| |
| |||||||
Log-Analyse und Auswertung: Win7 TR/Agent.37888.248 kann nicht gelöscht werden, Echtzeitscanner funktioniert nicht mehrWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
07.07.2014, 02:13
| #1 |
 |  Win7 TR/Agent.37888.248 kann nicht gelöscht werden, Echtzeitscanner funktioniert nicht mehr Liebes Trojaner-Board-Team, bräuchte unbedingt eure Hilfe. Habe gestern von meinem Internet - Anbieter einen Brief bekommen, mit der Mitteilung dass von meinen Anschluss Spam-Mails versendet wurden. Es folgten die Hinweise, ich sollte Computer auf Viren und Trojaner durchsuchen. Daraufhin habe ich Avira mal alles durchscannen lassen und dabei wurde TR/Agent.37888.248 entdeckt. Hatte es einige male versucht zu entfernen bzw. in Quarantäne zu stecken, was mir nicht gelungen ist. Computer startet neu, aber beim erneuten Durchsuchen ist es immer noch da. Hinzu kommt das Problem, dass Echtzeit-Scanner lahm gelegt wurde und nicht mehr aktiviert werden kann. Bis zum gestrigen Tag hatte ich keine ernsthafte Probleme feststellen können, kann deshalb nicht einschätzen seit wann Trojaner drauf ist. defogger: defogger_disable by jpshortstuff (23.02.10.1) Log created at 01:48 on 07/07/2014 (*****) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... Unable to read 8a6a6eefe4cb1615.sys Unable to read tdx.sys Unable to read termdd.sys Unable to read tssecsrv.sys Unable to read TsUsbFlt.sys Unable to read tunnel.sys Unable to read UAGP35.SYS Unable to read udfs.sys Unable to read ULIAGPKX.SYS Unable to read umbus.sys Unable to read umpass.sys Unable to read usb8023.sys Unable to read usbccgp.sys Unable to read usbcir.sys Unable to read usbd.sys Unable to read usbehci.sys Unable to read usbhub.sys Unable to read usbohci.sys Unable to read usbport.sys Unable to read usbprint.sys Unable to read usbscan.sys Unable to read USBSTOR.SYS Unable to read usbuhci.sys Unable to read usbvideo.sys Unable to read vdrvroot.sys Unable to read vga.sys Unable to read vgapnp.sys Unable to read vhdmp.sys Unable to read VIAAGP.SYS Unable to read viac7.sys Unable to read viaide.sys Unable to read videoprt.sys Unable to read volmgr.sys Unable to read volmgrx.sys Unable to read volsnap.sys Unable to read vpnva.sys Unable to read vsmraid.sys Unable to read vwifibus.sys Unable to read vwififlt.sys Unable to read vwifimp.sys Unable to read wacompen.sys Unable to read wanarp.sys Unable to read watchdog.sys Unable to read wd.sys Unable to read Wdf01000.sys Unable to read WdfLdr.sys Unable to read wfplwf.sys Unable to read wimmount.sys Unable to read winusb.sys Unable to read wmiacpi.sys Unable to read wmilib.sys Unable to read ws2ifsl.sys Unable to read WSDPrint.sys Unable to read WSDScan.sys Unable to read WUDFPf.sys Unable to read WUDFRd.sys -=E.O.F=- FRST.txt: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-07-2014 01 Ran by *****(administrator) on *****-PC on 07-07-2014 01:54:45 Running from C:\Users\*****\Desktop Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe () C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe (Micro-Star International Co., Ltd.) C:\Program Files\System Control Manager\MSIService.exe () C:\Program Files\CyberLink\Shared files\RichVideo.exe () C:\Windows\Installer\{5B103D0C-08EE-0E5D-443C-FB25241BCA6D}\syshost.exe () C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Micro-Star International Co., Ltd.) C:\Program Files\System Control Manager\MGSysCtrl.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (CyberLink Corp.) C:\Program Files\CyberLink\YouCam\YouCamTray.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (1und1 Mail und Media GmbH) C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avcenter.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avscan.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation) HKLM\...\Run: [MGSysCtrl] => C:\Program Files\System Control Manager\MGSysCtrl.exe [2064384 2009-08-05] (Micro-Star International Co., Ltd.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1541416 2009-07-14] (Synaptics Incorporated) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7703072 2009-08-05] (Realtek Semiconductor) HKLM\...\Run: [PDVD9LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe [50472 2009-04-27] (CyberLink Corp.) HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM\...\Run: [YouCam Mirror Tray icon] => C:\Program Files\CyberLink\YouCam\YouCamTray.exe [171104 2010-02-10] (CyberLink Corp.) HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-04] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [527864 2012-12-10] (Cisco Systems, Inc.) HKLM\...\Run: [MailCheck IE Broker] => C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe [1810496 2014-04-24] (1und1 Mail und Media GmbH) HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2013-05-09] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\Anna Schröder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Anna Schröder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.web.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://suche.web.de/webhp?src=br_startpage_ie SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {6B1D1FB7-7233-4F7C-802C-21A1DDB12754} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKCU - {09038620-190C-402B-A92F-18864E6AB22F} URL = hxxp://go.1und1.de/br/ie9_search_web/?su={searchTerms} SearchScopes: HKCU - {29684CFD-8CF8-477C-B5DD-D316698CC245} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKCU - {40064957-18EB-412d-9146-3F57E8D92EEC} URL = hxxp://go.web.de/br/ie9_search_pic/?su={searchTerms} SearchScopes: HKCU - {4480DF41-E315-4A99-9736-88E977EF4CF5} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&origin=searchplugin SearchScopes: HKCU - {5A817CF6-92D5-4DE5-AC38-82DF8A73EF28} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKCU - {6B1D1FB7-7233-4F7C-802C-21A1DDB12754} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKCU - {8D27B32E-89EE-460e-82D2-5FC354078EAD} URL = hxxp://go.web.de/br/ie9_search_produkte/?su={searchTerms} SearchScopes: HKCU - {DCE59F23-A446-45a5-9459-E68FDC0DE38D} URL = hxxp://go.web.de/br/ie9_search_maps/?su={searchTerms} SearchScopes: HKCU - {E9EC7059-435D-4A4F-9E8D-7C02A139395C} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKCU - {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/search?utf8in=1&fr=ietb&q={SearchTerms} BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation) BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: No Name - {8984B388-A5BB-4DF7-B274-77B879E179DB} - No File BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: WEB.DE MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - WEB.DE MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - WEB.DE MailCheck - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) Toolbar: HKCU - No Name - {09900DE8-1DCA-443F-9243-26FF581438AF} - No File DPF: {538793D5-659C-4639-A56C-A179AD87ED44} https://asavpn-cluster-1.hrz.uni-bielefeld.de/CACHE/stc/1/binaries/vpnweb.cab DPF: {85C86CCC-2158-4123-9C7D-785190CED875} hxxp://www.digitalpublishing.de/launcher/dpLaunchPlugin.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @mytalkpal.com/ffplugin - C:\Program Files\Talkpal\Speech Plugin For EF\npTalkpalPlugin.dll No File FF Plugin: @t-immersion.com/DFusionHomeWebPlugIn - C:\Program Files\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) Chrome: ======= CHR DefaultSearchKeyword: go.mail.ru CHR DefaultSearchProvider: Поиск@Mail.Ru CHR DefaultSearchURL: hxxp://go.mail.ru/search?q={searchTerms}&fr=chrome CHR DefaultNewTabURL: CHR Extension: (Google Wallet) - C:\Users\Anna Schröder\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-12] CHR HKLM\...