Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Windows 7: Logdatei zur Analyse

Windows 7: Logdatei zur Analyse


Log-Analyse und Auswertung: Windows 7: Logdatei zur Analyse

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Seite 1 von 2 1 2
Alt 24.11.2015, 19:51   #1
benkostello
 
Windows 7: Logdatei zur Analyse - Standard

Windows 7: Logdatei zur Analyse


Hallo,
ich kann meinen PC nicht mehr hochfahren, folgendes gibt die Logdatei aus. Könnt ihr mir bitte weiterhelfen, was zu tun ist?

vielen dank vorab für die Hilfe!


Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-11-2015
Ran by SYSTEM on MININT-ERO2OK9 (24-11-2015 19:37:31)
Running from H:\
Platform: Windows 7 Home Premium (X64) Language: Englisch (USA)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6463592 2012-02-13] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2885904 2012-02-23] (Synaptics Incorporated)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}] => "C:\ProgramData\cisC2.exe" --PostUninstall {81EFDD93-DBBE-415B-BE6E-49B9664E3E82}
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2015-02-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [684024 2012-02-19] (PDF Complete Inc)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-11-05] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [tvncontrol] => "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-10] (Avast Software s.r.o.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2015-02-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [296960 2015-09-28] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\frank\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-11-05] (Samsung)
HKU\frank\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\frank\...\Run: [WA5H2V3YUCUB0IWZAIUQZUDADO] => C:\4gEJsVyiA73\58A598376D5.exe /q
HKU\frank\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-11-05] (Samsung)
HKU\frank\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53655680 2015-07-28] (Skype Technologies S.A.)
HKU\frank\...\Run: [Dropbox Update] => C:\Users\frank\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-22] (Dropbox, Inc.)
HKU\frank\...\Run: [BingSvc] => C:\Users\frank\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-19] (© 2015 Microsoft Corporation)
Startup: C:\Users\frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-11-15]
ShortcutTarget: Dropbox.lnk ->  (No File)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-10] (Avast Software s.r.o.)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
S2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1134584 2012-02-19] (PDF Complete Inc)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 HitmanPro37CrusaderBoot; "F:\HitmanPro_x64.exe" /crusader:boot [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-10] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-04-10] (Avast Software s.r.o.)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-10] (Avast Software s.r.o.)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-10] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-10] (Avast Software s.r.o.)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-10] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-04-10] (Avast Software s.r.o.)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-04-10] ()
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-12] (CSR, plc)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] ()
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-27] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver.sys [21264 2012-02-23] (Synaptics Incorporated)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-24 19:37 - 2015-11-24 19:37 - 00000000 ____D C:\FRST
2015-11-21 04:24 - 2015-11-24 10:01 - 284250998 _____ C:\Windows\MEMORY.DMP
2015-11-12 10:53 - 2015-10-01 10:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\System32\InkEd.dll
2015-11-12 10:53 - 2015-10-01 09:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-24 10:01 - 2010-11-20 19:47 - 01180032 _____ C:\Windows\PFRO.log
2015-11-21 04:22 - 2013-11-11 09:05 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-21 04:19 - 2012-03-15 05:45 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-21 04:11 - 2015-06-22 03:13 - 00001224 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1640999226-3979880844-3937512731-1000UA.job
2015-11-21 04:10 - 2015-06-22 03:13 - 00001172 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1640999226-3979880844-3937512731-1000Core.job
2015-11-21 04:10 - 2013-04-11 11:47 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-21 04:10 - 2012-12-22 05:09 - 02055289 _____ C:\Windows\WindowsUpdate.log
2015-11-19 10:58 - 2009-07-13 20:45 - 00031248 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-19 10:58 - 2009-07-13 20:45 - 00031248 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-19 10:51 - 2013-11-24 01:32 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-11-19 10:50 - 2012-12-28 15:44 - 00000000 ____D C:\Users\frank\AppData\Local\CrashDumps
2015-11-16 13:01 - 2012-12-22 05:17 - 00000000 ____D C:\Users\frank\AppData\Roaming\Skype
2015-11-15 13:33 - 2012-12-24 04:56 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2015-11-15 08:55 - 2014-09-09 11:13 - 00000000 ___RD C:\Users\frank\Dropbox
2015-11-15 08:55 - 2014-09-09 11:10 - 00000000 ____D C:\Users\frank\AppData\Roaming\Dropbox
2015-11-15 08:50 - 2012-03-15 05:56 - 00000000 ____D C:\ProgramData\PDFC
2015-11-12 10:43 - 2012-03-15 05:45 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-12 10:43 - 2012-03-15 05:45 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-12 10:43 - 2012-03-15 05:45 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-11-10 09:21 - 2012-03-15 14:01 - 00700134 _____ C:\Windows\System32\perfh007.dat
2015-11-10 09:21 - 2012-03-15 14:01 - 00149984 _____ C:\Windows\System32\perfc007.dat
2015-11-10 09:21 - 2009-07-13 21:13 - 01622300 _____ C:\Windows\System32\PerfStringBackup.INI
2015-11-07 01:30 - 2009-07-13 20:51 - 00109347 _____ C:\Windows\setupact.log
2015-11-03 11:23 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2015-11-01 03:55 - 2015-07-13 11:43 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-11-01 03:53 - 2013-07-30 14:16 - 00000000 ____D C:\Users\frank\AppData\Local\Adobe
2015-10-25 01:29 - 2012-12-22 05:17 - 00000000 ____D C:\Users\frank\AppData\Local\PDFC

Files to move or delete:
====================
C:\ProgramData\0179173.bat
C:\ProgramData\0179173.pad
C:\ProgramData\0179173.reg


