Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Windows 7 Starter: Avast Scan meldet Rootkits, bei zweitem Scan keine mehr

Windows 7 Starter: Avast Scan meldet Rootkits, bei zweitem Scan keine mehr


Log-Analyse und Auswertung: Windows 7 Starter: Avast Scan meldet Rootkits, bei zweitem Scan keine mehr

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 15.09.2014, 12:37   #1
MeepMeep
 
Windows 7 Starter: Avast Scan meldet Rootkits, bei zweitem Scan keine mehr - Icon16

Windows 7 Starter: Avast Scan meldet Rootkits, bei zweitem Scan keine mehr


Hallo zusammen, handelt sich um das Netbook meiner Freundin.

bei einem Routinescan von Avast wurden sehr viele verdächtige und/oder infizierte Dateien gefunden, teilweise mit Anmerkung auf Rootkits. Der Großteil befand sich wohl im Winsxs-Ordner.
Nach mehrmaligen Versuchen die Avastfunktionen (löschen, Quarantäne etc) zu verwenden, welche jedoch mit "Fehler" und "nicht behoben" kommentiert wurden, wurde ein erneuter Scan ausgeführt. Daraufhin war der Scan ohne Befund.
Avast logfile wurde leider nicht erstellt.

Ich habe dann aber heute mit TDSSKiller gescannt, auch ohne Befund.
Hier nun die FRST und Addition Logs:

FRST
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by Beate Michaela (administrator) on BEATE-NETBOOK on 15-09-2014 13:31:16
Running from C:\Users\Beate Michaela\Downloads
Platform: Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Nitro PDF Software) C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\SFB\SmartRestarter.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10119784 2011-06-25] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [1807240 2010-08-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [FreePDF Assistant] => C:\Program Files\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [522744 2012-06-07] (Cisco Systems, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-04] (AVAST Software)
HKU\S-1-5-21-264978880-1747315322-2305944383-1000\...\Run: [Duden Korrektor SysTray] => C:\Program Files\Duden\Duden Korrektor\DKTray.exe [481824 2013-09-02] (Expert System S.p.A.)
HKU\S-1-5-21-264978880-1747315322-2305944383-1000\...\MountPoints2: {bd48516d-6701-11e3-a15e-e81132dc253e} - E:\ibs.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: 0WualaOverlayIcon1 -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: 0WualaOverlayIcon2 -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: 0WualaOverlayIcon3 -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: 0WualaOverlayIcon4 -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll (LaCie AG)
ShellIconOverlayIdentifiers: 1EldosIconOverlay -> {333EB6DA-01D3-48CF-9958-CD7DA7AF19CE} => C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP141B11B4-9A4B-4872-AA5C-9C906A4A8E5E&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = ^hxxp://www\.claro-search\.com/\?affID=114508.*
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=SAMSUNGXHM321HI_S26VJ9HBA07279&ts=1376494043
SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010006.10031&barid={8078AE8C-5757-11E2-87F4-90A4DE9F6227}
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP141B11B4-9A4B-4872-AA5C-9C906A4A8E5E&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP141B11B4-9A4B-4872-AA5C-9C906A4A8E5E&q={searchTerms}&SSPV=
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=SAMSUNGXHM321HI_S26VJ9HBA07279&ts=1376494043
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010006.10031&barid={8078AE8C-5757-11E2-87F4-90A4DE9F6227}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: No Name -> {EEE6C35C-6118-11DC-9C72-001320C79847} ->  No File
Toolbar: HKLM - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Beate Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\3a1zv3ay.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Beate Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\3a1zv3ay.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-16]

