Weißer Bildschirm nach Start (Windows 7)

xaii · 24.02.2013, 13:39

Hallo,

so habe nun alles wie beschrieben ausgeführt und bekam folgendes logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-02-2013 01
Ran by SYSTEM at 24-02-2013 13:30:51
Running from F:\
Windows 7 Ultimate  Service Pack 1 (X64) OS Language: German Standard 
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_05\bin\jusched.exe" [144784 2008-02-22] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-07-31] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3508624 2011-12-27] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [gema.] C:\ProgramData\gema\gema.exe [x]
HKU\Litwin\...\Run: []  [x]
HKU\Litwin\...\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray [1083264 2012-01-10] (Nokia)
HKU\Litwin\...\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s [937360 2011-12-27] (Samsung)
HKU\Litwin\...\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21392 2011-12-27] ()
HKU\Litwin\...\Run: [gema] C:\Users\Litwin\AppData\Roaming\gema\gema.exe [x]
HKU\Litwin\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [x]
HKU\Litwin\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17418928 2012-07-13] (Skype Technologies S.A.)
HKU\Litwin\...\Run: [Google Update] "C:\Users\Litwin\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-12-04] (Google Inc.)
HKU\Litwin\...\Run: [Osinloud] C:\Users\Litwin\AppData\Roaming\Lourd\kodu.exe [262503 2012-03-06] ()
HKU\Litwin\...\Winlogon: [Shell] explorer.exe,C:\Users\Litwin\AppData\Roaming\skype.dat [83968 2011-11-17] ()
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$024924da93d134979c252fad80ebb2eb\n. ATTENTION! ====> ZeroAccess
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Startup: C:\ProgramData\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Schnellstart.lnk
ShortcutTarget: Microsoft Office OneNote 2003 Schnellstart.lnk -> C:\Program Files (x86)\Microsoft Office\OFFICE11\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) ===================

2 AntiVirSchedulerService; "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" [86224 2012-05-15] (Avira Operations GmbH & Co. KG)
2 AntiVirService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [110032 2012-05-15] (Avira Operations GmbH & Co. KG)

