Log-Analyse und Auswertung: Weißer Bildschirm, Windows startet nicht mehrWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.
Weißer Bildschirm, Windows startet nicht mehr Hallo liebe Helfer, Trotz aktueller Virensoftware hat es mich wohl erwischt. Der Pc startet nicht mehr der Bildschirm bleibt weiß, ebenso fährt sich das System im abgesicherten Modus sofort selbstständig wieder herunter. Einzig der abgesicherte Modus mit Eingabeaufforderung funktioniert noch. Habe schon durchs Forum geschaut, haben ja viele das Problem. Soweit ich das gelesen habe habe ich schon Frst64l laufen lassen. Das Logfile dazu weiter unten. Bei dem Betriebssystem handelt es sich um Windows 7. Habe mir in der Zwischenzeit noch Windows Unlocker von Kaspersky geladen, mach es Sinn das zu verwenden um zumindest erstmal wieder zugriff auf den Desktop zu bekommen? Was muss ich tun um mein System wieder sauber zu bekommen? Bitte detaillierte Hilfe bin nicht ganz so fit mit den systemsachen. Danke schon vorab für eure Hilfe FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-07-2013 Ran by SYSTEM on 04-07-2013 21:04:11 Running from K:\ Windows 7 Home Premium (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor) HKLM\...\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation) HKLM\...\Run: [PLD_FrameworkRun] c:\Windows\System32\oem\RunCMD_X64.exe c:\Windows\System32\oem\OKTOLaunch_PLD_Framework.cmd [133 2009-08-26] () HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED [588648 2009-07-24] (Symantec Corporation) HKLM-x32\...\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1124424 2009-09-24] (G DATA Software AG) HKLM-x32\...\Run: [G DATA AntiVirus Trayapplication] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe [924232 2009-09-18] (G Data Software AG) HKLM-x32\...\Run: [SBMBActivation] "C:\Program Files (x86)\Creative\ALchemy SB MB\CTActMgr.exe" /activate [1402392 2008-03-09] (Creative Technology Ltd) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1230704 2011-03-21] () HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation) HKU\Alex\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-09-07] (Google Inc.) HKU\Alex\...\Run: [ICQ] "C:\Program Files (x86)\ICQ7.2\ICQ.exe" silent loginmode=4 [133432 2011-01-05] (ICQ, LLC.) HKU\Alex\...\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized [x] HKU\Alex\...\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" [1098072 2013-03-27] (Garmin Ltd or its subsidiaries) HKU\Alex\...\Winlogon: [Shell] explorer.exe,C:\Users\Alex\AppData\Roaming\skype.dat [69632 2011-11-16] () <==== ATTENTION HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe /default [162336 2009-07-21] () HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe /default [162336 2009-07-21] () HKU\UpdatusUser\...\RunOnce: [ScrSav] C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe /default [162336 2009-07-21] () ==================== Services (Whitelisted) ================= S2 AVKProxy; C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1128008 2009-12-07] (G Data Software AG) S2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [397896 2009-08-08] (G Data Software AG) S2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe [1731504 2009-11-24] (G Data Software AG) S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [185688 2013-03-27] (Garmin Ltd or its subsidiaries) S3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [1664560 2009-11-24] (G Data Software AG) S3 GDScan; C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe [302152 2009-11-26] (G Data Software AG) S2 Greg_Service; C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated) S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-11-26] () S3 Sound Blaster MB Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\SBMBLicensing.exe [79360 2009-09-23] (Creative Labs) S2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [240160 2009-07-03] (Acer) ==================== Drivers (Whitelisted) ==================== S0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [34760 2010-08-10] (G Data Software AG) S3 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [74184 2010-08-10] (G Data Software AG) S3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [57288 2010-08-10] (G DATA Software AG) S1 gdwfpcd; C:\Windows\System32\DRIVERS\gdwfpcd64.sys [48584 2010-08-10] (G DATA Software AG) S1 GRD; C:\Windows\system32\drivers\GRD.sys [106224 2009-09-23] (G Data Software) S1 GRD; C:\Windows\system32\drivers\GRD.sys [106224 2009-09-23] (G Data Software) S3 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [42952 2009-09-07] (G Data Software AG) S3 NAL; C:\Windows\system32\Drivers\iqvw64e.sys [34472 2009-06-23] (Intel Corporation ) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-04 21:04 - 2013-07-04 21:04 - 00000000 ____D C:\FRST 2013-07-04 05:06 - 2013-07-04 11:00 - 00000004 ____A C:\Users\Alex\AppData\Roaming\skype.ini 2013-06-15 08:27 - 2013-05-16 17:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-15 08:27 - 2013-05-16 17:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-15 08:27 - 2013-05-16 17:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-15 08:27 - 2013-05-16 17:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-15 08:27 - 2013-05-16 17:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-06-15 08:27 - 2013-05-16 17:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-06-15 08:27 - 2013-05-16 17:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-06-15 08:27 - 2013-05-16 17:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-06-15 08:27 - 2013-05-16 16:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-15 08:27 - 2013-05-16 16:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-06-15 08:27 - 2013-05-16 16:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-15 08:27 - 2013-05-16 16:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-15 08:27 - 2013-05-16 16:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-15 08:27 - 2013-05-16 16:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-06-15 08:27 - 2013-05-16 16:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-06-15 08:27 - 2013-05-16 16:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-06-15 08:27 - 2013-05-16 16:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-06-15 08:27 - 2013-05-14 04:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-06-15 08:27 - 2013-05-14 00:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-06-15 08:26 - 2013-06-08 06:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-15 08:26 - 2013-06-08 06:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-15 08:26 - 2013-06-08 06:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-15 08:26 - 2013-06-08 06:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-15 08:26 - 2013-06-08 06:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-15 08:26 - 2013-06-08 04:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-15 08:26 - 2013-06-08 03:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-15 08:26 - 2013-06-08 03:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-15 08:26 - 2013-06-08 03:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-15 08:26 - 2013-06-08 03:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-15 08:26 - 2013-06-08 03:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-15 08:26 - 2013-06-08 03:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-15 03:43 - 2013-05-07 22:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-15 03:39 - 2013-04-25 21:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-15 03:39 - 2013-04-25 20:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-06-15 03:38 - 2013-05-09 21:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll 2013-06-15 03:38 - 2013-05-09 19:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-06-15 03:38 - 2013-04-16 23:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2013-06-15 03:38 - 2013-04-16 22:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll 2013-06-15 03:37 - 2013-05-12 21:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-15 03:37 - 2013-05-12 21:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-15 03:37 - 2013-05-12 21:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-15 03:37 - 2013-05-12 21:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll 2013-06-15 03:37 - 2013-05-12 20:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-06-15 03:37 - 2013-05-12 20:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-06-15 03:37 - 2013-05-12 20:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-06-15 03:37 - 2013-05-12 19:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-15 03:37 - 2013-05-12 19:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-06-15 03:37 - 2013-05-12 19:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2013-06-15 03:36 - 2013-04-25 15:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2013-06-15 03:36 - 2013-03-31 14:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll 2013-06-08 21:59 - 2013-06-08 21:59 - 00001014 ____A C:\Users\Alex\Desktop\Emergency 2012.lnk 2013-06-08 21:58 - 2013-06-08 21:58 - 00000000 ____D C:\Users\Alex\AppData\Local\Quadriga Games ==================== One Month Modified Files and Folders ======= 2013-07-04 21:04 - 2013-07-04 21:04 - 00000000 ____D C:\FRST 2013-07-04 20:55 - 2010-08-10 05:52 - 00000000 __SHD C:\Recovery 2013-07-04 11:00 - 2013-07-04 05:06 - 00000004 ____A C:\Users\Alex\AppData\Roaming\skype.ini 2013-07-04 11:00 - 2010-08-10 08:26 - 00001102 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-07-04 11:00 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-07-04 10:59 - 2009-09-23 15:27 - 00000000 ____D C:\ProgramData\NVIDIA 2013-07-04 10:59 - 2009-07-13 20:51 - 00117925 ____A C:\Windows\setupact.log 2013-07-04 05:56 - 2009-09-24 01:13 - 00654150 ____A C:\Windows\System32\perfh007.dat 2013-07-04 05:56 - 2009-09-24 01:13 - 00130022 ____A C:\Windows\System32\perfc007.dat 2013-07-04 05:56 - 2009-07-13 21:13 - 01498742 ____A C:\Windows\System32\PerfStringBackup.INI 2013-07-04 05:53 - 2009-09-23 15:21 - 01984940 ____A C:\Windows\WindowsUpdate.log 2013-07-04 04:24 - 2010-08-10 08:26 - 00001106 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-07-04 04:17 - 2012-04-07 03:33 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-07-03 23:17 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF 2013-07-03 23:14 - 2010-09-03 22:21 - 00000000 ____D C:\Users\Alex\AppData\Roaming\ICQ 2013-07-03 23:10 - 2009-07-13 20:45 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-03 23:10 - 2009-07-13 20:45 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-02 06:08 - 2010-11-05 07:05 - 00000205 ____A C:\Users\Alex\Desktop\Handy IMEI.txt 2013-07-01 22:14 - 2010-08-10 06:04 - 00000000 ____D C:\Users\Alex\AppData\Local\Google 2013-07-01 00:20 - 2011-06-07 06:20 - 00000040 ____A C:\ProgramData\ra3.ini 2013-06-29 04:46 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache 2013-06-15 08:30 - 2009-09-07 16:50 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-06-15 08:28 - 2010-08-10 19:09 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-06-15 05:17 - 2012-04-07 03:32 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-06-15 05:17 - 2011-05-13 21:34 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-08 21:59 - 2013-06-08 21:59 - 00001014 ____A C:\Users\Alex\Desktop\Emergency 2012.lnk 2013-06-08 21:58 - 2013-06-08 21:58 - 00000000 ____D C:\Users\Alex\AppData\Local\Quadriga Games 2013-06-08 21:43 - 2009-09-23 15:37 - 00331060 ____A C:\Windows\DirectX.log 2013-06-08 21:25 - 2010-08-10 08:22 - 00000000 ____D C:\Games 2013-06-08 06:08 - 2013-06-15 08:26 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-08 06:07 - 2013-06-15 08:26 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-08 06:06 - 2013-06-15 08:26 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-08 06:06 - 2013-06-15 08:26 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-08 06:06 - 2013-06-15 08:26 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-08 04:28 - 2013-06-15 08:26 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-08 03:42 - 2013-06-15 08:26 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-08 03:40 - 2013-06-15 08:26 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-08 03:40 - 2013-06-15 08:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-08 03:40 - 2013-06-15 08:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-08 03:40 - 2013-06-15 08:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-08 03:13 - 2013-06-15 08:26 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb Files to move or delete: ==================== C:\Users\Alex\AppData\Roaming\skype.dat C:\Users\Alex\AppData\Roaming\skype.ini C:\ProgramData\FullRemove.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 11% Total physical RAM: 6135.08 MB Available physical RAM: 5402.58 MB Total Pagefile: 6133.23 MB Available Pagefile: 5406.39 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (Packard Bell) (Fixed) (Total:911.41 GB) (Free:669.02 GB) NTFS (Disk=0 Partition=3) Drive e: (PQSERVICE) (Fixed) (Total:20 GB) (Free:8 GB) NTFS (Disk=0 Partition=1) Drive k: () (Removable) (Total:3.73 GB) (Free:3.73 GB) FAT32 (Disk=5 Partition=1) Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: D82CFC90) Partition 1: (Not Active) - (Size=20 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=911 GB) - (Type=07 NTFS) ======================================================== Disk: 5 (Size: 4 GB) (Disk ID: 59830965) Partition 1: (Not Active) - (Size=4 GB) - (Type=0B) LastRegBack: 2013-07-03 01:21 ==================== End Of Log ============================ Geändert von Bullet207 (05.07.2013 um 05:58 Uhr) |
Weißer Bildschirm, Windows startet nicht mehr Hi,
__________________Drücke bitte die ![]() Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\Alex\...\Winlogon: [Shell] explorer.exe,C:\Users\Alex\AppData\Roaming\skype.dat [69632 2011-11-16] () <==== ATTENTION C:\Users\Alex\AppData\Roaming\skype.dat C:\Users\Alex\AppData\Roaming\skype.ini C:\ProgramData\FullRemove.exe
__________________ |
Weißer Bildschirm, Windows startet nicht mehrCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-07-2013 Ran by SYSTEM at 2013-07-05 09:00:22 Run:1 Running from K:\ Boot Mode: Recovery ============================================== HKU\Alex\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully. C:\Users\Alex\AppData\Roaming\skype.dat => Moved successfully. C:\Users\Alex\AppData\Roaming\skype.ini => Moved successfully. C:\ProgramData\FullRemove.exe => Moved successfully. ==== End of Fixlog ==== |
Weißer Bildschirm, Windows startet nicht mehr Neu booten, freuen
__________________ gruß, schrauber
Weißer Bildschirm, Windows startet nicht mehr Super Danke funktioniert wieder. Gibt es noch irgend eine Möglichkeit zu überprüfen ob noch irgendwelche schädlichen Reste drauf sind oder kann ich davon ausgehen das dass System wieder sicher ist
Weißer Bildschirm, Windows startet nicht mehr Machen wir jetzt, alles im normalen Windows bitte
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Systemscan mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
__________________ --> Weißer Bildschirm, Windows startet nicht mehr
Weißer Bildschirm, Windows startet nicht mehr Adw Cleaner: Code:
