FRST logs nach Google-Blockierung einer Website
Hallo zusammen,
heute wurde beim Aufruf einer Spielseite (kongregate) eine Blockierung von
Google wegen Malware ausgelöst :headbang:. Da ich bei sowas vorsichtig bin, würde es mich beruhigen falls
jemand über meine logs sehen könnte.
Danach ist mir aufgefallen, daß im Task-Manager eine Datei
C:\Windows\System32\wbem\unsecapp.exe aktiv ist (hxxp://www.file.net/prozess/unsecapp.exe.html). Vielleicht liegt das daran daß ich OneNote gestern aus dem Autostart gelöscht habe.
Laut Virustotal ist die allerdings sauber: https://www.virustotal.com/de/file/861e3dd5fbd6ccccd0e3ea6187d13f3e4bc42faa171043238b46717fd24165a6/analysis/1402230254/
MBAM Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 08.06.2014
Suchlauf-Zeit: 14:20:26
Logdatei: mbam-08-06-14.txt
Administrator: Ja
Version: 2.00.2.1012
Malware Datenbank: v2014.06.08.01
Rootkit Datenbank: v2014.06.02.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: User
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 272400
Verstrichene Zeit: 5 Min, 33 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristics: Aktiviert
PUP: Warnen
PUM: Aktiviert
Prozesse: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registrierungsschlüssel: 0
(No malicious items detected)
Registrierungswerte: 0
(No malicious items detected)
Registrierungsdaten: 0
(No malicious items detected)
Ordner: 0
(No malicious items detected)
Dateien: 0
(No malicious items detected)
Physische Sektoren: 0
(No malicious items detected)
(end)
Avast Überprüfung Code:
*
* avast! Protokolldatei
* Diese Protokolldatei wurde automatisch erstellt
*
* Prüfungsname: Vollständige Überprüfung
* Start: Sonntag, 8. Juni 2014 14:29:54
* VPS: 140608-0, 08.06.2014
*
C:\$Extend\$RmMetadata\$TxfLog\$Tops [E] Zugriff verweigert (5)
C:\hiberfil.sys [E] Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird (32)
C:\pagefile.sys [E] Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird (32)
D:\$Extend\$RmMetadata\$TxfLog\$Tops [E] Zugriff verweigert (5)
E:\$Extend\$RmMetadata\$TxfLog\$Tops [E] Zugriff verweigert (5)
\\?\Volume{4c26038b-1a7e-11e3-bfff-806e6f6e6963}\$Extend\$RmMetadata\$TxfLog\$Tops [E] Zugriff verweigert (5)
Infizierte Dateien: 0
Dateien gesamt: 283704
Ordner gesamt: 21843
Gesamtgröße: 169,0 GB
*
* Prüfung beendet: Sonntag, 8. Juni 2014 14:55:26
* Laufzeit war 25 Minute(n), 25 Sekunde(n)
*
FRST Scan
Hinweis: Benutzername mit *** unkenntlich gemacht Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:06-06-2014
Ran by User (administrator) on ***-PC on 08-06-2014 14:56:32
Running from C:\Users\***\Desktop
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Ricoh co.,Ltd.) C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Dolby Laboratories Inc.) C:\Program Files\Dolby Advanced Audio v2\pcee4.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Lenovo) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11942984 2013-04-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [969800 2013-04-24] (Realtek Semiconductor)
HKLM\...\Run: [PWMTRV] => C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL [5020456 2013-06-14] (Lenovo Group Limited)
HKLM\...\Run: [RotateImage] => C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe [31744 2008-10-30] (Ricoh co.,Ltd.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2248080 2013-03-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [USB3MON] => C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-06] (AVAST Software)
HKLM\...\Run: [Dolby Advanced Audio v2] => C:\Program Files\Dolby Advanced Audio v2\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
==================== Internet (Whitelisted) ====================
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\z3532oz5.default
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: NoScript - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\z3532oz5.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-02-08]
FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\z3532oz5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-08]
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-09-11]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-09-11]
Chrome:
=======
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-09]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-09]
CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-09]
CHR Extension: (Google-Suche) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-09]
CHR Extension: (avast! Online Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-04-09]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-09]
CHR Extension: (Google Mail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-09]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-17]
========================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-17] (AVAST Software)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [276288 2013-02-19] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [583680 2012-12-10] (Intel(R) Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [627744 2012-12-10] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-13] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [242928 2013-02-08] ()
S3 PwmEWSvc; C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE [1664808 2013-06-14] (Lenovo Group Limited)
S3 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [24120 2014-02-21] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2531056 2013-02-08] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-04-17] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-04-17] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-04-17] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-04-17] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [777488 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411680 2014-05-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [68312 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180632 2014-04-17] ()
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [174552 2013-03-27] (Broadcom Corporation.)
