Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Windows 7 hängt bei "Windows wird gestartet", schwarzer Bildschirm (https://www.trojaner-board.de/154952-windows-7-haengt-windows-gestartet-schwarzer-bildschirm.html)

Daneth 08.06.2014 14:36
Windows 7 hängt bei "Windows wird gestartet", schwarzer Bildschirm
 
Hey Leute,
seit gestern kann ich meinen Pc nicht mehr booten. Der Pc startet, braucht dann länger als gewöhnlich für den Ladeschirm "Windows wird gestartet" und bleibt dann bei schwarzem Bildschirm stecken (der Mauszeiger war während eines Bootversuches sogar zu sehen).
Den Pc kann ich problemlos im abgesicherten Modus starten (benutze ich um diesen Beitrag zu erstellen).
Ich hab schon einen Scan mit FRST gemacht(Benutzername habe ich durch "gepixelt;)" ersetzt) und die Logdatei angehängt


Wäre klasse wenn ihr mir da weiterhelfen könnt.
Danke im Voraus
Daneth

schrauber 08.06.2014 15:40
Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Daneth 08.06.2014 15:47

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-06-2014
Ran by "gepixelt;)" (administrator) on KARMACRUISER on 08-06-2014 15:17:01
Running from C:\Users\"gepixelt;)"\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Safe Mode (with Networking)



==================== Processes (Whitelisted) =================

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\msdt.exe
(Microsoft Corporation) C:\Windows\System32\sdiagnhost.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NVRaidService] => C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe [291944 2010-04-09] (NVIDIA Corporation)
HKLM\...\Run: [CmPCIaudio] => C:\Windows\Syswow64\CMICNFG3.dll [8151040 2009-10-30] (C-Media Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1179576 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [36352 2008-08-04] ()
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-01-21] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [832272 2014-05-01] (BlueStack Systems, Inc.)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware" [54072 2014-05-12] (Malwarebytes Corporation)
HKU\S-1-5-21-2456681462-1871400286-35062674-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1775808 2014-05-28] (Valve Corporation)
HKU\S-1-5-21-2456681462-1871400286-35062674-1001\...\Run: [uTorrent] => C:\Users\HennesBuhr\AppData\Roaming\uTorrent\uTorrent.exe [1045072 2013-06-02] (BitTorrent Inc.)
HKU\S-1-5-21-2456681462-1871400286-35062674-1001\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3108480 2012-10-23] (DT Soft Ltd)
HKU\S-1-5-21-2456681462-1871400286-35062674-1001\...\Run: [NetLimiter] => C:\Program Files\NetLimiter 3\NLClientApp.exe [2915968 2013-10-10] (Locktime Software)
HKU\S-1-5-21-2456681462-1871400286-35062674-1001\...\MountPoints2: F - F:\Autorun.exe
HKU\S-1-5-21-2456681462-1871400286-35062674-1001\...\MountPoints2: {32e98690-9db3-11e2-bf1c-00044b038423} - F:\BSAutoRun.exe
HKU\S-1-5-21-2456681462-1871400286-35062674-1001\...\MountPoints2: {ad94e32d-5dad-11e3-81c2-001cf01609b4} - G:\Startme.exe
HKU\S-1-5-21-2456681462-1871400286-35062674-1001\...\MountPoints2: {b06f00a5-90b1-11e2-ad0a-806e6f6e6963} - D:\Autorun.exe
HKU\S-1-5-21-2456681462-1871400286-35062674-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1775808 2014-05-28] (Valve Corporation)
HKU\S-1-5-21-2456681462-1871400286-35062674-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [uTorrent] => C:\Users\HennesBuhr\AppData\Roaming\uTorrent\uTorrent.exe [1045072 2013-06-02] (BitTorrent Inc.)
HKU\S-1-5-21-2456681462-1871400286-35062674-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3108480 2012-10-23] (DT Soft Ltd)
HKU\S-1-5-21-2456681462-1871400286-35062674-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [NetLimiter] => C:\Program Files\NetLimiter 3\NLClientApp.exe [2915968 2013-10-10] (Locktime Software)
HKU\S-1-5-21-2456681462-1871400286-35062674-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: F - F:\Autorun.exe
HKU\S-1-5-21-2456681462-1871400286-35062674-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {32e98690-9db3-11e2-bf1c-00044b038423} - F:\BSAutoRun.exe
HKU\S-1-5-21-2456681462-1871400286-35062674-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ad94e32d-5dad-11e3-81c2-001cf01609b4} - G:\Startme.exe
HKU\S-1-5-21-2456681462-1871400286-35062674-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b06f00a5-90b1-11e2-ad0a-806e6f6e6963} - D:\Autorun.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x30CE89721C32CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Winsock: Catalog9 01 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 02 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 03 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 04 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 05 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 06 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 17 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 18 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9-x64 01 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 02 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 03 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 04 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 05 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 06 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 17 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 18 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208] (NVIDIA)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\"gepixelt;)"\AppData\Roaming\Mozilla\Firefox\Profiles\hsux7wha.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.69 - C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.69 - C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF user.js: detected! => C:\Users\"gepixelt;)"\AppData\Roaming\Mozilla\Firefox\Profiles\hsux7wha.default\user.js
FF SearchPlugin: C:\Users\"gepixelt;)"\AppData\Roaming\Mozilla\Firefox\Profiles\hsux7wha.default\searchplugins\BrowserDefender.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\"gepixelt;)"\AppData\Roaming\Mozilla\Firefox\Profiles\hsux7wha.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-03-19]