Some files in TEMP:
====================
C:\Users\frank\AppData\Local\Temp\2jfuweif.exe
C:\Users\frank\AppData\Local\Temp\5QC20EE.exe
C:\Users\frank\AppData\Local\Temp\7CCAAA0.exe
C:\Users\frank\AppData\Local\Temp\7CcE639.exe
C:\Users\frank\AppData\Local\Temp\bfl5yokj.dll
C:\Users\frank\AppData\Local\Temp\BingSvc.exe
C:\Users\frank\AppData\Local\Temp\bitool.dll
C:\Users\frank\AppData\Local\Temp\BSvcProcessor.exe
C:\Users\frank\AppData\Local\Temp\BSvcUpdater.exe
C:\Users\frank\AppData\Local\Temp\Buwuharoyig.exe
C:\Users\frank\AppData\Local\Temp\C7C9C0F.exe
C:\Users\frank\AppData\Local\Temp\C7CAADE.exe
C:\Users\frank\AppData\Local\Temp\C7cB846.exe
C:\Users\frank\AppData\Local\Temp\C7CCB49.exe
C:\Users\frank\AppData\Local\Temp\cCCA5FE.exe
C:\Users\frank\AppData\Local\Temp\cCcA8CC.exe
C:\Users\frank\AppData\Local\Temp\CcCB8F2.exe
C:\Users\frank\AppData\Local\Temp\CcCF324.exe
C:\Users\frank\AppData\Local\Temp\DefaultPack.EXE
C:\Users\frank\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphlxbla.dll
C:\Users\frank\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\frank\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\frank\AppData\Local\Temp\E3O5649.exe
C:\Users\frank\AppData\Local\Temp\Extract.exe
C:\Users\frank\AppData\Local\Temp\f1pmraph.dll
C:\Users\frank\AppData\Local\Temp\HitmanPro.exe
C:\Users\frank\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\frank\AppData\Local\Temp\jfwnpvo1.dll
C:\Users\frank\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\frank\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\frank\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\frank\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\frank\AppData\Local\Temp\libnspr4.dll
C:\Users\frank\AppData\Local\Temp\nsa68ED.exe
C:\Users\frank\AppData\Local\Temp\nsaE40B.exe
C:\Users\frank\AppData\Local\Temp\nsc5602.exe
C:\Users\frank\AppData\Local\Temp\nsc66C6.exe
C:\Users\frank\AppData\Local\Temp\nscB349.exe
C:\Users\frank\AppData\Local\Temp\nsgA786.exe
C:\Users\frank\AppData\Local\Temp\nsgADE.exe
C:\Users\frank\AppData\Local\Temp\nsl5F1D.exe
C:\Users\frank\AppData\Local\Temp\nsm5D91.exe
C:\Users\frank\AppData\Local\Temp\nsmBC10.exe
C:\Users\frank\AppData\Local\Temp\nsv732B.exe
C:\Users\frank\AppData\Local\Temp\nsvDBB1.exe
C:\Users\frank\AppData\Local\Temp\nsw25BC.exe
C:\Users\frank\AppData\Local\Temp\nswAB8A.exe
C:\Users\frank\AppData\Local\Temp\Resource.exe
C:\Users\frank\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\frank\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\frank\AppData\Local\Temp\Show-Password_1030-8100.exe
C:\Users\frank\AppData\Local\Temp\SkypeSetup.exe
C:\Users\frank\AppData\Local\Temp\SP56942.exe
C:\Users\frank\AppData\Local\Temp\sp58915.exe
C:\Users\frank\AppData\Local\Temp\SP59202.exe
C:\Users\frank\AppData\Local\Temp\sp64126.exe
C:\Users\frank\AppData\Local\Temp\UM7C0CE.exe
C:\Users\frank\AppData\Local\Temp\uninst1.exe
C:\Users\frank\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\frank\AppData\Local\Temp\vlc-2.1.2-win64.exe
C:\Users\frank\AppData\Local\Temp\vlc-2.1.4-win64.exe
C:\Users\frank\AppData\Local\Temp\vlc-2.1.5-win64.exe


==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE Association (Whitelisted) =============


==================== Restore Points =========================

Restore point date: 2015-10-22 11:19
Restore point date: 2015-10-23 05:12
Restore point date: 2015-10-30 08:02
Restore point date: 2015-11-03 07:54
Restore point date: 2015-11-07 01:44
Restore point date: 2015-11-10 09:35
Restore point date: 2015-11-16 10:54
Restore point date: 2015-11-19 11:15
Restore point date: 2015-11-21 04:14
Restore point date: 2015-11-21 04:15

==================== Memory info =========================== 

Percentage of memory in use: 19%
Total physical RAM: 3996.36 MB
Available physical RAM: 3229.55 MB
Total Virtual: 3994.51 MB
Available Virtual: 3224.01 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:445.67 GB) (Free:194.35 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Recovery) (Fixed) (Total:19.8 GB) (Free:2.11 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32
Drive h: () (Removable) (Total:0.94 GB) (Free:0.93 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E7E8DEA5)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=445.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=19.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

========================================================
Disk: 1 (Size: 961 MB) (Disk ID: 9866BAFB)
Partition 1: (Active) - (Size=961 MB) - (Type=06)


LastRegBack: 2015-11-03 11:10

==================== End of FRST.txt ============================

Alt 24.11.2015, 20:51   #2
schrauber
/// the machine
/// TB-Ausbilder
 
Windows 7: Logdatei zur Analyse - Standard

Windows 7: Logdatei zur Analyse


Hi,

definier mal bitte "kannst nicht mehr hochfahren".
__________________

__________________
Alt 24.11.2015, 21:09   #3
benkostello
 
Windows 7: Logdatei zur Analyse - Standard

Windows 7: Logdatei zur Analyse


Hi,
sorry!

Ich hatte meinen Laptop längere Zeit nicht mehr ganz runtergefahren. Als ich das vor 2 Tagen gemacht habe konnte ich ihn nicht mehr gewohnt starten.

Beim anschalten des PC´s:
- Windows wirt gestartet,
- Blauer Bildschirm: "a problem has been deteced and windows has been shut down to prevent damage"

In allen 3 abgesicherten Modis fährt der Pc bis zur folgenden Datei windows\system 32\drivers\aswRvrt.sys hoch.

System reparieren -> system repraratur -> keine Fehler gefunden -> Neustart -> gleiches Problem wie oben beschrieben
__________________
Geändert von benkostello (24.11.2015 um 21:41 Uhr)

Alt 26.11.2015, 10:15   #4
schrauber
/// the machine
/// TB-Ausbilder
 
Windows 7: Logdatei zur Analyse - Standard

Windows 7: Logdatei zur Analyse


Jaja, unser allseits geliebtes Avast....

Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKLM\...\Run: [CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}] => "C:\ProgramData\cisC2.exe" --PostUninstall {81EFDD93-DBBE-415B-BE6E-49B9664E3E82}
HKU\frank\...\Run: [WA5H2V3YUCUB0IWZAIUQZUDADO] => C:\4gEJsVyiA73\58A598376D5.exe /q
C:\ProgramData\0179173.bat
C:\ProgramData\0179173.pad
C:\ProgramData\0179173.reg
C:\ProgramData\cisC2.exe
C:\4gEJsVyiA73
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 29.11.2015, 12:25   #5
benkostello
 
Windows 7: Logdatei zur Analyse - Standard

Windows 7: Logdatei zur Analyse


Hallo Schrauber,

danke für deine Antwort.
ich komme gar nicht auf den Deskop, frage mich daher gerade wie ich in den"ausführen modus" komme.

Kannst du bitte noch einen Satz dazu sagen?


