| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Schwarzer Desktop und "Computer" läuftWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
08.12.2014, 21:21
| #1 |
| |  Windows 7: Schwarzer Desktop und "Computer" läuft Hallo, ich habe inzwischen schon einige Threads mit meinem Problem hier gefunden. Seit gestern erscheint bei mir nach dem Anmelden im Windows 7 nur ein schwarzer Desktop und das Computer-Fenster ist geöffnet. Bisher konnte ich alle Dateien öffnen und auch Firefox funktioniert problemlos. Hier sind die Logfiles von FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-12-2014
Ran by Franzi (administrator) on FRANZI-PC on 08-12-2014 21:06:40
Running from C:\Users\Franzi\Desktop
Loaded Profile: Franzi (Available profiles: Franzi)
Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Hewlett-Packard Company) C:\Program Files\HP\HPBDSService\HPBDSService.exe
(HP) C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
() C:\ExpressGateUtil\VAWinService.exe
(ASUS) C:\Program Files\Common Files\InstantOn\InsOnWMI.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [548744 2014-09-11] (ELAN Microelectronic Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10082920 2014-09-11] (Realtek Semiconductor)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-28] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3234723020-411256462-3172497876-1000\...\MountPoints2: {1c56ed82-3e64-11e4-aae2-c860000a4752} - G:\autorun.exe
HKU\S-1-5-21-3234723020-411256462-3172497876-1000\...\MountPoints2: {dc439ea5-39aa-11e4-98c0-c860000a4752} - F:\Autorun.exe
HKU\S-1-5-18\...\Run: [AviraSpeedup] => "C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3234723020-411256462-3172497876-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3234723020-411256462-3172497876-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://eeepc.asus.com
HKU\S-1-5-21-3234723020-411256462-3172497876-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.sweet-page.com/?type=sc&ts=1410435404&from=cor&uid=HitachiXHTS543232A7A384_E20B13C7GESL7JGESL7JX
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Search App by Ask -> {41564952-412D-5350-00A7-7A786E7484D7} -> C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-SP\Passport.dll (APN LLC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: No Name -> {7e6d4e3e-fc66-4036-9799-ce5c625c4c56} -> No File
BHO: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Search App by Ask - {41564952-412D-5350-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-SP\Passport.dll (APN LLC.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\kjisz9nz.default-1410810545653
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\kjisz9nz.default-1410810545653\searchplugins\zonealarm.xml
FF Extension: Avira Browser Safety - C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\kjisz9nz.default-1410810545653\Extensions\abs@avira.com [2014-11-20]
FF Extension: HTTPS-Everywhere - C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\kjisz9nz.default-1410810545653\Extensions\https-everywhere@eff.org [2014-10-25]
FF Extension: Ghostery - C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\kjisz9nz.default-1410810545653\Extensions\firefox@ghostery.com.xpi [2014-09-16]
FF Extension: Adblock Plus - C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\kjisz9nz.default-1410810545653\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-16]
FF HKU\S-1-5-21-3234723020-411256462-3172497876-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\yiphzax6.default\extensions\cliqz@cliqz.com
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [806704 2014-11-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [432888 2014-11-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [995064 2014-11-28] (Avira Operations GmbH & Co. KG)
S4 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-10-30] (APN LLC.)
R2 HP DS Service; C:\Program Files\HP\HPBDSService\HPBDSService.exe [13824 2010-10-27] (Hewlett-Packard Company) [File not signed]
R2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [145920 2010-10-27] (HP) [File not signed]
R2 Net Driver HPZ12; C:\windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [91464 2011-01-12] ()
S2 AsusService; C:\windows\system32\AsusService.exe [X]
S2 Update ClearThink; "C:\Program Files\ClearThink\updateClearThink.exe" [X]
S2 Util ClearThink; "C:\Program Files\ClearThink\bin\utilClearThink.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 AsIO; C:\windows\System32\drivers\AsIO.sys [11456 2010-06-28] ()
R1 AsUpIO; C:\windows\System32\drivers\AsUpIO.sys [11832 2010-08-03] ()
R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [136216 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37352 2014-05-27] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\windows\System32\DRIVERS\avnetflt.sys [37384 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-09-17] (Disc Soft Ltd)
R3 ETD; C:\windows\System32\DRIVERS\ETD.sys [102912 2014-09-11] (ELAN Microelectronic Corp.)
