Combofix Log: Code:
ComboFix 13-08-25.01 - laptop 26.08.2013 20:55:31.1.4 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.41.1031.18.2038.1315 [GMT 2:00]
ausgeführt von:: c:\users\laptop\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-07-26 bis 2013-08-26 ))))))))))))))))))))))))))))))
.
.
2030-01-01 13:45 . 2011-05-10 19:55 -------- d-----w- C:\Boot
2013-08-27 03:43 . 2013-08-27 03:43 -------- d-----w- C:\FRST
2013-08-26 19:07 . 2013-08-26 19:09 -------- d-----w- c:\users\laptop\AppData\Local\temp
2013-08-26 19:07 . 2013-08-26 19:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-25 12:37 . 2013-08-27 04:24 -------- d-----w- c:\users\laptop\AppData\Local\a0ab3f29-a3bd-49f3-abde-0ccc8dbeeb33ad
2013-08-25 12:15 . 2013-08-06 07:28 7166848 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{212E864E-B176-4D10-8C82-C567C1DF9256}\mpengine.dll
2013-08-25 08:18 . 2013-08-06 07:28 7166848 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-22 19:18 . 2013-08-22 19:18 697992 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DB49D995-C949-4F95-8A81-3293B7839F2C}\gapaengine.dll
2013-08-15 22:37 . 2013-08-15 22:41 -------- d-----w- c:\windows\system32\MRT
2013-08-15 22:25 . 2013-07-26 02:49 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-08-15 22:25 . 2013-07-26 03:12 2877440 ----a-w- c:\windows\system32\jscript9.dll
2013-08-15 20:17 . 2013-07-09 04:50 652800 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-15 20:17 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\system32\crypt32.dll
2013-08-15 20:17 . 2013-07-09 04:52 175104 ----a-w- c:\windows\system32\wintrust.dll
2013-08-15 20:17 . 2013-07-09 04:46 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-15 20:17 . 2013-07-09 04:46 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-15 20:16 . 2013-07-09 05:03 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-15 20:16 . 2013-07-09 05:03 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-15 20:16 . 2013-07-09 04:53 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-08-15 20:16 . 2013-07-06 05:05 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-15 20:16 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-15 20:16 . 2013-07-19 01:41 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-15 20:16 . 2013-06-15 03:38 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-21 17:14 . 2012-06-08 09:06 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-21 17:14 . 2011-06-21 21:35 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-17 18:57 . 2011-03-25 22:19 698504 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-06-05 03:05 . 2013-07-11 05:23 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 04:53 . 2013-07-11 05:23 509440 ----a-w- c:\windows\system32\qedit.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay]
@="{69C401BA-2D6D-44B7-ADED-35E3BF78A7DC}"
[HKEY_CLASSES_ROOT\CLSID\{69C401BA-2D6D-44B7-ADED-35E3BF78A7DC}]
2010-12-23 09:48 155416 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"
[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"
[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2010-12-23 09:48 155416 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OVERLAYICONEXTENSION1]
@="{fe25455d-b4c2-4e32-97d2-92632ec1c224}"
[HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}]
2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OVERLAYICONEXTENSION2]
@="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}"
[HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}]
2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsLivePhone"="c:\program files\Windows Live\Device Manager\msgrdvmn.exe" [2010-04-19 787752]
"Facebook Update"="c:\users\laptop\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-01-20 138096]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-05-08 18680424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2011-04-13 1813800]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2010-08-09 3058304]
"HotkeyMon"="AsusSender.exe" [2010-05-24 35304]
"HotkeyService"="AsusSender.exe" [2010-05-24 35304]
"SuperHybridEngine"="AsusSender.exe" [2010-05-24 35304]
"LiveUpdate"="AsusSender.exe" [2010-05-24 35304]
"CapsHook"="AsusSender.exe" [2010-05-24 35304]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2010-06-10 414384]
"ASUSWebStorage"="c:\program files\ASUS\ASUS WebStorage\2.2.32.76\ASUSWSDashBoard.exe" [2010-06-15 5096784]
"GraphicsSwitch"="AsusSender.exe" [2010-05-24 35304]
"OOBESetup"="c:\program files\asus\OOBERegBackup\OOBERegBackup.exe" [2009-12-11 334848]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"Boingo Wi-Fi"="c:\program files\Boingo\Boingo Wi-Fi\Boingo.lnk" [2011-02-10 2429]