Danke1


Alt 30.11.2015, 07:48   #6
schrauber
/// the machine
/// TB-Ausbilder
 
Windows 7: Logdatei zur Analyse - Standard

Windows 7: Logdatei zur Analyse


Du musst das Script auf einem andern Rechner erstellen und dann auf dem Stick speichern
__________________
--> Windows 7: Logdatei zur Analyse

Alt 01.12.2015, 21:50   #7
benkostello
 
Windows 7: Logdatei zur Analyse - Standard

Windows 7: Logdatei zur Analyse


Fixlog.txt

Code:
ATTFilter
Fix result of Farbar Recovery Scan Tool (x64) Version:23-11-2015
Ran by SYSTEM (2015-12-01 21:44:21) Run:2
Running from H:\
Boot Mode: Recovery
==============================================

fixlist content:
*****************
HKLM\...\Run: [CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}] => "C:\ProgramData\cisC2.exe" --PostUninstall {81EFDD93-DBBE-415B-BE6E-49B9664E3E82}
HKU\frank\...\Run: [WA5H2V3YUCUB0IWZAIUQZUDADO] => C:\4gEJsVyiA73\58A598376D5.exe /q
C:\ProgramData\0179173.bat
C:\ProgramData\0179173.pad
C:\ProgramData\0179173.reg
C:\ProgramData\cisC2.exe
C:\4gEJsVyiA73
         
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82} => value removed successfully
HKU\frank\Software\Microsoft\Windows\CurrentVersion\Run\\WA5H2V3YUCUB0IWZAIUQZUDADO => value removed successfully
C:\ProgramData\0179173.bat => moved successfully
C:\ProgramData\0179173.pad => moved successfully
C:\ProgramData\0179173.reg => moved successfully
"C:\ProgramData\cisC2.exe" => not found.
C:\4gEJsVyiA73 => moved successfully

==== End of Fixlog 21:44:22 ====



die neue Fixlog (im Anschluss erstellt):

FRST Logfile:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-11-2015
Ran by SYSTEM on MININT-0VMR1MK (01-12-2015 22:01:12)
Running from H:\
Platform: Windows 7 Home Premium (X64) Language: Englisch (USA)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6463592 2012-02-13] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2885904 2012-02-23] (Synaptics Incorporated)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2015-02-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [684024 2012-02-19] (PDF Complete Inc)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-11-05] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [tvncontrol] => "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-10] (Avast Software s.r.o.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2015-02-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [296960 2015-09-28] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\frank\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-11-05] (Samsung)
HKU\frank\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\frank\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-11-05] (Samsung)
HKU\frank\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53655680 2015-07-28] (Skype Technologies S.A.)
HKU\frank\...\Run: [Dropbox Update] => C:\Users\frank\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-22] (Dropbox, Inc.)
HKU\frank\...\Run: [BingSvc] => C:\Users\frank\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-19] (© 2015 Microsoft Corporation)
Startup: C:\Users\frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-11-15]
ShortcutTarget: Dropbox.lnk ->  (No File)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-10] (Avast Software s.r.o.)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
S2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1134584 2012-02-19] (PDF Complete Inc)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 HitmanPro37CrusaderBoot; "F:\HitmanPro_x64.exe" /crusader:boot [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-10] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-04-10] (Avast Software s.r.o.)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-10] (Avast Software s.r.o.)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-10] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-10] (Avast Software s.r.o.)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-10] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-04-10] (Avast Software s.r.o.)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-04-10] ()
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-12] (CSR, plc)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] ()
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-27] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver.sys [21264 2012-02-23] (Synaptics Incorporated)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-24 19:37 - 2015-12-01 22:01 - 00000000 ____D C:\FRST
2015-11-21 04:24 - 2015-12-01 12:58 - 352763107 _____ C:\Windows\MEMORY.DMP
2015-11-12 10:53 - 2015-10-01 10:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\System32\InkEd.dll
2015-11-12 10:53 - 2015-10-01 09:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-01 12:58 - 2010-11-20 19:47 - 01380736 _____ C:\Windows\PFRO.log
2015-11-21 04:22 - 2013-11-11 09:05 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-21 04:22 - 2012-12-22 05:09 - 02055289 _____ C:\Windows\WindowsUpdate.log
2015-11-21 04:19 - 2012-03-15 05:45 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-21 04:11 - 2015-06-22 03:13 - 00001224 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1640999226-3979880844-3937512731-1000UA.job
2015-11-21 04:10 - 2015-06-22 03:13 - 00001172 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1640999226-3979880844-3937512731-1000Core.job
2015-11-21 04:10 - 2013-04-11 11:47 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-19 10:58 - 2009-07-13 20:45 - 00031248 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-19 10:58 - 2009-07-13 20:45 - 00031248 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-19 10:51 - 2013-11-24 01:32 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-11-19 10:50 - 2012-12-28 15:44 - 00000000 ____D C:\Users\frank\AppData\Local\CrashDumps
2015-11-16 13:01 - 2012-12-22 05:17 - 00000000 ____D C:\Users\frank\AppData\Roaming\Skype
2015-11-15 13:33 - 2012-12-24 04:56 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2015-11-15 08:55 - 2014-09-09 11:13 - 00000000 ___RD C:\Users\frank\Dropbox
2015-11-15 08:55 - 2014-09-09 11:10 - 00000000 ____D C:\Users\frank\AppData\Roaming\Dropbox
2015-11-15 08:50 - 2012-03-15 05:56 - 00000000 ____D C:\ProgramData\PDFC
2015-11-12 10:43 - 2012-03-15 05:45 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-12 10:43 - 2012-03-15 05:45 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-12 10:43 - 2012-03-15 05:45 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-11-10 09:21 - 2012-03-15 14:01 - 00700134 _____ C:\Windows\System32\perfh007.dat
2015-11-10 09:21 - 2012-03-15 14:01 - 00149984 _____ C:\Windows\System32\perfc007.dat
2015-11-10 09:21 - 2009-07-13 21:13 - 01622300 _____ C:\Windows\System32\PerfStringBackup.INI
2015-11-07 01:30 - 2009-07-13 20:51 - 00109347 _____ C:\Windows\setupact.log
2015-11-03 11:23 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2015-11-01 03:55 - 2015-07-13 11:43 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-11-01 03:53 - 2013-07-30 14:16 - 00000000 ____D C:\Users\frank\AppData\Local\Adobe