S3 btwampfl; C:\Windows\system32\drivers\btwampfl.sys [508184 2012-12-04] (Broadcom Corporation.)
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [312208 2013-03-12] (ELAN Microelectronics Corp.)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [13592 2012-02-27] (Intel Corporation)
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [348440 2012-02-27] (Intel Corporation)
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [792856 2012-02-27] (Intel Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [56432 2013-05-13] (Intel Corporation)
R3 NETwNs32; C:\Windows\System32\DRIVERS\Netwsn00.sys [10372096 2013-02-05] (Intel Corporation)
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [195176 2012-01-30] (Realtek Semiconductor Corp.)
S3 intaud_WaveExtensible; system32\drivers\intelaud.sys [X]
S3 iwdbus; system32\DRIVERS\iwdbus.sys [X]
S3 usb3Hub; system32\DRIVERS\usb3Hub.sys [X]
S3 XHCIPort; system32\DRIVERS\XHCIPort.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-08 14:56 - 2014-06-08 14:56 - 00010723 _____ () C:\Users\***\Desktop\FRST.txt
2014-06-08 14:26 - 2014-06-08 14:26 - 00001161 _____ () C:\Users\***\Desktop\mbam-08-06-14.txt
2014-06-08 14:00 - 2014-06-08 14:00 - 01063424 _____ (Farbar) C:\Users\***\Desktop\FRST.exe
2014-06-08 13:59 - 2014-06-08 14:14 - 104868120 _____ (Microsoft Corporation) C:\Users\***\Desktop\msert.exe
2014-06-08 13:55 - 2014-06-08 13:55 - 00007084 _____ () C:\Users\***\Downloads\Konstrukteur (m_w) - Oberndorf - HECKLER & KOCH GmbH - Ingenieur Jobs bei StepStone.htm
2014-06-08 13:54 - 2014-06-08 13:54 - 00010000 _____ () C:\Users\***\Downloads\Projektleiter (m_w) - Südlich von Stuttgart - Beratech GmbH - Ingenieur Jobs bei StepStone.htm
2014-06-06 15:17 - 2014-06-06 15:17 - 00000000 ____D () C:\Users\***\Documents\OneNote-Notizbücher
2014-06-05 15:58 - 2014-06-05 15:58 - 00007156 _____ () C:\Users\***\Downloads\Simulationsingenieur (m_w) - Stuttgart-Feuerbach - Robert Bosch GmbH, Stuttgart-Feuerbach - Ingenieur Jobs bei StepStone.htm
2014-06-05 15:56 - 2014-06-08 13:57 - 00000000 ____D () C:\Users\***\Downloads\06-05
2014-06-03 11:32 - 2014-06-03 14:53 - 00000000 ____D () C:\Users\***\Downloads\06-03
2014-06-02 11:38 - 2014-06-03 14:47 - 00000000 ____D () C:\Users\***\Downloads\06-02
2014-05-31 18:14 - 2014-06-03 17:27 - 00000000 ____D () C:\Users\***\Downloads\05-31
2014-05-31 18:10 - 2014-05-31 18:10 - 00043193 _____ () C:\Users\***\Downloads\Verfahrens-Ingenieur (m_w) (Ingenieur_in - Verfahr enstechnik) in Augsburg.htm
2014-05-31 17:52 - 2014-05-31 17:52 - 00042051 _____ () C:\Users\***\Downloads\Ingenieur (m_w) Qualitätsmanagement (Qualitätsinge nieur_in) in Ulm.htm
2014-05-31 17:51 - 2014-05-31 17:51 - 00043401 _____ () C:\Users\***\Downloads\Ingenieur Versorgungstechnik (w_m) (Ingenieur_in - technische Gebäudeausrüstung) in Ulm.htm
2014-05-30 00:47 - 2014-06-04 09:55 - 00000000 ____D () C:\Windows\Minidump
2014-05-25 18:58 - 2014-05-27 00:47 - 00000000 ____D () C:\Users\***\Downloads\05-25
2014-05-22 23:27 - 2014-05-31 17:30 - 00000000 ____D () C:\Users\***\Downloads\05-23
2014-05-20 22:34 - 2014-05-20 22:35 - 00000013 _____ () C:\Users\***\Desktop\List.txt
2014-05-14 20:23 - 2014-05-26 00:41 - 00000000 ____D () C:\Users\***\Downloads\05-14
2014-05-13 19:09 - 2014-05-13 19:09 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-13 19:08 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-13 19:08 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-13 19:08 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-13 19:07 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-13 19:07 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-13 19:07 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-13 19:07 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-13 19:07 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-13 19:07 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-13 