Habe aufgrund der Einträge bereits die frst.exe laufen lassen und füge das logfile bei.
Wäre toll wenn mir jemand weiterhelfen könnte.
Code:
Alles auswählen Aufklappen ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-01-2014
Ran by SYSTEM on MININT-QAILRFC on 10-01-2014 21:55:28
Running from E:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-08-10] (Alcor Micro Corp.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2283816 2010-08-12] (Synaptics Incorporated)
HKLM\...\Run: [SynAsusAcpi] - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [92456 2010-08-12] (Synaptics Incorporated)
HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4156 2010-04-16] ()
HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [6806144 2010-06-24] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-05-03] (ASUS)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()
HKLM-x32\...\Run: [VAWinAgent] - C:\ExpressGateUtil\VAWinAgent.exe [21504 2010-08-12] ()
HKLM-x32\...\Run: [ccApp] - C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe [115560 2011-02-10] (Symantec Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-11] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\ASUS\...\Run: [] - [x]
HKU\ASUS\...\Run: [NokiaSuite.exe] - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-04-18] (Nokia)
HKU\ASUS\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\ASUS\...\Winlogon: [Shell] explorer.exe,C:\Users\ASUS\AppData\Roaming\Other.res [151552 2011-11-16] () <==== ATTENTION
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)
Startup: C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\thunderbird.exe (Mozilla Corporation)
==================== Services (Whitelisted) =================
S2 ccEvtMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2011-02-10] (Symantec Corporation)
S2 ccSetMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2011-02-10] (Symantec Corporation)
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093880 2010-09-07] (Symantec Corporation)
S2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-29] (Microsoft Corporation)
S2 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe [3249768 2011-02-10] (Symantec Corporation)
S4 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE [428912 2011-02-10] (Symantec Corporation)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-29] (Microsoft Corporation)
S2 Symantec AntiVirus; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [1839776 2011-02-10] (Symantec Corporation)
S2 TGCM_ImportWiFiSvc; C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [201080 2011-06-14] (Telefónica)
S2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [77312 2010-08-20] ()
==================== Drivers (Whitelisted) ====================
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [256000 2010-08-31] (Huawei Technologies Co., Ltd.)
S3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [81984 2010-10-28] (Fresco Logic)
S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 NAVENG; C:\ProgramData\Symantec\Definitions\VirusDefs\20140110.002\eng64.sys [126040 2013-08-30] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Symantec\Definitions\VirusDefs\20140110.002\ex64.sys [2099288 2013-08-30] (Symantec Corporation)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
S1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [449072 2011-02-10] (Symantec Corporation)
S1 SRTSP; C:\Windows\SysWow64\Drivers\SRTSP64.SYS [449072 2011-02-10] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [482352 2011-02-10] (Symantec Corporation)