ATTFilter # AdwCleaner v2.304 - Datei am 05/07/2013 um 18:24:59 erstellt # Aktualisiert am 03/07/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : Alex - ALEX-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Alex\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Ordner Gelöscht : C:\ProgramData\Partner Ordner Gelöscht : C:\Users\Alex\AppData\Local\Temp\boost_interprocess ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\Conduit Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar ***** [Internet Browser] ***** -\\ Internet Explorer v10.0.9200.16611 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v9.0.1 (de) Datei : C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\fl33aulf.default\prefs.js [OK] Die Datei ist sauber. ************************* AdwCleaner[S1].txt - [934 octets] - [05/07/2013 18:24:59] ########## EOF - C:\AdwCleaner[S1].txt - [993 octets] ########## JRT File: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.9.4 (05.06.2013:1) OS: Windows 7 Home Premium x64 Ran by Alex on 05.07.2013 at 18:29:37,71 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files Successfully deleted: [File] C:\eula.1028.txt Successfully deleted: [File] C:\eula.1031.txt Successfully deleted: [File] C:\eula.1033.txt Successfully deleted: [File] C:\eula.1036.txt Successfully deleted: [File] C:\eula.1040.txt Successfully deleted: [File] C:\eula.1041.txt Successfully deleted: [File] C:\eula.1042.txt Successfully deleted: [File] C:\eula.2052.txt Successfully deleted: [File] C:\install.res.1028.dll Successfully deleted: [File] C:\install.res.1031.dll Successfully deleted: [File] C:\install.res.1033.dll Successfully deleted: [File] C:\install.res.1036.dll Successfully deleted: [File] C:\install.res.1040.dll Successfully deleted: [File] C:\install.res.1041.dll Successfully deleted: [File] C:\install.res.1042.dll Successfully deleted: [File] C:\install.res.2052.dll Successfully deleted: [File] C:\install.res.3082.dll ~~~ Folders Successfully deleted: [Empty Folder] C:\Users\Alex\appdata\local\{1F0EF2CD-F01B-4BE7-B209-6BD51058261C} ~~~ FireFox Emptied folder: C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\fl33aulf.default\minidumps [34 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 05.07.2013 at 18:32:12,27 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-07-2013 Ran by Alex (administrator) on 05-07-2013 18:33:27 Running from C:\Users\Alex\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Adobe Systems Incorporated) c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe () C:\Windows\System32\OEM\RunCmd_X64.exe (Microsoft Corporation) C:\Windows\system32\cmd.exe () c:\windows\system32\oem\setEvent.exe (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe (Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation) C:\Windows\system32\consent.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor) HKLM\...\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation) HKLM\...\Run: [PLD_FrameworkRun] c:\Windows\System32\oem\RunCMD_X64.exe c:\Windows\System32\oem\OKTOLaunch_PLD_Framework.cmd [133 2009-08-26] () HKCU\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-09-08] (Google Inc.) HKCU\...\Run: [ICQ] "C:\Program Files (x86)\ICQ7.2\ICQ.exe" silent loginmode=4 [133432 2011-01-05] (ICQ, LLC.) HKCU\...\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" [1098072 2013-03-27] (Garmin Ltd or its subsidiaries) HKCU\...\Policies\system: [DisableRegistryTools] 0 HKCU\...\Policies\system: [DisableTaskMgr] 0 HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED [588648 2009-07-25] (Symantec Corporation) HKLM-x32\...\Run: [SBMBActivation] "C:\Program Files (x86)\Creative\ALchemy SB MB\CTActMgr.exe" /activate [1402392 2008-03-10] (Creative Technology Ltd) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1230704 2011-03-21] () HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation) HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe /default [162336 2009-07-22] () HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe /default [162336 2009-07-22] () HKU\UpdatusUser\...\RunOnce: [ScrSav] C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe /default [162336 2009-07-22] () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=ipower_i9098_ge&r=173608105409p0324v175y47610201 BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) BHO-x32: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] FireFox: ======== FF ProfilePath: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\fl33aulf.default FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF Plugin-x32: @esn/esnlaunch,version=1.102.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=1.118.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB) FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml FF Extension: No Name - C:\Users\Alex\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video FF HKLM-x32\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa FF Extension: DivX HiQ - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa ==================== Services (Whitelisted) ================= R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [185688 2013-03-27] (Garmin Ltd or its subsidiaries) R2 Greg_Service; C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated) R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-11-26] () S3 Sound Blaster MB Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\SBMBLicensing.exe [79360 2009-09-24] (Creative Labs) S2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [240160 2009-07-04] (Acer) ==================== Drivers (Whitelisted) ==================== S3 NAL; C:\Windows\system32\Drivers\iqvw64e.sys [34472 2009-06-24] (Intel Corporation ) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-05 18:32 - 2013-07-05 18:32 - 00001726 ____A C:\Users\Alex\Desktop\JRT.txt 2013-07-05 18:29 - 2013-07-05 18:29 - 00000000 ____D C:\Windows\ERUNT 2013-07-05 18:27 - 2013-07-05 18:27 - 00001061 ____A C:\Users\Alex\Desktop\AdwCleaner[S1].txt 2013-07-05 18:26 - 2013-07-05 18:26 - 00000056 ____A C:\Windows\setupact.log 2013-07-05 18:26 - 2013-07-05 18:26 - 00000000 ____A C:\Windows\setuperr.log 2013-07-05 18:24 - 2013-07-05 18:25 - 00001061 ____A C:\AdwCleaner[S1].txt 2013-07-05 18:24 - 2013-07-05 18:24 - 01934636 ____A (Farbar) C:\Users\Alex\Desktop\FRST64.exe 2013-07-05 18:23 - 2013-07-05 18:29 - 00000000 ____D C:\JRT 2013-07-05 18:23 - 2013-07-05 18:23 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Alex\Desktop\JRT.exe 2013-07-05 18:22 - 2013-07-05 18:22 - 00650027 ____A C:\Users\Alex\Desktop\adwcleaner.exe 2013-07-05 13:49 - 2013-07-05 13:49 - 00217056 ____A C:\Users\Alex\Documents\cc_20130705_134928.reg 2013-07-05 13:49 - 2013-07-05 13:49 - 00009506 ____A C:\Users\Alex\Documents\cc_20130705_134953.reg 2013-07-05 12:58 - 2013-07-05 13:02 - 00000834 ____A C:\Users\Public\Desktop\CCleaner.lnk 2013-07-05 12:58 - 2013-07-05 13:02 - 00000000 ____D C:\Program Files\CCleaner 2013-07-05 07:04 - 2013-07-05 07:04 - 00000000 ____D C:\FRST 2013-06-15 18:27 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-15 18:27 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-15 18:27 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-15 18:27 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-15 18:27 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-06-15 18:27 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-06-15 18:27 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-06-15 18:27 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-06-15 18:27 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-15 18:27 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-06-15 18:27 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-15 18:27 