"ASUSPRP"="c:\program files\ASUS\APRP\APRP.EXE" [2010-08-09 2018032]
"NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-05-23 10082920]
"ETDCtrl"="c:\program files\Elantech\ETDCtrl.exe" [2011-04-13 1813800]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-19 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-19 174360]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-19 150808]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]
"WindowsLivePhone"="c:\program files\Windows Live\Device Manager\msgrdvmn.exe" [2010-04-19 787752]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1093232]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 1668720]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-5-21 828704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-03-01 161384]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-05-21 293928]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-05-21 33320]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-11-26 64624]
R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_5.5.29055.0.sys [x]
R3 DWA;Wireless USB Device Adapter;c:\windows\system32\DRIVERS\WSR_DWA.SYS [2010-05-10 483328]
R3 hwa;Wireless USB Host Adapter;c:\windows\system32\DRIVERS\WSR_HWA.SYS [2010-05-10 794624]
R3 HWARadio;Wireless USB Host Radio;c:\windows\system32\DRIVERS\WSR_RCI.SYS [2010-05-10 142848]
R3 NisSrv;NisSrv;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 295232]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-03-31 11520]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [2010-12-23 275088]
S2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-19 219136]
S2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 100328]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2011-04-13 119592]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-05-10 68208]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-08 17:14]
.
2013-08-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3687801032-4281418241-1608738031-1000Core.job
- c:\users\laptop\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-20 18:10]
.
2013-08-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3687801032-4281418241-1608738031-1000UA.job
- c:\users\laptop\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-20 18:10]
.
2013-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-21 21:33]
.
2013-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-21 21:33]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.20min.ch/
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: minecraft.net\www
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\laptop\AppData\Roaming\Mozilla\Firefox\Profiles\5cby4ohc.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
AddRemove-Stöck Wyys Stich Platinum - c:\windows\IsUn0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3308)
c:\windows\system32\CbFsMntNtf3.dll
c:\progra~1\ASUS\ASUSWE~1\2232~1.76\ASUSWS~1.DLL
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-08-26 21:16:24 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-08-26 19:16
.
Vor Suchlauf: 11 Verzeichnis(se), 60'734'603'264 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 60'630'700'032 Bytes frei
.
- - End Of File - - 26EBD9524ED131C2593A1FD6C7EFA8E7
A36C5E4F47E84449FF07ED3517B43A31
und noch die beiden anderen Logs:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-08-2013
Ran by laptop (administrator) on 26-08-2013 21:18:52
Running from C:\Users\laptop\Desktop
Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
() C:\Windows\System32\AsusService.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\ComboFix\CF19204.3XE
(Microsoft Corporation) C:\windows\system32\wuauclt.exe
(SteelWerX) C:\ComboFix\swxcacls.3XE
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [1813800 2011-04-13] (ELAN Microelectronics Corp.)
HKLM\...\Run: [ASUS Screen Saver Protector] - C:\windows\AsScrPro.exe [3058304 2010-08-09] (ASUS)
HKLM\...\Run: [HotkeyMon] - C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe [100328 2009-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [HotkeyService] - C:\Program Files\EeePC\HotkeyService\HotkeyService.exe [1241520 2010-06-30] (ASUSTeK Computer Inc.)
HKLM\...\Run: [SuperHybridEngine] - C:\Program Files\EeePC\SHE\SuperHybridEngine.exe [412600 2010-06-09] (ASUSTeK Computer Inc.)
HKLM\...\Run: [LiveUpdate] - C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe [976872 2010-06-12] (AsusTek Computer Inc.)