\Chrome\Extension: [aaaaabfjnbeinlpljodiajipidiompfl] - C:\Users\*****\AppData\Local\APN\GoogleCRXs\aaaaabfjnbeinlpljodiajipidiompfl_7.15.24.0.crx [2014-05-12] CHR HKLM\...\Chrome\Extension: [ieadcoanfjloocmfafkebdnfefmohngj] - C:\Program Files\BonanzaDeals\BonanzaDeals.crx [2014-05-12] ========================== Services (Whitelisted) ================= Locked "8a6a6eefe4cb1615" service could not be unlocked. <===== ATTENTION R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-07-04] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-04] (Avira Operations GmbH & Co. KG) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1565880 2014-05-21] (Microsoft Corporation) R2 Guard.Mail.ru; C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe [6989856 2014-07-06] () R2 Micro Star SCM; C:\Program Files\System Control Manager\MSIService.exe [160768 2009-07-09] (Micro-Star International Co., Ltd.) [File not signed] R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [271760 2009-04-27] () R2 syshost32; C:\Windows\Installer\{5B103D0C-08EE-0E5D-443C-FB25241BCA6D}\syshost.exe [99328 2014-06-24] () [File not signed] R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [479224 2012-12-10] (Cisco Systems, Inc.) ==================== Drivers (Whitelisted) ==================== S3 1394ohci; C:\Windows\system32\drivers\1394ohci.sys [164864 2010-11-20] () [File not signed] R0 ACPI; C:\Windows\System32\drivers\ACPI.sys [274304 2010-11-20] () [File not signed] S3 AcpiPmi; C:\Windows\system32\drivers\acpipmi.sys [10240 2010-11-20] () [File not signed] S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [92112 2012-12-10] () [File not signed] S3 adp94xx; C:\Windows\system32\DRIVERS\adp94xx.sys [422976 2009-07-14] () [File not signed] S3 adpahci; C:\Windows\system32\DRIVERS\adpahci.sys [297552 2009-07-14] () [File not signed] S3 adpu320; C:\Windows\system32\DRIVERS\adpu320.sys [146512 2009-07-14] () [File not signed] R1 AFD; C:\Windows\system32\drivers\afd.sys [338944 2013-09-14] () [File not signed] S3 agp440; C:\Windows\system32\drivers\agp440.sys [53312 2009-07-14] () [File not signed] S3 aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [70720 2009-07-14] () [File not signed] S3 aliide; C:\Windows\system32\drivers\aliide.sys [14400 2009-07-14] () [File not signed] S3 amdagp; C:\Windows\system32\drivers\amdagp.sys [53312 2009-07-14] () [File not signed] S3 amdide; C:\Windows\system32\drivers\amdide.sys [14912 2009-07-14] () [File not signed] S3 AmdK8; C:\Windows\system32\DRIVERS\amdk8.sys [55296 2009-07-14] () [File not signed] S3 AmdPPM; C:\Windows\system32\DRIVERS\amdppm.sys [52736 2009-07-14] () [File not signed] S3 amdsata; C:\Windows\system32\drivers\amdsata.sys [80256 2011-03-11] () [File not signed] S3 amdsbs; C:\Windows\system32\DRIVERS\amdsbs.sys [159312 2009-07-14] () [File not signed] R0 amdxata; C:\Windows\System32\drivers\amdxata.sys [22400 2011-03-11] () [File not signed] S3 androidusb; C:\Windows\System32\Drivers\ssadadb.sys [30312 2011-05-13] () [File not signed] S3 AppID; C:\Windows\system32\drivers\appid.sys [50176 2010-11-20] () [File not signed] S3 arc; C:\Windows\system32\DRIVERS\arc.sys [76368 2009-07-14] () [File not signed] S3 arcsas; C:\Windows\system32\DRIVERS\arcsas.sys [86608 2009-07-14] () [File not signed] R3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [17920 2009-07-14] () [File not signed] S3 atapi; C:\Windows\system32\drivers\atapi.sys [21584 2009-07-14] () [File not signed] S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-07-04] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-05-27] () [File not signed] R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-02] () [File not signed] S3 b06bdrv; C:\Windows\system32\DRIVERS\bxvbdx.sys [430080 2009-07-14] () [File not signed] S3 b57nd60x; C:\Windows\System32\DRIVERS\b57nd60x.sys [229888 2009-07-14] () [File not signed] R1 Beep; C:\Windows\system32\Drivers\Beep.sys [6144 2009-07-14] () [File not signed] R1 blbdrive; C:\Windows\system32\DRIVERS\blbdrive.sys [35328 2009-07-14] () [File not signed] R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [69632 2011-02-23] () [File not signed] S3 BrFiltLo; C:\Windows\system32\DRIVERS\BrFiltLo.sys [13568 2009-07-14] () [File not signed] S3 BrFiltUp; C:\Windows\system32\DRIVERS\BrFiltUp.sys [5248 2009-07-14] () [File not signed] S3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [78336 2009-07-14] () [File not signed] S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [272128 2009-07-14] () [File not signed] S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [62336 2009-07-14] () [File not signed] S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [12160 2009-07-14] () [File not signed] S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [11904 2009-07-14] () [File not signed] R3 BthEnum; C:\Windows\system32\drivers\BthEnum.sys [34816 2009-07-14] () [File not signed] S3 BTHMODEM; C:\Windows\system32\DRIVERS\bthmodem.sys [56320 2009-07-14] () [File not signed] R3 BthPan; C:\Windows\System32\DRIVERS\bthpan.sys [93696 2009-07-14] () [File not signed] S3 BTHPORT; C:\Windows\System32\Drivers\BTHport.sys [392704 2009-07-14] () [File not signed] R3 BTHUSB; C:\Windows\System32\Drivers\BTHUSB.sys [58880 2009-07-14] () [File not signed] R3 btwaudio; C:\Windows\System32\drivers\btwaudio.sys [86056 2009-07-01] () [File not signed] R3 btwavdt; C:\Windows\System32\drivers\btwavdt.sys [108072 2009-07-01] () [File not signed] R3 btwl2cap; C:\Windows\System32\DRIVERS\btwl2cap.sys [29472 2009-04-07] () [File not signed] R3 btwrchid; C:\Windows\System32\DRIVERS\btwrchid.sys [18344 2009-07-01] () [File not signed] S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [70656 2009-07-14] () [File not signed] S3 cdrom; C:\Windows\system32\drivers\cdrom.sys [108544 2010-11-20] () [File not signed] S3 circlass; C:\Windows\system32\DRIVERS\circlass.sys [37888 2009-07-14] () [File not signed] R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] () [File not signed] R3 CmBatt; C:\Windows\system32\DRIVERS\CmBatt.sys [14080 2009-07-14] () [File not signed] S3 cmdide; C:\Windows\system32\drivers\cmdide.sys [15952 2009-07-14] () [File not signed] R0 CNG; C:\Windows\System32\Drivers\cng.sys [369848 2013-07-04] () [File not signed] R0 Compbatt; C:\Windows\System32\DRIVERS\compbatt.sys [19024 2009-07-14] () [File not signed] R3 CompositeBus; C:\Windows\system32\drivers\CompositeBus.sys [31232 2010-11-20] () [File not signed] S4 crcdisk; C:\Windows\system32\DRIVERS\crcdisk.sys [22096 2009-07-14] () [File not signed] R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [78336 2010-11-20] () [File not signed] R1 discache; C:\Windows\System32\drivers\discache.sys [32256 2009-07-14] () [File not signed] R0 Disk; C:\Windows\System32\DRIVERS\disk.sys [57424 2009-07-14] () [File not signed] S3 drmkaud; C:\Windows\system32\drivers\drmkaud.sys [5120 2009-07-14] () [File not signed] R3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [729024 2013-08-01] () [File not signed] S3 ebdrv; C:\Windows\system32\DRIVERS\evbdx.sys [3100160 2009-07-14] () [File not signed] S3 elxstor; C:\Windows\system32\DRIVERS\elxstor.sys [453712 2009-07-14] () [File not signed] S3 ErrDev; C:\Windows\system32\drivers\errdev.sys [7168 2009-07-14] () [File not signed] S3 exfat; C:\Windows\system32\Drivers\exfat.sys [142336 2009-07-14] () [File not signed] S3 fastfat; C:\Windows\system32\Drivers\fastfat.sys [148480 2009-07-14] () [File not signed] S3 fdc; C:\Windows\system32\DRIVERS\fdc.sys [25088 2009-07-14] () [File not signed] R0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [58448 2009-07-14] () [File not signed] S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [28160 2009-07-14] () [File not signed] S3 flpydisk; C:\Windows\system32\DRIVERS\flpydisk.sys [19968 2009-07-14] () [File not signed] R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [198208 2009-07-14] () [File not signed] S3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [46160 2009-07-14] () [File not signed] U0 Fs_Rec; C:\Windows\system32\Drivers\Fs_Rec.sys [19824 2012-03-01] () [File not signed] R0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [196328 2013-01-24] () [File not signed] S3 gagp30kx; C:\Windows\system32\DRIVERS\gagp30kx.sys [57936 2009-07-14] () [File not signed] S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [26624 2009-07-14] () [File not signed] S3 HdAudAddService; C:\Windows\system32\drivers\HdAudio.sys [304128 2010-11-20] () [File not signed] R3 HDAudBus; C:\Windows\system32\drivers\HDAudBus.sys [108544 2010-11-20] () [File not signed] S3 HidBatt; C:\Windows\system32\DRIVERS\HidBatt.sys [21504 2009-07-14] () [File not signed] S3 HidBth; C:\Windows\system32\DRIVERS\hidbth.sys [91136 2009-07-14] () [File not signed] S3 HidIr; C:\Windows\system32\DRIVERS\hidir.sys [37888 2009-07-14] () [File not signed] S3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [24064 2010-11-20] () [File not signed] S3 HpSAMD; C:\Windows\system32\drivers\HpSAMD.sys [67152 2009-07-14] () [File not signed] R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [513536 2010-11-20] () [File not signed] R0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14208 2010-11-20] () [File not signed] R3 i8042prt; C:\Windows\system32\drivers\i8042prt.sys [80896 2009-07-14] () [File not signed] R0 iaStor; C:\Windows\System32\DRIVERS\iaStor.sys [330264 2009-06-04] () [File not signed] S3 iaStorV; C:\Windows\system32\drivers\iaStorV.sys [332160 2011-03-11] () [File not signed] R3 igfx; C:\Windows\System32\DRIVERS\igdkmd32.sys [9024512 2010-08-25] () [File not signed] S3 iirsp; C:\Windows\system32\DRIVERS\iirsp.sys [41040 2009-07-14] () [File not signed] R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHDA.sys [2745760 2009-08-05] () [File not signed] R3 IntcHdmiAddService; C:\Windows\System32\drivers\IntcHdmi.sys [122368 2009-05-26] () [File not signed] S3 intelide; C:\Windows\system32\drivers\intelide.sys [15424 2009-07-14] () [File not signed] R3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [53760 2009-07-14] () [File not signed] S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [58880 2009-07-14] () [File not signed] S3 IPMIDRV; C:\Windows\system32\drivers\IPMIDrv.sys [65536 2010-11-20] () [File not signed] S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [101888 2009-07-14] () [File not signed] S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [13824 2009-07-14] () [File not signed] S3 isapnp; C:\Windows\system32\drivers\isapnp.sys [46656 2009-07-14] () [File not signed] S3 iScsiPrt; C:\Windows\system32\drivers\msiscsi.sys [234432 2014-02-04] () [File not signed] R3 kbdclass; C:\Windows\system32\drivers\kbdclass.sys [42576 2009-07-14] () [File not signed] S3 kbdhid; C:\Windows\system32\drivers\kbdhid.sys [28160 2010-11-20] () [File not signed] R0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [67520 2014-04-12] () [File not signed] R0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [136640 2014-04-12] () [File not signed] R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [48128 2009-07-14] () [File not signed] S3 LSI_FC; C:\Windows\system32\DRIVERS\lsi_fc.sys [95824 2009-07-14] () [File not signed] S3 LSI_SAS; C:\Windows\system32\DRIVERS\lsi_sas.sys [89168 2009-07-14] () [File not signed] S3 LSI_SAS2; C:\Windows\system32\DRIVERS\lsi_sas2.sys [54864 2009-07-14] () [File not signed] S3 LSI_SCSI; C:\Windows\system32\DRIVERS\lsi_scsi.sys [96848 2009-07-14] () [File not signed] R2 luafv; C:\Windows\system32\drivers\luafv.sys [86528 2009-07-14] () [File not signed] S3 megasas; C:\Windows\system32\DRIVERS\megasas.sys [30800 2009-07-14] () [File not signed] S3 MegaSR; C:\Windows\system32\DRIVERS\MegaSR.sys [235584 2009-07-14] () [File not signed] S3 Modem; C:\Windows\System32\drivers\modem.sys [31744 2009-07-14] () [File not signed] R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [23552 2009-07-14] () [File not signed] R3 mouclass; C:\Windows\system32\drivers\mouclass.sys [41552 2009-07-14] () [File not signed] S3 mouhid; C:\Windows\system32\DRIVERS\mouhid.sys [26112 2009-07-14] () [File not signed] R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [78208 2010-11-20] () [File not signed] S3 mpio; C:\Windows\system32\drivers\mpio.sys [130432 2010-11-20] () [File not signed] R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [60416 2009-07-14] () [File not signed] S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [115712 2013-07-04] () [File not signed] R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [123904 2011-04-27] () [File not signed] R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [223744 2011-07-09] () [File not signed] R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [96768 2011-04-27] () [File not signed] S3 msahci; C:\Windows\system32\drivers\msahci.sys [28032 2010-11-20] () [File not signed] S3 msdsm; C:\Windows\system32\drivers\msdsm.sys [116096 2010-11-20] () [File not signed] R1 Msfs; C:\Windows\system32\Drivers\Msfs.sys [22528 2009-07-14] () [File not signed] S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [4096 2009-07-14] () [File not signed] R0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [13888 2009-07-14] () [File not signed] S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [8320 2009-07-14] () [File not signed] S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [5888 2009-07-14] () [File not signed] S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [5504 2009-07-14] () [File not signed] S3 MsRPC; C:\Windows\system32\Drivers\MsRPC.sys [162896 2009-07-14] () [File not signed] R1 mssmbios; C:\Windows\system32\drivers\mssmbios.sys [28240 2009-07-14] () [File not signed] S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [6144 2009-07-14] () [File not signed] S3 MTConfig; C:\Windows\system32\DRIVERS\MTConfig.sys [12288 2009-07-14] () [File not signed] R0 Mup; C:\Windows\System32\Drivers\mup.sys [49728 2009-07-14] () [File not signed] R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [267264 2009-07-14] () [File not signed] R0 NDIS; C:\Windows\System32\drivers\ndis.sys [712048 2012-08-22] () [File not signed] S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [27136 2009-07-14] () [File not signed] R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [20992 2009-07-14] () [File not signed] R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [46080 2010-11-20] () [File not signed] R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [118784 2010-11-20] () [File not signed] R3 NDProxy; C:\Windows\system32\Drivers\NDProxy.sys [48640 2010-11-20] () [File not signed] R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [36352 2009-07-14] () [File not signed] R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [187904 2010-11-20] () [File not signed] S3 