Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen'

Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen'


Log-Analyse und Auswertung: Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen'

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 12.05.2014, 06:42   #1
chefrocker
 
Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen' - Standard

Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen'


Hallo liebe Trojanerjäger!

Seit ein paar Tagen habe ich bemerkt, dass ich den Antivir Echtzeitscanner nicht mehr aktivieren kann. Ich habe daraufhin mehrfach versucht durch einen Virencheck mit Antivir das Problem zu lösen - dies hat aber nie funktioniert. Antivir hat dabei aber den Trojaner 'TR/Rootkit.Gen' in der Datei 'C:\Windows\system32\drivers\f8065e8752673505.sys' gefunden. Da das Vernichten mit Antivir nicht funktionert hat hier nun mein Hilfegesuch an euer Trojaner-Board.

Ich habe die in der Anleitung beschriebenen Programme runtergeladen und die logs erstellt - da ich keine Erfahrung mit so etwas habe, bitte ich schon mal um Entschuldigung falls ich etwas falsch poste.

Anitvir-Ereignisse:

Code:
ATTFilter
Exportierte Ereignisse:

5/11/2014 7:24 PM [System-Scanner] Malware gefunden
      Die Datei 'C:\Windows\system32\drivers\f8065e8752673505.sys'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Rootkit.Gen' [trojan].
      Durchgeführte Aktion(en):

5/9/2014 4:46 PM [System-Scanner] Malware gefunden
      Die Datei 'C:\Windows\system32\drivers\f8065e8752673505.sys'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Rootkit.Gen' [trojan].
      Durchgeführte Aktion(en):

5/9/2014 4:23 PM [System-Scanner] Malware gefunden
      Die Datei 'C:\Windows\system32\drivers\f8065e8752673505.sys'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Rootkit.Gen' [trojan].
      Durchgeführte Aktion(en):

4/26/2014 10:38 AM [System-Scanner] Malware gefunden
      Die Datei 'C:\Windows\system32\drivers\f8065e8752673505.sys'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Rootkit.Gen' [trojan].
      Durchgeführte Aktion(en):

4/13/2014 3:08 AM [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Windows\System32\drivers\54df0.sys'
      wurde ein Virus oder unerwünschtes Programm 'TR/Rootkit.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Übergeben an Scanner

4/13/2014 3:08 AM [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Windows\System32\drivers\54df0.sys'
      wurde ein Virus oder unerwünschtes Programm 'TR/Rootkit.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

4/13/2014 3:08 AM [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Windows\System32\drivers\54df0.sys'
      wurde ein Virus oder unerwünschtes Programm 'TR/Rootkit.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff erlauben

4/12/2014 3:21 PM [System-Scanner] Malware gefunden
      Die Datei 'C:\Windows\System32\drivers\553ab0.sys'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Rootkit.Gen' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5629aa9a.qua' 
      verschoben!
      Der Registrierungseintrag 
      <HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\553ab0\ImagePath> wurde 
      erfolgreich repariert.
      Der Registrierungseintrag 
      <HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\553ab0\ImagePath> wurde 
      erfolgreich repariert.

4/12/2014 3:16 PM [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Windows\System32\drivers\553ab0.sys'
      wurde ein Virus oder unerwünschtes Programm 'TR/Rootkit.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Übergeben an Scanner

4/12/2014 3:16 PM [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Windows\System32\drivers\553ab0.sys'
      wurde ein Virus oder unerwünschtes Programm 'TR/Rootkit.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

4/12/2014 3:16 PM [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Windows\System32\drivers\553ab0.sys'
      wurde ein Virus oder unerwünschtes Programm 'TR/Rootkit.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff erlauben

4/12/2014 1:18 PM [System-Scanner] Malware gefunden
      Die Datei 'C:\Windows\System32\drivers\2179518.sys'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Rootkit.Gen' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '547bb2f3.qua' 
      verschoben!
      Der Registrierungseintrag 
      <HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\2179518\ImagePath> wurde 
      erfolgreich repariert.
      Der Registrierungseintrag 
      <HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\2179518\ImagePath> wurde 
      erfolgreich repariert.

4/12/2014 1:16 PM [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Windows\System32\drivers\2179518.sys'
      wurde ein Virus oder unerwünschtes Programm 'TR/Rootkit.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Übergeben an Scanner

4/12/2014 1:16 PM [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Windows\System32\drivers\2179518.sys'
      wurde ein Virus oder unerwünschtes Programm 'TR/Rootkit.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff erlauben

4/12/2014 1:15 PM [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Windows\System32\drivers\2179518.sys'
      wurde ein Virus oder unerwünschtes Programm 'TR/Rootkit.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern
Defogger-disable-log:

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 06:06 on 12/05/2014 (maria)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Unable to read f8065e8752673505.sys
Unable to read usb8023.sys
Unable to read usbaapl.sys
Unable to read usbccgp.sys
Unable to read usbcir.sys
Unable to read usbd.sys
Unable to read usbehci.sys
Unable to read usbhub.sys
Unable to read usbohci.sys
Unable to read usbport.sys
Unable to read usbprint.sys
Unable to read USBSTOR.SYS
Unable to read usbuhci.sys
Unable to read usbvideo.sys
Unable to read vdrvroot.sys
Unable to read vga.sys
Unable to read vgapnp.sys
Unable to read vhdmp.sys
Unable to read VIAAGP.SYS
Unable to read viac7.sys
Unable to read viaide.sys
Unable to read videoprt.sys
Unable to read volmgr.sys
Unable to read volmgrx.sys
Unable to read volsnap.sys
Unable to read vsmraid.sys
Unable to read vwifibus.sys
Unable to read vwififlt.sys
Unable to read vwifimp.sys
Unable to read wacompen.sys
Unable to read wanarp.sys
Unable to read watchdog.sys
Unable to read wd.sys
Unable to read Wdf01000.sys
Unable to read WdfLdr.sys
Unable to read wfplwf.sys
Unable to read wimmount.sys
Unable to read winusb.sys
Unable to read wmiacpi.sys
Unable to read wmilib.sys
Unable to read ws2ifsl.sys
Unable to read WUDFPf.sys
Unable to read WUDFRd.sys


-=E.O.F=-
FRST-log:

