Trojaner-Board
Seite 3 von 6 12 3 45 Letzte »
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Bundeskriminalamt Trojaner (https://www.trojaner-board.de/158226-bundeskriminalamt-trojaner.html)

Keyssie 07.09.2014 12:02
ja, bei Avira habe ich alles deaktiviert, sprich Echtzeitscanner und Firewall auf OFF geschaltet.

Hier das Log:

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:31-08-2014 02
Ran by user at 2014-09-07 12:58:49 Run:1
Running from C:\Users\user\Desktop\Trojanercheck
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
cmd: type "c:\windows\softwaredistribution\ReportingEvents.txt"
*****************


=========  type "c:\windows\softwaredistribution\ReportingEvents.txt" =========

Das System kann die angegebene Datei nicht finden.

========= End of CMD: =========


==== End of Fixlog ====

Warlord711 08.09.2014 08:18
Sorry hatte mich verschrieben :headbang:

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
cmd: type "c:\windows\softwaredistribution\ReportingEvents.log"

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Keyssie 08.09.2014 16:11
bitteschön:

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-09-2014
Ran by user at 2014-09-08 17:11:00 Run:2
Running from C:\Users\user\Desktop\Trojanercheck
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
cmd: type "c:\windows\softwaredistribution\ReportingEvents.log"
*****************


=========  type "c:\windows\softwaredistribution\ReportingEvents.log" =========

{F288E897-71F4-4014-B9EC-BB8C95D869F2}        2014-09-06 08:51:59:621+0200        1        147        101        {00000000-0000-0000-0000-000000000000}        0        0        AutomaticUpdates        Success        Software Synchronization        Windows Update Client successfully detected 1 updates.
{089E5948-CF98-47F2-8869-0B36F7E9686A}        2014-09-06 08:56:36:288+0200        1        161        106        {456197CA-06FF-4BCF-AEAE-C5183E3AE72F}        109        80073701        AutomaticUpdatesWuApp        Failure        Content Download        Error: Download failed.
{82816010-9315-408A-A843-A0D03EC76F11}        2014-09-06 09:03:21:350+0200        1        161        106        {456197CA-06FF-4BCF-AEAE-C5183E3AE72F}        109        80073701        AutomaticUpdatesWuApp        Failure        Content Download        Error: Download failed.
{DE587A8A-DB67-4C73-B312-5B121DB285D9}        2014-09-07 08:06:54:379+0200        1        198        101        {0011B9ED-9189-4D58-BE25-FA2F13FC3D6C}        1        80073701        SelfUpdate        Failure        Content Install        Installation Failure: Windows failed to install the following update with error 0x80073701: Windows Update Aux.
{20800E33-71F0-41AC-91CF-8499B4B0BA2E}        2014-09-07 08:07:49:790+0200        1        162        101        {61CA813A-7585-442E-A66B-B0D15CE6BDC0}        1        0        SelfUpdate        Success        Content Download        Download succeeded.
{82AAC447-E771-4771-9A14-1BF2EC087F31}        2014-09-07 08:09:02:970+0200        1        147        101        {00000000-0000-0000-0000-000000000000}        0        0        AutomaticUpdates        Success        Software Synchronization        Windows Update Client successfully detected 1 updates.
{34A00FDF-703E-4BF9-AD3A-D566569286C4}        2014-09-07 08:16:44:646+0200        1        161        106        {456197CA-06FF-4BCF-AEAE-C5183E3AE72F}        109        80073701        AutomaticUpdates        Failure        Content Download        Error: Download failed.
{F9ED3A9E-E0D7-415E-8BC7-EB31BE13AB42}        2014-09-07 11:25:28:060+0200        1        198        101        {0011B9ED-9189-4D58-BE25-FA2F13FC3D6C}        1        80073701        SelfUpdate        Failure        Content Install        Installation Failure: Windows failed to install the following update with error 0x80073701: Windows Update Aux.
{4AFA287C-0665-4D41-8B20-46020B46C06E}        2014-09-07 12:18:54:882+0200        1        202        102        {00000000-0000-0000-0000-000000000000}        0        0        AutomaticUpdates        Success        Content Install        Reboot completed.

========= End of CMD: =========


==== End of Fixlog ====

Warlord711 08.09.2014 16:27
Ok, mal sehen ob wir noch was finden.

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Keyssie 08.09.2014 17:19
nothing found

Code:
17:35:36.0290 0x10c8  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
17:35:38.0490 0x10c8  ============================================================
17:35:38.0490 0x10c8  Current date / time: 2014/09/08 17:35:38.0490
17:35:38.0490 0x10c8  SystemInfo:
17:35:38.0490 0x10c8 
17:35:38.0490 0x10c8  OS Version: 6.1.7600 ServicePack: 0.0
17:35:38.0490 0x10c8  Product type: Workstation
17:35:38.0490 0x10c8  ComputerName: USER-PC
17:35:38.0490 0x10c8  UserName: user
17:35:38.0490 0x10c8  Windows directory: C:\windows
17:35:38.0490 0x10c8  System windows directory: C:\windows
17:35:38.0490 0x10c8  Processor architecture: Intel x86
17:35:38.0490 0x10c8  Number of processors: 2
17:35:38.0490 0x10c8  Page size: 0x1000
17:35:38.0490 0x10c8  Boot type: Normal boot
17:35:38.0490 0x10c8  ============================================================
17:35:39.0082 0x10c8  KLMD registered as C:\windows\system32\drivers\23362629.sys
17:35:39.0426 0x10c8  System UUID: {983CF3E4-7434-A9F4-AE89-6622E3A3B669}
17:35:40.0112 0x10c8  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:35:40.0112 0x10c8  ============================================================
17:35:40.0112 0x10c8  \Device\Harddisk0\DR0:
17:35:40.0112 0x10c8  MBR partitions:
17:35:40.0112 0x10c8  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
17:35:40.0112 0x10c8  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x1C2A9000
17:35:40.0112 0x10c8  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1E0DB800, BlocksNum 0x1C2AA000
17:35:40.0112 0x10c8  ============================================================
17:35:40.0143 0x10c8  C: <-> \Device\Harddisk0\DR0\Partition2
17:35:40.0206 0x10c8  D: <-> \Device\Harddisk0\DR0\Partition3
17:35:40.0206 0x10c8  ============================================================
17:35:40.0206 0x10c8  Initialize success
17:35:40.0206 0x10c8  ============================================================
17:35:46.0212 0x0954  ============================================================
17:35:46.0212 0x0954  Scan started
17:35:46.0212 0x0954  Mode: Manual; SigCheck; TDLFS;
17:35:46.0212 0x0954  ============================================================
17:35:46.0212 0x0954  KSN ping started
nur zur Info: gerade ist Avira aufgepoppt:

"Der Zugriff auf die Datei "C\Users\user\AppData\Local\Temp\Low\obupdat.exe mit de VIrus oder dem unerwünschten Programm 'TR/Crypt.ZPACK.Gen(Cloud)' wurde blockiert.
Sie können die Datei entfernen oder weitere Informationen zu diesem Problem erhalten"

Warlord711 09.09.2014 08:09
Das Logfile sollte definitiv länger sein.

