Guten Tag
Ich habe den FRST64 Sanner laufen lassen.Hier meine Txt Datei. Was muss ich als nächstes tun.
FRST Logfile:
Code:
Alles auswählen Aufklappen ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by SYSTEM on MININT-VFJSB72 on 12-10-2013 11:37:25
Running from L:\
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [6931488 2008-11-12] (Realtek Semiconductor)
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [542632 2013-01-31] (Lavasoft)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1573584 2012-10-16] (Ask)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SearchProtection] - C:\ProgramData\Search Protection\_run.bat [141 2012-12-14] ()
HKLM-x32\...\Run: [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [UMonit] - C:\Windows\system32\UMonit.exe
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
==================== Services (Whitelisted) =================
S2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-02-14] (Lavasoft Limited)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-02] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-02] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-02] (Avira Operations GmbH & Co. KG)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
S2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
==================== Drivers (Whitelisted) ====================
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-02] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-02] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-28] (Avira Operations GmbH & Co. KG)
S0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-02-22] (GFI Software)
S3 hcw73bda; C:\Windows\System32\drivers\hcw73bda.sys [742272 2009-08-26] (Hauppauge Computer Work, Inc.)
S2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
S3 OV550I; C:\Windows\System32\Drivers\ov550ivx.sys [196992 2008-02-21] (Omnivision Technologies, Inc.)
S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2009-02-06] (CyberLink Corp.)
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2009-02-06] (CyberLink Corp.)
S0 Lbd; system32\DRIVERS\Lbd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-12 11:37 - 2013-10-12 11:37 - 00000000 ____D C:\FRST
2013-10-08 14:31 - 2013-10-08 14:32 - 00000000 ____D C:\Program Files\iTunes
2013-10-08 14:31 - 2013-10-08 14:32 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-08 14:31 - 2013-10-08 14:31 - 00000000 ____D C:\Program Files\iPod
2013-10-08 11:54 - 2013-10-08 11:54 - 00000000 ____D C:\Program Files (x86)\IrfanView
2013-09-17 15:03 - 2013-09-17 15:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2013-10-12 11:37 - 2013-10-12 11:37 - 00000000 ____D C:\FRST
2013-10-11 12:12 - 2011-10-31 10:55 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-11 12:12 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-11 12:12 - 2009-07-14 05:51 - 00118291 _____ C:\Windows\setupact.log
2013-10-10 14:37 - 2010-08-24 16:59 - 02064750 _____ C:\Windows\WindowsUpdate.log
2013-10-10 14:22 - 2013-03-06 15:36 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-10 14:18 - 2011-10-31 10:55 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-10 13:53 - 2009-07-14 05:45 - 00014832 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-10 13:53 - 2009-07-14 05:45 - 00014832 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-10 11:11 - 2010-08-29 18:31 - 00000000 ____D C:\Users\master\Documents\UseNeXT
2013-10-10 05:45 - 2010-08-29 18:31 - 00000000 ____D C:\Program Files (x86)\UseNeXT
2013-10-09 14:22 - 2013-03-06 15:36 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-09 14:22 - 2013-03-06 15:36 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-09 14:22 - 2013-03-06 15:36 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-08 14:32 - 2013-10-08 14:31 - 00000000 ____D C:\Program Files\iTunes
2013-10-08 14:32 - 2013-10-08 14:31 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-08 14:31 - 2013-10-08 14:31 - 00000000 ____D C:\Program Files\iPod
2013-10-08 11:54 - 2013-10-08 11:54 - 00000000 ____D C:\Program Files (x86)\IrfanView
2013-10-07 17:54 - 2011-10-31 10:55 - 00000000 ____D C:\Program Files (x86)\Google
2013-10-03 16:02 - 2009-07-14 18:58 - 00654150 _____ C:\Windows\System32\perfh007.dat
2013-10-03 16:02 - 2009-07-14 18:58 - 00130022 _____ C:\Windows\System32\perfc007.dat
2013-10-03 16:02 - 2009-07-14 06:13 - 01498742 _____ C:\Windows\System32\PerfStringBackup.INI
2013-09-18 04:57 - 2002-01-01 00:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-17 15:03 - 2013-09-17 15:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
Files to move or delete:
====================
C:\Users\master\vlc-1.1.11-win32.exe
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
6
Restore point made on: 2013-09-18 13:46:16
Restore point made on: 2013-09-22 11:47:36
Restore point made on: 2013-09-22 12:42:07
Restore point made on: 2013-09-22 12:53:39
Restore point made on: 2013-10-01 17:28:16
Restore point made on: 2013-10-09 14:17:52
==================== Memory info ===========================
Percentage of memory in use: 20%
Total physical RAM: 3063.18 MB
Available physical RAM: 2445.1 MB
Total Pagefile: 3061.33 MB
Available Pagefile: 2424.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.41 GB) (Free:644.23 GB) NTFS
Drive d: (Backup) (Fixed) (Total:931.51 GB) (Free:494.31 GB) NTFS
Drive l: () (Removable) (Total:0.97 GB) (Free:0.57 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: FF1D94A2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 13357BF5)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)
========================================================
Disk: 6 (MBR Code: Windows XP) (Size: 992 MB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=991 MB) - (Type=04)
LastRegBack: 2013-10-01 16:43
==================== End Of Log ============================
--- --- ---
12.10.2013, 11:28
Baum-Darstellung