| schanzeraner | 22.01.2015 16:04 |
Hi,
danke für deine Antwort.
Beide Dateien erschienen direkt nach dem ersten Scan auf dem Desktop.
FRST
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-01-2015
Ran by Yannik (administrator) on YANNIKF4CE on 21-01-2015 11:16:37
Running from \\psf\Home\Desktop
Loaded Profiles: Yannik (Available profiles: Yannik)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Stardock Corporation) C:\Program Files\Stardock\MyColors\VistaSrv.exe
() C:\Program Files\Stardock\MyColors\WBVista.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Parallels Holdings, Ltd. and its affiliates.) C:\Program Files\Parallels\Parallels Tools\Services\coherence.exe
(Parallels Holdings, Ltd. and its affiliates.) C:\Program Files\Parallels\Parallels Tools\Services\prl_tools_service.exe
(Parallels Holdings, Ltd. and its affiliates.) C:\Program Files\Parallels\Parallels Tools\Services\coherence.exe
(Parallels Holdings, Ltd. and its affiliates.) C:\Program Files\Parallels\Parallels Tools\Services\prl_tools.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Parallels Holdings, Ltd. and its affiliates.) C:\Program Files\Parallels\Parallels Tools\prl_cc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe
(Farbar) \\psf\Home\Desktop\FRST.exe
(Farbar) \\psf\Home\Desktop\FRST.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Parallels Tools Center] => C:\Program Files\Parallels\Parallels Tools\prl_cc.exe [165608 2014-12-19] (Parallels Holdings, Ltd. and its affiliates.)
ShellIconOverlayIdentifiers: [PrlToolsShellExt] -> {456C7CE2-DAAA-4333-A715-898D4671BBD4} => C:\Program Files\Parallels\Parallels Tools\ShellExtentions\PrlToolsShellExt.dll (Parallels Holdings, Ltd. and its affiliates.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-617022324-3237870813-1098454436-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.211.55.1
FireFox:
========
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF HKLM\...\Firefox\Extensions: - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-09-04]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-09-04]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-09-04]
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-09-04]
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-09-04]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-11-18]
CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-11-18]
CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-11-18]
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-11-18]
CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-11-18]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-11-18] (Kaspersky Lab ZAO)
R2 Parallels Coherence Service; C:\Program Files\Parallels\Parallels Tools\Services\coherence.exe [34536 2014-12-19] (Parallels Holdings, Ltd. and its affiliates.)
R2 Parallels Tools Service; C:\Program Files\Parallels\Parallels Tools\Services\prl_tools_service.exe [135400 2014-12-19] (Parallels Holdings, Ltd. and its affiliates.)
R2 prl_uprof; C:\Program Files\Parallels\Parallels Tools\prl_uprof.dll [76008 2014-12-19] (Parallels Holdings, Ltd. and its affiliates.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
R2 WindowBlinds; C:\Program Files\Stardock\MyColors\VistaSrv.exe [230704 2010-01-11] (Stardock Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [567064 2014-08-19] (Wacom Technology, Corp.)
R2 PrlVssProvider; C:\Windows\system32\dllhost.exe /Processid:{5C8E43D8-1C9F-4C23-8CFF-873D34039845}
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2013-11-18] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [94304 2013-06-08] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [574560 2013-11-18] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-11-18] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25696 2013-11-18] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-11-18] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145120 2013-06-06] (Kaspersky Lab ZAO)
R1 prl_boot; C:\Windows\System32\Drivers\prl_boot.sys [40424 2014-12-19] (Parallels Holdings, Ltd. and its affiliates.)
R3 prl_dd; C:\Windows\System32\DRIVERS\prl_kmdd.sys [144616 2014-12-19] (Parallels Holdings, Ltd. and its affiliates.)
R1 prl_fs; C:\Windows\System32\DRIVERS\prl_fs.sys [156008 2014-12-19] (Parallels Holdings, Ltd. and its affiliates.)
R3 prl_memdev; C:\Windows\System32\DRIVERS\prl_memdev.sys [19688 2014-12-19] ()
R3 prl_mouf; C:\Windows\System32\DRIVERS\prl_mouf.sys [19048 2014-12-19] (Parallels Holdings, Ltd. and its affiliates.)
R0 prl_pv32; C:\Windows\System32\DRIVERS\prl_pv32.sys [53480 2015-01-11] (Parallels Holdings, Ltd. and its affiliates.)
R3 prl_sound; C:\Windows\System32\DRIVERS\prl_sound.sys [46824 2014-12-19] (Parallels Holdings, Ltd. and its affiliates.)
R0 prl_strg; C:\Windows\System32\DRIVERS\prl_strg.sys [34536 2014-12-19] (Parallels Holdings, Ltd. and its affiliates.)
R0 prl_tg; C:\Windows\System32\DRIVERS\prl_tg.sys [26088 2014-12-19] (Parallels Holdings, Ltd. and its affiliates.)