Schalt mal bitte Avira Echtzeitschutz ab und dann

Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.
  • Klicke auf Wählen Sie eine
  • Kopiere nun folgendes in die Suchleiste
    Code:
    C\Users\user\AppData\Local\Temp\Low\obupdat.exe
  • und klicke auf Öffnen.
  • Klicke auf Scannen!.
  • Warte bitte bis die Datei vollständig hochgeladen wurde. Solltest Du folgende Meldung bekommen
    Zitat:
    Diese Datei wurde bereits von VirusTotal analysiert...
    klicke auf Neu analysieren.
  • Warte bis dir das Analysedatum angezeigt wird und der Scan abgeschlossen ist.
  • Kopiere den Link aus deiner Adresszeile und poste ihn hier.

Keyssie 09.09.2014 17:23
Damit wären wir bei einer anderen Frage...
Mein User ist Administrator mit dem ich hier gerade arbeite....
Dennoch kann ich nach "Wählen Sie..." Die Datei nicht auswählen... "Wenden Sie sich an den Besitzer der Datei oder den Administrator um diese Rechte zu erhalten"

ok, vergiss es.

https://www.virustotal.com/de/file/b432653006329ac698f591e4a8727bc683d23ec8dbc8ce9821d2b4a63803298c/analysis/1410279665/

Warlord711 09.09.2014 22:31
OK, da ist definitiv noch was und nix kleines.

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.

Keyssie 10.09.2014 07:31
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-09-10 08:29:02
Windows 6.1.7600  \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0001 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\user\AppData\Local\Temp\kxldapob.sys


---- System - GMER 2.1 ----

SSDT            8E403556                                                                                        ZwCreateSection
SSDT            8E403560                                                                                        ZwRequestWaitReplyPort
SSDT            8E40355B                                                                                        ZwSetContextThread
SSDT            8E403565                                                                                        ZwSetSecurityObject
SSDT            8E40356A                                                                                        ZwSystemDebugControl
SSDT            8E4034F7                                                                                        ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text          ntoskrnl.exe!ZwRollbackTransaction + 13F5                                                      82C538A9 1 Byte  [06]
.text          ntoskrnl.exe!KiDispatchInterrupt + 5A2                                                          82C73302 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text          ntoskrnl.exe!KeRemoveQueueEx + 14B7                                                            82C7A684 4 Bytes  [56, 35, 40, 8E]
.text          ntoskrnl.exe!KeRemoveQueueEx + 1813                                                            82C7A9E0 4 Bytes  [60, 35, 40, 8E]
.text          ntoskrnl.exe!KeRemoveQueueEx + 1857                                                            82C7AA24 4 Bytes  [5B, 35, 40, 8E]
.text          ntoskrnl.exe!KeRemoveQueueEx + 18D3                                                            82C7AAA0 4 Bytes  [65, 35, 40, 8E]
.text          ntoskrnl.exe!KeRemoveQueueEx + 1927                                                            82C7AAF4 4 Bytes  [6A, 35, 40, 8E]
.text          ...                                                                                           

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                        Wdf01000.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                        Wdf01000.sys

---- Registry - GMER 2.1 ----

Reg            HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@LazyCheckPointUpdateInterval  604800

---- Disk sectors - GMER 2.1 ----

Disk            \Device\Harddisk0\DR0                                                                          unknown MBR code

---- EOF - GMER 2.1 ----

Warlord711 10.09.2014 07:46
Sorry, die Avira Meldung beunruhigt mich etwas, deshalb noch ein paar Schritte:

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Und bitte neue FRST Logs. Haken setzen bei addition.txt dann auf Scan klicken

http://saved.im/mtg0mjy4yjlu/2014-04...ryscantool.png

Keyssie 10.09.2014 15:17
So....

Ich schreib das schon einmal hierhin, da ich zwar nicht gesehen habe, dass Antivir abgeschaltet sein soll währen aswMBR läuft... (hatte nur deine Kurzanleitung beachtet), aber auch nicht sicher bin, dass die Kombination der Programme das hervorgerufen hat.

Avira ist aufgepoppt mit C:\Users\user}AppData\Local...\ljz0ogk4kg[1].htm mit dem unerwünschten Programm ÄJS/Axpergle.EB.52'... While aswMBR lief.

Ich lass aswMBR gleich noch einmal laufen ohne dass Antivir läuft....

Und danach den Rest....

Wieviel von dem, was ich hier poste kann man eigentlich aktiv nutzen um auf meinem Rechner zu landen?

Edit: bevor ich es deaktivieren konnte poppte es noch einmal auf (diesemal war aswMbR schon durchgelaufen.


obupdat.exe mit TR/Crypt.ZPACK.96.96697

das Antivirenprogramm abzuschalten, wenn dauernd so etwas aufpoppt ist irgendwie nicht so ganz meine Sache....

also: Log1 mit Avast an:

Code:
aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-09-10 15:41:09
-----------------------------
15:41:09.958    OS Version: Windows 6.1.7600
15:41:09.958    Number of processors: 2 586 0x170A
15:41:09.958    ComputerName: USER-PC  UserName: user
15:41:10.629    Initialize success
15:41:10.629    VM: initialized successfully
15:41:10.645    VM: Intel CPU virtualization not supported
15:42:28.255    AVAST engine defs: 14091000
15:43:05.555    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:43:05.555    Disk 0 Vendor: ST950032 0001 Size: 476940MB BusType: 3
15:43:05.758    Disk 0 MBR read successfully
15:43:05.758    Disk 0 MBR scan
15:43:05.773    Disk 0 unknown MBR code
15:43:05.789    Disk 0 Partition 1 00    27 Hidden NTFS WinRE NTFS        15360 MB offset 2048
15:43:05.820    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 31459328
15:43:05.820    Disk 0 default boot code
15:43:05.851    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      230738 MB offset 31664128
15:43:05.867    Disk 0 Partition 4 00    07    HPFS/NTFS NTFS      230740 MB offset 504215552
15:43:05.882    Disk 0 scanning sectors +976771072
15:43:06.226    Disk 0 scanning C:\windows\system32\drivers
15:43:26.116    Service scanning
15:44:23.867    Modules scanning
15:44:48.219    Disk 0 trace - called modules:
15:44:48.234   
15:44:55.816    AVAST engine scan C:\windows
15:45:06.471    AVAST engine scan C:\windows\system32
15:49:49.720    AVAST engine scan C:\windows\system32\drivers
15:50:05.258    AVAST engine scan C:\Users\user
15:56:05.788    AVAST engine scan C:\ProgramData
15:56:48.782    Scan finished successfully
15:57:38.811    Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\Trojanercheck\MBR.dat"
15:57:38.811    The log file has been saved successfully to "C:\Users\user\Desktop\Trojanercheck\aswMBR_sicherung1.txt"
direkt danach gestartet ohne Avast an: 1 Fund