S3 HPFXBULKLEDM; C:\windows\System32\drivers\hppcbulkio.sys [20504 2011-10-10] (Hewlett Packard)
R3 kbfiltr; C:\windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
R3 rtsuvc; C:\windows\System32\DRIVERS\rtsuvc.sys [7091416 2014-09-11] (Realtek Semiconductor Corp.)
R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2014-05-27] (Avira GmbH)
S3 wsvd; C:\windows\System32\DRIVERS\wsvd.sys [81704 2009-07-22] (CyberLink)
R1 {c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw; C:\windows\System32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw.sys [52368 2014-09-10] (StdLib)
S3 btwampfl; system32\drivers\btwampfl.sys [X]
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; \SystemRoot\system32\drivers\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; \SystemRoot\system32\drivers\btwrchid.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-08 21:06 - 2014-12-08 21:07 - 00011122 _____ () C:\Users\Franzi\Desktop\FRST.txt
2014-12-08 21:05 - 2014-12-08 21:07 - 00000000 ____D () C:\FRST
2014-12-08 21:04 - 2014-12-08 21:04 - 01111040 _____ (Farbar) C:\Users\Franzi\Desktop\FRST.exe
2014-11-19 11:32 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-11-19 11:32 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
2014-11-13 21:04 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2014-11-13 21:03 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-11-13 21:03 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-11-13 21:03 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-11-13 21:03 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-11-13 21:03 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-11-13 21:03 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-11-13 21:03 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-11-13 21:03 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-11-13 21:03 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-11-13 21:03 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL
2014-11-13 21:02 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-11-13 21:02 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-11-13 21:02 - 2014-11-06 04:28 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-11-13 21:02 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-11-13 21:02 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-11-13 21:02 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-11-13 21:02 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-11-13 21:02 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-11-13 21:02 - 2014-11-06 03:59 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-11-13 21:02 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-11-13 21:02 - 2014-11-06 03:51 - 00667648 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-11-13 21:02 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-11-13 21:02 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-13 21:02 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-11-13 21:02 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-11-13 21:02 - 2014-11-06 03:22 - 00683008 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-11-13 21:02 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-11-13 21:02 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-11-13 21:02 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-11-13 21:02 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-11-13 21:02 - 2014-11-05 18:50 - 00254464 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-11-13 21:02 - 2014-11-05 18:50 - 00203776 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-11-13 21:02 - 2014-11-05 18:47 - 00302592 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-11-13 21:02 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-11-13 21:02 - 2014-10-14 02:56 - 00136632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-11-13 21:02 - 2014-10-14 02:50 - 01059840 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-11-13 21:02 - 2014-10-14 02:50 - 00523776 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-11-13 21:02 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2014-11-13 21:02 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2014-11-13 21:02 - 2014-10-10 01:45 - 02379264 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-11-13 21:02 - 2014-10-03 02:44 - 00475136 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2014-11-13 21:02 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2014-11-13 21:02 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2014-11-13 21:02 - 2014-10-03 02:44 - 00275968 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2014-11-13 21:02 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2014-11-13 21:01 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-11-13 21:01 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-11-13 21:01 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-11-13 21:01 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-11-13 21:01 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-11-13 21:01 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-11-13 21:01 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-11-13 21:01 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-11-13 21:01 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-11-13 21:01 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-08 21:08 - 2014-09-11 21:08 - 01685933 _____ () C:\windows\WindowsUpdate.log
2014-12-08 21:05 - 2009-07-14 05:34 - 00016160 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-08 21:05 - 2009-07-14 05:34 - 00016160 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-08 20:40 - 2014-09-11 13:20 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-12-08 20:13 - 2009-07-14 05:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-08 20:13 - 2009-07-14 05:39 - 00072630 _____ () C:\windows\setupact.log
