Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Windows 7: weißer Bildschirm nach Systemstart (auch im abgesicherter Modus)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 31.07.2013, 21:02   #1
ThomasF1
 
Windows 7: weißer Bildschirm nach Systemstart (auch im abgesicherter Modus) - Standard

Windows 7: weißer Bildschirm nach Systemstart (auch im abgesicherter Modus)



Hallo liebe Helfer,

habe folgendes Problem unter Windows 7 Home Edition.

Wenn ich den Laptop starte habe ich nach dem anmelden kurz (ca. 5 - 7 sec) meinen normalen Desktop und anschließend erscheint nur ein weißer Bildschirm.

Durch drücken der strg + alt + entf kann ich zwar den Taskmanager öffnen dieser öffnet aber nicht! ---> Der Bildschirm bleibt weiß!

Ich habe auch schon den abgesicherten Modus ausprobiert, aber sobald ich mich angemeldet habe startet der Laptop wieder neu.

Ich bitte um Hilfe.

Euer Thomas

Alt 31.07.2013, 21:07   #2
markusg
/// Malware-holic
 
Windows 7: weißer Bildschirm nach Systemstart (auch im abgesicherter Modus) - Standard

Windows 7: weißer Bildschirm nach Systemstart (auch im abgesicherter Modus)



Hi,
Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)
Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
  • Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST Download FRST 64-Bit
  • Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
  • Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:
Über den Boot Manager:
  • Starte den Rechner neu.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Mit Windows CD/DVD (auch bei Windows 8 möglich):
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu und starte von der CD.
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Wähle in den Reparaturoptionen: Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe bzw. e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Ja und klicke Untersuchen
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

__________________

__________________

Alt 31.07.2013, 21:28   #3
ThomasF1
 
Windows 7: weißer Bildschirm nach Systemstart (auch im abgesicherter Modus) - Standard

Windows 7: weißer Bildschirm nach Systemstart (auch im abgesicherter Modus)



So hier nun der Code und danke schonmal für die Hilfe:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-07-2013 03
Ran by SYSTEM on 31-07-2013 22:23:59
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2095400 2010-04-15] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6234144 2010-03-13] (Realtek Semiconductor)
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-18] (Hewlett-Packard Company)
HKLM\...\InprocServer32: [Default-cscui]  <==== ATTENTION!
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-12] (Intel Corporation)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-09-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2010-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2010-06-02] (EasyBits Software AS)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2010-12-13] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [281768 2010-12-12] (Avira GmbH)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [577408 2012-02-15] (Hewlett-Packard Development Company, L.P.)
HKU\Default\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Default User\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Fleischi\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Fleischi\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-05-19] (Hewlett-Packard Company)
HKU\Fleischi\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation)
HKU\Fleischi\...\Run: [Facebook Update] - C:\Users\Fleischi\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook Inc.)
HKU\Fleischi\...\Run: [Google Update] - C:\Users\Fleischi\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-14] (Google Inc.)
HKU\Fleischi\...\Policies\system: [DisableLockWorkstation] 0
HKU\Fleischi\...\Policies\system: [DisableChangePassword] 0
HKU\Fleischi\...\Winlogon: [Shell] explorer.exe,C:\Users\Fleischi\AppData\Roaming\skype.dat [162816 2011-11-16] () <==== ATTENTION 
Startup: C:\Users\Fleischi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [136360 2011-04-28] (Avira GmbH)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [269480 2011-07-03] (Avira GmbH)
S2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1455408 2013-04-07] ()
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-16] (Symantec Corporation)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S2 Web Assistant Updater; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [188760 2013-01-29] ()

==================== Drivers (Whitelisted) ====================

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88288 2011-07-03] (Avira GmbH)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [123784 2011-07-03] (Avira GmbH)
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20101123.003\BHDrvx64.sys [953904 2010-11-22] (Symantec Corporation)
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20101123.003\BHDrvx64.sys [953904 2010-11-22] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [475696 2010-11-05] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [475696 2010-11-05] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20101231.001\IDSvia64.sys [476792 2010-11-08] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20101231.001\IDSvia64.sys [476792 2010-11-08] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110103.033\ENG64.SYS [117880 2010-12-17] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110103.033\ENG64.SYS [117880 2010-12-17] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110103.033\EX64.SYS [1791096 2010-12-17] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110103.033\EX64.SYS [1791096 2010-12-17] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-05-14] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-26] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-30 05:45 - 2013-07-30 05:45 - 00000000 ____H C:\Users\Fleischi\BITD53D.tmp
2013-07-03 00:59 - 2013-07-31 12:06 - 00000004 _____ C:\Users\Fleischi\AppData\Roaming\skype.ini
14