Code:
aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-09-10 15:41:09
-----------------------------
15:41:09.958    OS Version: Windows 6.1.7600
15:41:09.958    Number of processors: 2 586 0x170A
15:41:09.958    ComputerName: USER-PC  UserName: user
15:41:10.629    Initialize success
15:41:10.629    VM: initialized successfully
15:41:10.645    VM: Intel CPU virtualization not supported
15:42:28.255    AVAST engine defs: 14091000
15:43:05.555    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:43:05.555    Disk 0 Vendor: ST950032 0001 Size: 476940MB BusType: 3
15:43:05.758    Disk 0 MBR read successfully
15:43:05.758    Disk 0 MBR scan
15:43:05.773    Disk 0 unknown MBR code
15:43:05.789    Disk 0 Partition 1 00    27 Hidden NTFS WinRE NTFS        15360 MB offset 2048
15:43:05.820    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 31459328
15:43:05.820    Disk 0 default boot code
15:43:05.851    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      230738 MB offset 31664128
15:43:05.867    Disk 0 Partition 4 00    07    HPFS/NTFS NTFS      230740 MB offset 504215552
15:43:05.882    Disk 0 scanning sectors +976771072
15:43:06.226    Disk 0 scanning C:\windows\system32\drivers
15:43:26.116    Service scanning
15:44:23.867    Modules scanning
15:44:48.219    Disk 0 trace - called modules:
15:44:48.234   
15:44:55.816    AVAST engine scan C:\windows
15:45:06.471    AVAST engine scan C:\windows\system32
15:49:49.720    AVAST engine scan C:\windows\system32\drivers
15:50:05.258    AVAST engine scan C:\Users\user
15:56:05.788    AVAST engine scan C:\ProgramData
15:56:48.782    Scan finished successfully
15:57:38.811    Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\Trojanercheck\MBR.dat"
15:57:38.811    The log file has been saved successfully to "C:\Users\user\Desktop\Trojanercheck\aswMBR_sicherung1.txt"
16:01:26.876    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:01:26.892    Disk 0 Vendor: ST950032 0001 Size: 476940MB BusType: 3
16:01:27.157    Disk 0 MBR read successfully
16:01:27.172    Disk 0 MBR scan
16:01:27.172    Disk 0 unknown MBR code
16:01:27.204    Disk 0 Partition 1 00    27 Hidden NTFS WinRE NTFS        15360 MB offset 2048
16:01:27.219    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 31459328
16:01:27.250    Disk 0 default boot code
16:01:27.266    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      230738 MB offset 31664128
16:01:27.297    Disk 0 Partition 4 00    07    HPFS/NTFS NTFS      230740 MB offset 504215552
16:01:27.313    Disk 0 scanning sectors +976771072
16:01:27.625    Disk 0 scanning C:\windows\system32\drivers
16:01:45.612    Service scanning
16:02:10.790    Modules scanning
16:02:26.874    Disk 0 trace - called modules:
16:02:26.905   
16:02:27.794    AVAST engine scan C:\windows
16:02:36.748    AVAST engine scan C:\windows\system32
16:05:46.055    AVAST engine scan C:\windows\system32\drivers
16:05:59.658    AVAST engine scan C:\Users\user
16:08:36.688    File: C:\Users\user\AppData\Local\Temp\Low\obupdat.exe  **INFECTED** Win32:Rootkit-gen [Rtk]
16:10:55.138    AVAST engine scan C:\ProgramData
16:11:30.893    Scan finished successfully
16:13:09.127    Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\Trojanercheck\MBR.dat"
16:13:09.127    The log file has been saved successfully to "C:\Users\user\Desktop\Trojanercheck\aswMBR.txt"
FRST.txt


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-09-2014
Ran by user (administrator) on USER-PC on 10-09-2014 16:13:31
Running from C:\Users\user\Desktop\Trojanercheck
Platform: Microsoft Windows 7 Home Premium  (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
() C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_12_0_0_70_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Program Files\Samsung\Samsung Update Plus\SUPNotifier.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7711264 2009-08-19] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1541416 2009-07-15] (Synaptics Incorporated)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-14] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-771618654-3341757510-301361698-1000\...\MountPoints2: {7059c972-c02c-11de-a172-806e6f6e6963} - E:\setup\rsrc\Autorun.exe
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: PDF Architect 2 -> C:\Program Files\PDF Architect 2\np-previewer.dll (pdfforge GmbH)