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:11-05-2014 01
Ran by maria (administrator) on MARIA-PC on 12-05-2014 06:09:06
Running from C:\Users\maria\Downloads
Platform: Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LMutilps32.exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
(Realsil Microelectronics Inc.) C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Windows\Installer\{7CA9930C-644C-D32B-F314-D22FD2EB936A}\syshost.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LMworker.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avscan.exe
() C:\Users\maria\Downloads\Defogger.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10025576 2011-02-11] (Realtek Semiconductor)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1934632 2010-10-08] (Synaptics Incorporated)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [715368 2011-02-23] (Acer Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-18] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [182352 2014-05-05] (Avira Operations GmbH & Co. KG)
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-2462786714-4158980062-2870690922-1000\...\Run: [Facebook Update] => C:\Users\maria\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-09-25] (Facebook Inc.)
HKU\S-1-5-21-2462786714-4158980062-2870690922-1000\...\Run: [Mobile Partner] => C:\Program Files\AIS 3G Pocket WiFi\AIS 3G Pocket WiFi
HKU\S-1-5-21-2462786714-4158980062-2870690922-1000\...\MountPoints2: D - D:\AutoRun.exe
HKU\S-1-5-21-2462786714-4158980062-2870690922-1000\...\MountPoints2: {91927732-5e3a-11e3-9e9c-806e6f6e6963} - D:\AutoRun.exe
HKU\S-1-5-21-2462786714-4158980062-2870690922-1000\...\MountPoints2: {9192774b-5e3a-11e3-9e9c-e89a8f74b2d1} - D:\AutoRun.exe
HKU\S-1-5-21-2462786714-4158980062-2870690922-1000\...\MountPoints2: {98f4175f-a0f5-11e3-85f4-78929c166542} - D:\iLinker.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKCU - {0B0D21E1-3ACB-4420-B971-3840F30AC614} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {1247A6CE-8963-4FF4-AA6A-B6E601B9FABB} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {29A68C23-28C5-4A01-82ED-EED63FD6CED7} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKCU - {A11FA169-F1F9-4917-819F-B5E7E8BD05E2} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {C424171E-592A-415A-9EB1-DFD6D95D3530} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 203.144.207.49 203.144.207.29

FireFox:
========
FF ProfilePath: C:\Users\maria\AppData\Roaming\Mozilla\Firefox\Profiles\90yea2t9.default
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\maria\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\maria\AppData\Roaming\Mozilla\Firefox\Profiles\90yea2t9.default\searchplugins\avira-safesearch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\maria\AppData\Roaming\Mozilla\Firefox\Profiles\90yea2t9.default\Extensions\abs@avira.com [2014-05-11]
FF Extension: Adblock Plus - C:\Users\maria\AppData\Roaming\Mozilla\Firefox\Profiles\90yea2t9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-01-07]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-05-10]

========================== Services (Whitelisted) =================

Locked "f8065e8752673505" service could not be unlocked. <===== ATTENTION

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [124496 2014-05-05] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [739944 2011-02-23] (Acer Incorporated)
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
R2 IconMan_R; C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1755136 2011-03-07] (Realsil Microelectronics Inc.)
R2 syshost32; C:\Windows\Installer\{7CA9930C-644C-D32B-F314-D22FD2EB936A}\syshost.exe [74752 2014-04-12] ()