Some files in TEMP:
====================
C:\Users\frank\AppData\Local\Temp\2jfuweif.exe
C:\Users\frank\AppData\Local\Temp\5QC20EE.exe
C:\Users\frank\AppData\Local\Temp\7CCAAA0.exe
C:\Users\frank\AppData\Local\Temp\7CcE639.exe
C:\Users\frank\AppData\Local\Temp\bfl5yokj.dll
C:\Users\frank\AppData\Local\Temp\BingSvc.exe
C:\Users\frank\AppData\Local\Temp\bitool.dll
C:\Users\frank\AppData\Local\Temp\BSvcProcessor.exe
C:\Users\frank\AppData\Local\Temp\BSvcUpdater.exe
C:\Users\frank\AppData\Local\Temp\Buwuharoyig.exe
C:\Users\frank\AppData\Local\Temp\C7C9C0F.exe
C:\Users\frank\AppData\Local\Temp\C7CAADE.exe
C:\Users\frank\AppData\Local\Temp\C7cB846.exe
C:\Users\frank\AppData\Local\Temp\C7CCB49.exe
C:\Users\frank\AppData\Local\Temp\cCCA5FE.exe
C:\Users\frank\AppData\Local\Temp\cCcA8CC.exe
C:\Users\frank\AppData\Local\Temp\CcCB8F2.exe
C:\Users\frank\AppData\Local\Temp\CcCF324.exe
C:\Users\frank\AppData\Local\Temp\DefaultPack.EXE
C:\Users\frank\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphlxbla.dll
C:\Users\frank\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\frank\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\frank\AppData\Local\Temp\E3O5649.exe
C:\Users\frank\AppData\Local\Temp\Extract.exe
C:\Users\frank\AppData\Local\Temp\f1pmraph.dll
C:\Users\frank\AppData\Local\Temp\HitmanPro.exe
C:\Users\frank\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\frank\AppData\Local\Temp\jfwnpvo1.dll
C:\Users\frank\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\frank\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\frank\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\frank\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\frank\AppData\Local\Temp\libnspr4.dll
C:\Users\frank\AppData\Local\Temp\nsa68ED.exe
C:\Users\frank\AppData\Local\Temp\nsaE40B.exe
C:\Users\frank\AppData\Local\Temp\nsc5602.exe
C:\Users\frank\AppData\Local\Temp\nsc66C6.exe
C:\Users\frank\AppData\Local\Temp\nscB349.exe
C:\Users\frank\AppData\Local\Temp\nsgA786.exe
C:\Users\frank\AppData\Local\Temp\nsgADE.exe
C:\Users\frank\AppData\Local\Temp\nsl5F1D.exe
C:\Users\frank\AppData\Local\Temp\nsm5D91.exe
C:\Users\frank\AppData\Local\Temp\nsmBC10.exe
C:\Users\frank\AppData\Local\Temp\nsv732B.exe
C:\Users\frank\AppData\Local\Temp\nsvDBB1.exe
C:\Users\frank\AppData\Local\Temp\nsw25BC.exe
C:\Users\frank\AppData\Local\Temp\nswAB8A.exe
C:\Users\frank\AppData\Local\Temp\Resource.exe
C:\Users\frank\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\frank\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\frank\AppData\Local\Temp\Show-Password_1030-8100.exe
C:\Users\frank\AppData\Local\Temp\SkypeSetup.exe
C:\Users\frank\AppData\Local\Temp\SP56942.exe
C:\Users\frank\AppData\Local\Temp\sp58915.exe
C:\Users\frank\AppData\Local\Temp\SP59202.exe
C:\Users\frank\AppData\Local\Temp\sp64126.exe
C:\Users\frank\AppData\Local\Temp\UM7C0CE.exe
C:\Users\frank\AppData\Local\Temp\uninst1.exe
C:\Users\frank\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\frank\AppData\Local\Temp\vlc-2.1.2-win64.exe
C:\Users\frank\AppData\Local\Temp\vlc-2.1.4-win64.exe
C:\Users\frank\AppData\Local\Temp\vlc-2.1.5-win64.exe


==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE Association (Whitelisted) =============


==================== Restore Points =========================

Restore point date: 2015-10-22 11:19
Restore point date: 2015-10-23 05:12
Restore point date: 2015-10-30 08:02
Restore point date: 2015-11-03 07:54
Restore point date: 2015-11-07 01:44
Restore point date: 2015-11-10 09:35
Restore point date: 2015-11-16 10:54
Restore point date: 2015-11-19 11:15
Restore point date: 2015-11-21 04:14
Restore point date: 2015-11-21 04:15

==================== Memory info =========================== 

Percentage of memory in use: 19%
Total physical RAM: 3996.36 MB
Available physical RAM: 3222.44 MB
Total Virtual: 3994.51 MB
Available Virtual: 3215.61 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:445.67 GB) (Free:194.28 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Recovery) (Fixed) (Total:19.8 GB) (Free:2.11 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32
Drive h: () (Removable) (Total:0.94 GB) (Free:0.94 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E7E8DEA5)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=445.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=19.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

========================================================
Disk: 1 (Size: 961 MB) (Disk ID: 9866BAFB)
Partition 1: (Active) - (Size=961 MB) - (Type=06)


LastRegBack: 2015-11-03 11:10

==================== End of FRST.txt ============================
--- --- ---

--- --- ---

--- --- ---
Geändert von benkostello (01.12.2015 um 22:05 Uhr)

Alt 02.12.2015, 16:50   #8
schrauber
/// the machine
/// TB-Ausbilder
 
Windows 7: Logdatei zur Analyse - Standard

Windows 7: Logdatei zur Analyse


Kannste den Rechner immer noch nicht normal starten?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 02.12.2015, 22:19   #9
benkostello
 
Windows 7: Logdatei zur Analyse - Standard

Windows 7: Logdatei zur Analyse


Nein, leider nicht. Ich habe alle 3 abgesicherten Modi probiert und bei allen bleibt er bei:
... aswRvrt.sys hängen.

identischer Pfad, wie bereits gelistet.

Viele Grüße!

Alt 03.12.2015, 22:01   #10
schrauber
/// the machine
/// TB-Ausbilder
 
Windows 7: Logdatei zur Analyse - Standard

Windows 7: Logdatei zur Analyse


Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-10] ()
C:\Windows\System32\Drivers\aswRvrt.sys
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 03.12.2015, 22:19   #11
benkostello
 
Windows 7: Logdatei zur Analyse - Standard

Windows 7: Logdatei zur Analyse


Erledigt:

Fixlog

Code:
ATTFilter
Fix result of Farbar Recovery Scan Tool (x64) Version:23-11-2015
Ran by SYSTEM (2015-12-03 22:17:55) Run:3
Running from H:\
Boot Mode: Recovery
==============================================

fixlist content:
*****************
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-10] ()
C:\Windows\System32\Drivers\aswRvrt.sys
         
*****************

aswRvrt => service removed successfully
C:\Windows\System32\Drivers\aswRvrt.sys => moved successfully

==== End of Fixlog 22:17:56 ====
nun fährt der PC im abgesicherten Modus bis:
C:\Windows\System32\Drivers\aswvmm.sys hoch - wie ich gelesen habe ebenfalls im Zusammenhang mit Avast.