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1021520 2014-08-14] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-14] (Microsoft Corporation)
R2 OberonGameConsoleService; C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [44312 2009-08-13] ()
S3 PDF Architect 2; C:\Program Files\PDF Architect 2\ws.exe [1771560 2014-06-26] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files\PDF Architect 2\crash-handler-ws.exe [861736 2014-06-26] (pdfforge GmbH)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [97648 2014-07-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [136216 2014-06-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\windows\System32\DRIVERS\avnetflt.sys [35848 2014-07-24] (Avira Operations GmbH & Co. KG)
R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2013-12-09] (Avira GmbH)
S3 MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys [X]
U3 aswMBR; \??\C:\Users\user\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\user\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-08 17:14 - 2014-09-08 17:14 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-07 14:27 - 2014-09-07 14:29 - 00005639 _____ () C:\Users\user\Desktop\Rote Grütze.txt
2014-09-07 12:58 - 2014-09-10 16:13 - 00000000 ____D () C:\FRST
2014-09-06 08:42 - 2014-09-06 08:42 - 00000689 _____ () C:\Users\user\Desktop\updatefix.bat
2014-09-05 13:48 - 2014-09-05 13:50 - 00000000 ____D () C:\windows\SoftwareDistribution.old
2014-09-05 12:55 - 2014-09-05 12:55 - 00000207 _____ () C:\windows\tweaking.com-regbackup-USER-PC-Microsoft-Windows-7-Home-Premium-(32-bit).dat
2014-09-05 12:55 - 2014-09-05 12:55 - 00000000 ____D () C:\RegBackup
2014-09-05 12:20 - 2014-09-05 12:20 - 07489465 _____ () C:\Users\user\Downloads\tweaking.com_windows_repair_aio[1].zip
2014-09-05 09:04 - 2014-09-05 09:05 - 231030439 _____ () C:\Users\user\Downloads\Windows6.1-KB947821-v33-x86 (2).msu
2014-09-04 21:29 - 2014-09-04 21:30 - 00000720 _____ () C:\DelFix.txt
2014-09-04 21:28 - 2014-09-04 21:28 - 00000000 _____ () C:\Users\user\Desktop\Neues Textdokument.txt
2014-09-04 20:55 - 2014-09-04 20:58 - 563934504 _____ (Microsoft Corporation) C:\Users\user\Downloads\windows6.1-KB976932-X86.exe
2014-09-04 20:21 - 2014-09-04 20:23 - 231030439 _____ () C:\Users\user\Downloads\Windows6.1-KB947821-v33-x86 (1).msu
2014-09-04 20:17 - 2014-09-04 20:17 - 00002278 _____ () C:\Users\user\AppData\Local\recently-used.xbel
2014-09-04 19:28 - 2014-09-04 19:28 - 00000000 ____D () C:\windows\system32\EventProviders
2014-09-04 17:57 - 2014-09-04 17:57 - 00000000 ____D () C:\windows\CheckSur
2014-09-04 17:53 - 2014-09-04 17:54 - 231030439 _____ () C:\Users\user\Downloads\Windows6.1-KB947821-v33-x86.msu
2014-09-03 17:12 - 2014-09-03 17:12 - 00000000 ____D () C:\Program Files\ESET
2014-09-03 11:49 - 2014-09-03 11:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-03 11:43 - 2014-09-04 21:29 - 00000000 ____D () C:\windows\ERUNT
2014-09-02 19:27 - 2014-09-10 16:13 - 00000000 ____D () C:\Users\user\Desktop\Trojanercheck
2014-09-02 16:15 - 2014-09-02 16:15 - 00000000 ____D () C:\windows\pss
2014-09-02 13:41 - 2014-09-02 13:41 - 00000000 ____D () C:\windows\PIF
2014-08-26 19:41 - 2014-08-26 19:41 - 00000000 ____D () C:\ProgramData\Arcade Lab
2014-08-15 10:16 - 2014-09-08 17:14 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-15 10:13 - 2014-08-07 03:35 - 00410112 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-08-15 10:13 - 2014-08-07 03:32 - 00303104 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-08-14 18:09 - 2014-08-14 18:09 - 00000000 ____D () C:\Users\user\Documents\PDF Architect 2
2014-08-14 18:09 - 2014-08-14 18:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2
2014-08-14 18:09 - 2014-08-14 18:09 - 00000000 ____D () C:\Program Files\PDF Architect 2
2014-08-14 18:08 - 2014-08-14 18:10 - 00000000 ____D () C:\Program Files\PDFCreator
2014-08-14 18:08 - 2014-08-14 18:08 - 00000000 ____D () C:\ProgramData\PDF Architect 2
2014-08-14 18:08 - 2014-08-14 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-08-14 18:08 - 2014-04-25 17:44 - 00662288 _____ (Microsoft Corporation) C:\windows\system32\MSCOMCT2.OCX
2014-08-14 18:08 - 2014-04-25 17:44 - 00137000 _____ (Microsoft Corporation) C:\windows\system32\MSMAPI32.OCX
2014-08-14 18:08 - 2014-04-25 17:44 - 00095416 _____ (pdfforge GmbH) C:\windows\system32\pdfcmon.dll
2014-08-14 18:08 - 2014-04-25 17:44 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\MSMPIDE.DLL
2014-08-14 18:08 - 1998-07-06 18:56 - 00125712 _____ (Microsoft Corporation) C:\windows\system32\VB6DE.DLL
2014-08-14 18:08 - 1998-07-06 18:55 - 00158208 _____ (Microsoft Corporation) C:\windows\system32\MSCMCDE.DLL
2014-08-14 18:08 - 1998-07-06 18:55 - 00064512 _____ (Microsoft Corporation) C:\windows\system32\MSCC2DE.DLL
2014-08-13 17:06 - 2014-08-13 17:06 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Brother
2014-08-11 18:49 - 2014-08-11 18:52 - 00000000 ____D () C:\Users\user\Documents\Gramps