2014-12-08 00:09 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\Microsoft.NET
2014-12-07 23:41 - 2014-09-11 12:37 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-12-07 20:39 - 2011-04-21 01:32 - 00590964 _____ () C:\windows\PFRO.log
2014-12-03 19:30 - 2014-09-11 13:26 - 00000000 ____D () C:\Users\Franzi\Gemeinde
2014-11-28 20:40 - 2014-09-11 13:20 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-11-28 20:40 - 2014-09-11 13:20 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-19 10:31 - 2009-07-14 05:33 - 00633960 _____ () C:\windows\system32\FNTCACHE.DAT
2014-11-17 20:57 - 2014-09-12 05:31 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-11-17 20:57 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\system32\nl-NL
2014-11-17 20:57 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\system32\it-IT
2014-11-17 20:57 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\system32\fr-FR
2014-11-17 20:57 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\system32\de-DE
2014-11-17 20:38 - 2014-09-16 11:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-17 20:16 - 2014-09-12 00:39 - 00000000 ____D () C:\windows\system32\MRT
2014-11-17 19:56 - 2014-09-12 00:39 - 100445232 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-11-17 19:36 - 2014-09-11 13:08 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-14 21:48 - 2014-09-15 21:02 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-14 21:30 - 2014-09-17 10:49 - 00000000 ____D () C:\Users\Franzi\AppData\Roaming\vlc
Some content of TEMP:
====================
C:\Users\Franzi\AppData\Local\Temp\ad2li4sf.dll
C:\Users\Franzi\AppData\Local\Temp\avgnt.exe
C:\Users\Franzi\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Franzi\AppData\Local\Temp\Offercast_AVIRAV7_.exe
C:\Users\Franzi\AppData\Local\Temp\ose00000.exe
C:\Users\Franzi\AppData\Local\Temp\pyl364D.tmp.exe
C:\Users\Franzi\AppData\Local\Temp\pyl4E1.tmp.exe
C:\Users\Franzi\AppData\Local\Temp\pyl6161.tmp.exe
C:\Users\Franzi\AppData\Local\Temp\pyl7158.tmp.exe
C:\Users\Franzi\AppData\Local\Temp\pyl8FFF.tmp.exe
C:\Users\Franzi\AppData\Local\Temp\pylACB2.tmp.exe
C:\Users\Franzi\AppData\Local\Temp\pylB402.tmp.exe
C:\Users\Franzi\AppData\Local\Temp\Setup.exe
C:\Users\Franzi\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Franzi\AppData\Local\Temp\vlc-2.1.5-win32.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-01 14:48
==================== End Of Log ============================
Und die addition.txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-12-2014
Ran by Franzi (administrator) on FRANZI-PC on 08-12-2014 21:06:40
Running from C:\Users\Franzi\Desktop
Loaded Profile: Franzi (Available profiles: Franzi)
Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Hewlett-Packard Company) C:\Program Files\HP\HPBDSService\HPBDSService.exe
(HP) C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
() C:\ExpressGateUtil\VAWinService.exe
(ASUS) C:\Program Files\Common Files\InstantOn\InsOnWMI.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [548744 2014-09-11] (ELAN Microelectronic Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10082920 2014-09-11] (Realtek Semiconductor)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-28] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3234723020-411256462-3172497876-1000\...\MountPoints2: {1c56ed82-3e64-11e4-aae2-c860000a4752} - G:\autorun.exe
HKU\S-1-5-21-3234723020-411256462-3172497876-1000\...\MountPoints2: {dc439ea5-39aa-11e4-98c0-c860000a4752} - F:\Autorun.exe
HKU\S-1-5-18\...\Run: [AviraSpeedup] => "C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3234723020-411256462-3172497876-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3234723020-411256462-3172497876-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://eeepc.asus.com
HKU\S-1-5-21-3234723020-411256462-3172497876-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.sweet-page.com/?type=sc&ts=1410435404&from=cor&uid=HitachiXHTS543232A7A384_E20B13C7GESL7JGESL7JX
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Search App by Ask -> {41564952-412D-5350-00A7-7A786E7484D7} -> C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-SP\Passport.dll (APN LLC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: No Name -> {7e6d4e3e-fc66-4036-9799-ce5c625c4c56} -> No File
BHO: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Search App by Ask - {41564952-412D-5350-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-SP\Passport.dll (APN LLC.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\kjisz9nz.default-1410810545653
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\kjisz9nz.default-1410810545653\searchplugins\zonealarm.xml
FF Extension: Avira Browser Safety - C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\kjisz9nz.default-1410810545653\Extensions\abs@avira.com [2014-11-20]
FF Extension: HTTPS-Everywhere - C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\kjisz9nz.default-1410810545653\Extensions\https-everywhere@eff.org [2014-10-25]
FF Extension: Ghostery - C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\kjisz9nz.default-1410810545653\Extensions\firefox@ghostery.com.xpi [2014-09-16]
FF Extension: Adblock Plus - C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\kjisz9nz.default-1410810545653\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-16]
FF HKU\S-1-5-21-3234723020-411256462-3172497876-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\yiphzax6.default\extensions\cliqz@cliqz.com
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [806704 2014-11-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [432888 2014-11-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [995064 2014-11-28] (Avira Operations GmbH & Co. KG)
S4 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-10-30] (APN LLC.)