R2 prl_time; C:\Windows\system32\drivers\prl_time.sys [17896 2014-12-19] (Parallels Holdings, Ltd. and its affiliates.)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
NETSVC: prl_uprof -> C:\Program Files\Parallels\Parallels Tools\prl_uprof.dll (Parallels Holdings, Ltd. and its affiliates.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-21 10:47 - 2015-01-21 11:17 - 00000000 ____D () C:\FRST
2015-01-11 20:31 - 2015-01-11 20:31 - 00000000 ____D () C:\EAGLE-7.2.0
2015-01-11 20:29 - 2015-01-11 20:29 - 00000000 ____D () C:\Users\Yannik\AppData\Roaming\CadSoft
2015-01-11 20:23 - 2014-12-19 10:02 - 00040168 _____ (Parallels Holdings, Ltd. and its affiliates.) C:\Windows\system32\prl_np.dll
2015-01-11 20:23 - 2014-12-19 10:02 - 00034536 _____ (Parallels Holdings, Ltd. and its affiliates.) C:\Windows\system32\Drivers\prl_strg.sys
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-21 11:17 - 2009-07-14 05:34 - 00028448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-21 11:17 - 2009-07-14 05:34 - 00028448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-21 11:15 - 2014-08-30 01:12 - 00165743 _____ () C:\Windows\WindowsUpdate.log
2015-01-21 10:50 - 2010-11-20 22:01 - 01498506 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-21 10:44 - 2014-09-04 14:58 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-01-21 10:44 - 2014-08-30 01:11 - 00174859 _____ () C:\Users\Yannik\AppData\Local\parallels.log
2015-01-21 10:44 - 2010-11-20 22:48 - 00006978 _____ () C:\Windows\PFRO.log
2015-01-21 10:44 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-21 10:44 - 2009-07-14 05:39 - 00022498 _____ () C:\Windows\setupact.log
2015-01-21 10:44 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Registration
2015-01-11 20:24 - 2014-08-30 01:10 - 00000879 _____ () C:\Windows\autologon.log
2015-01-11 20:23 - 2014-08-30 00:10 - 00000456 __RSH () C:\ProgramData\ntuser.pol
2015-01-11 20:23 - 2014-08-30 00:09 - 00053480 _____ (Parallels Holdings, Ltd. and its affiliates.) C:\Windows\system32\Drivers\prl_pv32.sys
2015-01-11 20:22 - 2014-08-30 00:10 - 00000000 ____D () C:\Users\Yannik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Parallels Shared Applications
2015-01-11 20:22 - 2014-08-30 00:09 - 00000000 ____D () C:\Program Files\Common Files\Parallels
==================== Files in the root of some directories =======
2014-08-30 01:11 - 2015-01-21 10:44 - 0174859 _____ () C:\Users\Yannik\AppData\Local\parallels.log
2014-12-16 00:32 - 2014-12-16 00:32 - 0002243 _____ () C:\Users\Yannik\AppData\Local\recently-used.xbel
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-11 20:53
==================== End Of Log ============================
--- --- ---
Addition Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-01-2015
Ran by Yannik at 2015-01-21 11:19:33
Running from \\psf\Home\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Internet Security (Disabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Disabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Disabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
CopyTrans Control Center deinstallieren (HKU\S-1-5-21-617022324-3237870813-1098454436-1000\...\CopyTrans Suite) (Version: 3.003 - WindSolutions)
DeepSkyStacker (HKLM\...\{350E3960-DE20-4FE6-9E6B-26B464AD27FD}) (Version: 3.2.0 - )
EAGLE 7.2.0 (HKLM\...\EAGLE 7.2.0) (Version: 7.2.0 - CadSoft Computer GmbH)
FreeCAD 0.14 - A free open source CAD system (HKLM\...\FreeCAD 0.14) (Version: 0.14.3700 - Juergen Riegel)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Inkscape 0.48.5 (HKLM\...\Inkscape) (Version: 0.48.5 - )
Kaspersky Internet Security (HKLM\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
New Astronomy CCDCalc 1.5 (HKLM\...\ST6UNST #1) (Version: - )
Parallels Tools (HKLM\...\{8793ED55-A67F-4CC4-8DD4-19107FF4D047}) (Version: 10.1.2.28859 - Parallels Software International Inc)
PHD Guiding 1.14a (HKLM\...\PHD Guiding_is1) (Version: - Stark Labs)
Stardock MyColors (HKLM\...\Stardock MyColors) (Version: 2.75.00 - Stardock Corporation)
Stardock MyColors (Version: 2.75.00 - Stardock Corporation) Hidden
Stellarium 0.13.0 (HKLM\...\Stellarium_is1) (Version: 0.13.0 - Stellarium team)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
28-09-2014 21:45:01 Geplanter Prüfpunkt
13-10-2014 08:44:27 Geplanter Prüfpunkt
22-10-2014 19:10:28 Installed Parallels Tools.
11-12-2014 19:40:46 Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
11-01-2015 20:22:38 Installed Parallels Tools.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2014-08-30 00:10 - 00000867 ____A C:\Windows\system32\Drivers\etc\hosts
0.0.0.0 .psf
0.0.0.0 psf
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Loaded Modules (whitelisted) =============
2010-01-11 12:07 - 2010-01-11 12:07 - 00099632 _____ () C:\Program Files\Stardock\MyColors\WBVista.exe
2013-05-08 13:52 - 2013-05-08 13:52 - 01270464 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2013-11-18 13:27 - 2013-11-18 13:27 - 00478912 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2014-12-11 20:25 - 2014-08-19 20:12 - 01019672 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
HKU\.DEFAULT\Software\Classes\.exe: => <===== ATTENTION!