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-10 16:13 - 2014-09-07 12:58 - 00000000 ____D () C:\FRST
2014-09-10 16:13 - 2014-09-02 19:27 - 00000000 ____D () C:\Users\user\Desktop\Trojanercheck
2014-09-10 15:45 - 2009-09-22 07:23 - 01226358 _____ () C:\windows\WindowsUpdate.log
2014-09-10 15:41 - 2009-07-14 06:34 - 00020400 _____ () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-10 15:41 - 2009-07-14 06:34 - 00020400 _____ () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-10 15:40 - 2009-07-26 22:06 - 01759924 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-10 15:36 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-10 15:36 - 2009-07-14 06:39 - 00061743 _____ () C:\windows\setupact.log
2014-09-08 17:14 - 2014-09-08 17:14 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-08 17:14 - 2014-08-15 10:16 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-08 17:14 - 2014-01-05 15:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-08 17:14 - 2014-01-05 15:07 - 00000000 ____D () C:\Program Files\Avira
2014-09-07 14:29 - 2014-09-07 14:27 - 00005639 _____ () C:\Users\user\Desktop\Rote Grütze.txt
2014-09-07 12:15 - 2009-09-22 07:48 - 00740366 _____ () C:\windows\PFRO.log
2014-09-06 08:42 - 2014-09-06 08:42 - 00000689 _____ () C:\Users\user\Desktop\updatefix.bat
2014-09-05 13:50 - 2014-09-05 13:48 - 00000000 ____D () C:\windows\SoftwareDistribution.old
2014-09-05 13:48 - 2009-12-05 20:11 - 00109280 _____ () C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-05 13:44 - 2009-07-14 06:33 - 00412776 _____ () C:\windows\system32\FNTCACHE.DAT
2014-09-05 12:55 - 2014-09-05 12:55 - 00000207 _____ () C:\windows\tweaking.com-regbackup-USER-PC-Microsoft-Windows-7-Home-Premium-(32-bit).dat
2014-09-05 12:55 - 2014-09-05 12:55 - 00000000 ____D () C:\RegBackup
2014-09-05 12:20 - 2014-09-05 12:20 - 07489465 _____ () C:\Users\user\Downloads\tweaking.com_windows_repair_aio[1].zip
2014-09-05 09:05 - 2014-09-05 09:04 - 231030439 _____ () C:\Users\user\Downloads\Windows6.1-KB947821-v33-x86 (2).msu
2014-09-04 21:30 - 2014-09-04 21:29 - 00000720 _____ () C:\DelFix.txt
2014-09-04 21:29 - 2014-09-03 11:43 - 00000000 ____D () C:\windows\ERUNT
2014-09-04 21:28 - 2014-09-04 21:28 - 00000000 _____ () C:\Users\user\Desktop\Neues Textdokument.txt
2014-09-04 20:58 - 2014-09-04 20:55 - 563934504 _____ (Microsoft Corporation) C:\Users\user\Downloads\windows6.1-KB976932-X86.exe
2014-09-04 20:23 - 2014-09-04 20:21 - 231030439 _____ () C:\Users\user\Downloads\Windows6.1-KB947821-v33-x86 (1).msu
2014-09-04 20:17 - 2014-09-04 20:17 - 00002278 _____ () C:\Users\user\AppData\Local\recently-used.xbel
2014-09-04 19:28 - 2014-09-04 19:28 - 00000000 ____D () C:\windows\system32\EventProviders
2014-09-04 17:57 - 2014-09-04 17:57 - 00000000 ____D () C:\windows\CheckSur
2014-09-04 17:54 - 2014-09-04 17:53 - 231030439 _____ () C:\Users\user\Downloads\Windows6.1-KB947821-v33-x86.msu
2014-09-03 17:12 - 2014-09-03 17:12 - 00000000 ____D () C:\Program Files\ESET
2014-09-03 12:05 - 2009-07-14 06:52 - 00000000 ____D () C:\windows\twain_32
2014-09-03 11:49 - 2014-09-03 11:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-02 17:16 - 2014-01-14 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Purplehills
2014-09-02 16:15 - 2014-09-02 16:15 - 00000000 ____D () C:\windows\pss
2014-09-02 13:41 - 2014-09-02 13:41 - 00000000 ____D () C:\windows\PIF
2014-09-01 12:36 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\NDF
2014-08-29 19:46 - 2014-01-14 10:56 - 00000000 ____D () C:\Users\user\Documents\2014
2014-08-26 19:41 - 2014-08-26 19:41 - 00000000 ____D () C:\ProgramData\Arcade Lab
2014-08-23 16:14 - 2014-02-04 21:59 - 00000000 ____D () C:\Users\user\Documents\gothic3
2014-08-15 11:13 - 2014-06-25 20:55 - 00000000 ____D () C:\windows\system32\MRT
2014-08-15 11:11 - 2014-06-25 20:55 - 96303304 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-08-15 11:10 - 2014-07-09 19:05 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-08-15 10:16 - 2014-01-05 15:07 - 00000000 ____D () C:\ProgramData\Avira
2014-08-14 18:10 - 2014-08-14 18:08 - 00000000 ____D () C:\Program Files\PDFCreator
2014-08-14 18:09 - 2014-08-14 18:09 - 00000000 ____D () C:\Users\user\Documents\PDF Architect 2
2014-08-14 18:09 - 2014-08-14 18:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2
2014-08-14 18:09 - 2014-08-14 18:09 - 00000000 ____D () C:\Program Files\PDF Architect 2
2014-08-14 18:08 - 2014-08-14 18:08 - 00000000 ____D () C:\ProgramData\PDF Architect 2
2014-08-14 18:08 - 2014-08-14 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-08-13 17:07 - 2014-01-21 09:23 - 00000432 _____ () C:\windows\BRWMARK.INI
2014-08-13 17:06 - 2014-08-13 17:06 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Brother
2014-08-11 22:34 - 2014-06-25 22:15 - 00000000 ____D () C:\Users\user\Desktop\Gramps
2014-08-11 18:52 - 2014-08-11 18:49 - 00000000 ____D () C:\Users\user\Documents\Gramps

Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-06 09:38

==================== End Of Log ============================
--- --- ---

--- --- ---


Addition.txt

Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-09-2014
Ran by user at 2014-09-10 16:14:08
Running from C:\Users\user\Desktop\Trojanercheck
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader 9.1 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Alice Greenfingers (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version:  - Oberon Media)
AnyPC Client (HKLM\...\{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}) (Version: 1.0.0.12 - Doctorsoft)
Atheros Client Installation Program (HKLM\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.1.0805 - Atheros)
Avira (HKLM\...\{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}) (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
BatteryLifeExtender (HKLM\...\{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}) (Version: 1.0.1 - Samsung)
Business Contact Manager für Outlook 2007 SP1 (HKLM\...\Business Contact Manager) (Version: 3.0.7311.0 - Microsoft Corporation)
Business Contact Manager für Outlook 2007 SP1 (Version: 3.0.7311.0 - Microsoft Corporation) Hidden
cadvilla professional 4 (HKLM\...\{DE09BEAB-5EA2-4C02-9D2E-DEC9B9FA885C}_is1) (Version: 4.0.1.9 - Trixl GmbH)
cadvilla Tutorials (HKLM\...\{0C2A6831-1A0A-4FB9-BC50-48332BDF0CF9}) (Version: 1.1.0.5 - Trixl GmbH)
Call of Duty(R) - World at War(TM) (HKLM\...\InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}) (Version: 1.0 - Activision)
Call of Duty(R) - World at War(TM) (Version: 1.0 - Activision) Hidden
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.2907 - CyberLink Corp.)
CyberLink YouCam (Version: 2.0.2907 - CyberLink Corp.) Hidden
Dairy Dash (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version:  - Oberon Media)
DirectX for Managed Code Update (Summer 2004) (Version: 9.02.2904 - Microsoft) Hidden
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.0 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM\...\{A7581D39-EA20-4883-A480-80C21047052B}) (Version: 4.0.2 - Samsung)
Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 3.0.0.4 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM\...\{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}) (Version: 4.0.0.2 - Samsung)
Elf Bowling Hawaiian Vacation (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115246907}) (Version:  - Oberon Media)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Farm Frenzy 2 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)
Game Pack (HKLM\...\{63eafc52-b963-4297-a7eb-d412944e7065}_is1) (Version: 5.3.0.10 - Oberon Media, Inc.)
Go-Go Gourmet (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}) (Version:  - Oberon Media)
Gothic III (HKLM\...\{02B244A2-7F6A-42E8-A36F-8C385D7A1625}) (Version: 1.00.0000 - JoWooD Productions Software AG)
GrampsAIO (HKLM\...\GrampsAIO 4.0.3) (Version: 4.0.3 - The GRAMPS project)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (HKLM\...\{90A40407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8003.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISER) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.3 (HKLM\...\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}) (Version: 2.0.2313.0 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM\...\{95120000-0122-0407-0000-0000000FF1CE}) (Version: 12.0.6423.1000 - Microsoft Corporation)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Professional Hybrid 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40624.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.2.3042.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (HKLM\...\{1D1D8ADC-BF08-4E61-9393-5FA305B16864}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{5C759B74-34F4-43C6-A5D9-039CB754C5E9}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mount&Blade (HKLM\...\Mount&Blade) (Version:  - )
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 327.02 (Version: 327.02 - NVIDIA Corporation) Hidden
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.14.17 - NVIDIA Corporation) Hidden
PDF Architect 2 (HKLM\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)
PDF Architect 2 View Module (HKLM\...\{C960FF38-431D-429D-AD1F-FBD12A45B7C5}) (Version: 2.0.17.17583 - pdfforge GmbH)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Realtek Ethernet Controller  Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5919 - Realtek Semiconductor Corp.)
Samsung Recovery Solution 4 (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.3 - Samsung)
Samsung Support Center (HKLM\...\{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}) (Version: 1.0.1 - Samsung)
Samsung Update Plus (HKLM\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.4.12 - Synaptics Incorporated)
TeighaX 3.08.01 (Version: 3.08.01 - Open Design Alliance) Hidden
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.3042.00 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Office 2007 (KB934528) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{2B939677-2FFD-48F6-9075-7BF48CB87C80}) (Version:  - )
Update for Office System 2007 Setup (KB929722) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{D8E9BEBD-655F-467D-8176-CA9959C140A3}) (Version:  - )
User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8093.805 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

