| |
| |||||||
Log-Analyse und Auswertung: GVU/Neustart im abgesichertem Modus (FRST.txt anbei)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
10.07.2013, 13:24
| #1 |
| |  GVU/Neustart im abgesichertem Modus (FRST.txt anbei) Hallo, ich habe mir auch den GVU eingefangen. Beim Versuch die Sache im abgesicherten Modus zu bereinigen, ist mein Rechner gleich wieder heruntergefahren. Habe nach Anweisung aus vorigen Themen eine FRST.txt erstellt und bitte nun um Hilfe. Danke Spin Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-07-2013 01
Ran by SYSTEM on 10-07-2013 13:19:55
Running from G:\
Windows 7 Home Premium (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM\...\Run: [CLMLServer] - "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" [103720 2009-11-02] (CyberLink)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [8555040 2010-04-06] (Realtek Semiconductor)
HKLM\...\Run: [StartCCC] - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-05-27] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [avgnt] - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-08-14] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [AgentMonitor] - C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe [377800 2012-11-07] ()
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe, [x]
HKU\Anita\...\Winlogon: [Shell] explorer.exe,C:\Users\Anita\AppData\Roaming\skype.dat <==== ATTENTION
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [ 2009-07-13] (Microsoft Corporation)
HKU\Default\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [ 2009-11-12] ()
HKU\Default\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [ 2009-10-22] ()
HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [ 2009-07-13] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [ 2009-11-12] ()
HKU\Default User\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [ 2009-10-22] ()
========================== Services (Whitelisted) =================
S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86224 2012-05-14] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-14] (Avira Operations GmbH & Co. KG)
==================== Drivers (Whitelisted) ====================
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [83392 2012-05-14] (Avira GmbH)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137928 2012-05-14] (Avira GmbH)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2011-09-16] (Avira GmbH)
S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2009-10-08] (Avira GmbH)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-10 13:19 - 2013-07-10 13:19 - 00000000 ____D C:\FRST
2013-06-22 12:18 - 2013-07-10 02:17 - 00000004 ____A C:\Users\Anita\AppData\Roaming\skype.ini
2013-06-12 17:00 - 2013-05-16 15:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-12 17:00 - 2013-05-16 14:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-12 17:00 - 2013-05-16 14:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 17:00 - 2013-05-16 14:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 17:00 - 2013-05-16 14:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-12 17:00 - 2013-05-16 14:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-12 17:00 - 2013-05-16 14:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-12 17:00 - 2013-05-16 14:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 17:00 - 2013-05-16 14:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 17:00 - 2013-05-16 14:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-12 17:00 - 2013-05-16 14:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-12 17:00 - 2013-05-16 14:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 17:00 - 2013-05-16 14:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 17:00 - 2013-05-16 14:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-12 17:00 - 2013-05-16 14:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-12 17:00 - 2013-05-16 14:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-12 08:47 - 2013-05-12 20:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 08:47 - 2013-05-12 20:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 08:47 - 2013-05-12 20:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 08:47 - 2013-05-12 19:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 08:47 - 2013-05-12 19:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 08:47 - 2013-05-09 19:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 08:47 - 2013-05-07 21:38 - 01293672 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 08:47 - 2013-05-05 21:06 - 03968872 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-12 08:47 - 2013-05-05 21:06 - 03913576 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-12 08:47 - 2013-04-25 20:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 08:42 - 2013-06-12 08:47 - 00000000 ____D C:\Users\Anita\Desktop\Neuer Ordner
==================== One Month Modified Files and Folders =======
2013-07-10 13:19 - 2013-07-10 13:19 - 00000000 ____D C:\FRST
2013-07-10 02:17 - 2013-06-22 12:18 - 00000004 ____A C:\Users\Anita\AppData\Roaming\skype.ini
2013-07-10 02:15 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-10 02:15 - 2009-07-13 20:39 - 00101880 ____A C:\Windows\setupact.log
2013-06-16 03:23 - 2011-02-14 12:05 - 01869570 ____A C:\Windows\WindowsUpdate.log
2013-06-16 03:23 - 2009-07-13 20:34 - 00009888 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-16 03:23 - 2009-07-13 20:34 - 00009888 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-16 03:21 - 2010-06-29 05:26 - 01498742 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-13 10:13 - 2011-02-18 12:13 - 00000000 __SHD C:\Users\Anita\AppData\Roaming\.#
2013-06-13 09:28 - 2013-03-30 22:45 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-12 18:05 - 2011-02-18 12:13 - 00000000 ____D C:\Users\Anita\AppData\Roaming\ALDI_SUED_Mah_Jong
2013-06-12 17:56 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache
2013-06-12 17:18 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-12 17:03 - 2011-02-20 09:20 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-12 17:01 - 2010-06-30 00:36 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 10:28 - 2013-03-30 22:45 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-12 10:28 - 2013-03-30 22:45 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-12 08:47 - 2013-06-12 08:42 - 00000000 ____D C:\Users\Anita\Desktop\Neuer Ordner
2013-06-12 08:43 - 2011-02-14 13:05 - 00000000 ____D C:\Users\Anita\Desktop\Seminar Ludwigsburg
Files to move or delete:
====================
C:\Users\Anita\AppData\Roaming\skype.dat
C:\Users\Anita\AppData\Roaming\skype.ini
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2013-02-02 02:15:30
Restore point made on: 2013-02-13 08:13:56
Restore point made on: 2013-02-13 09:50:15
Restore point made on: 2013-03-01 11:14:33
Restore point made on: 2013-03-12 11:04:35
Restore point made on: 2013-03-30 23:06:26
Restore point made on: 2013-04-09 07:36:41
Restore point made on: 2013-04-10 17:00:30
Restore point made on: 2013-04-28 13:51:12
Restore point made on: 2013-05-18 10:55:35
Restore point made on: 2013-05-18 17:00:31
Restore point made on: 2013-06-09 00:38:10
Restore point made on: 2013-06-12 17:00:28
==================== Memory info ===========================
Percentage of memory in use: 15%
Total physical RAM: 3071.24 MB
Available physical RAM: 2587.34 MB
Total Pagefile: 3069.52 MB
Available Pagefile: 2588.63 MB
Total Virtual: 2047.88 MB
Available Virtual: 1922.81 MB
==================== Drives ================================
Drive c: (Boot) (Fixed) (Total:890.41 GB) (Free:840.31 GB) NTFS
Drive e: (Recover) (Fixed) (Total:40 GB) (Free:23.53 GB) NTFS
Drive f: (VTech) (CDROM) (Total:0.21 GB) (Free:0 GB) CDFS
Drive g: () (Removable) (Total:3.74 GB) (Free:3.31 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=890 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)
========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)
LastRegBack: 2013-06-12 14:40
==================== End Of Log ============================
|
| Themen zu GVU/Neustart im abgesichertem Modus (FRST.txt anbei) |
| adobe, adobe flash player, antivir, association, avg, avira, crypt, desktop, explorer, explorer.exe, farbar, farbar recovery scan tool, flash player, frst.txt, home, log, microsoft, monitor, monitor.exe, opera, realtek, registry, scan, services.exe, software, svchost.exe, system, wallpaper, winlogon, winlogon.exe |
Baum-Darstellung