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-15 18:27 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-15 18:27 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-06-15 18:27 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-06-15 18:27 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-06-15 18:27 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-06-15 18:27 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-06-15 18:27 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-06-15 18:26 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-15 18:26 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-15 18:26 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-15 18:26 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-15 18:26 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-15 18:26 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-15 18:26 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-15 18:26 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-15 18:26 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-15 18:26 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-15 18:26 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-15 18:26 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-15 13:43 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-15 13:39 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-15 13:39 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-06-15 13:38 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll 2013-06-15 13:38 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-06-15 13:38 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2013-06-15 13:38 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll 2013-06-15 13:37 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-15 13:37 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-15 13:37 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-15 13:37 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll 2013-06-15 13:37 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-06-15 13:37 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-06-15 13:37 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-06-15 13:37 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-15 13:37 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-06-15 13:37 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2013-06-15 13:36 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2013-06-15 13:36 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll 2013-06-09 07:59 - 2013-06-09 07:59 - 00001014 ____A C:\Users\Alex\Desktop\Emergency 2012.lnk 2013-06-09 07:58 - 2013-06-09 07:58 - 00000000 ____D C:\Users\Alex\AppData\Local\Quadriga Games ==================== One Month Modified Files and Folders ======= 2013-07-05 18:32 - 2013-07-05 18:32 - 00001726 ____A C:\Users\Alex\Desktop\JRT.txt 2013-07-05 18:32 - 2009-09-24 11:13 - 00654150 ____A C:\Windows\System32\perfh007.dat 2013-07-05 18:32 - 2009-09-24 11:13 - 00130022 ____A C:\Windows\System32\perfc007.dat 2013-07-05 18:32 - 2009-07-14 07:13 - 01498742 ____A C:\Windows\System32\PerfStringBackup.INI 2013-07-05 18:29 - 2013-07-05 18:29 - 00000000 ____D C:\Windows\ERUNT 2013-07-05 18:29 - 2013-07-05 18:23 - 00000000 ____D C:\JRT 2013-07-05 18:27 - 2013-07-05 18:27 - 00001061 ____A C:\Users\Alex\Desktop\AdwCleaner[S1].txt 2013-07-05 18:26 - 2013-07-05 18:26 - 00000056 ____A C:\Windows\setupact.log 2013-07-05 18:26 - 2013-07-05 18:26 - 00000000 ____A C:\Windows\setuperr.log 2013-07-05 18:26 - 2010-08-10 18:26 - 00001102 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-07-05 18:26 - 2009-09-24 01:27 - 00000000 ____D C:\ProgramData\NVIDIA 2013-07-05 18:26 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-07-05 18:25 - 2013-07-05 18:24 - 00001061 ____A C:\AdwCleaner[S1].txt 2013-07-05 18:25 - 2009-09-24 01:21 - 02087951 ____A C:\Windows\WindowsUpdate.log 2013-07-05 18:24 - 2013-07-05 18:24 - 01934636 ____A (Farbar) C:\Users\Alex\Desktop\FRST64.exe 2013-07-05 18:24 - 2010-08-10 18:26 - 00001106 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-07-05 18:23 - 2013-07-05 18:23 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Alex\Desktop\JRT.exe 2013-07-05 18:22 - 2013-07-05 18:22 - 00650027 ____A C:\Users\Alex\Desktop\adwcleaner.exe 2013-07-05 18:21 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF 2013-07-05 18:17 - 2012-04-07 13:33 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-07-05 18:03 - 2009-07-14 06:45 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-05 18:03 - 2009-07-14 06:45 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-05 13:49 - 2013-07-05 13:49 - 00217056 ____A C:\Users\Alex\Documents\cc_20130705_134928.reg 2013-07-05 13:49 - 2013-07-05 13:49 - 00009506 ____A C:\Users\Alex\Documents\cc_20130705_134953.reg 2013-07-05 13:47 - 2007-07-12 03:49 - 00000000 ____D C:\Windows\Panther 2013-07-05 13:02 - 2013-07-05 12:58 - 00000834 ____A C:\Users\Public\Desktop\CCleaner.lnk 2013-07-05 13:02 - 2013-07-05 12:58 - 00000000 ____D C:\Program Files\CCleaner 2013-07-05 12:53 - 2009-09-08 03:24 - 00000000 ____D C:\ProgramData\G DATA 2013-07-05 12:53 - 2009-09-08 03:24 - 00000000 ____D C:\Program Files (x86)\G Data 2013-07-05 07:04 - 2013-07-05 07:04 - 00000000 ____D C:\FRST 2013-07-05 06:55 - 2010-08-10 15:52 - 00000000 __SHD C:\Recovery 2013-07-04 09:14 - 2010-09-04 08:21 - 00000000 ____D C:\Users\Alex\AppData\Roaming\ICQ 2013-07-02 16:08 - 2010-11-05 17:05 - 00000205 ____A C:\Users\Alex\Desktop\Handy IMEI.txt 2013-07-02 12:56 - 2013-07-02 12:51 - 32172789 ____A 2013-07-02 08:14 - 2010-08-10 16:04 - 00000000 ____D C:\Users\Alex\AppData\Local\Google 2013-07-01 10:20 - 2011-06-07 16:20 - 00000040 ____A C:\ProgramData\ra3.ini 2013-06-29 14:46 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2013-06-15 18:30 - 2009-09-08 02:50 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-06-15 18:28 - 2010-08-11 05:09 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-06-15 15:17 - 2012-04-07 13:32 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-06-15 15:17 - 2011-05-14 07:34 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-09 07:59 - 2013-06-09 07:59 - 00001014 ____A C:\Users\Alex\Desktop\Emergency 2012.lnk 2013-06-09 07:58 - 2013-06-09 07:58 - 00000000 ____D C:\Users\Alex\AppData\Local\Quadriga Games 2013-06-09 07:25 - 2010-08-10 18:22 - 00000000 ____D C:\Games 2013-06-08 16:08 - 2013-06-15 18:26 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-08 16:07 - 2013-06-15 18:26 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-08 16:06 - 2013-06-15 18:26 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-08 16:06 - 2013-06-15 18:26 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-08 16:06 - 2013-06-15 18:26 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-08 14:28 - 2013-06-15 18:26 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-08 13:42 - 2013-06-15 18:26 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-08 13:40 - 2013-06-15 18:26 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-08 13:40 - 2013-06-15 18:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-08 13:40 - 2013-06-15 18:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-08 13:40 - 2013-06-15 18:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-08 13:13 - 2013-06-15 18:26 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-03 11:21 ==================== End Of Log ============================ --- --- --- Adddition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-07-2013 Ran by Alex at 2013-07-05 18:34:38 Running from C:\Users\Alex\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Acrobat.com (x32 Version: 