==================== Drivers (Whitelisted) =====================

2 avgntflt; C:\Windows\System32\Drivers\avgntflt.sys [98848 2012-05-15] (Avira GmbH)
1 avipbb; C:\Windows\System32\Drivers\avipbb.sys [132832 2012-05-15] (Avira GmbH)
1 avkmgr; C:\Windows\System32\Drivers\avkmgr.sys [27760 2011-12-15] (Avira GmbH)
3 RTL8187B; C:\Windows\System32\Drivers\RTL8187B.sys [416768 2009-06-10] (Realtek Semiconductor Corporation                           )
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2013-02-23 13:00 - 2013-02-23 23:34 - 00000004 ____A C:\Users\Litwin\AppData\Roaming\skype.ini
2013-02-23 12:55 - 2013-02-23 23:13 - 00000346 ____A C:\Windows\Tasks\At48.job
2013-02-23 12:55 - 2013-02-23 23:13 - 00000346 ____A C:\Windows\Tasks\At47.job
2013-02-23 12:55 - 2013-02-23 23:13 - 00000346 ____A C:\Windows\Tasks\At46.job
2013-02-23 12:55 - 2013-02-23 23:13 - 00000346 ____A C:\Windows\Tasks\At45.job
2013-02-23 12:55 - 2013-02-23 23:13 - 00000346 ____A C:\Windows\Tasks\At44.job
2013-02-23 12:55 - 2013-02-23 23:13 - 00000346 ____A C:\Windows\Tasks\At43.job
2013-02-23 12:55 - 2013-02-23 13:02 - 00000112 ____A C:\ProgramData\iF1mrBp.dat
2013-02-23 12:55 - 2013-02-23 12:55 - 00000001 ____A C:\ProgramData\015y673l.exe_.b
2013-02-23 12:55 - 2013-02-23 12:55 - 00000001 ____A C:\ProgramData\015y673l.exe.b
2013-02-23 12:54 - 2013-02-23 23:13 - 00000346 ____A C:\Windows\Tasks\At42.job
2013-02-23 12:54 - 2013-02-23 23:13 - 00000346 ____A C:\Windows\Tasks\At41.job
2013-02-23 12:54 - 2013-02-23 23:13 - 00000346 ____A C:\Windows\Tasks\At37.job
2013-02-23 12:54 - 2013-02-23 23:13 - 00000346 ____A C:\Windows\Tasks\At36.job
2013-02-23 12:54 - 2013-02-23 23:13 - 00000346 ____A C:\Windows\Tasks\At35.job
2013-02-23 12:54 - 2013-02-23 23:13 - 00000346 ____A C:\Windows\Tasks\At34.job
2013-02-23 12:54 - 2013-02-23 23:13 - 00000346 ____A C:\Windows\Tasks\At33.job
2013-02-23 12:54 - 2013-02-23 23:13 - 00000346 ____A C:\Windows\Tasks\At32.job
2013-02-23 12:54 - 2013-02-23 23:13 - 00000346 ____A C:\Windows\Tasks\At31.job
2013-02-23 12:54 - 2013-02-23 23:13 - 00000346 ____A C:\Windows\Tasks\At30.job
2013-02-23 12:54 - 2013-02-23 23:13 - 00000346 ____A C:\Windows\Tasks\At29.job
2013-02-23 12:54 - 2013-02-23 23:13 - 00000346 ____A C:\Windows\Tasks\At28.job
2013-02-23 12:54 - 2013-02-23 23:13 - 00000346 ____A C:\Windows\Tasks\At27.job
2013-02-23 12:54 - 2013-02-23 23:13 - 00000346 ____A C:\Windows\Tasks\At26.job
2013-02-23 12:54 - 2013-02-23 23:13 - 00000346 ____A C:\Windows\Tasks\At25.job
2013-02-23 12:54 - 2013-02-23 23:13 - 00000344 ____A C:\Windows\Tasks\At9.job
2013-02-23 12:54 - 2013-02-23 23:13 - 00000344 ____A C:\Windows\Tasks\At8.job
2013-02-23 12:54 - 2013-02-23 23:13 - 00000344 ____A C:\Windows\Tasks\At7.job
2013-02-23 12:54 - 2013-02-23 23:13 - 00000344 ____A C:\Windows\Tasks\At6.job
2013-02-23 12:54 - 2013-02-23 23:13 - 00000344 ____A C:\Windows\Tasks\At5.job
2013-02-23 12:54 - 2013-02-23 23:13 - 00000344 ____A C:\Windows\Tasks\At4.job
2013-02-23 12:54 - 2013-02-23 23:13 - 00000344 ____A C:\Windows\Tasks\At3.job
2013-02-23 12:54 - 2013-02-23 23:13 - 00000344 ____A C:\Windows\Tasks\At24.job
2013-02-23 12:54 - 2013-02-23 23:13 - 00000344 ____A C:\Windows\Tasks\At23.job
2013-02-23 12:54 - 2013-02-23 23:13 - 00000344 ____A C:\Windows\Tasks\At22.job
2013-02-23 12:54 - 2013-02-23 23:13 - 00000344 ____A C:\Windows\Tasks\At21.job
2013-02-23 12:54 - 2013-02-23 23:13 - 00000344 ____A C:\Windows\Tasks\At20.job
2013-02-23 12:54 - 2013-02-23 23:13 - 00000344 ____A C:\Windows\Tasks\At2.job
