userinit.exe stoppt Virenscan

petersilie · 26.10.2014, 18:06

Hi,
beim scannen durch mein Virenprogamm (Bitdefender) stoppt der Quickscan immer an der selben Stelle. Die zu scannende Datei ist userinit.exe.
Ich bin den Anweisungen gefolgt. Hier die Logs:

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:21 on 26/10/2014 (*****)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-10-2014
Ran by ***** (administrator) on SCHATTENFELL on 26-10-2014 17:26:48
Running from C:\Users\*****\Downloads
Loaded Profile: ***** (Available profiles: *****)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwtxapps.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\odscanui.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxcr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\livecomm.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1597376 2014-10-07] (Bitdefender)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2876816 2013-03-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [59925488 2014-09-16] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-09-16] (Lenovo(beijing) Limited)
HKU\S-1-5-21-3244183677-1939876774-2963879272-1001\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [815088 2014-10-07] (Bitdefender)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xAB6EC0DE66AACF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
Toolbar: HKLM - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll (Bitdefender)
Tcpip\Parameters: [DhcpNameServer] 80.69.100.214 80.69.100.110

FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> D:\Programme\VLC\npvlc.dll (VideoLAN)
FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2014-07-28]
FF HKCU\...\Firefox\Extensions: [{CE7F9FB7-CB37-E178-D9A8-28F502937EEA}] - C:\Program Files (x86)\ver6Re-Markable\175.xpi