19:07 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-13 19:07 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-13 19:07 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-13 19:07 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-13 19:07 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-13 19:07 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-13 19:07 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-13 19:07 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-13 19:07 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-13 19:07 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-13 19:07 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-13 19:07 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-13 19:07 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-13 19:07 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-13 19:07 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-13 19:07 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-13 19:07 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-13 19:07 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-13 19:07 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-13 19:06 - 2014-05-09 09:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-13 19:06 - 2014-05-09 09:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-10 19:50 - 2014-05-10 19:50 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-10 14:28 - 2014-05-22 19:07 - 00000000 ____D () C:\Users\***\AppData\Roaming\elsterformular
2014-05-10 14:27 - 2014-05-22 19:07 - 00000000 ____D () C:\ProgramData\elsterformular
==================== One Month Modified Files and Folders =======
2014-06-08 14:56 - 2014-06-08 14:56 - 00010723 _____ () C:\Users\***\Desktop\FRST.txt
2014-06-08 14:56 - 2014-03-30 16:38 - 00000000 ____D () C:\FRST
2014-06-08 14:56 - 2013-09-10 03:13 - 00000000 ____D () C:\Users\User\AppData\Local\Temp
2014-06-08 14:41 - 2013-09-10 20:42 - 00000000 ____D () C:\Users\***\AppData\Local\Temp
2014-06-08 14:27 - 2014-04-09 14:07 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-08 14:26 - 2014-06-08 14:26 - 00001161 _____ () C:\Users\***\Desktop\mbam-08-06-14.txt
2014-06-08 14:25 - 2014-04-09 14:07 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-08 14:25 - 2009-07-14 06:34 - 00015120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-08 14:25 - 2009-07-14 06:34 - 00015120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-08 14:21 - 2013-09-10 03:13 - 01131658 _____ () C:\Windows\WindowsUpdate.log
2014-06-08 14:20 - 2014-03-27 20:40 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-08 14:19 - 2013-09-13 12:30 - 00000000 ____D () C:\Users\***\AppData\Roaming\QuickScan
2014-06-08 14:17 - 2013-12-17 15:08 - 00032190 _____ () C:\Windows\setupact.log
2014-06-08 14:17 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-08 14:14 - 2014-06-08 13:59 - 104868120 _____ (Microsoft Corporation) C:\Users\***\Desktop\msert.exe
2014-06-08 14:00 - 2014-06-08 14:00 - 01063424 _____ (Farbar) C:\Users\***\Desktop\FRST.exe
2014-06-08 13:57 - 2014-06-05 15:56 - 00000000 ____D () C:\Users\***\Downloads\06-05
2014-06-08 13:55 - 2014-06-08 13:55 - 00007084 _____ () C:\Users\***\Downloads\Konstrukteur (m_w) - Oberndorf - HECKLER & KOCH GmbH - Ingenieur Jobs bei StepStone.htm
2014-06-08 13:54 - 2014-06-08 13:54 - 00010000 _____ () C:\Users\***\Downloads\Projektleiter (m_w) - Südlich von Stuttgart - Beratech GmbH - Ingenieur Jobs bei StepStone.htm
2014-06-08 13:54 - 2013-09-10 03:15 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-06 15:17 - 2014-06-06 15:17 - 00000000 ____D () C:\Users\***\Documents\OneNote-Notizbücher
2014-06-05 23:31 - 2013-09-13 13:04 - 00000000 ____D () C:\Users\***\Documents\PersBackup
2014-06-05 23:09 - 2013-09-13 13:04 - 00000000 ____D () C:\Users\***\AppData\Roaming\PersBackup5