1.6.65) Adobe AIR (x32 Version: Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224) Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224) Adobe Photoshop Elements 7.0 (x32 Version: 7.0.1) Adobe Photoshop Elements 7.0 (x32 Version: Adobe Reader 9.5.1 MUI (x32 Version: 9.5.1) Adobe Shockwave Player 11.6 (x32 Version: Advertising Center (x32 Version: Alice Greenfingers (x32) Amazonia (x32) ANNO 2070 (x32 Version: Apple Software Update (x32 Version: Battlefield 3™ (x32 Version: Battlefield: Bad Company™ 2 (x32 Version: Birth of the Federation (x32) CCleaner (Version: 4.03) Chicken Invaders 2 (x32) Command & Conquer™ 4 Tiberian Twilight (x32 Version: Command & Conquer™ Alarmstufe Rot 3 (x32 Version: Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000) Creative ALchemy (SB MB Edition) (x32) Creative Sound Blaster MB (x32 Version: 1.0) D3DX10 (x32 Version: 15.4.2368.0902) Dairy Dash (x32) Defcon v1.6 (x32) Der VerkehrsGigant (x32) Die Sims™ 3 (x32 Version: 1.29.55) DivX-Setup (x32 Version: Dream Day First Home (x32) EAX4 Unified Redist (x32 Version: 4.001) eBay Worldwide (x32 Version: 2.1.0703) Elevated Installer (x32 Version: 2.1.13) Emergency 2012 (x32) Emergency4 (x32 Version: 1.03.001) ESN Sonar (x32 Version: 0.70.4) F1 2002 (x32) F1 2010 (x32 Version: 1.0.0000.132) F1 2010 (x32 Version: 1.0.0001.132) Farm Frenzy 2 (x32) FIFA Fussball-Weltmeisterschaft 2006 (TM) (x32) Firebird SQL Server - MAGIX Edition (x32 Version: Garmin Communicator Plugin (x32 Version: 2.9.3) Garmin Express (x32 Version: 2.1.13) Garmin Express Tray (x32 Version: 2.1.13) Garmin Update Service (x32 Version: 2.1.13) Garmin USB Drivers (x32 Version: GIMP 2.6.10 (x32 Version: 2.6.10) Google Earth (x32 Version: Google Toolbar for Internet Explorer (x32 Version: 1.0.0) Google Toolbar for Internet Explorer (x32 Version: 7.5.4209.2358) Google Update Helper (x32 Version: Granny In Paradise (x32) Heroes of Hellas (x32) ICQ7.2 (x32 Version: 7.2) Identity Card (x32 Version: 1.00.3001) ImagXpress (x32 Version: Indeo® software (x32) Intel(R) Network Connections (Version: Intel® Matrix Storage Manager Java Auto Updater (x32 Version: Java(TM) 6 Update 29 (x32 Version: 6.0.290) Jetfighter 5 (x32 Version: 1.00.0000) Junk Mail filter update (x32 Version: 15.4.3502.0922) Lidl-Fotos (x32) Loksim3D (x32 Version: 2.7.2) MAGIX Foto Manager 8 (x32 Version: MAGIX Fotobuch 3.6 (x32 Version: 3.6) MAGIX Media Suite (x32 Version: MAGIX Online Druck Service (x32 Version: MAGIX Ringtone Maker SE (x32 Version: Merriam Websters Spell Jam (x32) Metaboli (x32 Version: 1.00.0006) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Games for Windows - LIVE Redistributable (x32 Version: Microsoft Games for Windows Marketplace (x32 Version: Microsoft Office 2007 Service Pack 3 (SP3) (x32) Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003) Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1) Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000) Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32) Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Silverlight (Version: 5.1.20125.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft Works (x32 Version: 9.7.0621) Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0) Mozilla Firefox 9.0.1 (x86 de) (x32 Version: 9.0.1) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT_amd64 (x32 Version: 15.4.2862.0708) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) mufin player (x32 Version: MyTube Internet Recorder (x32 Version: 2.08.1115) Need for Speed(TM) Hot Pursuit (x32 Version: Need for Speed™ SHIFT (x32 Version: Nero 9 Essentials (x32) Nero ControlCenter (x32 Version: Nero DiscSpeed (x32 Version: Nero DiscSpeed Help (x32 Version: Nero DriveSpeed (x32 Version: Nero DriveSpeed Help (x32 Version: Nero Express Help (x32 Version: Nero InfoTool (x32 Version: Nero InfoTool Help (x32 Version: Nero Installer (x32 Version: Nero Move it (x32 Version: Nero Move it Essentials (x32) Nero Move it Help (x32 Version: Nero Online Upgrade (x32 Version: Nero StartSmart (x32 Version: Nero StartSmart Help (x32 Version: Nero StartSmart OEM (x32 Version: NeroExpress (x32 Version: neroxml (x32 Version: 1.0.0) Norton Online Backup (x32 Version: NVIDIA 3D Vision Treiber 311.06 (Version: 311.06) NVIDIA Display Control Panel (Version: NVIDIA Grafiktreiber 311.06 (Version: 311.06) NVIDIA Install Application (Version: 2.1002.108.688) NVIDIA PhysX (x32 Version: 9.10.0513) NVIDIA Stereoscopic 3D Driver (x32 Version: NVIDIA Systemsteuerung 311.06 (Version: 311.06) NVIDIA Update 1.11.3 (Version: 1.11.3) NVIDIA Update Components (Version: 1.11.3) OpenAL (x32) OpenOffice.org 3.2 (x32 Version: 3.2.9502) Origin (x32 Version: Packard Bell GameZone Console (x32 Version: Packard Bell InfoCentre (x32 Version: 3.02.3000) Packard Bell Recovery Management (x32 Version: 4.05.3003) Packard Bell Registration (x32 Version: 1.02.3006) Packard Bell ScreenSaver (x32 Version: 1.1.0812) Packard Bell Updater (x32 Version: 1.01.3014) Pando Media Booster (x32 Version: PunkBuster Services (x32 Version: 0.991) PVSonyDll (Version: 1.00.0001) QuickTime (x32 Version: Rapture3D 2.4.4 Game (x32) Realtek High Definition Audio Driver (x32 Version: Samsung_MonSetup (x32 Version: 1.00.0000) Serif DrawPlus X2 (x32 Version: Serif PhotoPlus X2 (x32 Version: Serif WebPlus X2 (x32 Version: SHIFT 2 UNLEASHED™ (x32 Version: Silent Hunter 4 Wolves of the Pacific (x32 Version: 1.04.0000) Star Defender 4 (x32) Star Trek Bridge Commander (x32) Star Trek Online (x32) StarCraft II (x32 Version: Tom Clancy's Rainbow Six Vegas 2 (x32 Version: 1.00) Tom Clancy's Splinter Cell Double Agent (x32 Version: 1.00.0000) Ubisoft Game Launcher (x32 Version: Update for 2007 Microsoft Office System (KB967642) (x32) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32) Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32) Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition (x32) Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32) Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817327) 32-Bit Edition (x32) Update für Microsoft Office Excel 2007 Help (KB963678) (x32) Update für Microsoft Office Outlook 2007 Help (KB963677) (x32) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32) Update für Microsoft Office Word 2007 Help (KB963665) (x32) VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0) VLC media player 1.1.2 (x32 Version: 1.1.2) Welcome Center (x32 Version: 1.00.3006) Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 (Version: 06/03/2009 Windows Live Communications Platform (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3508.1109) Windows Live Fotogalerie (x32 Version: 15.4.3502.0922) Windows Live ID Sign-in Assistant (Version: 7.250.4225.0) Windows Live Installer (x32 Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3508.1109) Windows Live Mail (x32 Version: 15.4.3502.0922) Windows Live Messenger (x32 Version: 15.4.3502.0922) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Movie Maker (x32 Version: 15.4.3502.0922) Windows Live Photo Common (x32 Version: 15.4.3502.0922) Windows Live Photo Gallery (x32 Version: 15.4.3502.0922) Windows Live PIMT Platform (x32 Version: 15.4.3508.1109) Windows Live SOXE (x32 Version: 15.4.3502.0922) Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922) Windows Live Sync (x32 Version: 14.0.8064.206) Windows Live UX Platform (x32 Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109) Windows Live Writer (x32 Version: 15.4.3502.0922) Windows Live Writer Resources (x32 Version: 15.4.3502.0922) WinRAR X3: Reunion v2.0.02 (x32) You Don't Know Jack 4 1.00 (x32 Version: 1.00) ==================== Restore Points ========================= 05-07-2013 10:45:55 Windows Update 05-07-2013 10:49:39 G Data InternetSecurity SE wurde entfernt. 