05-09-2014 14:20:13 Windows 7 Service Pack 1

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2014-09-05 13:36 - 00000855 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1CCDF7FB-ACBA-4D0A-87CC-1EFE7E679086} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2009-08-01] (SAMSUNG Electronics co., LTD.)
Task: {31C68D58-AC39-4AF3-8080-45603F50948A} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-09-21] (Samsung Electronics. Co. Ltd.)
Task: {66C32559-3BF4-4CDE-8292-CF653355C3C2} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2009-09-07] (SAMSUNG Electronics)
Task: {A6A4519F-ADA4-443A-82CC-276A5E3522DE} - System32\Tasks\advSRS4 => C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2009-08-06] (SEC)
Task: {C7AD6C6B-CB53-402E-BDED-3E55E922E51C} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2009-05-20] ()
Task: {FCC85F9D-CE13-4427-ABDC-98A596891E6A} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2009-08-23] (Samsung Electronics Co., Ltd.)
Task: {FF520546-9FBB-40D0-B9B4-CEE701894095} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2009-09-08] (Samsung Electronics Co., Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (whitelisted) =============

2014-06-25 21:00 - 2013-08-30 01:08 - 00088864 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2009-09-22 07:26 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2009-12-05 20:07 - 2009-08-13 22:58 - 00044312 _____ () C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
2014-08-15 10:16 - 2014-08-27 15:00 - 00052472 _____ () C:\Users\user\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00139056 _____ () C:\Program Files\Avira\My Avira\Avira.OE.NativeCore.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00066864 _____ () C:\Program Files\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2009-09-22 07:24 - 2009-05-20 10:58 - 00650920 _____ () C:\Program Files\Samsung\Samsung Update Plus\SUPNotifier.exe
2009-09-22 07:24 - 2009-05-13 10:51 - 00155648 _____ () C:\Program Files\Samsung\Samsung Update Plus\HMXML.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^program.lnk => C:\windows\pss\program.lnk.Startup

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/09/2014 07:36:49 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/09/2014 07:36:35 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/08/2014 06:04:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16526, Zeitstempel: 0x52855173
Name des fehlerhaften Moduls: bl-views.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x53ac387f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x590ebe08
ID des fehlerhaften Prozesses: 0xaf4
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (09/06/2014 10:23:22 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/06/2014 10:23:16 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/06/2014 09:39:04 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/06/2014 09:38:49 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/05/2014 01:45:56 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (09/05/2014 01:25:55 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: 0x8004100aC:\PROGRAM FILES\MICROSOFT SQL SERVER\90\SHARED\SQLMGMPROVIDERXPSP2UP.MOF

Error: (09/05/2014 01:25:54 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: 0x80041002C:\WINDOWS\SYSTEM32\WBEM\IT-IT\MSFEEDS.MFL


System errors:
=============
Error: (09/10/2014 03:36:53 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Dienst "WMPNetworkSvc" konnte nicht ordnungsgemäß gestartet werden, da ein Fehler "0x80004005" in "CoCreateInstance(CLSID_UPnPDeviceFinder)" aufgetreten ist. Überprüfen Sie, ob der Dienst "UPnPHost" ausgeführt wird und ob die Windows-Komponente "UPnPHost" richtig installiert ist.

Error: (09/10/2014 08:06:38 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073701 fehlgeschlagen: Windows Update Aux

Error: (09/10/2014 08:04:28 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Dienst "WMPNetworkSvc" konnte nicht ordnungsgemäß gestartet werden, da ein Fehler "0x80070420" in "CoCreateInstance(CLSID_UPnPDeviceFinder)" aufgetreten ist. Überprüfen Sie, ob der Dienst "UPnPHost" ausgeführt wird und ob die Windows-Komponente "UPnPHost" richtig installiert ist.

Error: (09/09/2014 06:05:34 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Dienst "WMPNetworkSvc" konnte nicht ordnungsgemäß gestartet werden, da ein Fehler "0x80070420" in "CoCreateInstance(CLSID_UPnPDeviceFinder)" aufgetreten ist. Überprüfen Sie, ob der Dienst "UPnPHost" ausgeführt wird und ob die Windows-Komponente "UPnPHost" richtig installiert ist.

Error: (09/08/2014 10:30:09 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Dienst "WMPNetworkSvc" konnte nicht ordnungsgemäß gestartet werden, da ein Fehler "0x80004005" in "CoCreateInstance(CLSID_UPnPDeviceFinder)" aufgetreten ist. Überprüfen Sie, ob der Dienst "UPnPHost" ausgeführt wird und ob die Windows-Komponente "UPnPHost" richtig installiert ist.

Error: (09/08/2014 07:52:23 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073701 fehlgeschlagen: Windows Update Aux

Error: (09/08/2014 07:50:12 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Dienst "WMPNetworkSvc" konnte nicht ordnungsgemäß gestartet werden, da ein Fehler "0x80004005" in "CoCreateInstance(CLSID_UPnPDeviceFinder)" aufgetreten ist. Überprüfen Sie, ob der Dienst "UPnPHost" ausgeführt wird und ob die Windows-Komponente "UPnPHost" richtig installiert ist.

Error: (09/08/2014 05:08:25 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Dienst "WMPNetworkSvc" konnte nicht ordnungsgemäß gestartet werden, da ein Fehler "0x80004005" in "CoCreateInstance(CLSID_UPnPDeviceFinder)" aufgetreten ist. Überprüfen Sie, ob der Dienst "UPnPHost" ausgeführt wird und ob die Windows-Komponente "UPnPHost" richtig installiert ist.