S3 SRTSPL; C:\Windows\SysWow64\Drivers\SRTSPL64.SYS [482352 2011-02-10] (Symantec Corporation)
S1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32304 2011-02-10] (Symantec Corporation)
S1 SRTSPX; C:\Windows\SysWow64\Drivers\SRTSPX64.SYS [32304 2011-02-10] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [173616 2012-08-18] (Symantec Corporation)
S3 Teefer2; C:\Windows\System32\DRIVERS\teefer2.sys [64048 2011-02-10] (Symantec Corporation)
S2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-16] ()
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [117080 2012-09-07] (Oracle Corporation)
S1 WPS; C:\Windows\system32\drivers\wpsdrvnt.sys [53808 2011-02-10] (Symantec Corporation)
S3 WpsHelper; C:\Windows\system32\drivers\WpsHelper.sys [233120 2012-11-14] (Symantec Corporation)
S3 cpuz133; \??\C:\Users\ASUS\AppData\Local\Temp\cpuz133\cpuz133_x64.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-10 11:33 - 2014-01-10 11:33 - 00151552 _____ C:\Users\ASUS\Downloads\adobeflashplayerv10.2.152.32(1).exe
2014-01-08 09:07 - 2014-01-08 09:07 - 00000293 _____ C:\Users\ASUS\Downloads\Ihre_beste_Bewerbung.bibtex
2014-01-05 03:32 - 2014-01-05 03:32 - 00001209 _____ C:\Users\ASUS\Desktop\VID_20131216_165427.mp4 - Verknüpfung.lnk
2014-01-05 03:32 - 2014-01-05 03:32 - 00001209 _____ C:\Users\ASUS\Desktop\VID_20131216_165108.mp4 - Verknüpfung.lnk
2014-01-02 10:16 - 2014-01-02 10:29 - 00000156 _____ C:\Users\ASUS\Desktop\Neues Textdokument.txt
2013-12-27 11:39 - 2014-01-02 03:21 - 00000000 ____D C:\Users\ASUS\Desktop\Bewerbungen
2013-12-27 06:38 - 2013-12-27 06:38 - 00000000 _____ C:\t15g.3
2013-12-27 06:38 - 2013-12-27 06:38 - 00000000 _____ C:\t15g.2
2013-12-20 06:43 - 2013-12-20 06:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-13 19:04 - 2013-12-13 19:04 - 00000000 ____D C:\FRST
2013-12-13 05:07 - 2013-12-13 05:07 - 00107008 _____ C:\Users\ASUS\Downloads\adobeflashplayerv10.2.152.32.exe
2013-12-13 01:50 - 2013-12-13 01:50 - 00044544 _____ C:\Users\ASUS\Desktop\2013-14 GE 2.xls
2013-12-13 01:48 - 2013-12-13 01:48 - 00044544 _____ C:\Users\ASUS\Desktop\Kopie von 2_ge_answers_deo31_2008-09.xls
==================== One Month Modified Files and Folders =======
2014-01-10 12:36 - 2013-11-14 02:04 - 00262144 _____ C:\Windows\System32\Ikeext.etl
2014-01-10 12:35 - 2013-04-21 11:49 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-10 12:34 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-10 12:33 - 2013-07-11 22:28 - 00043307 _____ C:\Windows\setupact.log
2014-01-10 12:33 - 2010-12-01 02:11 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-10 11:33 - 2014-01-10 11:33 - 00151552 _____ C:\Users\ASUS\Downloads\adobeflashplayerv10.2.152.32(1).exe
2014-01-10 11:24 - 2013-10-30 14:16 - 00000284 _____ C:\Windows\Tasks\FoxTab.job
2014-01-10 11:22 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\tracing
2014-01-10 11:14 - 2009-07-13 20:45 - 00010016 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-10 11:14 - 2009-07-13 20:45 - 00010016 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-10 11:08 - 2012-04-07 13:08 - 00000000 ____D C:\Users\ASUS\AppData\Roaming\Skype
2014-01-10 11:07 - 2013-07-13 13:57 - 00000000 ____D C:\Users\ASUS\AppData\Local\CrashDumps
2014-01-10 05:51 - 2010-12-01 01:38 - 01947455 _____ C:\Windows\WindowsUpdate.log
2014-01-10 05:40 - 2012-04-12 10:10 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-10 05:01 - 2013-04-21 11:49 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-09 13:25 - 2012-05-05 04:04 - 00000000 ____D C:\Users\ASUS\.VirtualBox
2014-01-09 13:18 - 2013-08-01 02:21 - 00000000 ____D C:\Users\ASUS\AppData\Local\CUSTPDF Writer