HKLM\...\Run: [CapsHook] - C:\Program Files\EeePC\CapsHook\CapsHook.exe [445344 2010-05-29] (ASUS)
HKLM\...\Run: [Eee Docking] - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [414384 2010-06-10] ()
HKLM\...\Run: [ASUSWebStorage] - C:\Program Files\ASUS\ASUS WebStorage\2.2.32.76\ASUSWSDashBoard.exe [5096784 2010-06-15] (eCareme)
HKLM\...\Run: [GraphicsSwitch] - AsusSender.exe C:\Program Files\Asus\GraphicsSwitch\GraphicsSwitch.exe /auto [x]
HKLM\...\Run: [OOBESetup] - C:\Program Files\asus\OOBERegBackup\OOBERegBackup.exe [334848 2009-12-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [UCam_Menu] - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [Boingo Wi-Fi] - C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk [2429 2011-02-10] ()
HKLM\...\Run: [ASUSPRP] - C:\Program Files\ASUS\APRP\APRP.EXE [2018032 2010-08-09] (ASUSTek Computer Inc.)
HKLM\...\Run: [NUSB3MON] - C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2010-01-22] (NEC Electronics Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10082920 2011-05-23] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [1813800 2011-04-13] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Zune Launcher] - C:\Program Files\Zune\ZuneLauncher.exe [159456 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [WindowsLivePhone] - C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe [787752 2010-04-19] (Microsoft Corporation)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] ()
HKLM\...\Run: [IntelliType Pro] - c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1093232 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [1668720 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKCU\...\Run: [WindowsLivePhone] - C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe [787752 2010-04-19] (Microsoft Corporation)
HKCU\...\Run: [Facebook Update] - C:\Users\laptop\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-01-20] (Facebook Inc.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [18680424 2013-05-08] (Skype Technologies S.A.)
HKU\Default\...\RunOnce: [Reboot] - C:\Windows\Reboot.exe [ 2010-07-27] (AsusTek Computer Inc.)
HKU\Default User\...\RunOnce: [Reboot] - C:\Windows\Reboot.exe [ 2010-07-27] (AsusTek Computer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.20min.ch/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKCU - DefaultScope {17CF33D4-74BD-4578-942B-D4B2261543C0} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADFA_deCH437
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKCU - {17CF33D4-74BD-4578-942B-D4B2261543C0} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADFA_deCH437
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {C404FAA9-7D06-4598-A9CA-4109161A357E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=77BC9E9F-FFBC-42AB-AC98-426EFF9DB99D&apn_sauid=074D59CE-C8C0-4E0E-81E0-60339B32A24A
BHO: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU -No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU -No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com/common/asusTek_sys_ctrl.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: msdaipp - No CLSID Value -
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\laptop\AppData\Roaming\Mozilla\Firefox\Profiles\5cby4ohc.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\laptop\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Users\laptop\AppData\Roaming\Mozilla\Firefox\Profiles\5cby4ohc.default\searchplugins\askcom.xml
FF Extension: No Name - C:\Users\laptop\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Flagfox - C:\Users\laptop\AppData\Roaming\Mozilla\Firefox\Profiles\5cby4ohc.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF Extension: WOT - C:\Users\laptop\AppData\Roaming\Mozilla\Firefox\Profiles\5cby4ohc.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: DownloadHelper - C:\Users\laptop\AppData\Roaming\Mozilla\Firefox\Profiles\5cby4ohc.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: No Name - C:\Users\laptop\AppData\Roaming\Mozilla\Firefox\Profiles\5cby4ohc.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\laptop\AppData\Roaming\Mozilla\Firefox\Profiles\5cby4ohc.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========================== Services (Whitelisted) =================
R2 AsusService; C:\Windows\System32\AsusService.exe [219136 2009-08-19] ()
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] ()
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] ()
==================== Drivers (Whitelisted) ====================
R1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11520 2010-03-31] ()
S3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [293928 2010-05-21] (Broadcom Corporation.)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [275088 2010-12-23] (EldoS Corporation)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S3 DWA; C:\Windows\System32\DRIVERS\WSR_DWA.SYS [483328 2010-05-10] ()
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [119592 2011-04-13] (ELAN Microelectronics Corp.)
