Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Nach flash Video Internet langsam (https://www.trojaner-board.de/154497-flash-video-internet-langsam.html)

schrauber 05.06.2014 09:46

Den Fix kannste machen, der Proxy Eintrag gehört da definitiv nicht hin. Melde dich dann wieder wenn der Techniker da war :)

Gepetto1 05.06.2014 12:55

Hi,
fix ist gemacht.
Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-06-2014
Ran by Philipp at 2014-06-04 18:45:58 Run:1
Running from C:\Users\Philipp\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
ProxyServer: localhost:8080
*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully.

==== End of Fixlog ====

und ein frisches FRST log


FRST Logfile:
Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by Philipp (administrator) on PHILIPP-PC on 05-06-2014 13:49:50
Running from C:\Users\Philipp\Desktop
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [123400 2009-01-21] (Logitech Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA3FB10447E45CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_37 - C:\Windows\SysWOW64\npdeployJava1.dll No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-10-15] ()

==================== Drivers (Whitelisted) ====================

S4 ahcix64s; C:\Windows\system32\drivers\ahcix64s.sys [154256 2007-08-10] (Promise Technology, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-21] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [236312 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [191768 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [323352 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130328 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [273176 2014-05-13] (AVG Technologies CZ, s.r.o.)
S1 Beep; No ImagePath
S4 fttxr5_O; C:\Windows\system32\drivers\fttxr5_o.sys [230408 2007-10-25] (Promise Technology, Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15680 2006-11-01] ()
S4 nvrd64; C:\Windows\system32\drivers\nvrd64.sys [160288 2008-04-07] (NVIDIA Corporation)
S3 SaiH0BAC; C:\Windows\System32\DRIVERS\SaiH0BAC.sys [176128 2007-07-13] (Saitek)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz131; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz131\cpuz_x64.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 lvpopf64; system32\DRIVERS\lvpopf64.sys [X]
S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [X]
S3 LVRS64; system32\DRIVERS\lvrs64.sys [X]
S3 LVUVC64; system32\DRIVERS\lvuvc64.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-05 13:49 - 2014-06-05 13:49 - 00008365 _____ () C:\Users\Philipp\Desktop\FRST.txt
2014-06-03 14:52 - 2014-06-03 14:52 - 00000884 _____ () C:\Users\Philipp\Desktop\eM Client.lnk
2014-06-03 14:04 - 2014-06-03 14:04 - 00003898 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1401625260
2014-06-02 20:59 - 2014-06-04 20:28 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\eM Client
2014-06-02 20:58 - 2014-06-02 20:58 - 00000884 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eM Client.lnk
2014-06-02 20:58 - 2014-06-02 20:58 - 00000000 ____D () C:\Program Files (x86)\eM Client
2014-06-02 20:56 - 2014-06-02 20:57 - 14995456 _____ () C:\Users\Philipp\Downloads\setup.msi
2014-06-02 15:31 - 2014-06-04 21:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-02 15:31 - 2014-06-02 15:31 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-02 15:31 - 2014-06-02 15:31 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-02 15:31 - 2014-06-02 15:31 - 00003736 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-02 14:43 - 2014-06-02 14:43 - 00000000 ____D () C:\Users\Philipp\Documents\Mail!!!!!
2014-06-02 14:09 - 2014-06-02 14:09 - 00001106 _____ () C:\Users\Philipp\Desktop\Revo Uninstaller.lnk
2014-06-02 14:09 - 2014-06-02 14:09 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-01 20:30 - 2014-06-01 20:30 - 00000000 ____D () C:\Users\Philipp\Documents\Local Folders
2014-06-01 14:21 - 2014-06-03 14:04 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-06-01 14:21 - 2014-06-01 14:21 - 00000846 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-06-01 14:21 - 2014-06-01 14:21 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Opera Software
2014-06-01 14:21 - 2014-06-01 14:21 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Opera Software
2014-06-01 10:48 - 2014-06-03 14:12 - 00000000 ____D () C:\Users\Philipp\Desktop\FRST-OlderVersion
2014-06-01 10:47 - 2014-06-01 10:47 - 00000822 _____ () C:\Users\Philipp\Desktop\checkup.txt
2014-06-01 06:46 - 2014-06-01 06:46 - 00003072 _____ () C:\Windows\System32\Tasks\{A86BF584-E974-4761-B199-EFC4BDE010C0}
2014-05-31 21:17 - 2014-05-31 21:17 - 02347384 _____ (ESET) C:\Users\Philipp\Downloads\esetsmartinstaller_deu.exe
2014-05-31 21:16 - 2014-05-31 21:15 - 00854367 _____ () C:\Users\Philipp\Desktop\SecurityCheck.exe
2014-05-31 15:44 - 2014-05-31 15:44 - 28041256 _____ (Opera Software ASA) C:\Users\Philipp\Downloads\Opera_21.0.1432.67_Setup.exe
2014-05-31 07:30 - 2014-05-31 07:30 - 00000636 _____ () C:\Users\Philipp\Desktop\JRT.txt
2014-05-31 07:23 - 2014-05-31 07:23 - 00000000 ____D () C:\Windows\ERUNT
2014-05-31 07:20 - 2014-05-31 07:20 - 00003200 _____ () C:\Users\Philipp\Desktop\AdwCleaner[S0].txt
2014-05-31 07:16 - 2014-05-31 07:16 - 00001165 _____ () C:\Users\Philipp\Desktop\mbam.txt
2014-05-30 07:40 - 2014-05-30 07:38 - 00010180 _____ () C:\Users\Philipp\Desktop\ComboFix.txt
2014-05-30 07:39 - 2014-05-30 07:39 - 00010180 _____ () C:\cmb.txt
2014-05-30 07:38 - 2014-06-05 13:50 - 00000000 ____D () C:\Users\Philipp\AppData\Local\temp
2014-05-30 07:38 - 2014-05-30 07:38 - 00010180 _____ () C:\ComboFix.txt
2014-05-30 07:38 - 2014-05-30 07:38 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-05-30 07:38 - 2014-05-30 07:38 - 00000000 ____D () C:\Users\Gast\AppData\Local\temp
2014-05-30 07:38 - 2014-05-30 07:38 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-05-30 07:38 - 2014-05-30 07:38 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-05-30 07:17 - 2014-05-30 07:38 - 00000000 ____D () C:\Qoobox
2014-05-30 07:17 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-30 07:17 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-30 07:17 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-30 07:17 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-30 07:17 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-30 07:17 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-30 07:17 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-30 07:17 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-30 07:16 - 2014-05-30 07:37 - 00000000 ____D () C:\Windows\erdnt
2014-05-30 07:16 - 2014-05-30 07:17 - 00000000 ____D () C:\32788R22FWJFW
2014-05-30 07:13 - 2014-05-30 07:13 - 05203398 ____R (Swearware) C:\Users\Philipp\Desktop\ComboFix.exe
2014-05-29 07:08 - 2014-06-05 13:49 - 00000000 ____D () C:\FRST
2014-05-28 21:13 - 2014-05-28 21:13 - 01016261 _____ (Thisisu) C:\Users\Philipp\Desktop\JRT.exe
2014-05-28 21:06 - 2014-05-28 21:06 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Philipp\Downloads\revosetup95.exe
2014-05-28 21:02 - 2014-06-03 14:12 - 02068992 _____ (Farbar) C:\Users\Philipp\Desktop\FRST64.exe
2014-05-28 21:02 - 2014-05-28 19:36 - 01327971 _____ () C:\Users\Philipp\Desktop\adwcleaner_3.211.exe
2014-05-28 20:38 - 2014-06-01 18:40 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-28 20:38 - 2014-05-28 20:38 - 00000948 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-28 20:38 - 2014-05-28 20:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-28 20:38 - 2014-05-28 20:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-28 20:38 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-28 20:38 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-28 20:38 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-28 19:37 - 2014-06-02 16:16 - 00000000 ____D () C:\AdwCleaner
2014-05-28 16:01 - 2014-05-28 14:01 - 02031626 _____ () C:\Users\Philipp\Downloads\FW_Speedportw502v_v1.24.000 (2).bin
2014-05-28 14:02 - 2014-05-28 14:01 - 02031626 _____ () C:\Users\Philipp\Downloads\FW_Speedportw502v_v1.24.000(2).bin
2014-05-28 14:01 - 2014-05-28 14:01 - 02031626 _____ () C:\Users\Philipp\Downloads\FW_Speedportw502v_v1.24.000(1).bin
2014-05-27 22:28 - 2014-05-27 22:28 - 00000085 _____ () C:\Windows\wininit.ini
2014-05-27 21:55 - 2014-05-27 22:29 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-27 21:55 - 2014-05-27 22:28 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-27 20:26 - 2014-05-27 20:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-15 19:28 - 2014-05-06 02:46 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 19:28 - 2014-05-06 02:21 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 19:28 - 2014-05-06 02:21 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 19:28 - 2014-05-06 01:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 19:28 - 2014-05-06 01:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 19:28 - 2014-05-06 01:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 19:01 - 2014-03-25 18:30 - 12900864 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 19:01 - 2014-03-25 15:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-13 14:20 - 2014-05-13 14:20 - 00273176 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-05-13 14:20 - 2014-05-13 14:20 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-05-13 14:06 - 2014-05-13 14:06 - 00323352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00191768 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00130328 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00236312 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys

==================== One Month Modified Files and Folders =======

2014-06-05 13:50 - 2014-06-05 13:49 - 00008365 _____ () C:\Users\Philipp\Desktop\FRST.txt
2014-06-05 13:50 - 2014-05-30 07:38 - 00000000 ____D () C:\Users\Philipp\AppData\Local\temp
2014-06-05 13:49 - 2014-05-29 07:08 - 00000000 ____D () C:\FRST
2014-06-05 13:47 - 2011-08-10 16:32 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-05 13:47 - 2006-11-02 17:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-05 13:47 - 2006-11-02 17:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-05 13:47 - 2006-11-02 17:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-04 21:43 - 2009-07-10 14:09 - 01384335 _____ () C:\Windows\WindowsUpdate.log
2014-06-04 21:43 - 2006-11-02 17:42 - 00032510 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-04 21:26 - 2014-06-02 15:31 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-04 21:03 - 2012-05-31 17:52 - 00000000 ____D () C:\ProgramData\MFAData
2014-06-04 20:59 - 2011-08-10 16:32 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-04 20:28 - 2014-06-02 20:59 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\eM Client
2014-06-03 19:15 - 2013-12-13 19:33 - 00001080 _____ () C:\Windows\system32\settingsbkup.sfm
2014-06-03 19:15 - 2013-12-13 19:33 - 00001080 _____ () C:\Windows\system32\settings.sfm
2014-06-03 18:43 - 2010-11-05 21:06 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-06-03 18:43 - 2010-11-05 21:03 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-06-03 18:43 - 2009-07-08 21:32 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-03 14:52 - 2014-06-03 14:52 - 00000884 _____ () C:\Users\Philipp\Desktop\eM Client.lnk
2014-06-03 14:12 - 2014-06-01 10:48 - 00000000 ____D () C:\Users\Philipp\Desktop\FRST-OlderVersion
2014-06-03 14:12 - 2014-05-28 21:02 - 02068992 _____ (Farbar) C:\Users\Philipp\Desktop\FRST64.exe
2014-06-03 14:04 - 2014-06-03 14:04 - 00003898 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1401625260
2014-06-03 14:04 - 2014-06-01 14:21 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-06-02 20:58 - 2014-06-02 20:58 - 00000884 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eM Client.lnk
2014-06-02 20:58 - 2014-06-02 20:58 - 00000000 ____D () C:\Program Files (x86)\eM Client
2014-06-02 20:57 - 2014-06-02 20:56 - 14995456 _____ () C:\Users\Philipp\Downloads\setup.msi
2014-06-02 19:56 - 2008-01-21 05:26 - 00846494 _____ () C:\Windows\PFRO.log
2014-06-02 19:54 - 2010-04-19 15:57 - 00008843 _____ () C:\Windows\system32\lvcoinst.log
2014-06-02 19:53 - 2010-04-19 15:56 - 00000000 ____D () C:\ProgramData\LogiShrd
2014-06-02 19:53 - 2009-07-22 15:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-06-02 16:16 - 2014-05-28 19:37 - 00000000 ____D () C:\AdwCleaner
2014-06-02 15:32 - 2009-07-10 14:21 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Adobe
2014-06-02 15:31 - 2014-06-02 15:31 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-02 15:31 - 2014-06-02 15:31 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-02 15:31 - 2014-06-02 15:31 - 00003736 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-02 15:31 - 2008-05-21 11:53 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-06-02 14:43 - 2014-06-02 14:43 - 00000000 ____D () C:\Users\Philipp\Documents\Mail!!!!!
2014-06-02 14:19 - 2009-07-10 20:41 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Mozilla
2014-06-02 14:09 - 2014-06-02 14:09 - 00001106 _____ () C:\Users\Philipp\Desktop\Revo Uninstaller.lnk
2014-06-02 14:09 - 2014-06-02 14:09 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-01 20:30 - 2014-06-01 20:30 - 00000000 ____D () C:\Users\Philipp\Documents\Local Folders
2014-06-01 18:40 - 2014-05-28 20:38 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-01 14:21 - 2014-06-01 14:21 - 00000846 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-06-01 14:21 - 2014-06-01 14:21 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Opera Software
2014-06-01 14:21 - 2014-06-01 14:21 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Opera Software
2014-06-01 10:47 - 2014-06-01 10:47 - 00000822 _____ () C:\Users\Philipp\Desktop\checkup.txt
2014-06-01 06:46 - 2014-06-01 06:46 - 00003072 _____ () C:\Windows\System32\Tasks\{A86BF584-E974-4761-B199-EFC4BDE010C0}
2014-05-31 21:17 - 2014-05-31 21:17 - 02347384 _____ (ESET) C:\Users\Philipp\Downloads\esetsmartinstaller_deu.exe
2014-05-31 21:15 - 2014-05-31 21:16 - 00854367 _____ () C:\Users\Philipp\Desktop\SecurityCheck.exe
2014-05-31 15:44 - 2014-05-31 15:44 - 28041256 _____ (Opera Software ASA) C:\Users\Philipp\Downloads\Opera_21.0.1432.67_Setup.exe
2014-05-31 07:30 - 2014-05-31 07:30 - 00000636 _____ () C:\Users\Philipp\Desktop\JRT.txt
2014-05-31 07:23 - 2014-05-31 07:23 - 00000000 ____D () C:\Windows\ERUNT
2014-05-31 07:20 - 2014-05-31 07:20 - 00003200 _____ () C:\Users\Philipp\Desktop\AdwCleaner[S0].txt
2014-05-31 07:16 - 2014-05-31 07:16 - 00001165 _____ () C:\Users\Philipp\Desktop\mbam.txt
2014-05-30 07:39 - 2014-05-30 07:39 - 00010180 _____ () C:\cmb.txt
2014-05-30 07:38 - 2014-05-30 07:40 - 00010180 _____ () C:\Users\Philipp\Desktop\ComboFix.txt
2014-05-30 07:38 - 2014-05-30 07:38 - 00010180 _____ () C:\ComboFix.txt
2014-05-30 07:38 - 2014-05-30 07:38 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-05-30 07:38 - 2014-05-30 07:38 - 00000000 ____D () C:\Users\Gast\AppData\Local\temp
2014-05-30 07:38 - 2014-05-30 07:38 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-05-30 07:38 - 2014-05-30 07:38 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-05-30 07:38 - 2014-05-30 07:17 - 00000000 ____D () C:\Qoobox
2014-05-30 07:37 - 2014-05-30 07:16 - 00000000 ____D () C:\Windows\erdnt
2014-05-30 07:36 - 2006-11-02 14:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-30 07:17 - 2014-05-30 07:16 - 00000000 ____D () C:\32788R22FWJFW
2014-05-30 07:14 - 2008-05-21 15:10 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-30 07:14 - 2008-05-21 15:09 - 00674024 _____ () C:\Windows\system32\perfh007.dat
2014-05-30 07:14 - 2008-05-21 15:09 - 00146036 _____ () C:\Windows\system32\perfc007.dat
2014-05-30 07:13 - 2014-05-30 07:13 - 05203398 ____R (Swearware) C:\Users\Philipp\Desktop\ComboFix.exe
2014-05-28 21:13 - 2014-05-28 21:13 - 01016261 _____ (Thisisu) C:\Users\Philipp\Desktop\JRT.exe
2014-05-28 21:06 - 2014-05-28 21:06 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Philipp\Downloads\revosetup95.exe
2014-05-28 20:38 - 2014-05-28 20:38 - 00000948 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-28 20:38 - 2014-05-28 20:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-28 20:38 - 2014-05-28 20:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-28 19:36 - 2014-05-28 21:02 - 01327971 _____ () C:\Users\Philipp\Desktop\adwcleaner_3.211.exe
2014-05-28 14:01 - 2014-05-28 16:01 - 02031626 _____ () C:\Users\Philipp\Downloads\FW_Speedportw502v_v1.24.000 (2).bin
2014-05-28 14:01 - 2014-05-28 14:02 - 02031626 _____ () C:\Users\Philipp\Downloads\FW_Speedportw502v_v1.24.000(2).bin
2014-05-28 14:01 - 2014-05-28 14:01 - 02031626 _____ () C:\Users\Philipp\Downloads\FW_Speedportw502v_v1.24.000(1).bin
2014-05-27 23:15 - 2013-10-01 18:40 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Avg2014
2014-05-27 22:29 - 2014-05-27 21:55 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-27 22:28 - 2014-05-27 22:28 - 00000085 _____ () C:\Windows\wininit.ini
2014-05-27 22:28 - 2014-05-27 21:55 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-27 20:26 - 2014-05-27 20:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-19 18:56 - 2014-03-31 18:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-05-15 19:38 - 2009-07-08 21:25 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-15 19:34 - 2013-08-14 18:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 19:33 - 2006-11-02 14:35 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-05-13 14:20 - 2014-05-13 14:20 - 00273176 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-05-13 14:20 - 2014-05-13 14:20 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-05-13 14:06 - 2014-05-13 14:06 - 00323352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00191768 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00130328 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00236312 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2014-05-12 07:26 - 2014-05-28 20:38 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-28 20:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-28 20:38 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-10 18:55 - 2011-08-10 16:32 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-10 18:55 - 2011-08-10 16:32 - 00003856 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 02:46 - 2014-05-15 19:28 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 02:21 - 2014-05-15 19:28 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 02:21 - 2014-05-15 19:28 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 01:32 - 2014-05-15 19:28 - 12347392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 01:14 - 2014-05-15 19:28 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 01:14 - 2014-05-15 19:28 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