2013-02-23 12:54 - 2013-02-23 23:13 - 00000344 ____A C:\Windows\Tasks\At19.job
2013-02-23 12:54 - 2013-02-23 23:13 - 00000344 ____A C:\Windows\Tasks\At18.job
2013-02-23 12:54 - 2013-02-23 23:13 - 00000344 ____A C:\Windows\Tasks\At17.job
2013-02-23 12:54 - 2013-02-23 23:13 - 00000344 ____A C:\Windows\Tasks\At13.job
2013-02-23 12:54 - 2013-02-23 23:13 - 00000344 ____A C:\Windows\Tasks\At12.job
2013-02-23 12:54 - 2013-02-23 23:13 - 00000344 ____A C:\Windows\Tasks\At11.job
2013-02-23 12:54 - 2013-02-23 23:13 - 00000344 ____A C:\Windows\Tasks\At10.job
2013-02-23 12:54 - 2013-02-23 23:13 - 00000344 ____A C:\Windows\Tasks\At1.job
2013-02-23 12:54 - 2013-02-23 15:03 - 00000346 ____A C:\Windows\Tasks\At40.job
2013-02-23 12:54 - 2013-02-23 15:03 - 00000346 ____A C:\Windows\Tasks\At39.job
2013-02-23 12:54 - 2013-02-23 15:03 - 00000344 ____A C:\Windows\Tasks\At16.job
2013-02-23 12:54 - 2013-02-23 15:03 - 00000344 ____A C:\Windows\Tasks\At15.job
2013-02-23 12:54 - 2013-02-23 13:11 - 00000000 ____D C:\Users\Litwin\AppData\Roaming\Ykyded
2013-02-23 12:54 - 2013-02-23 13:01 - 00000344 ____A C:\Windows\Tasks\At14.job
2013-02-23 12:54 - 2013-02-23 13:00 - 00000346 ____A C:\Windows\Tasks\At38.job
2013-02-23 12:54 - 2013-02-23 12:58 - 00156160 ____A C:\ProgramData\015y673l.exe
2013-02-23 12:54 - 2013-02-23 12:54 - 00177152 ____A C:\ProgramData\015y673l.exe_
2013-02-23 12:54 - 2013-02-23 12:54 - 00000000 ____D C:\Users\Litwin\AppData\Roaming\Tupiog
2013-02-23 12:54 - 2013-02-23 12:54 - 00000000 ____D C:\Users\Litwin\AppData\Roaming\Lourd
2013-02-21 20:53 - 2013-02-21 20:53 - 00352680 ____A C:\Windows\Minidump\022113-19796-01.dmp
2013-02-17 19:22 - 2013-01-09 02:48 - 17812992 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-02-17 19:22 - 2013-01-09 02:22 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-02-17 19:22 - 2013-01-09 02:19 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-02-17 19:22 - 2013-01-09 02:12 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-02-17 19:22 - 2013-01-09 02:12 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-02-17 19:22 - 2013-01-09 02:11 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-02-17 19:22 - 2013-01-09 02:10 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-02-17 19:22 - 2013-01-09 02:09 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-02-17 19:22 - 2013-01-09 02:07 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-02-17 19:22 - 2013-01-09 02:07 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-02-17 19:22 - 2013-01-09 02:07 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-02-17 19:22 - 2013-01-09 02:06 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-02-17 19:22 - 2013-01-09 02:05 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-02-17 19:22 - 2013-01-09 02:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-02-17 19:22 - 2013-01-09 02:04 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-02-17 19:22 - 2013-01-09 02:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-02-17 19:22 - 2013-01-08 23:23 - 12321280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-02-17 19:22 - 2013-01-08 23:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-02-17 19:22 - 2013-01-08 23:09 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-02-17 19:22 - 2013-01-08 23:03 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-02-17 19:22 - 2013-01-08 23:03 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-02-17 19:22 - 2013-01-08 23:03 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-02-17 19:22 - 2013-01-08 23:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-02-17 19:22 - 2013-01-08 23:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-02-17 19:22 - 2013-01-08 22:59 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-02-17 19:22 - 2013-01-08 22:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-02-17 19:22 - 2013-01-08 22:58 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-02-17 19:22 - 2013-01-08 22:57 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-02-17 19:22 - 2013-01-08 22:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-02-17 19:22 - 2013-01-08 22:56 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-02-17 19:22 - 2013-01-08 22:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-02-17 19:22 - 2013-01-08 22:53 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-02-16 18:54 - 2013-01-05 06:53 - 05553512 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-02-16 18:54 - 2013-01-05 06:00 - 03967848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-02-16 18:54 - 2013-01-05 06:00 - 03913064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-02-16 18:54 - 2013-01-04 04:26 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-02-16 18:53 - 2013-01-04 06:46 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-02-16 18:53 - 2013-01-04 05:51 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-02-16 18:53 - 2013-01-04 03:47 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-02-16 18:53 - 2013-01-04 03:47 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-02-16 18:53 - 2013-01-04 03:47 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-02-16 18:53 - 2013-01-04 03:47 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-02-16 18:53 - 2013-01-03 07:00 - 01913192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-02-16 18:53 - 2013-01-03 07:00 - 00288088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2013-02-11 15:58 - 2013-02-11 15:58 - 00002491 ____A C:\Users\Litwin\Desktop\bewerbung5.lnk
2013-02-11 13:32 - 2013-02-11 13:32 - 00001156 ____A C:\Users\Litwin\Desktop\rcpt__554__homework__12__2__2013-02-11_13-32-08.zip
2013-02-11 13:28 - 2013-02-11 13:28 - 00001040 ____A C:\Users\Litwin\Desktop\rcpt__554__homework__12__2__2013-02-11_13-28-32.zip
2013-02-11 13:27 - 2013-02-11 13:27 - 00000994 ____A C:\Users\Litwin\Desktop\rcpt__554__homework__12__2__2013-02-11_13-27-16.zip
2013-02-11 13:26 - 2013-02-11 13:26 - 00000937 ____A C:\Users\Litwin\Desktop\rcpt__554__homework__12__2__2013-02-11_13-26-36.zip
2013-02-11 12:35 - 2013-02-11 12:35 - 00001147 ____A C:\Users\Litwin\Desktop\rcpt__554__homework__12__1__2013-02-11_12-35-39.zip
2013-02-11 12:21 - 2013-02-11 12:21 - 00001034 ____A C:\Users\Litwin\Desktop\rcpt__554__homework__12__1__2013-02-11_12-21-52.zip
2013-02-11 12:03 - 2013-02-11 12:03 - 00000998 ____A C:\Users\Litwin\Desktop\rcpt__554__homework__12__1__2013-02-11_12-03-40.zip
2013-02-11 11:54 - 2013-02-11 11:54 - 00000887 ____A C:\Users\Litwin\Desktop\rcpt__554__homework__12__1__2013-02-11_11-54-32.zip
2013-02-08 23:53 - 2013-02-08 23:53 - 00000896 ____A C:\Users\Litwin\Desktop\rcpt__554__homework__13__1__2013-02-08_23-53-03.zip
2013-02-08 23:40 - 2013-02-08 23:40 - 00000886 ____A C:\Users\Litwin\Desktop\rcpt__554__homework__13__1__2013-02-08_23-40-46.zip
2013-02-06 19:43 - 2013-02-06 19:43 - 00329808 ____A C:\Windows\Minidump\020613-22308-01.dmp
2013-02-06 15:41 - 2013-02-06 15:41 - 00330992 ____A C:\Windows\Minidump\020613-23353-01.dmp
2013-02-05 18:18 - 2013-02-05 18:19 - 00329864 ____A C:\Windows\Minidump\020513-20763-01.dmp