2014-06-05 15:58 - 2014-06-05 15:58 - 00007156 _____ () C:\Users\***\Downloads\Simulationsingenieur (m_w) - Stuttgart-Feuerbach - Robert Bosch GmbH, Stuttgart-Feuerbach - Ingenieur Jobs bei StepStone.htm
2014-06-05 02:36 - 2013-09-19 13:42 - 00000600 _____ () C:\Users\***\AppData\Local\PUTTY.RND
2014-06-05 02:36 - 2013-09-19 13:40 - 00002292 ____H () C:\Users\***\Documents\Default.rdp
2014-06-04 10:04 - 2013-09-13 13:08 - 00026696 _____ () C:\Users\***\Desktop\Blutdruck.xlsx
2014-06-04 09:55 - 2014-05-30 00:47 - 00000000 ____D () C:\Windows\Minidump
2014-06-03 17:27 - 2014-05-31 18:14 - 00000000 ____D () C:\Users\***\Downloads\05-31
2014-06-03 17:26 - 2014-04-10 13:44 - 00000000 ____D () C:\Users\***\Downloads\04-13
2014-06-03 14:53 - 2014-06-03 11:32 - 00000000 ____D () C:\Users\***\Downloads\06-03
2014-06-03 14:50 - 2013-10-17 15:02 - 00000000 ____D () C:\Users\***\Desktop\Job
2014-06-03 14:47 - 2014-06-02 11:38 - 00000000 ____D () C:\Users\***\Downloads\06-02
2014-06-02 21:59 - 2013-11-18 11:55 - 00000000 ____D () C:\Users\***\Desktop\chest
2014-06-02 10:28 - 2014-03-27 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-02 10:28 - 2014-03-27 20:40 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-31 18:10 - 2014-05-31 18:10 - 00043193 _____ () C:\Users\***\Downloads\Verfahrens-Ingenieur (m_w) (Ingenieur_in - Verfahr enstechnik) in Augsburg.htm
2014-05-31 17:52 - 2014-05-31 17:52 - 00042051 _____ () C:\Users\***\Downloads\Ingenieur (m_w) Qualitätsmanagement (Qualitätsinge nieur_in) in Ulm.htm
2014-05-31 17:51 - 2014-05-31 17:51 - 00043401 _____ () C:\Users\***\Downloads\Ingenieur Versorgungstechnik (w_m) (Ingenieur_in - technische Gebäudeausrüstung) in Ulm.htm
2014-05-31 17:30 - 2014-05-22 23:27 - 00000000 ____D () C:\Users\***\Downloads\05-23
2014-05-30 01:37 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-05-27 11:29 - 2014-03-24 17:18 - 00000000 ____D () C:\Users\***\Desktop\VÖ
2014-05-27 00:47 - 2014-05-25 18:58 - 00000000 ____D () C:\Users\***\Downloads\05-25
2014-05-26 13:33 - 2013-09-13 12:47 - 00000974 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-26 13:33 - 2013-09-13 12:47 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-26 00:41 - 2014-05-14 20:23 - 00000000 ____D () C:\Users\***\Downloads\05-14
2014-05-25 21:46 - 2013-09-13 13:15 - 00000000 ____D () C:\Users\***\Documents\Eigene Scans
2014-05-25 21:41 - 2013-09-11 13:37 - 00000000 ____D () C:\Users\***\AppData\Local\Lenovo
2014-05-22 22:59 - 2014-04-25 18:33 - 00000284 _____ () C:\Users\***\Downloads\st.txt
2014-05-22 19:07 - 2014-05-10 14:28 - 00000000 ____D () C:\Users\***\AppData\Roaming\elsterformular
2014-05-22 19:07 - 2014-05-10 14:27 - 00000000 ____D () C:\ProgramData\elsterformular
2014-05-21 14:28 - 2014-04-09 14:07 - 00002202 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-20 22:35 - 2014-05-20 22:34 - 00000013 _____ () C:\Users\***\Desktop\List.txt
2014-05-16 13:52 - 2013-09-13 12:46 - 00001884 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SumatraPDF.lnk
2014-05-15 18:37 - 2013-09-13 13:16 - 00000000 ____D () C:\Users\***\Documents\Witzig
2014-05-15 13:48 - 2013-12-17 16:50 - 00068312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-15 13:48 - 2013-09-11 13:35 - 00411680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-15 13:48 - 2013-09-11 13:34 - 00777488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-14 19:28 - 2014-05-05 11:46 - 00000000 ____D () C:\Users\***\Downloads\05-05