nfrd960; C:\Windows\system32\DRIVERS\nfrd960.sys [44624 2009-07-14] () [File not signed] R1 Npfs; C:\Windows\system32\Drivers\Npfs.sys [35328 2009-07-14] () [File not signed] R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [16896 2009-07-14] () [File not signed] R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1212352 2014-01-24] () [File not signed] R1 Null; C:\Windows\system32\Drivers\Null.sys [4608 2009-07-14] () [File not signed] S3 nvraid; C:\Windows\system32\drivers\nvraid.sys [117120 2011-03-11] () [File not signed] S3 nvstor; C:\Windows\system32\drivers\nvstor.sys [143744 2011-03-11] () [File not signed] S3 nv_agp; C:\Windows\system32\drivers\nv_agp.sys [105024 2009-07-14] () [File not signed] S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [62464 2009-07-14] () [File not signed] S3 Parport; C:\Windows\system32\DRIVERS\parport.sys [79360 2009-07-14] () [File not signed] R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [56176 2012-03-17] () [File not signed] S2 Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [8704 2009-07-14] () [File not signed] R0 pci; C:\Windows\System32\drivers\pci.sys [153984 2010-11-20] () [File not signed] S3 pciide; C:\Windows\system32\drivers\pciide.sys [12368 2009-07-14] () [File not signed] S3 pcmcia; C:\Windows\system32\DRIVERS\pcmcia.sys [180288 2009-07-14] () [File not signed] R0 pcw; C:\Windows\System32\drivers\pcw.sys [43088 2009-07-14] () [File not signed] R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [586752 2009-07-14] () [File not signed] R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [73728 2009-07-14] () [File not signed] S3 Processor; C:\Windows\system32\DRIVERS\processr.sys [52224 2009-07-14] () [File not signed] R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [104448 2009-07-14] () [File not signed] S3 ql2300; C:\Windows\system32\DRIVERS\ql2300.sys [1383488 2009-07-14] () [File not signed] S3 ql40xx; C:\Windows\system32\DRIVERS\ql40xx.sys [106064 2009-07-14] () [File not signed] S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [31744 2009-07-14] () [File not signed] S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [11776 2009-07-14] () [File not signed] R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [49152 2009-07-14] () [File not signed] R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [78848 2009-07-14] () [File not signed] R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [77824 2009-07-14] () [File not signed] R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [75264 2009-07-14] () [File not signed] R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [242688 2010-11-20] () [File not signed] S3 rdpbus; C:\Windows\system32\DRIVERS\rdpbus.sys [18944 2009-07-14] () [File not signed] R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [6656 2010-11-20] () [File not signed] R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [6656 2009-07-14] () [File not signed] R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [7168 2009-07-14] () [File not signed] S3 RDPWD; C:\Windows\system32\Drivers\RDPWD.sys [183808 2012-04-28] () [File not signed] R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [173440 2010-11-20] () [File not signed] R3 RFCOMM; C:\Windows\System32\DRIVERS\rfcomm.sys [129536 2009-07-14] () [File not signed] R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [60928 2009-07-14] () [File not signed] S3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [167424 2009-06-24] () [File not signed] R3 RTL8167; C:\Windows\System32\DRIVERS\Rt86win7.sys [167936 2009-05-22] () [File not signed] R3 rtl8192se; C:\Windows\System32\DRIVERS\rtl8192se.sys [1009184 2010-04-01] () [File not signed] S3 sbp2port; C:\Windows\system32\drivers\sbp2port.sys [85376 2010-11-20] () [File not signed] S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [26624 2010-11-20] () [File not signed] R2 secdrv; C:\Windows\system32\Drivers\secdrv.sys [20480 2009-07-13] () [File not signed] S3 Serenum; C:\Windows\system32\DRIVERS\serenum.sys [17920 2009-07-14] () [File not signed] S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [83456 2009-07-14] () [File not signed] S3 sermouse; C:\Windows\system32\DRIVERS\sermouse.sys [19968 2009-07-14] () [File not signed] S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [11264 2009-07-14] () [File not signed] S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [12288 2009-07-14] () [File not signed] S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [12800 2010-11-20] () [File not signed] S3 sfloppy; C:\Windows\system32\DRIVERS\sfloppy.sys [13824 2009-07-14] () [File not signed] S3 sisagp; C:\Windows\system32\drivers\sisagp.sys [52304 2009-07-14] () [File not signed] S3 SiSRaid2; C:\Windows\system32\DRIVERS\SiSRaid2.sys [40016 2009-07-14] () [File not signed] S3 SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys [77888 2009-07-14] () [File not signed] S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [71168 2009-07-14] () [File not signed] R0 spldr; C:\Windows\system32\Drivers\spldr.sys [17472 2009-07-14] () [File not signed] R3 srv; C:\Windows\System32\DRIVERS\srv.sys [311808 2011-04-29] () [File not signed] R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [310272 2011-04-29] () [File not signed] R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [114688 2011-04-29] () [File not signed] S3 ssadbus; C:\Windows\System32\DRIVERS\ssadbus.sys [121064 2011-05-13] () [File not signed] S3 ssadmdfl; C:\Windows\System32\DRIVERS\ssadmdfl.sys [12776 2011-05-13] () [File not signed] S3 ssadmdm; C:\Windows\System32\DRIVERS\ssadmdm.sys [136808 2011-05-13] () [File not signed] S3 ssadserd; C:\Windows\System32\DRIVERS\ssadserd.sys [114280 2011-05-13] () [File not signed] S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-05-29] (Avira GmbH) S3 stexstor; C:\Windows\system32\DRIVERS\stexstor.sys [21072 2009-07-14] () [File not signed] R3 swenum; C:\Windows\system32\drivers\swenum.sys [12240 2009-07-14] () [File not signed] R3 SynTP; C:\Windows\system32\DRIVERS\SynTP.sys [212656 2009-07-14] () [File not signed] R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1294272 2014-04-05] () [File not signed] S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1294272 2014-04-05] () [File not signed] R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [35328 2012-10-03] () [File not signed] S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [18432 2010-11-20] () [File not signed] S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [24576 2012-02-17] () [File not signed] R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [74752 2010-11-20] () [File not signed] R1 TermDD; C:\Windows\system32\drivers\termdd.sys [53120 2010-11-20] () [File not signed] S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [31232 2013-06-15] () [File not signed] S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [52224 2010-11-20] () [File not signed] R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [108544 2010-11-20] () [File not signed] S3 uagp35; C:\Windows\system32\DRIVERS\uagp35.sys [55888 2009-07-14] () [File not signed] S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [246784 2010-11-20] () [File not signed] S3 uliagpkx; C:\Windows\system32\drivers\uliagpkx.sys [57424 2009-07-14] () [File not signed] R3 umbus; C:\Windows\system32\drivers\umbus.sys [39936 2010-11-20] () [File not signed] S3 UmPass; C:\Windows\system32\DRIVERS\umpass.sys [8192 2009-07-14] () [File not