| |
| |||||||
Log-Analyse und Auswertung: Logfile nach FRST64.exeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
26.06.2015, 09:32
| #1 |
| |  Logfile nach FRST64.exe Hallo, mein Problem ist der wohl bekannte Bluescreen "STOP: C0000135 The program can't start because %hs is missing from your computer. Try reinstalling the program to fix the problem" jetzt habe ich das Tool drüberlaufen lassen und erhoffe mir hier Hilfe  Vielen Dank im Vorraus  Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-06-2015
Ran by SYSTEM on MININT-AFEM916 on 26-06-2015 10:18:29
Running from G:\
Platform: Windows 7 Professional (X64) OS Language: Englisch (USA)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-17] (Realtek Semiconductor)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [296960 2009-07-14] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\Molling\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-08-22] (Google Inc.)
HKU\Molling\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [4527424 2011-08-17] (DT Soft Ltd)
HKU\Molling\...\Run: [RippUday] => regsvr32.exe "
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk [2011-08-23]
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk [2011-08-23]
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (No File)
Startup: C:\Users\WinWorkerDienst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk [2013-07-01]
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (No File)
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-20] (Avira Operations GmbH & Co. KG)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-20] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-20] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-20] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S3 TestHandler; C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\HaDTMan.exe [384792 2010-09-24] (Fujitsu Technology Solutions)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S2 WinWorkerScheduler; C:\Windows\SP Services\SchedulerService\WWSchedulerService.exe [400384 2013-07-01] (Sander + Partner GmbH)
S2 WWWebSocketService; C:\Windows\SP Services\WebsocketService\WWWebsocketService.exe [466336 2013-07-01] (Sander + Partner GmbH)
S2 lxdu_device; C:\Windows\system32\lxducoms.exe -service [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-20] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-05-20] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
S2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-10] (Avira Operations GmbH & Co. KG)
S3 CBUSB; C:\Windows\System32\drivers\CBUSB_64.sys [62208 2013-02-26] (MARX CryptoTech LP)
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [271424 2011-08-22] (DT Soft Ltd)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-26 10:18 - 2015-06-26 10:18 - 00000000 ____D C:\FRST
2015-06-18 14:05 - 2015-06-18 14:05 - 00000000 __SHD C:\found.013
2015-06-02 14:39 - 2015-06-02 14:39 - 00000000 __SHD C:\found.012
2015-05-28 15:31 - 2015-05-28 15:31 - 00000000 __SHD C:\found.011
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-23 10:14 - 2013-07-01 17:35 - 00000000 ____D C:\users\WinWorkerDienst
2015-06-23 10:14 - 2011-08-22 15:57 - 00000000 ____D C:\users\Molling
2015-06-23 10:13 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2015-06-17 07:49 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-17 07:49 - 2009-07-14 05:51 - 00084781 _____ C:\Windows\setupact.log
2015-06-02 14:51 - 2009-07-14 05:45 - 00016768 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-02 14:51 - 2009-07-14 05:45 - 00016768 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-02 14:50 - 2011-08-22 15:50 - 01154885 _____ C:\Windows\WindowsUpdate.log
2015-06-02 14:49 - 2013-03-21 16:08 - 00000812 ____H C:\Windows\System32\NRG SG3110SFNw RPCS-R.CAC
2015-06-02 14:49 - 2012-02-13 15:49 - 00000000 ____D C:\Users\Molling\Desktop\Rechnungen ab 2009
2015-06-02 14:43 - 2011-08-22 15:54 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-31 16:27 - 2013-03-27 15:32 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-31 16:21 - 2011-08-22 15:55 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
Some files in TEMP:
====================
C:\Users\Molling\AppData\Local\Temp\AskSLib.dll
C:\Users\Molling\AppData\Local\Temp\avgnt.exe
C:\Users\Molling\AppData\Local\Temp\_isB432.exe
==================== Known DLLs (Whitelisted) ================
C:\Windows\System32\USP10.dll IS MISSING <==== ATTENTION!
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== Restore Points =========================
Restore point made on: 2015-03-24 16:42:51
Restore point made on: 2015-03-26 18:07:01
Restore point made on: 2015-03-26 18:31:11
Restore point made on: 2015-04-08 16:07:14
Restore point made on: 2015-04-22 11:53:35
Restore point made on: 2015-04-25 15:26:36
Restore point made on: 2015-04-25 16:32:34
Restore point made on: 2015-04-28 15:59:02
Restore point made on: 2015-04-29 14:58:56
Restore point made on: 2015-04-29 15:30:42
Restore point made on: 2015-05-03 15:40:54
Restore point made on: 2015-05-03 18:17:40
Restore point made on: 2015-05-04 15:51:27
Restore point made on: 2015-05-04 16:16:54
Restore point made on: 2015-05-06 14:31:59
Restore point made on: 2015-05-06 15:15:02
Restore point made on: 2015-05-13 16:02:31
Restore point made on: 2015-05-22 10:28:16
Restore point made on: 2015-05-22 10:40:17
Restore point made on: 2015-05-25 12:42:06
Restore point made on: 2015-05-25 14:27:23
Restore point made on: 2015-05-26 16:06:52
Restore point made on: 2015-05-26 16:30:38
Restore point made on: 2015-05-26 16:48:35
Restore point made on: 2015-05-27 13:39:32
Restore point made on: 2015-05-27 14:24:01
Restore point made on: 2015-05-28 15:39:21
Restore point made on: 2015-05-28 15:59:11
Restore point made on: 2015-05-31 15:39:48
Restore point made on: 2015-05-31 16:43:33
Restore point made on: 2015-06-02 13:36:33
Restore point made on: 2015-06-02 14:08:05
Restore point made on: 2015-06-02 14:50:17
==================== Memory info ===========================
Percentage of memory in use: 28%
Total physical RAM: 1919.61 MB
Available physical RAM: 1365.26 MB
Total Pagefile: 1919.61 MB
Available Pagefile: 1345.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:235 GB) (Free:179.67 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:228.76 GB) (Free:227.77 GB) NTFS
Drive e: (WINRE) (Fixed) (Total:2 GB) (Free:1.38 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (USB DISK) (Removable) (Total:0.93 GB) (Free:0.37 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.13 GB) (Free:0.12 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 8E760A6D)
Partition 1: (Active) - (Size=2 GB) - (Type=27)
Partition 2: (Not Active) - (Size=235 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=228.8 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 957 MB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=953 MB) - (Type=06)
LastRegBack: 2015-05-13 15:56
==================== End of log ============================
|
| Themen zu Logfile nach FRST64.exe |
| adobe, adobe flash player, antivir, avg, avira, defender, desktop, explorer, file, flash player, google, logfile, microsoft, opera, problem, realtek, registry, scan, services.exe, svchost.exe, system, temp, windows, windows xp, winlogon.exe |
Baum-Darstellung