==================== One Month Modified Files and Folders =======

2013-07-31 22:23 - 2013-07-31 22:23 - 00000000 ____D C:\FRST
2013-07-31 20:44 - 2012-11-18 11:03 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-07-31 20:44 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-07-31 12:06 - 2013-07-03 00:59 - 00000004 _____ C:\Users\Fleischi\AppData\Roaming\skype.ini
2013-07-31 12:06 - 2009-07-13 20:45 - 00023024 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-31 12:06 - 2009-07-13 20:45 - 00023024 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-31 11:59 - 2013-06-17 01:56 - 00000374 _____ C:\Windows\System32\Drivers\etc\hosts.ics
2013-07-31 11:58 - 2011-01-29 04:24 - 00000000 ____D C:\Users\Fleischi\Tracing
2013-07-31 11:57 - 2011-09-11 02:45 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-31 11:57 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-31 11:57 - 2009-07-13 20:51 - 00095663 _____ C:\Windows\setupact.log
2013-07-31 11:55 - 2010-10-09 16:51 - 01558087 _____ C:\Windows\WindowsUpdate.log
2013-07-31 11:43 - 2012-11-18 11:03 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-31 11:38 - 2011-09-11 02:45 - 00001114 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-31 11:31 - 2011-01-12 05:44 - 00000000 ____D C:\Users\Fleischi\AppData\Local\CrashDumps
2013-07-31 11:29 - 2010-11-04 06:25 - 00000000 ____D C:\users\Fleischi
2013-07-30 05:45 - 2013-07-30 05:45 - 00000000 ____H C:\Users\Fleischi\BITD53D.tmp
2013-07-03 01:19 - 2012-08-11 22:58 - 00001132 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3710254148-1010909826-706423717-1000UA.job
2013-07-03 01:01 - 2013-06-21 10:31 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleForFleischi.job
2013-07-03 01:01 - 2012-08-11 22:58 - 00001080 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3710254148-1010909826-706423717-1000Core.job
2013-07-03 01:01 - 2011-09-05 10:34 - 00001128 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3710254148-1010909826-706423717-1000Core.job
2013-07-03 00:59 - 2011-09-05 10:34 - 00001150 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3710254148-1010909826-706423717-1000UA.job
2013-07-01 02:41 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF

Files to move or delete:
====================
C:\Users\Fleischi\AppData\Roaming\skype.dat
C:\Users\Fleischi\AppData\Roaming\skype.ini

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-05-24 10:20:56
Restore point made on: 2013-05-27 02:18:01
Restore point made on: 2013-06-01 02:12:04
Restore point made on: 2013-06-01 20:28:32
Restore point made on: 2013-06-01 20:31:37
Restore point made on: 2013-06-01 20:33:40
Restore point made on: 2013-06-01 20:34:58
Restore point made on: 2013-06-03 02:44:27
Restore point made on: 2013-06-04 20:30:00
Restore point made on: 2013-06-11 02:01:06
Restore point made on: 2013-06-14 22:20:32
Restore point made on: 2013-06-17 01:34:46
Restore point made on: 2013-06-17 01:43:35
Restore point made on: 2013-06-18 01:21:56
Restore point made on: 2013-06-20 00:48:06
Restore point made on: 2013-06-21 02:27:59
Restore point made on: 2013-06-22 22:25:37
Restore point made on: 2013-07-03 01:21:45
Restore point made on: 2013-07-31 09:46:09

==================== Memory info =========================== 

Percentage of memory in use: 23%
Total physical RAM: 2933.86 MB
Available physical RAM: 2247.33 MB
Total Pagefile: 2932.01 MB
Available Pagefile: 2162.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:216.89 GB) (Free:150.02 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive e: (RECOVERY) (Fixed) (Total:15.7 GB) (Free:2.26 GB) NTFS (Disk=0 Partition=3) ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32 (Disk=0 Partition=4)
Drive h: (USB-STICK) (Removable) (Total:3.86 GB) (Free:3.76 GB) FAT32 (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: CB9E9924)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=217 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 6E652072)
No partition Table on disk 1.


LastRegBack: 2013-05-22 05:46

==================== End Of Log ============================
         
--- --- ---
__________________

Alt 31.07.2013, 21:37   #4
markusg
/// Malware-holic
 
Windows 7: weißer Bildschirm nach Systemstart (auch im abgesicherter Modus) - Standard

Windows 7: weißer Bildschirm nach Systemstart (auch im abgesicherter Modus)



Hi,

Es sind 2 Logs zu erstellen, poste diese möglichst gleichzeitig.
1.
Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKU\Fleischi\...\Winlogon: [Shell] explorer.exe,C:\Users\Fleischi\AppData\Roaming\skype.dat [162816 2011-11-16] () <==== ATTENTION 
HKLM\...\InprocServer32: [Default-cscui]  <==== ATTENTION!
C:\Users\Fleischi\AppData\Roaming\skype.dat
C:\Users\Fleischi\AppData\Roaming\skype.ini
         
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Wenn du wieder normal starten kannst:
2.
Navigiere bitte zu:
C:\FRST\Quarantine
Rechtsklick, mit Winrar oder einem anderen Archvierer packen und im Uploadchannel hochladen.
Trojaner-Board Upload Channel
3.
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Bitte in der Additions.txt folgene Enderungen vornemen:
Öffne diese, navigiere zum Abschnitt:
==================== Installed Programs =======================
Schreibe hinter benötigte Programme notwendig, hinter unnötige, unnötig und hinter unbekannte, unbekannt.

Poste:
- Info über erfolgreichen Upload.
- Fixergebniss von Farba.
- neue frst Logs. (Farba)
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 31.07.2013, 22:49   #5
ThomasF1
 
Windows 7: weißer Bildschirm nach Systemstart (auch im abgesicherter Modus) - Standard

Windows 7: weißer Bildschirm nach Systemstart (auch im abgesicherter Modus)



Zu #1 (Fixergebnis Farba)

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-07-2013 03
Ran by SYSTEM at 2013-07-31 22:45:05 Run:1
Running from H:\
Boot Mode: Recovery
==============================================

HKU\Fleischi\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKLM\Software\Classes\CLSID\{750fdf10-2a26-11d1-a3ea-080036587f03}\InprocServer32\\Default => Value was restored successfully.
C:\Users\Fleischi\AppData\Roaming\skype.dat => Moved successfully.
C:\Users\Fleischi\AppData\Roaming\skype.ini => Moved successfully.