signed] S3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [75264 2009-07-14] () [File not signed] S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [86016 2013-07-12] () [File not signed] R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [43520 2013-11-27] () [File not signed] R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [258560 2013-11-27] () [File not signed] S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [20480 2013-11-27] () [File not signed] S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [19968 2009-07-14] () [File not signed] S3 usbscan; C:\Windows\system32\drivers\usbscan.sys [36352 2013-07-03] () [File not signed] S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [76288 2011-03-11] () [File not signed] R3 usbuhci; C:\Windows\System32\DRIVERS\usbuhci.sys [24064 2013-11-27] () [File not signed] S3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [146176 2009-07-14] () [File not signed] R0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [32832 2009-07-14] () [File not signed] S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [26112 2009-07-14] () [File not signed] R1 VgaSave; C:\Windows\System32\drivers\vga.sys [25088 2009-07-14] () [File not signed] S3 vhdmp; C:\Windows\system32\drivers\vhdmp.sys [160128 2010-11-20] () [File not signed] S3 viaagp; C:\Windows\system32\drivers\viaagp.sys [53328 2009-07-14] () [File not signed] S3 ViaC7; C:\Windows\system32\DRIVERS\viac7.sys [52736 2009-07-14] () [File not signed] S3 viaide; C:\Windows\system32\drivers\viaide.sys [16976 2009-07-14] () [File not signed] R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [53120 2010-11-20] () [File not signed] R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [297040 2009-07-14] () [File not signed] R0 volsnap; C:\Windows\System32\drivers\volsnap.sys [245632 2010-11-20] () [File not signed] S3 vpnva; C:\Windows\System32\DRIVERS\vpnva.sys [23976 2012-12-10] () [File not signed] S3 vsmraid; C:\Windows\system32\DRIVERS\vsmraid.sys [141904 2009-07-14] () [File not signed] R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [19968 2009-07-14] () [File not signed] R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [48128 2009-07-14] () [File not signed] R3 vwifimp; C:\Windows\System32\DRIVERS\vwifimp.sys [14336 2009-07-14] () [File not signed] S3 WacomPen; C:\Windows\system32\DRIVERS\wacompen.sys [21632 2009-07-14] () [File not signed] S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [63488 2010-11-20] () [File not signed] R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [63488 2010-11-20] () [File not signed] S3 Wd; C:\Windows\system32\DRIVERS\wd.sys [19024 2009-07-14] () [File not signed] R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [527064 2013-06-26] () [File not signed] R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [9728 2009-07-14] () [File not signed] S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [19008 2009-07-14] () [File not signed] S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [35968 2010-11-20] () [File not signed] R3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [11264 2009-07-14] () [File not signed] R1 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [16384 2009-07-14] () [File not signed] S3 WSDPrintDevice; C:\Windows\System32\DRIVERS\WSDPrint.sys [17920 2009-07-14] () [File not signed] S3 WSDScan; C:\Windows\system32\drivers\WSDScan.sys [20480 2009-07-14] () [File not signed] S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [66560 2012-07-26] () [File not signed] S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [155136 2012-07-26] () [File not signed] U5 8a6a6eefe4cb1615; C:\Windows\System32\Drivers\8a6a6eefe4cb1615.sys [37888 2014-06-24] () <===== ATTENTION Necurs Rootkit? U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) U5 BattC; C:\Windows\System32\Drivers\BattC.sys [25168 2009-07-14] () [File not signed] S3 catchme; \??\C:\Users\ANNASC~1\AppData\Local\Temp\catchme.sys [X] S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X] S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-07 01:54 - 2014-07-07 01:55 - 00041131 _____ () C:\Users\*****\Desktop\FRST.txt 2014-07-07 01:54 - 2014-07-07 01:54 - 00000000 ____D () C:\FRST 2014-07-07 01:52 - 2014-07-07 01:52 - 01074688 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe 2014-07-07 01:48 - 2014-07-07 01:49 - 00003582 _____ () C:\Users\*****\Desktop\defogger_disable.log 2014-07-07 01:48 - 2014-07-07 01:48 - 00000000 _____ () C:\Users\*****\defogger_reenable 2014-07-07 01:46 - 2014-07-07 01:46 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe 2014-07-06 22:16 - 2014-07-06 22:16 - 00103680 _____ (GMER) C:\fwkdrfoc.sys 2014-06-24 00:18 - 2014-06-24 00:18 - 00037888 _____ () C:\Windows\system32\Drivers\8a6a6eefe4cb1615.sys 2014-06-23 22:43 - 2014-06-23 22:43 - 00000000 ____D () C:\Users\*****\AppData\Roaming\SketchUp 2014-06-23 22:42 - 2014-06-23 22:42 - 00003120 _____ () C:\Windows\system32\ALLFSAF14a.ocx 2014-06-23 22:40 - 2014-06-23 22:40 - 00000000 ____D () C:\ProgramData\SketchUp 2014-06-18 16:03 - 2014-06-18 16:03 - 00146600 _____ () C:\Windows\Minidump\061814-26832-01.dmp 2014-06-11 13:32 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-06-11 13:32 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-06-11 13:32 - 2014-05-30 11:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-06-11 13:32 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-06-11 13:32 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-06-11 13:32 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-06-11 13:32 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-06-11 13:32 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-06-11 13:32 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-06-11 13:32 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-06-11 13:32 - 2014-05-30 10:28 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-06-11 13:32 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-06-11 13:32 - 2014-05-30 10:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-06-11 13:32 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-06-11 13:32 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-06-11 13:32 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-06-11 13:32 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-06-11 13:32 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-06-11 13:32 - 2014-05-30 09:57 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-06-11 13:32 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-06-11 13:32 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-06-11 13:32 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-06-11 13:32 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-06-11 13:32 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-06-11 13:32 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-06-11 13:32 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-06-11 13:31 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-06-11 13:31 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-06-11 13:30 - 2014-06-08 10:48 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-11 13:30 - 2014-06-08 10:43 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-06-11 13:30 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2014-06-11 13:30 - 2014-04-05 04:25 - 01294272 _____ () C:\Windows\system32\Drivers\tcpip.sys 2014-06-11 13:30 - 2014-04-05 04:24 - 00187840 _____ () C:\Windows\system32\Drivers\FWPKCLNT.SYS 