R2 HP DS Service; C:\Program Files\HP\HPBDSService\HPBDSService.exe [13824 2010-10-27] (Hewlett-Packard Company) [File not signed]
R2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [145920 2010-10-27] (HP) [File not signed]
R2 Net Driver HPZ12; C:\windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [91464 2011-01-12] ()
S2 AsusService; C:\windows\system32\AsusService.exe [X]
S2 Update ClearThink; "C:\Program Files\ClearThink\updateClearThink.exe" [X]
S2 Util ClearThink; "C:\Program Files\ClearThink\bin\utilClearThink.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 AsIO; C:\windows\System32\drivers\AsIO.sys [11456 2010-06-28] ()
R1 AsUpIO; C:\windows\System32\drivers\AsUpIO.sys [11832 2010-08-03] ()
R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [136216 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37352 2014-05-27] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\windows\System32\DRIVERS\avnetflt.sys [37384 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-09-17] (Disc Soft Ltd)
R3 ETD; C:\windows\System32\DRIVERS\ETD.sys [102912 2014-09-11] (ELAN Microelectronic Corp.)
S3 HPFXBULKLEDM; C:\windows\System32\drivers\hppcbulkio.sys [20504 2011-10-10] (Hewlett Packard)
R3 kbfiltr; C:\windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
R3 rtsuvc; C:\windows\System32\DRIVERS\rtsuvc.sys [7091416 2014-09-11] (Realtek Semiconductor Corp.)
R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2014-05-27] (Avira GmbH)
S3 wsvd; C:\windows\System32\DRIVERS\wsvd.sys [81704 2009-07-22] (CyberLink)
R1 {c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw; C:\windows\System32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw.sys [52368 2014-09-10] (StdLib)
S3 btwampfl; system32\drivers\btwampfl.sys [X]
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; \SystemRoot\system32\drivers\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; \SystemRoot\system32\drivers\btwrchid.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-08 21:06 - 2014-12-08 21:07 - 00011122 _____ () C:\Users\Franzi\Desktop\FRST.txt
2014-12-08 21:05 - 2014-12-08 21:07 - 00000000 ____D () C:\FRST
2014-12-08 21:04 - 2014-12-08 21:04 - 01111040 _____ (Farbar) C:\Users\Franzi\Desktop\FRST.exe
2014-11-19 11:32 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-11-19 11:32 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
2014-11-13 21:04 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2014-11-13 21:03 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-11-13 21:03 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-11-13 21:03 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-11-13 21:03 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-11-13 21:03 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-11-13 21:03 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-11-13 21:03 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-11-13 21:03 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-11-13 21:03 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-11-13 21:03 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL
2014-11-13 21:02 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-11-13 21:02 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-11-13 21:02 - 2014-11-06 04:28 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-11-13 21:02 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-11-13 21:02 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-11-13 21:02 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-11-13 21:02 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-11-13 21:02 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-11-13 21:02 - 2014-11-06 03:59 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-11-13 21:02 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-11-13 21:02 - 2014-11-06 03:51 - 00667648 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-11-13 21:02 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-11-13 21:02 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-13 21:02 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-11-13 21:02 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-11-13 21:02 - 2014-11-06 03:22 - 00683008 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-11-13 21:02 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-11-13 21:02 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-11-13 21:02 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-11-13 21:02 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-11-13 21:02 - 2014-11-05 18:50 - 00254464 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-11-13 21:02 - 2014-11-05 18:50 - 00203776 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-11-13 21:02 - 2014-11-05 18:47 - 00302592 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-11-13 21:02 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-11-13 21:02 - 2014-10-14 02:56 - 