 | |
| Lutz Blimke | 05.02.2015 09:15 |
mein pc gesperrt, nach der anmeldung
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015 01
Ran by SYSTEM on MININT-7LGRQIM on 05-02-2015 02:39:38
Running from e:\
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM-x32\...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1226024 2010-02-22] (Nero AG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CommonToolkitTray] => C:\Program Files (x86)\Fighters\Tray\FightersTray.exe [1497120 2013-04-29] (SPAMfighter ApS)
HKLM-x32\...\Run: [sfagent] => C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe [1065504 2013-06-14] (SPAMfighter ApS)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1140688 2015-01-16] (AVG Technologies CZ, s.r.o.)
HKU\Lutz Blimke\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2013-01-16] (Hewlett-Packard Company)
HKU\Lutz Blimke\...\Run: [phonostar-PlayerTimer] => C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe [42496 2013-04-25] ()
HKU\Lutz Blimke\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\Lutz Blimke\...\Run: [Duden Korrektor SysTray] => C:\Program Files (x86)\Duden\Duden Korrektor\DKTray.exe [479776 2013-05-17] (Expert System S.p.A.)
HKU\Lutz Blimke\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [473464 2014-03-17] (TomTom)
HKU\Lutz Blimke\...\Run: [Google Update] => C:\Users\Lutz Blimke\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2015-01-17] (Google Inc.)
HKU\Lutz Blimke\...\Run: [MusicManager] => C:\Users\Lutz Blimke\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7475200 2014-11-13] (Google Inc.)
HKU\Lutz Blimke\...\Winlogon: [Userinit] C:\Users\Lutz Blimke\AppData\Roaming\loadit.exe [605378 2015-02-04] ()
HKU\Lutz Blimke\...\Winlogon: [Shell] C:\Users\Lutz Blimke\AppData\Roaming\loadit.exe [605378 2015-02-04] () <==== ATTENTION
HKU\UpdatusUser\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
IFEO\backitup.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\dktray.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\dudenbib.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\excel.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\hpwucli.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\lightscribecontrolpanel.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\lslauncher.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\msoxmled.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\mstore.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\offdiag.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\ois.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\onenote.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\phonostar.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\powerpnt.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\skype.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\spamcfg.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\teamviewer.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\webupdate.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\winword.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
Startup: C:\Users\Lutz Blimke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk
ShortcutTarget: AutoStarter.lnk -> C:\windows\system32\config\systemprofile\AppData\Roaming\autostarter.exe (No File)
Startup: C:\Users\Lutz Blimke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk
ShortcutTarget: ja.lnk -> C:\windows\system32\config\systemprofile\AppData\Roaming\loadit.exe (No File)
Startup: C:\Users\Lutz Blimke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar.lnk
ShortcutTarget: Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
S2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [865744 2015-01-16] (AVG Technologies CZ, s.r.o.)
S2 HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [581632 2013-05-15] (Hauppauge Computer Works)
S4 SPAMfighter Update Service; C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe [216608 2013-06-14] (SPAMfighter ApS)
S4 Suite Service; C:\Program Files (x86)\Fighters\FighterSuiteService.exe [1281568 2013-05-29] (SPAMfighter ApS)
S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5419792 2014-11-28] (TeamViewer GmbH)
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2604856 2014-11-24] (AVG Technologies)
S2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [42808 2014-11-24] (AVG Technologies)
S2 UxTuneUp; C:\Windows\SysWOW64\uxtuneup.dll [35640 2014-11-24] (AVG Technologies)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 hcw95bda; C:\Windows\System32\Drivers\hcw95bda.sys [658944 2013-04-22] (Hauppauge Computer Works, Inc.)
S3 hcw95rc; C:\Windows\system32\DRIVERS\hcw95rc.sys [19840 2013-04-22] (Hauppauge Computer Works, Inc.)
