 2014-08-12 17:22 - 00000000 ____D () C:\Windows\System32\Tasks\Aufgaben der Ereignisanzeige 2015-02-16 15:52 - 2014-05-11 20:27 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-02-10 16:39 - 2014-05-13 16:12 - 00000000 ____D () C:\ProgramData\Oracle 2015-02-10 15:55 - 2014-05-13 16:11 - 00000000 ____D () C:\Program Files (x86)\Java 2015-02-10 15:53 - 2014-05-13 16:11 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2015-02-10 15:53 - 2014-05-13 16:11 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2015-02-10 15:53 - 2014-05-13 16:11 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2015-02-10 15:53 - 2014-05-13 16:11 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-02-10 12:49 - 2014-05-11 20:31 - 00000000 ____D () C:\ProgramData\Adobe 2015-02-10 12:48 - 2014-05-11 20:31 - 00000000 ____D () C:\Program Files (x86)\Adobe 2015-02-10 12:46 - 2014-07-14 16:39 - 00000000 ____D () C:\Users\Sherlock Holmes\AppData\Local\Adobe 2015-02-08 14:14 - 2014-09-01 14:44 - 00000000 ____D () C:\Users\Sherlock Holmes\AppData\Roaming\DAEMON Tools Lite 2015-02-07 16:50 - 2014-05-15 15:03 - 00000486 __RSH () C:\Users\Sherlock Holmes\ntuser.pol 2015-02-07 16:17 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\System32\NDF 2015-02-07 11:14 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries 2015-02-07 09:25 - 2014-05-11 20:32 - 00000000 ____D () C:\Users\Sherlock Holmes\AppData\Roaming\Adobe 2015-02-06 20:52 - 2014-05-12 19:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-02-06 10:22 - 2015-01-11 19:57 - 00000731 _____ () C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk 2015-01-28 20:30 - 2015-01-02 13:06 - 00000000 ____D () C:\Users\Sherlock Holmes\AppData\Roaming\dvdcss 2015-01-26 15:09 - 2014-05-11 19:57 - 00000000 ____D () C:\Users\Sherlock Holmes\AppData\Local\VirtualStore Some content of TEMP: ==================== C:\Users\Sherlock Holmes\AppData\Local\Temp\A~NSISu_.exe C:\Users\Sherlock Holmes\AppData\Local\Temp\jre-8u31-windows-au.exe C:\Users\Sherlock Holmes\AppData\Local\Temp\proxy_vole2862650717388283353.dll C:\Users\Sherlock Holmes\AppData\Local\Temp\_isCDDA.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Restore Points ========================= Restore point made on: 2015-02-19 06:50:23 Restore point made on: 2015-02-20 14:54:27 Restore point made on: 2015-02-24 15:24:40 ==================== Memory info =========================== Percentage of memory in use: 7% Total physical RAM: 16304.71 MB Available physical RAM: 15116.7 MB Total Pagefile: 16302.86 MB Available Pagefile: 15105.21 MB Total Virtual: 8192 MB Available Virtual: 8191.89 MB ==================== Drives ================================ Drive c: (Windows7) (Fixed) (Total:97.65 GB) (Free:3.07 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (Frei) (Fixed) (Total:465.76 GB) (Free:459.15 GB) NTFS Drive f: (Downloads) (Fixed) (Total:300.37 GB) (Free:140.16 GB) NTFS Drive g: (Programme ) (Fixed) (Total:498.54 GB) (Free:481.65 GB) NTFS Drive h: (Grafik_Fotos) (Fixed) (Total:1266.82 GB) (Free:624.86 GB) NTFS Drive i: (Reparaturdatenträger Windows 7 6) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF Drive j: (Games) (Fixed) (Total:698.74 GB) (Free:385.89 GB) NTFS Drive k: (Daten) (Fixed) (Total:698.52 GB) (Free:442.45 GB) NTFS Drive p: (USB) (Removable) (Total:7.46 GB) (Free:7.45 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (Software) (Fixed) (Total:398.26 GB) (Free:255.45 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 698.6 GB) (Disk ID: A56DFF5E) Partition 1: (Not Active) - (Size=398.3 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=300.4 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: E83A4318) Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 