Code:
Alles auswählen Aufklappen ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-11-2013 01
Ran by SYSTEM on MININT-NLP3O78 on 26-11-2013 21:53:18
Running from G:\
Windows 7 Starter (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2217256 2011-03-17] (Synaptics Incorporated)
HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [1138780 2011-06-30] (IDT, Inc.)
HKLM\...\Run: [HPQuickWebProxy] - C:\Program Files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [78904 2011-04-08] (Hewlett-Packard Company)
HKLM\...\Run: [HPConnectionManager] - C:\Program Files\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [HP Quick Launch] - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM\...\Run: [HPOSD] - C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-27] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [249064 2010-10-29] (Sun Microsystems, Inc.)
HKU\user\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2013-06-03] (Skype Technologies S.A.)
HKU\user\...\Winlogon: [Shell] explorer.exe,C:\Users\user\AppData\Roaming\Other.res [ 2013-08-28] () <==== ATTENTION
========================== Services (Whitelisted) =================
S2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [125496 2011-02-22] (Hewlett-Packard Company)
S2 NIS; C:\Program Files\Norton Internet Security\Engine\18.7.2.3\diMaster.dll [262584 2011-03-31] (Symantec Corporation)
S2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [282706 2011-06-30] (IDT, Inc.)
S2 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [671344 2012-04-10] (VMware, Inc.)
S2 vmware-view-usbd; C:\Program Files\VMware\VMware View\Client\bin\vmware-view-usbd.exe [2370560 2012-05-01] (VMware, Inc.)
S2 wsnm; C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe [472176 2012-05-01] (VMware, Inc.)
==================== Drivers (Whitelisted) ====================
S1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20130924.001\BHDrvx86.sys [1097304 2013-09-23] (Symantec Corporation)
S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-08-29] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-08-29] (Symantec Corporation)
S2 hcmon; C:\Windows\system32\drivers\hcmon.sys [41456 2012-04-10] (VMware, Inc.)
S1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20130927.001\IDSvix86.sys [392792 2013-08-26] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20130927.018\NAVENG.SYS [93272 2013-08-29] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20130927.018\NAVEX15.SYS [1612376 2013-08-29] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NIS\1207020.003\SRTSP.SYS [516216 2011-03-30] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NIS\1207020.003\SRTSPX.SYS [50168 2011-03-30] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\NIS\1207020.003\SYMDS.SYS [340088 2011-01-26] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\NIS\1207020.003\SYMEFA.SYS [744568 2011-03-14] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [126584 2013-03-31] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NIS\1207020.003\Ironx86.SYS [136312 2011-01-26] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\NIS\1207020.003\SYMNETS.SYS [299640 2011-04-20] (Symantec Corporation)
S3 vmusb; C:\Windows\System32\Drivers\vmusb.sys [31280 2012-04-10] (VMware, Inc.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-26 21:53 - 2013-11-26 21:53 - 00000000 ____D C:\FRST
2013-11-16 06:15 - 2013-10-11 23:04 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-11-16 06:15 - 2013-10-11 23:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-11-16 06:15 - 2013-10-11 23:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-11-16 06:15 - 2013-10-11 23:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-11-16 06:15 - 2013-10-11 23:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-11-16 06:15 - 2013-10-11 23:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-11-16 06:15 - 2013-10-11 23:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-11-16 06:15 - 2013-10-11 23:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-11-16 06:15 - 2013-10-11 23:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-11-16 06:15 - 2013-10-11 23:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-11-16 06:15 - 2013-10-11 23:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-11-16 06:15 - 2013-10-11 23:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-11-16 06:15 - 2013-10-11 23:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-11-16 06:15 - 2013-10-11 23:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-11-16 06:15 - 2013-10-11 22:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-11-16 06:15 - 2013-10-11 21:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-11-15 02:15 - 2013-10-03 17:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\System32\SmartcardCredentialProvider.dll
2013-11-15 02:15 - 2013-10-03 17:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-11-15 02:15 - 2013-10-03 17:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\System32\credui.dll