==================== One Month Modified Files and Folders =======

2013-02-23 23:34 - 2013-02-23 13:00 - 00000004 ____A C:\Users\Litwin\AppData\Roaming\skype.ini
2013-02-23 23:31 - 2009-07-14 03:34 - 00000591 ____A C:\Windows\win.ini
2013-02-23 23:28 - 2009-07-14 05:45 - 00021280 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-02-23 23:28 - 2009-07-14 05:45 - 00021280 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-02-23 23:24 - 2011-12-30 13:03 - 02057207 ____A C:\Windows\WindowsUpdate.log
2013-02-23 23:19 - 2011-10-11 20:59 - 00066248 ____A C:\Windows\setupact.log
2013-02-23 23:19 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-02-23 23:15 - 2012-08-14 14:55 - 00000000 ____D C:\Users\Litwin\AppData\Roaming\Skype
2013-02-23 23:13 - 2013-02-23 12:55 - 00000346 ____A C:\Windows\Tasks\At48.job
2013-02-23 23:13 - 2013-02-23 12:55 - 00000346 ____A C:\Windows\Tasks\At47.job
2013-02-23 23:13 - 2013-02-23 12:55 - 00000346 ____A C:\Windows\Tasks\At46.job
2013-02-23 23:13 - 2013-02-23 12:55 - 00000346 ____A C:\Windows\Tasks\At45.job
2013-02-23 23:13 - 2013-02-23 12:55 - 00000346 ____A C:\Windows\Tasks\At44.job
2013-02-23 23:13 - 2013-02-23 12:55 - 00000346 ____A C:\Windows\Tasks\At43.job
2013-02-23 23:13 - 2013-02-23 12:54 - 00000346 ____A C:\Windows\Tasks\At42.job
2013-02-23 23:13 - 2013-02-23 12:54 - 00000346 ____A C:\Windows\Tasks\At41.job
2013-02-23 23:13 - 2013-02-23 12:54 - 00000346 ____A C:\Windows\Tasks\At37.job
2013-02-23 23:13 - 2013-02-23 12:54 - 00000346 ____A C:\Windows\Tasks\At36.job
2013-02-23 23:13 - 2013-02-23 12:54 - 00000346 ____A C:\Windows\Tasks\At35.job
2013-02-23 23:13 - 2013-02-23 12:54 - 00000346 ____A C:\Windows\Tasks\At34.job
2013-02-23 23:13 - 2013-02-23 12:54 - 00000346 ____A C:\Windows\Tasks\At33.job
2013-02-23 23:13 - 2013-02-23 12:54 - 00000346 ____A C:\Windows\Tasks\At32.job
2013-02-23 23:13 - 2013-02-23 12:54 - 00000346 ____A C:\Windows\Tasks\At31.job
2013-02-23 23:13 - 2013-02-23 12:54 - 00000346 ____A C:\Windows\Tasks\At30.job
2013-02-23 23:13 - 2013-02-23 12:54 - 00000346 ____A C:\Windows\Tasks\At29.job
2013-02-23 23:13 - 2013-02-23 12:54 - 00000346 ____A C:\Windows\Tasks\At28.job
2013-02-23 23:13 - 2013-02-23 12:54 - 00000346 ____A C:\Windows\Tasks\At27.job
2013-02-23 23:13 - 2013-02-23 12:54 - 00000346 ____A C:\Windows\Tasks\At26.job
2013-02-23 23:13 - 2013-02-23 12:54 - 00000346 ____A C:\Windows\Tasks\At25.job
2013-02-23 23:13 - 2013-02-23 12:54 - 00000344 ____A C:\Windows\Tasks\At9.job
2013-02-23 23:13 - 2013-02-23 12:54 - 00000344 ____A C:\Windows\Tasks\At8.job
2013-02-23 23:13 - 2013-02-23 12:54 - 00000344 ____A C:\Windows\Tasks\At7.job
2013-02-23 23:13 - 2013-02-23 12:54 - 00000344 ____A C:\Windows\Tasks\At6.job