S3 hwa; C:\Windows\System32\DRIVERS\WSR_HWA.SYS [794624 2010-05-10] ()
S3 HWARadio; C:\Windows\System32\DRIVERS\WSR_RCI.SYS [142848 2010-05-10] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
U3 mbr; C:\Users\laptop\AppData\Local\Temp\mbr.sys [25088 2013-08-26] ()
S3 catchme; \??\C:\Users\laptop\AppData\Local\Temp\catchme.sys [x]
S3 DisplayLinkUsbPort; system32\DRIVERS\DisplayLinkUsbPort_5.5.29055.0.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2030-01-01 15:45 - 2010-11-20 14:40 - 00383786 __RSH C:\bootmgr
2013-08-27 05:43 - 2013-08-27 05:43 - 00000000 ____D C:\FRST
2013-08-26 21:18 - 2013-08-26 18:29 - 01070979 _____ (Farbar) C:\Users\laptop\Desktop\FRST.exe
2013-08-26 21:16 - 2013-08-26 21:16 - 00014269 _____ C:\ComboFix.txt
2013-08-26 21:08 - 2013-08-26 21:08 - 00000546 _____ C:\windows\PFRO.log
2013-08-26 21:08 - 2013-08-26 21:08 - 00000056 _____ C:\windows\setupact.log
2013-08-26 21:08 - 2013-08-26 21:08 - 00000000 _____ C:\windows\setuperr.log
2013-08-26 20:50 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe
2013-08-26 20:50 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe
2013-08-26 20:50 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2013-08-26 20:50 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2013-08-26 20:50 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2013-08-26 20:50 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe
2013-08-26 20:50 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe
2013-08-26 20:50 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe
2013-08-26 20:49 - 2013-08-26 21:16 - 00000000 ____D C:\Qoobox
2013-08-26 20:49 - 2013-08-26 21:16 - 00000000 ____D C:\ComboFix
2013-08-26 20:49 - 2013-08-26 21:13 - 00000000 ____D C:\windows\erdnt
2013-08-26 20:48 - 2013-08-26 20:46 - 05113393 ____R (Swearware) C:\Users\laptop\Desktop\ComboFix.exe
2013-08-26 16:59 - 2013-08-26 18:10 - 00000004 _____ C:\Users\laptop\AppData\Roaming\settings.ini
2013-08-25 14:37 - 2013-08-27 06:24 - 00000000 ____D C:\Users\laptop\AppData\Local\a0ab3f29-a3bd-49f3-abde-0ccc8dbeeb33ad
2013-08-20 17:40 - 2013-08-20 17:40 - 00000000 ____D C:\Users\laptop\AppData\Local\{5988629E-9E45-426E-ACB0-7C7BED1911B1}
2013-08-17 11:40 - 2013-08-17 11:43 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-16 00:37 - 2013-08-16 00:41 - 00000000 ____D C:\windows\system32\MRT
2013-08-16 00:25 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-08-16 00:25 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-08-16 00:25 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-08-16 00:24 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-08-16 00:24 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-08-16 00:24 - 2013-07-26 05:13 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-08-16 00:24 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-08-16 00:24 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-08-16 00:24 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-08-16 00:24 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-08-16 00:24 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-08-16 00:24 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-08-16 00:24 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-08-16 00:24 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-08-16 00:24 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-08-16 00:24 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-08-15 22:17 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2013-08-15 22:17 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2013-08-15 22:17 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2013-08-15 22:17 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2013-08-15 22:17 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2013-08-15 22:16 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-08-15 22:16 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2013-08-15 22:16 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2013-08-15 22:16 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2013-08-15 22:16 - 2013-07-09 06:53 - 01289096 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2013-08-15 22:16 - 2013-07-06 07:05 - 01293760 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2013-08-15 22:16 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2013-08-01 10:45 - 2013-08-01 10:45 - 00000000 ____D C:\Users\laptop\AppData\Local\{B3F95B65-6A9A-4B36-BFEF-6A9B7F9E5DD9}