==== End of Fixlog ====
         

Zu #2 (Datei hochladen)

Vorgang erfogreich abgeschlossen.


Zu #3 (FRST.txt)


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-07-2013 03
Ran by Fleischi (administrator) on 31-07-2013 23:00:17
Running from C:\Users\Fleischi\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira GmbH) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Avira GmbH) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Avira GmbH) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
() C:\Windows\system32\dmwu.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
(Facebook Inc.) C:\Users\Fleischi\AppData\Local\Facebook\Update\FacebookUpdate.exe
(Google Inc.) C:\Users\Fleischi\AppData\Local\Google\Update\GoogleUpdate.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira GmbH) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
() C:\Windows\SysWOW64\jmdp\stij.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2095400 2010-04-16] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6234144 2010-03-13] (Realtek Semiconductor)
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-18] (Hewlett-Packard Company)
HKCU\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-05-19] (Hewlett-Packard Company)
HKCU\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation)
HKCU\...\Run: [Facebook Update] - C:\Users\Fleischi\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKCU\...\Run: [Google Update] - C:\Users\Fleischi\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-14] (Google Inc.)
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
MountPoints2: {4237b150-06cc-11e0-9e0e-c63d8f728c65} - F:\LGAutoRun.exe
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-09-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2010-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2010-06-02] (EasyBits Software AS)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2010-12-13] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [281768 2010-12-13] (Avira GmbH)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [577408 2012-02-15] (Hewlett-Packard Development Company, L.P.)
HKU\Default\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Default User\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Fleischi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredibar.com/mb155?a=6OyKMCFteu&i=26
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
SearchScopes: HKLM - DefaultScope {B8424646-0078-4C34-9965-4F84F1E59175} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {60512632-6276-4385-B091-158FD63FE510} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {63010EB6-99A2-4D23-9E79-57A305077A36} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59} URL = hxxp://search.imesh.com/web?src=ieb&systemid=1&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {60512632-6276-4385-B091-158FD63FE510} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {63010EB6-99A2-4D23-9E79-57A305077A36} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59} URL = hxxp://search.imesh.com/web?src=ieb&systemid=1&q={searchTerms}
SearchScopes: HKCU - DefaultScope {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/mb203?a=6OyKMCFteu&search={searchTerms}&i=26
SearchScopes: HKCU - {60512632-6276-4385-B091-158FD63FE510} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {63010EB6-99A2-4D23-9E79-57A305077A36} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59} URL = hxxp://search.imesh.com/web?src=ieb&systemid=1&q={searchTerms}
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/mb203?a=6OyKMCFteu&search={searchTerms}&i=26
BHO: Web Assistant - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll ()
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Web Assistant - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: billiger.de Sparberater - {92A6EE5B-5AE3-4159-9134-938BCA95B753} - C:\Program Files (x86)\billigerde\Internet Explorer\billigerde.dll (solute gmbh)
BHO-x32: MediaBar - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\iMeshMediaBarDx.dll ()
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: Softonic Helper Object - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\Softonic\1.6.7.4\bh\Softonic.dll (Softonic.com)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - MediaBar - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\iMeshMediaBarDx.dll ()
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
Toolbar: HKLM-x32 - Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\Softonic\1.6.7.4\SoftonicTlbr.dll (Softonic.com)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL [52920 2010-07-20] (EasyBits Software Corp.)

FireFox:
========
FF ProfilePath: C:\Users\Fleischi\AppData\Roaming\Mozilla\Firefox\Profiles\9kuz3r7z.default
FF user.js: detected! => C:\Users\Fleischi\AppData\Roaming\Mozilla\Firefox\Profiles\9kuz3r7z.default\user.js
FF NewTab: hxxp://mystart.incredibar.com/mb155?a=6OyKMCFteu&loc=FF_NT
FF SelectedSearchEngine: MyStart Search
FF Homepage: hxxp://mystart.incredibar.com/mb155?a=6OyKMCFteu&i=26
FF Keyword.URL: hxxp://mystart.incredibar.com/mb155/?loc=IB_DS&a=6OyKMCFteu&&i=26&search=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: @zylom.com/ZylomGamesPlayer - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Fleischi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Fleischi\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Fleischi\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Fleischi\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Fleischi\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Fleischi\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Fleischi\AppData\Roaming\Mozilla\Firefox\Profiles\9kuz3r7z.default\searchplugins\MyStart Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Fleischi\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: FDislike - C:\Users\Fleischi\AppData\Roaming\Mozilla\Firefox\Profiles\9kuz3r7z.default\Extensions\fbdislike@doweb.fr
FF Extension: incredibar.com - C:\Users\Fleischi\AppData\Roaming\Mozilla\Firefox\Profiles\9kuz3r7z.default\Extensions\ffxtlbr@incredibar.com
FF Extension: softonic.com - C:\Users\Fleischi\AppData\Roaming\Mozilla\Firefox\Profiles\9kuz3r7z.default\Extensions\ffxtlbra@softonic.com
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\ciuvo-extension@billiger.de
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] C:\Program Files\Web Assistant\Firefox
FF Extension: Web Assistant - C:\Program Files\Web Assistant\Firefox
FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] C:\Program Files\Web Assistant\Firefox
FF Extension: Web Assistant - C:\Program Files\Web Assistant\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn\
FF Extension: Symantec IPS - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_13_2
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_13_2
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] C:\Program Files\Web Assistant\Firefox
FF Extension: Web Assistant - C:\Program Files\Web Assistant\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] C:\Program Files\Web Assistant\Firefox
FF Extension: Web Assistant - C:\Program Files\Web Assistant\Firefox