Chrome: 
=======
CHR CustomProfile: C:\Users\Beate Michaela\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [dhdepfaagokllfmhfbcfmocaeigmoebo] - C:\Users\Beate Michaela\AppData\Local\Savings Sidekick\Chrome\Savings Sidekick.crx []
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-16]
CHR HKLM\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - \User Data\Default\Extensions\newtab.crx [2013-08-23]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-16] (AVAST Software)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [196624 2013-03-26] (Nitro PDF Software)
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [478712 2012-06-07] (Cisco Systems, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 acedrv11; C:\windows\system32\drivers\acedrv11.sys [277544 2009-01-19] (Protect Software GmbH)
S3 acsock; C:\windows\System32\DRIVERS\acsock.sys [87976 2012-06-07] (Cisco Systems, Inc.)
R2 aswHwid; C:\windows\system32\drivers\aswHwid.sys [24184 2014-07-16] ()
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [67824 2014-07-16] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [81768 2014-07-16] (AVAST Software)
R0 aswRvrt; C:\windows\system32\Drivers\aswRvrt.sys [49944 2014-07-16] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [779536 2014-07-16] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [414520 2014-07-16] (AVAST Software)
R2 aswStm; C:\windows\system32\drivers\aswStm.sys [71944 2014-07-16] (AVAST Software)
R0 aswVmm; C:\windows\system32\Drivers\aswVmm.sys [192352 2014-07-16] ()
S3 btwampfl; C:\windows\System32\drivers\btwampfl.sys [297000 2010-07-14] (Broadcom Corporation.)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [299024 2012-04-09] (EldoS Corporation)
R3 ETD; C:\windows\System32\DRIVERS\ETD.sys [94208 2010-08-09] (ELAN Microelectronics Corp.)
S3 rtport; C:\windows\system32\drivers\rtport.sys [15656 2011-10-27] (Windows (R) 2003 DDK 3790 provider)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-15 13:18 - 2014-09-15 13:27 - 00039606 _____ () C:\Users\Beate Michaela\Downloads\Addition.txt
2014-09-15 13:15 - 2014-09-15 13:31 - 00012617 _____ () C:\Users\Beate Michaela\Downloads\FRST.txt
2014-09-15 13:14 - 2014-09-15 13:31 - 00000000 ____D () C:\FRST
2014-09-15 13:12 - 2014-09-14 22:30 - 01589966 _____ () C:\Users\Beate Michaela\Documents\unp303965063077562151.mdmp
2014-09-15 12:58 - 2014-09-15 12:58 - 00380416 _____ () C:\Users\Beate Michaela\Downloads\Gmer-19357.exe
2014-09-15 12:57 - 2014-09-15 12:58 - 01097728 _____ (Farbar) C:\Users\Beate Michaela\Downloads\FRST.exe
2014-09-15 12:05 - 2014-09-15 12:06 - 01101648 _____ () C:\Users\Beate Michaela\Downloads\TDSSKiller - CHIP-Installer.exe
2014-09-15 03:43 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-09-15 03:43 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-09-15 03:43 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-09-15 03:43 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-09-15 03:43 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-09-15 03:43 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-09-15 03:43 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-09-15 03:43 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-09-15 03:43 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-09-15 03:43 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-09-15 03:43 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-09-15 03:43 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-09-15 03:43 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-09-15 03:43 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-09-15 03:43 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-09-15 03:43 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-09-15 03:43 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-09-15 03:43 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-09-15 03:43 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-09-15 03:43 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-09-15 03:43 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-09-15 03:43 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-09-15 03:43 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-09-15 03:43 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-09-15 03:43 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-09-15 03:43 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-09-15 03:43 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-09-15 03:43 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-09-15 03:42 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-09-15 03:42 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-09-15 03:40 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2014-09-14 21:43 - 2014-09-14 21:43 - 10036224 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerInstaller.exe
2014-09-14 20:42 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-09-14 20:42 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-09-14 20:39 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-09-14 20:39 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-09-14 20:38 - 2014-09-05 03:52 - 00445952 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-09-14 20:38 - 2014-09-05 03:47 - 00302592 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-08-31 18:07 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-31 18:07 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-29 19:11 - 2014-08-30 18:48 - 00000000 ____D () C:\Users\Beate Michaela\Desktop\Bilder
2014-08-27 13:30 - 2014-08-27 13:42 - 655284864 _____ () C:\Users\Beate Michaela\Downloads\Duden_Home_10_1_1.exe
2014-08-22 18:18 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-08-22 18:18 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-08-22 18:18 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-08-22 18:18 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-08-22 18:18 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-08-22 18:18 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-08-22 18:18 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-08-22 18:17 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-08-22 18:17 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-15 13:31 - 2014-09-15 13:15 - 00012617 _____ () C:\Users\Beate Michaela\Downloads\FRST.txt