Error: (09/07/2014 08:12:15 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Dienst "WMPNetworkSvc" konnte nicht ordnungsgemäß gestartet werden, da ein Fehler "0x80004005" in "CoCreateInstance(CLSID_UPnPDeviceFinder)" aufgetreten ist. Überprüfen Sie, ob der Dienst "UPnPHost" ausgeführt wird und ob die Windows-Komponente "UPnPHost" richtig installiert ist.

Error: (09/07/2014 08:11:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz
Percentage of memory in use: 33%
Total physical RAM: 3036.61 MB
Available physical RAM: 2022.74 MB
Total Pagefile: 6069.45 MB
Available Pagefile: 4700.85 MB
Total Virtual: 2047.88 MB
Available Virtual: 1907.22 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:225.33 GB) (Free:186.46 GB) NTFS
Drive d: () (Fixed) (Total:225.33 GB) (Free:207.11 GB) NTFS
Drive e: (CODWAW) (CDROM) (Total:6.82 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 031AA195)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=225.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=225.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Warlord711 10.09.2014 16:05
Bitte Avast! ausschalten für diesen Fix:

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\Users\user\AppData\Local\Temp\Low\obupdat.exe
emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Danach bitte mal ein FRST Scan, dort aber vorher bei Registry,Services,Drivers,Processes den Haken innerhalb von Whitelist herausnehmen.

Keyssie 10.09.2014 16:25
ok

1) FIxtlog.txt

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-09-2014
Ran by user at 2014-09-10 17:14:00 Run:3
Running from C:\Users\user\Desktop\Trojanercheck
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\Users\user\AppData\Local\Temp\Low\obupdat.exe
emptytemp:
*****************

C:\Users\user\AppData\Local\Temp\Low\obupdat.exe => Moved successfully.
EmptyTemp: => Removed 482.6 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====
2) FRST.txt


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-09-2014
Ran by user (administrator) on USER-PC on 10-09-2014 17:17:38
Running from C:\Users\user\Desktop\Trojanercheck
Platform: Microsoft Windows 7 Home Premium  (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (All) =========================

(Microsoft Corporation) C:\Windows\System32\smss.exe
(Microsoft Corporation) C:\Windows\System32\csrss.exe
(Microsoft Corporation) C:\Windows\System32\wininit.exe
(Microsoft Corporation) C:\Windows\System32\csrss.exe
(Microsoft Corporation) C:\Windows\System32\services.exe
(Microsoft Corporation) C:\Windows\System32\lsass.exe
(Microsoft Corporation) C:\Windows\System32\lsm.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\winlogon.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\spoolsv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Windows\System32\taskhost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\dwm.exe
(Microsoft Corporation) C:\Windows\explorer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Windows\System32\taskeng.exe
() C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
() C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\sppsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe
(Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Farbar) C:\Users\user\Desktop\Trojanercheck\FRST.exe

==================== Registry (All) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7711264 2009-08-19] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1541416 2009-07-15] (Synaptics Incorporated)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-14] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
HKLM\...\Winlogon: [Userinit] C:\windows\System32\Userinit.exe, [26112 2009-07-14] (Microsoft Corporation)
HKLM\...\Winlogon: [Shell] explorer.exe [2614272 2009-10-31] (Microsoft Corporation)
HKU\S-1-5-19\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1173504 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [93696 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1173504 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [93696 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-771618654-3341757510-301361698-1000\...\MountPoints2: {7059c972-c02c-11de-a172-806e6f6e6963} - E:\setup\rsrc\Autorun.exe
Lsa: [Authentication Packages] msv1_0
Lsa: [Notification Packages] scecli
SecurityProviders: credssp.dll
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -  No File
ShellIconOverlayIdentifiers: EnhancedStorageShell -> {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} => C:\windows\system32\EhStorShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: SharingPrivate -> {08244EE6-92F0-47f2-9FC9-929BAA2E7235} => C:\windows\system32\ntshrui.dll (Microsoft Corporation)
BootExecute: autocheck autochk *
AlternateShell: cmd.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: PDF Architect 2 -> C:\Program Files\PDF Architect 2\np-previewer.dll (pdfforge GmbH)