Some content of TEMP:
====================
C:\Users\Philipp\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-06-04 21:42

==================== End Of Log ============================

--- --- ---


Sieht denn mein Rechner soweit wieder "ok" aus?
Bin irgendwie noch ein bisschen beunruhigt.

Melde mich dann am Freitag wieder, wenn der Techniker da war.

Gruß
Gepetto

schrauber 05.06.2014 19:42

ohne extrem tiefer zu graben sieht das gut aus.

Gepetto1 06.06.2014 18:12

Hallo Schrauber,
also der Techniker war da. Leitung ist ok. So und jetzt steh ich da und bin noch mehr verzweifelt :(

Also ich schreibe dir noch einmal möglichst genau auf, was hier los ist.
Rechner verbindet sich mit dem Internet. Unter Netzwerk- und Freigabecenter steht:
Computer---Netzwerk---Internet.
Wenn ich auf "Satus von LAN-Verbindungen" und dort direkt auf "Diagnose" klicke schreibt er "es wurden keine Probleme mit der Netzwerkverbindung dieses Computers ermittelt".

Wenn ich auf der Taskleiste mit Rechtsklick auf die kleinen Monitorsymbole klicke und dort auf "Diagnose- und Reparatur" klicke schreibt er "Es wurde bestätigt, dass auf diesem Computer ein Netzwerkkonnektivitätsproblem besteht".

Wenn ich im "Netzwerk- und Freigabecenter" auf "Netzwerkverbindung verwalten" klicke, sehe ich dort "LAN Verbindung, Netzwerk, Realtek .... Aber dort taucht nicht der Router auf. Ist das richtig? Überhaupt taucht nirgens der Router auf. Wenn ich bei meinem Smart-TV auf Netzwerverbindung-Satus drücke, steht dort TV--Router--Internet. Aber am PC taucht nie irgendwo der Router auf. Ist da irgendwie was nicht richtig eingerichtet?

Ich habe den Eindruck, dass das alles erst seit dem Windows-Sicherheitsupdate vom 13.5.2014 (MS14-027) besteht. Kann mich aber auch täuschen.

Ich hänge dir jetzt noch mal verschiedene Sachen an. Ich weiß auch nicht mehr weiter.
Besonders der Auszug aus der windowsupdate.txt von heute (unter C:Windows) sieht für meine "keine Ahnung Augen" irgendwie seltsam aus. Aber wenn ich manuell auf Windows updates suchen klicke, scheint er ganz normal zu suchen. Findet halt keine updates. Gibt wahrscheinlich auch keine.

Code:

Microsoft Windows [Version 6.0.6002]
Copyright (c) 2006 Microsoft Corporation. Alle Rechte vorbehalten.

C:\Users\Philipp>ipconfig /all

Windows-IP-Konfiguration

  Hostname  . . . . . . . . . . . . : Philipp-PC
  Primäres DNS-Suffix . . . . . . . :
  Knotentyp . . . . . . . . . . . . : Hybrid
  IP-Routing aktiviert  . . . . . . : Nein
  WINS-Proxy aktiviert  . . . . . . : Nein
  DNS-Suffixsuchliste . . . . . . . : Speedport_W_502V_Typ_A

Ethernet-Adapter LAN-Verbindung:

  Verbindungsspezifisches DNS-Suffix: Speedport_W_502V_Typ_A
  Beschreibung. . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E
 Gigabit Ethernet NIC (NDIS 6.0)
  Physikalische Adresse . . . . . . : 00-26-18-24-A4-C7
  DHCP aktiviert. . . . . . . . . . : Ja
  Autokonfiguration aktiviert . . . : Ja
  IPv4-Adresse  . . . . . . . . . . : 192.168.2.104(Bevorzugt)
  Subnetzmaske  . . . . . . . . . . : 255.255.255.0
  Lease erhalten. . . . . . . . . . : Freitag, 6. Juni 2014 18:40:37
  Lease läuft ab. . . . . . . . . . : Dienstag, 10. Juni 2014 18:40:37
  Standardgateway . . . . . . . . . : 192.168.2.1
  DHCP-Server . . . . . . . . . . . : 192.168.2.1
  DNS-Server  . . . . . . . . . . . : 192.168.2.1
  NetBIOS über TCP/IP . . . . . . . : Aktiviert

Tunneladapter LAN-Verbindung* 6:

  Verbindungsspezifisches DNS-Suffix:
  Beschreibung. . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
  Physikalische Adresse . . . . . . : 02-00-54-55-4E-01
  DHCP aktiviert. . . . . . . . . . : Nein
  Autokonfiguration aktiviert . . . : Ja
  IPv6-Adresse. . . . . . . . . . . : 2001:0:5ef5:79fb:2c5f:e9e:3f57:fd97(Bevor
zugt)
  Verbindungslokale IPv6-Adresse  . : fe80::2c5f:e9e:3f57:fd97%11(Bevorzugt)
  Standardgateway . . . . . . . . . : ::
  NetBIOS über TCP/IP . . . . . . . : Deaktiviert

Tunneladapter LAN-Verbindung* 7:

  Medienstatus. . . . . . . . . . . : Medium getrennt
  Verbindungsspezifisches DNS-Suffix: Speedport_W_502V_Typ_A
  Beschreibung. . . . . . . . . . . : isatap.Speedport_W_502V_Typ_A
  Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0
  DHCP aktiviert. . . . . . . . . . : Nein
  Autokonfiguration aktiviert . . . : Ja

C:\Users\Philipp>

ipv6 habe ich deaktiviert. Habe den Eindruck, dass es dadurch stabiler läuft.

Code:

2014-06-06        16:00:36:952        1376        10d8        Misc        ===========  Logging initialized (build: 7.6.7600.256, tz: +0200)  ===========
2014-06-06        16:00:37:404        1376        10d8        Misc          = Process: C:\Windows\system32\svchost.exe
2014-06-06        16:00:37:747        1376        10d8        Misc          = Module: c:\windows\system32\wuaueng.dll
2014-06-06        16:00:36:952        1376        10d8        Service        *************
2014-06-06        16:00:38:184        1376        10d8        Service        ** START **  Service: Service startup
2014-06-06        16:00:38:262        1376        10d8        Service        *********
2014-06-06        16:00:38:434        1376        10d8        Agent          * WU client version 7.6.7600.256
2014-06-06        16:00:38:512        1376        10d8        Agent          * Base directory: C:\Windows\SoftwareDistribution
2014-06-06        16:00:38:590        1376        10d8        Agent          * Access type: No proxy
2014-06-06        16:00:38:668        1376        10d8        Agent          * Network state: Connected
2014-06-06        16:01:25:480        1376        10d8        Report        CWERReporter::Init succeeded
2014-06-06        16:01:25:480        1376        10d8        Agent        ***********  Agent: Initializing Windows Update Agent  ***********
2014-06-06        16:01:25:480        1376        10d8        Agent        ***********  Agent: Initializing global settings cache  ***********
2014-06-06        16:01:25:480        1376        10d8        Agent          * WSUS server: <NULL>
2014-06-06        16:01:25:480        1376        10d8        Agent          * WSUS status server: <NULL>
2014-06-06        16:01:25:480        1376        10d8        Agent          * Target group: (Unassigned Computers)
2014-06-06        16:01:25:480        1376        10d8        Agent          * Windows Update access disabled: No
2014-06-06        16:01:25:496        1376        10d8        DnldMgr        Download manager restoring 0 downloads
2014-06-06        16:01:25:512        1376        10d8        AU        ###########  AU: Initializing Automatic Updates  ###########
2014-06-06        16:01:25:512        1376        10d8        AU        AU setting next detection timeout to 2014-06-06 14:01:25
2014-06-06        16:01:25:512        1376        10d8        AU        AU setting next sqm report timeout to 2014-06-06 14:01:25
2014-06-06        16:01:25:512        1376        10d8        AU          # Approval type: Scheduled (User preference)
2014-06-06        16:01:25:512        1376        10d8        AU          # Scheduled install day/time: Every day at 3:00
2014-06-06        16:01:25:512        1376        10d8        AU          # Auto-install minor updates: Yes (User preference)
2014-06-06        16:01:25:839        1376        10d8        AU        Initializing featured updates
2014-06-06        16:01:25:839        1376        10d8        AU        Found 0 cached featured updates
2014-06-06        16:01:25:839        1376        10d8        AU        AU finished delayed initialization
2014-06-06        16:01:26:182        1376        10d8        Report        ***********  Report: Initializing static reporting data  ***********
2014-06-06        16:01:26:182        1376        10d8        Report          * OS Version = 6.0.6002.2.0.66304
2014-06-06        16:01:26:182        1376        10d8        Report          * OS Product Type = 0x00000003
2014-06-06        16:01:26:245        1376        10d8        Report          * Computer Brand = System manufacturer
2014-06-06        16:01:26:245        1376        10d8        Report          * Computer Model = System Product Name
2014-06-06        16:01:26:245        1376        10d8        Report          * Bios Revision = 0307 
2014-06-06        16:01:26:245        1376        10d8        Report          * Bios Name = BIOS Date: 04/28/09 14:47:25 Ver: 08.00.15
2014-06-06        16:01:26:245        1376        10d8        Report          * Bios Release Date = 2009-04-28T00:00:00
2014-06-06        16:01:26:245        1376        10d8        Report          * Locale ID = 1031
2014-06-06        16:01:26:276        1376        10d8        AU        AU setting next sqm report timeout to 2014-06-07 14:01:26
2014-06-06        16:01:26:276        1376        10d8        AU        #############
2014-06-06        16:01:26:276        1376        10d8        AU        ## START ##  AU: Search for updates
2014-06-06        16:01:26:276        1376        10d8        AU        #########
2014-06-06        16:01:26:276        1376        10d8        AU        <<## SUBMITTED ## AU: Search for updates [CallId = {E9714807-3690-46FF-BA7A-6066C7D45E06}]
2014-06-06        16:01:29:006        1376        129c        Agent        *************
2014-06-06        16:01:29:006        1376        129c        Agent        ** START **  Agent: Finding updates [CallerId = AutomaticUpdates]
2014-06-06        16:01:29:006        1376        129c        Agent        *********
2014-06-06        16:01:29:006        1376        129c        Agent          * Online = Yes; Ignore download priority = No
2014-06-06        16:01:29:006        1376        129c        Agent          * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
2014-06-06        16:01:29:006        1376        129c        Agent          * ServiceID = {7971F918-A847-4430-9279-4A52D1EFE18D} Third party service
2014-06-06        16:01:29:006        1376        129c        Agent          * Search Scope = {Machine}
2014-06-06        16:01:29:022        1376        129c        Misc        Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2014-06-06        16:01:29:053        1376        129c        Misc        Microsoft signed: Yes
2014-06-06        16:01:29:256        1376        129c        Misc        WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80190194
2014-06-06        16:01:29:256        1376        129c        Misc        WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80190194
2014-06-06        16:01:29:256        1376        129c        Misc        WARNING: DownloadFileInternal failed for hxxp://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2014-06-06        16:01:29:256        1376        129c        Misc        Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2014-06-06        16:01:29:271        1376        129c        Misc        Microsoft signed: Yes
2014-06-06        16:01:29:474        1376        129c        Misc        WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80190194
2014-06-06        16:01:29:474        1376        129c        Misc        WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80190194
2014-06-06        16:01:29:474        1376        129c        Misc        WARNING: DownloadFileInternal failed for hxxp://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2014-06-06        16:01:29:474        1376        129c        Misc        Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2014-06-06        16:01:29:474        1376        129c        Misc        Microsoft signed: Yes
2014-06-06        16:01:29:911        1376        129c        Misc        Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2014-06-06        16:01:29:911        1376        129c        Misc        Microsoft signed: Yes
2014-06-06        16:01:29:942        1376        129c        Agent        Checking for updated auth cab for service 7971f918-a847-4430-9279-4a52d1efe18d at hxxp://ds.download.windowsupdate.com/v10/1/microsoftupdate/redir/muauth.cab
2014-06-06        16:01:29:942        1376        129c        Misc        Validating signature for C:\Windows\SoftwareDistribution\AuthCabs\authcab.cab:
2014-06-06        16:01:29:942        1376        129c        Misc        Microsoft signed: Yes
2014-06-06        16:01:30:067        1376        129c        Misc        Validating signature for C:\Windows\SoftwareDistribution\AuthCabs\authcab.cab:
2014-06-06        16:01:30:067        1376        129c        Misc        Microsoft signed: Yes
2014-06-06        16:01:30:067        1376        129c        Setup        Checking for agent SelfUpdate
2014-06-06        16:01:30:067        1376        129c        Setup        Client version: Core: 7.6.7600.256  Aux: 7.6.7600.256
2014-06-06        16:01:30:082        1376        129c        Misc        Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2014-06-06        16:01:30:082        1376        129c        Misc        Microsoft signed: Yes
2014-06-06        16:01:30:270        1376        129c        Misc        WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80190194
2014-06-06        16:01:30:270        1376        129c        Misc        WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80190194
2014-06-06        16:01:30:270        1376        129c        Misc        WARNING: DownloadFileInternal failed for hxxp://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2014-06-06        16:01:30:270        1376        129c        Misc        Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2014-06-06        16:01:30:270        1376        129c        Misc        Microsoft signed: Yes
2014-06-06        16:01:30:441        1376        129c        Misc        WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80190194
2014-06-06        16:01:30:441        1376        129c        Misc        WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80190194
2014-06-06        16:01:30:441        1376        129c        Misc        WARNING: DownloadFileInternal failed for hxxp://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2014-06-06        16:01:30:441        1376        129c        Misc        Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2014-06-06        16:01:30:457        1376        129c        Misc        Microsoft signed: Yes
2014-06-06        16:01:30:644        1376        129c        Misc        Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2014-06-06        16:01:30:644        1376        129c        Misc        Microsoft signed: Yes
2014-06-06        16:01:30:644        1376        129c        Misc        Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab:
2014-06-06        16:01:30:675        1376        129c        Misc        Microsoft signed: Yes
2014-06-06        16:01:31:081        1376        129c        Misc        Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab:
2014-06-06        16:01:31:081        1376        129c        Misc        Microsoft signed: Yes
2014-06-06        16:01:31:112        1376        129c        Misc        Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wsus3setup.cab:
2014-06-06        16:01:31:128        1376        129c        Misc        Microsoft signed: Yes
2014-06-06        16:01:31:206        1376        129c        Misc        Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wsus3setup.cab:
2014-06-06        16:01:31:221        1376        129c        Misc        Microsoft signed: Yes
2014-06-06        16:01:31:268        1376        129c        Setup        Determining whether a new setup handler needs to be downloaded
2014-06-06        16:01:31:268        1376        129c        Setup        SelfUpdate handler is not found.  It will be downloaded
2014-06-06        16:01:31:268        1376        129c        Setup        Evaluating applicability of setup package "WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.256"
2014-06-06        16:01:31:268        1376        129c        Setup        Setup package "WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.256" is already installed.
2014-06-06        16:01:31:268        1376        129c        Setup        Evaluating applicability of setup package "WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256"
2014-06-06        16:01:31:284        1376        129c        Setup        Setup package "WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256" is already installed.
2014-06-06        16:01:31:284        1376        129c        Setup        Evaluating applicability of setup package "WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256"
2014-06-06        16:01:31:315        1376        129c        Setup        Setup package "WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256" is already installed.
2014-06-06        16:01:31:315        1376        129c        Setup        SelfUpdate check completed.  SelfUpdate is NOT required.
2014-06-06        16:01:47:539        1376        129c        Misc        Validating signature for C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muredir.cab:
2014-06-06        16:01:47:554        1376        129c        Misc        Microsoft signed: Yes
2014-06-06        16:01:47:586        1376        129c        Misc        Validating signature for C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muredir.cab:
2014-06-06        16:01:47:601        1376        129c        Misc        Microsoft signed: Yes
2014-06-06        16:01:47:601        1376        129c        PT        +++++++++++  PT: Synchronizing server updates  +++++++++++
2014-06-06        16:01:47:601        1376        129c        PT          + ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, Server URL = https://update.microsoft.com/v6/ClientWebService/client.asmx
2014-06-06        16:01:48:444        1376        10d8        AU        Forced install timer expired for scheduled install
2014-06-06        16:01:48:444        1376        10d8        AU        UpdateDownloadProperties: 0 download(s) are still in progress.
2014-06-06        16:01:48:444        1376        10d8        AU        Setting AU scheduled install time to 2014-06-07 01:00:00
2014-06-06        16:01:48:568        1376        129c        Agent        WARNING: Failed to evaluate Installed rule, updateId = {07AEE973-703C-4F27-83F1-3E764D9ED2C7}.202, hr = 80041010
2014-06-06        16:02:49:335        1376        129c        Driver        Matched driver to device PCI\VEN_1102&DEV_0005&SUBSYS_60071102&REV_00
2014-06-06        16:02:49:335        1376        129c        Driver        Status: 0x180200a, ProblemNumber: 00000000
2014-06-06        16:02:49:335        1376        129c        Driver        Matched driver to device PCI\VEN_10EC&DEV_8168&SUBSYS_82C61043&REV_02
2014-06-06        16:02:49:335        1376        129c        Driver        Status: 0x180200a, ProblemNumber: 00000000
2014-06-06        16:03:18:097        1376        129c        Handler        FATAL: UH: 0x80070490: EvaluateApplicability failed in CCbs::EvaluateApplicability
2014-06-06        16:03:25:759        1376        129c        Misc        Validating signature for C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muredir.cab:
2014-06-06        16:03:25:766        1376        129c        Misc        Microsoft signed: Yes
2014-06-06        16:03:25:875        1376        129c        Misc        Validating signature for C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muredir.cab:
2014-06-06        16:03:25:879        1376        129c        Misc        Microsoft signed: Yes
2014-06-06        16:03:25:883        1376        129c        PT        +++++++++++  PT: Synchronizing extended update info  +++++++++++
2014-06-06        16:03:25:883        1376        129c        PT          + ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, Server URL = https://update.microsoft.com/v6/ClientWebService/client.asmx
2014-06-06        16:03:40:212        1376        129c        Agent          * Added update {7F7BF126-E759-4D5E-A1FE-8145A56C2436}.100 to search result
2014-06-06        16:03:40:213        1376        129c        Agent          * Added update {087B85DE-3627-4A1F-BF1B-E6D3BCEA03F0}.101 to search result
2014-06-06        16:03:40:213        1376        129c        Agent        Update {FF434E78-8B6A-4860-BD0F-4AC472E29063}.101 is pruned out due to potential supersedence
2014-06-06        16:03:40:213        1376        129c        Agent        Update {566B95D4-66F6-47BA-8953-02CAEA29022C}.101 is pruned out due to potential supersedence
2014-06-06        16:03:40:213        1376        129c        Agent        Update {B932D155-4C7F-4CBC-8527-D5DF17B0A220}.101 is pruned out due to potential supersedence
2014-06-06        16:03:40:213        1376        129c        Agent        Update {B6C0F3C6-C368-4A76-A3BF-BE068C7358F0}.101 is pruned out due to potential supersedence
2014-06-06        16:03:40:213        1376        129c        Agent          * Added update {AAE5E2C7-3498-4F43-AF66-AEC06A59713F}.102 to search result
2014-06-06        16:03:40:213        1376        129c        Agent          * Added update {44D99B03-8E84-4D32-A3A7-74E062CDF914}.103 to search result
2014-06-06        16:03:40:213        1376        129c        Agent          * Added update {400D135F-03E5-45B5-A44B-16EF70722C4F}.201 to search result
2014-06-06        16:03:40:213        1376        129c        Agent          * Found 5 updates and 80 categories in search; evaluated appl. rules of 2591 out of 3944 deployed entities
2014-06-06        16:03:40:793        1376        129c        Agent        *********
2014-06-06        16:03:40:793        1376        129c        Agent        **  END  **  Agent: Finding updates [CallerId = AutomaticUpdates]
2014-06-06        16:03:40:793        1376        129c        Agent        *************
2014-06-06        16:03:40:809        1376        1230        AU        >>##  RESUMED  ## AU: Search for updates [CallId = {E9714807-3690-46FF-BA7A-6066C7D45E06}]
2014-06-06        16:03:40:809        1376        1230        AU          # 5 updates detected
2014-06-06        16:03:40:810        1376        1230        AU        #########
2014-06-06        16:03:40:810        1376        1230        AU        ##  END  ##  AU: Search for updates [CallId = {E9714807-3690-46FF-BA7A-6066C7D45E06}]
2014-06-06        16:03:40:810        1376        1230        AU        #############
2014-06-06        16:03:40:810        1376        1230        AU        #############
2014-06-06        16:03:40:810        1376        1230        AU        ## START ##  AU: Refresh featured updates info
2014-06-06        16:03:40:810        1376        1230        AU        #########
2014-06-06        16:03:40:810        1376        1230        AU        No featured updates available.
2014-06-06        16:03:40:810        1376        1230        AU        #########
2014-06-06        16:03:40:810        1376        1230        AU        ##  END  ##  AU: Refresh featured updates info
2014-06-06        16:03:40:810        1376        1230        AU        #############
2014-06-06        16:03:40:810        1376        1230        AU        AU setting next detection timeout to 2014-06-07 11:22:33
2014-06-06        16:03:40:811        1376        1230        AU        Setting AU scheduled install time to 2014-06-07 01:00:00
2014-06-06        16:03:40:813        1376        129c        Report        CWERReporter finishing event handling. (00000000)
2014-06-06        16:03:45:836        1376        129c        Report        REPORT EVENT: {B5F79A5D-F53C-4433-A60A-263E2DCF32DA}        2014-06-06 16:03:40:791+0200        1        147        101        {00000000-0000-0000-0000-000000000000}        0        0        AutomaticUpdates        Success        Software Synchronization        Windows Update Client successfully detected 5 updates.
2014-06-06        16:03:45:836        1376        129c        Report        CWERReporter finishing event handling. (00000000)
2014-06-06        16:39:23:842        1376        11dc        AU        Getting featured update notifications.  fIncludeDismissed = true
2014-06-06        16:39:23:843        1376        11dc        AU        No featured updates available.
2014-06-06        16:39:31:037        1376        11dc        AU        Triggering AU detection through DetectNow API
2014-06-06        16:39:31:037        1376        11dc        AU        Triggering Online detection (interactive)
2014-06-06        16:39:31:038        1376        10d8        AU        #############
2014-06-06        16:39:31:038        1376        10d8        AU        ## START ##  AU: Search for updates
2014-06-06        16:39:31:038        1376        10d8        AU        #########
2014-06-06        16:39:31:040        1376        10d8        AU        <<## SUBMITTED ## AU: Search for updates [CallId = {FB5CE1D8-BB8A-405D-96AD-B6DB6979469A}]
2014-06-06        16:39:31:041        1376        ee0        Agent        *************
2014-06-06        16:39:31:041        1376        ee0        Agent        ** START **  Agent: Finding updates [CallerId = AutomaticUpdates]
2014-06-06        16:39:31:041        1376        ee0        Agent        *********
2014-06-06        16:39:31:041        1376        ee0        Agent          * Online = Yes; Ignore download priority = No
2014-06-06        16:39:31:041        1376        ee0        Agent          * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
2014-06-06        16:39:31:041        1376        ee0        Agent          * ServiceID = {7971F918-A847-4430-9279-4A52D1EFE18D} Third party service
2014-06-06        16:39:31:041        1376        ee0        Agent          * Search Scope = {Machine}
2014-06-06        16:39:31:044        1376        ee0        Misc        Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2014-06-06        16:39:31:052        1376        ee0        Misc        Microsoft signed: Yes
2014-06-06        16:39:31:243        1376        ee0        Misc        WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80190194
2014-06-06        16:39:31:243        1376        ee0        Misc        WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80190194
2014-06-06        16:39:31:243        1376        ee0        Misc        WARNING: DownloadFileInternal failed for hxxp://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2014-06-06        16:39:31:243        1376        ee0        Misc        Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2014-06-06        16:39:31:247        1376        ee0        Misc        Microsoft signed: Yes
2014-06-06        16:39:31:436        1376        ee0        Misc        WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80190194
2014-06-06        16:39:31:436        1376        ee0        Misc        WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80190194
2014-06-06        16:39:31:436        1376        ee0        Misc        WARNING: DownloadFileInternal failed for hxxp://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2014-06-06        16:39:31:437        1376        ee0        Misc        Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2014-06-06        16:39:31:441        1376        ee0        Misc        Microsoft signed: Yes
2014-06-06        16:39:31:855        1376        ee0        Misc        Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2014-06-06        16:39:31:860        1376        ee0        Misc        Microsoft signed: Yes
2014-06-06        16:39:31:868        1376        ee0        Agent        Checking for updated auth cab for service 7971f918-a847-4430-9279-4a52d1efe18d at hxxp://ds.download.windowsupdate.com/v10/1/microsoftupdate/redir/muauth.cab
2014-06-06        16:39:31:868        1376        ee0        Misc        Validating signature for C:\Windows\SoftwareDistribution\AuthCabs\authcab.cab:
2014-06-06        16:39:31:873        1376        ee0        Misc        Microsoft signed: Yes
2014-06-06        16:39:32:267        1376        ee0        Misc        Validating signature for C:\Windows\SoftwareDistribution\AuthCabs\authcab.cab:
2014-06-06        16:39:32:271        1376        ee0        Misc        Microsoft signed: Yes
2014-06-06        16:39:32:271        1376        ee0        Setup        Checking for agent SelfUpdate
2014-06-06        16:39:32:272        1376        ee0        Setup        Client version: Core: 7.6.7600.256  Aux: 7.6.7600.256
2014-06-06        16:39:32:275        1376        ee0        Misc        Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2014-06-06        16:39:32:279        1376        ee0        Misc        Microsoft signed: Yes
2014-06-06        16:39:32:423        1376        ee0        Misc        WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80190194
2014-06-06        16:39:32:423        1376        ee0        Misc        WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80190194
2014-06-06        16:39:32:423        1376        ee0        Misc        WARNING: DownloadFileInternal failed for hxxp://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2014-06-06        16:39:32:424        1376        ee0        Misc        Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2014-06-06        16:39:32:428        1376        ee0        Misc        Microsoft signed: Yes
2014-06-06        16:39:32:569        1376        ee0        Misc        WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80190194
2014-06-06        16:39:32:569        1376        ee0        Misc        WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80190194
2014-06-06        16:39:32:570        1376        ee0        Misc        WARNING: DownloadFileInternal failed for hxxp://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2014-06-06        16:39:32:570        1376        ee0        Misc        Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2014-06-06        16:39:32:574        1376        ee0        Misc        Microsoft signed: Yes
2014-06-06        16:39:32:765        1376        ee0        Misc        Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2014-06-06        16:39:32:769        1376        ee0        Misc        Microsoft signed: Yes
2014-06-06        16:39:32:774        1376        ee0        Misc        Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab:
2014-06-06        16:39:32:778        1376        ee0        Misc        Microsoft signed: Yes
2014-06-06        16:39:33:279        1376        ee0        Misc        Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab:
2014-06-06        16:39:33:284        1376        ee0        Misc        Microsoft signed: Yes
2014-06-06        16:39:33:286        1376        ee0        Misc        Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wsus3setup.cab:
2014-06-06        16:39:33:290        1376        ee0        Misc        Microsoft signed: Yes
2014-06-06        16:39:33:400        1376        ee0        Misc        Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wsus3setup.cab:
2014-06-06        16:39:33:405        1376        ee0        Misc        Microsoft signed: Yes
2014-06-06        16:39:33:422        1376        ee0        Setup        Determining whether a new setup handler needs to be downloaded
2014-06-06        16:39:33:422        1376        ee0        Setup        SelfUpdate handler is not found.  It will be downloaded
2014-06-06        16:39:33:422        1376        ee0        Setup        Evaluating applicability of setup package "WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.256"
2014-06-06        16:39:33:505        1376        ee0        Setup        Setup package "WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.256" is already installed.
2014-06-06        16:39:33:506        1376        ee0        Setup        Evaluating applicability of setup package "WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256"
2014-06-06        16:39:33:528        1376        ee0        Setup        Setup package "WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256" is already installed.
2014-06-06        16:39:33:529        1376        ee0        Setup        Evaluating applicability of setup package "WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256"
2014-06-06        16:39:33:564        1376        ee0        Setup        Setup package "WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256" is already installed.
2014-06-06        16:39:33:564        1376        ee0        Setup        SelfUpdate check completed.  SelfUpdate is NOT required.
2014-06-06        16:39:49:248        1376        ee0        Misc        Validating signature for C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muredir.cab:
2014-06-06        16:39:49:253        1376        ee0        Misc        Microsoft signed: Yes
2014-06-06        16:39:49:301        1376        ee0        Misc        Validating signature for C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muredir.cab:
2014-06-06        16:39:49:305        1376        ee0        Misc        Microsoft signed: Yes
2014-06-06        16:39:49:310        1376        ee0        PT        +++++++++++  PT: Synchronizing server updates  +++++++++++
2014-06-06        16:39:49:310        1376        ee0        PT          + ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, Server URL = https://update.microsoft.com/v6/ClientWebService/client.asmx
2014-06-06        16:39:50:343        1376        ee0        Agent        WARNING: Failed to evaluate Installed rule, updateId = {07AEE973-703C-4F27-83F1-3E764D9ED2C7}.202, hr = 80041010
2014-06-06        16:40:20:484        1376        ee0        Driver        Matched driver to device PCI\VEN_1102&DEV_0005&SUBSYS_60071102&REV_00
2014-06-06        16:40:20:484        1376        ee0        Driver        Status: 0x180200a, ProblemNumber: 00000000
2014-06-06        16:40:20:484        1376        ee0        Driver        Matched driver to device PCI\VEN_10EC&DEV_8168&SUBSYS_82C61043&REV_02
2014-06-06        16:40:20:484        1376        ee0        Driver        Status: 0x180200a, ProblemNumber: 00000000
2014-06-06        16:40:25:543        1376        ee0        Handler        FATAL: UH: 0x80070490: EvaluateApplicability failed in CCbs::EvaluateApplicability
2014-06-06        16:40:30:484        1376        ee0        Misc        Validating signature for C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muredir.cab:
2014-06-06        16:40:30:489        1376        ee0        Misc        Microsoft signed: Yes
2014-06-06        16:40:30:534        1376        ee0        Misc        Validating signature for C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muredir.cab:
2014-06-06        16:40:30:538        1376        ee0        Misc        Microsoft signed: Yes
2014-06-06        16:40:30:543        1376        ee0        PT        +++++++++++  PT: Synchronizing extended update info  +++++++++++
2014-06-06        16:40:30:543        1376        ee0        PT          + ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, Server URL = https://update.microsoft.com/v6/ClientWebService/client.asmx
2014-06-06        16:40:45:246        1376        ee0        Agent          * Added update {7F7BF126-E759-4D5E-A1FE-8145A56C2436}.100 to search result
2014-06-06        16:40:45:246        1376        ee0        Agent          * Added update {087B85DE-3627-4A1F-BF1B-E6D3BCEA03F0}.101 to search result
2014-06-06        16:40:45:246        1376        ee0        Agent        Update {FF434E78-8B6A-4860-BD0F-4AC472E29063}.101 is pruned out due to potential supersedence
2014-06-06        16:40:45:246        1376        ee0        Agent        Update {566B95D4-66F6-47BA-8953-02CAEA29022C}.101 is pruned out due to potential supersedence
2014-06-06        16:40:45:246        1376        ee0        Agent        Update {B932D155-4C7F-4CBC-8527-D5DF17B0A220}.101 is pruned out due to potential supersedence
2014-06-06        16:40:45:246        1376        ee0        Agent        Update {B6C0F3C6-C368-4A76-A3BF-BE068C7358F0}.101 is pruned out due to potential supersedence
2014-06-06        16:40:45:246        1376        ee0        Agent          * Added update {AAE5E2C7-3498-4F43-AF66-AEC06A59713F}.102 to search result
2014-06-06        16:40:45:246        1376        ee0        Agent          * Added update {44D99B03-8E84-4D32-A3A7-74E062CDF914}.103 to search result
2014-06-06        16:40:45:246        1376        ee0        Agent          * Added update {400D135F-03E5-45B5-A44B-16EF70722C4F}.201 to search result
2014-06-06        16:40:45:246        1376        ee0        Agent          * Found 5 updates and 80 categories in search; evaluated appl. rules of 2591 out of 3944 deployed entities
2014-06-06        16:40:45:860        1376        ee0        Agent        *********
2014-06-06        16:40:45:860        1376        ee0        Agent        **  END  **  Agent: Finding updates [CallerId = AutomaticUpdates]
2014-06-06        16:40:45:860        1376        ee0        Agent        *************
2014-06-06        16:40:45:879        1376        10f4        AU        >>##  RESUMED  ## AU: Search for updates [CallId = {FB5CE1D8-BB8A-405D-96AD-B6DB6979469A}]
2014-06-06        16:40:45:879        1376        10f4        AU          # 5 updates detected
2014-06-06        16:40:45:879        1376        10f4        AU        #########
2014-06-06        16:40:45:879        1376        10f4        AU        ##  END  ##  AU: Search for updates [CallId = {FB5CE1D8-BB8A-405D-96AD-B6DB6979469A}]
2014-06-06        16:40:45:879        1376        10f4        AU        #############
2014-06-06        16:40:45:880        1376        10f4        AU        #############
2014-06-06        16:40:45:880        1376        10f4        AU        ## START ##  AU: Refresh featured updates info
2014-06-06        16:40:45:880        1376        10f4        AU        #########
2014-06-06        16:40:45:880        1376        10f4        AU        No featured updates available.
2014-06-06        16:40:45:880        1376        10f4        AU        #########
2014-06-06        16:40:45:880        1376        10f4        AU        ##  END  ##  AU: Refresh featured updates info
2014-06-06        16:40:45:880        1376        10f4        AU        #############
2014-06-06        16:40:45:880        1376        10f4        AU        No featured updates notifications to show
2014-06-06        16:40:45:880        1376        10f4        AU        AU setting next detection timeout to 2014-06-07 09:54:45
2014-06-06        16:40:45:880        1376        10f4        AU        Setting AU scheduled install time to 2014-06-07 01:00:00
2014-06-06        16:40:45:928        1376        11dc        AU        Getting featured update notifications.  fIncludeDismissed = true
2014-06-06        16:40:45:928        1376        11dc        AU        No featured updates available.
2014-06-06        16:40:50:859        1376        ee0        Report        REPORT EVENT: {5CD1B538-27C7-481B-9744-E0AF5048FC52}        2014-06-06 16:40:45:859+0200        1        147        101        {00000000-0000-0000-0000-000000000000}        0        0        AutomaticUpdates        Success        Software Synchronization        Windows Update Client successfully detected 5 updates.
2014-06-06        16:40:50:859        1376        ee0        Report        CWERReporter finishing event handling. (00000000)