==================== One Month Modified Files and Folders =======
2030-01-01 15:45 - 2009-07-14 06:52 - 00032768 _____ C:\windows\system32\config\BCD-Template
2013-08-27 06:24 - 2013-08-25 14:37 - 00000000 ____D C:\Users\laptop\AppData\Local\a0ab3f29-a3bd-49f3-abde-0ccc8dbeeb33ad
2013-08-27 06:24 - 2011-02-10 11:43 - 00000000 ____D C:\Users\laptop
2013-08-27 05:43 - 2013-08-27 05:43 - 00000000 ____D C:\FRST
2013-08-26 21:17 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-26 21:17 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-26 21:16 - 2013-08-26 21:16 - 00014269 _____ C:\ComboFix.txt
2013-08-26 21:16 - 2013-08-26 20:49 - 00000000 ____D C:\Qoobox
2013-08-26 21:16 - 2013-08-26 20:49 - 00000000 ____D C:\ComboFix
2013-08-26 21:14 - 2012-06-08 11:06 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-08-26 21:13 - 2013-08-26 20:49 - 00000000 ____D C:\windows\erdnt
2013-08-26 21:09 - 2009-07-14 04:04 - 00000215 _____ C:\windows\system.ini
2013-08-26 21:08 - 2013-08-26 21:08 - 00000546 _____ C:\windows\PFRO.log
2013-08-26 21:08 - 2013-08-26 21:08 - 00000056 _____ C:\windows\setupact.log
2013-08-26 21:08 - 2013-08-26 21:08 - 00000000 _____ C:\windows\setuperr.log
2013-08-26 21:08 - 2011-06-21 23:34 - 00001094 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-26 21:08 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-08-26 20:51 - 2011-02-11 02:31 - 01882750 _____ C:\windows\WindowsUpdate.log
2013-08-26 20:49 - 2009-07-14 06:53 - 00032632 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-08-26 20:48 - 2011-02-10 12:39 - 00000000 ____D C:\Users\laptop\AppData\Roaming\Skype
2013-08-26 20:46 - 2013-08-26 20:48 - 05113393 ____R (Swearware) C:\Users\laptop\Desktop\ComboFix.exe
2013-08-26 20:45 - 2011-06-21 23:34 - 00001098 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-26 20:41 - 2011-09-27 21:34 - 00000000 ____D C:\Users\laptop\Tracing
2013-08-26 20:41 - 2009-07-25 10:25 - 00000000 ____D C:\windows\panther
2013-08-26 20:39 - 2009-07-25 09:50 - 01498552 _____ C:\windows\system32\PerfStringBackup.INI
2013-08-26 20:34 - 2011-02-10 22:41 - 00001852 _____ C:\Users\laptop\Desktop\MySyncFolder.lnk
2013-08-26 18:29 - 2013-08-26 21:18 - 01070979 _____ (Farbar) C:\Users\laptop\Desktop\FRST.exe
2013-08-26 18:10 - 2013-08-26 16:59 - 00000004 _____ C:\Users\laptop\AppData\Roaming\settings.ini
2013-08-25 22:15 - 2013-01-20 20:10 - 00000932 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3687801032-4281418241-1608738031-1000UA.job
2013-08-25 19:17 - 2009-07-14 04:37 - 00000000 ____D C:\windows\Microsoft.NET
2013-08-25 19:15 - 2013-01-20 20:10 - 00000910 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3687801032-4281418241-1608738031-1000Core.job
2013-08-25 14:36 - 2011-06-21 23:33 - 00000000 ____D C:\Users\laptop\AppData\Local\Google
2013-08-25 14:36 - 2011-06-21 23:33 - 00000000 ____D C:\Program Files\Google
2013-08-21 19:14 - 2012-06-08 11:06 - 00692104 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2013-08-21 19:14 - 2011-06-21 23:35 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-20 17:40 - 2013-08-20 17:40 - 00000000 ____D C:\Users\laptop\AppData\Local\{5988629E-9E45-426E-ACB0-7C7BED1911B1}
2013-08-18 10:20 - 2012-09-25 19:17 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-08-17 20:09 - 2009-07-14 04:37 - 00000000 ____D C:\windows\rescache
2013-08-17 11:43 - 2013-08-17 11:40 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-16 14:24 - 2009-07-14 04:37 - 00000000 ____D C:\windows\system32\de-DE
2013-08-16 00:41 - 2013-08-16 00:37 - 00000000 ____D C:\windows\system32\MRT
2013-08-16 00:37 - 2011-02-11 10:38 - 75778376 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-08-16 00:28 - 2009-07-14 04:04 - 00000499 _____ C:\windows\win.ini
2013-08-01 10:45 - 2013-08-01 10:45 - 00000000 ____D C:\Users\laptop\AppData\Local\{B3F95B65-6A9A-4B36-BFEF-6A9B7F9E5DD9}
Files to move or delete:
====================
ZeroAccess:
C:\Users\laptop\AppData\Local\Google\Desktop\Install\{196f546f-69a9-435a-d310-ec9c3b075f20}
ZeroAccess:
C:\Program Files\Google\Desktop\Install\{196f546f-69a9-435a-d310-ec9c3b075f20}
C:\Users\laptop\AppData\Local\Temp\catchme.dll
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
C:\Program Files\Microsoft Security Client\MsMpEng.exe => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client
LastRegBack: 2013-08-23 21:01
==================== End Of Log ============================
--- --- ---
--- --- --- Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-08-2013
Ran by laptop at 2013-08-26 21:20:06
Running from C:\Users\laptop\Desktop
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
32 Bit HP CIO Components Installer (Version: 1.1.0)
Acrobat.com (Version: 1.6.65)
Adobe AIR (Version: 1.5.3.9130)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (Version: 11.8.800.94)
Adobe Reader XI (11.0.03) - Deutsch (Version: 11.0.03)
ASUS VIBE (Version: 1.0.188)
ASUS WebStorage (Version: 2.2.32.76)
ASUSUpdate for Eee PC (Version: 1.04.01)
Atheros Client Installation Program (Version: 7.0)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.29)
Bing Bar (Version: 7.0.850.0)
Boingo Wi-Fi (Version: 1.7.0048)
Broadcom Wireless Network Adapter (Version: 1.00.0000)
Canon MP250 series MP Drivers
CapsHook (Version: 1.0.0.5)
CCleaner (Version: 3.23)
CyberLink YouCam (Version: 2.0.3718a)
D3DX10 (Version: 15.4.2368.0902)
Eee Docking 3.8.1 (Version: 3.8.1)
EeeSplendid (Version: 5.1.2.0011)
ETDWare PS/2-X86 8.0.5.3_WHQL (Version: 8.0.5.3)
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
FontResizer (Version: 1.01.0011)
Google Update Helper (Version: 1.3.21.153)
Hotkey Service (Version: 1.29)
Intel(R) Graphics Media Accelerator Driver (Version: 8.14.10.2364)
Intel® Matrix Storage Manager
IrfanView (remove only)
Java 7 Update 21 (Version: 7.0.210)
Java Auto Updater (Version: 2.1.9.5)
Junk Mail filter update (Version: 15.4.3502.0922)
K-Lite Codec Pack 6.3.0 (Full) (Version: 6.3.0)
Kyodai
LiveUpdate (Version: 1.22)
LocaleMe (Version: 1.3)
Media Player Classic - Home Cinema v1.3.1802.0 (Version: 1.3.1802.0)
MediaMonkey 3.2 (Version: 3.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft-Maus- und Tastatur-Center (Version: 2.0.162.0)
Mozilla Firefox 23.0.1 (x86 de) (Version: 23.0.1)
Mozilla Maintenance Service (Version: 23.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
NEC Electronics USB 3.0 Host Controller Driver (Version: 1.0.19.0)
OOBERegBackup
Paquete de compatibilidad para 2007 Office system (Version: 12.0.6612.1000)
Ralink RT2860 Wireless LAN Card (Version: 1.5.1.0)
Realtek High Definition Audio Driver (Version: 6.0.1.6373)
SAMSUNG USB Driver for Mobile Phones (Version: 1.2.1050.0)
ScreenSaverPatch
Skype™ 6.3 (Version: 6.3.107)
SRS Premium Sound Control Panel (Version: 1.8.50.0)
Stöck Wyys Stich Platinum
Super Hybrid Engine (Version: 2.16)
syncables desktop SE (Version: 5.5.634.9753)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
WIDCOMM Bluetooth Software (Version: 6.3.0.5500)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live Fotogalerie (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Live-Geräte-Manager (Version: 1.5.7762.0)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows Mobile Device Updater Component (Version: 04.08.2345.00)
WinRAR
Wuala CBFS (Version: 3.1.82.0)
Zune (Version: 04.08.2345.00)
Zune Language Pack (CHS) (Version: 04.08.2345.00)
Zune Language Pack (CHT) (Version: 04.08.2345.00)
Zune Language Pack (CSY) (Version: 04.08.2345.00)
Zune Language Pack (DAN) (Version: 04.08.2345.00)
Zune Language Pack (DEU) (Version: 04.08.2345.00)
Zune Language Pack (ELL) (Version: 04.08.2345.00)
Zune Language Pack (ESP) (Version: 04.08.2345.00)
Zune Language Pack (FIN) (Version: 04.08.2345.00)
Zune Language Pack (FRA) (Version: 04.08.2345.00)
Zune Language Pack (HUN) (Version: 04.08.2345.00)
Zune Language Pack (IND) (Version: 04.08.2345.00)
Zune Language Pack (ITA) (Version: 04.08.2345.00)
Zune Language Pack (JPN) (Version: 04.08.2345.00)
Zune Language Pack (KOR) (Version: 04.08.2345.00)
Zune Language Pack (MSL) (Version: 04.08.2345.00)
Zune Language Pack (NLD) (Version: 04.08.2345.00)
Zune Language Pack (NOR) (Version: 04.08.2345.00)
Zune Language Pack (PLK) (Version: 04.08.2345.00)
Zune Language Pack (PTB) (Version: 04.08.2345.00)