2014-06-11 13:30 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2014-06-11 13:30 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-06-11 13:30 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2014-06-11 13:30 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll ==================== One Month Modified Files and Folders ======= 2014-07-07 01:55 - 2014-07-07 01:54 - 00041131 _____ () C:\Users\*****\Desktop\FRST.txt 2014-07-07 01:55 - 2012-11-21 00:05 - 00000000 ____D () C:\Users\*****\AppData\Local\Mail.Ru 2014-07-07 01:54 - 2014-07-07 01:54 - 00000000 ____D () C:\FRST 2014-07-07 01:52 - 2014-07-07 01:52 - 01074688 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe 2014-07-07 01:49 - 2014-07-07 01:48 - 00003582 _____ () C:\Users\*****\Desktop\defogger_disable.log 2014-07-07 01:48 - 2014-07-07 01:48 - 00000000 _____ () C:\Users\*****\defogger_reenable 2014-07-07 01:48 - 2010-09-30 20:40 - 00000000 ____D () C:\Users\***** 2014-07-07 01:46 - 2014-07-07 01:46 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe 2014-07-07 01:26 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF 2014-07-07 01:06 - 2013-05-03 22:34 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-07-07 01:04 - 2014-02-14 01:04 - 00000314 _____ () C:\Windows\Tasks\Digital Sites.job 2014-07-07 01:04 - 2013-10-07 23:01 - 00000314 _____ () C:\Windows\Tasks\DigitalSite.job 2014-07-07 01:00 - 2013-02-20 11:53 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-07 00:45 - 2009-07-14 06:34 - 00009920 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-07 00:45 - 2009-07-14 06:34 - 00009920 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-07 00:39 - 2013-02-20 11:53 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-07 00:39 - 2010-09-30 20:40 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HomeCinema 2014-07-07 00:38 - 2013-05-27 19:51 - 00012172 _____ () C:\Windows\setupact.log 2014-07-07 00:38 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-07-07 00:04 - 2013-10-08 00:01 - 00000038 _____ () C:\Users\*****\AppData\Roaming\WB.CFG 2014-07-06 22:16 - 2014-07-06 22:16 - 00103680 _____ (GMER) C:\fwkdrfoc.sys 2014-07-06 22:13 - 2013-05-29 18:35 - 00215558 _____ () C:\Windows\PFRO.log 2014-07-06 21:44 - 2012-11-21 00:10 - 00000000 ____D () C:\ProgramData\Guard.Mail.Ru 2014-07-06 21:42 - 2011-11-10 22:47 - 01788614 _____ () C:\Windows\WindowsUpdate.log 2014-07-06 21:41 - 2013-05-14 22:12 - 00045568 _____ () C:\Users\*****\Documents\Arbeit OnlineMedia.wps 2014-07-06 21:38 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-07-04 23:07 - 2013-05-29 21:12 - 00097648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-07-01 19:29 - 2011-02-20 23:00 - 00041218 _____ () C:\Users\*****\AppData\Roaming\wklnhst.dat 2014-07-01 19:28 - 2013-05-20 16:31 - 00000000 ____D () C:\Users\*****\Documents\Suchex 2014-06-26 23:45 - 2013-10-09 21:08 - 00000000 ____D () C:\Users\*****\Downloads\Audiobücher 2014-06-25 11:14 - 2013-12-27 15:31 - 00000000 ____D () C:\Users\*****\Documents\Calibre Library 2014-06-25 01:37 - 2013-12-27 03:07 - 00000936 _____ () C:\Users\Public\Desktop\calibre - E-book management.lnk 2014-06-25 01:37 - 2013-12-27 03:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management 2014-06-25 01:36 - 2013-12-27 03:06 - 00000000 ____D () C:\Program Files\Calibre2 2014-06-24 00:18 - 2014-06-24 00:18 - 00037888 _____ () C:\Windows\system32\Drivers\8a6a6eefe4cb1615.sys 2014-06-23 22:43 - 2014-06-23 22:43 - 00000000 ____D () C:\Users\*****\AppData\Roaming\SketchUp 2014-06-23 22:42 - 2014-06-23 22:42 - 00003120 _____ () C:\Windows\system32\ALLFSAF14a.ocx 2014-06-23 22:40 - 2014-06-23 22:40 - 00000000 ____D () C:\ProgramData\SketchUp 2014-06-21 00:42 - 2009-09-04 18:53 - 00393064 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-06-19 17:28 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache 2014-06-18 16:04 - 2014-05-02 00:19 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-06-18 16:03 - 2014-06-18 16:03 - 00146600 _____ () C:\Windows\Minidump\061814-26832-01.dmp 2014-06-18 16:03 - 2013-09-03 14:35 - 290608158 _____ () C:\Windows\MEMORY.DMP 2014-06-18 16:03 - 2011-05-16 15:05 - 00000000 ____D () C:\Windows\Minidump 2014-06-18 13:55 - 2013-08-20 21:33 - 00000000 ____D () C:\Windows\system32\MRT 2014-06-18 13:50 - 2009-09-17 15:31 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-06-15 22:14 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-06-15 21:30 - 2014-04-25 12:23 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-06-12 23:06 - 2013-12-27 15:31 - 00000000 ____D () C:\Users\*****\AppData\Local\calibre-cache 2014-06-12 23:05 - 2013-12-27 03:08 - 00000000 ____D () C:\Users\*****\AppData\Roaming\calibre 2014-06-12 01:03 - 2013-05-27 14:51 - 00002127 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-06-08 10:48 - 2014-06-11 13:30 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-08 10:43 - 2014-06-11 13:30 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll Some content of TEMP: ==================== C:\Users\*****\AppData\Local\temp\2sysconf.exe C:\Users\*****\AppData\Local\temp\avgnt.exe C:\Users\*****\AppData\Local\temp\jre-7u51-windows-i586-iftw.exe C:\Users\*****\AppData\Local\temp\jre-7u60-windows-i586-iftw.exe C:\Users\*****\AppData\Local\temp\NativeUtilities0.dll C:\Users\*****\AppData\Local\temp\WEB.DE_Softwareaktualisierung_Setup.exe C:\Users\*****\AppData\Local\temp\WEB.DE_Toolbar_IE_Setup.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys [2011-07-03 02:44] - [2010-11-20 14:30] - 0245632 ____A () D41D8CD98F00B204E9800998ECF8427E C:\Windows\system32\Drivers\volsnap.sys No Company Name <===== ATTENTION! LastRegBack: 2014-06-28 20:57 ==================== End Of Log ============================ Addition.txt: Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-07-2014 01 Ran by ***** at 2014-07-07 01:56:15 Running from C:\Users\***** \Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== 7-Zip 9.20 (HKLM\...\7-Zip) (Version: - ) Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation) Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.0.22.87 - Adobe Systems Incorporated) Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Reader XI (11.0.07) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated) Adobe Shockwave Player 11 (HKLM\...\Adobe Shockwave Player) (Version: 11 - Adobe Systems, Inc.) Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.5.450 - Avira) calibre (HKLM\...\{E0601182-5F00-4513-95D0-AFDCB7A0C658}) (Version: 1.41.0 - Kovid Goyal) Canon IJ Network Scanner Selector EX (HKLM\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - ) Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: - ) Canon MG3100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 3.11 - Piriform) Cisco AnyConnect Secure Mobility Client (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.0.11042 - Cisco Systems, Inc.) Cisco AnyConnect Secure Mobility Client (Version: 3.0.11042 - Cisco Systems, Inc.) Hidden Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) CyberLink PowerDVD 9 (HKLM\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.1719 - CyberLink Corp.) CyberLink PowerDVD 9 (Version: 9.0.1719 - CyberLink Corp.) Hidden CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2609 - CyberLink Corp.) CyberLink YouCam (Version: 3.0.2609 - CyberLink Corp.) Hidden Download Accelerator Packages (HKCU\...\Download Accelerator Packages) (Version: - ) <==== ATTENTION Feedback Tool (HKLM\...