S3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [47320 2013-07-29] (Realtek Microelectronics)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2014-08-28] (TuneUp Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-05 02:31 - 2015-02-05 02:33 - 00000000 ____D () C:\FRST
2015-02-05 02:21 - 2015-02-05 02:22 - 00000000 _____ () C:\Recovery.txt
2015-02-04 19:47 - 2015-02-04 19:48 - 00605378 _____ () C:\Users\Lutz Blimke\AppData\Roaming\loadit.exe
2015-02-04 19:47 - 2015-02-04 19:47 - 00000032 _____ () C:\Users\Lutz Blimke\AppData\Roaming\url.txt
2015-02-04 19:27 - 2014-12-30 23:50 - 56384901 _____ () C:\Users\Lutz Blimke\AppData\Roaming\autostarter.exe
2015-02-04 18:28 - 2015-02-04 19:30 - 00000000 ____D () C:\Users\Lutz Blimke\Documents\Usenet.nl
2015-02-04 18:28 - 2015-02-04 19:27 - 00000000 ____D () C:\Users\Lutz Blimke\AppData\Roaming\Usenet.nl
2015-02-04 18:28 - 2015-02-04 18:28 - 00001914 _____ () C:\Users\Lutz Blimke\Desktop\Usenet.nl.lnk
2015-02-04 18:28 - 2015-02-04 18:28 - 00000000 ____D () C:\Program Files (x86)\Usenet.nl
2015-02-01 17:19 - 2015-02-01 17:19 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-20 16:41 - 2015-01-20 16:41 - 00003862 _____ () C:\Windows\System32\Tasks\Google Update
2015-01-19 19:31 - 2015-01-20 16:15 - 00000000 ____D () C:\Program Files\WajaWebEnhancer
2015-01-19 19:30 - 2015-01-19 19:31 - 00000000 ____D () C:\Users\Lutz Blimke\AppData\Local\SearchProtect
2015-01-19 19:30 - 2015-01-19 19:30 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2015-01-19 19:17 - 2015-01-19 19:17 - 00000000 ____D () C:\Users\Lutz Blimke\AppData\Local\Nero
2015-01-19 19:14 - 2015-01-19 19:14 - 00001658 _____ () C:\Users\Lutz Blimke\Downloads\Halibutskole Vandve August 2013.mp4
2015-01-19 19:13 - 2015-01-19 19:15 - 153961345 _____ () C:\Users\Lutz Blimke\Downloads\Angeln Vandve.zip
2015-01-17 19:53 - 2015-02-04 20:58 - 00000942 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2928703975-1086931977-2508328140-1001UA.job
2015-01-17 19:53 - 2015-02-04 19:58 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2928703975-1086931977-2508328140-1001Core.job
2015-01-17 19:53 - 2015-01-17 19:53 - 00880784 _____ (Google Inc.) C:\Users\Lutz Blimke\Downloads\musicmanagerinstaller.exe
2015-01-17 19:53 - 2015-01-17 19:53 - 00003900 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2928703975-1086931977-2508328140-1001UA
2015-01-17 19:53 - 2015-01-17 19:53 - 00003520 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2928703975-1086931977-2508328140-1001Core
2015-01-15 16:03 - 2015-02-04 23:09 - 00012545 _____ () C:\Windows\setupact.log
2015-01-14 15:39 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys
2015-01-14 15:39 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2015-01-14 15:39 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2015-01-14 15:39 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2015-01-14 15:39 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2015-01-14 15:39 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 15:38 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2015-01-14 15:38 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ahcache.sys
2015-01-14 15:38 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\System32\wer.dll
2015-01-14 15:38 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\System32\ci.dll
2015-01-14 15:38 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-14 15:38 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\System32\Faultrep.dll
2015-01-14 15:38 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-14 15:38 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\System32\EncDump.dll
2015-01-14 15:38 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\System32\WerFaultSecure.exe
2015-01-14 15:38 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-14 15:38 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\System32\AudioEndpointBuilder.dll
2015-01-14 15:38 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\System32\WerFault.exe
2015-01-14 15:38 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\System32\wermgr.exe
2015-01-14 15:38 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\System32\AudioSes.dll