HKU\S-1-5-21-617022324-3237870813-1098454436-1000\Software\Classes\.exe: => <===== ATTENTION!
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-617022324-3237870813-1098454436-500 - Administrator - Disabled)
Gast (S-1-5-21-617022324-3237870813-1098454436-501 - Limited - Disabled)
Yannik (S-1-5-21-617022324-3237870813-1098454436-1000 - Administrator - Enabled) => C:\Users\Yannik
==================== Faulty Device Manager Devices =============
Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/21/2015 11:07:29 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17514 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 784
Startzeit: 01d0355edf71ee00
Endzeit: 15
Anwendungspfad: C:\Windows\Explorer.EXE
Berichts-ID: 48fa7881-a155-11e4-b147-001c4204a8b4
Error: (01/21/2015 10:59:21 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm iexplore.exe, Version 8.0.7601.17514 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: b3c
Startzeit: 01d03560b6c07880
Endzeit: 31
Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe
Berichts-ID: 28ff72c1-a154-11e4-b147-001c4204a8b4
Error: (01/21/2015 10:46:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/21/2015 10:35:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/11/2015 08:28:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/11/2015 08:24:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/15/2014 11:51:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: gimp-2.8.exe, Version: 2.8.14.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: libpixman-1-0.dll, Version: 0.0.0.0, Zeitstempel: 0x0072a5f0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00084b3b
ID des fehlerhaften Prozesses: 0xd10
Startzeit der fehlerhaften Anwendung: 0xgimp-2.8.exe0
Pfad der fehlerhaften Anwendung: gimp-2.8.exe1
Pfad des fehlerhaften Moduls: gimp-2.8.exe2
Berichtskennung: gimp-2.8.exe3
Error: (10/22/2014 07:15:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/22/2014 07:11:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/13/2014 08:19:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (01/21/2015 11:05:23 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst WinDefend erreicht.
Error: (01/21/2015 10:44:37 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 21.01.15 um 10:40:57 unerwartet heruntergefahren.
Error: (01/21/2015 10:33:53 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 11.01.15 um 21:01:41 unerwartet heruntergefahren.
Error: (01/11/2015 08:22:24 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 17.12.14 um 22:12:56 unerwartet heruntergefahren.
Error: (10/22/2014 07:10:15 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 13.10.14 um 17:06:46 unerwartet heruntergefahren.
Error: (10/13/2014 08:17:23 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 01.10.14 um 20:58:03 unerwartet heruntergefahren.
Error: (09/28/2014 09:13:51 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 25.09.14 um 17:29:46 unerwartet heruntergefahren.
Error: (09/24/2014 09:38:53 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 23.09.14 um 14:35:15 unerwartet heruntergefahren.
Error: (09/04/2014 02:23:20 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 04.09.14 um 15:07:51 unerwartet heruntergefahren.
Microsoft Office Sessions:
=========================
Error: (01/21/2015 11:07:29 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.1751478401d0355edf71ee0015C:\Windows\Explorer.EXE48fa7881-a155-11e4-b147-001c4204a8b4
Error: (01/21/2015 10:59:21 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.7601.17514b3c01d03560b6c0788031C:\Program Files\Internet Explorer\iexplore.exe28ff72c1-a154-11e4-b147-001c4204a8b4
Error: (01/21/2015 10:46:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/21/2015 10:35:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/11/2015 08:28:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/11/2015 08:24:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/15/2014 11:51:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: gimp-2.8.exe2.8.14.000000000libpixman-1-0.dll0.0.0.00072a5f0c000000500084b3bd1001d018b9806ab6b0C:\Program Files\GIMP 2\bin\gimp-2.8.exeC:\Program Files\GIMP 2\bin\libpixman-1-0.dlleffeb530-84ac-11e4-9904-001c4204a8b4
Error: (10/22/2014 07:15:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/22/2014 07:11:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/13/2014 08:19:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
CodeIntegrity Errors:
===================================
Date: 2015-01-11 20:53:16.878
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-11 20:53:16.878
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-11 20:53:16.878
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-11 20:53:16.878
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-11 20:53:16.878
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-11 20:53:16.878
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-11 20:53:16.863
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-11 20:53:16.863
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-11 20:53:16.863
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-11 20:53:16.847
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-3720QM CPU @ 2.60GHz
Percentage of memory in use: 24%
Total physical RAM: 2815.55 MB
Available physical RAM: 2131.06 MB
Total Pagefile: 5629.38 MB
Available Pagefile: 4656.65 MB
Total Virtual: 2047.88 MB
Available Virtual: 1908.23 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:63.66 GB) (Free:47.73 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 64 GB) (Disk ID: EA296003)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=63.7 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Danke für deine Hilfe!
LG |
FRST 32-Bit | FRST 64-Bit