Hier die FRST dazu:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-11-2015
Ran by SYSTEM on MININT-Q23J4PF (03-12-2015 22:25:33)
Running from H:\
Platform: Windows 7 Home Premium (X64) Language: Englisch (USA)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6463592 2012-02-13] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2885904 2012-02-23] (Synaptics Incorporated)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2015-02-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [684024 2012-02-19] (PDF Complete Inc)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-11-05] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [tvncontrol] => "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-10] (Avast Software s.r.o.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2015-02-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [296960 2015-09-28] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\frank\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-11-05] (Samsung)
HKU\frank\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\frank\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-11-05] (Samsung)
HKU\frank\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53655680 2015-07-28] (Skype Technologies S.A.)
HKU\frank\...\Run: [Dropbox Update] => C:\Users\frank\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-22] (Dropbox, Inc.)
HKU\frank\...\Run: [BingSvc] => C:\Users\frank\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-19] (© 2015 Microsoft Corporation)
Startup: C:\Users\frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-11-15]
ShortcutTarget: Dropbox.lnk ->  (No File)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-10] (Avast Software s.r.o.)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
S2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1134584 2012-02-19] (PDF Complete Inc)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 HitmanPro37CrusaderBoot; "F:\HitmanPro_x64.exe" /crusader:boot [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-10] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-04-10] (Avast Software s.r.o.)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-10] (Avast Software s.r.o.)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-10] (Avast Software s.r.o.)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-10] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-04-10] (Avast Software s.r.o.)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-04-10] ()
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-12] (CSR, plc)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] ()
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-27] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver.sys [21264 2012-02-23] (Synaptics Incorporated)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-24 19:37 - 2015-12-03 22:25 - 00000000 ____D C:\FRST
2015-11-21 04:24 - 2015-12-03 13:24 - 352955619 _____ C:\Windows\MEMORY.DMP
2015-11-12 10:53 - 2015-10-01 10:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\System32\InkEd.dll
2015-11-12 10:53 - 2015-10-01 09:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-03 13:23 - 2010-11-20 19:47 - 01549590 _____ C:\Windows\PFRO.log
2015-11-21 04:22 - 2013-11-11 09:05 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-21 04:22 - 2012-12-22 05:09 - 02055289 _____ C:\Windows\WindowsUpdate.log
2015-11-21 04:19 - 2012-03-15 05:45 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-21 04:11 - 2015-06-22 03:13 - 00001224 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1640999226-3979880844-3937512731-1000UA.job
2015-11-21 04:10 - 2015-06-22 03:13 - 00001172 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1640999226-3979880844-3937512731-1000Core.job
2015-11-21 04:10 - 2013-04-11 11:47 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-19 10:58 - 2009-07-13 20:45 - 00031248 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-19 10:58 - 2009-07-13 20:45 - 00031248 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-19 10:51 - 2013-11-24 01:32 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-11-19 10:50 - 2012-12-28 15:44 - 00000000 ____D C:\Users\frank\AppData\Local\CrashDumps
2015-11-16 13:01 - 2012-12-22 05:17 - 00000000 ____D C:\Users\frank\AppData\Roaming\Skype
2015-11-15 13:33 - 2012-12-24 04:56 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2015-11-15 08:55 - 2014-09-09 11:13 - 00000000 ___RD C:\Users\frank\Dropbox
2015-11-15 08:55 - 2014-09-09 11:10 - 00000000 ____D C:\Users\frank\AppData\Roaming\Dropbox
2015-11-15 08:50 - 2012-03-15 05:56 - 00000000 ____D C:\ProgramData\PDFC
2015-11-12 10:43 - 2012-03-15 05:45 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-12 10:43 - 2012-03-15 05:45 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-12 10:43 - 2012-03-15 05:45 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-11-10 09:21 - 2012-03-15 14:01 - 00700134 _____ C:\Windows\System32\perfh007.dat
2015-11-10 09:21 - 2012-03-15 14:01 - 00149984 _____ C:\Windows\System32\perfc007.dat
2015-11-10 09:21 - 2009-07-13 21:13 - 01622300 _____ C:\Windows\System32\PerfStringBackup.INI
2015-11-07 01:30 - 2009-07-13 20:51 - 00109347 _____ C:\Windows\setupact.log
2015-11-03 11:23 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache

Some files in TEMP:
====================
C:\Users\frank\AppData\Local\Temp\2jfuweif.exe
C:\Users\frank\AppData\Local\Temp\5QC20EE.exe
C:\Users\frank\AppData\Local\Temp\7CCAAA0.exe
C:\Users\frank\AppData\Local\Temp\7CcE639.exe
C:\Users\frank\AppData\Local\Temp\bfl5yokj.dll
C:\Users\frank\AppData\Local\Temp\BingSvc.exe
C:\Users\frank\AppData\Local\Temp\bitool.dll
C:\Users\frank\AppData\Local\Temp\BSvcProcessor.exe
C:\Users\frank\AppData\Local\Temp\BSvcUpdater.exe
C:\Users\frank\AppData\Local\Temp\Buwuharoyig.exe
C:\Users\frank\AppData\Local\Temp\C7C9C0F.exe
C:\Users\frank\AppData\Local\Temp\C7CAADE.exe
C:\Users\frank\AppData\Local\Temp\C7cB846.exe
C:\Users\frank\AppData\Local\Temp\C7CCB49.exe
C:\Users\frank\AppData\Local\Temp\cCCA5FE.exe
C:\Users\frank\AppData\Local\Temp\cCcA8CC.exe
C:\Users\frank\AppData\Local\Temp\CcCB8F2.exe
C:\Users\frank\AppData\Local\Temp\CcCF324.exe
C:\Users\frank\AppData\Local\Temp\DefaultPack.EXE
C:\Users\frank\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphlxbla.dll
C:\Users\frank\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\frank\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\frank\AppData\Local\Temp\E3O5649.exe
C:\Users\frank\AppData\Local\Temp\Extract.exe
C:\Users\frank\AppData\Local\Temp\f1pmraph.dll
C:\Users\frank\AppData\Local\Temp\HitmanPro.exe
C:\Users\frank\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\frank\AppData\Local\Temp\jfwnpvo1.dll
C:\Users\frank\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\frank\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\frank\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\frank\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\frank\AppData\Local\Temp\libnspr4.dll
C:\Users\frank\AppData\Local\Temp\nsa68ED.exe
C:\Users\frank\AppData\Local\Temp\nsaE40B.exe
C:\Users\frank\AppData\Local\Temp\nsc5602.exe
C:\Users\frank\AppData\Local\Temp\nsc66C6.exe
C:\Users\frank\AppData\Local\Temp\nscB349.exe
C:\Users\frank\AppData\Local\Temp\nsgA786.exe
C:\Users\frank\AppData\Local\Temp\nsgADE.exe
C:\Users\frank\AppData\Local\Temp\nsl5F1D.exe
C:\Users\frank\AppData\Local\Temp\nsm5D91.exe
C:\Users\frank\AppData\Local\Temp\nsmBC10.exe
C:\Users\frank\AppData\Local\Temp\nsv732B.exe
C:\Users\frank\AppData\Local\Temp\nsvDBB1.exe
C:\Users\frank\AppData\Local\Temp\nsw25BC.exe
C:\Users\frank\AppData\Local\Temp\nswAB8A.exe
C:\Users\frank\AppData\Local\Temp\Resource.exe
C:\Users\frank\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\frank\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\frank\AppData\Local\Temp\Show-Password_1030-8100.exe
C:\Users\frank\AppData\Local\Temp\SkypeSetup.exe
C:\Users\frank\AppData\Local\Temp\SP56942.exe
C:\Users\frank\AppData\Local\Temp\sp58915.exe
C:\Users\frank\AppData\Local\Temp\SP59202.exe
C:\Users\frank\AppData\Local\Temp\sp64126.exe
C:\Users\frank\AppData\Local\Temp\UM7C0CE.exe
C:\Users\frank\AppData\Local\Temp\uninst1.exe
C:\Users\frank\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\frank\AppData\Local\Temp\vlc-2.1.2-win64.exe
C:\Users\frank\AppData\Local\Temp\vlc-2.1.4-win64.exe
C:\Users\frank\AppData\Local\Temp\vlc-2.1.5-win64.exe