==================== Services (Whitelisted) =================

S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-05-01] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-05-01] (BlueStack Systems, Inc.)
S2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [774928 2014-05-01] (BlueStack Systems, Inc.)
S2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [626208 2009-08-10] ()
S2 nlsvc; C:\Program Files\NetLimiter 3\nlsvc.exe [1851008 2013-10-10] (Locktime Software)
S2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [206880 2009-08-10] ()
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
S2 SpyHunter 4 Service; C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe [766400 2012-10-08] (Enigma Software Group USA, LLC.)
S3 TuneUp.Defrag; C:\Windows\System32\TuneUpDefragService.exe [505600 2013-03-19] (TuneUp Software)
S2 TuneUp.ProgramStatisticsSvc; C:\Windows\System32\TUProgSt.exe [841472 2013-03-19] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-12-13] ()
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-04-15] (AVG Technologies CZ, s.r.o.)
S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [123152 2014-05-01] (BlueStack Systems)
S3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1155072 2009-12-01] (C-Media Inc)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-04-05] (DT Soft Ltd)
S3 esgiguard; C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()
S3 EsgScanner; C:\Windows\SysWOW64\DRIVERS\EsgScanner.sys [19984 2012-06-22] ()
R3 FETNDIS; C:\Windows\System32\DRIVERS\fet6x64.sys [47872 2009-06-10] (VIA Technologies, Inc.              )
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-12-13] ()
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-08] (Malwarebytes Corporation)
R1 nltdi; C:\Program Files\NetLimiter 3\nltdi.sys [87472 2013-06-12] (Locktime Software)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 RivaTuner64; C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [19952 2013-12-13] ()
R0 sfdrv01; C:\Windows\System32\drivers\sfdrv01.sys [75384 2009-02-03] (Protection Technology (StarForce))
R0 sfsync04; C:\Windows\System32\drivers\sfsync04.sys [79800 2012-06-19] (Protection Technology (StarForce))
S0 gyvflqbn; System32\drivers\tlfv.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-08 15:17 - 2014-06-08 15:17 - 00015570 _____ () C:\Users\"gepixelt;)"\Desktop\FRST.txt
2014-06-08 15:16 - 2014-06-08 15:17 - 00000000 ____D () C:\FRST
2014-06-08 15:16 - 2014-06-08 15:16 - 02072576 _____ (Farbar) C:\Users\"gepixelt;)"\Desktop\FRST64.exe
2014-06-08 14:58 - 2014-06-08 15:11 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-08 14:50 - 2014-06-08 14:50 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-08 14:50 - 2014-06-08 14:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-08 14:50 - 2014-06-08 14:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-08 14:50 - 2014-06-08 14:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-08 14:50 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-08 14:50 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-08 14:50 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-08 14:48 - 2014-06-08 14:48 - 00961360 _____ (Chip Digital GmbH) C:\Users\"gepixelt;)"\Desktop\Malwarebytes Anti Malware - CHIP-Installer.exe
2014-06-08 13:53 - 2014-06-08 13:53 - 00000000 ____D () C:\Windows\pss
2014-05-31 13:17 - 2014-04-22 23:39 - 00002541 _____ () C:\Users\"gepixelt;)"\Desktop\engine_config.xml
2014-05-27 09:18 - 2014-05-27 09:18 - 00001822 _____ () C:\Users\Public\Desktop\Apps.lnk
2014-05-27 09:18 - 2014-05-27 09:18 - 00001807 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk
2014-05-27 09:17 - 2014-05-27 09:25 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-05-27 09:17 - 2014-05-27 09:17 - 00000000 ____D () C:\Users\"gepixelt;)"\AppData\Local\Bluestacks
2014-05-27 09:17 - 2014-05-27 09:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2014-05-27 09:17 - 2014-05-27 09:17 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-05-27 09:17 - 2014-05-27 09:17 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2014-05-27 09:08 - 2014-05-27 09:08 - 00961360 _____ (Chip Digital GmbH) C:\Users\"gepixelt;)"\Desktop\BlueStacks App Player - CHIP-Installer.exe
2014-05-14 11:14 - 2014-05-14 11:14 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-05-10 21:11 - 2014-05-10 21:11 - 00000220 _____ () C:\Users\"gepixelt;)"\Desktop\BioShock Infinite.url
2014-05-10 00:35 - 2014-05-10 00:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 21:36 - 2014-05-09 21:43 - 253723442 _____ (hxxp://www.worldoftanksskins.org/ ) C:\Users\"gepixelt;)"\Desktop\hitboxskins9.0.exe