==================== Drivers (Whitelisted) ====================

S3 1394ohci; C:\Windows\system32\drivers\1394ohci.sys [164864 2010-11-20] ()
R0 ACPI; C:\Windows\System32\drivers\ACPI.sys [274304 2010-11-20] ()
S3 AcpiPmi; C:\Windows\system32\drivers\acpipmi.sys [10240 2010-11-20] ()
S3 adp94xx; C:\Windows\system32\drivers\adp94xx.sys [422976 2009-07-14] ()
S3 adpahci; C:\Windows\system32\drivers\adpahci.sys [297552 2009-07-14] ()
S3 adpu320; C:\Windows\system32\drivers\adpu320.sys [146512 2009-07-14] ()
R1 AFD; C:\Windows\system32\drivers\afd.sys [338944 2013-09-14] ()
S3 agp440; C:\Windows\system32\drivers\agp440.sys [53312 2009-07-14] ()
S3 aic78xx; C:\Windows\system32\drivers\djsvs.sys [70720 2009-07-14] ()
S3 aliide; C:\Windows\system32\drivers\aliide.sys [14400 2009-07-14] ()
S3 amdagp; C:\Windows\system32\drivers\amdagp.sys [53312 2009-07-14] ()
S3 amdide; C:\Windows\system32\drivers\amdide.sys [14912 2009-07-14] ()
S3 AmdK8; C:\Windows\system32\drivers\amdk8.sys [55296 2009-07-14] ()
S3 AmdPPM; C:\Windows\system32\drivers\amdppm.sys [52736 2009-07-14] ()
S3 amdsata; C:\Windows\system32\drivers\amdsata.sys [80256 2011-03-11] ()
S3 amdsbs; C:\Windows\system32\drivers\amdsbs.sys [159312 2009-07-14] ()
R0 amdxata; C:\Windows\System32\drivers\amdxata.sys [22400 2011-03-11] ()
S3 AppID; C:\Windows\system32\drivers\appid.sys [50176 2010-11-20] ()
S3 arc; C:\Windows\system32\drivers\arc.sys [76368 2009-07-14] ()
S3 arcsas; C:\Windows\system32\drivers\arcsas.sys [86608 2009-07-14] ()
S3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [17920 2009-07-14] ()
R0 atapi; C:\Windows\System32\drivers\atapi.sys [21584 2009-07-14] ()
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-26] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-26] ()
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-10] ()
S3 b06bdrv; C:\Windows\system32\drivers\bxvbdx.sys [430080 2009-07-14] ()
S3 b57nd60x; C:\Windows\System32\DRIVERS\b57nd60x.sys [229888 2009-07-14] ()
R1 Beep; C:\Windows\system32\Drivers\Beep.sys [6144 2009-07-14] ()
R1 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [35328 2009-07-14] ()
R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [69632 2011-02-23] ()
S3 BrFiltLo; C:\Windows\system32\drivers\BrFiltLo.sys [13568 2009-07-14] ()
S3 BrFiltUp; C:\Windows\system32\drivers\BrFiltUp.sys [5248 2009-07-14] ()
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [272128 2009-07-14] ()
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [62336 2009-07-14] ()
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [12160 2009-07-14] ()
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [11904 2009-07-14] ()
S3 BTHMODEM; C:\Windows\system32\drivers\bthmodem.sys [56320 2009-07-14] ()
S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [70656 2009-07-14] ()
S1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [108544 2010-11-20] ()
S3 circlass; C:\Windows\system32\drivers\circlass.sys [37888 2009-07-14] ()
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] ()
R3 CmBatt; C:\Windows\system32\drivers\CmBatt.sys [14080 2009-07-14] ()
S3 cmdide; C:\Windows\system32\drivers\cmdide.sys [15952 2009-07-14] ()
R0 CNG; C:\Windows\System32\Drivers\cng.sys [369848 2013-07-04] ()
R0 Compbatt; C:\Windows\System32\drivers\compbatt.sys [19024 2009-07-14] ()
R3 CompositeBus; C:\Windows\system32\drivers\CompositeBus.sys [31232 2010-11-20] ()
S4 crcdisk; C:\Windows\system32\drivers\crcdisk.sys [22096 2009-07-14] ()
R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [78336 2010-11-20] ()
R1 discache; C:\Windows\System32\drivers\discache.sys [32256 2009-07-14] ()
R0 Disk; C:\Windows\System32\drivers\disk.sys [57424 2009-07-14] ()
S3 drmkaud; C:\Windows\system32\drivers\drmkaud.sys [5120 2009-07-14] ()
R3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [729024 2013-08-01] ()
S3 ebdrv; C:\Windows\system32\drivers\evbdx.sys [3100160 2009-07-14] ()
S3 elxstor; C:\Windows\system32\drivers\elxstor.sys [453712 2009-07-14] ()
S3 ErrDev; C:\Windows\system32\drivers\errdev.sys [7168 2009-07-14] ()
S3 ew_usbenumfilter; C:\Windows\System32\DRIVERS\ew_usbenumfilter.sys [11136 2010-03-20] ()
S3 exfat; C:\Windows\system32\Drivers\exfat.sys [142336 2009-07-14] ()
S3 fastfat; C:\Windows\system32\Drivers\fastfat.sys [148480 2009-07-14] ()
S3 fdc; C:\Windows\system32\drivers\fdc.sys [25088 2009-07-14] ()
R0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [58448 2009-07-14] ()
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [28160 2009-07-14] ()
S3 flpydisk; C:\Windows\system32\drivers\flpydisk.sys [19968 2009-07-14] ()
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [198208 2009-07-14] ()
S3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [46160 2009-07-14] ()
U0 Fs_Rec; C:\Windows\system32\Drivers\Fs_Rec.sys [19824 2012-03-01] ()
R0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [196328 2013-01-24] ()
S3 gagp30kx; C:\Windows\system32\drivers\gagp30kx.sys [57936 2009-07-14] ()
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [26624 2009-07-14] ()
S3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [304128 2010-11-20] ()
R3 HDAudBus; C:\Windows\system32\drivers\HDAudBus.sys [108544 2010-11-20] ()
S3 HidBatt; C:\Windows\system32\drivers\HidBatt.sys [21504 2009-07-14] ()
S3 HidBth; C:\Windows\system32\drivers\hidbth.sys [91136 2009-07-14] ()
S3 HidIr; C:\Windows\system32\drivers\hidir.sys [37888 2009-07-14] ()
S3 HidUsb; C:\Windows\system32\drivers\hidusb.sys [24064 2010-11-20] ()
S3 HpSAMD; C:\Windows\system32\drivers\HpSAMD.sys [67152 2009-07-14] ()
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [513536 2010-11-20] ()
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [95616 2012-04-23] ()
S3 huawei_cdcecm; C:\Windows\System32\DRIVERS\ew_jucdcecm.sys [70016 2012-04-23] ()
R3 huawei_enumerator; C:\Windows\System32\DRIVERS\ew_jubusenum.sys [76544 2012-04-23] ()
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [27520 2012-04-23] ()
R0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14208 2010-11-20] ()
R3 i8042prt; C:\Windows\system32\drivers\i8042prt.sys [80896 2009-07-14] ()
R0 iaStor; C:\Windows\System32\drivers\iaStor.sys [354840 2010-11-06] ()
S3 iaStorV; C:\Windows\system32\drivers\iaStorV.sys [332160 2011-03-11] ()
R3 igfx; C:\Windows\System32\DRIVERS\igdkmd32.sys [4807168 2010-10-24] ()
S3 iirsp; C:\Windows\system32\drivers\iirsp.sys [41040 2009-07-14] ()
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHDA.sys [3396136 2011-02-11] ()
S3 intelide; C:\Windows\system32\drivers\intelide.sys [15424 2009-07-14] ()
R3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [53760 2009-07-14] ()
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [58880 2009-07-14] ()
S3 IPMIDRV; C:\Windows\system32\drivers\IPMIDrv.sys [65536 2010-11-20] ()
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [101888 2009-07-14] ()
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [13824 2009-07-14] ()
S3 isapnp; C:\Windows\system32\drivers\isapnp.sys [46656 2009-07-14] ()
S3 iScsiPrt; C:\Windows\system32\drivers\msiscsi.sys [234432 2014-02-04] ()
R3 kbdclass; C:\Windows\system32\drivers\kbdclass.sys [42576 2009-07-14] ()
S3 kbdhid; C:\Windows\system32\drivers\kbdhid.sys [28160 2010-11-20] ()
R0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [67520 2013-09-25] ()
R0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [136640 2013-09-25] ()
R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [48128 2009-07-14] ()
S3 LSI_FC; C:\Windows\system32\drivers\lsi_fc.sys [95824 2009-07-14] ()
S3 LSI_SAS; C:\Windows\system32\drivers\lsi_sas.sys [89168 2009-07-14] ()
S3 LSI_SAS2; C:\Windows\system32\drivers\lsi_sas2.sys [54864 2009-07-14] ()
S3 LSI_SCSI; C:\Windows\system32\drivers\lsi_scsi.sys [96848 2009-07-14] ()
R2 luafv; C:\Windows\system32\drivers\luafv.sys [86528 2009-07-14] ()
S3 megasas; C:\Windows\system32\drivers\megasas.sys [30800 2009-07-14] ()
S3 MegaSR; C:\Windows\system32\drivers\MegaSR.sys [235584 2009-07-14] ()
S3 Modem; C:\Windows\System32\drivers\modem.sys [31744 2009-07-14] ()
R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [23552 2009-07-14] ()
R3 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [41552 2009-07-14] ()
S3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [26112 2009-07-14] ()
R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [78208 2010-11-20] ()
S3 mpio; C:\Windows\system32\drivers\mpio.sys [130432 2010-11-20] ()
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [60416 2009-07-14] ()
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [115712 2013-07-04] ()
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [123904 2011-04-27] ()
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [223744 2011-07-09] ()
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [96768 2011-04-27] ()
S3 msahci; C:\Windows\system32\drivers\msahci.sys [28032 2010-11-20] ()
S3 msdsm; C:\Windows\system32\drivers\msdsm.sys [116096 2010-11-20] ()
R1 Msfs; C:\Windows\system32\Drivers\Msfs.sys [22528 2009-07-14] ()
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [4096 2009-07-14] ()
R0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [13888 2009-07-14] ()
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [8320 2009-07-14] ()
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [5888 2009-07-14] ()
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [5504 2009-07-14] ()
S3 MsRPC; C:\Windows\system32\Drivers\MsRPC.sys [162896 2009-07-14] ()
R1 mssmbios; C:\Windows\system32\drivers\mssmbios.sys [28240 2009-07-14] ()
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [6144 2009-07-14] ()
S3 MTConfig; C:\Windows\system32\drivers\MTConfig.sys [12288 2009-07-14] ()
R0 Mup; C:\Windows\System32\Drivers\mup.sys [49728 2009-07-14] ()