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.63\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U20) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.63\pdf.dll ()
CHR Plugin: (Zylom Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\npzylomgamesplayer.dll (Zylom)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
CHR Plugin: (Bing Bar) - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll No File
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Fleischi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Web Assistant) - C:\Users\Fleischi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.573_0
CHR Extension: (Foto-Zoom.in) - C:\Users\Fleischi\AppData\Local\Google\Chrome\User Data\Default\Extensions\iidjabmeappobdhpahpoaaoaidcgndjp\1.1_0
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [136360 2011-04-28] (Avira GmbH)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [269480 2011-07-03] (Avira GmbH)
R2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1455408 2013-04-07] ()
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-17] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 Web Assistant Updater; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [188760 2013-01-29] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88288 2011-07-03] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [123784 2011-07-03] (Avira GmbH)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20101123.003\BHDrvx64.sys [953904 2010-11-23] (Symantec Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20101123.003\BHDrvx64.sys [953904 2010-11-23] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [475696 2010-11-05] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [475696 2010-11-05] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20101231.001\IDSvia64.sys [476792 2010-11-09] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20101231.001\IDSvia64.sys [476792 2010-11-09] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110103.033\ENG64.SYS [117880 2010-12-17] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110103.033\ENG64.SYS [117880 2010-12-17] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110103.033\EX64.SYS [1791096 2010-12-17] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110103.033\EX64.SYS [1791096 2010-12-17] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-31] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-31] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-15] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-05-14] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-21] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-31 22:59 - 2013-07-31 22:56 - 01781589 _____ (Farbar) C:\Users\Fleischi\Desktop\FRST64.exe
2013-07-31 22:52 - 2013-07-31 22:53 - 00000000 ____D C:\Users\Fleischi\AppData\Roaming\WinRAR
2013-07-31 22:52 - 2013-07-31 22:52 - 00000000 ____D C:\Users\Fleischi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-07-31 22:52 - 2013-07-31 22:52 - 00000000 ____D C:\Program Files\WinRAR
2013-07-30 15:45 - 2013-07-30 15:45 - 00000000 ____H C:\Users\Fleischi\BITD53D.tmp
17

==================== One Month Modified Files and Folders =======

2013-08-01 08:23 - 2013-08-01 08:23 - 00000000 ____D C:\FRST
2013-08-01 06:44 - 2012-11-18 21:03 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-08-01 06:44 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-07-31 22:56 - 2013-07-31 22:59 - 01781589 _____ (Farbar) C:\Users\Fleischi\Desktop\FRST64.exe
2013-07-31 22:55 - 2010-07-20 23:46 - 00654852 _____ C:\Windows\system32\perfh007.dat
2013-07-31 22:55 - 2010-07-20 23:46 - 00130434 _____ C:\Windows\system32\perfc007.dat
2013-07-31 22:55 - 2009-07-14 07:13 - 01500294 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-31 22:55 - 2009-07-14 06:45 - 00023024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-31 22:55 - 2009-07-14 06:45 - 00023024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-31 22:53 - 2013-07-31 22:52 - 00000000 ____D C:\Users\Fleischi\AppData\Roaming\WinRAR
2013-07-31 22:52 - 2013-07-31 22:52 - 00000000 ____D C:\Users\Fleischi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-07-31 22:52 - 2013-07-31 22:52 - 00000000 ____D C:\Program Files\WinRAR
2013-07-31 22:48 - 2013-06-17 11:56 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2013-07-31 22:47 - 2011-01-29 14:24 - 00000000 ____D C:\Users\Fleischi\Tracing
2013-07-31 22:46 - 2011-09-11 12:45 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-31 22:46 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-31 22:46 - 2009-07-14 06:51 - 00095719 _____ C:\Windows\setupact.log
2013-07-31 22:02 - 2010-10-10 02:51 - 01562633 _____ C:\Windows\WindowsUpdate.log
2013-07-31 21:43 - 2012-11-18 21:03 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-31 21:38 - 2011-09-11 12:45 - 00001114 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-31 21:31 - 2011-01-12 15:44 - 00000000 ____D C:\Users\Fleischi\AppData\Local\CrashDumps
2013-07-31 21:29 - 2010-11-04 16:25 - 00000000 ____D C:\Users\Fleischi
2013-07-30 15:45 - 2013-07-30 15:45 - 00000000 ____H C:\Users\Fleischi\BITD53D.tmp
2013-07-03 11:19 - 2012-08-12 08:58 - 00001132 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3710254148-1010909826-706423717-1000UA.job
2013-07-03 11:01 - 2013-06-21 20:31 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleForFleischi.job
2013-07-03 11:01 - 2012-08-12 08:58 - 00001080 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3710254148-1010909826-706423717-1000Core.job
2013-07-03 11:01 - 2011-09-05 20:34 - 00001128 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3710254148-1010909826-706423717-1000Core.job
2013-07-03 10:59 - 2011-09-05 20:34 - 00001150 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3710254148-1010909826-706423717-1000UA.job
2013-07-01 12:41 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-05-22 15:46