05-07-2013 12:04:43 Windows-Sicherung 05-07-2013 15:54:41 Windows-Sicherung 05-07-2013 16:08:19 Windows-Sicherung ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {0198DB66-626D-4BA2-92CD-65D7B0CE94D4} - System32\Tasks\{BECE4FF7-68C6-4B89-9998-290FB9F6220B} => C:\setup.exe No File Task: {1671C3CF-6031-4840-BB79-CBD639005093} - System32\Tasks\{D80DE456-D805-44AA-9A0B-9284BF2EA714} => C:\setup.exe No File Task: {1CD1D2B8-1C3E-40F5-85B2-801163D91DA9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd) Task: {1E4EAF20-4313-4083-8933-45462776E479} - System32\Tasks\{404F125E-1E43-4152-92BB-D8ED2BD25FD5} => C:\Program Files (x86)\Ubisoft\SilentHunterIII\sh3.exe No File Task: {23504127-829C-41A4-9AE4-E60B4EC9D004} - System32\Tasks\{4902CB15-5CF8-49C3-AB79-F3A2743A5236} => C:\setup.exe No File Task: {280E8F27-EEDB-4001-BF45-420F71B8C3C3} - System32\Tasks\{709F9F2E-EA5C-4882-A91C-F5055B5D3E6C} => C:\Program Files (x86)\Ubisoft\SilentHunterIII\sh3.exe No File Task: {2C1A382D-AB28-4093-8A56-EAAF6F1B7D71} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-15] (Adobe Systems Incorporated) Task: {2E4E01A8-7974-4B83-A593-5F5F04E1096C} - System32\Tasks\{0FBFC819-3C1E-4A24-9FFC-D9BD99C2C053} => C:\Program Files (x86)\Ubisoft\SilentHunterIII\sh3.exe No File Task: {31BD90A9-6EEE-4BA1-8818-2AC9FB9E7AC3} - System32\Tasks\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2007-01-11] (Apple Computer, Inc.) Task: {325523A9-BD59-4FD2-A092-FC4E659E0950} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation) Task: {3277E963-44A7-4809-B02C-096A97EC44D2} - System32\Tasks\{9702E72F-D5CB-49E1-864D-8A3A1E4D14D5} => C:\setup.exe No File Task: {35743958-8EFE-4C1E-88B3-C2D750A474E6} - System32\Tasks\{602CBC3E-A0F8-456A-975B-FDB388D08512} => C:\Games\You dont know Jack 2\setup.exe No File Task: {36E7D2C1-76CE-49A0-9377-8DE1016969D7} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation) Task: {3AFD10E9-FAD2-4824-97DD-F0867B05021C} - System32\Tasks\{4F18E923-38CE-4748-92B5-9E34EC7FCBAB} => C:\Games\You dont know Jack 2\setup.exe No File Task: {3BDC2C68-1DB3-4E1C-8AA0-E872F3307274} - System32\Tasks\{A2F03ECD-95AE-4754-B37A-6179B676FE3C} => C:\Games\You Don't Know Jack 4\YDKJ 4.exe [2003-08-27] (Jellyivision, Inc) Task: {3CB44190-4D30-46B1-9C89-17B91C0F0230} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance => C:\Program Files (x86)\TuneUp Utilities 2010\OneClick.exe No File Task: {42B45709-CC86-4C40-9446-CBD8C32CA6A7} - System32\Tasks\{C50B6469-B79B-4D1F-AD9B-0633F5E88DD6} => C:\Program Files (x86)\Ubisoft\SilentHunterIII\sh3.exe No File Task: {49E07D8C-49EC-4727-8482-C5EFE5FCE6C8} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-06-09] (Sun Microsystems, Inc.) Task: {4BF75BD7-5642-42C2-863C-2D49DDF6D87A} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03] (Adobe Systems Incorporated) Task: {5A17FFB1-CD42-42DC-80B2-7F2191821B3D} - System32\Tasks\{CA47CD84-E322-4970-BC54-E379870DB48F} => C:\Program Files (x86)\Ubisoft\SilentHunterIII\sh3.exe No File Task: {5B983AFE-75F1-444F-9FC8-A188A327B053} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-10] (Google Inc.) Task: {5CD613BB-79C6-4255-8D31-59DC97CF7AFC} - System32\Tasks\{F527AB1E-64E7-4E8E-A15C-F5FA873FB061} => C:\Program Files (x86)\Ubisoft\SilentHunterIII\sh3.exe No File Task: {64FE417F-5F24-47FE-8504-83EEB203602E} - System32\Tasks\{8257F25E-04B9-4FDC-BA89-FF02F21F4B0F} => C:\Program Files (x86)\Ubisoft\SilentHunterIII\sh3.exe No File Task: {668D637E-751F-43BE-9011-C9CCED5AF763} - System32\Tasks\{8BF1877C-FAD1-44A0-A3ED-CA833F55DC79} => C:\Games\You dont know Jack 2\AUTOPLAY.EXE No File Task: {69CE574C-30C8-4027-A75A-28320848BDEB} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation) Task: {6C4AA1FA-EFEC-4754-A704-B9B8644C006C} - System32\Tasks\{D2276625-69C5-4F6E-99E6-57B8F5A31641} => C:\setup.exe No File Task: {7031551B-7225-4FF5-AE0D-62646EA567AE} - System32\Tasks\{11B5B5DE-A00E-4F7E-A338-8C4679A5B0A1} => C:\Program Files (x86)\Ubisoft\SilentHunterIII\sh3.exe No File Task: {805FC837-FA6E-4319-AC01-9DB1EA87268B} - System32\Tasks\{C571D891-F01D-476B-B040-7FE1BA23AFEF} => C:\Games\You dont know Jack 2\setup.exe No File Task: {90CBD689-4EC6-4D4B-9347-BC41831091F3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-10] (Google Inc.) Task: {90FA2955-2D7D-4936-8D95-56031DD9D5DB} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: {92004C21-8465-4C63-99AD-21458156CCAD} - System32\Tasks\{720139FC-17C4-4C11-B94C-8A53F2FFFBA6} => C:\Games\You dont know Jack 2\jg2_32.exe No File Task: {9364523C-24A8-4D5B-A3AF-A047103C8328} - System32\Tasks\{B199D4C2-AFBA-431A-80C5-EBE8BF07BC31} => C:\Games\You Don't Know Jack 4\YDKJ 4.exe [2003-08-27] (Jellyivision, Inc) Task: {9458F889-6804-402D-B885-1970D9D67C45} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Packard Bell\Packard Bell Recovery Management\NotificationCenter\Notification.exe [2009-07-09] (Acer) Task: {982A0640-ED46-4153-8873-14D1C4F01D2E} - System32\Tasks\{3EBD86DD-BF7E-455A-AEBE-1AC8498CC449} => C:\setup.exe No File Task: {9EAD71F4-BABA-4BE0-8D69-323460C80B05} - System32\Tasks\{DACED536-2EE3-4794-A80C-33B50CBC5781} => C:\Games\You dont know Jack 2\setup.exe No File Task: {AEA8CB50-DA4F-4CCF-9DA0-FE52D69C0E74} - System32\Tasks\{73B6976A-FC4F-4DFA-9269-640CA2E0AD1B} => C:\setup.exe No File Task: {AEF3DC2D-65C1-414F-A037-336ACB469328} - System32\Tasks\{FAD22F58-2CB9-42AC-AA6C-E1B0F4DECEE0} => C:\Program Files (x86)\Ubisoft\SilentHunterIII\sh3.exe No File Task: {BC7010A8-FD9D-4A41-BF0C-73718268964C} - System32\Tasks\{59E2E809-EF42-43E3-A1B1-6D85AE55B6A0} => C:\Program Files (x86)\Ubisoft\SilentHunterIII\sh3.exe No File Task: {BDB9B28E-24A4-4694-924D-5BECE0F498BE} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation) Task: {C103B3BE-F34A-4922-9949-0E0D6808D733} - System32\Tasks\{4494591B-8BD1-4A5B-8E9E-C48270870483} => C:\setup.exe No File Task: {D3E7580A-6C2D-4A70-A843-99722D4DA208} - System32\Tasks\{C4AFF8C1-A799-489F-8F77-A910AA4FDE10} => C:\setup.exe No File Task: {D8BE2FFC-6195-4D3B-BF2A-D502773F35B0} - System32\Tasks\{93A3CE47-E9B8-4DA0-8BEA-63F77A2DAA9D} => C:\Games\You dont know Jack 2\AUTOPLAY.EXE No File Task: {E229705D-1E09-45A0-896F-05D7162AD58D} - System32\Tasks\{31DA533E-B495-416D-BBB5-B43849E54DBC} => C:\setup.exe No File Task: {E6824B82-226D-436A-BA67-7518B8A961EF} - System32\Tasks\{EBD49069-0137-48EF-A25C-C022CB73D5E8} => C:\Games\You Don't Know Jack 4\YDKJ 4.exe [2003-08-27] (Jellyivision, Inc) Task: {EE44D4A0-0AA2-43BF-A5EB-0E8E1C63F11E} - System32\Tasks\{1317271C-9A47-4251-B110-7E8F5A3846E3} => C:\Games\You dont know Jack 2\setup.exe No File Task: {FC55D004-4A71-4FB4-8949-EFA660480D0A} - System32\Tasks\{C4095ABE-F88D-4D60-843B-2EF8B4309FC7} => C:\Program Files (x86)\Ubisoft\SilentHunterIII\sh3.exe No File Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Microsoft Office Sessions: ========================= ==================== Memory info =========================== Percentage of memory in use: 22% Total physical RAM: 6135.08 MB Available physical RAM: 4761.84 MB Total Pagefile: 12268.34 MB Available Pagefile: 10777.32 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (Packard Bell) (Fixed) (Total:911.41 GB) (Free:675.81 GB) NTFS (Disk=0 Partition=3) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: D82CFC90) Partition 1: (Not Active) - (Size=20 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=911 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
Weißer Bildschirm, Windows startet nicht mehr Supi, Onlinescan und wir sind durch
Downloade Dir bitte ![]()
und ein frisches FRST Log bitte. Noch Probleme?