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [267264 2009-07-14] ()
R0 NDIS; C:\Windows\System32\drivers\ndis.sys [712048 2012-08-22] ()
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [27136 2009-07-14] ()
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [20992 2009-07-14] ()
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [46080 2010-11-20] ()
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [118784 2010-11-20] ()
R3 NDProxy; C:\Windows\system32\Drivers\NDProxy.sys [48640 2010-11-20] ()
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [36352 2009-07-14] ()
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [187904 2010-11-20] ()
R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7435264 2011-01-04] ()
S3 nfrd960; C:\Windows\system32\drivers\nfrd960.sys [44624 2009-07-14] ()
R1 Npfs; C:\Windows\system32\Drivers\Npfs.sys [35328 2009-07-14] ()
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [16896 2009-07-14] ()
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1212352 2014-01-24] ()
R1 Null; C:\Windows\system32\Drivers\Null.sys [4608 2009-07-14] ()
S3 nvraid; C:\Windows\system32\drivers\nvraid.sys [117120 2011-03-11] ()
S3 nvstor; C:\Windows\system32\drivers\nvstor.sys [143744 2011-03-11] ()
S3 nv_agp; C:\Windows\system32\drivers\nv_agp.sys [105024 2009-07-14] ()
S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [62464 2009-07-14] ()
S3 Parport; C:\Windows\system32\drivers\parport.sys [79360 2009-07-14] ()
R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [56176 2012-03-17] ()
S2 Parvdm; C:\Windows\system32\drivers\parvdm.sys [8704 2009-07-14] ()
R0 pci; C:\Windows\System32\drivers\pci.sys [153984 2010-11-20] ()
S3 pciide; C:\Windows\system32\drivers\pciide.sys [12368 2009-07-14] ()
S3 pcmcia; C:\Windows\system32\drivers\pcmcia.sys [180288 2009-07-14] ()
R0 pcw; C:\Windows\System32\drivers\pcw.sys [43088 2009-07-14] ()
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [586752 2009-07-14] ()
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [73728 2009-07-14] ()
S3 Processor; C:\Windows\system32\drivers\processr.sys [52224 2009-07-14] ()
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [104448 2009-07-14] ()
S3 ql2300; C:\Windows\system32\drivers\ql2300.sys [1383488 2009-07-14] ()
S3 ql40xx; C:\Windows\system32\drivers\ql40xx.sys [106064 2009-07-14] ()
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [31744 2009-07-14] ()
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [11776 2009-07-14] ()
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [49152 2009-07-14] ()
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [78848 2009-07-14] ()
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [77824 2009-07-14] ()
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [75264 2009-07-14] ()
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [242688 2010-11-20] ()
S3 rdpbus; C:\Windows\system32\drivers\rdpbus.sys [18944 2009-07-14] ()
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [6656 2010-11-20] ()
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [6656 2009-07-14] ()
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [7168 2009-07-14] ()
S3 RdpVideoMiniport; C:\Windows\System32\drivers\rdpvideominiport.sys [14848 2012-08-23] ()
S3 RDPWD; C:\Windows\system32\Drivers\RDPWD.sys [183808 2012-04-28] ()
R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [173440 2010-11-20] ()
R3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [252520 2011-03-07] ()
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [60928 2009-07-14] ()
R3 RTL8167; C:\Windows\System32\DRIVERS\Rt86win7.sys [327784 2010-12-28] ()
S3 sbp2port; C:\Windows\system32\drivers\sbp2port.sys [85376 2010-11-20] ()
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [26624 2010-11-20] ()
R2 secdrv; C:\Windows\system32\Drivers\secdrv.sys [20480 2009-07-13] ()
S3 Serenum; C:\Windows\system32\drivers\serenum.sys [17920 2009-07-14] ()
S3 Serial; C:\Windows\system32\drivers\serial.sys [83456 2009-07-14] ()
S3 sermouse; C:\Windows\system32\drivers\sermouse.sys [19968 2009-07-14] ()
S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [11264 2009-07-14] ()
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [12288 2009-07-14] ()
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [12800 2010-11-20] ()
S3 sfloppy; C:\Windows\system32\drivers\sfloppy.sys [13824 2009-07-14] ()
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfslh.sys [583848 2013-06-26] ()
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaylh.sys [197800 2013-06-26] ()
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirlh.sys [24232 2013-06-26] ()
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvollh.sys [20136 2013-06-26] ()
S3 sisagp; C:\Windows\system32\drivers\sisagp.sys [52304 2009-07-14] ()
S3 SiSRaid2; C:\Windows\system32\drivers\SiSRaid2.sys [40016 2009-07-14] ()
S3 SiSRaid4; C:\Windows\system32\drivers\sisraid4.sys [77888 2009-07-14] ()
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [71168 2009-07-14] ()
R0 spldr; C:\Windows\system32\Drivers\spldr.sys [17472 2009-07-14] ()
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [311808 2011-04-29] ()
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [310272 2011-04-29] ()
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [114688 2011-04-29] ()
S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-10-08] (Avira GmbH)
S3 stexstor; C:\Windows\system32\drivers\stexstor.sys [21072 2009-07-14] ()
R3 swenum; C:\Windows\system32\drivers\swenum.sys [12240 2009-07-14] ()
R3 SynTP; C:\Windows\System32\DRIVERS\SynTP.sys [1314736 2010-10-08] ()
R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1294272 2013-09-08] ()
S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1294272 2013-09-08] ()
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [35328 2012-10-03] ()
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [18432 2010-11-20] ()
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [24576 2012-02-17] ()
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [74752 2010-11-20] ()
R1 TermDD; C:\Windows\system32\drivers\termdd.sys [53120 2010-11-20] ()
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [31232 2013-06-15] ()
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [49664 2012-08-23] ()
S3 TsUsbGD; C:\Windows\system32\drivers\TsUsbGD.sys [27136 2012-08-23] ()
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [108544 2010-11-20] ()
S3 uagp35; C:\Windows\system32\drivers\uagp35.sys [55888 2009-07-14] ()
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [246784 2010-11-20] ()
S3 uliagpkx; C:\Windows\system32\drivers\uliagpkx.sys [57424 2009-07-14] ()
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [39936 2010-11-20] ()
S3 UmPass; C:\Windows\System32\DRIVERS\umpass.sys [8192 2009-07-14] ()
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [42496 2011-08-03] ()
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [76288 2013-11-27] ()
S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [86016 2013-07-12] ()
R3 usbehci; C:\Windows\system32\drivers\usbehci.sys [43520 2013-11-27] ()
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [258560 2013-11-27] ()
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [20480 2013-11-27] ()
S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [19968 2009-07-14] ()
S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [76288 2011-03-11] ()
R3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [24064 2013-11-27] ()
R3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [146816 2013-07-12] ()
R0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [32832 2009-07-14] ()
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [26112 2009-07-14] ()
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [25088 2009-07-14] ()
S3 vhdmp; C:\Windows\system32\drivers\vhdmp.sys [160128 2010-11-20] ()
S3 viaagp; C:\Windows\system32\drivers\viaagp.sys [53328 2009-07-14] ()
S3 ViaC7; C:\Windows\system32\drivers\viac7.sys [52736 2009-07-14] ()
S3 viaide; C:\Windows\system32\drivers\viaide.sys [16976 2009-07-14] ()
R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [53120 2010-11-20] ()
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [297040 2009-07-14] ()
R0 volsnap; C:\Windows\System32\drivers\volsnap.sys [245632 2010-11-20] ()
S3 vsmraid; C:\Windows\system32\drivers\vsmraid.sys [141904 2009-07-14] ()
R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [19968 2009-07-14] ()
R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [48128 2009-07-14] ()
R3 vwifimp; C:\Windows\System32\DRIVERS\vwifimp.sys [14336 2009-07-14] ()
S3 WacomPen; C:\Windows\system32\drivers\wacompen.sys [21632 2009-07-14] ()
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [63488 2010-11-20] ()
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [63488 2010-11-20] ()
R0 Wd; C:\Windows\System32\drivers\wd.sys [19024 2009-07-14] ()
R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [527064 2013-06-26] ()
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [9728 2009-07-14] ()
S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [19008 2009-07-14] ()
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [35968 2010-11-20] ()
R3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [11264 2009-07-14] ()
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [16384 2009-07-14] ()
S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [66560 2012-07-26] ()
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [155136 2012-07-26] ()
U5 BattC; C:\Windows\System32\Drivers\BattC.sys [25168 2009-07-14] ()
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [102784 2010-07-27] (Huawei Technologies Co., Ltd.)
U5 f8065e8752673505; C:\Windows\System32\Drivers\f8065e8752673505.sys [56192 2014-04-13] () <===== ATTENTION Necurs Rootkit?