Chrome: 
=======
CHR HomePage: Default -> 
CHR Profile: C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-28]
CHR Extension: (Google Drive) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-28]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-28]
CHR Extension: (Pop Block Pro - The Ultimate Popup Blocker) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhjmjkdknjeokcmgjmdpkccpmahfmiib [2014-07-28]
CHR Extension: (YouTube) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-28]
CHR Extension: (Adblock Plus) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-07-28]
CHR Extension: (Google Search) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-28]
CHR Extension: (Bitdefender Wallet) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\fabcmochhfpldjekobfaaggijgohadih [2014-07-28]
CHR Extension: (AdBlock Plus) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\niimplkdaapagimjmmcdmbjlcdddfcgj [2014-07-28]
CHR Extension: (Google Wallet) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-28]
CHR Extension: (Alert Control) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjjanaennfbgpccfpbghnmblpdblbef [2014-07-28]
CHR Extension: (Gmail) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ETDService; C:\Program Files\Elantech\ETDService.exe [92160 2013-02-25] (ELAN Microelectronics Corp.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-10-07] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1518560 2014-10-07] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1260120 2014-09-16] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [261496 2013-07-17] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [647752 2014-09-16] (BitDefender)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107008 2013-07-29] (BitDefender LLC)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)
R3 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [465624 2014-01-03] (Realsil Semiconductor Corporation)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [419616 2014-09-30] (BitDefender S.R.L.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-26 17:26 - 2014-10-26 17:27 - 00010633 _____ () C:\Users\*****\Downloads\FRST.txt
2014-10-26 17:26 - 2014-10-26 17:26 - 00000000 ____D () C:\FRST
2014-10-26 17:24 - 2014-10-26 17:25 - 02113024 _____ (Farbar) C:\Users\*****\Downloads\FRST64.exe
2014-10-26 17:21 - 2014-10-26 17:21 - 00050477 _____ () C:\Users\*****\Downloads\Defogger (1).exe
2014-10-26 17:21 - 2014-10-26 17:21 - 00000476 _____ () C:\Users\*****\Downloads\defogger_disable.log
2014-10-26 17:21 - 2014-10-26 17:21 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-10-26 17:20 - 2014-10-26 17:20 - 00050477 _____ () C:\Users\*****\Downloads\Defogger.exe
2014-10-26 14:55 - 2014-10-26 14:55 - 00000005 _____ () C:\Users\*****\Downloads\Info_Manager Prof. L. Timmermann.txt
2014-10-26 12:20 - 2014-10-26 12:20 - 05063423 _____ () C:\Users\*****\Downloads\Sonographie_der_Mehrlingsschwangerschaft_2011.pptx
2014-10-24 09:29 - 2014-10-24 09:29 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-10-21 16:48 - 2014-10-21 16:48 - 04620800 _____ () C:\Users\*****\Downloads\rm2191409 (1).ppt
2014-10-21 16:42 - 2014-10-21 16:42 - 04620800 _____ () C:\Users\*****\Downloads\rm2191409.ppt
2014-10-16 16:16 - 2014-09-27 23:25 - 04183040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 16:16 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 16:16 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 16:16 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 16:16 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 16:16 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 16:16 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 16:16 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 16:16 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 16:16 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 16:16 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 16:16 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 16:16 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 16:16 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 16:16 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 16:16 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-16 16:16 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 16:16 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-16 16:16 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 16:16 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 16:16 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 16:16 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 16:16 - 2014-09-19 01:42 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 16:16 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 16:16 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 16:16 - 2014-09-19 01:20 - 00315904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 16:16 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 16:16 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 16:16 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 16:16 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 16:16 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-16 16:15 - 2014-09-13 07:29 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 16:15 - 2014-09-13 06:49 - 00068608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-16 16:15 - 2014-09-04 01:10 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll
2014-10-16 16:15 - 2014-09-04 00:57 - 00921600 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-10-16 16:15 - 2014-09-04 00:49 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-10-16 16:14 - 2014-10-09 23:16 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-16 16:14 - 2014-10-08 23:09 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-16 16:14 - 2014-09-19 02:24 - 00527360 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-16 16:14 - 2014-09-13 07:02 - 02779648 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 16:14 - 2014-09-13 06:30 - 03117568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-16 16:14 - 2014-09-08 04:15 - 00054752 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-10-16 16:14 - 2014-09-08 02:46 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-10-16 16:14 - 2014-09-08 02:46 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-10-16 16:14 - 2014-09-08 01:08 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-10-16 16:14 - 2014-09-08 01:07 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-10-16 16:14 - 2014-09-08 01:05 - 03448320 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-10-16 16:14 - 2014-09-08 01:04 - 00388608 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-10-16 16:14 - 2014-09-08 01:04 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-10-16 16:14 - 2014-09-08 01:03 - 01702400 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-10-16 16:14 - 2014-09-08 01:03 - 00839680 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-10-16 16:14 - 2014-09-08 00:59 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-10-16 16:14 - 2014-09-08 00:59 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-10-16 16:14 - 2014-09-08 00:56 - 00672256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-10-16 16:14 - 2014-09-08 00:56 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-10-16 16:14 - 2014-09-04 01:12 - 00590336 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 16:14 - 2014-09-04 01:01 - 00514048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-11 15:29 - 2014-10-11 15:29 - 16536064 _____ () C:\Users\*****\Downloads\rm2190298.ppt
2014-10-08 15:34 - 2014-10-24 09:32 - 00002318 _____ () C:\Windows\setupact.log
2014-10-08 15:34 - 2014-10-08 15:34 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-01 11:08 - 2014-10-01 11:08 - 00048404 _____ () C:\Users\*****\Downloads\Stundenplan.xlsx
2014-09-30 13:37 - 2014-09-30 13:37 - 00079192 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-26 17:21 - 2014-07-28 14:17 - 00000000 ____D () C:\Users\*****
2014-10-26 17:16 - 2014-07-28 15:01 - 00001144 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-26 17:08 - 2014-07-28 14:21 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{88AEB5DF-1273-43CD-A505-A7A5A437D860}
2014-10-26 17:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2014-10-26 11:15 - 2014-07-28 14:08 - 02039931 _____ () C:\Windows\WindowsUpdate.log
2014-10-26 10:55 - 2014-07-28 15:01 - 00001140 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-26 10:55 - 2014-07-28 14:20 - 00000000 __RDO () C:\Users\*****\OneDrive
2014-10-24 17:20 - 2014-03-18 11:04 - 01686150 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-24 17:20 - 2014-03-18 10:25 - 00727930 _____ () C:\Windows\system32\perfh007.dat
2014-10-24 17:20 - 2014-03-18 10:25 - 00151586 _____ () C:\Windows\system32\perfc007.dat
2014-10-22 18:11 - 2014-07-28 15:01 - 00004116 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-22 18:11 - 2014-07-28 15:01 - 00003880 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-22 18:02 - 2014-07-28 14:23 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3244183677-1939876774-2963879272-1001
2014-10-21 15:26 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-10-19 17:27 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2014-10-18 18:55 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-18 18:55 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-10-18 18:54 - 2013-08-22 15:44 - 00338016 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 21:29 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\MediaViewer
2014-10-16 21:29 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\FileManager
2014-10-16 21:29 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\Camera
2014-10-16 21:29 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-10-16 17:04 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-10-16 17:03 - 2014-08-01 10:33 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 17:00 - 2014-08-03 17:21 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-16 17:00 - 2014-08-01 10:33 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-12 10:44 - 2014-09-16 12:38 - 00000000 ____D () C:\ProgramData\Energy Manager
2014-10-06 21:36 - 2014-09-16 12:47 - 00003602 _____ () C:\Windows\PFRO.log
2014-09-30 13:37 - 2014-07-28 15:13 - 00419616 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2014-09-30 13:37 - 2014-07-28 15:13 - 00074512 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll
2014-09-29 23:45 - 2014-08-01 00:41 - 00706016 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-29 23:45 - 2014-08-01 00:41 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-15 16:05