__________________ gruß, schrauber
Weißer Bildschirm, Windows startet nicht mehr Also ESET ist fündig gewurden. bei 4 Dateien Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe= # OnlineScanner.ocx= # api_version=3.0.2 # EOSSerial=3203f33cc0223b4daff99cde8d9bdabb # engine=14283 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-07-05 07:29:16 # local_time=2013-07-05 09:29:16 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776573 100 94 10205 124682406 0 0 # scanned=393570 # found=4 # cleaned=0 # scan_time=7002 sh=7BD674E6976004DF518A0117B3874016AEDC8FDC ft=1 fh=ae879e8bd8c5267a vn="a variant of Win32/Kryptik.BEZJ trojan" ac=I fn="C:\FRST\Quarantine\skype.dat" sh=7BD674E6976004DF518A0117B3874016AEDC8FDC ft=1 fh=ae879e8bd8c5267a vn="a variant of Win32/Kryptik.BEZJ trojan" ac=I fn="C:\Users\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\dea5eb0-4827d01f" sh=536B6BC8AD79A7E3226FA067EEFD982367F4022D ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2012-1723.AT trojan" ac=I fn="C:\Users\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\7e0277f6-772cde3f" sh=7341D8867525EEC52015DA8437CBF131C9488546 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\21d4943c-32e02648" Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-07-2013 Ran by Alex (administrator) on 05-07-2013 21:33:56 Running from C:\Users\Alex\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Adobe Systems Incorporated) c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe () C:\Windows\System32\OEM\RunCmd_X64.exe (Microsoft Corporation) C:\Windows\system32\cmd.exe () c:\windows\system32\oem\setEvent.exe (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe (Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor) HKLM\...\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation) HKLM\...\Run: [PLD_FrameworkRun] c:\Windows\System32\oem\RunCMD_X64.exe c:\Windows\System32\oem\OKTOLaunch_PLD_Framework.cmd [133 2009-08-26] () HKCU\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-09-08] (Google Inc.) HKCU\...\Run: [ICQ] "C:\Program Files (x86)\ICQ7.2\ICQ.exe" silent loginmode=4 [133432 2011-01-05] (ICQ, LLC.) HKCU\...\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" [1098072 2013-03-27] (Garmin Ltd or its subsidiaries) HKCU\...\Policies\system: [DisableRegistryTools] 0 HKCU\...\Policies\system: [DisableTaskMgr] 0 HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED [588648 2009-07-25] (Symantec Corporation) HKLM-x32\...\Run: [SBMBActivation] "C:\Program Files (x86)\Creative\ALchemy SB MB\CTActMgr.exe" /activate [1402392 2008-03-10] (Creative Technology Ltd) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1230704 2011-03-21] () HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation) HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe /default [162336 2009-07-22] () HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe /default [162336 2009-07-22] () HKU\UpdatusUser\...\RunOnce: [ScrSav] C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe /default [162336 2009-07-22] () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=ipower_i9098_ge&r=173608105409p0324v175y47610201 BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) BHO-x32: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] FireFox: ======== FF ProfilePath: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\fl33aulf.default FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF Plugin-x32: @esn/esnlaunch,version=1.102.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=1.118.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB) FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml FF Extension: No Name - C:\Users\Alex\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video FF HKLM-x32\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa FF Extension: DivX HiQ - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa ==================== Services (Whitelisted) ================= R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [185688 2013-03-27] (Garmin Ltd or its subsidiaries) R2 Greg_Service; C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated) R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-11-26] () S3 Sound Blaster MB Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\SBMBLicensing.exe [79360 2009-09-24] (Creative Labs) S2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [240160 2009-07-04] (Acer) ==================== Drivers (Whitelisted) ==================== S3 NAL; C:\Windows\system32\Drivers\iqvw64e.sys [34472 2009-06-24] (Intel Corporation ) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-05 21:33 - 2013-07-05 21:33 - 00000041 ____A C:\Users\Alex\Desktop\checkup.txt 2013-07-05 19:17 - 2013-07-05 19:17 - 00890988 ____A C:\Users\Alex\Desktop\SecurityCheck.exe 2013-07-05 19:16 - 2013-07-05 19:16 - 02347384 ____A (ESET) C:\Users\Alex\Desktop\esetsmartinstaller_enu.exe 2013-07-05 18:34 - 2013-07-05 18:34 - 00021590 ____A C:\Users\Alex\Desktop\Addition.txt 2013-07-05 18:32 - 2013-07-05 18:32 - 00001726 ____A C:\Users\Alex\Desktop\JRT.txt 2013-07-05 18:29 - 2013-07-05 18:29 - 00000000 ____D C:\Windows\ERUNT 2013-07-05 18:27 - 2013-07-05 18:27 - 00001061 ____A C:\Users\Alex\Desktop\AdwCleaner[S1].txt 2013-07-05 18:26 - 2013-07-05 18:26 - 00000056 ____A C:\Windows\setupact.log 2013-07-05 18:26 - 2013-07-05 18:26 - 00000000 ____A C:\Windows\setuperr.log 2013-07-05 18:24 - 2013-07-05 18:25 - 00001061 ____A C:\AdwCleaner[S1].txt 2013-07-05 18:24 - 2013-07-05 18:24 - 01934636 ____A (Farbar) C:\Users\Alex\Desktop\FRST64.exe 2013-07-05 18:23 - 2013-07-05 18:29 - 00000000 ____D C:\JRT 2013-07-05 18:23 - 2013-07-05 18:23 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Alex\Desktop\JRT.exe 2013-07-05 18:22 - 2013-07-05 18:22 - 00650027 ____A C:\Users\Alex\Desktop\adwcleaner.exe 2013-07-05 13:49 - 2013-07-05 13:49 - 00217056 ____A C:\Users\Alex\Documents\cc_20130705_134928.reg 2013-07-05 13:49 - 2013-07-05 13:49 - 00009506 ____A C:\Users\Alex\Documents\cc_20130705_134953.reg 2013-07-05 12:58 - 2013-07-05 13:02 - 00000834 ____A C:\Users\Public\Desktop\CCleaner.lnk 2013-07-05 12:58 - 2013-07-05 13:02 - 00000000 ____D C:\Program Files\CCleaner 2013-07-05 07:04 - 2013-07-05 07:04 - 00000000 ____D C:\FRST 2013-06-15 18:27 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-15 18:27 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-15 18:27 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-15 18:27 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-15 18:27 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-06-15 18:27 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-06-15 18:27 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-06-15 18:27 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-06-15 18:27 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-15 18:27 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-06-15 18:27 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-15 18:27 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-15 18:27 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-15 18:27 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-06-15 18:27 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-06-15 18:27 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-06-15 18:27 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-06-15 18:27 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-06-15 18:27 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-06-15 18:26 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-15 18:26 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-15 18:26 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-15 18:26 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-15 18:26 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-15 18:26 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-15 18:26 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-15 