2013-02-23 23:13 - 2013-02-23 12:54 - 00000344 ____A C:\Windows\Tasks\At5.job
2013-02-23 23:13 - 2013-02-23 12:54 - 00000344 ____A C:\Windows\Tasks\At4.job
2013-02-23 23:13 - 2013-02-23 12:54 - 00000344 ____A C:\Windows\Tasks\At3.job
2013-02-23 23:13 - 2013-02-23 12:54 - 00000344 ____A C:\Windows\Tasks\At24.job
2013-02-23 23:13 - 2013-02-23 12:54 - 00000344 ____A C:\Windows\Tasks\At23.job
2013-02-23 23:13 - 2013-02-23 12:54 - 00000344 ____A C:\Windows\Tasks\At22.job
2013-02-23 23:13 - 2013-02-23 12:54 - 00000344 ____A C:\Windows\Tasks\At21.job
2013-02-23 23:13 - 2013-02-23 12:54 - 00000344 ____A C:\Windows\Tasks\At20.job
2013-02-23 23:13 - 2013-02-23 12:54 - 00000344 ____A C:\Windows\Tasks\At2.job
2013-02-23 23:13 - 2013-02-23 12:54 - 00000344 ____A C:\Windows\Tasks\At19.job
2013-02-23 23:13 - 2013-02-23 12:54 - 00000344 ____A C:\Windows\Tasks\At18.job
2013-02-23 23:13 - 2013-02-23 12:54 - 00000344 ____A C:\Windows\Tasks\At17.job
2013-02-23 23:13 - 2013-02-23 12:54 - 00000344 ____A C:\Windows\Tasks\At13.job
2013-02-23 23:13 - 2013-02-23 12:54 - 00000344 ____A C:\Windows\Tasks\At12.job
2013-02-23 23:13 - 2013-02-23 12:54 - 00000344 ____A C:\Windows\Tasks\At11.job
2013-02-23 23:13 - 2013-02-23 12:54 - 00000344 ____A C:\Windows\Tasks\At10.job
2013-02-23 23:13 - 2013-02-23 12:54 - 00000344 ____A C:\Windows\Tasks\At1.job
2013-02-23 23:13 - 2012-12-04 22:12 - 00001072 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2854618323-2843932810-860866773-1000Core.job
2013-02-23 15:03 - 2013-02-23 12:54 - 00000346 ____A C:\Windows\Tasks\At40.job
2013-02-23 15:03 - 2013-02-23 12:54 - 00000346 ____A C:\Windows\Tasks\At39.job
2013-02-23 15:03 - 2013-02-23 12:54 - 00000344 ____A C:\Windows\Tasks\At16.job
2013-02-23 15:03 - 2013-02-23 12:54 - 00000344 ____A C:\Windows\Tasks\At15.job
2013-02-23 15:03 - 2012-12-04 22:12 - 00001124 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2854618323-2843932810-860866773-1000UA.job
2013-02-23 13:11 - 2013-02-23 12:54 - 00000000 ____D C:\Users\Litwin\AppData\Roaming\Ykyded
2013-02-23 13:02 - 2013-02-23 12:55 - 00000112 ____A C:\ProgramData\iF1mrBp.dat
2013-02-23 13:01 - 2013-02-23 12:54 - 00000344 ____A C:\Windows\Tasks\At14.job
2013-02-23 13:00 - 2013-02-23 12:54 - 00000346 ____A C:\Windows\Tasks\At38.job
2013-02-23 12:58 - 2013-02-23 12:54 - 00156160 ____A C:\ProgramData\015y673l.exe
2013-02-23 12:55 - 2013-02-23 12:55 - 00000001 ____A C:\ProgramData\015y673l.exe_.b
2013-02-23 12:55 - 2013-02-23 12:55 - 00000001 ____A C:\ProgramData\015y673l.exe.b
2013-02-23 12:54 - 2013-02-23 12:54 - 00177152 ____A C:\ProgramData\015y673l.exe_
2013-02-23 12:54 - 2013-02-23 12:54 - 00000000 ____D C:\Users\Litwin\AppData\Roaming\Tupiog
2013-02-23 12:54 - 2013-02-23 12:54 - 00000000 ____D C:\Users\Litwin\AppData\Roaming\Lourd