==================== End Of Log ============================
         
--- --- ---

--- --- ---



Nachreichen: Addition.txt mit nötig, unnötig, unbekannt


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-07-2013 03
Ran by Fleischi at 2013-07-31 23:03:59
Running from C:\Users\Fleischi\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
Acrobat.com (x32 Version: 1.6.65)									notwendig
adcom 802.11 Wireless LAN Adapter (Version: 5.60.350.6)							notwendig
Adobe AIR (x32 Version: 1.5.0.7220)									notwendig
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)						notwendig
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)						notwendig
Adobe Reader 9.4.1 MUI (x32 Version: 9.4.1)								notwendig
Adobe Shockwave Player 11.5 (x32 Version: 11.5.7.609)							notwendig
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95)						unbekannt
Apple Application Support (x32 Version: 1.4.1)								unnötig
Apple Mobile Device Support (Version: 3.3.0.69)								unnötig
Apple Software Update (x32 Version: 2.1.2.120)								unnötig
Avira AntiVir Personal - Free Antivirus (x32 Version: 10.2.0.719)					notwendig
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95)								unbekannt
billiger.de Sparberater (x32 Version: 1.0.462)								unnötig
Bing Bar (x32 Version: 7.1.361.0)									unnötig
Bonjour (Version: 2.0.4.0)										unbekannt
Canon MP495 series MP Drivers										notwendig
Chuzzle Deluxe (x32 Version: 2.2.0.95)									unbekannt
CyberLink DVD Suite (x32 Version: 7.0.3003)								unbekannt
CyberLink PowerDVD 9 (x32 Version: 9.0.1.4217)								notwendig
CyberLink YouCam (x32 Version: 3.0.2511)								notwendig
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95)							unbekannt
Energy Star Digital Logo (x32 Version: 1.0.1)								unbekannt
ESU for Microsoft Windows 7 (x32 Version: 1.0.0)							unbekannt
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)							unnötig
FATE (x32 Version: 2.2.0.95)										unbekannt
Google Chrome (x32 Version: 28.0.1500.63)								unnötig
Google Earth (x32 Version: 7.0.3.8542)									notwendig
Google Talk Plugin (x32 Version: 									unnötig
Google Update Helper (x32 Version: 1.3.21.145)								unbekannt
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)						unbekannt
HP Advisor (x32 Version: 3.4.10262.3295)								unbekannt			
HP Customer Experience Enhancements (x32 Version: 6.0.1.4)						unbekannt
HP Documentation (x32 Version: 1.0.0.0)									unbekannt
HP Games (x32 Version: 1.0.1.3)										unbekannt
HP Power Manager (x32 Version: 1.4.7)									notwendig
HP Quick Launch (x32 Version: 2.6.3)									notwendig
HP Setup (x32 Version: 8.1.4186.3400)									unbekannt
HP Software Framework (x32 Version: 4.1.13.1)								unbekannt
HP Support Assistant (x32 Version: 7.0.39.15)								unbekannt
HP Wireless Assistant (Version: 4.0.9.0)								notwendig
IB Updater Service (x32 Version: 3.0.4.6)								unbekannt
iMesh (x32 Version: 10.0.0.94309)									unbekannt
Incredibar Toolbar  on IE (x32)										unbekannt
Insaniquarium Deluxe (x32 Version: 2.2.0.95)								unbekannt
Intel(R) Control Center (x32 Version: 1.2.1.1007)							notwendig
Intel(R) Graphics Media Accelerator Driver (x32 Version: 8.15.10.2131)					notwendig
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179)						notwendig
Intel(R) Rapid Storage Technology (x32 Version: 9.6.2.1001)						notwendig
iTunes (Version: 10.1.1.4)										unnötig
Java Auto Updater (x32 Version: 2.0.2.1)								notwendig
Java(TM) 6 Update 20 (64-bit) (Version: 6.0.200)							notwendig
Java(TM) 6 Update 20 (x32 Version: 6.0.200)								notwendig
Jewel Quest II (x32 Version: 2.2.0.95)									unbekannt
Jewel Quest Solitaire (x32 Version: 2.2.0.95)								unbekannt
John Deere Drive Green (x32 Version: 2.2.0.95)								unbekannt
Junk Mail filter update (x32 Version: 14.0.8117.416)							unbekannt
LabelPrint (x32 Version: 2.5.2907)									notwendig
LightScribe System Software (x32 Version: 1.18.15.1)							notwendig
Magic Desktop (x32)											unbekannt
McAfee Security Scan Plus (x32 Version: 3.0.318.3)							unbekannt
MediaBar (x32 Version: 2.0.0.93720)									unbekannt
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)						notwendig
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)			notwendig			
Microsoft Application Error Reporting (Version: 12.0.6015.5000)						unbekannt
Microsoft Choice Guard (x32 Version: 2.0.48.0)								unbekannt
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)							notwendig
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)						unbekannt
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)					unbekannt
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000)					unbekannt
Microsoft PowerPoint Viewer (x32 Version: 14.0.6029.1000)						unbekannt
Microsoft Silverlight (Version: 5.1.20125.0)								notwendig
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)					unbekannt
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)	notwendig
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)					notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)				notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)			notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)		notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)		notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)			notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)		notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)		notwendig
Mozilla Firefox 7.0 (x86 de) (x32 Version: 7.0)								notwendig
MSVCRT (x32 Version: 14.0.1468.721)									unbekannt
Norton Internet Security (x32 Version: 18.7.2.3)							notwendig
Norton Online Backup (x32 Version: 2.1.17869)								unbekannt
OpenOffice.org 3.2 (x32 Version: 3.2.9502)								notwendig
Penguins! (x32 Version: 2.2.0.95)									unbekannt
PhotoNow! (x32 Version: 1.1.6904)									unbekannt
Plants vs. Zombies (x32 Version: 2.2.0.95)								unbekannt
Polar Bowler (x32 Version: 2.2.0.95)									unbekannt
Power2Go (x32 Version: 6.1.4204)									notwendig
PowerDirector (x32 Version: 8.0.3003)									notwendig
QuickTime (x32 Version: 7.69.80.9)									notwendig
Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.21.531.2010)				notwendig
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6066)						notwendig
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30105)						notwendig
Recovery Manager (x32 Version: 5.5.3023)								notwendig
RtVOsd (Version: 1.0.3)											unbekannt
Slingo Deluxe (x32 Version: 2.2.0.95)									unbekannt
Softonic toolbar  on IE (x32)										unnötig
Synaptics Pointing Device Driver (Version: 15.0.17.0)							unbekannt
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)			notwendig
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)			notwendig
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)			notwendig
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)			notwendig
Update Installer for WildTangent Games App (x32)							unnötig
Video Downloader (x32 Version: 1.14)									unbekannt
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95)						unbekannt
Web Assistant 2.0.0.573 (Version: 2.0.0.573)								unbekannt
Wedding Dash (x32 Version: 2.2.0.95)									unbekannt
WildTangent Games App (HP Games) (x32 Version: 4.0.5.31)						unbekannt
WildTangent Games App (x32 Version: 4.0.9.7)								unbekannt
Windows Live Call (x32 Version: 14.0.8117.0416)								unbekannt
Windows Live Communications Platform (x32 Version: 14.0.8117.416)					unbekannt
Windows Live Essentials (x32 Version: 14.0.8117.0416)							unbekannt
Windows Live Essentials (x32 Version: 14.0.8117.416)							unbekannt
Windows Live Fotogalerie (x32 Version: 14.0.8117.416)							unbekannt
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)						unbekannt
Windows Live Mail (x32 Version: 14.0.8117.0416)								unbekannt
Windows Live Messenger (x32 Version: 14.0.8117.0416)							unbekannt
Windows Live Movie Maker (x32 Version: 14.0.8117.0416)							unbekannt
Windows Live Sync (x32 Version: 14.0.8117.416)								unbekannt
Windows Live Writer (x32 Version: 14.0.8117.0416)							unbekannt
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029)							unbekannt
WinRAR 4.20 (64-Bit) (Version: 4.20.0)									notwendig
Zuma Deluxe (x32 Version: 2.2.0.95)									unbekannt
Zylom Games Player Plugin (x32)										unbekannt