\{13A5E785-5197-4EAD-8EE3-D660271E49BC}) (Version: 1.2.0 - Microsoft Corporation) GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team) Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.) Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden Guard.Mail.ru (HKLM\...\Guard.Mail.ru) (Version: 1.0.0.453 - Mail.ru) <==== ATTENTION Image Editor Packages (HKCU\...\Image Editor Packages) (Version: - ) <==== ATTENTION Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation) Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation) Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) Java 7 Update 21 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle) Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden Lidl-Fotos (HKLM\...\Lidl-Fotos_is1) (Version: - ) Medion Home Cinema (HKLM\...\InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}) (Version: 6.0.0000 - CyberLink Corp.) Medion Home Cinema (Version: 6.0.0000 - CyberLink Corp.) Hidden Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 15.0.4623.1003 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [DEU] (HKLM\...\{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation) MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden Office 15 Click-to-Run Extensibility Component (Version: 15.0.4623.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4623.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (Version: 15.0.4623.1003 - Microsoft Corporation) Hidden OpenOffice.org 3.3 (HKLM\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org) Qtrax Player (HKLM\...\{89505A66-35F0-4401-B3AD-D077051F8698}) (Version: 01.001.0001 - Qtrax) Realtek 8136 8168 8169 Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5911 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30094 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM\...\{9D3D8C60-A55F-4fed-B2B9-173F09590E16}) (Version: 1.00.0145 - REALTEK Semiconductor Corp.) Roadster for Windows Beta 3 (HKLM\...\Roadster for Windows Beta 3) (Version: - ) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.4.12 - Synaptics Incorporated) System Control Manager (HKLM\...\{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}) (Version: 2.209.0805.OE005.02 - Micro-Star International Co., Ltd.) Total Immersion D'Fusion @Home Web Plug-In (HKLM\...\D'Fusion @Home Web Plug-In) (Version: - Total Immersion) Update for Image Editor (HKCU\...\DigitalSite) (Version: - ) <==== ATTENTION VLC media player 2.0.0 (HKLM\...\VLC media player) (Version: 2.0.0 - VideoLAN) WEB.DE Desktop Icons (HKLM\...\1&1 Mail & Media GmbH 1und1DesktopIconsInstaller) (Version: 3.0.5.0 - 1&1 Mail & Media GmbH) WEB.DE MailCheck für Internet Explorer (HKLM\...\1&1 Mail & Media GmbH Toolbar IE8) (Version: 2.5.1.0 - 1&1 Mail & Media GmbH) WEB.DE Softwareaktualisierung (HKLM\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.0.55 - 1&1 Mail & Media GmbH) WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9600 - Broadcom Corporation) Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation) Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden Windows Live Communications Platform (Version: 14.0.8064.206 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation) Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden Windows Live Fotogalerie (Version: 14.0.8081.709 - Microsoft Corporation) Hidden Windows Live Mail (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden Windows Live Messenger (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden Windows Live Movie Maker (Version: 14.0.8091.0730 - Microsoft Corporation) Hidden Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation) Windows Live Writer (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) Кулинарный Блокнот, версия 0.7.4 (HKLM\...\Кулинарный Блокнот_is1) (Version: 0.7.4 - Maxxi Soft) ==================== Restore Points ========================= ==================== Hosts content: ========================== 2009-07-14 04:04 - 2013-05-29 18:29 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {25B9D6E4-92C2-45CC-81B5-1D196BDB3860} - System32\Tasks\DealPly => C:\Users\ANNASC~1\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: {2879A743-CC3F-4B6A-9CFC-79AC1E31A869} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {2B2DD82F-66C8-4AEE-93B4-B9EE5846F128} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2014-05-13] (Microsoft Corporation) Task: {367C0385-6C17-4B48-93CF-3880F18C6C7A} - System32\Tasks\DigitalSite => C:\Users\***** \AppData\Roaming\DigitalSite\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION Task: {5040A2B1-2F43-41FC-B4C2-87A89FEB003C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated) Task: {552477B5-0143-4D50-B9B6-B44DEE3D9222} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-06-15] (Microsoft Corporation) Task: {5C1D5F3D-361A-4DA3-8054-4B851F350CA1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-06-15] (Microsoft Corporation) Task: {5FA78D2C-E437-43DF-93A5-D8573E520754} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION Task: {7BF3A44C-B76B-4F4B-BAA4-931A918B59D5} - System32\Tasks\Registration 1und1 Task => C:\Program Files\1und1Softwareaktualisierung\cdsupdclient.exe [2013-06-18] (1&1 Mail & Media GmbH) Task: {8E028077-6A10-4C41-ADF4-59B76CF052F7} - System32\Tasks\4792 => Wscript.exe C:\Users\ANNASC~1\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION Task: {94C05804-4549-4F01-A3B2-FF16E115324E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-06-15] (Microsoft Corporation) Task: {BB6C26BE-0285-44A9-A103-11A2D5DB2BF2} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe <==== ATTENTION Task: {C038ED19-ED35-4D95-BF4D-AB0959A94A1F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-20] (Google Inc.) Task: {C0F4EF46-A7CF-4E52-97AE-D36B34CD07A5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-20] (Google Inc.) Task: {F574264E-E877-48AA-95F3-1BE3F69AA255} - System32\Tasks\Digital Sites => C:\Users\ANNASC~1\AppData\Roaming\DIGITA~2\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: {F9C21999-028E-4D72-BC6A-3DD9351693D8} - System32\Tasks\1und1 Konfiguration => C:\ProgramData\1und1InternetExplorerAddon\ConfigTask.exe [2011-04-19] (1und1 Mail und Media GmbH) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\***** ~1\AppData\Roaming\DIGITA~2\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: C:\Windows\Tasks\DigitalSite.job => C:\Users\***** ~1\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-04-09 21:31 - 2013-03-19 06:48 - 00038912 _____ () C:\Windows\system32\CSRSRV.dll 2009-07-14 01:11 - 2009-07-14 03:16 - 00033280 _____ () C:\Windows\system32\pcwum.dll 2009-07-14 01:11 - 2009-07-14 03:16 - 00033280 _____ () C:\Windows\system32\pcwum.DLL 2009-07-14 01:11 - 2009-07-14 03:16 - 00033280 _____ () c:\windows\system32\pcwum.dll 2014-04-25 12:23 - 2013-10-31 18:14 - 00077992 _____ () C:\Program Files\Microsoft Office 15\ClientX86\ApiClient.dll 2012-11-21 00:04 - 2014-07-06 21:45 - 06989856 _____ () C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe 2009-09-17 15:12 - 2009-04-27 12:22 - 00271760 _____ () C:\Program Files\CyberLink\Shared files\RichVideo.exe 2014-02-06 23:34 - 2014-02-06 23:34 - 00052608 _____ () C:\Program Files\Mail.Ru\Guard\GuardMailRu.dll 2009-07-01 18:03 - 2009-07-01 18:03 - 00132384 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll 2014-06-15 21:11 - 2014-06-15 21:11 - 00316584 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll 2011-01-17 16:19 - 2011-05-10 00:16 - 00985088 