472DB8E2) Partition 1: (Active) - (Size=97.7 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=498.5 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=1266.8 GB) - (Type=07 NTFS) ======================================================== Disk: 3 (Size: 1397.3 GB) (Disk ID: 000CE977) Partition 1: (Not Active) - (Size=698.7 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=698.5 GB) - (Type=OF Extended) ======================================================== Disk: 8 (Size: 7.5 GB) (Disk ID: 00000000) Partition: GPT Partition Type. LastRegBack: 2015-02-23 00:09 ==================== End Of Log ============================ |
24.02.2015, 19:55 | #24 |
/// Malwareteam | Pc fährt nach Neustart nicht mehr hoch,zeit nur kryptische Zeichenkette Hi, Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKLM\...26dfa299cadb\InprocServer32: [Authentication UI Logon UI] authuitu.dll <==== ATTENTION! SaveMbr: drive=0 SaveMbr: drive=1 SaveMbr: drive=2 SaveMbr: drive=3 SaveMbr: drive=8
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier. boote das System neu und teile mir mit, ob der Krypt-Bildschirm noch erscheint... Poste bitte die MBRDUMP.txt aus deinem FRST Verzeichnis. Sollte das System normal booten erstelle ein neues FRST Logfile (setze den Hacken bei List BCD) und poste es hier. Wenn das System nicht bootet erstelle ein neues FRST Logfile (setze den Hacken bei List BCD) in der Recovery und poste es hier Geändert von Aneri (24.02.2015 um 20:45 Uhr) |
24.02.2015, 22:33 | #25 |
| Pc fährt nach Neustart nicht mehr hoch,zeit nur kryptische Zeichenkette ich muß aber vorher in den reperaturteil von Windows oder? |
24.02.2015, 22:34 | #26 |
/// Malwareteam | Pc fährt nach Neustart nicht mehr hoch,zeit nur kryptische Zeichenkette ja wir arbeiten aus der Recovery |
24.02.2015, 22:49 | #27 |
| Pc fährt nach Neustart nicht mehr hoch,zeit nur kryptische Zeichenkette leider hat es nicht geholfen,die zeichen sind nach dem Neustart immer noch da Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-02-2015 01 Ran by SYSTEM at 2015-02-24 22:44:54 Run:1 Running from P:\ Boot Mode: Recovery ============================================== Content of fixlist: ***************** HKLM\...26dfa299cadb\InprocServer32: [Authentication UI Logon UI] authuitu.dll <==== ATTENTION! SaveMbr: drive=0 SaveMbr: drive=1 SaveMbr: drive=2 SaveMbr: drive=3 SaveMbr: drive=8 ***************** HKLM\Software\Classes\CLSID\{7986d495-ce42-4926-8afc-26dfa299cadb}\InprocServer32\\Default => Value was restored successfully. MBRDUMP.txt is made successfully. MBRDUMP.txt is made successfully. MBRDUMP.txt is made successfully. MBRDUMP.txt is made successfully. MBRDUMP.txt is made successfully. ==== End of Fixlog 22:44:54 ==== Code:
ATTFilter ! ]ÎÏ àï Uª |
24.02.2015, 22:54 | #28 |
/// Malwareteam | Pc fährt nach Neustart nicht mehr hoch,zeit nur kryptische Zeichenkette der mbrdump ist leer? Erstelle bitte aus der recovery nochmals ein logfile. Setzt bei frst den Haken bei List Bcd Geändert von Aneri (24.02.2015 um 22:59 Uhr) |
24.02.2015, 23:09 | #29 |
| Pc fährt nach Neustart nicht mehr hoch,zeit nur kryptische Zeichenkette MBRDUMP: Code:
ATTFilter ! ]ÎÏ àï Uª |
24.02.2015, 23:14 | #30 |
/// Malwareteam | Pc fährt nach Neustart nicht mehr hoch,zeit nur kryptische Zeichenkette Ok das hilft uns heute nicht mehr weiter. Ich muss jetzt eh offline gehen.. lass uns morgen weitermachen.. das die kryptzeichen noch da sind ist normal... wir sind auf dem richtigen weg |
Themen zu Pc fährt nach Neustart nicht mehr hoch,zeit nur kryptische Zeichenkette |
abend, bild, bios, das bild, eingefangen, gefangen, geht nicht, gen, guten, hilfe, hoffe, kryptische, lange, neustart, nicht mehr, nichts, sofort, wirklich |