==================== Restore Points  =========================

24-05-2013 18:20:36 Windows Update
01-06-2013 10:11:38 Windows Update
02-06-2013 04:23:25 HPSF Applying updates
02-06-2013 04:23:25 HPSF Applying updates
02-06-2013 04:33:30 Removed HP Power Manager
02-06-2013 04:34:09 Installed HP Power Manager
05-06-2013 04:29:38 Windows Update
11-06-2013 10:00:31 Windows Update
15-06-2013 06:20:06 Windows Update
17-06-2013 09:34:19 Windows Update
17-06-2013 09:43:17 Wiederherstellungsvorgang
18-06-2013 09:21:35 Windows Update
20-06-2013 08:47:46 Windows Update
23-06-2013 06:23:44 Windows Update
03-07-2013 09:21:24 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {06682A57-2C0F-4132-B7F0-88AA79E2153E} - System32\Tasks\Symantec\Norton Error Processor 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-08] (Symantec Corporation)
Task: {181A44D6-DD98-4B01-8D00-BCC8F4992A87} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3710254148-1010909826-706423717-1000UA => C:\Users\Fleischi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-14] (Google Inc.)
Task: {1D4F1FEB-1E6D-4701-9E19-1625A7E1872B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2013-06-18] (Microsoft)
Task: {2831742D-724D-45A3-BD63-6FEC6489EAB2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3710254148-1010909826-706423717-1000Core => C:\Users\Fleischi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-14] (Google Inc.)
Task: {4C7C5543-5783-41E8-A62D-06C3847B0E28} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {4F9128EC-5233-4B5B-BC1D-EE4E58D4B042} - System32\Tasks\HPCeeScheduleForFLEISCHI-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05] (Hewlett-Packard)
Task: {6476C731-295A-4ADD-8551-B26428FBF268} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-13] (Adobe Systems Incorporated)
Task: {69218463-72A8-41ED-81C1-B8438EEF2D91} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {6B42856D-3F7C-4BEB-BE55-C8D1F2FE4745} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {6B7B94FC-C849-446B-8907-F1C661D48270} - System32\Tasks\Symantec\Norton Error Analyzer 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-08] (Symantec Corporation)
Task: {7A4526E1-FE16-4423-A6C3-AF80E827FAB5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2009-10-22] (Apple Inc.)
Task: {9E1D1AD2-4264-4061-A451-9376C336B5A8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company)
Task: {B34E1B54-7374-4A2A-B174-F53C73F41D56} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-11] (Google Inc.)
Task: {C231EB10-AA2D-46A5-88C8-9CEAECF6E48A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3710254148-1010909826-706423717-1000Core => C:\Users\Fleischi\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {C4222BE5-DE7B-43E0-89D6-06196FAF1FCC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-11] (Google Inc.)
Task: {C687DBD4-7455-46A2-B4AB-2E0B17600945} - System32\Tasks\HPCeeScheduleForFleischi => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05] (Hewlett-Packard)
Task: {D42E22B0-4EA2-42EA-93BC-1A15D7224749} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {D5064F81-F7C7-443E-8809-FF321D8B3559} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {EF495CEF-9C2E-4183-B5F7-AABFD42F4069} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3710254148-1010909826-706423717-1000UA => C:\Users\Fleischi\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {F93A880E-DBA1-4456-863B-8028F1805B51} - System32\Tasks\JavaUpdateSched => %COMMONPROGRAMFILES(x86)%\Java\Java Update\jusched.exe No File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3710254148-1010909826-706423717-1000Core.job => C:\Users\Fleischi\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3710254148-1010909826-706423717-1000UA.job => C:\Users\Fleischi\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3710254148-1010909826-706423717-1000Core.job => C:\Users\Fleischi\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3710254148-1010909826-706423717-1000UA.job => C:\Users\Fleischi\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForFLEISCHI-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForFleischi.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/31/2013 11:02:19 PM) (Source: Google Update) (User: Fleischi-HP)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s