2014-05-14 12:17 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-05-13 23:51 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-13 19:11 - 2014-04-25 17:32 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-13 19:11 - 2013-09-11 14:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-13 19:11 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-05-13 19:10 - 2013-09-11 14:17 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-13 19:09 - 2014-05-13 19:09 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-13 19:09 - 2013-09-12 11:05 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-12 07:26 - 2014-03-27 20:40 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-03-27 20:40 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:25 - 2013-09-13 12:59 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 10:41 - 2014-02-07 15:44 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-10 19:50 - 2014-05-10 19:50 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-10 01:17 - 2009-07-14 10:56 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-05-09 09:06 - 2014-05-13 19:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 09:04 - 2014-05-13 19:06 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-06-08 00:22
==================== End Of Log ============================
FRST Addition Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version:06-06-2014
Ran by User at 2014-06-08 14:56:51
Running from C:\Users\***\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2018 - Avast Software)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Dolby Advanced Audio v2 (HKLM\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Energie-Manager (HKLM\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.61.1 - Lenovo Group Limited)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Integrated Camera Driver Installer Package Ver.1.2.1.16 (HKLM\...\{A78800AF-1779-4AE8-8EBE-16E1BE727C71}) (Version: 1.2.1.16 - RICOH)
Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2843 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software Driver (Version: 15.06.1000.0167 - Intel Corporation) Hidden
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM\...\{4f754127-35a3-463c-9b09-dbb8370af1de}) (Version: 15.6.1 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 15.06.1000.0142 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.27.757.1 - Intel Corporation) Hidden
Lenovo Patch Utility (Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo System Update (HKLM\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.05.0009 - Lenovo)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Personal Backup 5.5 (HKLM\...\Personal Backup 5_is1) (Version: 5.3 - J. Rathlev)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.50.1123.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6895 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.29011 - Realtek Semiconductor Corp.)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 2.5.2 - Krzysztof Kowalczyk)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4500 - Broadcom Corporation)
ThinkPad UltraNav Driver (HKLM\...\Elantech) (Version: 11.4.15.2 - ELAN Microelectronic Corp.)
ThinkPad Wireless LAN Adapter Software (HKLM\...\{9D3D2C60-A55F-4fed-B2B9-17311226DF01}) (Version: 1.00.0031.1 - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
==================== Restore Points =========================
09-05-2014 13:55:25 Geplanter Prüfpunkt
13-05-2014 17:07:52 Windows Update
22-05-2014 18:24:23 Geplanter Prüfpunkt
31-05-2014 22:53:59 Geplanter Prüfpunkt
05-06-2014 21:19:14 Windows-Sicherung
05-06-2014 21:34:13 Windows-Sicherung
==================== Hosts content: ==========================
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {19A4DCF1-958C-4410-98DA-BAF0D34DD6C3} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files\Common Files\lenovo\SUP\sup_wermonitor.exe [2014-01-21] (Microsoft)
Task: {372D3730-F0B2-4095-B66D-AFCB7189C5AD} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {377EB0FE-A790-47CB-A8F6-83320C2A48CC} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files\Lenovo\System Update\tvsuShim.exe [2014-02-21] ()
Task: {4064599E-26A4-4512-AAB4-8D5FD8A97E6B} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {48C7C16C-F461-43E0-BCF4-380C0498462E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-09] (Google Inc.)