2014-09-15 13:31 - 2014-09-15 13:14 - 00000000 ____D () C:\FRST
2014-09-15 13:27 - 2014-09-15 13:18 - 00039606 _____ () C:\Users\Beate Michaela\Downloads\Addition.txt
2014-09-15 12:58 - 2014-09-15 12:58 - 00380416 _____ () C:\Users\Beate Michaela\Downloads\Gmer-19357.exe
2014-09-15 12:58 - 2014-09-15 12:57 - 01097728 _____ (Farbar) C:\Users\Beate Michaela\Downloads\FRST.exe
2014-09-15 12:43 - 2014-07-16 22:57 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-09-15 12:29 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\Microsoft.NET
2014-09-15 12:20 - 2009-07-14 06:34 - 00016160 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-15 12:20 - 2009-07-14 06:34 - 00016160 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-15 12:16 - 2011-07-26 04:16 - 01551092 _____ () C:\windows\WindowsUpdate.log
2014-09-15 12:13 - 2013-12-20 10:15 - 00017037 _____ () C:\windows\setupact.log
2014-09-15 12:13 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-15 12:06 - 2014-09-15 12:05 - 01101648 _____ () C:\Users\Beate Michaela\Downloads\TDSSKiller - CHIP-Installer.exe
2014-09-15 03:41 - 2012-09-14 21:04 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-15 03:40 - 2013-08-14 17:59 - 00000000 ____D () C:\windows\system32\MRT
2014-09-15 03:16 - 2013-06-10 17:48 - 98758480 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-09-15 03:16 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\de-DE
2014-09-15 03:15 - 2014-05-06 12:44 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-09-15 03:07 - 2010-11-20 23:01 - 01594892 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-14 22:30 - 2014-09-15 13:12 - 01589966 _____ () C:\Users\Beate Michaela\Documents\unp303965063077562151.mdmp
2014-09-14 21:43 - 2014-09-14 21:43 - 10036224 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerInstaller.exe
2014-09-14 21:43 - 2013-06-06 16:42 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-09-14 21:43 - 2013-06-06 16:42 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-06 16:45 - 2013-10-22 19:02 - 00000000 ____D () C:\Users\Beate Michaela\Desktop\Hilfsjob BZL
2014-09-05 19:34 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\rescache
2014-09-05 03:52 - 2014-09-14 20:38 - 00445952 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-09-05 03:47 - 2014-09-14 20:38 - 00302592 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-08-31 19:58 - 2009-07-14 06:33 - 00350744 _____ () C:\windows\system32\FNTCACHE.DAT
2014-08-30 18:48 - 2014-08-29 19:11 - 00000000 ____D () C:\Users\Beate Michaela\Desktop\Bilder
2014-08-27 14:30 - 2012-09-13 18:59 - 00089976 _____ () C:\Users\Beate Michaela\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-27 13:42 - 2014-08-27 13:30 - 655284864 _____ () C:\Users\Beate Michaela\Downloads\Duden_Home_10_1_1.exe
2014-08-23 03:46 - 2014-08-31 18:07 - 00305152 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-23 02:42 - 2014-08-31 18:07 - 02352640 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-19 19:39 - 2014-09-15 03:43 - 00327872 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-08-19 00:26 - 2014-09-15 03:42 - 17455104 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-08-19 00:08 - 2014-09-15 03:43 - 04232704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-08-18 23:57 - 2014-09-15 03:43 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-08-18 23:57 - 2014-09-15 03:43 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-08-18 23:46 - 2014-09-15 03:43 - 00454656 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-08-18 23:45 - 2014-09-15 03:43 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-08-18 23:44 - 2014-09-15 03:43 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-08-18 23:44 - 2014-09-15 03:43 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-08-18 23:42 - 2014-09-15 03:43 - 02185728 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-08-18 23:39 - 2014-09-15 03:43 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-08-18 23:39 - 2014-09-15 03:43 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-08-18 23:37 - 2014-09-15 03:43 - 00440320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-08-18 23:36 - 2014-09-15 03:43 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-08-18 23:36 - 2014-09-15 03:43 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-08-18 23:35 - 2014-09-15 03:43 - 00597504 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-08-18 23:30 - 2014-09-15 03:43 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-08-18 23:27 - 2014-09-15 03:43 - 00365056 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-08-18 23:22 - 2014-09-15 03:43 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 23:19 - 2014-09-15 03:43 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-08-18 23:17 - 2014-09-15 03:43 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-08-18 23:17 - 2014-09-15 03:43 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-08-18 23:15 - 2014-09-15 03:42 - 11769856 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-08-18 23:09 - 2014-09-15 03:43 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-08-18 23:08 - 2014-09-15 03:43 - 02014208 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-08-18 23:08 - 2014-09-15 03:43 - 00673792 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-08-18 23:07 - 2014-09-15 03:43 - 01068032 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-08-18 22:46 - 2014-09-15 03:43 - 01812992 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-08-18 22:38 - 2014-09-15 03:43 - 01190400 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-08-18 22:36 - 2014-09-15 03:43 - 00678400 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll

Some content of TEMP:
====================
C:\Users\Beate Michaela\AppData\Local\Temp\{D2CB4494-012C-4726-BF7E-61FDD9DDD133}.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-06 01:07

==================== End Of Log ============================

Addition
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2014
Ran by Beate Michaela at 2014-09-15 13:33:01
Running from C:\Users\Beate Michaela\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

„Windows Live Essentials“ (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Mail“ (Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live“ fotogalerija (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.04) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.04 - Adobe Systems Incorporated)
Atheros Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
Auslogics Disk Defrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 3.5 - Auslogics Software Pty Ltd)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software)
BatteryLifeExtender (HKLM\...\{FFD0E594-823B-4E2B-B680-720B3C852588}) (Version: 1.0.11 - Samsung)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.55 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
ChargeableUSB (HKLM\...\{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}) (Version: 1.0.0.0 - SAMSUNG)
Cisco AnyConnect Secure Mobility Client  (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.0.08057 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (Version: 3.0.08057 - Cisco Systems, Inc.) Hidden
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3911 - CyberLink Corp.)
CyberLink YouCam (Version: 2.0.3911 - CyberLink Corp.) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version:  - Microsoft)
Duden Home (HKLM\...\{288A423E-D6CA-47C3-B480-D1203EB08949}) (Version: 10.1.0 - Bibliographisches Institut GmbH)
Easy Content Share (HKLM\...\{2DDC70C1-C77A-4D08-89D2-9AB648504533}) (Version: 1.0 - Samsung Electronics Co., LTD)
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM\...\{8732818E-CA78-4ACB-B077-22311BF4C0E4}) (Version: 4.4.7 - Samsung)
Easy Resolution Manager (HKLM\...\{A8DDD59F-1413-40BD-B61C-77A0BDB2B22B}) (Version: 1.1.0 - Samsung)
Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.1.1.1 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM\...\{607DA1C8-34EC-4D7A-AD83-F8E5C70736DF}) (Version: 4.0.0.4 - Samsung)
EasyFileShare (HKLM\...\{EA76E65F-6679-495A-A8A6-42AD6602ED4C}) (Version: 1.0.11 - Samsung)
ETDWare PS/2-X86 8.0.7.0_WHQL (HKLM\...\Elantech) (Version: 8.0.7.0 - ELAN Microelectronic Corp.)
Fast Booting SW (HKLM\...\{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}) (Version: 1.8.0.0 - SAMSUNG)
Fotogalerija Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version:  - )
Galeria de Fotografias do Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Game Pack (HKLM\...\{D1F6FBBB-B204-459A-9BF8-D06FFAB96CCC}_is1) (Version: 6.3.1.1 - Oberon Media, Inc.)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.04) (Version: 9.04 - Artifex Software Inc.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.2117 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 11.29.1.3 - Marvell)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
Nitro Reader 3 (HKLM\...\{171478A8-80AD-4295-A2D1-C3D8AE70C9F1}) (Version: 3.5.2.10 - Nitro)
Poczta usługi Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
ProtectDisc Driver, Version 11 (HKLM\...\ProtectDisc Driver 11) (Version: 11.0.0.12 - ProtectDisc Software GmbH)
Raccolta foto di Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6400 - Realtek Semiconductor Corp.)
REALTEK PCIE Wireless LAN Software (HKLM\...\{A5C8BFF2-0044-4500-8BB5-BEB0D2335885}) (Version: 0136.10.0325 - REALTEK Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Samsung Recovery Solution 4 (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.6 - Samsung)
Samsung Support Center (HKLM\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.24 - Samsung)
Samsung Update Plus (HKLM\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.)
SecureW2 EAP Suite 1.1.3 for Windows (HKLM\...\SecureW2 EAP Suite) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SweetIM for Messenger 3.7 (HKLM\...\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}) (Version: 3.7.0007 - SweetIM Technologies Ltd.) <==== ATTENTION
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.3 - )
VLC media player 2.0.8 (HKLM\...\VLC media player) (Version: 2.0.8 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6200 - Broadcom Corporation)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live fotoattēlu galerija (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogaléria (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Foto-galerija (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galerija fotografija (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Pošta (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 메일 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 사진 갤러리 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 필수 패키지 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 照片库 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live 程式集 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 软件包 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven asennustyökalu (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven sähköposti (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven valokuvavalikoima (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Wuala (HKCU\...\Wuala) (Version: 1.0.428.0 - LaCie)
Wuala CBFS (HKLM\...\Wuala CBFS) (Version: 3.2.107.0 - LaCie)
Wuala OverlayIcons (HKLM\...\Wuala OverlayIcons) (Version: 1.0.0.2 - LaCie)
Συλλογή φωτογραφιών του Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-264978880-1747315322-2305944383-1000_Classes\CLSID\{AFD6BFDC-F329-41BB-9C53-764B965DD483}\InprocServer32 -> C:\Program Files\Duden\Duden Korrektor\adxloader.dll ()