==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE Association (Whitelisted) =============


==================== Restore Points =========================

Restore point date: 2015-10-22 11:19
Restore point date: 2015-10-23 05:12
Restore point date: 2015-10-30 08:02
Restore point date: 2015-11-03 07:54
Restore point date: 2015-11-07 01:44
Restore point date: 2015-11-10 09:35
Restore point date: 2015-11-16 10:54
Restore point date: 2015-11-19 11:15
Restore point date: 2015-11-21 04:14
Restore point date: 2015-11-21 04:15

==================== Memory info =========================== 

Percentage of memory in use: 19%
Total physical RAM: 3996.36 MB
Available physical RAM: 3220.45 MB
Total Virtual: 3994.51 MB
Available Virtual: 3215.29 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:445.67 GB) (Free:194.28 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Recovery) (Fixed) (Total:19.8 GB) (Free:2.11 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32
Drive h: () (Removable) (Total:0.94 GB) (Free:0.94 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E7E8DEA5)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=445.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=19.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

========================================================
Disk: 1 (Size: 961 MB) (Disk ID: 9866BAFB)
Partition 1: (Active) - (Size=961 MB) - (Type=06)


LastRegBack: 2015-11-03 11:10

==================== End of FRST.txt ============================
--- --- ---
Geändert von benkostello (03.12.2015 um 22:28 Uhr)

Alt 04.12.2015, 16:32   #12
schrauber
/// the machine
/// TB-Ausbilder
 
Windows 7: Logdatei zur Analyse - Standard

Windows 7: Logdatei zur Analyse


Avast.....ich hasse Avast. Immer der ewig gleiche Scheiss.

geht beim Hochfahren F8 > letzte als funktionierend bekannte Config?

Wenn nicht fixen wir jetzt jedes File von Avast weg.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 04.12.2015, 17:34   #13
benkostello
 
Windows 7: Logdatei zur Analyse - Standard

Windows 7: Logdatei zur Analyse


Hallo schrauber,
nein funktioniert leider nicht, wenn ihch die config ausführe, versucht der PC zu starten, macht dann aber wieder einen Neustart in den Windows-Fehlerbehebung Modus :
- Starthilfe
-Windows Normal starten

beides klappt nicht.

Alt 05.12.2015, 22:05   #14
schrauber
/// the machine
/// TB-Ausbilder
 
Windows 7: Logdatei zur Analyse - Standard

Windows 7: Logdatei zur Analyse


Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-10] (Avast Software s.r.o.)
C:\Program Files\AVAST Software
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-10] (Avast Software s.r.o.)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-10] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-04-10] (Avast Software s.r.o.)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-10] (Avast Software s.r.o.)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-10] (Avast Software s.r.o.)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-10] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-04-10] (Avast Software s.r.o.)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-04-10] ()
C:\Windows\system32\drivers\aswHwid.sys
C:\Windows\system32\drivers\aswMonFlt.sys
C:\Windows\system32\drivers\aswRdr2.sys
C:\Windows\system32\drivers\aswSnx.sys
C:\Windows\system32\drivers\aswSP.sys
C:\Windows\system32\drivers\aswStm.sys
C:\Windows\System32\Drivers\aswVmm.sys
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 05.12.2015, 22:20   #15
benkostello
 
Windows 7: Logdatei zur Analyse - Standard

Windows 7: Logdatei zur Analyse


erledigt

Code:
ATTFilter
Fix result of Farbar Recovery Scan Tool (x64) Version:23-11-2015
Ran by SYSTEM (2015-12-05 22:12:31) Run:4
Running from H:\
Boot Mode: Recovery
==============================================

fixlist content:
*****************
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-10] (Avast Software s.r.o.)
C:\Program Files\AVAST Software
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-10] (Avast Software s.r.o.)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-10] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-04-10] (Avast Software s.r.o.)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-10] (Avast Software s.r.o.)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-10] (Avast Software s.r.o.)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-10] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-04-10] (Avast Software s.r.o.)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-04-10] ()
C:\Windows\system32\drivers\aswHwid.sys
C:\Windows\system32\drivers\aswMonFlt.sys
C:\Windows\system32\drivers\aswRdr2.sys
C:\Windows\system32\drivers\aswSnx.sys
C:\Windows\system32\drivers\aswSP.sys
C:\Windows\system32\drivers\aswStm.sys
C:\Windows\System32\Drivers\aswVmm.sys
         