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-12 06:09 - 2014-05-12 06:09 - 00033033 _____ () C:\Users\maria\Downloads\FRST.txt
2014-05-12 06:08 - 2014-05-12 06:09 - 00000000 ____D () C:\FRST
2014-05-12 06:07 - 2014-05-12 06:08 - 01056256 _____ (Farbar) C:\Users\maria\Downloads\FRST.exe
2014-05-12 06:06 - 2014-05-12 06:07 - 00002860 _____ () C:\Users\maria\Downloads\defogger_disable.log
2014-05-12 06:06 - 2014-05-12 06:06 - 00000000 _____ () C:\Users\maria\defogger_reenable
2014-05-12 05:50 - 2014-05-12 05:50 - 00050477 _____ () C:\Users\maria\Downloads\Defogger.exe
2014-05-11 17:22 - 2014-05-11 17:22 - 00001059 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-05-11 17:22 - 2014-05-11 17:22 - 00000467 _____ () C:\Windows\WindowsUpdate.log
2014-05-11 17:22 - 2014-05-11 17:22 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-11 17:21 - 2014-05-11 17:21 - 04530888 _____ (Avira Operations GmbH & Co. KG) C:\Users\maria\Downloads\avira_de_av___ws.exe
2014-05-10 18:27 - 2014-05-10 18:27 - 00000000 _____ () C:\Windows\system32\shoDAE.tmp
2014-05-10 14:15 - 2014-05-10 14:15 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-09 03:16 - 2014-05-12 03:51 - 00000728 _____ () C:\Windows\setupact.log
2014-05-09 03:16 - 2014-05-09 03:16 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-08 06:17 - 2014-05-08 06:17 - 00000000 ____D () C:\Users\maria\AppData\Local\{62B8BF01-9117-46A0-820E-7FA07AB353DF}
2014-05-07 16:11 - 2014-05-07 16:11 - 00000000 ____D () C:\Users\maria\AppData\Local\{27F87E11-DD52-45FA-B9C4-A0370FE69CBE}
2014-05-06 18:30 - 2014-05-06 18:30 - 00000000 _____ () C:\Windows\system32\sho7AE0.tmp
2014-05-06 13:35 - 2014-05-06 13:35 - 00000000 ____D () C:\Users\maria\AppData\Local\Skype
2014-05-06 13:35 - 2014-05-06 13:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-06 13:35 - 2014-05-06 13:35 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-05-01 12:02 - 2014-05-01 12:02 - 00000000 ____D () C:\Users\maria\AppData\Local\{B0CC4C94-A5A6-429D-A7D1-E1A2FEF2AF12}
2014-04-30 15:30 - 2014-05-01 05:48 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-04-29 04:44 - 2014-04-29 04:44 - 00000000 ____D () C:\Users\maria\Desktop\pineapple
2014-04-23 14:58 - 2014-04-23 14:58 - 00000000 ____D () C:\Users\maria\AppData\Local\{61C73515-F3FB-418C-9441-83CCA916152E}
2014-04-20 08:42 - 2014-04-20 08:42 - 00000000 ____D () C:\Users\maria\AppData\Local\{C297E7DB-D144-40CD-8CCB-9949DB3D0E0A}
2014-04-19 10:30 - 2014-04-19 10:30 - 00000000 ____D () C:\Users\maria\AppData\Local\{C6FD4EF2-6795-458D-B71E-9621E79CCAEC}
2014-04-19 10:26 - 2014-04-19 10:26 - 00000000 ____D () C:\Users\maria\AppData\Local\{A41B4119-F300-44F6-9A05-923308A67673}
2014-04-14 06:53 - 2014-04-14 06:53 - 00000000 ____D () C:\Users\maria\AppData\Local\{2643C18D-75AC-491E-8496-D986324E0D7B}
2014-04-13 13:01 - 2014-04-13 13:01 - 00056192 _____ () C:\Windows\system32\Drivers\f8065e8752673505.sys
2014-04-12 13:23 - 2014-03-13 07:10 - 01766400 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-12 13:23 - 2014-03-13 07:10 - 01140736 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-12 13:23 - 2014-03-13 07:10 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-12 13:23 - 2014-03-13 07:09 - 14358016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-12 13:23 - 2014-03-13 07:09 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-12 13:23 - 2014-03-13 07:09 - 02877952 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-12 13:23 - 2014-03-13 07:09 - 02049536 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-12 13:23 - 2014-03-13 07:09 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-12 13:23 - 2014-03-13 07:09 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-12 13:23 - 2014-03-13 07:09 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-12 13:23 - 2014-03-13 07:09 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-12 13:23 - 2014-03-13 07:09 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-12 13:23 - 2014-03-13 07:09 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-12 13:23 - 2014-03-13 07:09 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-12 13:23 - 2014-03-13 07:09 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-12 13:23 - 2014-03-13 06:47 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-12 13:23 - 2014-03-13 05:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-04-12 13:20 - 2014-03-04 11:17 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-12 13:20 - 2014-02-04 04:07 - 00234432 _____ () C:\Windows\system32\Drivers\msiscsi.sys
2014-04-12 13:20 - 2014-02-04 04:07 - 00149440 _____ () C:\Windows\system32\Drivers\storport.sys
2014-04-12 13:20 - 2014-02-04 04:07 - 00027072 _____ () C:\Windows\system32\Drivers\Diskdump.sys
2014-04-12 13:20 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-12 13:20 - 2014-01-24 04:18 - 01212352 _____ () C:\Windows\system32\Drivers\ntfs.sys
2014-04-12 04:34 - 2014-04-12 04:34 - 00000000 ____D () C:\Users\maria\AppData\Local\{B268B37F-52B7-486F-82B8-48650B6BFC79}
2014-04-12 04:31 - 2014-04-12 04:31 - 00000000 ____D () C:\Users\maria\AppData\Local\{D3414B33-87A0-467C-91B8-6DAC64474B96}