Besonders diese ganzen "Warning" Meldungen finde ich schon seltsam, oder??????
Und diese Meldungen finde ich auch seltsam: 2014-06-06 16:39:33:422 1376 ee0 Setup SelfUpdate handler is not found. It will be downloaded
2014-06-06 16:39:33:422 1376 ee0 Setup Evaluating applicability of setup package "WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.256"
2014-06-06 16:39:33:505 1376 ee0 Setup Setup package "WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.256" is already installed.
2014-06-06 16:39:33:506 1376 ee0 Setup Evaluating applicability of setup package "WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256"
2014-06-06 16:39:33:528 1376 ee0 Setup Setup package "WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256" is already installed.
2014-06-06 16:39:33:529 1376 ee0 Setup Evaluating applicability of setup package "WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256"
2014-06-06 16:39:33:564 1376 ee0 Setup Setup package "WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256" is already installed.
2014-06-06 16:39:33:564 1376 ee0 Setup SelfUpdate check completed. SelfUpdate is NOT required.

Und diese Meldungen stehen aunfassbar häufig in der PFRO.TXT unter C:Windows. Hier nur ein kleiner Auszug
Code:

6/1/2014 13:48:19 - PFRO Error: \??\C:\Windows\TEMP\logishrd\, |delete operation|, 0xc0000101
6/1/2014 13:48:19 - 3 Successful PFRO operations

6/1/2014 13:58:51 - PFRO Error: \??\C:\Windows\TEMP\logishrd\, |delete operation|, 0xc0000101
6/1/2014 13:58:51 - 3 Successful PFRO operations

6/1/2014 15:42:27 - PFRO Error: \??\C:\Windows\TEMP\logishrd\, |delete operation|, 0xc0000101
6/1/2014 15:42:27 - 3 Successful PFRO operations

6/1/2014 18:35:43 - PFRO Error: \??\C:\Windows\TEMP\logishrd\, |delete operation|, 0xc0000101
6/1/2014 18:35:43 - 3 Successful PFRO operations

6/2/2014 14:8:5 - PFRO Error: \??\C:\Windows\TEMP\logishrd\, |delete operation|, 0xc0000101
6/2/2014 14:8:5 - 3 Successful PFRO operations

6/2/2014 14:25:29 - PFRO Error: \??\C:\Windows\TEMP\logishrd\, |delete operation|, 0xc0000101
6/2/2014 14:25:30 - 5 Successful PFRO operations

6/2/2014 15:11:19 - PFRO Error: \??\C:\Windows\TEMP\logishrd\, |delete operation|, 0xc0000101
6/2/2014 15:11:19 - 3 Successful PFRO operations

6/2/2014 15:35:53 - PFRO Error: \??\C:\Windows\TEMP\logishrd\, |delete operation|, 0xc0000101
6/2/2014 15:35:53 - 3 Successful PFRO operations

6/2/2014 16:18:57 - PFRO Error: \??\C:\ProgramData\DataMngr\stats.cfg, |delete operation|, 0xc000003a
6/2/2014 16:18:57 - PFRO Error: \??\C:\Windows\TEMP\logishrd\, |delete operation|, 0xc0000101
6/2/2014 16:18:57 - 3 Successful PFRO operations

6/2/2014 18:36:24 - PFRO Error: \??\C:\Windows\TEMP\logishrd\, |delete operation|, 0xc0000101
6/2/2014 18:36:25 - 3 Successful PFRO operations

6/2/2014 18:56:1 - PFRO Error: \??\C:\Windows\TEMP\logishrd\, |delete operation|, 0xc0000101
6/2/2014 18:56:1 - 3 Successful PFRO operations

6/2/2014 19:56:40 - PFRO Error: \??\C:\Windows\TEMP\logishrd\, |delete operation|, 0xc0000101
6/2/2014 19:56:40 - 3 Successful PFRO operations

Das sieht mir aber sehr sehr seltsam aus!!!!!! Oder??

und diesen Eintrag habe ich im Routermenu heute unter "Systemmeldungen" gefunden
Code:

06.06.2014 16:14:41 **TCP FIN Scan** 192.168.2.104, 57633->>
Was weiß ich, was mit dem Rechner hier los ist....
Oder sollte mich das alles einfach nicht stören? Weil wie gesagt ins Internet komme ich ja eigentlich ganz normal.

Gruß
Gepetto

schrauber 07.06.2014 11:24

Zitat:

Aber dort taucht nicht der Router auf. Ist das richtig?
korrekt.
Zitat:

Überhaupt taucht nirgens der Router auf.
normal.

JEtzt mal ne Frage:
Hast Du irgendwelche richtigen bemerkbaren Probleme oder nur diese Sachen die die stören weil du es nicht besser weißt?

Gepetto1 07.06.2014 12:43

Hallo Schrauber,
also ich habe noch einmal alles ganz genau angeschaut.
Und zwar kurz vor meinem ersten post bei euch hat AVG bei einem kompletten Computerscan folgendes gefunden und gelöscht.

Bedrohung: Beschädigte ausführbare Datei
C:\.....\Temporary Internet Files\Content.IE5\YUMWSO2V\public-update-13586[1]

Ich habe herausgefunden, dass dies mit einem plugin von picasa zu tun haben muss.

Nun habe ich im Ordner "Temporary Internet Files" folgende ASPX Datei gefunden
Code:

hxxp://info.music.metaservices.microsoft.com/cdinfo/GetMDRCDPOSTURL.aspx?locale=407&geoid=5e&version=11.0.6002.18311&userlocale=407&requestID=E2CDB820-A546-43DB-B541-3C84664EA3BE
Wenn ich nun diese Datei z.B. kopieren möchte und sie auf dem Desktop einfügen möchte, steht dort folgendes: Das Element befindet sich nicht mehr in C:\.....\Temporary Internet Files\Content.IE5\YUMWSO2V\public-update-13586[1].
Eben genau dort, welches AVG gelöscht und als Bedrohung erkannt hat.
Kannst Du mir denn sagen, ob diese GetMDRCDPOSTURL.aspx harmlos ist??

Des weiteren habe ich bei euch, glaube ich irgendwo unter FAQ gelesen, dass in den Interneteinstellungen (Eigenschaften von Internet), da Opera diese Einstellungen verwendet, keine Einträge unter "LAN Einstellung--Einstellung für lokales Netzwerk---Proxyserver stehen sollen.
Bei mir ist es nun so, dass dort zwar kein Hacken bei Proxyserver für LAN verwenden gesetzt ist, aber bei Port steht 80. Ist aber alles grau hinterlegt
Wenn ich nun den Hacken setzte und den Port lösche, steht dann sofort wieder 80 drin. Hatte in Erinnerung das bei euch stand, dass das nicht sein darf.
Es ist auch kein Hacken bei "Automatische Suche der Einstellung" gesetzt. Soll ich das vielleicht mal machen? Vielleicht liegt es ja daran, dass bei mir immer Netzwerkkonnektivitätsproblem steht.


Ich habe einfach nur große Sorge, dass mein Rechner (über LAN) sich irgendwie noch etvl. wo anders hin verbindet, ohne das ich es merke und deshalb bei "Diagnose- und Reparatur" steht, dass es ein Netzwerkkonnektivitätsproblem gibt. Da ich ja bei euch gelesen habe, dass ja bei den LAN Einstellungen eigentlich nichts sethen soll. Auch nicht unter Port 80, wie bei mir.

Ich weiß, dass ich deine Nerven arg strapaziere. Vielleicht kannst du mir damit ja noch einmal helfen/zur Klärung beitragen.

Danach würde ich dann alles mal löschen wollen.Vielleicht kannst du mir dann, wenn alles soweit nun doch ok sein sollte noch sagen, in welcher Reihenfolge und ob ich irgendwie mal meine ganzen Temps löschen kann.