==================== Restore Points  =========================

13-08-2014 12:44:00 Windows Update
17-08-2014 15:49:18 Windows Update
22-08-2014 16:15:43 Windows Update
24-08-2014 11:48:59 Windows Update
30-08-2014 10:25:03 Windows Update
31-08-2014 15:48:20 Windows Update
31-08-2014 17:51:44 Windows Update
05-09-2014 13:52:17 Windows Update
14-09-2014 18:23:09 Windows Update
15-09-2014 01:01:10 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0E65D067-CBEB-444B-B531-555D915E11DD} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-12225A02\EPM.exe
Task: {186D9905-520E-4480-95AB-53CFB4205FF0} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files\Norton Identity Safe\Engine\2014.7.3.12\SymErr.exe
Task: {19056CAD-90EA-4ACB-84FF-8CD0D65BC044} - System32\Tasks\advSRS4 => C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-19] (SEC)
Task: {206510DC-A7C6-4011-8CB6-3C5F9345E9FE} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION
Task: {389B1777-C122-46F3-A6EC-858A28BFAF7E} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-12-18] (Samsung Electronics. Co. Ltd.)
Task: {435B9152-E045-49A0-9802-3FE20CDF60B2} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2011-02-07] (SAMSUNG Electronics)
Task: {466303E5-0805-44EC-8595-C63AFDEA3A21} - System32\Tasks\ChkWiz4VistaWin7 => C:\Sysprep\ChkWiz4VistaWin7.exe
Task: {67FA9649-111A-4C53-B4F7-07301BC82D53} - System32\Tasks\SmartRestarter => C:\Program Files\Samsung\SFB\SmartRestarter.exe [2010-06-03] (Samsung Electronics Co., Ltd.)
Task: {70EADF9A-5485-4ED7-97F5-879363B7F031} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-07-20] (SAMSUNG Electronics co., LTD.)
Task: {769E07C5-0BE6-4A6C-B5F3-66FF67031220} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {844E9470-612D-46A9-8743-B043C03DA11C} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-16] (AVAST Software)
Task: {8BA86EC4-EEE2-4E4E-BFC2-87533622D8F9} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION
Task: {9F764301-640E-4B52-B52C-13E6C45D1D1F} - System32\Tasks\EasySpeedUpManager => C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe [2010-12-23] (Samsung Electronics)
Task: {A14135DA-1CF0-47C9-8C6F-94253D1D583A} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-14] (Adobe Systems Incorporated)
Task: {AC8DE7C8-AEE0-44F4-B06B-9667FF756D78} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2010-06-08] (Samsung Electronics Co., Ltd.)
Task: {B2D1250E-ED13-4F79-B714-706089AED7B5} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files\Norton Identity Safe\Engine\2014.7.3.12\SymErr.exe
Task: {BEA77058-F404-4F28-B3A1-97A9CA98C058} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {D320090D-9609-4032-A786-19169D146BFF} - \Browser Manager No Task File <==== ATTENTION
Task: {F623BB0F-E7EE-4669-BC38-24FDC8A96392} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2010-04-20] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-07-16 21:59 - 2014-07-16 21:59 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-09-14 20:04 - 2014-09-14 20:04 - 02862592 _____ () C:\Program Files\AVAST Software\Avast\defs\14091401\algo.dll
2012-10-08 13:26 - 2010-06-17 21:56 - 00116224 _____ () C:\windows\System32\redmonnt.dll
2014-07-16 21:59 - 2014-07-16 21:59 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2011-07-25 12:33 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2014-07-30 12:33 - 2014-07-30 12:33 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:9E22BBE8