==================== One Month Modified Files and Folders =======

2014-05-12 06:09 - 2014-05-12 06:09 - 00033033 _____ () C:\Users\maria\Downloads\FRST.txt
2014-05-12 06:09 - 2014-05-12 06:08 - 00000000 ____D () C:\FRST
2014-05-12 06:08 - 2014-05-12 06:07 - 01056256 _____ (Farbar) C:\Users\maria\Downloads\FRST.exe
2014-05-12 06:07 - 2014-05-12 06:06 - 00002860 _____ () C:\Users\maria\Downloads\defogger_disable.log
2014-05-12 06:06 - 2014-05-12 06:06 - 00000000 _____ () C:\Users\maria\defogger_reenable
2014-05-12 06:06 - 2011-10-03 04:32 - 00000000 ____D () C:\Users\maria
2014-05-12 05:50 - 2014-05-12 05:50 - 00050477 _____ () C:\Users\maria\Downloads\Defogger.exe
2014-05-12 05:44 - 2012-04-15 10:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-12 04:00 - 2009-07-14 06:34 - 00016160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-12 04:00 - 2009-07-14 06:34 - 00016160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-12 03:57 - 2010-11-20 23:01 - 00727334 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-12 03:51 - 2014-05-09 03:16 - 00000728 _____ () C:\Windows\setupact.log
2014-05-12 03:51 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-11 18:39 - 2012-09-25 21:34 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2462786714-4158980062-2870690922-1000UA.job
2014-05-11 17:22 - 2014-05-11 17:22 - 00001059 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-05-11 17:22 - 2014-05-11 17:22 - 00000467 _____ () C:\Windows\WindowsUpdate.log
2014-05-11 17:22 - 2014-05-11 17:22 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-11 17:22 - 2013-10-08 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-05-11 17:22 - 2013-10-08 10:23 - 00000000 ____D () C:\ProgramData\Avira
2014-05-11 17:22 - 2013-10-08 10:23 - 00000000 ____D () C:\Program Files\Avira
2014-05-11 17:21 - 2014-05-11 17:21 - 04530888 _____ (Avira Operations GmbH & Co. KG) C:\Users\maria\Downloads\avira_de_av___ws.exe
2014-05-11 16:55 - 2011-10-03 05:12 - 00000000 ____D () C:\Users\maria\AppData\Roaming\Skype
2014-05-11 13:57 - 2012-05-08 12:44 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-10 18:27 - 2014-05-10 18:27 - 00000000 _____ () C:\Windows\system32\shoDAE.tmp
2014-05-10 14:15 - 2014-05-10 14:15 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-09 03:16 - 2014-05-09 03:16 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-08 16:35 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-08 14:13 - 2007-07-12 03:49 - 00000000 ____D () C:\Windows\Panther
2014-05-08 06:17 - 2014-05-08 06:17 - 00000000 ____D () C:\Users\maria\AppData\Local\{62B8BF01-9117-46A0-820E-7FA07AB353DF}
2014-05-07 16:11 - 2014-05-07 16:11 - 00000000 ____D () C:\Users\maria\AppData\Local\{27F87E11-DD52-45FA-B9C4-A0370FE69CBE}
2014-05-06 18:30 - 2014-05-06 18:30 - 00000000 _____ () C:\Windows\system32\sho7AE0.tmp
2014-05-06 13:35 - 2014-05-06 13:35 - 00000000 ____D () C:\Users\maria\AppData\Local\Skype
2014-05-06 13:35 - 2014-05-06 13:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-06 13:35 - 2014-05-06 13:35 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-05-06 13:35 - 2013-10-08 19:13 - 00000000 ___RD () C:\Program Files\Skype
2014-05-06 13:35 - 2011-05-10 23:36 - 00000000 ____D () C:\ProgramData\Skype
2014-05-04 09:15 - 2013-11-11 22:45 - 00000000 ____D () C:\Users\maria\Documents\Reisedokumente
2014-05-02 05:34 - 2012-06-10 18:49 - 00000000 ____D () C:\Users\maria\Desktop\musik
2014-05-01 12:02 - 2014-05-01 12:02 - 00000000 ____D () C:\Users\maria\AppData\Local\{B0CC4C94-A5A6-429D-A7D1-E1A2FEF2AF12}
2014-05-01 05:48 - 2014-04-30 15:30 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-04-30 15:50 - 2012-04-15 10:46 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-04-30 15:50 - 2011-11-16 21:41 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-04-30 13:52 - 2009-07-14 06:53 - 00032618 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-29 04:44 - 2014-04-29 04:44 - 00000000 ____D () C:\Users\maria\Desktop\pineapple
2014-04-28 04:25 - 2012-09-25 21:33 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2462786714-4158980062-2870690922-1000Core.job
2014-04-23 16:52 - 2011-10-06 20:11 - 00000000 ____D () C:\Users\maria\AppData\Roaming\SoftGrid Client
2014-04-23 14:58 - 2014-04-23 14:58 - 00000000 ____D () C:\Users\maria\AppData\Local\{61C73515-F3FB-418C-9441-83CCA916152E}
2014-04-23 11:33 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-04-22 15:46 - 2013-11-22 19:54 - 00000000 ____D () C:\Users\maria\AppData\Roaming\vlc
2014-04-22 15:39 - 2014-01-25 05:58 - 00000000 ____D () C:\Users\maria\Desktop\Letters
2014-04-20 08:42 - 2014-04-20 08:42 - 00000000 ____D () C:\Users\maria\AppData\Local\{C297E7DB-D144-40CD-8CCB-9949DB3D0E0A}
2014-04-19 10:30 - 2014-04-19 10:30 - 00000000 ____D () C:\Users\maria\AppData\Local\{C6FD4EF2-6795-458D-B71E-9621E79CCAEC}
2014-04-19 10:26 - 2014-04-19 10:26 - 00000000 ____D () C:\Users\maria\AppData\Local\{A41B4119-F300-44F6-9A05-923308A67673}
2014-04-15 16:32 - 2011-10-03 04:32 - 00000000 ____D () C:\Users\maria\AppData\Local\Adobe
2014-04-14 06:53 - 2014-04-14 06:53 - 00000000 ____D () C:\Users\maria\AppData\Local\{2643C18D-75AC-491E-8496-D986324E0D7B}
2014-04-13 13:01 - 2014-04-13 13:01 - 00056192 _____ () C:\Windows\system32\Drivers\f8065e8752673505.sys
2014-04-12 13:31 - 2013-10-08 10:43 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-12 04:34 - 2014-04-12 04:34 - 00000000 ____D () C:\Users\maria\AppData\Local\{B268B37F-52B7-486F-82B8-48650B6BFC79}
2014-04-12 04:31 - 2014-04-12 04:31 - 00000000 ____D () C:\Users\maria\AppData\Local\{D3414B33-87A0-467C-91B8-6DAC64474B96}

Some content of TEMP:
====================
C:\Users\maria\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys
[2010-11-20 23:29] - [2010-11-20 23:29] - 0245632 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\system32\Drivers\volsnap.sys No Company Name <===== ATTENTION!