Gruß
Gepetto

schrauber 08.06.2014 09:43

Das sind doch nur Temp-Files :)

Setz mal den Haken bei Automatisch, dann das:

Downloade dir bitte Farbar's MiniToolBox auf deinen Desktop und starte das Tool

Setze einen Haken bei folgenden Einträgen
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset IE Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
  • List Minidump Files
Klicke Go und poste den Inhalt der Result.txt.


Ebenso bitte mal ein frisches FRST log.

Gepetto1 08.06.2014 10:12

Hallo Schrauber,

bevor ich MiniToolbox laufen lassen möchte, würde ich gerne deine Aufmerksamkeit mal auf folgendes legen.

Ich habe noch einmal securitycheck laufen lassen und dort folgende interessante Entdeckung gemacht. Sieh selbst :)

Code:

Results of screen317's Security Check version 0.99.83 
 Windows Vista Service Pack 2 x64 (UAC is enabled) 
 Internet Explorer 9 
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
AVG AntiVirus Free Edition 2014 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player        13.0.0.214 
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Thunderbird (24.5.0)
````````Process Check: objlist.exe by Laurent```````` 
 AVG avgwdsvc.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````

IE8 UND IE9 auf einem Rechner??? Da kann doch was nicht stimmen, oder?

hier mal das brndlog

Code:

03/16/2012 19:12:56 Checking for existence of Branding Active Setup stub...
03/16/2012 19:12:56 InternetExplorerBrandGUID didn't exist: Branding component not installed
03/16/2012 19:12:56 Inf Version is set to "9,00,8112,16421".

03/16/2012 19:12:56    COM initialized with S_OK success code.

03/16/2012 19:12:56 Branding Internet Explorer...
03/16/2012 19:12:56 Command line is "/mode:isp /peruser".

03/16/2012 19:12:56 Global branding settings are:
03/16/2012 19:12:56    Context is (0x01C00008) "Internet Content Providers, running from per-user stub";
03/16/2012 19:12:56    Settings file is        "C:\Program Files (x86)\Internet Explorer\Signup\install.ins";
03/16/2012 19:12:56    Target folder path is  "C:\Program Files (x86)\Internet Explorer\Signup".
03/16/2012 19:12:56 Done.

03/16/2012 19:12:56    About to clear previous branding...
03/16/2012 19:12:56    Done.

03/16/2012 19:12:56    Processing migration of old settings...
03/16/2012 19:12:56    Done.

03/16/2012 19:12:56    Processing wininet setup...
03/16/2012 19:12:56    There are no connection settings to process!
03/16/2012 19:12:56    Done.

03/16/2012 19:12:56    Processing deletion of connection settings...
03/16/2012 19:12:56    Existing connection settings weren't specified to be deleted!
03/16/2012 19:12:56    Done.

03/16/2012 19:12:56    Processing zones HKCU settings...
03/16/2012 19:12:56    Done.

03/16/2012 19:12:56    Processing local machine policies and restrictions...
03/16/2012 19:12:56    There are no local machine *.inf files to process!
03/16/2012 19:12:56    Done.

03/16/2012 19:12:56    Processing current user policies and restrictions...
03/16/2012 19:12:56    There are no current user *.inf files to process!
03/16/2012 19:12:56    Done.

03/16/2012 19:12:56    Processing legacy policies and restrictions...
03/16/2012 19:12:56        There are no local machine *.inf files to process!
03/16/2012 19:12:56        There are no current user *.inf files to process!
03/16/2012 19:12:56    There are no legacy *.inf files to process!
03/16/2012 19:12:56    Done.

03/16/2012 19:12:56    Processing general customizations...
03/16/2012 19:12:56    Done.

03/16/2012 19:12:56    Processing Help->About customization...
03/16/2012 19:12:56    Done.

03/16/2012 19:12:56    Processing browser toolbar buttons...
03/16/2012 19:12:56    There are no toolbar buttons to process!
03/16/2012 19:12:56    Done.

03/16/2012 19:12:56    Processing root certificates...
03/16/2012 19:12:56    This feature is for ISPs only!
03/16/2012 19:12:56    Done.

03/16/2012 19:12:56    Processing default favorites and/or quick links...
03/16/2012 19:12:56    Creating separate thread for processing default favorites...

03/16/2012 19:12:56    COM initialized with S_OK success code.
03/16/2012 19:12:56    Done.

03/16/2012 19:12:56    Processing deletion of favorites and/or quick links...
03/16/2012 19:12:56    None of the favorites folders were specified to be deleted!
03/16/2012 19:12:56    Done.

03/16/2012 19:12:56    Processing favorites...
03/16/2012 19:12:56    There are no favorites to add!
03/16/2012 19:12:56    Done.

03/16/2012 19:12:56    Processing ordering of favorites...
03/16/2012 19:12:56    Favorites will be put into the default position!
03/16/2012 19:12:56    Done.

03/16/2012 19:12:56    Processing quick links...
03/16/2012 19:12:56    There are no quick links to add!
03/16/2012 19:12:56    Done.

03/16/2012 19:12:56    Processing ordering of quick links...
03/16/2012 19:12:56    Quick Links will be put into the default position!
03/16/2012 19:12:56    Done.

03/16/2012 19:12:56    Processing connection settings...
03/16/2012 19:12:56    There are no connection settings to process!
03/16/2012 19:12:56    Done.

03/16/2012 19:12:56    Processing TrustedPublisherLockdown restriction...
03/16/2012 19:12:56    This restriction is not set!
03/16/2012 19:12:56    Done.

03/16/2012 19:12:56    Creating feeds...
03/16/2012 19:12:56 Processing [Feeds] section...

03/16/2012 19:12:56 Processing [FavoritesBar] section for Feeds...

03/16/2012 19:12:56 Processing [FavoritesBar] section for WebSlices...

03/16/2012 19:12:56    Done.

03/16/2012 19:12:56    Creating start pages...
03/16/2012 19:12:56    There are no start pages to add!
03/16/2012 19:12:56    Done.

03/16/2012 19:12:56    Creating search providers...
03/16/2012 19:12:56    There are no search providers to add!
03/16/2012 19:12:56    Done.

03/16/2012 19:12:56    Installing Activities...
03/16/2012 19:12:56    There are no Actitivies to Install!
03/16/2012 19:12:56    Done.

03/16/2012 19:12:56    Installing Unattend Favorite bar items...
03/16/2012 19:12:56 Cannot Open Registry Key HKCU\SOFTWARE\Microsoft\Internet Explorer\AppliedUnattend [error=2]. It probably doesn't exist. Not an error.
03/16/2012 19:12:56 ProcessUnattendFavBarItems processing favbaritems from location: SOFTWARE\Microsoft\Internet Explorer\UnattendBackup\ActiveSetup\FavoriteBarItems
03/16/2012 19:12:56 Successfully opened regkey location: SOFTWARE\Microsoft\Internet Explorer\UnattendBackup\ActiveSetup\FavoriteBarItems
03/16/2012 19:12:56 Number of subkeys found: 0
03/16/2012 19:12:56    Done.

03/16/2012 19:12:56    Installing Unattend Activites...
03/16/2012 19:12:56 Cannot Open Registry Key HKCU\SOFTWARE\Microsoft\Internet Explorer\AppliedUnattend [error=2]. It probably doesn't exist. Not an error.
03/16/2012 19:12:56 ProcessUnattendActivities processing activities from location: SOFTWARE\Microsoft\Internet Explorer\UnattendBackup\ActiveSetup\Accelerators
03/16/2012 19:12:56 Successfully opened regkey location: SOFTWARE\Microsoft\Internet Explorer\UnattendBackup\ActiveSetup\Accelerators
03/16/2012 19:12:56 Number of subkeys found: 0
03/16/2012 19:12:56    Done.

03/16/2012 19:12:56    Refreshing browser settings...
03/16/2012 19:12:56    Broadcasting "Windows settings change" to all top level windows...
03/16/2012 19:12:56    Done.
03/16/2012 19:12:56 Done.
03/16/2012 19:12:56 Done.

des Weiteren findet sich dort auch noch ne brndlog.bak

So und dann sollte laut microsoft support folgendes unter msinfo32 zu finden sein.

Code:

So stellen Sie unter Windows Vista manuell fest, ob der Winsock2-Schlüssel beschädigt ist

Klicken Sie auf Start und auf Ausführen, geben Sie Msinfo32 ein, und klicken Sie auf OK.
Erweitern Sie Komponenten und Netzwerk, und klicken Sie auf Protokoll.
Unter Protokoll werden zehn Abschnitte angezeigt. Die Abschnittsüberschriften enthalten folgende Namen, wenn der Winsock2-Schlüssel unbeschädigt ist:
MSAFD Tcpip [UDP/IP]
MSAFD Tcpip [UDP/IP]
MSAFD Tcpip [TCP/IPv6]
MSAFD Tcpip [UDP/IPv6]
RSVP UDP Service Provider
RSVP TCP Service Provider
RSVP UDPv6 Service Provider
RSVP TCPv6 Service Provider
MSAFD NetBIOS [\Device\NetBT_Tcpip...
MSAFD NetBIOS [\Device\NetBT_Tcpip...
MSAFD NetBIOS [\Device\NetBT_Tcpip...
MSAFD NetBIOS [\Device\NetBT_Tcpip...
MSAFD NetBIOS [\Device\NetBT_Tcpip...
MSAFD NetBIOS [\Device\NetBT_Tcpip...
Wenn die Namen sich von denen in der vorstehenden Liste unterscheiden, ist entweder der Winsock2-Schlüssel beschädigt, oder auf Ihrem Computer ist ein Add-On eines Drittanbieters, zum Beispiel eine Proxysoftware, installiert.
Wenn auf Ihrem Computer ein Drittanbieter-Add-On installiert ist, werden die Buchstaben "MSAFD" in der Liste durch den Namen des Add-Ons ersetzt.

Wenn die Liste mehr als zehn Abschnitte enthält, sind auf Ihrem Computer Drittanbieter-Add-Ons installiert.

Sind weniger als zehn Abschnitte enthalten, fehlen Informationen.

Bei mir gibt es aber überhaupt keinen einzigen Eintrag, der mit "MSAFD NetBIOS [\Device\NetBT_Tcpip..." anfängt. Komisch....

Also bevor ich MiniToolBox laufen lassen möchte, da dies ja auch meine IP Proxy settings resetet, wäre es toll, wenn wir erst einmal versuchen könnten, diese alte IE8 Version verschwinden zu lassen. Denn sonst kann man vielleicht ja gar nichts richtig einstellen (z.B. Proxy Settings etc.)

Falls Du meinst, ich sollte trotzdem vorher schon Minitoolbox laufen lassen, gib mir kurz Bescheid, dann kann ich das gleich erledigen.

Übrigens habe ich leider immer noch vereinzelt Verbindungsabbrüche.
Und Danke nochmal!!!!!!!!

Gruß
Gepetto

schrauber 08.06.2014 10:30

Zitat:

IE8 UND IE9 auf einem Rechner??? Da kann doch was nicht stimmen, oder?
Securitycheck hat nen Macken, sonst nix :)

Gepetto1 08.06.2014 15:31

Hallo Schrauber,
so...jetzt wirds, glaub ich, ein bisschen länger. Ja,ja...ich seh schon wie du die Hände über dem Kopf zusammen schlägst :)
Also erst einmal das minitoolbox log und ein frisches Frst und Addition log

Code:

MiniToolBox by Farbar  Version: 23-01-2014
Ran by Philipp (administrator) on 08-06-2014 at 13:24:52
Running from "C:\Users\Philipp\Desktop"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows-IP-Konfiguration

Der DNS-Aufl”sungscache wurde geleert.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1      localhost

========================= IP Configuration: ================================

Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0) = LAN-Verbindung (Connected)


# ----------------------------------
# IPv4-Konfiguration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# Ende der IPv4-Konfiguration



Windows-IP-Konfiguration

  Hostname  . . . . . . . . . . . . : Philipp-PC
  Prim„res DNS-Suffix . . . . . . . :
  Knotentyp . . . . . . . . . . . . : Hybrid
  IP-Routing aktiviert  . . . . . . : Nein
  WINS-Proxy aktiviert  . . . . . . : Nein
  DNS-Suffixsuchliste . . . . . . . : Speedport_W_502V_Typ_A

Ethernet-Adapter LAN-Verbindung:

  Verbindungsspezifisches DNS-Suffix: Speedport_W_502V_Typ_A
  Beschreibung. . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
  Physikalische Adresse . . . . . . : 00-26-18-24-A4-C7
  DHCP aktiviert. . . . . . . . . . : Ja
  Autokonfiguration aktiviert . . . : Ja
  IPv4-Adresse  . . . . . . . . . . : 192.168.2.104(Bevorzugt)
  Subnetzmaske  . . . . . . . . . . : 255.255.255.0
  Lease erhalten. . . . . . . . . . : Sonntag, 8. Juni 2014 13:17:42
  Lease l„uft ab. . . . . . . . . . : Donnerstag, 12. Juni 2014 13:17:42
  Standardgateway . . . . . . . . . : 192.168.2.1
  DHCP-Server . . . . . . . . . . . : 192.168.2.1
  DNS-Server  . . . . . . . . . . . : 192.168.2.1
  NetBIOS ber TCP/IP . . . . . . . : Aktiviert

Tunneladapter LAN-Verbindung* 6:

  Verbindungsspezifisches DNS-Suffix:
  Beschreibung. . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
  Physikalische Adresse . . . . . . : 02-00-54-55-4E-01
  DHCP aktiviert. . . . . . . . . . : Nein
  Autokonfiguration aktiviert . . . : Ja
  IPv6-Adresse. . . . . . . . . . . : 2001:0:9d38:6ab8:28ef:121f:3f57:fd97(Bevorzugt)
  Verbindungslokale IPv6-Adresse  . : fe80::28ef:121f:3f57:fd97%11(Bevorzugt)
  Standardgateway . . . . . . . . . : ::
  NetBIOS ber TCP/IP . . . . . . . : Deaktiviert

Tunneladapter LAN-Verbindung* 7:

  Medienstatus. . . . . . . . . . . : Medium getrennt
  Verbindungsspezifisches DNS-Suffix: Speedport_W_502V_Typ_A
  Beschreibung. . . . . . . . . . . : isatap.Speedport_W_502V_Typ_A
  Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0
  DHCP aktiviert. . . . . . . . . . : Nein
  Autokonfiguration aktiviert . . . : Ja
Server:  speedport.ip
Address:  192.168.2.1

Name:    google.com
Addresses:  2a00:1450:4001:c02::66
          173.194.70.113
          173.194.70.101
          173.194.70.102
          173.194.70.138
          173.194.70.139
          173.194.70.100



Ping wird ausgefhrt fr google.com [173.194.70.100] mit 32 Bytes Daten:

Antwort von 173.194.70.100: Bytes=32 Zeit=25ms TTL=50

Antwort von 173.194.70.100: Bytes=32 Zeit=25ms TTL=50



Ping-Statistik fr 173.194.70.100:

    Pakete: Gesendet = 2, Empfangen = 2, Verloren = 0 (0% Verlust),

Ca. Zeitangaben in Millisek.:

    Minimum = 25ms, Maximum = 25ms, Mittelwert = 25ms

Server:  speedport.ip
Address:  192.168.2.1

Name:    yahoo.com
Addresses:  98.139.183.24
          206.190.36.45
          98.138.253.109



Ping wird ausgefhrt fr yahoo.com [98.138.253.109] mit 32 Bytes Daten:

Antwort von 98.138.253.109: Bytes=32 Zeit=149ms TTL=53

Antwort von 98.138.253.109: Bytes=32 Zeit=143ms TTL=53



Ping-Statistik fr 98.138.253.109:

    Pakete: Gesendet = 2, Empfangen = 2, Verloren = 0 (0% Verlust),

Ca. Zeitangaben in Millisek.:

    Minimum = 143ms, Maximum = 149ms, Mittelwert = 146ms



Ping wird ausgefhrt fr 127.0.0.1 mit 32 Bytes Daten:

Antwort von 127.0.0.1: Bytes=32 Zeit<1ms TTL=128

Antwort von 127.0.0.1: Bytes=32 Zeit<1ms TTL=128



Ping-Statistik fr 127.0.0.1:

    Pakete: Gesendet = 2, Empfangen = 2, Verloren = 0 (0% Verlust),

Ca. Zeitangaben in Millisek.:

    Minimum = 0ms, Maximum = 0ms, Mittelwert = 0ms

===========================================================================
Schnittstellenliste
 10 ...00 26 18 24 a4 c7 ...... Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
  1 ........................... Software Loopback Interface 1
 11 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
 12 ...00 00 00 00 00 00 00 e0  isatap.Speedport_W_502V_Typ_A
===========================================================================

IPv4-Routentabelle
===========================================================================
Aktive Routen:
    Netzwerkziel    Netzwerkmaske          Gateway    Schnittstelle Metrik
          0.0.0.0          0.0.0.0      192.168.2.1    192.168.2.104    20
        127.0.0.0        255.0.0.0  Auf Verbindung        127.0.0.1    306
        127.0.0.1  255.255.255.255  Auf Verbindung        127.0.0.1    306
  127.255.255.255  255.255.255.255  Auf Verbindung        127.0.0.1    306
      192.168.2.0    255.255.255.0  Auf Verbindung    192.168.2.104    276
    192.168.2.104  255.255.255.255  Auf Verbindung    192.168.2.104    276
    192.168.2.255  255.255.255.255  Auf Verbindung    192.168.2.104    276