*****************

avast! Antivirus => service removed successfully
C:\Program Files\AVAST Software => moved successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AvastUI.exe => value removed successfully
aswHwid => service removed successfully
aswMonFlt => service removed successfully
aswRdr => service removed successfully
aswSnx => service removed successfully
aswSP => service removed successfully
aswStm => service removed successfully
aswVmm => service removed successfully
C:\Windows\system32\drivers\aswHwid.sys => moved successfully
C:\Windows\system32\drivers\aswMonFlt.sys => moved successfully
C:\Windows\system32\drivers\aswRdr2.sys => moved successfully
C:\Windows\system32\drivers\aswSnx.sys => moved successfully
C:\Windows\system32\drivers\aswSP.sys => moved successfully
C:\Windows\system32\drivers\aswStm.sys => moved successfully
C:\Windows\System32\Drivers\aswVmm.sys => moved successfully

==== End of Fixlog 22:12:32 ====

Nun fährt er hoch bis classpnp.sys :/
die anschließende FRST:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-11-2015
Ran by SYSTEM on MININT-KHLOHO2 (05-12-2015 22:12:48)
Running from H:\
Platform: Windows 7 Home Premium (X64) Language: Englisch (USA)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6463592 2012-02-13] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2885904 2012-02-23] (Synaptics Incorporated)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2015-02-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [684024 2012-02-19] (PDF Complete Inc)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-11-05] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [tvncontrol] => "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2015-02-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [296960 2015-09-28] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\frank\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-11-05] (Samsung)
HKU\frank\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\frank\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-11-05] (Samsung)
HKU\frank\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53655680 2015-07-28] (Skype Technologies S.A.)
HKU\frank\...\Run: [Dropbox Update] => C:\Users\frank\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-22] (Dropbox, Inc.)
HKU\frank\...\Run: [BingSvc] => C:\Users\frank\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-19] (© 2015 Microsoft Corporation)
Startup: C:\Users\frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-11-15]
ShortcutTarget: Dropbox.lnk ->  (No File)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
S2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1134584 2012-02-19] (PDF Complete Inc)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 HitmanPro37CrusaderBoot; "F:\HitmanPro_x64.exe" /crusader:boot [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-12] (CSR, plc)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] ()
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-27] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver.sys [21264 2012-02-23] (Synaptics Incorporated)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-24 19:37 - 2015-12-05 22:12 - 00000000 ____D C:\FRST
2015-11-21 04:24 - 2015-12-04 08:31 - 352775395 _____ C:\Windows\MEMORY.DMP
2015-11-12 10:53 - 2015-10-01 10:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\System32\InkEd.dll
2015-11-12 10:53 - 2015-10-01 09:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-04 08:31 - 2010-11-20 19:47 - 01610938 _____ C:\Windows\PFRO.log
2015-11-21 04:22 - 2013-11-11 09:05 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-21 04:22 - 2012-12-22 05:09 - 02055289 _____ C:\Windows\WindowsUpdate.log
2015-11-21 04:19 - 2012-03-15 05:45 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-21 04:11 - 2015-06-22 03:13 - 00001224 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1640999226-3979880844-3937512731-1000UA.job
2015-11-21 04:10 - 2015-06-22 03:13 - 00001172 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1640999226-3979880844-3937512731-1000Core.job
2015-11-21 04:10 - 2013-04-11 11:47 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-19 10:58 - 2009-07-13 20:45 - 00031248 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-19 10:58 - 2009-07-13 20:45 - 00031248 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-19 10:51 - 2013-11-24 01:32 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-11-19 10:50 - 2012-12-28 15:44 - 00000000 ____D C:\Users\frank\AppData\Local\CrashDumps
2015-11-16 13:01 - 2012-12-22 05:17 - 00000000 ____D C:\Users\frank\AppData\Roaming\Skype
2015-11-15 13:33 - 2012-12-24 04:56 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2015-11-15 08:55 - 2014-09-09 11:13 - 00000000 ___RD C:\Users\frank\Dropbox
2015-11-15 08:55 - 2014-09-09 11:10 - 00000000 ____D C:\Users\frank\AppData\Roaming\Dropbox
2015-11-15 08:50 - 2012-03-15 05:56 - 00000000 ____D C:\ProgramData\PDFC
2015-11-12 10:43 - 2012-03-15 05:45 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-12 10:43 - 2012-03-15 05:45 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-12 10:43 - 2012-03-15 05:45 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-11-10 09:21 - 2012-03-15 14:01 - 00700134 _____ C:\Windows\System32\perfh007.dat
2015-11-10 09:21 - 2012-03-15 14:01 - 00149984 _____ C:\Windows\System32\perfc007.dat
2015-11-10 09:21 - 2009-07-13 21:13 - 01622300 _____ C:\Windows\System32\PerfStringBackup.INI
2015-11-07 01:30 - 2009-07-13 20:51 - 00109347 _____ C:\Windows\setupact.log

Some files in TEMP:
====================
C:\Users\frank\AppData\Local\Temp\2jfuweif.exe
C:\Users\frank\AppData\Local\Temp\5QC20EE.exe
C:\Users\frank\AppData\Local\Temp\7CCAAA0.exe
C:\Users\frank\AppData\Local\Temp\7CcE639.exe
C:\Users\frank\AppData\Local\Temp\bfl5yokj.dll
C:\Users\frank\AppData\Local\Temp\BingSvc.exe
C:\Users\frank\AppData\Local\Temp\bitool.dll
C:\Users\frank\AppData\Local\Temp\BSvcProcessor.exe
C:\Users\frank\AppData\Local\Temp\BSvcUpdater.exe
C:\Users\frank\AppData\Local\Temp\Buwuharoyig.exe
C:\Users\frank\AppData\Local\Temp\C7C9C0F.exe
C:\Users\frank\AppData\Local\Temp\C7CAADE.exe
C:\Users\frank\AppData\Local\Temp\C7cB846.exe
C:\Users\frank\AppData\Local\Temp\C7CCB49.exe
C:\Users\frank\AppData\Local\Temp\cCCA5FE.exe
C:\Users\frank\AppData\Local\Temp\cCcA8CC.exe
C:\Users\frank\AppData\Local\Temp\CcCB8F2.exe
C:\Users\frank\AppData\Local\Temp\CcCF324.exe
C:\Users\frank\AppData\Local\Temp\DefaultPack.EXE
C:\Users\frank\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphlxbla.dll
C:\Users\frank\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\frank\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\frank\AppData\Local\Temp\E3O5649.exe
C:\Users\frank\AppData\Local\Temp\Extract.exe
C:\Users\frank\AppData\Local\Temp\f1pmraph.dll
C:\Users\frank\AppData\Local\Temp\HitmanPro.exe
C:\Users\frank\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\frank\AppData\Local\Temp\jfwnpvo1.dll
C:\Users\frank\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\frank\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\frank\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\frank\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\frank\AppData\Local\Temp\libnspr4.dll
C:\Users\frank\AppData\Local\Temp\nsa68ED.exe
C:\Users\frank\AppData\Local\Temp\nsaE40B.exe
C:\Users\frank\AppData\Local\Temp\nsc5602.exe
C:\Users\frank\AppData\Local\Temp\nsc66C6.exe
C:\Users\frank\AppData\Local\Temp\nscB349.exe
C:\Users\frank\AppData\Local\Temp\nsgA786.exe
C:\Users\frank\AppData\Local\Temp\nsgADE.exe
C:\Users\frank\AppData\Local\Temp\nsl5F1D.exe
C:\Users\frank\AppData\Local\Temp\nsm5D91.exe
C:\Users\frank\AppData\Local\Temp\nsmBC10.exe
C:\Users\frank\AppData\Local\Temp\nsv732B.exe
C:\Users\frank\AppData\Local\Temp\nsvDBB1.exe
C:\Users\frank\AppData\Local\Temp\nsw25BC.exe
C:\Users\frank\AppData\Local\Temp\nswAB8A.exe
C:\Users\frank\AppData\Local\Temp\Resource.exe
C:\Users\frank\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\frank\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\frank\AppData\Local\Temp\Show-Password_1030-8100.exe
C:\Users\frank\AppData\Local\Temp\SkypeSetup.exe
C:\Users\frank\AppData\Local\Temp\SP56942.exe
C:\Users\frank\AppData\Local\Temp\sp58915.exe
C:\Users\frank\AppData\Local\Temp\SP59202.exe
C:\Users\frank\AppData\Local\Temp\sp64126.exe
C:\Users\frank\AppData\Local\Temp\UM7C0CE.exe
C:\Users\frank\AppData\Local\Temp\uninst1.exe
C:\Users\frank\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\frank\AppData\Local\Temp\vlc-2.1.2-win64.exe
C:\Users\frank\AppData\Local\Temp\vlc-2.1.4-win64.exe
C:\Users\frank\AppData\Local\Temp\vlc-2.1.5-win64.exe