00136632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-11-13 21:02 - 2014-10-14 02:50 - 01059840 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-11-13 21:02 - 2014-10-14 02:50 - 00523776 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-11-13 21:02 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2014-11-13 21:02 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2014-11-13 21:02 - 2014-10-10 01:45 - 02379264 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-11-13 21:02 - 2014-10-03 02:44 - 00475136 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2014-11-13 21:02 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2014-11-13 21:02 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2014-11-13 21:02 - 2014-10-03 02:44 - 00275968 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2014-11-13 21:02 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2014-11-13 21:01 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-11-13 21:01 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-11-13 21:01 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-11-13 21:01 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-11-13 21:01 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-11-13 21:01 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-11-13 21:01 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-11-13 21:01 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-11-13 21:01 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-11-13 21:01 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-08 21:08 - 2014-09-11 21:08 - 01685933 _____ () C:\windows\WindowsUpdate.log
2014-12-08 21:05 - 2009-07-14 05:34 - 00016160 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-08 21:05 - 2009-07-14 05:34 - 00016160 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-08 20:40 - 2014-09-11 13:20 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-12-08 20:13 - 2009-07-14 05:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-08 20:13 - 2009-07-14 05:39 - 00072630 _____ () C:\windows\setupact.log
2014-12-08 00:09 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\Microsoft.NET
2014-12-07 23:41 - 2014-09-11 12:37 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-12-07 20:39 - 2011-04-21 01:32 - 00590964 _____ () C:\windows\PFRO.log
2014-12-03 19:30 - 2014-09-11 13:26 - 00000000 ____D () C:\Users\Franzi\Gemeinde
2014-11-28 20:40 - 2014-09-11 13:20 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-11-28 20:40 - 2014-09-11 13:20 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-19 10:31 - 2009-07-14 05:33 - 00633960 _____ () C:\windows\system32\FNTCACHE.DAT
2014-11-17 20:57 - 2014-09-12 05:31 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-11-17 20:57 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\system32\nl-NL
2014-11-17 20:57 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\system32\it-IT
2014-11-17 20:57 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\system32\fr-FR
2014-11-17 20:57 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\system32\de-DE
2014-11-17 20:38 - 2014-09-16 11:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-17 20:16 - 2014-09-12 00:39 - 00000000 ____D () C:\windows\system32\MRT
2014-11-17 19:56 - 2014-09-12 00:39 - 100445232 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-11-17 19:36 - 2014-09-11 13:08 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-14 21:48 - 2014-09-15 21:02 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-14 21:30 - 2014-09-17 10:49 - 00000000 ____D () C:\Users\Franzi\AppData\Roaming\vlc
Some content of TEMP:
====================
C:\Users\Franzi\AppData\Local\Temp\ad2li4sf.dll
C:\Users\Franzi\AppData\Local\Temp\avgnt.exe
C:\Users\Franzi\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Franzi\AppData\Local\Temp\Offercast_AVIRAV7_.exe
C:\Users\Franzi\AppData\Local\Temp\ose00000.exe
C:\Users\Franzi\AppData\Local\Temp\pyl364D.tmp.exe
C:\Users\Franzi\AppData\Local\Temp\pyl4E1.tmp.exe
C:\Users\Franzi\AppData\Local\Temp\pyl6161.tmp.exe
C:\Users\Franzi\AppData\Local\Temp\pyl7158.tmp.exe
C:\Users\Franzi\AppData\Local\Temp\pyl8FFF.tmp.exe
C:\Users\Franzi\AppData\Local\Temp\pylACB2.tmp.exe
C:\Users\Franzi\AppData\Local\Temp\pylB402.tmp.exe
C:\Users\Franzi\AppData\Local\Temp\Setup.exe
C:\Users\Franzi\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Franzi\AppData\Local\Temp\vlc-2.1.5-win32.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-01 14:48
==================== End Of Log ============================
Ich hoffe, es kann mir jemand helfen. Danke schonmal! |
| Themen zu Windows 7: Schwarzer Desktop und "Computer" läuft |
| administrator, adobe, antivir, avira, browser, computer, desktop, explorer, firefox, flash player, helper, iexplore.exe, mozilla, opera, pdf, problem, realtek, registry, schwarzer desktop, services.exe, software, svchost.exe, system, temp, virus, windows, winlogon.exe |
Baum-Darstellung