        224.0.0.0        240.0.0.0  Auf Verbindung        127.0.0.1    306
        224.0.0.0        240.0.0.0  Auf Verbindung    192.168.2.104    276
  255.255.255.255  255.255.255.255  Auf Verbindung        127.0.0.1    306
  255.255.255.255  255.255.255.255  Auf Verbindung    192.168.2.104    276
===========================================================================
St„ndige Routen:
  Keine

IPv6-Routentabelle
===========================================================================
Aktive Routen:
 If Metrik Netzwerkziel            Gateway
 11    18 ::/0                    Auf Verbindung
  1    306 ::1/128                  Auf Verbindung
 11    18 2001::/32                Auf Verbindung
 11    266 2001:0:9d38:6ab8:28ef:121f:3f57:fd97/128
                                    Auf Verbindung
 11    266 fe80::/64                Auf Verbindung
 11    266 fe80::28ef:121f:3f57:fd97/128
                                    Auf Verbindung
  1    306 ff00::/8                Auf Verbindung
 11    266 ff00::/8                Auf Verbindung
===========================================================================
St„ndige Routen:
  Keine
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [61440] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/08/2014 01:18:17 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/08/2014 01:14:53 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/08/2014 11:02:09 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (06/08/2014 11:00:28 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/08/2014 08:16:28 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/07/2014 08:15:43 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/07/2014 02:52:05 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (06/07/2014 01:15:39 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/07/2014 01:07:32 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/07/2014 08:43:19 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (06/08/2014 01:19:57 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (06/08/2014 01:18:17 PM) (Source: Service Control Manager) (User: )
Description: Beep
i8042prt

Error: (06/08/2014 01:16:01 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (06/08/2014 01:14:54 PM) (Source: Service Control Manager) (User: )
Description: Beep
i8042prt

Error: (06/08/2014 11:02:20 AM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (06/08/2014 11:00:29 AM) (Source: Service Control Manager) (User: )
Description: Beep
i8042prt

Error: (06/08/2014 08:18:43 AM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (06/08/2014 08:16:29 AM) (Source: Service Control Manager) (User: )
Description: Beep
i8042prt

Error: (06/07/2014 08:17:05 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (06/07/2014 08:15:44 PM) (Source: Service Control Manager) (User: )
Description: Beep
i8042prt


Microsoft Office Sessions:
=========================
Error: (06/08/2014 01:18:17 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/08/2014 01:14:53 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/08/2014 11:02:09 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifestC:\Users\Philipp\Downloads\esetsmartinstaller_deu.exe

Error: (06/08/2014 11:00:28 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/08/2014 08:16:28 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/07/2014 08:15:43 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/07/2014 02:52:05 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifestC:\Users\Philipp\Downloads\esetsmartinstaller_deu.exe

Error: (06/07/2014 01:15:39 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/07/2014 01:07:32 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/07/2014 08:43:19 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-06-07 13:17:12.838
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-07 13:17:12.698
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-07 13:17:12.542
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-07 13:17:12.402
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-07 13:17:12.090
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-07 13:17:11.918
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-07 13:17:11.731
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-07 13:17:11.575
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-07 13:17:11.325
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-07 13:17:11.185
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


=========================== Installed Programs ============================

AVG 2014 (Version: 14.0.3955)
AVG 2014 (Version: 14.0.4592)
AVG 2014 (Version: 2014.0.4592)
CPUID CPU-Z 1.69
Logitech Gaming Software 5.04 (Version: 5.04.110)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938)
Microsoft .NET Framework 4.5.1 (Deutsch) (Version: 4.5.50938)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
NVIDIA 3D Vision Controller-Treiber 331.82 (Version: 331.82)
NVIDIA Grafiktreiber 331.82 (Version: 331.82)
NVIDIA Install Application (Version: 2.1002.140.952)
NVIDIA PhysX-Systemsoftware 9.13.0725 (Version: 9.13.0725)
NVIDIA Systemsteuerung 331.82 (Version: 331.82)
Paint.NET v3.5.10 (Version: 3.60.0)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)

========================= Memory info: ===================================

Percentage of memory in use: 27%
Total physical RAM: 6134.17 MB
Available physical RAM: 4442.95 MB
Total Pagefile: 12379.88 MB
Available Pagefile: 10679.76 MB
Total Virtual: 4095.88 MB
Available Virtual: 4001.13 MB

========================= Partitions: =====================================

1 Drive c: (Windows) (Fixed) (Total:931.51 GB) (Free:608.52 GB) NTFS

========================= Users: ========================================

Benutzerkonten fr \\PHILIPP-PC

Administrator            Gast                    Philipp                 
Der Befehl wurde erfolgreich ausgefhrt.

========================= Minidump Files ==================================

No minidump file found


**** End of log ****


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-06-2014
Ran by Philipp (administrator) on PHILIPP-PC on 08-06-2014 15:47:43
Running from C:\Users\Philipp\Desktop
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
(Microsoft Corporation) C:\Windows\SysWOW64\conime.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Opera Software) C:\Program Files (x86)\Opera\22.0.1471.50\opera.exe
() C:\Program Files (x86)\Opera\22.0.1471.50\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\22.0.1471.50\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\22.0.1471.50\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\22.0.1471.50\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\22.0.1471.50\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\22.0.1471.50\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\22.0.1471.50\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\22.0.1471.50\opera.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [123400 2009-01-21] (Logitech Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA3FB10447E45CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_37 - C:\Windows\SysWOW64\npdeployJava1.dll No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-10-15] ()

==================== Drivers (Whitelisted) ====================

S4 ahcix64s; C:\Windows\system32\drivers\ahcix64s.sys [154256 2007-08-10] (Promise Technology, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-21] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [236312 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [191768 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [323352 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130328 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [273176 2014-05-13] (AVG Technologies CZ, s.r.o.)
S1 Beep; No ImagePath
S4 fttxr5_O; C:\Windows\system32\drivers\fttxr5_o.sys [230408 2007-10-25] (Promise Technology, Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15680 2006-11-01] ()
S4 nvrd64; C:\Windows\system32\drivers\nvrd64.sys [160288 2008-04-07] (NVIDIA Corporation)
S3 SaiH0BAC; C:\Windows\System32\DRIVERS\SaiH0BAC.sys [176128 2007-07-13] (Saitek)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz131; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz131\cpuz_x64.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 lvpopf64; system32\DRIVERS\lvpopf64.sys [X]
S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [X]
S3 LVRS64; system32\DRIVERS\lvrs64.sys [X]
S3 LVUVC64; system32\DRIVERS\lvuvc64.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-08 15:47 - 2014-06-08 15:47 - 00009108 _____ () C:\Users\Philipp\Desktop\FRST.txt
2014-06-08 13:24 - 2014-06-08 13:25 - 00022917 _____ () C:\Users\Philipp\Desktop\Result.txt
2014-06-08 11:02 - 2014-06-08 11:01 - 00982016 _____ (Farbar) C:\Users\Philipp\Desktop\MiniToolBox.exe
2014-06-03 14:52 - 2014-06-03 14:52 - 00000884 _____ () C:\Users\Philipp\Desktop\eM Client.lnk
2014-06-03 14:04 - 2014-06-03 14:04 - 00003898 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1401625260
2014-06-02 20:59 - 2014-06-08 13:24 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\eM Client
2014-06-02 20:58 - 2014-06-05 20:43 - 00000884 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eM Client.lnk
2014-06-02 20:58 - 2014-06-05 20:43 - 00000000 ____D () C:\Program Files (x86)\eM Client
2014-06-02 20:56 - 2014-06-02 20:57 - 14995456 _____ () C:\Users\Philipp\Downloads\setup.msi
2014-06-02 15:31 - 2014-06-08 15:25 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-02 15:31 - 2014-06-02 15:31 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-02 15:31 - 2014-06-02 15:31 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-02 15:31 - 2014-06-02 15:31 - 00003736 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-02 14:43 - 2014-06-02 14:43 - 00000000 ____D () C:\Users\Philipp\Documents\Mail!!!!!
2014-06-02 14:09 - 2014-06-02 14:09 - 00001106 _____ () C:\Users\Philipp\Desktop\Revo Uninstaller.lnk
2014-06-02 14:09 - 2014-06-02 14:09 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-01 20:30 - 2014-06-01 20:30 - 00000000 ____D () C:\Users\Philipp\Documents\Local Folders
2014-06-01 14:21 - 2014-06-03 14:04 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-06-01 14:21 - 2014-06-01 14:21 - 00000846 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-06-01 14:21 - 2014-06-01 14:21 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Opera Software
2014-06-01 14:21 - 2014-06-01 14:21 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Opera Software
2014-06-01 10:48 - 2014-06-07 11:01 - 00000000 ____D () C:\Users\Philipp\Desktop\FRST-OlderVersion
2014-06-01 06:46 - 2014-06-01 06:46 - 00003072 _____ () C:\Windows\System32\Tasks\{A86BF584-E974-4761-B199-EFC4BDE010C0}
2014-05-31 21:17 - 2014-05-31 21:17 - 02347384 _____ (ESET) C:\Users\Philipp\Downloads\esetsmartinstaller_deu.exe
2014-05-31 21:16 - 2014-05-31 21:15 - 00854367 _____ () C:\Users\Philipp\Desktop\SecurityCheck.exe
2014-05-31 15:44 - 2014-05-31 15:44 - 28041256 _____ (Opera Software ASA) C:\Users\Philipp\Downloads\Opera_21.0.1432.67_Setup.exe
2014-05-31 07:23 - 2014-05-31 07:23 - 00000000 ____D () C:\Windows\ERUNT
2014-05-30 07:39 - 2014-05-30 07:39 - 00010180 _____ () C:\cmb.txt
2014-05-30 07:38 - 2014-06-08 15:47 - 00000000 ____D () C:\Users\Philipp\AppData\Local\temp
2014-05-30 07:38 - 2014-05-30 07:38 - 00010180 _____ () C:\ComboFix.txt
2014-05-30 07:38 - 2014-05-30 07:38 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-05-30 07:38 - 2014-05-30 07:38 - 00000000 ____D () C:\Users\Gast\AppData\Local\temp
2014-05-30 07:38 - 2014-05-30 07:38 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-05-30 07:38 - 2014-05-30 07:38 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-05-30 07:17 - 2014-05-30 07:38 - 00000000 ____D () C:\Qoobox
2014-05-30 07:17 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-30 07:17 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-30 07:17 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-30 07:17 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-30 07:17 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-30 07:17 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-30 07:17 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-30 07:17 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-30 07:16 - 2014-05-30 07:37 - 00000000 ____D () C:\Windows\erdnt
2014-05-30 07:16 - 2014-05-30 07:17 - 00000000 ____D () C:\32788R22FWJFW
2014-05-30 07:13 - 2014-05-30 07:13 - 05203398 ____R (Swearware) C:\Users\Philipp\Desktop\ComboFix.exe
2014-05-29 07:08 - 2014-06-08 15:47 - 00000000 ____D () C:\FRST
2014-05-28 21:13 - 2014-05-28 21:13 - 01016261 _____ (Thisisu) C:\Users\Philipp\Desktop\JRT.exe
2014-05-28 21:06 - 2014-05-28 21:06 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Philipp\Downloads\revosetup95.exe
2014-05-28 21:02 - 2014-06-07 11:01 - 02072576 _____ (Farbar) C:\Users\Philipp\Desktop\FRST64.exe
2014-05-28 21:02 - 2014-05-28 19:36 - 01327971 _____ () C:\Users\Philipp\Desktop\adwcleaner_3.211.exe
2014-05-28 20:38 - 2014-06-05 20:23 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-28 20:38 - 2014-05-28 20:38 - 00000948 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-28 20:38 - 2014-05-28 20:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-28 20:38 - 2014-05-28 20:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-28 20:38 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-28 20:38 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-28 20:38 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-28 19:37 - 2014-06-02 16:16 - 00000000 ____D () C:\AdwCleaner
2014-05-28 16:01 - 2014-05-28 14:01 - 02031626 _____ () C:\Users\Philipp\Downloads\FW_Speedportw502v_v1.24.000 (2).bin
2014-05-28 14:02 - 2014-05-28 14:01 - 02031626 _____ () C:\Users\Philipp\Downloads\FW_Speedportw502v_v1.24.000(2).bin
2014-05-28 14:01 - 2014-05-28 14:01 - 02031626 _____ () C:\Users\Philipp\Downloads\FW_Speedportw502v_v1.24.000(1).bin
2014-05-27 22:28 - 2014-05-27 22:28 - 00000085 _____ () C:\Windows\wininit.ini
2014-05-27 21:55 - 2014-05-27 22:29 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-27 21:55 - 2014-05-27 22:28 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-27 20:26 - 2014-05-27 20:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-15 19:28 - 2014-05-06 02:46 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 19:28 - 2014-05-06 02:21 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 19:28 - 2014-05-06 02:21 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 19:28 - 2014-05-06 01:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 19:28 - 2014-05-06 01:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 19:28 - 2014-05-06 01:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 19:01 - 2014-03-25 18:30 - 12900864 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 19:01 - 2014-03-25 15:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-13 14:20 - 2014-05-13 14:20 - 00273176 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-05-13 14:20 - 2014-05-13 14:20 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-05-13 14:06 - 2014-05-13 14:06 - 00323352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00191768 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00130328 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00236312 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys

==================== One Month Modified Files and Folders =======

2014-06-08 15:47 - 2014-06-08 15:47 - 00009108 _____ () C:\Users\Philipp\Desktop\FRST.txt
2014-06-08 15:47 - 2014-05-30 07:38 - 00000000 ____D () C:\Users\Philipp\AppData\Local\temp
2014-06-08 15:47 - 2014-05-29 07:08 - 00000000 ____D () C:\FRST
2014-06-08 15:25 - 2014-06-02 15:31 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-08 15:17 - 2006-11-02 17:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-08 15:17 - 2006-11-02 17:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-08 14:59 - 2011-08-10 16:32 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-08 14:37 - 2012-05-31 17:52 - 00000000 ____D () C:\ProgramData\MFAData
2014-06-08 13:25 - 2014-06-08 13:24 - 00022917 _____ () C:\Users\Philipp\Desktop\Result.txt
2014-06-08 13:24 - 2014-06-02 20:59 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\eM Client
2014-06-08 13:21 - 2009-07-10 14:09 - 01485671 _____ () C:\Windows\WindowsUpdate.log
2014-06-08 13:17 - 2011-08-10 16:32 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-08 13:17 - 2006-11-02 17:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-08 13:16 - 2006-11-02 17:42 - 00032510 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-08 11:01 - 2014-06-08 11:02 - 00982016 _____ (Farbar) C:\Users\Philipp\Desktop\MiniToolBox.exe
2014-06-07 11:01 - 2014-06-01 10:48 - 00000000 ____D () C:\Users\Philipp\Desktop\FRST-OlderVersion
2014-06-07 11:01 - 2014-05-28 21:02 - 02072576 _____ (Farbar) C:\Users\Philipp\Desktop\FRST64.exe
2014-06-07 09:50 - 2011-12-13 19:22 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Paint.NET
2014-06-05 20:43 - 2014-06-02 20:58 - 00000884 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eM Client.lnk
2014-06-05 20:43 - 2014-06-02 20:58 - 00000000 ____D () C:\Program Files (x86)\eM Client
2014-06-05 20:23 - 2014-05-28 20:38 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-03 19:15 - 2013-12-13 19:33 - 00001080 _____ () C:\Windows\system32\settingsbkup.sfm
2014-06-03 19:15 - 2013-12-13 19:33 - 00001080 _____ () C:\Windows\system32\settings.sfm
2014-06-03 18:43 - 2010-11-05 21:06 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-06-03 18:43 - 2010-11-05 21:03 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-06-03 18:43 - 2009-07-08 21:32 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-03 14:52 - 2014-06-03 14:52 - 00000884 _____ () C:\Users\Philipp\Desktop\eM Client.lnk
2014-06-03 14:04 - 2014-06-03 14:04 - 00003898 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1401625260
2014-06-03 14:04 - 2014-06-01 14:21 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-06-02 20:57 - 2014-06-02 20:56 - 14995456 _____ () C:\Users\Philipp\Downloads\setup.msi
2014-06-02 19:56 - 2008-01-21 05:26 - 00846494 _____ () C:\Windows\PFRO.log
2014-06-02 19:54 - 2010-04-19 15:57 - 00008843 _____ () C:\Windows\system32\lvcoinst.log
2014-06-02 19:53 - 2010-04-19 15:56 - 00000000 ____D () C:\ProgramData\LogiShrd
2014-06-02 19:53 - 2009-07-22 15:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-06-02 16:16 - 2014-05-28 19:37 - 00000000 ____D () C:\AdwCleaner
2014-06-02 15:32 - 2009-07-10 14:21 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Adobe
2014-06-02 15:31 - 2014-06-02 15:31 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-02 15:31 - 2014-06-02 15:31 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-02 15:31 - 2014-06-02 15:31 - 00003736 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-02 15:31 - 2008-05-21 11:53 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-06-02 14:43 - 2014-06-02 14:43 - 00000000 ____D () C:\Users\Philipp\Documents\Mail!!!!!
2014-06-02 14:19 - 2009-07-10 20:41 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Mozilla
2014-06-02 14:09 - 2014-06-02 14:09 - 00001106 _____ () C:\Users\Philipp\Desktop\Revo Uninstaller.lnk
2014-06-02 14:09 - 2014-06-02 14:09 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-01 20:30 - 2014-06-01 20:30 - 00000000 ____D () C:\Users\Philipp\Documents\Local Folders
2014-06-01 14:21 - 2014-06-01 14:21 - 00000846 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-06-01 14:21 - 2014-06-01 14:21 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Opera Software
2014-06-01 14:21 - 2014-06-01 14:21 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Opera Software
2014-06-01 06:46 - 2014-06-01 06:46 - 00003072 _____ () C:\Windows\System32\Tasks\{A86BF584-E974-4761-B199-EFC4BDE010C0}
2014-05-31 21:17 - 2014-05-31 21:17 - 02347384 _____ (ESET) C:\Users\Philipp\Downloads\esetsmartinstaller_deu.exe
2014-05-31 21:15 - 2014-05-31 21:16 - 00854367 _____ () C:\Users\Philipp\Desktop\SecurityCheck.exe
2014-05-31 15:44 - 2014-05-31 15:44 - 28041256 _____ (Opera Software ASA) C:\Users\Philipp\Downloads\Opera_21.0.1432.67_Setup.exe
2014-05-31 07:23 - 2014-05-31 07:23 - 00000000 ____D () C:\Windows\ERUNT
2014-05-30 07:39 - 2014-05-30 07:39 - 00010180 _____ () C:\cmb.txt
2014-05-30 07:38 - 2014-05-30 07:38 - 00010180 _____ () C:\ComboFix.txt
2014-05-30 07:38 - 2014-05-30 07:38 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-05-30 07:38 - 2014-05-30 07:38 - 00000000 ____D () C:\Users\Gast\AppData\Local\temp
2014-05-30 07:38 - 2014-05-30 07:38 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-05-30 07:38 - 2014-05-30 07:38 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-05-30 07:38 - 2014-05-30 07:17 - 00000000 ____D () C:\Qoobox
2014-05-30 07:37 - 2014-05-30 07:16 - 00000000 ____D () C:\Windows\erdnt
2014-05-30 07:36 - 2006-11-02 14:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-30 07:17 - 2014-05-30 07:16 - 00000000 ____D () C:\32788R22FWJFW
2014-05-30 07:14 - 2008-05-21 15:10 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-30 07:14 - 2008-05-21 15:09 - 00674024 _____ () C:\Windows\system32\perfh007.dat
2014-05-30 07:14 - 2008-05-21 15:09 - 00146036 _____ () C:\Windows\system32\perfc007.dat
2014-05-30 07:13 - 2014-05-30 07:13 - 05203398 ____R (Swearware) C:\Users\Philipp\Desktop\ComboFix.exe
2014-05-28 21:13 - 2014-05-28 21:13 - 01016261 _____ (Thisisu) C:\Users\Philipp\Desktop\JRT.exe
2014-05-28 21:06 - 2014-05-28 21:06 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Philipp\Downloads\revosetup95.exe
2014-05-28 20:38 - 2014-05-28 20:38 - 00000948 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-28 20:38 - 2014-05-28 20:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-28 20:38 - 2014-05-28 20:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-28 19:36 - 2014-05-28 21:02 - 01327971 _____ () C:\Users\Philipp\Desktop\adwcleaner_3.211.exe
2014-05-28 14:01 - 2014-05-28 16:01 - 02031626 _____ () C:\Users\Philipp\Downloads\FW_Speedportw502v_v1.24.000 (2).bin
2014-05-28 14:01 - 2014-05-28 14:02 - 02031626 _____ () C:\Users\Philipp\Downloads\FW_Speedportw502v_v1.24.000(2).bin
2014-05-28 14:01 - 2014-05-28 14:01 - 02031626 _____ () C:\Users\Philipp\Downloads\FW_Speedportw502v_v1.24.000(1).bin
2014-05-27 23:15 - 2013-10-01 18:40 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Avg2014
2014-05-27 22:29 - 2014-05-27 21:55 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-27 22:28 - 2014-05-27 22:28 - 00000085 _____ () C:\Windows\wininit.ini
2014-05-27 22:28 - 2014-05-27 21:55 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-27 20:26 - 2014-05-27 20:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-19 18:56 - 2014-03-31 18:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-05-15 19:38 - 2009-07-08 21:25 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-15 19:34 - 2013-08-14 18:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 19:33 - 2006-11-02 14:35 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-05-13 14:20 - 2014-05-13 14:20 - 00273176 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-05-13 14:20 - 2014-05-13 14:20 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-05-13 14:06 - 2014-05-13 14:06 - 00323352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00191768 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00130328 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00236312 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2014-05-12 07:26 - 2014-05-28 20:38 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-28 20:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-28 20:38 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-10 18:55 - 2011-08-10 16:32 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-10 18:55 - 2011-08-10 16:32 - 00003856 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

Some content of TEMP:
====================
C:\Users\Philipp\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-06-08 13:24

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---


Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-06-2014
Ran by Philipp at 2014-06-08 15:48:04
Running from C:\Users\Philipp\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4592 - AVG Technologies)
AVG 2014 (Version: 14.0.3955 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4592 - AVG Technologies) Hidden
Call of Duty: Modern Warfare 3 - Dedicated Server (HKLM-x32\...\Steam App 42750) (Version:  - Infinity Ward - Sledgehammer Games)
Call of Duty: Modern Warfare 3 - Multiplayer (HKLM-x32\...\Steam App 42690) (Version:  - Infinity Ward - Sledgehammer Games)
Call of Duty: Modern Warfare 3 (HKLM-x32\...\Steam App 42680) (Version:  - Infinity Ward - Sledgehammer Games)
CPUID CPU-Z 1.69 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Creative Audio-Systemsteuerung (HKLM-x32\...\AudioCS) (Version:  - )
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version:  - )
Crysis(R) (HKLM-x32\...\{000E79B7-E725-4F01-870A-C12942B7F8E4}) (Version: 1.20.0000 - Electronic Arts)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{349F73CA-653A-43A6-AE77-970B07D6EDA0}) (Version:  - Microsoft)
Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)
eM Client (HKLM-x32\...\{D8EE8B05-41AD-40C3-A18B-E7ECEDAABD26}) (Version: 6.0.20480.0 - eM Client Inc.)
F1 2010 (HKLM-x32\...\GFWL_{434D0831-3E0C-4D03-A5D4-5E1000008400}) (Version: 1.0.0000.132 - Codemasters)
F1 2010 (x32 Version: 1.0.0000.132 - Codemasters) Hidden
F1 2010 (x32 Version: 1.0.0001.132 - Codemasters) Hidden
F1 2011 (HKLM-x32\...\GFWL_{434D0FA1-3E0C-4D03-A5D4-5E1000008100}) (Version: 1.0.0000.129 - Codemasters)
F1 2011 (x32 Version: 1.0.0000.129 - Codemasters) Hidden
F1 2011 (x32 Version: 1.0.0001.129 - Codemasters) Hidden
F1 2011 (x32 Version: 1.0.0002.129 - Codemasters) Hidden
F1 2013 (HKLM-x32\...\Steam App 223670) (Version:  - Codemasters Birmingham)
Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.05 - Ubisoft)
Flight Simulator X (HKLM-x32\...\RTMshadow_{7D606567-5047-451A-B49E-29FCB6012B4E}) (Version:  - )
Flight Simulator X Service Pack 1 (HKLM-x32\...\SP1shadow_{7D606567-5047-451A-B49E-29FCB6012B4E}) (Version:  - )
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Logitech Gaming Software 5.04 (HKLM\...\{8753DF4D-64B0-474E-9A97-0AB5585D9A53}) (Version: 5.04.110 - Logitech)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Flight Simulator X (x32 Version: 10.0.60905 - Microsoft Game Studios) Hidden
Microsoft Flight Simulator X: Acceleration (HKLM-x32\...\FlightSim_{7D606567-5047-451A-B49E-29FCB6012B4E}) (Version: 10.0.61637.0 - Microsoft Game Studios)
Microsoft Flight Simulator X: Acceleration (x32 Version: 10.0.61637.0 - Microsoft Game Studios) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Thunderbird 24.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM-x32\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser und SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller-Treiber 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 331.82 - NVIDIA Corporation)
NVIDIA Grafiktreiber 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.82 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.140.952 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Systemsteuerung 331.82 (Version: 331.82 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Opera Stable 22.0.1471.50 (HKLM-x32\...\Opera 22.0.1471.50) (Version: 22.0.1471.50 - Opera Software ASA)
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Rapture3D 2.4.9 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5854 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}) (Version: 8.0.0.35 - GRISOFT, s.r.o.)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)

==================== Restore Points  =========================

10-06-2013 18:33:24 Geplanter Prüfpunkt
12-06-2013 16:45:29 Windows Update
10-07-2013 16:49:49 Windows Update
14-08-2013 16:46:50 Windows Update
28-08-2013 17:18:27 Windows Update
12-09-2013 16:48:58 Windows Update
21-09-2013 17:03:11 Removed Java(TM) 6 Update 3
21-09-2013 17:04:13 Removed Java(TM) 6 Update 5
21-09-2013 17:05:11 Removed Java(TM) 6 Update 3
21-09-2013 17:14:34 Removed Java(TM) 6 Update 3
21-09-2013 17:47:47 Removed Java(TM) 6 Update 3
21-09-2013 17:48:25 Removed Java(TM) 6 Update 3
21-09-2013 18:03:31 Wiederherstellungspunkt vor Fehlerhafte Patchregistrierungsschlüssel
21-09-2013 18:05:13 Removed Java(TM) 6 Update 37
01-10-2013 16:43:39 Installed AVG 2014
01-10-2013 16:45:01 Installed AVG 2014
10-10-2013 16:42:20 Windows Update
14-10-2013 14:32:24 Gerätetreiber-Paketinstallation: NVIDIA Grafikkarte
14-10-2013 14:35:51 Gerätetreiber-Paketinstallation: NVIDIA Corporation Audio-, Video- und Gamecontroller
14-10-2013 14:36:40 Gerätetreiber-Paketinstallation: NVIDIA USB-Controller
14-10-2013 17:14:25 DirectX wurde installiert
15-10-2013 07:39:00 Installiert Far Cry 3
31-10-2013 17:28:40 Gerätetreiber-Paketinstallation: NVIDIA Grafikkarte
31-10-2013 17:32:09 Gerätetreiber-Paketinstallation: NVIDIA Corporation Audio-, Video- und Gamecontroller
31-10-2013 17:33:11 Gerätetreiber-Paketinstallation: NVIDIA USB-Controller
13-11-2013 17:13:00 Windows Update
20-11-2013 17:38:53 Gerätetreiber-Paketinstallation: NVIDIA Grafikkarte
20-11-2013 17:43:27 Gerätetreiber-Paketinstallation: NVIDIA Corporation Audio-, Video- und Gamecontroller
20-11-2013 17:44:33 Gerätetreiber-Paketinstallation: NVIDIA USB-Controller
20-11-2013 17:45:57 Windows Update
21-11-2013 14:54:28 Windows Update
13-12-2013 17:19:09 Windows Update
15-01-2014 17:18:41 Windows Update
13-02-2014 17:23:08 Windows Update
13-02-2014 17:56:42 Installed AVG 2014
12-03-2014 17:37:07 Windows Update
09-04-2014 16:21:10 Windows Update
18-04-2014 17:23:25 Geplanter Prüfpunkt
30-04-2014 17:12:36 Installed AVG 2014
02-05-2014 17:19:06 Windows Update
03-05-2014 19:08:49 Geplanter Prüfpunkt
08-05-2014 19:03:11 Geplanter Prüfpunkt
14-05-2014 19:39:12 Geplanter Prüfpunkt
15-05-2014 17:27:36 Windows Update
24-05-2014 17:49:47 Geplanter Prüfpunkt