Error: (07/31/2013 10:58:07 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

Error: (07/31/2013 10:48:32 PM) (Source: Google Update) (User: Fleischi-HP)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s

Error: (07/31/2013 09:59:16 PM) (Source: Google Update) (User: Fleischi-HP)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s

Error: (07/31/2013 09:40:25 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

Error: (07/31/2013 09:30:40 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeb033f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000001049
ID des fehlerhaften Prozesses: 0xbd0
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (07/31/2013 09:22:05 PM) (Source: Google Update) (User: Fleischi-HP)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s

Error: (07/31/2013 08:11:23 PM) (Source: Google Update) (User: Fleischi-HP)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s

Error: (07/31/2013 07:53:28 PM) (Source: Google Update) (User: Fleischi-HP)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s

Error: (07/31/2013 07:45:39 PM) (Source: Google Update) (User: Fleischi-HP)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s


System errors:
=============
Error: (07/31/2013 10:48:05 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst HPWMISVC erreicht.

Error: (07/31/2013 10:47:24 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Norton Internet Security" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (07/31/2013 10:47:24 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Norton Internet Security erreicht.

Error: (07/31/2013 10:46:42 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎31.‎07.‎2013 um 22:06:27 unerwartet heruntergefahren.

Error: (07/31/2013 09:58:37 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst HPWMISVC erreicht.

Error: (07/31/2013 09:57:03 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\System32\bcmihvsrv64.dll
Fehlercode: 21

Error: (07/31/2013 09:57:00 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (07/31/2013 09:56:49 PM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (07/31/2013 09:56:45 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
avipbb
BHDrvx64
discache
eeCtrl
IDSVia64
spldr
SRTSPX
SymIRON
SymNetS
Wanarpv6

Error: (07/31/2013 09:56:43 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Client Virtualization Handler" ist vom Dienst "Application Virtualization Client" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068


Microsoft Office Sessions:
=========================
Error: (07/31/2013 11:02:19 PM) (Source: Google Update)(User: Fleischi-HP)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s

Error: (07/31/2013 10:58:07 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

Error: (07/31/2013 10:48:32 PM) (Source: Google Update)(User: Fleischi-HP)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s

Error: (07/31/2013 09:59:16 PM) (Source: Google Update)(User: Fleischi-HP)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s

Error: (07/31/2013 09:40:25 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

Error: (07/31/2013 09:30:40 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d672ee4msvcrt.dll7.0.7601.177444eeb033fc00000050000000000001049bd001ce8e2460582a99C:\Windows\Explorer.EXEC:\Windows\system32\msvcrt.dllaea56e2a-fa17-11e2-b655-002682ba4062

Error: (07/31/2013 09:22:05 PM) (Source: Google Update)(User: Fleischi-HP)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s

Error: (07/31/2013 08:11:23 PM) (Source: Google Update)(User: Fleischi-HP)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s

Error: (07/31/2013 07:53:28 PM) (Source: Google Update)(User: Fleischi-HP)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s

Error: (07/31/2013 07:45:39 PM) (Source: Google Update)(User: Fleischi-HP)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s


==================== Memory info =========================== 

Percentage of memory in use: 37%
Total physical RAM: 2933.86 MB
Available physical RAM: 1842.3 MB
Total Pagefile: 5865.9 MB
Available Pagefile: 4115.62 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:216.89 GB) (Free:150 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:15.7 GB) (Free:2.26 GB) NTFS (Disk=0 Partition=3) ==>[System with boot components (obtained from reading drive)]
Drive f: (USB-STICK) (Removable) (Total:3.86 GB) (Free:3.73 GB) FAT32 (Disk=1 Partition=1)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: CB9E9924)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=217 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 6E652072)
No partition Table on disk 1.

==================== End Of Log ============================
         
--- --- ---

Entschuldigung das ich Frage!

Muss ich noch etwas durchführen oder ist mein Laptop wieder komplett clean??

Und vielen lieben dank schonmal für die super kompetente Hilfe!


Geändert von ThomasF1 (31.07.2013 um 22:24 Uhr) Grund: Nachtrag Addition

Alt 01.08.2013, 11:42   #6
markusg
/// Malware-holic
 
Windows 7: weißer Bildschirm nach Systemstart (auch im abgesicherter Modus) - Standard

Windows 7: weißer Bildschirm nach Systemstart (auch im abgesicherter Modus)



Hi,
1.
deinstaliere:
Avira AntiVir : behalte Norton oder Avira, teile mir mit, welches.
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen
bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
Sicherheit (erweitert)
Erweiterte Sicherheit anhaken
und alle Dateien auswählen.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

deinstaliere:
Agatha Christie
billiger
Bing
Bejeweled
Chuzzle
Diner
Facebook
Google Chrome
Google Talk
IB Updater
iMesh
Incredibar
Insaniquarium
iTunes
Java(TM) : beide
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
Jewel : beide
McAfee
MediaBar

Mozilla Firefox :
Webbrowser Firefox auf Deutsch | Schneller, sicherer und anpassbar

Norton:
Norton Antivirus und Internet Security Software | Norton.de
mal upgraden, ist in der Regel kostenlos.
Wenn du Avira behältst, dann deinstalieren.