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\79210258.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\79210258.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: Broadcom BCM2070 Bluetooth 3.0 + HS USB Device
Description: Broadcom BCM2070 Bluetooth 3.0 + HS USB Device
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/15/2014 00:29:57 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/15/2014 00:14:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/15/2014 00:13:48 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/15/2014 00:13:41 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/15/2014 00:13:12 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/15/2014 10:19:09 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/15/2014 10:19:08 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/15/2014 10:16:47 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/15/2014 10:15:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/15/2014 10:14:27 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (09/15/2014 00:14:30 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (09/15/2014 00:13:24 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (09/15/2014 00:13:12 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\windows\System32\bcmihvsrv.dll
Fehlercode: 14001

Error: (09/15/2014 10:15:34 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (09/15/2014 10:14:35 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (09/15/2014 10:14:19 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\windows\System32\bcmihvsrv.dll
Fehlercode: 14001

Error: (09/15/2014 03:59:10 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (09/15/2014 03:58:10 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (09/15/2014 03:58:03 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\windows\System32\bcmihvsrv.dll
Fehlercode: 14001

Error: (09/15/2014 00:33:55 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)


Microsoft Office Sessions:
=========================
Error: (09/15/2014 00:29:57 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

Error: (09/15/2014 00:14:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/15/2014 00:13:48 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

Error: (09/15/2014 00:13:41 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

Error: (09/15/2014 00:13:12 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\windows\System32\bcmihvsrv.dll

Error: (09/15/2014 10:19:09 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

Error: (09/15/2014 10:19:08 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

Error: (09/15/2014 10:16:47 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

Error: (09/15/2014 10:15:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/15/2014 10:14:27 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll


CodeIntegrity Errors:
===================================
  Date: 2013-12-20 07:46:08.978
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ThreatFire\TFWAH.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-19 19:43:57.918
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ThreatFire\TFWAH.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-19 13:48:22.010
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ThreatFire\TFWAH.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Atom(TM) CPU N455 @ 1.66GHz
Percentage of memory in use: 77%
Total physical RAM: 1013.3 MB
Available physical RAM: 230.93 MB
Total Pagefile: 2037.3 MB
Available Pagefile: 1048.48 MB
Total Virtual: 2047.88 MB
Available Virtual: 1906.4 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:112 GB) (Free:74.82 GB) NTFS
Drive d: () (Fixed) (Total:165.99 GB) (Free:162.1 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: CD3D43EB)
Partition 1: (Not Active) - (Size=20 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=112 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=166 GB) - (Type=OF Extended)

==================== End Of Log ============================

Fehlalarm oder Handlungsbedarf?