2015-01-14 15:38 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
2015-01-14 15:38 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\System32\AUDIOKSE.dll
2015-01-14 15:38 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\System32\audiodg.exe
2015-01-14 15:38 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2015-01-14 15:38 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2015-01-14 15:38 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-14 15:38 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-14 15:38 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-14 15:38 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\System32\werdiagcontroller.dll
2015-01-14 15:38 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2015-01-14 15:38 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
2015-01-07 19:11 - 2015-01-07 19:12 - 00000000 ____D () C:\Users\Lutz Blimke\Documents\DEVK
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-04 23:09 - 2013-10-23 16:41 - 00000000 ____D () C:\users\Lutz Blimke
2015-02-04 23:09 - 2013-10-23 16:37 - 00000000 _____ () C:\Windows\System32\Drivers\lvuvc.hs
2015-02-04 23:09 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-04 23:06 - 2013-08-17 14:53 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-04 22:58 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\System32\sru
2015-02-04 22:56 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\registration
2015-02-04 20:34 - 2013-08-17 14:53 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-04 20:23 - 2013-10-23 16:52 - 01858548 _____ () C:\Windows\WindowsUpdate.log
2015-02-04 19:48 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\System32\config\BBI
2015-02-04 19:47 - 2013-08-17 13:25 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2928703975-1086931977-2508328140-1001
2015-02-04 19:42 - 2013-10-24 15:37 - 00000000 ____D () C:\Users\Lutz Blimke\AppData\Local\Sidebar7
2015-02-04 19:42 - 2013-10-23 17:02 - 00000000 ___DO () C:\Users\Lutz Blimke\SkyDrive
2015-02-04 19:32 - 2014-04-24 19:36 - 00000000 ____D () C:\Users\Lutz Blimke\AppData\Roaming\ClassicShell
2015-02-04 19:22 - 2013-09-30 05:14 - 01785582 _____ () C:\Windows\System32\PerfStringBackup.INI
2015-02-04 19:22 - 2013-09-30 04:56 - 00767850 _____ () C:\Windows\System32\perfh007.dat
2015-02-04 19:22 - 2013-09-30 04:56 - 00160170 _____ () C:\Windows\System32\perfc007.dat
2015-02-04 18:50 - 2013-08-17 14:28 - 00000000 ____D () C:\Users\Lutz Blimke\AppData\Roaming\vlc
2015-02-04 15:47 - 2014-06-28 20:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-04 15:47 - 2013-09-29 20:04 - 03366904 _____ () C:\Windows\PFRO.log
2015-02-04 15:44 - 2014-01-13 17:32 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E0FF401A-5BBB-4199-A843-1B4411132F6D}
2015-02-04 15:44 - 2013-08-29 09:42 - 00000000 ____D () C:\Users\Lutz Blimke\Documents\Eigene Scans
2015-01-28 16:41 - 2012-07-26 08:59 - 00000000 ____D () C:\Windows\CbsTemp
2015-01-27 18:28 - 2014-07-30 15:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-25 14:44 - 2013-08-18 17:26 - 00000000 ____D () C:\Windows\System32\MRT
2015-01-25 14:40 - 2013-08-18 17:26 - 113365784 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2015-01-24 21:20 - 2014-08-17 07:47 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 21:20 - 2014-08-17 07:47 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-22 16:44 - 2013-08-18 09:10 - 00000000 ____D () C:\Users\Lutz Blimke\Documents\Steuerfälle
2015-01-21 15:45 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-01-20 16:40 - 2013-08-17 14:04 - 00000000 ____D () C:\Users\Lutz Blimke\AppData\Local\Microsoft Help
2015-01-20 16:13 - 2014-04-24 19:36 - 00000000 ____D () C:\ProgramData\ClassicShell
2015-01-20 16:13 - 2013-08-19 16:21 - 00000000 ____D () C:\Users\Lutz Blimke\AppData\Roaming\FreeAudioPack
2015-01-20 16:13 - 2013-08-17 15:25 - 00000000 ____D () C:\Users\Lutz Blimke\AppData\Roaming\DVDVideoSoft
2015-01-17 19:54 - 2013-08-17 14:57 - 00000000 ____D () C:\Users\Lutz Blimke\AppData\Local\Google
2015-01-16 16:58 - 2013-08-17 15:30 - 00003696 _____ () C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2015-01-16 15:58 - 2014-11-27 15:55 - 00002230 _____ () C:\Users\Public\Desktop\SteuerSparErklärung 2015.lnk