==================== End Of Log ============================

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-10-2014
Ran by ***** at 2014-10-26 17:27:41
Running from C:\Users\*****\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Spyware-Schutz (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Bitdefender Antivirus Plus 2015 (HKLM\...\Bitdefender) (Version: 18.11.0.872 - Bitdefender)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.1.49 - Lenovo)
Energy Manager (x32 Version: 1.0.1.49 - Lenovo) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.14.1 - ELAN Microelectronic Corp.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.37 - Realtek Semiconductor Corp.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3244183677-1939876774-2963879272-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points  =========================

07-10-2014 18:55:42 Windows Update
15-10-2014 16:24:18 Geplanter Prüfpunkt
24-10-2014 19:05:09 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0BC32B2D-93F4-45F4-B338-9BC59A6EB744} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {159E8634-1D7D-49C9-8F75-02FE3A0A5B30} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-10-16] (Microsoft Corporation)
Task: {1F2D7BAE-62D4-4467-A97F-CD9E86C0B564} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {52E53810-4A5F-43A4-AC44-59E7780F8DA2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {572CDF59-567A-4646-A7FA-18B119453869} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8E527372-76C8-4AA6-9B74-BEFEB6608D5C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-28] (Google Inc.)
Task: {987D0956-7C71-4047-8013-1A9E3A067B35} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A9B946C6-71F6-4504-A414-449D3B0347DF} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DCE3D606-9E17-4E65-B72D-0EF3F4603DE5} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {ECDA73F3-8CE0-4C26-BBD9-805CE4E67017} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-28] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-09-30 13:37 - 2014-10-07 19:34 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll
2014-07-28 15:17 - 2014-06-30 12:26 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui
2014-07-28 15:23 - 2014-07-28 15:23 - 00780592 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00047_002\ashttpbr.mdl
2014-07-28 15:23 - 2014-07-28 15:23 - 00568400 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00047_002\ashttpdsp.mdl
2014-07-28 15:23 - 2014-07-28 15:23 - 02602680 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00047_002\ashttpph.mdl
2014-07-28 15:23 - 2014-07-28 15:23 - 01323408 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00047_002\ashttprbl.mdl
2014-07-28 15:17 - 2013-09-03 13:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll
2014-10-16 21:16 - 2014-10-10 03:03 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libglesv2.dll
2014-10-16 21:16 - 2014-10-10 03:03 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libegl.dll
2014-10-16 21:16 - 2014-10-10 03:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\pdf.dll
2014-10-16 21:16 - 2014-10-10 03:03 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\*****\OneDrive:ms-properties
AlternateDataStreams: C:\Users\*****\Downloads\Defogger (1).exe:BDU
AlternateDataStreams: C:\Users\*****\Downloads\Defogger.exe:BDU
AlternateDataStreams: C:\Users\*****\Downloads\FRST64.exe:BDU

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3244183677-1939876774-2963879272-500 - Administrator - Disabled)
Gast (S-1-5-21-3244183677-1939876774-2963879272-501 - Limited - Disabled)
***** (S-1-5-21-3244183677-1939876774-2963879272-1001 - Administrator - Enabled) => C:\Users\*****

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/25/2014 08:06:23 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll8

Error: (10/25/2014 01:29:37 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT)
Description: There was an error with the Windows Location Provider database

Error: (10/24/2014 08:05:01 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll8

Error: (10/24/2014 08:05:01 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (10/24/2014 09:37:12 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (10/20/2014 05:40:53 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (10/15/2014 03:19:00 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (10/12/2014 00:46:32 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll8