LastRegBack: 2014-05-10 15:02

==================== End Of Log ============================
FRST-addition-log:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version:11-05-2014 01
Ran by maria at 2014-05-12 06:10:19
Running from C:\Users\maria\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Acer Crystal Eye Webcam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1523 - CyberLink Corp.)
Acer Crystal Eye Webcam (Version: 1.0.1523 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3006 - Acer Incorporated)
Acer eRecovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3004 - Acer Incorporated)
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)
Adobe AIR (Version: 2.0.2.12610 - Adobe Systems Inc.) Hidden
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
AIS 3G Pocket WiFi (HKLM\...\AIS 3G Pocket WiFi) (Version: 1.10.00.935 - Huawei Technologies Co.,Ltd)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}) (Version: 4.0.0.96 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM\...\{3361e961-9e49-487c-b1ac-9255348ccbaf}) (Version: 1.1.12.20002 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.12.20002 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Facebook Video Calling 2.0.0.447 (HKLM\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Galerie de photos Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Identity Card (HKLM\...\Identity Card) (Version: 1.00.3006 - Acer Incorporated)
Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.2230 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM\...\LManager) (Version: 5.1.4 - Acer Inc.)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
PhotoScape (HKLM\...\PhotoScape) (Version:  - )
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.37.1229.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6307 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.78 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.18.0 - Synaptics Incorporated)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation)
VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN)
Welcome Center (HKLM\...\Acer Welcome Center) (Version: 1.02.3103 - Acer Incorporated)
Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.20 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1A8C92B9-0F4A-445E-BCAE-81FA6A4C244C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {21285472-D062-443E-834C-2A9BFA41327C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-30] (Adobe Systems Incorporated)
Task: {27CC9854-7F37-4B06-A5D3-4C321B5C3D0A} - System32\Tasks\{E25BCF6D-96DA-4E5B-9A93-93F21CEC7EB6} => C:\Program Files\Skype\Phone\Skype.exe [2014-02-10] (Skype Technologies S.A.)
Task: {5D915CB3-09DE-4019-B28C-AEEA64D924EF} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2462786714-4158980062-2870690922-1000UA => C:\Users\maria\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-25] (Facebook Inc.)
Task: {7F748F8C-C3A5-459C-B9E7-A766D3AA8B02} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2462786714-4158980062-2870690922-1000
Task: {A27BA80E-46D6-455D-8DB1-9484D5A39EDF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D1310DC9-4822-454C-ABBD-0DD0233167B7} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2462786714-4158980062-2870690922-1000Core => C:\Users\maria\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-25] (Facebook Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2462786714-4158980062-2870690922-1000Core.job => C:\Users\maria\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2462786714-4158980062-2870690922-1000UA.job => C:\Users\maria\AppData\Local\Facebook\Update\FacebookUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-07-30 15:12 - 2013-03-19 06:48 - 00038912 _____ () C:\Windows\system32\CSRSRV.dll
2009-07-14 01:11 - 2009-07-14 03:16 - 00033280 _____ () C:\Windows\system32\pcwum.dll
2009-07-14 01:11 - 2009-07-14 03:16 - 00033280 _____ () C:\Windows\system32\pcwum.DLL
2009-07-14 01:11 - 2009-07-14 03:16 - 00033280 _____ () c:\windows\system32\pcwum.dll
2013-10-08 10:23 - 2013-10-08 10:09 - 00394824 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 01242952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-03-14 17:27 - 2011-03-14 17:27 - 00271712 _____ () C:\ProgramData\DatacardService\HWDeviceService.exe
2014-05-05 10:37 - 2014-05-05 10:37 - 00138320 _____ () C:\Program Files\Avira\My Avira\Avira.OE.NativeCore.dll
2014-05-05 10:37 - 2014-05-05 10:37 - 00065616 _____ () C:\Program Files\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-05-11 17:22 - 2014-05-05 10:37 - 00049744 _____ () C:\Users\maria\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-03-29 11:30 - 2014-03-29 11:30 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\0a0467413a424068d1471448ff6ca6cc\IsdiInterop.ni.dll
2011-05-10 22:58 - 2010-11-06 08:50 - 00058880 _____ () C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-05-10 14:15 - 2014-05-10 14:15 - 03839088 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-05-12 05:50 - 2014-05-12 05:50 - 00050477 _____ () C:\Users\maria\Downloads\Defogger.exe

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk => C:\Windows\pss\Acer VCM.lnk.CommonStartup

==================== Faulty Device Manager Devices =============

Name: ssmdrv
Description: ssmdrv
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: ssmdrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/12/2014 04:02:12 AM) (Source: CVHSVC) (User: ) (EventID: 100)
Description: Information only.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (05/12/2014 03:53:29 AM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/11/2014 02:08:22 PM) (Source: CVHSVC) (User: ) (EventID: 100)
Description: Information only.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (05/11/2014 01:58:55 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/11/2014 03:15:20 AM) (Source: CVHSVC) (User: ) (EventID: 100)
Description: Information only.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (05/11/2014 03:05:43 AM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/10/2014 01:01:52 PM) (Source: Google Update) (User: maria-PC) (EventID: 20)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80

Error: (05/10/2014 11:14:26 AM) (Source: CVHSVC) (User: ) (EventID: 100)
Description: Information only.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (05/10/2014 10:53:40 AM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/09/2014 04:59:13 PM) (Source: CVHSVC) (User: ) (EventID: 100)
Description: Information only.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.


System errors:
=============
Error: (05/12/2014 05:37:05 AM) (Source: DCOM) (User: ) (EventID: 10010)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (05/12/2014 05:37:01 AM) (Source: Service Control Manager) (User: ) (EventID: 7011)
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (05/12/2014 03:53:09 AM) (Source: Service Control Manager) (User: ) (EventID: 7026)
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
ssmdrv

Error: (05/12/2014 03:51:49 AM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: The avgntflt service failed to start due to the following error: 
%%31

Error: (05/11/2014 07:27:17 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: 
%%1069

Error: (05/11/2014 07:27:17 PM) (Source: Service Control Manager) (User: ) (EventID: 7038)
Description: The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: 
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (05/11/2014 07:27:17 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: The Network List Service service failed to start due to the following error: 
%%1069

Error: (05/11/2014 07:27:17 PM) (Source: Service Control Manager) (User: ) (EventID: 7038)
Description: The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: 
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (05/11/2014 07:27:17 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: The Diagnostic Service Host service failed to start due to the following error: 
%%1069

Error: (05/11/2014 07:27:17 PM) (Source: Service Control Manager) (User: ) (EventID: 7038)
Description: The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: 
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).