==================== One Month Modified Files and Folders =======

2014-06-08 15:17 - 2014-06-08 15:17 - 00015570 _____ () C:\Users\"gepixelt;)"\Desktop\FRST.txt
2014-06-08 15:17 - 2014-06-08 15:16 - 00000000 ____D () C:\FRST
2014-06-08 15:17 - 2013-03-19 18:33 - 00000000 ____D () C:\Users\"gepixelt;)"\AppData\Local\Temp
2014-06-08 15:16 - 2014-06-08 15:16 - 02072576 _____ (Farbar) C:\Users\"gepixelt;)"\Desktop\FRST64.exe
2014-06-08 15:11 - 2014-06-08 14:58 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-08 15:10 - 2010-11-21 05:47 - 00049694 _____ () C:\Windows\PFRO.log
2014-06-08 15:08 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-06-08 14:50 - 2014-06-08 14:50 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-08 14:50 - 2014-06-08 14:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-08 14:50 - 2014-06-08 14:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-08 14:50 - 2014-06-08 14:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-08 14:48 - 2014-06-08 14:48 - 00961360 _____ (Chip Digital GmbH) C:\Users\"gepixelt;)"\Desktop\Malwarebytes Anti Malware - CHIP-Installer.exe
2014-06-08 13:55 - 2013-03-19 19:42 - 00000000 ___RD () C:\Users\"gepixelt;)"\Desktop\Programme
2014-06-08 13:55 - 2013-03-19 19:26 - 00000000 ____D () C:\Users\"gepixelt;)"\AppData\Local\Avg2013
2014-06-08 13:53 - 2014-06-08 13:53 - 00000000 ____D () C:\Windows\pss
2014-06-08 13:48 - 2009-07-14 06:51 - 00098756 _____ () C:\Windows\setupact.log
2014-06-08 13:47 - 2013-03-19 18:33 - 00000000 ____D () C:\Users\"gepixelt;)"
2014-06-07 21:35 - 2014-04-26 10:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-06-07 21:35 - 2013-06-02 09:01 - 00000000 ____D () C:\Users\"gepixelt;)"\AppData\Roaming\uTorrent
2014-06-07 21:35 - 2013-03-19 19:38 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-07 21:35 - 2013-03-19 19:35 - 00000000 ____D () C:\Users\"gepixelt;)"\AppData\Roaming\AVG2013
2014-06-07 21:35 - 2013-03-19 19:26 - 00000000 ____D () C:\ProgramData\MFAData
2014-06-07 21:35 - 2013-03-19 18:50 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-07 21:35 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2014-05-29 21:14 - 2013-03-19 18:53 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-29 21:00 - 2013-03-19 19:07 - 00000522 _____ () C:\Windows\Tasks\1-Klick-Wartung.job
2014-05-29 18:50 - 2013-03-19 18:29 - 01350772 _____ () C:\Windows\WindowsUpdate.log
2014-05-29 18:46 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-29 09:57 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-27 09:25 - 2014-05-27 09:17 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-05-27 09:18 - 2014-05-27 09:18 - 00001822 _____ () C:\Users\Public\Desktop\Apps.lnk
2014-05-27 09:18 - 2014-05-27 09:18 - 00001807 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk
2014-05-27 09:18 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-05-27 09:17 - 2014-05-27 09:17 - 00000000 ____D () C:\Users\"gepixelt;)"\AppData\Local\Bluestacks
2014-05-27 09:17 - 2014-05-27 09:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2014-05-27 09:17 - 2014-05-27 09:17 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-05-27 09:17 - 2014-05-27 09:17 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2014-05-27 09:08 - 2014-05-27 09:08 - 00961360 _____ (Chip Digital GmbH) C:\Users\"gepixelt;)"\Desktop\BlueStacks App Player - CHIP-Installer.exe
2014-05-14 11:14 - 2014-05-14 11:14 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-05-14 11:14 - 2013-03-19 18:53 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 11:14 - 2013-03-19 18:53 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 11:14 - 2013-03-19 18:53 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-12 07:26 - 2014-06-08 14:50 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-08 14:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-08 14:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 16:35 - 2013-06-02 11:26 - 00488960 _____ () C:\Windows\DirectX.log
2014-05-11 16:35 - 2013-05-05 12:31 - 00000000 ____D () C:\Users\"gepixelt;)"\Documents\My Games
2014-05-10 21:11 - 2014-05-10 21:11 - 00000220 _____ () C:\Users\"gepixelt;)"\Desktop\BioShock Infinite.url
2014-05-10 14:24 - 2013-03-19 18:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-10 00:35 - 2014-05-10 00:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 21:43 - 2014-05-09 21:36 - 253723442 _____ (hxxp://www.worldoftanksskins.org/ ) C:\Users\"gepixelt;)"\Desktop\hitboxskins9.0.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-29 21:07

==================== End Of Log ============================
--- --- ---

schrauber 09.06.2014 07:03
Addition.txt fehlt noch.


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:58 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131