Deinstaliere:
Penguins
PhotoNow
Plants vs
Polar Bowler
Slingo
Softonic
Video Downloader
Virtual Villagers
Wedding
WildTangent : beide
Zuma
Zylom

starte neu.
2.
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> Windows 7: weißer Bildschirm nach Systemstart (auch im abgesicherter Modus)

Alt 04.08.2013, 16:55   #7
ThomasF1
 
Windows 7: weißer Bildschirm nach Systemstart (auch im abgesicherter Modus) - Standard

Windows 7: weißer Bildschirm nach Systemstart (auch im abgesicherter Modus)



Hallo!
hat alles bestens geklappt!

Ich bedanke mich vielmals für die hervoragende Hilfe!

Alt 05.08.2013, 14:07   #8
markusg
/// Malware-holic
 
Windows 7: weißer Bildschirm nach Systemstart (auch im abgesicherter Modus) - Standard

Windows 7: weißer Bildschirm nach Systemstart (auch im abgesicherter Modus)



Hi ich brauche das log
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Windows 7: weißer Bildschirm nach Systemstart (auch im abgesicherter Modus)
abgesicherten, abgesicherter, angemeldet, anmelden, bildschirm, bildschirm bleibt weiß, desktop, folge, folgendes, home, laptop, melde, melden, modus, problem, schließe, starte, startet, strg, systemstart, taskmanager, thomas, weißer, weißer bildschirm nach systemstart, windows, windows 7, öffnen, öffnet



Ähnliche Themen: Windows 7: weißer Bildschirm nach Systemstart (auch im abgesicherter Modus)


  1. WinXP - Weißer Bildschirm nach Anmeldung bei einem User - Abgesicherter Modus funktioniert - FRST32 bricht ab
    Log-Analyse und Auswertung - 22.01.2014 (9)
  2. weißer bildschirm, schwarzer bildschirm, maus laggs nach systemstart, mausbewegungen in boxen.
    Plagegeister aller Art und deren Bekämpfung - 02.12.2013 (3)
  3. BKA-Trojaner weißer Bildschirm, aber abgesicherter Modus funktioniert auch nicht mehr, Rescue-CDs können nichts finden
    Plagegeister aller Art und deren Bekämpfung - 05.08.2013 (30)
  4. Windows 7 Weißer Bildschirm... Abgesicherter Modus geht nicht
    Plagegeister aller Art und deren Bekämpfung - 02.08.2013 (9)
  5. OTL Logdaten für GVU Trojaner, weißer Bildschirm, kein abgesicherter Modus unter Windows 7
    Log-Analyse und Auswertung - 09.07.2013 (25)
  6. Weißer Bildschirm nach Anmeldung, kein abgesicherter Modus, kein Taskmanager
    Log-Analyse und Auswertung - 09.07.2013 (13)
  7. Weißer Bildschirm nach dem normalen Windowsstart und auch im abgesicherten Modus
    Log-Analyse und Auswertung - 30.05.2013 (23)
  8. Windows 7 - weißer Bildschirm nach Systemstart
    Log-Analyse und Auswertung - 18.05.2013 (3)
  9. Weißer Bildschirm nach Systemstart von Windows 7
    Plagegeister aller Art und deren Bekämpfung - 15.05.2013 (6)
  10. Windows Vista: Weißer Bildschirm nach Start (ohne Text)! - abgesicherter Modus geht.
    Log-Analyse und Auswertung - 11.05.2013 (22)
  11. weißer Bildschirm, abgesicherter modus funktioniert nur mit eingabeaufforderung
    Log-Analyse und Auswertung - 07.05.2013 (17)
  12. 2x Windows Vista: Weißer Bildschirm nach Start (ohne Text, abgesicherter Modus geht)!
    Mülltonne - 04.05.2013 (1)
  13. Polizeitrojaner, Weißer Bildschirm, Kein Abgesicherter Modus, Windows 7
    Plagegeister aller Art und deren Bekämpfung - 04.02.2013 (13)
  14. VISTA,weißer Bildschirm, kein abgesicherter Modus :-(
    Plagegeister aller Art und deren Bekämpfung - 22.01.2013 (9)
  15. GVU Virus, weißer Bildschirm, keine abgesicherter Modus
    Plagegeister aller Art und deren Bekämpfung - 19.01.2013 (5)
  16. Trojaner, weißer Bildschirm, auch abgesicherter Modus (OTL Logfile bereits vorhanden)
    Log-Analyse und Auswertung - 18.08.2012 (9)
  17. Weißer Bildschirm, auch abgesicherter Modus funktioniert nicht
    Plagegeister aller Art und deren Bekämpfung - 23.03.2012 (31)

Zum Thema Windows 7: weißer Bildschirm nach Systemstart (auch im abgesicherter Modus) - Hallo liebe Helfer, habe folgendes Problem unter Windows 7 Home Edition. Wenn ich den Laptop starte habe ich nach dem anmelden kurz (ca. 5 - 7 sec) meinen normalen Desktop - Windows 7: weißer Bildschirm nach Systemstart (auch im abgesicherter Modus)...
Archiv
Du betrachtest: Windows 7: weißer Bildschirm nach Systemstart (auch im abgesicherter Modus) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.