18:26 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-15 18:26 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-15 18:26 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-15 18:26 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-15 18:26 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-15 13:43 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-15 13:39 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-15 13:39 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-06-15 13:38 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll 2013-06-15 13:38 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-06-15 13:38 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2013-06-15 13:38 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll 2013-06-15 13:37 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-15 13:37 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-15 13:37 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-15 13:37 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll 2013-06-15 13:37 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-06-15 13:37 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-06-15 13:37 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-06-15 13:37 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-15 13:37 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-06-15 13:37 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2013-06-15 13:36 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2013-06-15 13:36 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll 2013-06-09 07:59 - 2013-06-09 07:59 - 00001014 ____A C:\Users\Alex\Desktop\Emergency 2012.lnk 2013-06-09 07:58 - 2013-06-09 07:58 - 00000000 ____D C:\Users\Alex\AppData\Local\Quadriga Games 2013-06-08 14:58 - 2013-06-08 14:59 - 28023137 ____A ==================== One Month Modified Files and Folders ======= 2013-07-05 21:33 - 2013-07-05 21:33 - 00000041 ____A C:\Users\Alex\Desktop\checkup.txt 2013-07-05 21:24 - 2010-08-10 18:26 - 00001106 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-07-05 21:17 - 2012-04-07 13:33 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-07-05 20:07 - 2009-09-24 01:21 - 02096300 ____A C:\Windows\WindowsUpdate.log 2013-07-05 19:19 - 2009-09-24 11:13 - 00654150 ____A C:\Windows\System32\perfh007.dat 2013-07-05 19:19 - 2009-09-24 11:13 - 00130022 ____A C:\Windows\System32\perfc007.dat 2013-07-05 19:19 - 2009-07-14 07:13 - 01498742 ____A C:\Windows\System32\PerfStringBackup.INI 2013-07-05 19:17 - 2013-07-05 19:17 - 00890988 ____A C:\Users\Alex\Desktop\SecurityCheck.exe 2013-07-05 19:16 - 2013-07-05 19:16 - 02347384 ____A (ESET) C:\Users\Alex\Desktop\esetsmartinstaller_enu.exe 2013-07-05 19:14 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF 2013-07-05 18:34 - 2013-07-05 18:34 - 00021590 ____A C:\Users\Alex\Desktop\Addition.txt 2013-07-05 18:34 - 2009-07-14 06:45 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-05 18:34 - 2009-07-14 06:45 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-05 18:32 - 2013-07-05 18:32 - 00001726 ____A C:\Users\Alex\Desktop\JRT.txt 2013-07-05 18:29 - 2013-07-05 18:29 - 00000000 ____D C:\Windows\ERUNT 2013-07-05 18:29 - 2013-07-05 18:23 - 00000000 ____D C:\JRT 2013-07-05 18:27 - 2013-07-05 18:27 - 00001061 ____A C:\Users\Alex\Desktop\AdwCleaner[S1].txt 2013-07-05 18:26 - 2013-07-05 18:26 - 00000056 ____A C:\Windows\setupact.log 2013-07-05 18:26 - 2013-07-05 18:26 - 00000000 ____A C:\Windows\setuperr.log 2013-07-05 18:26 - 2010-08-10 18:26 - 00001102 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-07-05 18:26 - 2009-09-24 01:27 - 00000000 ____D C:\ProgramData\NVIDIA 2013-07-05 18:26 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-07-05 18:25 - 2013-07-05 18:24 - 00001061 ____A C:\AdwCleaner[S1].txt 2013-07-05 18:24 - 2013-07-05 18:24 - 01934636 ____A (Farbar) C:\Users\Alex\Desktop\FRST64.exe 2013-07-05 18:23 - 2013-07-05 18:23 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Alex\Desktop\JRT.exe 2013-07-05 18:22 - 2013-07-05 18:22 - 00650027 ____A C:\Users\Alex\Desktop\adwcleaner.exe 2013-07-05 13:49 - 2013-07-05 13:49 - 00217056 ____A C:\Users\Alex\Documents\cc_20130705_134928.reg 2013-07-05 13:49 - 2013-07-05 13:49 - 00009506 ____A C:\Users\Alex\Documents\cc_20130705_134953.reg 2013-07-05 13:47 - 2007-07-12 03:49 - 00000000 ____D C:\Windows\Panther 2013-07-05 13:02 - 2013-07-05 12:58 - 00000834 ____A C:\Users\Public\Desktop\CCleaner.lnk 2013-07-05 13:02 - 2013-07-05 12:58 - 00000000 ____D C:\Program Files\CCleaner 2013-07-05 12:53 - 2009-09-08 03:24 - 00000000 ____D C:\ProgramData\G DATA 2013-07-05 12:53 - 2009-09-08 03:24 - 00000000 ____D C:\Program Files (x86)\G Data 2013-07-05 07:04 - 2013-07-05 07:04 - 00000000 ____D C:\FRST 2013-07-05 06:55 - 2010-08-10 15:52 - 00000000 __SHD C:\Recovery 2013-07-04 09:14 - 2010-09-04 08:21 - 00000000 ____D C:\Users\Alex\AppData\Roaming\ICQ 2013-07-02 16:08 - 2010-11-05 17:05 - 00000205 ____A C:\Users\Alex\Desktop\Handy IMEI.txt 2013-07-02 08:14 - 2010-08-10 16:04 - 00000000 ____D C:\Users\Alex\AppData\Local\Google 2013-07-01 10:20 - 2011-06-07 16:20 - 00000040 ____A C:\ProgramData\ra3.ini 2013-06-29 14:46 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2013-06-15 18:30 - 2009-09-08 02:50 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-06-15 18:28 - 2010-08-11 05:09 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-06-15 15:17 - 2012-04-07 13:32 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-06-15 15:17 - 2011-05-14 07:34 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-09 07:59 - 2013-06-09 07:59 - 00001014 ____A C:\Users\Alex\Desktop\Emergency 2012.lnk 2013-06-09 07:58 - 2013-06-09 07:58 - 00000000 ____D C:\Users\Alex\AppData\Local\Quadriga Games 2013-06-09 07:25 - 2010-08-10 18:22 - 00000000 ____D C:\Games 2013-06-08 16:08 - 2013-06-15 18:26 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-08 16:07 - 2013-06-15 18:26 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-08 16:06 - 2013-06-15 18:26 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-08 16:06 - 2013-06-15 18:26 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-08 16:06 - 2013-06-15 18:26 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-08 14:28 - 2013-06-15 18:26 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-08 13:42 - 2013-06-15 18:26 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-08 13:40 - 2013-06-15 18:26 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-08 13:40 - 2013-06-15 18:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-08 13:40 - 2013-06-15 18:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-08 13:40 - 2013-06-15 18:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-08 13:13 - 2013-06-15 18:26 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-03 11:21 ==================== End Of Log ============================ |
Weißer Bildschirm, Windows startet nicht mehr ESET findet nur was schon in Quarantäne ist oder nur Tepms
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber
Weißer Bildschirm, Windows startet nicht mehr Alles erledigt, werde jetzt wohl endgültig auf Firefox umsteigen hatte ich zwar schon immer als zweit-Browser hab aber meistens IE benutzt. Vielen lieben Dank für die Hilfe und die abschließenden Tipps zur Zusätzlichen Systemsicherung. Riesen Danke...echt Top!
Weißer Bildschirm, Windows startet nicht mehr Gern Geschehen
__________________ gruß, schrauber
Themen zu Weißer Bildschirm, Windows startet nicht mehr
adobe, adobe flash player, antivirus, association, bildschirm, bildschirm bleibt weiß, desktop, explorer, farbar, farbar recovery scan tool, flash player, frst.txt, google, home, icq, kaspersky, logfile, microsoft, packard bell, pc startet nicht mehr, realtek, registry, scan, security, services.exe, software, svchost.exe, symantec, system, windows, windows startet nicht, winlogon, winlogon.exe