Error: (10/12/2014 00:46:31 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (10/12/2014 11:17:20 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005


System errors:
=============
Error: (10/25/2014 10:24:41 PM) (Source: DCOM) (EventID: 10010) (User: SCHATTENFELL)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (10/25/2014 10:24:41 PM) (Source: DCOM) (EventID: 10010) (User: SCHATTENFELL)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (10/20/2014 08:55:07 PM) (Source: DCOM) (EventID: 10010) (User: SCHATTENFELL)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (10/20/2014 08:55:07 PM) (Source: DCOM) (EventID: 10010) (User: SCHATTENFELL)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (10/20/2014 08:55:07 PM) (Source: DCOM) (EventID: 10010) (User: SCHATTENFELL)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (10/20/2014 08:55:07 PM) (Source: DCOM) (EventID: 10010) (User: SCHATTENFELL)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (10/20/2014 06:01:19 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 70. Der Windows-SChannel-Fehlerstatus lautet: 105.

Error: (10/19/2014 10:42:26 AM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 20.

Error: (10/18/2014 06:55:12 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Bitdefender Virus Shield" wurde nicht richtig gestartet.

Error: (10/15/2014 08:07:56 PM) (Source: DCOM) (EventID: 10010) (User: SCHATTENFELL)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}


Microsoft Office Sessions:
=========================
Error: (10/25/2014 08:06:23 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll8

Error: (10/25/2014 01:29:37 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT)
Description: -2147024883

Error: (10/24/2014 08:05:01 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll8

Error: (10/24/2014 08:05:01 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (10/24/2014 09:37:12 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (10/20/2014 05:40:53 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (10/15/2014 03:19:00 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (10/12/2014 00:46:32 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll8

Error: (10/12/2014 00:46:31 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (10/12/2014 11:17:20 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU 2020M @ 2.40GHz
Percentage of memory in use: 39%
Total physical RAM: 3993.77 MB
Available physical RAM: 2399.25 MB
Total Pagefile: 4777.77 MB
Available Pagefile: 2618.76 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:160.62 GB) (Free:137.53 GB) NTFS
Drive d: (Volume) (Fixed) (Total:304.63 GB) (Free:304.37 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: D9FA2484)

Partition: GPT Partition Type.

==================== End Of Log ============================

Ich habe den Gmerscan im abgesicherten Modus durchgeführt. Beim scannen sind zwei Zugriffsfehler aufgetreten.

Code:

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-10-26 17:45:08
Windows 6.3.9600  x64 \Device\Harddisk0\DR0 -> \Device\0000002a HGST_HTS545050A7E380 rev.GG2ZBD90 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\*****\AppData\Local\Temp\fgdyaaod.sys


---- Kernel code sections - GMER 2.1 ----

.text   C:\Windows\system32\ntoskrnl.exe!NtCallbackReturn + 960                             fffff8000bfc9a00 12 bytes [C0, 11, AB, FF, C2, F7, 4F, ...]
.text   C:\Windows\system32\ntoskrnl.exe!NtCallbackReturn + 973                             fffff8000bfc9a0d 31 bytes [DA, 85, 02, 00, C4, FF, FF, ...]

---- User code sections - GMER 2.1 ----

.text   C:\Windows\Explorer.EXE[1012] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 714    00007ffc9b1c154a 4 bytes [1C, 9B, FC, 7F]
.text   C:\Windows\Explorer.EXE[1012] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 722    00007ffc9b1c1552 4 bytes [1C, 9B, FC, 7F]
.text   C:\Windows\Explorer.EXE[1012] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 98   00007ffc9b1c162a 4 bytes [1C, 9B, FC, 7F]
.text   C:\Windows\Explorer.EXE[1012] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 122  00007ffc9b1c1642 4 bytes [1C, 9B, FC, 7F]

---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\csrss.exe [448:480]                                             fffff9600084cb90

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                               unknown MBR code

---- EOF - GMER 2.1 ----

Ich bedanke mich schon einmal in Vorhinein für die Hilfe

userinit.exe stoppt Virenscan

Log-Analyse und Auswertung: userinit.exe stoppt Virenscan

userinit.exe stoppt Virenscan

Ähnliche Themen: userinit.exe stoppt Virenscan