Zune Language Pack (PTG) (Version: 04.08.2345.00)
Zune Language Pack (RUS) (Version: 04.08.2345.00)
Zune Language Pack (SVE) (Version: 04.08.2345.00)
==================== Restore Points =========================
10-08-2013 04:56:46 Windows Update
13-08-2013 20:07:12 Windows Update
15-08-2013 22:23:31 Windows Update
19-08-2013 19:36:18 Windows Update
24-08-2013 05:15:56 Windows Update
25-08-2013 12:34:25 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:04 - 2013-08-26 21:09 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {01C20057-3E26-43DE-82E8-6EAC6FBF092D} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Device Center\itype.exe No File
Task: {07DD5C2A-5149-44A8-9EAD-B2EC1E30893E} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-21] (Adobe Systems Incorporated)
Task: {1CB25A00-6C8D-4CAA-82AF-AD774907C960} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27] ()
Task: {1E63664F-913D-41D9-967C-31F17E6D7398} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Device Center\ipoint.exe No File
Task: {1FC5A4E5-04FC-4939-AA8D-26384E4168DA} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3687801032-4281418241-1608738031-1000UA => C:\Users\laptop\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-20] (Facebook Inc.)
Task: {2F4B6ED1-B4E0-4244-BE90-358D4DF8E98A} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe No File
Task: {33940ACF-BEE0-4134-84CF-6C3383EA28EB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-09-24] (Piriform Ltd)
Task: {4F16359B-7573-46F7-BA9A-9EBB6623662F} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: {AAC72319-C114-461D-977A-A3D1C5F8D629} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-06-21] (Google Inc.)
Task: {C44E6DA1-B095-40CA-9947-0DB76E561AB2} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {CEEE057B-DBDE-41B5-B434-E9B89495BEE8} - System32\Tasks\{E8BBDE63-63FA-4600-BF2C-017C6FDD5E18} => C:\Program Files\Skype\\Phone\Skype.exe [2013-05-08] (Skype Technologies S.A.)
Task: {E462AB11-8883-4D0F-9815-3BAA56CE7BC3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-06-21] (Google Inc.)
Task: {EC985F09-FF7B-4A5A-ACA2-D8FAAA4FF415} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3687801032-4281418241-1608738031-1000Core => C:\Users\laptop\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-20] (Facebook Inc.)
Task: {FB115147-9AC3-4734-8F35-96BC0A44D0C7} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-11] (Microsoft Corporation)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3687801032-4281418241-1608738031-1000Core.job => C:\Users\laptop\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3687801032-4281418241-1608738031-1000UA.job => C:\Users\laptop\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Faulty Device Manager Devices =============
Name: Microsoft-Adapter für Miniports virtueller WiFis
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (08/26/2013 06:09:49 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d6727a7
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18205, Zeitstempel: 0x51db96c5
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00046288
ID des fehlerhaften Prozesses: 0x%9
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Error: (08/26/2013 06:01:14 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d6727a7
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18205, Zeitstempel: 0x51db96c5
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00032023
ID des fehlerhaften Prozesses: 0x%9
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Error: (08/26/2013 05:58:31 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
Error: (08/26/2013 04:59:28 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d6727a7
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18205, Zeitstempel: 0x51db96c5
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00047790
ID des fehlerhaften Prozesses: 0x6c8
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Error: (08/25/2013 06:58:43 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 90080108
Error: (08/25/2013 05:26:22 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
Error: (08/25/2013 02:18:37 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "file1". Fehler in Manifest- oder Richtliniendatei "file2" in Zeile file3.