2015-01-10 14:29 - 2014-07-24 16:27 - 00019456 ___SH () C:\Users\Lutz Blimke\Documents\Thumbs.db
Some content of TEMP:
====================
C:\Users\Lutz Blimke\AppData\Local\Temp\avguirn_08923936978.exe
Some zero byte size files/folders:
==========================
X:\windows\system32\frst64.exe
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2014-09-14 18:14] - [2014-08-23 08:48] - 2374784 ____A (Microsoft Corporation) ACDBE1ED38167C8B01B8F63161BB2CEA
C:\Windows\SysWOW64\explorer.exe
[2014-09-14 18:14] - [2014-08-23 08:13] - 2084520 ____A (Microsoft Corporation) 195822ACCDAA2B4815DD01BAFC335595
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2014-11-12 15:53] - [2014-09-22 05:38] - 1519488 ____A (Microsoft Corporation) F0A117D19873FCDF801F082F33BFBB6C
C:\Windows\SysWOW64\User32.dll
[2014-11-12 15:53] - [2014-09-19 01:16] - 1346048 ____A (Microsoft Corporation) 5F333FDBF392850373C89BDA31EBEC1B
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2014-09-14 18:14] - [2014-06-19 03:13] - 0310080 ___AC (Microsoft Corporation) 64CA2B4A49A8EAF495E435623ECCE7DB
==================== Restore Points =========================
Restore point made on: 2015-01-20 16:05:58
Restore point made on: 2015-01-25 14:39:40
Restore point made on: 2015-01-28 16:41:14
Restore point made on: 2015-02-04 21:22:10
==================== Memory info ===========================
Percentage of memory in use: 18%
Total physical RAM: 3967.3 MB
Available physical RAM: 3235.14 MB
Total Pagefile: 3967.3 MB
Available Pagefile: 3258.4 MB
Total Virtual: 131072 MB
Available Virtual: 131071.87 MB
==================== Drives ================================
Drive c: (Windows 8) (Fixed) (Total:194.97 GB) (Free:142.51 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (privat Daten) (Fixed) (Total:22.49 GB) (Free:12.06 GB) NTFS
Drive e: () (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT
Drive f: (System-reserviert) (Fixed) (Total:0.34 GB) (Free:0.11 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (Video) (Fixed) (Total:48.83 GB) (Free:36.94 GB) NTFS
Drive h: (Video) (Fixed) (Total:86.4 GB) (Free:79.22 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.49 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 91257641)
Partition 1: (Not Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=195 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 232.9 GB) (Disk ID: 316BDBE5)
Partition 1: (Not Active) - (Size=22.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=48.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=86.4 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 1.9 GB) (Disk ID: 6E652072)
No partition Table on disk 2.
LastRegBack: 2015-02-04 20:08
==================== End Of Log ============================
|
| schrauber | 05.02.2015 09:21 |
Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.
Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
HKU\Lutz Blimke\...\Winlogon: [Userinit] C:\Users\Lutz Blimke\AppData\Roaming\loadit.exe [605378 2015-02-04] ()
HKU\Lutz Blimke\...\Winlogon: [Shell] C:\Users\Lutz Blimke\AppData\Roaming\loadit.exe [605378 2015-02-04] () <==== ATTENTION
Startup: C:\Users\Lutz Blimke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk
ShortcutTarget: AutoStarter.lnk -> C:\windows\system32\config\systemprofile\AppData\Roaming\autostarter.exe (No File)
Startup: C:\Users\Lutz Blimke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk
ShortcutTarget: ja.lnk -> C:\windows\system32\config\systemprofile\AppData\Roaming\loadit.exe (No File)
2015-02-04 19:47 - 2015-02-04 19:48 - 00605378 _____ () C:\Users\Lutz Blimke\AppData\Roaming\loadit.exe
2015-02-04 19:47 - 2015-02-04 19:47 - 00000032 _____ () C:\Users\Lutz Blimke\AppData\Roaming\url.txt
2015-02-04 19:27 - 2014-12-30 23:50 - 56384901 _____ () C:\Users\Lutz Blimke\AppData\Roaming\autostarter.exe
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem USB Stick. - Starte deinen Rechner erneut in die Reparaturoptionen
- Starte nun die FRST.exe erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.
Rechner normal starten. |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 20:11 Uhr. | |
Copyright ©2000-2025, Trojaner-Board
Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.