Task: {84ABA338-F422-45BC-8134-243F6FF4CD56} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {99BCBA94-6C4F-49F1-8A0D-C2924AB1F143} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2333159856-3964816940-4251757566-1001
Task: {9A1E2555-AB99-464F-9544-5057862967F3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-09] (Google Inc.)
Task: {B1006E03-EBC2-4A3F-9128-8846499FABCA} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-17] (AVAST Software)
Task: {B43667CE-0368-4880-90B9-79420C82B6D6} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2333159856-3964816940-4251757566-1000
Task: {B9EAB1E5-BF41-41D2-8B87-1A1C840AC230} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-06-08 13:49 - 2014-06-08 13:49 - 02775040 _____ () C:\Program Files\AVAST Software\Avast\defs\14060800\algo.dll
2013-09-11 13:15 - 2013-06-14 06:01 - 00108032 ____N () C:\Program Files\ThinkPad\Utilities\GR\PWMRT32V.DLL
2013-09-11 12:54 - 2012-03-19 15:09 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2013-10-21 15:44 - 2013-10-21 15:44 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-09-11 13:07 - 2013-05-13 15:15 - 01199576 _____ () C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-05-10 19:50 - 2014-05-10 19:50 - 03839088 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
Name: Integrated Camera
Description: Integrated Camera
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Ricoh
Service: 5U877
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: ThinkPad Bluetooth 4.0
Description: ThinkPad Bluetooth 4.0
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/08/2014 02:18:20 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (06/08/2014 02:18:20 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.
Kontext: Windows Anwendung
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (06/08/2014 02:18:20 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (06/08/2014 02:18:20 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490)
Error: (06/08/2014 02:18:20 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (06/08/2014 02:18:20 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800) (0xc0041800)
Error: (06/08/2014 02:18:20 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (06/08/2014 02:18:20 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (06/08/2014 02:18:20 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: Der Jet-Eigenschaftenspeicher kann von Windows Search nicht geöffnet werden.
Details:
0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800))
Error: (06/08/2014 02:18:20 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows (3144) Windows: Fehler -1811 beim Öffnen von Protokolldatei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS003D7.log.
System errors:
=============
Error: (06/08/2014 02:18:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/08/2014 02:18:20 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.
Error: (06/07/2014 06:39:57 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (06/05/2014 11:22:58 PM) (Source: volsnap) (EventID: 25) (User: )
Description: Die Schattenkopien von Volume "G:" wurden gelöscht, weil der Schattenkopiespeicher nicht rechtzeitig vergrößert wurde. Sie sollten die E/A-Last auf dem System verringern oder ein Schattenkopie-Speichervolume, von dem keine Schattenkopie erstellt wird, auswählen.
Error: (06/02/2014 02:04:43 AM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.
Error: (05/30/2014 02:01:46 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (05/30/2014 02:01:43 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (05/30/2014 00:47:27 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x000000f4 (0x00000003, 0x8923f530, 0x8923f69c, 0x83265ec0)C:\Windows\MEMORY.DMP053014-12698-01
Error: (05/27/2014 01:08:17 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (05/25/2014 02:51:57 PM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.
Microsoft Office Sessions:
=========================
Error: (04/01/2014 05:39:58 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 488 seconds with 180 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2013-09-21 17:46:26.596
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 48%
Total physical RAM: 3169.87 MB
Available physical RAM: 1620.88 MB
Total Pagefile: 6338.02 MB
Available Pagefile: 4852.91 MB
Total Virtual: 2047.88 MB
Available Virtual: 1889.85 MB
==================== Drives ================================
Drive c: (Space) (Fixed) (Total:195.31 GB) (Free:107.17 GB) NTFS
Drive d: (Time) (Fixed) (Total:146.48 GB) (Free:146.21 GB) NTFS
Drive e: (Information) (Fixed) (Total:123.87 GB) (Free:123.62 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 6072F14C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=146 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=124 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Viele Grüße
dertb |