Der Wert "" des "name"-Attributs im file-Element ist ungültig.
Error: (08/25/2013 02:17:38 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (08/25/2013 00:01:10 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 23.0.1.4974, Zeitstempel: 0x520bc252
Name des fehlerhaften Moduls: xul.dll, Version: 23.0.1.4974, Zeitstempel: 0x520bc166
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0017af08
ID des fehlerhaften Prozesses: 0x1228
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Error: (08/24/2013 11:58:36 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 90080108
System errors:
=============
Error: (08/26/2013 09:09:56 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (08/26/2013 09:09:20 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (08/26/2013 09:08:43 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Microsoft Antimalware Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%5
Error: (08/26/2013 09:08:44 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 26.08.2013 um 21:08:07 unerwartet heruntergefahren.
Error: (08/26/2013 09:01:33 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (08/26/2013 08:55:20 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (08/26/2013 08:55:11 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Asus Launcher Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (08/26/2013 08:54:16 PM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows-Verwaltungsinstrumentation" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (08/26/2013 08:51:15 PM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Multimediaklassenplaner" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (08/26/2013 08:51:15 PM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows-Verwaltungsinstrumentation" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Microsoft Office Sessions:
=========================
Error: (08/26/2013 06:09:49 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d6727a7ntdll.dll6.1.7601.1820551db96c5c000000500046288
Error: (08/26/2013 06:01:14 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d6727a7ntdll.dll6.1.7601.1820551db96c5c000000500032023
Error: (08/26/2013 05:58:31 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005
Error: (08/26/2013 04:59:28 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d6727a7ntdll.dll6.1.7601.1820551db96c5c0000005000477906c801cea26c9bd843d1C:\windows\Explorer.EXEC:\windows\SYSTEM32\ntdll.dll1a82de89-0e60-11e3-b3e4-20cf30728a0e
Error: (08/25/2013 06:58:43 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 90080108
Error: (08/25/2013 05:26:22 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005
Error: (08/25/2013 02:18:37 PM) (Source: SideBySide)(User: )
Description: filenamec:\program files\irfanview\Plugins\Riot.dllc:\program files\irfanview\Plugins\Riot.dll8
Error: (08/25/2013 02:17:38 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
Error: (08/25/2013 00:01:10 AM) (Source: Application Error)(User: )
Description: firefox.exe23.0.1.4974520bc252xul.dll23.0.1.4974520bc166c00000050017af08122801cea0ff18ada49dC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dllaf084404-0d08-11e3-aee2-20cf30728a0e
Error: (08/24/2013 11:58:36 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 90080108
==================== Memory info ===========================
Percentage of memory in use: 41%
Total physical RAM: 2038.12 MB
Available physical RAM: 1182.63 MB
Total Pagefile: 4076.23 MB
Available Pagefile: 3255.96 MB
Total Virtual: 2047.88 MB
Available Virtual: 1922.66 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:100 GB) (Free:56.46 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:117.87 GB) (Free:52.93 GB) NTFS
Drive e: () (Removable) (Total:0.47 GB) (Free:0.46 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 29133921)
Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=15 GB) - (Type=1B)
Partition 3: (Not Active) - (Size=118 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=20 MB) - (Type=EF)
========================================================
Disk: 1 (Size: 480 MB) (Disk ID: 91F72D24)
Partition 1: (Active) - (Size=480 MB) - (Type=0B)
==================== End Of Log ============================
|
Hinweise zum Ablauf
+ R Taste und schreibe notepad in das Ausführen Fenster.
FRST 32-Bit | FRST 64-Bit
Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Malwarebytes Anti-Malware 