Vielen Dank für die Hilfe

 

Themen zu Windows 7 Starter: Avast Scan meldet Rootkits, bei zweitem Scan keine mehr
4d36e972-e325-11ce-bfc1-08002be10318, antivirus, conduit-search, conduit-search entfernen, defender, desktop, fehlercode 14001, flash player, homepage, installation, logfile, programm, rootkit avast, services.exe, software, svchost.exe, win32/elex.y, win32/sweetim.f, win32/sweetim.k, win32/sweetim.l, win32/toolbar.conduit.ai, win32/toolbar.crossrider.a, win32/toolbar.crossrider.b, win32/toolbar.crossrider.h, windows


« Malewarebytes funktioniert nicht | Search Protect Client Connect Ltd auf Windows 8.1, nicht deinstallierbar »


Ähnliche Themen: Windows 7 Starter: Avast Scan meldet Rootkits, bei zweitem Scan keine mehr


  1. Windows Vista: 17 infizierte Dateien nach Eset Scan + schwarzer Desktop nach GMER-Scan
    Log-Analyse und Auswertung - 18.10.2015 (23)
  2. Windows 7 bootet nicht mehr, nur Sperrbildschirm! FRST-Scan ist erfolgt.
    Plagegeister aller Art und deren Bekämpfung - 21.08.2015 (16)
  3. Sophos Scan bricht ab - W32/DCmem-A muss vor dem Fortsetzen des Scan-Vorgangs bereinigt werden
    Antiviren-, Firewall- und andere Schutzprogramme - 24.06.2015 (18)
  4. Windows 8.1: Qihoo meldet Funde nach Scan
    Plagegeister aller Art und deren Bekämpfung - 28.02.2015 (8)
  5. Windows 7: Avast Startup-Scan entdeckt Win32:Malware-gen in BrCcBoot.exe
    Log-Analyse und Auswertung - 29.07.2014 (4)
  6. Scan mit Farbars Recovery Scan Tool durchgeführt, was mache ich jetzt?
    Log-Analyse und Auswertung - 14.02.2014 (1)
  7. Windows 7: diverse Viren nach Avast Scan erkannt z.B. Win32:BProtect-D
    Log-Analyse und Auswertung - 24.01.2014 (12)
  8. Avast zeigt einmalig rootkit, bei jedem weiteren Scan nicht mehr.
    Log-Analyse und Auswertung - 09.12.2013 (5)
  9. avast erkennt eine datei im scan ordner von windows defender als trojaner. mbam nicht. fehlmeldung?
    Plagegeister aller Art und deren Bekämpfung - 17.11.2013 (5)
  10. Windows 8: McAfee Echtzeit-Scan lässt sich nicht aktiveren, keine normaler Scan möglich
    Log-Analyse und Auswertung - 29.09.2013 (19)
  11. GVU Trojaner auf Asus EEE PC Windows 7 Starter - FRST Scan
    Log-Analyse und Auswertung - 06.08.2013 (13)
  12. Avast Scan findet Bedrohungen (z. B. Yabector)
    Log-Analyse und Auswertung - 14.07.2013 (14)
  13. FindLyrics auf Pc nach Avast Scan {Yontoo auf Pc - Was ist das?}
    Plagegeister aller Art und deren Bekämpfung - 29.06.2013 (21)
  14. Laptop immer langsamer, absturz, OTL scan abgestürzt, gmer scan > Systemabsturz - HILFE!
    Plagegeister aller Art und deren Bekämpfung - 06.02.2013 (3)
  15. Avast meldet einen Fehler beim Scan und zwar infiziert von Java: Agent-VN (Expl)
    Plagegeister aller Art und deren Bekämpfung - 07.11.2011 (1)
  16. Nach Malwarebytes Scan und Entfernung ->div. Programme können keine Inet Verbindung mehr herstellen
    Antiviren-, Firewall- und andere Schutzprogramme - 23.08.2010 (1)
  17. Avast Scan Problem
    Antiviren-, Firewall- und andere Schutzprogramme - 14.01.2006 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows 7 Starter: Avast Scan meldet Rootkits, bei zweitem Scan keine mehr - Hallo zusammen, handelt sich um das Netbook meiner Freundin. bei einem Routinescan von Avast wurden sehr viele verdächtige und/oder infizierte Dateien gefunden, teilweise mit Anmerkung auf Rootkits. Der Großteil befand - Windows 7 Starter: Avast Scan meldet Rootkits, bei zweitem Scan keine mehr...
Archiv
Du betrachtest: Windows 7 Starter: Avast Scan meldet Rootkits, bei zweitem Scan keine mehr auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131