2013-02-21 20:58 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\NDF
2013-02-21 20:53 - 2013-02-21 20:53 - 00352680 ____A C:\Windows\Minidump\022113-19796-01.dmp
2013-02-21 20:53 - 2012-01-17 16:14 - 00000000 ____D C:\Windows\Minidump
2013-02-21 20:52 - 2012-01-17 16:14 - 369388133 ____A C:\Windows\MEMORY.DMP
2013-02-20 22:14 - 2012-08-29 15:14 - 00000000 ____D C:\Users\Litwin\Desktop\Mama
2013-02-19 12:46 - 2009-07-14 05:45 - 00369640 ____A C:\Windows\System32\FNTCACHE.DAT
2013-02-17 19:29 - 2011-10-11 19:58 - 70004024 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-02-14 16:43 - 2009-07-14 06:08 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-02-11 18:32 - 2010-11-21 04:47 - 00096372 ____A C:\Windows\PFRO.log
2013-02-11 15:58 - 2013-02-11 15:58 - 00002491 ____A C:\Users\Litwin\Desktop\bewerbung5.lnk
2013-02-11 14:35 - 2012-09-19 18:26 - 00000000 ____D C:\Users\Litwin\Desktop\JULIA
2013-02-11 13:32 - 2013-02-11 13:32 - 00001156 ____A C:\Users\Litwin\Desktop\rcpt__554__homework__12__2__2013-02-11_13-32-08.zip
2013-02-11 13:28 - 2013-02-11 13:28 - 00001040 ____A C:\Users\Litwin\Desktop\rcpt__554__homework__12__2__2013-02-11_13-28-32.zip
2013-02-11 13:27 - 2013-02-11 13:27 - 00000994 ____A C:\Users\Litwin\Desktop\rcpt__554__homework__12__2__2013-02-11_13-27-16.zip
2013-02-11 13:26 - 2013-02-11 13:26 - 00000937 ____A C:\Users\Litwin\Desktop\rcpt__554__homework__12__2__2013-02-11_13-26-36.zip
2013-02-11 12:35 - 2013-02-11 12:35 - 00001147 ____A C:\Users\Litwin\Desktop\rcpt__554__homework__12__1__2013-02-11_12-35-39.zip
2013-02-11 12:21 - 2013-02-11 12:21 - 00001034 ____A C:\Users\Litwin\Desktop\rcpt__554__homework__12__1__2013-02-11_12-21-52.zip
2013-02-11 12:03 - 2013-02-11 12:03 - 00000998 ____A C:\Users\Litwin\Desktop\rcpt__554__homework__12__1__2013-02-11_12-03-40.zip
2013-02-11 11:54 - 2013-02-11 11:54 - 00000887 ____A C:\Users\Litwin\Desktop\rcpt__554__homework__12__1__2013-02-11_11-54-32.zip
2013-02-08 23:53 - 2013-02-08 23:53 - 00000896 ____A C:\Users\Litwin\Desktop\rcpt__554__homework__13__1__2013-02-08_23-53-03.zip
2013-02-08 23:40 - 2013-02-08 23:40 - 00000886 ____A C:\Users\Litwin\Desktop\rcpt__554__homework__13__1__2013-02-08_23-40-46.zip
2013-02-06 19:43 - 2013-02-06 19:43 - 00329808 ____A C:\Windows\Minidump\020613-22308-01.dmp
2013-02-06 15:41 - 2013-02-06 15:41 - 00330992 ____A C:\Windows\Minidump\020613-23353-01.dmp
2013-02-05 19:07 - 2011-12-30 13:04 - 00000000 ____D C:\users\Litwin
2013-02-05 19:03 - 2012-04-09 21:36 - 00000000 ____D C:\Users\Litwin\Desktop\Iza 2
2013-02-05 18:19 - 2013-02-05 18:18 - 00329864 ____A C:\Windows\Minidump\020513-20763-01.dmp
2013-02-01 21:23 - 2012-01-17 16:03 - 00002370 ____A C:\Users\Litwin\Desktop\Google Chrome.lnk


ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2854618323-2843932810-860866773-1000\$024924da93d134979c252fad80ebb2eb

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$024924da93d134979c252fad80ebb2eb

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2012-12-28 14:03:02
Restore point made on: 2013-01-01 23:55:31
Restore point made on: 2013-01-05 01:05:59
Restore point made on: 2013-01-08 21:33:34
Restore point made on: 2013-01-08 21:50:56
Restore point made on: 2013-01-08 23:19:19
Restore point made on: 2013-01-09 18:13:14
Restore point made on: 2013-01-09 19:47:32
Restore point made on: 2013-01-09 19:53:24
Restore point made on: 2013-01-09 20:04:34
Restore point made on: 2013-01-09 20:56:13
Restore point made on: 2013-01-09 21:13:43
Restore point made on: 2013-01-10 00:59:18
Restore point made on: 2013-01-15 14:01:32
Restore point made on: 2013-01-19 21:30:09
Restore point made on: 2013-01-21 15:52:07
Restore point made on: 2013-01-21 16:21:58
Restore point made on: 2013-01-21 16:40:19
Restore point made on: 2013-01-26 20:56:07
Restore point made on: 2013-02-01 20:43:43
Restore point made on: 2013-02-03 12:13:23
Restore point made on: 2013-02-03 12:19:32
Restore point made on: 2013-02-03 12:29:30
Restore point made on: 2013-02-03 12:48:27
Restore point made on: 2013-02-03 13:07:48
Restore point made on: 2013-02-05 09:09:19
Restore point made on: 2013-02-06 19:50:30
Restore point made on: 2013-02-06 20:08:15
Restore point made on: 2013-02-06 20:44:18
Restore point made on: 2013-02-08 23:11:43
Restore point made on: 2013-02-16 18:54:19
Restore point made on: 2013-02-17 19:22:17
Restore point made on: 2013-02-18 22:46:38

==================== Memory info =========================== 

Percentage of memory in use: 15%
Total physical RAM: 3932.61 MB
Available physical RAM: 3314.48 MB
Total Pagefile: 3930.81 MB
Available Pagefile: 3299.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:297.99 GB) (Free:233.58 GB) NTFS
2 Drive e: (Madmax7641011) (CDROM) (Total:3.52 GB) (Free:0 GB) UDF
3 Drive f: () (Removable) (Total:3.75 GB) (Free:3.74 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

  Datentr„ger ###  Status         Gr”áe    Frei     Dyn  GPT
  ---------------  -------------  -------  -------  ---  ---
  Datentr„ger 0    Online          298 GB      0 B         
  Datentr„ger 1    Online         3843 MB      0 B         
  Datentr„ger 2    Kein Medium        0 B      0 B         

Partitions of Disk 0:
===============

Datentr„ger-ID: 226332EC

  Partition ###  Typ               Gr”áe    Offset
  -------------  ----------------  -------  -------
  Partition 1    Prim„r             100 MB  1024 KB
  Partition 2    Prim„r             297 GB   101 MB

==================================================================================

Disk: 0
Partition 1
Typ      : 07
Versteckt: Nein
Aktiv    : Ja

  Volume ###  Bst  Bezeichnung  DS     Typ         Gr”áe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     Y   System-rese  NTFS   Partition    100 MB  Fehlerfre          

=========================================================

Disk: 0
Partition 2
Typ      : 07
Versteckt: Nein
Aktiv    : Nein

  Volume ###  Bst  Bezeichnung  DS     Typ         Gr”áe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     C                NTFS   Partition    297 GB  Fehlerfre          

=========================================================

Partitions of Disk 1:
===============

Datentr„ger-ID: 00000000

  Partition ###  Typ               Gr”áe    Offset
  -------------  ----------------  -------  -------
  Partition 1    Prim„r            3839 MB  4032 KB

==================================================================================

Disk: 1
Partition 1
Typ      : 0B
Versteckt: Nein
Aktiv    : Nein

  Volume ###  Bst  Bezeichnung  DS     Typ         Gr”áe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     F                FAT32  Wechselmed  3839 MB  Fehlerfre          

=========================================================

Last Boot: 2013-01-22 20:25

==================== End Of Log =============================

Weißer Bildschirm nach Start (Windows 7)

Plagegeister aller Art und deren Bekämpfung: Weißer Bildschirm nach Start (Windows 7)

Weißer Bildschirm nach Start (Windows 7)

Ähnliche Themen: Weißer Bildschirm nach Start (Windows 7)