2013-11-15 02:14 - 2013-10-11 18:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\System32\nshwfp.dll
2013-11-15 02:14 - 2013-10-11 18:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\System32\IKEEXT.DLL
2013-11-15 02:14 - 2013-10-11 18:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\System32\FWPUCLNT.DLL
2013-11-15 02:14 - 2013-10-05 11:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-11-15 02:14 - 2013-10-02 17:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2013-11-15 02:14 - 2013-09-24 18:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-11-15 02:14 - 2013-09-24 18:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2013-11-15 02:14 - 2013-09-24 17:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-11-15 02:14 - 2013-09-24 17:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2013-11-15 02:14 - 2013-09-24 17:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2013-11-15 02:14 - 2013-09-24 17:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-11-15 02:14 - 2013-09-24 17:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-11-15 02:14 - 2013-09-24 16:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2013-11-15 02:14 - 2013-09-24 16:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2013-11-15 02:14 - 2013-07-04 04:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-11-05 11:09 - 2013-11-05 11:09 - 00000000 _____ C:\Windows\System32\shoC5C0.tmp
2013-11-04 08:05 - 2013-11-04 08:05 - 00000000 _____ C:\Windows\System32\shoAE3B.tmp
2013-11-04 07:26 - 2013-11-04 07:26 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2013-10-31 01:37 - 2013-09-03 17:15 - 00258560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2013-10-31 01:37 - 2013-09-03 17:14 - 00284672 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2013-10-31 01:37 - 2013-09-03 17:14 - 00076288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2013-10-31 01:37 - 2013-09-03 17:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2013-10-31 01:37 - 2013-09-03 17:14 - 00024064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2013-10-31 01:37 - 2013-09-03 17:14 - 00020480 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2013-10-31 01:37 - 2013-09-03 17:14 - 00006016 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
==================== One Month Modified Files and Folders =======
2013-11-26 21:53 - 2013-11-26 21:53 - 00000000 ____D C:\FRST
2013-11-26 12:43 - 2009-07-13 20:39 - 00059359 _____ C:\Windows\setupact.log
2013-11-26 11:13 - 2013-03-20 06:39 - 01270487 _____ C:\Windows\WindowsUpdate.log
2013-11-26 10:42 - 2010-11-20 13:01 - 01500018 _____ C:\Windows\System32\PerfStringBackup.INI
2013-11-26 08:40 - 2009-07-13 20:34 - 00016480 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-26 08:40 - 2009-07-13 20:34 - 00016480 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-26 07:44 - 2013-06-30 10:39 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype
2013-11-24 09:23 - 2009-07-13 20:52 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-11-17 10:22 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-11-05 11:09 - 2013-11-05 11:09 - 00000000 _____ C:\Windows\System32\shoC5C0.tmp
2013-11-04 08:05 - 2013-11-04 08:05 - 00000000 _____ C:\Windows\System32\shoAE3B.tmp
2013-11-04 07:26 - 2013-11-04 07:26 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\lzchUSm.exe
C:\Users\user\AppData\Local\Temp\lzchUSm0.exe
C:\Users\user\AppData\Local\Temp\SkypeSetup.exe
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
14
Restore point made on: 2013-06-27 04:25:18
Restore point made on: 2013-06-29 08:36:25
Restore point made on: 2013-06-29 09:25:32
Restore point made on: 2013-06-30 12:24:40
Restore point made on: 2013-07-04 04:14:09
Restore point made on: 2013-07-18 02:36:02
Restore point made on: 2013-07-21 07:34:54
Restore point made on: 2013-08-20 06:16:37
Restore point made on: 2013-09-16 08:57:48
Restore point made on: 2013-09-16 11:13:29
Restore point made on: 2013-10-10 00:39:42
Restore point made on: 2013-10-11 02:22:16
Restore point made on: 2013-11-04 05:24:37
Restore point made on: 2013-11-16 06:14:44
==================== Memory info ===========================
Percentage of memory in use: 51%
Total physical RAM: 1011.87 MB
Available physical RAM: 494.62 MB
Total Pagefile: 1011.87 MB
Available Pagefile: 495.12 MB
Total Virtual: 2047.88 MB
Available Virtual: 1942.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:280.98 GB) (Free:244.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Recovery) (Fixed) (Total:12.95 GB) (Free:1.43 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.1 GB) FAT32
Drive g: () (Removable) (Total:1.97 GB) (Free:0.55 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 6B5E644B)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=281 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)
========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 003D6837)
Partition 1: (Active) - (Size=2 GB) - (Type=06)
LastRegBack: 2013-07-21 08:10
==================== End Of Log ============================