==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE Association (Whitelisted) =============


==================== Restore Points =========================

Restore point date: 2015-10-22 11:19
Restore point date: 2015-10-23 05:12
Restore point date: 2015-10-30 08:02
Restore point date: 2015-11-03 07:54
Restore point date: 2015-11-07 01:44
Restore point date: 2015-11-10 09:35
Restore point date: 2015-11-16 10:54
Restore point date: 2015-11-19 11:15
Restore point date: 2015-11-21 04:14
Restore point date: 2015-11-21 04:15

==================== Memory info =========================== 

Percentage of memory in use: 19%
Total physical RAM: 3996.36 MB
Available physical RAM: 3224.41 MB
Total Virtual: 3994.51 MB
Available Virtual: 3213.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:445.67 GB) (Free:194.28 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Recovery) (Fixed) (Total:19.8 GB) (Free:2.11 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32
Drive h: () (Removable) (Total:0.94 GB) (Free:0.94 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E7E8DEA5)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=445.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=19.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

========================================================
Disk: 1 (Size: 961 MB) (Disk ID: 9866BAFB)
Partition 1: (Active) - (Size=961 MB) - (Type=06)


LastRegBack: 2015-11-03 11:10

==================== End of FRST.txt ============================
--- --- ---

--- --- ---
Geändert von benkostello (05.12.2015 um 22:47 Uhr)

Antwort
Seite 1 von 2 1 2

Themen zu Windows 7: Logdatei zur Analyse
adobe flash player, antivirus, comodo, defender, dnsapi.dll, explorer, explorer.exe, file, flash player, free, home, ics, microsoft, pdf, realtek, registry, scan, service.exe, services.exe, software, svchost.exe, system, system32, temp, windows, winlogon.exe


« Windows7: Adwarecleaner fand Schädlinge, darf ich löschen? | Firefox öffnet willkürlich dubiose Websites (z.B.Umfragen) »


Ähnliche Themen: Windows 7: Logdatei zur Analyse


  1. Windows 7: Analyse, ob rechner sauber ist
    Log-Analyse und Auswertung - 26.01.2015 (9)
  2. Windows 7 langsam (PC 2): FRST Log Analyse und Hilfe für Dienste Prozesse
    Log-Analyse und Auswertung - 04.11.2014 (15)
  3. Windows fährt immer wieder herunter - WhoCrashed Analyse
    Alles rund um Windows - 28.09.2014 (1)
  4. firefox und avast probleme mysteriöse windows aktivierung. brauche hilfe bei analyse auswertung
    Log-Analyse und Auswertung - 17.06.2014 (5)
  5. 2x | malwarebaytes-LOG-ANALYSE nach Bereinigung (windows xp,firefox)....
    Mülltonne - 18.11.2013 (1)
  6. Windows 8 x64: nach GVU-Trojaner und Systemwiederherstellung OTL-Analyse
    Log-Analyse und Auswertung - 01.09.2013 (9)
  7. Log Analyse - Windows friert nach Start ein
    Log-Analyse und Auswertung - 19.06.2013 (3)
  8. Analyse und Bereinigung Betriebssystem Windows Vista 32-Bit
    Log-Analyse und Auswertung - 14.10.2012 (16)
  9. BKA Trojaner 1.3 OTL Analyse Windows XP
    Plagegeister aller Art und deren Bekämpfung - 17.09.2012 (9)
  10. Windows Verschlüsselungs Trojaner - otl.txt zur Analyse
    Log-Analyse und Auswertung - 06.05.2012 (3)
  11. Hintergrund: Analyse von Apps für Windows Phone 7
    Nachrichten - 20.01.2012 (0)
  12. Windows Recovery Virus Log Analyse
    Log-Analyse und Auswertung - 11.08.2011 (1)
  13. Toshiba Laptop Windows XP stürzt immer ab - Hinweise in Logdatei?!?
    Mülltonne - 07.11.2010 (1)
  14. mehrere Sachen bei Windows machen Probleme; deswegen um Analyse gebeten
    Log-Analyse und Auswertung - 30.12.2007 (2)
  15. Logdatei
    Log-Analyse und Auswertung - 05.02.2005 (3)
  16. Hilfe! Logdatei in windows/system32
    Log-Analyse und Auswertung - 11.08.2004 (6)
  17. logdatei
    Plagegeister aller Art und deren Bekämpfung - 09.04.2004 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows 7: Logdatei zur Analyse - Hallo, ich kann meinen PC nicht mehr hochfahren, folgendes gibt die Logdatei aus. Könnt ihr mir bitte weiterhelfen, was zu tun ist? vielen dank vorab für die Hilfe! Code: Alles - Windows 7: Logdatei zur Analyse...
Archiv
Du betrachtest: Windows 7: Logdatei zur Analyse auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130