Microsoft Office Sessions:
=========================
Error: (05/12/2014 04:02:12 AM) (Source: CVHSVC) (User: ) (EventID: 100)
Description: Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (05/12/2014 03:53:29 AM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/11/2014 02:08:22 PM) (Source: CVHSVC) (User: ) (EventID: 100)
Description: Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (05/11/2014 01:58:55 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/11/2014 03:15:20 AM) (Source: CVHSVC) (User: ) (EventID: 100)
Description: Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (05/11/2014 03:05:43 AM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/10/2014 01:01:52 PM) (Source: Google Update) (User: maria-PC) (EventID: 20)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80

Error: (05/10/2014 11:14:26 AM) (Source: CVHSVC) (User: ) (EventID: 100)
Description: Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (05/10/2014 10:53:40 AM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/09/2014 04:59:13 PM) (Source: CVHSVC) (User: ) (EventID: 100)
Description: Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.
GMER-log:

Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-05-12 06:57:10
Windows 6.1.7601 Service Pack 1 
Running: Gmer-19357.exe


---- Services - GMER 2.1 ----

Service  System32\Drivers\f8065e8752673505.sys (*** hidden *** )               [BOOT] f8065e8752673505                             <-- ROOTKIT !!!

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\f8065e8752673505@ImagePath     \SystemRoot\System32\Drivers\f8065e8752673505.sys
Reg      HKLM\SYSTEM\CurrentControlSet\services\f8065e8752673505@Group         Boot Bus Extender
Reg      HKLM\SYSTEM\CurrentControlSet\services\f8065e8752673505@ErrorControl  0
Reg      HKLM\SYSTEM\CurrentControlSet\services\f8065e8752673505@Type          1
Reg      HKLM\SYSTEM\CurrentControlSet\services\f8065e8752673505@Start         0
Reg      HKLM\SYSTEM\CurrentControlSet\services\f8065e8752673505@Tag           1
Reg      HKLM\SYSTEM\CurrentControlSet\services\f8065e8752673505@DisplayName   syshost.exe
Reg      HKLM\SYSTEM\CurrentControlSet\services\f8065e8752673505               
Reg      HKLM\SYSTEM\ControlSet002\services\f8065e8752673505@ImagePath         \SystemRoot\System32\Drivers\f8065e8752673505.sys
Reg      HKLM\SYSTEM\ControlSet002\services\f8065e8752673505@Group             Boot Bus Extender
Reg      HKLM\SYSTEM\ControlSet002\services\f8065e8752673505@ErrorControl      0
Reg      HKLM\SYSTEM\ControlSet002\services\f8065e8752673505@Type              1
Reg      HKLM\SYSTEM\ControlSet002\services\f8065e8752673505@Start             0
Reg      HKLM\SYSTEM\ControlSet002\services\f8065e8752673505@Tag               1
Reg      HKLM\SYSTEM\ControlSet002\services\f8065e8752673505@DisplayName       syshost.exe

---- EOF - GMER 2.1 ----
So, ich hoffe das war alles und ich habe es richtig angewendet.

Vielen Dank auf jeden Fall schon mal!

Viele Grüße
David

 

Themen zu Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen'
0x8007042, antivir, antivirus, association, avira, browser, desktop, device driver, dxgkrnl, error, failed, firefox, flash player, homepage, launch, malware, monitor, mozilla, msiexec.exe, problem, realtek, registry, scan, security, software, svchost.exe, system, trojaner, tunnel, usb, virus, windows


« PUP.Optional.Somoto gefunden | Win 8.1: Nach Skype Installation viele Probleme »


Ähnliche Themen: Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen'


  1. McAfee: Echtzeitscanner lässt sich nicht aktivieren
    Log-Analyse und Auswertung - 04.09.2015 (10)
  2. Windows7 taskmgr lässt sich nicht starten, Avira Echtzeitscanner lässt sich nicht aktivieren, USB wird nicht angenommen, ohne Meldung,
    Log-Analyse und Auswertung - 01.06.2015 (15)
  3. Windows 7: Avira Echtzeitscanner lässt sich nicht aktivieren
    Log-Analyse und Auswertung - 26.03.2015 (13)
  4. TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren
    Plagegeister aller Art und deren Bekämpfung - 14.01.2015 (29)
  5. Antivir Echtzeitscanner lässt sich nicht aktivieren
    Log-Analyse und Auswertung - 13.01.2015 (19)
  6. Windows XP: Avira Echtzeitscanner lässt sich nicht aktivieren / AVG Residente Komponente inaktiv
    Log-Analyse und Auswertung - 12.08.2014 (9)
  7. Win XP Malware Funde, Antivir lässt sich nicht mehr aktivieren
    Log-Analyse und Auswertung - 03.04.2014 (15)
  8. Antivir lässt sich nicht mehr aktivieren - wprotectmanager.exe auf dem Rechner
    Log-Analyse und Auswertung - 01.04.2014 (9)
  9. win xp fund TR/roodkit.gen und Antivir Echtzeitscanner läßt sich nicht aktivieren
    Log-Analyse und Auswertung - 20.03.2014 (21)
  10. HomeTab - TBUpdater.dll - Fehlermeldung / Antivir lässt sich nicht mehr aktivieren
    Plagegeister aller Art und deren Bekämpfung - 22.10.2013 (22)
  11. Musik im Hintergrund/antivir lässt sich nicht updaten, aktivieren
    Plagegeister aller Art und deren Bekämpfung - 13.11.2012 (9)
  12. Virus erneuert sich selbst und Firewall lässt sich nicht aktivieren. Rootkit?
    Plagegeister aller Art und deren Bekämpfung - 09.11.2012 (11)
  13. Echtzeitscanner lässt sich nicht aktivieren - weisser Desktopbildschirm
    Log-Analyse und Auswertung - 17.09.2012 (16)
  14. Rootkit / Echtzeitscanner lässt sich nicht mehr aktivieren
    Log-Analyse und Auswertung - 11.09.2012 (11)
  15. Antivir Echtzeitscanner und Windows Update lassen sich nicht mehr aktivieren
    Log-Analyse und Auswertung - 10.08.2012 (2)
  16. Antivir guard lässt sich nicht aktivieren!
    Antiviren-, Firewall- und andere Schutzprogramme - 19.03.2010 (11)
  17. AntiVir Guard lässt sich nicht aktivieren!
    Antiviren-, Firewall- und andere Schutzprogramme - 24.07.2009 (29)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen' - Hallo liebe Trojanerjäger! Seit ein paar Tagen habe ich bemerkt, dass ich den Antivir Echtzeitscanner nicht mehr aktivieren kann. Ich habe daraufhin mehrfach versucht durch einen Virencheck mit Antivir das - Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen'...
Archiv
Du betrachtest: Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen' auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19