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= ==================== Faulty Device Manager Devices ============= Name: ssmdrv Description: ssmdrv Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: ssmdrv Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (07/07/2014 01:57:00 AM) (Source: VSS) (EventID: 12289) (User: ) Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963},0xc0000000,0x00000003,...)". hr = 0x80070005, Zugriff verweigert . Kontext: Volumename: \\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963}\ Error: (07/07/2014 01:57:00 AM) (Source: VSS) (EventID: 12289) (User: ) Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963},0xc0000000,0x00000003,...)". hr = 0x80070005, Zugriff verweigert . Error: (07/07/2014 01:52:38 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: C:\ Ausführungskontext: Coordinator Error: (07/07/2014 01:52:34 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: C:\ Ausführungskontext: Coordinator Error: (07/07/2014 01:52:19 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: C:\ Ausführungskontext: Coordinator Error: (07/07/2014 01:52:18 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: C:\ Ausführungskontext: Coordinator Error: (07/07/2014 01:52:16 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: C:\ Ausführungskontext: Coordinator Error: (07/07/2014 01:52:13 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: C:\ Ausführungskontext: Coordinator Error: (07/07/2014 01:52:10 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: C:\ Ausführungskontext: Coordinator Error: (07/07/2014 01:52:01 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: C:\ Ausführungskontext: Coordinator System errors: ============= Error: (07/07/2014 01:51:15 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Software Protection" wurde mit folgendem Fehler beendet: %%5 Error: (07/07/2014 01:49:49 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (07/07/2014 01:39:49 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (07/07/2014 01:29:49 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (07/07/2014 01:19:49 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (07/07/2014 01:09:49 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (07/07/2014 00:59:49 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (07/07/2014 00:49:49 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (07/07/2014 00:40:18 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: ssmdrv Error: (07/07/2014 00:40:19 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: ) Description: Dienst "WMPNetworkSvc" konnte nicht ordnungsgemäß gestartet werden, da ein Fehler "0x80004005" in "CoCreateInstance(CLSID_UPnPDeviceFinder)" aufgetreten ist. Überprüfen Sie, ob der Dienst "UPnPHost" ausgeführt wird und ob die Windows-Komponente "UPnPHost" richtig installiert ist. Microsoft Office Sessions: ========================= Error: (07/07/2014 01:57:00 AM) (Source: VSS) (EventID: 12289) (User: ) Description: CreateFileW(\\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963},0xc0000000,0x00000003,...)0x80070005, Zugriff verweigert Kontext: Volumename: \\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963}\ Error: (07/07/2014 01:57:00 AM) (Source: VSS) (EventID: 12289) (User: ) Description: CreateFileW(\\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963},0xc0000000,0x00000003,...)0x80070005, Zugriff verweigert Error: (07/07/2014 01:52:38 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Error calling CreateFile on volume '\\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963}\'0x80070005, Zugriff verweigert Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: C:\ Ausführungskontext: Coordinator Error: (07/07/2014 01:52:34 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Error calling CreateFile on volume '\\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963}\'0x80070005, Zugriff verweigert Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: C:\ Ausführungskontext: Coordinator Error: (07/07/2014 01:52:19 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Error calling CreateFile on volume '\\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963}\'0x80070005, Zugriff verweigert Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: C:\ Ausführungskontext: Coordinator Error: (07/07/2014 01:52:18 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Error calling CreateFile on volume '\\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963}\'0x80070005, Zugriff verweigert Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: C:\ Ausführungskontext: Coordinator Error: (07/07/2014 01:52:16 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Error calling CreateFile on volume '\\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963}\'0x80070005, Zugriff verweigert Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: C:\ Ausführungskontext: Coordinator Error: (07/07/2014 01:52:13 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Error calling CreateFile on volume '\\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963}\'0x80070005, Zugriff verweigert Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: C:\ Ausführungskontext: Coordinator Error: (07/07/2014 01:52:10 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Error calling CreateFile on volume '\\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963}\'0x80070005, Zugriff verweigert Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: C:\ Ausführungskontext: Coordinator Error: (07/07/2014 01:52:01 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Error calling CreateFile on volume '\\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963}\'0x80070005, Zugriff verweigert Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: C:\ Ausführungskontext: Coordinator ==================== Memory info =========================== Percentage of memory in use: 60% Total physical RAM: 2011.16 MB Available physical RAM: 801.59 MB Total Pagefile: 4022.32 MB Available Pagefile: 2334.21 MB Total Virtual: 2047.88 MB Available Virtual: 1904.95 MB ==================== Drives ================================ Drive c: (System) (Fixed) (Total:434.66 GB) (Free:372.51 GB) NTFS Drive d: (Recovery) (Fixed) (Total:30 GB) (Free:11.13 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: F98D6E74) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=435 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=30 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=1 GB) - (Type=12) ==================== End Of Log ============================ gmer: da habe ich leider den Fehler gemacht, da ich das Programm bereits auf meinem Rechner hatte, es durchscannen zu lassen bevor ich mich an euch gewendet habe. Dabei habe ich zu Anfang nicht auf NEIN gedrückt. Es wurde ein Bericht erstellt, den ich allerdings nicht abgespeichert habe. Habe es jetzt noch mal laufen lassen, und nun wird kein Bericht erstellt. Wie kann ich das ändern? Bitte um eure Hilfe. |
| Themen zu Win7 TR/Agent.37888.248 kann nicht gelöscht werden, Echtzeitscanner funktioniert nicht mehr |
| 0x80004005, 4d36e972-e325-11ce-bfc1-08002be10318, antivir, antivirus, avira, browser, canon, computer, device driver, dxgkrnl, entfernen, fehler, flash player, funktioniert nicht mehr, google, home, internet, monitor, mozilla, office 365, problem, realtek, registry, rootkit, rundll, scan, security, services.exe, software, svchost.exe, tv wizard, viren, windows, wscript.exe, ändern |
Baum-Darstellung