2014-01-09 02:34 - 2009-08-04 01:51 - 00764904 _____ C:\Windows\System32\perfh007.dat
2014-01-09 02:34 - 2009-08-04 01:51 - 00176914 _____ C:\Windows\System32\perfc007.dat
2014-01-09 02:34 - 2009-07-13 21:13 - 01830898 _____ C:\Windows\System32\PerfStringBackup.INI
2014-01-08 09:07 - 2014-01-08 09:07 - 00000293 _____ C:\Users\ASUS\Downloads\Ihre_beste_Bewerbung.bibtex
2014-01-07 15:03 - 2013-04-21 11:49 - 00002177 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-06 09:04 - 2013-01-30 12:00 - 00000000 ____D C:\Users\ASUS\Desktop\ΕΦΟΡΙΑ
2014-01-05 11:40 - 2012-07-10 11:38 - 00000432 _____ C:\Windows\BRWMARK.INI
2014-01-05 03:32 - 2014-01-05 03:32 - 00001209 _____ C:\Users\ASUS\Desktop\VID_20131216_165427.mp4 - Verknüpfung.lnk
2014-01-05 03:32 - 2014-01-05 03:32 - 00001209 _____ C:\Users\ASUS\Desktop\VID_20131216_165108.mp4 - Verknüpfung.lnk
2014-01-02 10:29 - 2014-01-02 10:16 - 00000156 _____ C:\Users\ASUS\Desktop\Neues Textdokument.txt
2014-01-02 03:21 - 2013-12-27 11:39 - 00000000 ____D C:\Users\ASUS\Desktop\Bewerbungen
2014-01-01 05:13 - 2012-03-27 04:36 - 00045056 _____ C:\Windows\System32\acovcnt.exe
2013-12-27 08:21 - 2013-07-10 12:27 - 00000000 ____D C:\Users\ASUS\Desktop\MORAKI
2013-12-27 06:38 - 2013-12-27 06:38 - 00000000 _____ C:\t15g.3
2013-12-27 06:38 - 2013-12-27 06:38 - 00000000 _____ C:\t15g.2
2013-12-26 07:31 - 2013-09-17 06:12 - 00000000 ____D C:\Users\ASUS\Desktop\XAVR
2013-12-22 13:42 - 2013-08-11 05:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-12-21 12:47 - 2013-11-02 05:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-20 06:43 - 2013-12-20 06:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-14 12:53 - 2013-10-15 10:33 - 00000000 ____D C:\Users\ASUS\Desktop\UNI
2013-12-13 19:04 - 2013-12-13 19:04 - 00000000 ____D C:\FRST
2013-12-13 06:30 - 2009-07-13 20:45 - 00012288 _____ C:\Windows\System32\umstartup.etl
2013-12-13 05:07 - 2013-12-13 05:07 - 00107008 _____ C:\Users\ASUS\Downloads\adobeflashplayerv10.2.152.32.exe
2013-12-13 01:50 - 2013-12-13 01:50 - 00044544 _____ C:\Users\ASUS\Desktop\2013-14 GE 2.xls
2013-12-13 01:48 - 2013-12-13 01:48 - 00044544 _____ C:\Users\ASUS\Desktop\Kopie von 2_ge_answers_deo31_2008-09.xls
ZeroAccess:
C:\Windows\Installer\{42677c4b-104a-0abf-8ffb-67ca7c9f429f}
C:\Windows\Installer\{42677c4b-104a-0abf-8ffb-67ca7c9f429f}\@
ZeroAccess:
C:\Users\ASUS\AppData\Local\{42677c4b-104a-0abf-8ffb-67ca7c9f429f}
Some content of TEMP:
====================
C:\Users\ASUS\AppData\Local\Temp\NEventMessages.dll
C:\Users\ASUS\AppData\Local\Temp\NOSEventMessages.dll
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
==================== Memory info ===========================
Percentage of memory in use: 14%
Total physical RAM: 3884.29 MB
Available physical RAM: 3314.41 MB
Total Pagefile: 3882.43 MB
Available Pagefile: 3300.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:74.52 GB) (Free:19.02 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:211.85 GB) (Free:207.58 GB) NTFS
Drive e: () (Removable) (Total:0.97 GB) (Free:0.19 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 6897E73A)
Partition 1: (Not Active) - (Size=12 GB) - (Type=1C)
Partition 2: (Active) - (Size=75 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=212 GB) - (Type=OF Extended)
========================================================
Disk: 1 (Size: 993 MB) (Disk ID: 31E9F8F5)
Partition 1: (Active) - (Size=993 MB) - (Type=0B)
LastRegBack: 2014-01-09 02:14
==================== End Of Log ============================
10.01.2014, 22:20
Baum-Darstellung