25-05-2014 17:15:51 Geplanter Prüfpunkt
02-06-2014 12:14:11 Revo Uninstaller's restore point - Mozilla Firefox 29.0.1 (x86 de)
02-06-2014 12:18:19 Revo Uninstaller's restore point - Mozilla Firefox 29.0.1 (x86 de)
02-06-2014 13:02:30 Revo Uninstaller's restore point - Windows Media Player Firefox Plugin
02-06-2014 13:08:30 Revo Uninstaller's restore point - Adobe Shockwave Player
02-06-2014 13:25:31 Revo Uninstaller's restore point - Adobe Flash Player 13 Plugin
02-06-2014 17:52:33 Removed Logitech Webcam Software.
02-06-2014 17:54:13 Logitech Webcam Software v12.10.1110
02-06-2014 18:57:40 Installed eM Client
03-06-2014 12:05:28 Revo Uninstaller's restore point - Mozilla Maintenance Service
05-06-2014 18:42:30 Installed eM Client

==================== Hosts content: ==========================

2006-11-02 14:34 - 2014-05-30 07:36 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {053E07D4-BF57-4777-AB86-2503FFB01905} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-10] (Google Inc.)
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {55BE9422-28E2-4700-A01E-1FCF1D40A620} - System32\Tasks\Opera scheduled Autoupdate 1401625260 => C:\Program Files (x86)\Opera\launcher.exe [2014-05-27] (Opera Software)
Task: {72539E3E-11DA-47CA-A173-02739CA95D54} - System32\Tasks\{DC3C511F-86D5-41EF-B546-2B08E434B6EF} => C:\Program Files (x86)\Skype\Phone\Skype.exe
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {844584A5-E187-4702-BCCB-906B3C92C738} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {94810335-FB9F-4177-9D98-0DBBE92CD2F6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-02] (Adobe Systems Incorporated)
Task: {D272EFE4-B9B3-4F54-A2AA-0E2618E38D88} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-10] (Google Inc.)
Task: {DE93CB4F-5D56-4AF7-8001-27E17F8F0803} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe

==================== Loaded Modules (whitelisted) =============

2013-10-15 09:59 - 2013-10-15 09:59 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-06-03 14:04 - 2014-06-03 14:04 - 01396344 _____ () C:\Program Files (x86)\Opera\22.0.1471.50\opera_crashreporter.exe
2009-07-10 15:19 - 2008-12-04 12:57 - 00146432 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2014-06-03 14:04 - 2014-06-03 14:03 - 00957048 _____ () C:\Program Files (x86)\Opera\22.0.1471.50\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: LogitechQuickCamRibbon => "C:\Programme\Logitech\Logitech WebCam Software\LWS.exe" /hide
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/08/2014 01:18:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/08/2014 01:14:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/08/2014 11:02:09 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (06/08/2014 11:00:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/08/2014 08:16:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/07/2014 08:15:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/07/2014 02:52:05 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (06/07/2014 01:15:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/07/2014 01:07:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/07/2014 08:43:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (06/08/2014 01:19:57 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (06/08/2014 01:18:17 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Beep
i8042prt

Error: (06/08/2014 01:16:01 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (06/08/2014 01:14:54 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Beep
i8042prt

Error: (06/08/2014 11:02:20 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (06/08/2014 11:00:29 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Beep
i8042prt

Error: (06/08/2014 08:18:43 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (06/08/2014 08:16:29 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Beep
i8042prt

Error: (06/07/2014 08:17:05 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (06/07/2014 08:15:44 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Beep
i8042prt


Microsoft Office Sessions:
=========================
Error: (06/08/2014 01:18:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/08/2014 01:14:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/08/2014 11:02:09 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifestC:\Users\Philipp\Downloads\esetsmartinstaller_deu.exe

Error: (06/08/2014 11:00:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/08/2014 08:16:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/07/2014 08:15:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/07/2014 02:52:05 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifestC:\Users\Philipp\Downloads\esetsmartinstaller_deu.exe

Error: (06/07/2014 01:15:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/07/2014 01:07:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/07/2014 08:43:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-06-08 15:48:00.688
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-08 15:48:00.526
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-08 15:48:00.363
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-08 15:48:00.200
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-08 15:48:00.035
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-08 15:47:59.840
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-08 15:47:59.676
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-08 15:47:59.513
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-08 15:47:59.282
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-08 15:47:59.120
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 43%
Total physical RAM: 6134.17 MB
Available physical RAM: 3449.88 MB
Total Pagefile: 12449.88 MB
Available Pagefile: 9560.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:931.51 GB) (Free:608.5 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: 61491321)
Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================

So und nun komm ich...

Die Fehlerbeschreibung mit dem "//./root/CIMV2"... Dazu habe ich folgendes gefunden:
Code:

Nachdem Sie Windows Vista Service Pack 1 (SP1) oder Windows Server 2008 installiert haben, wird im Anwendungsprotokoll der folgende WMI-Fehler protokolliert:
Protokollname: Anwendung
Quelle: Microsoft-Windows-WMI
Datum: 1/18/2008 2:37:27 PM
Ereigniskennung: 10
Taskkategorie: Keine
Stufe: Fehler
Stichwörter: Klassisch
Beschreibung: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage >
99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist

Zur Lösung dieses Problems führen Sie ein Skript aus, um die Ausgabe von Meldungen mit der Ereignis-ID 10 zu beenden. Gehen Sie folgendermaßen vor, um dieses Skript auszuführen:
Erstellen Sie in einem Texteditor wie Notepad ein neues Textdokument mit dem Namen "Test.vbs".
Fügen Sie den folgenden Code in die Datei "test.vbs" ein:
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" _
& strComputer & "\root\subscription")

Set obj1 = objWMIService.Get("__EventFilter.Name='BVTFilter'")

set obj2set = obj1.Associators_("__FilterToConsumerBinding")

set obj3set = obj1.References_("__FilterToConsumerBinding")



For each obj2 in obj2set
                WScript.echo "Deleting the object"
                WScript.echo obj2.GetObjectText_
                obj2.Delete_
Weiter

For each obj3 in obj3set
                WScript.echo "Deleting the object"
                WScript.echo obj3.GetObjectText_
                obj3.Delete_
Weiter

WScript.echo "Deleting the object"
WScript.echo obj1.GetObjectText_
obj1.Delete_
Nachdem Sie dieses Skript ausgeführt haben, werden keine Meldungen zur Ereignis-ID 10 mehr im Anwendungsprotokoll angezeigt. Sie müssen jedoch alle vorherigen Meldungen mit der Ereignis-ID 10 manuell deaktivieren.

Hinweis Stellen Sie sicher, dass Sie nur die relevanten Meldungen mit der Ereignis-ID 10 löschen. Möglicherweise sind andere Meldungen mit der Ereignis-ID 10 vorhanden, die Sie nicht löschen sollten.
Für Windows 7 und Windows Server 2008 R2 ist eine Fix It-Lösung für Meldungen mit der Ereignis-ID 10 verfügbar, zu der Sie im folgenden Artikel der Microsoft Knowledge Base weitere Informationen finden:
2545227 Nach der Installation von Windows Vista Service Pack 1 oder Windows Server 2008 R2 wird im Anwendungsprotokoll die Ereignis-ID 10 protokolliert

Zum Anfang | Ihr Feedback an uns
Collapse imageWeitere Informationen

Die oben aufgeführte Fehlermeldung mit Ereignis-ID 10 kann getrost ignoriert werden, da sie nicht auf ein Problem mit dem Service Pack oder Betriebssystem hinweist.

Also sollte mich das eigentlich nit stören/beunruhigen. Gell??

Aber... Unter der Computerverwaltung bei windowsprotokolle Sicherheit tauchen sehr häufig (eigntlich immer wenn der Pc an ist) folgende Meldungen auf
Code:

+ System

  - Provider

  [ Name]  Microsoft-Windows-Security-Auditing
  [ Guid]  {54849625-5478-4994-a5ba-3e3b0328c30d}
 
  EventID 4624
 
  Version 0
 
  Level 0
 
  Task 12544
 
  Opcode 0
 
  Keywords 0x8020000000000000
 
  - TimeCreated

  [ SystemTime]  2014-06-08T08:59:48.248Z
 
  EventRecordID 143287
 
  Correlation
 
  - Execution

  [ ProcessID]  1000
  [ ThreadID]  1092
 
  Channel Security
 
  Computer Philipp-PC
 
  Security
 

- EventData

  SubjectUserSid S-1-0-0
  SubjectUserName -
  SubjectDomainName -
  SubjectLogonId 0x0
  TargetUserSid S-1-5-7
  TargetUserName ANONYMOUS-ANMELDUNG
  TargetDomainName NT-AUTORITÄT
  TargetLogonId 0x352ca
  LogonType 3
  LogonProcessName NtLmSsp 
  AuthenticationPackageName NTLM
  WorkstationName 
  LogonGuid {00000000-0000-0000-0000-000000000000}
  TransmittedServices -
  LmPackageName NTLM V1
  KeyLength 0
  ProcessId 0x0
  ProcessName -
  IpAddress -
  IpPort -

Was heißt hier "ANONYMOUS-ANMELDUNG"?????

Unter "Administrative Ereignisse" stehen jeden Tag folgende Fehler:
1. "Fehler bei der Anwendungsinitialisierung [ Name] Microsoft-Windows-
LanguagePackSetup [ Guid] {7237fff9-a08a-4804-9c79-4a8704b70b87}
2. "Das laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: Beep i8042prt
3. "Fehler beim Generieren des Aktivierungskontextes für C:\Windows\Users\Philipp\Downloads\esetsmartinstaller_deu.exe
C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest
C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest

Und der wahrscheinlich wichtigste Fehler, der auch evtl zu den Netzwerkabbrüchen führt:
"Quelle:PlugnPlayManager--Der Dienst "avgwd" (das ist das Antivirenprogramm) war möglicherweise für Geräteereignisbenachrichtigungen nicht deregistriert , bevor er beendet wurde"

Also wie ich den sidebyside Fehler durch esetsmartinstaller unter downloads beheben kann, das kannst du mir ja sicher erklären.

Der Fehler mit //./root/CIMV2 ist ja wohl auch microsoft bekannt und kann ignoriert.

Der Fehler mit dem LanguagePackSetup, da wieß ich auch nicht, wie der zu beheben ist.

Und das nicht laden können von "Beep i8042prt", da wieß ich auch nicht wie man das beheben kann.

Der Fehler von AVG... ja da warte ich mal auf ein Programmupdate. Ansonsten fliegt es runter und AVAST kommt drauf.

So zum Schluss noch. Was sagst du denn zu meiner Beobachtung, dass unter msinfo32--Netzwerke jegliche Eintragungen mit "MSAFD NetBIOS [\Device\NetBT_Tcpip..." fehlen, die ja laut microsoft eigentlich da sein müssten?
und was bedeutet dieser Eintrag im FRST log "BHO-x32: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File"

Viel Spaß beim Antworten ;)

Gruß
Gepetto

schrauber 09.06.2014 07:02

Das ist nur ein Browser Helper Object von Java.

FRST und MInitoolbox sind sauber. In der Ereignisanzeige stehen grundsätlich immer jeder Pups drin. Da kann man sich monatelang dran aufhängen.


Also du hast, neben dem KRam den du in irgendwelchen Logs findest, also wirklich bemerkbare Netzwerkabbrüche?


http://www.trojaner-board.de/126216-...epair-aio.html

Gepetto1 09.06.2014 08:37

Hallo Schrauber,
also du meinst mein Rechner ist sauber? Online banking etc. wieder bedenkenlos möglich?
Das wäre ja perfekt. :-)
Also zu den Netzwerkabbrüchen. Ja, es gibt sie noch. Mit opera aber nicht mehr. Es MUSS mit avg zusammenhängen. Denn wenn ich auf z.B. update bei avg klicke und er fertig mit seinem update ist, trennt sich die Verbindung.

Ich werde avg mal deinstallieren und neu installieren. Wenn das nix hilft, versuche ich Avast.

Kannst du mir noch schreiben, in welcher reihenfolge ich die ganzen programme wie z.b. combofix etc. wieder deinstallieren soll? Das wäre super.

Und nocheinmal vielen vielen vielen Dank für deine Geduld und Mühe!!!

Da mein Rechner ja wohl sauber ist, denke ich, dass ich mich nun hier verabschieden kann.

Gruß
Gepetto

schrauber 09.06.2014 16:05

Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Gepetto1 09.06.2014 18:22

Hi,
super. Danke.

Hab leider noch die letzten Fragen an dich. Dann bist du mich los ;)

Also im FRST log steht ja folgendes:

Code:

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 lvpopf64; system32\DRIVERS\lvpopf64.sys [X]
S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [X]
S3 LVRS64; system32\DRIVERS\lvrs64.sys [X]
S3 LVUVC64; system32\DRIVERS\lvuvc64.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

Ich gehe mal davon aus, dass diese ganzen .sys nicht mehr bei mir vorhanden sind.
Z.B. LVUVC64.sys, LVPr2M64.sys, LVRS64.sys, lvpopf64.sys gehören zur Logitech Webcam. Diese hatte ich aber mit Revo eigentlich deinstalliert. Bei der Deinstallation poppte allerdings ein Fenster mit irgendeinem roten Kreuz auf. Weiß leider nicht mehr was da stand. Jedenfalls gibt es keinen Ordner mehr.
Müssen diese Prozesse noch irgendwie "gekillt" werden??

Des weiteren taucht dort ja folgendes auf
Code:

S1 Beep; No ImagePath
muss ich das beachten?

Dann wollte ich noch fragen, ob ich folgenden Task einfach deaktivieren bzw.löschen kann, da der angegeben Ordner schon bestimmt mindestens 4 Jahre nicht mehr existiert
Code:

Task: {72539E3E-11DA-47CA-A173-02739CA95D54} - System32\Tasks\{DC3C511F-86D5-41EF-B546-2B08E434B6EF} => C:\Program Files (x86)\Skype\Phone\Skype.exe
Und zu guter Letzt hatte ich eigentlich gedacht, dass ich java komplett verbannt habe.
Aber in meinem Autostart (habe es dort aber nicht aktiviert, findet sich noch folgendes
Code:

Disabled items from MSCONFIG
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

Wie kann ich denn den Eintrag komplett aus Autostart entfernen?
Bzw. die einzigen Ordner wo noch irgendwas von java drin ist befinden sich unter
C:\....AppData\LocalLow\Sun und unter ProgramData\Sun.
Kann ich diese Ordner einfach in den Papierkorb schmeißen?

Ich warte noch mit der Deinstallation von Combofix etc. bis zu deiner Rückantwort, falls noch was gebraucht wird.

Vielen Dank!!! Und danach stell ich keine Fragen mehr :)

Gruß
Gepetto

schrauber 10.06.2014 14:12

Die Java Ordner kannste löschen, der Eintrag unter msconfig muss eigenständig nochmal gelöscht werden, der sagt nix aus ob da auch noch wirklich ein ordner vorhanden ist oder nicht. Finger weg von den Services und Diensten ;)


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:31 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19