Chrome:
=======

==================== Services (All) ========================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AeLookupSvc; C:\windows\System32\aelupsvc.dll [62464 2009-07-14] (Microsoft Corporation)
S3 ALG; C:\windows\System32\alg.exe [59392 2009-07-14] (Microsoft Corporation)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1021520 2014-08-14] (Avira Operations GmbH & Co. KG)
S3 AppIDSvc; C:\windows\System32\appidsvc.dll [27648 2009-07-14] (Microsoft Corporation)
R3 Appinfo; C:\windows\System32\appinfo.dll [46592 2009-07-14] (Microsoft Corporation)
S3 aspnet_state; C:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [35160 2010-03-18] (Microsoft Corporation)
R2 AudioEndpointBuilder; C:\windows\System32\Audiosrv.dll [473088 2009-07-14] (Microsoft Corporation)
R2 Audiosrv; C:\windows\System32\Audiosrv.dll [473088 2009-07-14] (Microsoft Corporation)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
S3 AxInstSV; C:\windows\System32\AxInstSV.dll [88064 2009-07-14] (Microsoft Corporation)
R2 BcmSqlStartupSvc; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [30312 2008-01-16] (Microsoft Corporation)
S3 BDESVC; C:\windows\System32\bdesvc.dll [76800 2009-07-14] (Microsoft Corporation)
R2 BFE; C:\windows\System32\bfe.dll [493568 2009-07-14] (Microsoft Corporation)
S2 BITS; C:\windows\System32\qmgr.dll [589312 2009-07-14] (Microsoft Corporation)
R3 Browser; C:\windows\System32\browser.dll [102912 2012-07-04] (Microsoft Corporation)
S3 bthserv; C:\windows\system32\bthserv.dll [64512 2009-07-14] (Microsoft Corporation)
S3 CertPropSvc; C:\windows\System32\certprop.dll [67584 2009-07-14] (Microsoft Corporation)
S3 clr_optimization_v2.0.50727_32; C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [66384 2009-06-10] (Microsoft Corporation)
S2 clr_optimization_v4.0.30319_32; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [130384 2010-03-18] (Microsoft Corporation)
S3 COMSysApp; C:\windows\system32\dllhost.exe [7168 2009-07-14] (Microsoft Corporation)
R2 CryptSvc; C:\windows\system32\cryptsvc.dll [139264 2012-06-02] (Microsoft Corporation)
R2 DcomLaunch; C:\windows\system32\rpcss.dll [376320 2009-07-14] (Microsoft Corporation)
S3 defragsvc; C:\windows\System32\defragsvc.dll [218624 2009-07-14] (Microsoft Corporation)
R2 Dhcp; C:\windows\system32\dhcpcore.dll [253440 2009-07-14] (Microsoft Corporation)
R2 Dnscache; C:\windows\System32\dnsrslvr.dll [132608 2011-03-03] (Microsoft Corporation)
S3 dot3svc; C:\windows\System32\dot3svc.dll [214016 2009-07-14] (Microsoft Corporation)
R2 DPS; C:\windows\system32\dps.dll [143360 2009-07-14] (Microsoft Corporation)
R3 EapHost; C:\windows\System32\eapsvc.dll [98304 2009-07-14] (Microsoft Corporation)
S3 EFS; C:\windows\System32\lsass.exe [22528 2011-11-17] (Microsoft Corporation)
S2 ehRecvr; C:\windows\ehome\ehRecvr.exe [556032 2010-08-04] (Microsoft Corporation)
S2 ehSched; C:\windows\ehome\ehsched.exe [94720 2009-07-14] (Microsoft Corporation)
R2 eventlog; C:\windows\System32\wevtsvc.dll [1086464 2009-07-14] (Microsoft Corporation)
R2 EventSystem; C:\windows\system32\es.dll [271360 2009-07-14] (Microsoft Corporation)
S3 Fax; C:\windows\system32\fxssvc.exe [522752 2009-07-14] (Microsoft Corporation)
S3 fdPHost; C:\windows\system32\fdPHost.dll [12800 2009-07-14] (Microsoft Corporation)
R2 FDResPub; C:\windows\system32\fdrespub.dll [28160 2009-07-14] (Microsoft Corporation)
R2 FontCache; C:\windows\system32\FntCache.dll [802304 2011-02-19] (Microsoft Corporation)
S3 FontCache3.0.0.0; C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [42856 2009-06-10] (Microsoft Corporation)
S3 fsssvc; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [704864 2009-08-05] (Microsoft Corporation)
R2 gpsvc; C:\windows\System32\gpsvc.dll [591360 2009-07-14] (Microsoft Corporation)
S3 hidserv; C:\windows\system32\hidserv.dll [49152 2009-07-14] (Microsoft Corporation)
S3 hkmsvc; C:\windows\system32\kmsvc.dll [71168 2009-07-14] (Microsoft Corporation)
S3 HomeGroupListener; C:\windows\system32\ListSvc.dll [194560 2009-07-14] (Microsoft Corporation)
S3 HomeGroupProvider; C:\windows\system32\provsvc.dll [165376 2009-07-14] (Microsoft Corporation)
S3 idsvc; C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [878416 2009-06-10] (Microsoft Corporation)
R2 IKEEXT; C:\windows\System32\ikeext.dll [667136 2009-07-14] (Microsoft Corporation)
S3 IPBusEnum; C:\windows\system32\ipbusenum.dll [78848 2009-07-14] (Microsoft Corporation)
R2 iphlpsvc; C:\windows\System32\iphlpsvc.dll [497152 2009-07-14] (Microsoft Corporation)
R3 KeyIso; C:\windows\system32\lsass.exe [22528 2011-11-17] (Microsoft Corporation)
S3 KtmRm; C:\windows\system32\msdtckrm.dll [308736 2009-07-14] (Microsoft Corporation)
R2 LanmanServer; C:\windows\system32\srvsvc.dll [168448 2010-08-27] (Microsoft Corporation)
R2 LanmanWorkstation; C:\windows\System32\wkssvc.dll [84480 2009-07-14] (Microsoft Corporation)
S3 lltdsvc; C:\windows\System32\lltdsvc.dll [189952 2009-07-14] (Microsoft Corporation)
R2 lmhosts; C:\windows\System32\lmhsvc.dll [18432 2009-07-14] (Microsoft Corporation)
S4 Mcx2Svc; C:\windows\system32\Mcx2Svc.dll [67584 2009-07-14] (Microsoft Corporation)
S3 Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [65824 2006-10-27] (Microsoft Corporation)
R2 MMCSS; C:\windows\system32\mmcss.dll [49664 2009-07-14] (Microsoft Corporation)
R2 MpsSvc; C:\windows\system32\mpssvc.dll [565760 2009-07-14] (Microsoft Corporation)
S3 MSDTC; C:\windows\System32\msdtc.exe [134144 2009-07-14] (Microsoft Corporation)
S3 MSiSCSI; C:\windows\system32\iscsiexe.dll [114688 2009-07-14] (Microsoft Corporation)
S3 msiserver; C:\windows\System32\msiexec.exe [73216 2009-07-14] (Microsoft Corporation)
S3 MSSQL$MSSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29178224 2007-02-10] (Microsoft Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-14] (Microsoft Corporation)
S3 napagent; C:\windows\system32\qagentRT.dll [330240 2009-07-14] (Microsoft Corporation)
S3 Netlogon; C:\windows\system32\lsass.exe [22528 2011-11-17] (Microsoft Corporation)
R3 Netman; C:\windows\System32\netman.dll [280576 2009-07-14] (Microsoft Corporation)
S4 NetMsmqActivator; C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
S4 NetPipeActivator; C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
R3 netprofm; C:\windows\System32\netprofm.dll [360448 2009-07-14] (Microsoft Corporation)
S4 NetTcpActivator; C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
S4 NetTcpPortSharing; C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
R2 NlaSvc; C:\windows\System32\nlasvc.dll [242688 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\windows\system32\nsisvc.dll [19456 2009-07-14] (Microsoft Corporation)
R2 nvsvc; C:\windows\system32\nvvsvc.exe [662816 2013-08-30] (NVIDIA Corporation)
S2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1364256 2013-09-05] (NVIDIA Corporation)
R2 OberonGameConsoleService; C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [44312 2009-08-13] ()
S3 odserv; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [441136 2006-10-26] (Microsoft Corporation)
S3 ose; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [145184 2006-10-26] (Microsoft Corporation)
S3 p2pimsvc; C:\windows\system32\pnrpsvc.dll [269824 2009-07-14] (Microsoft Corporation)
S3 p2psvc; C:\windows\system32\p2psvc.dll [327680 2009-07-14] (Microsoft Corporation)
R2 PcaSvc; C:\windows\System32\pcasvc.dll [154624 2009-07-14] (Microsoft Corporation)
S3 PDF Architect 2; C:\Program Files\PDF Architect 2\ws.exe [1771560 2014-06-26] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files\PDF Architect 2\crash-handler-ws.exe [861736 2014-06-26] (pdfforge GmbH)
S3 pla; C:\windows\system32\pla.dll [1508864 2009-07-14] (Microsoft Corporation)
R2 PlugPlay; C:\windows\system32\umpnpmgr.dll [294912 2011-05-24] (Microsoft Corporation)
S3 PNRPAutoReg; C:\windows\system32\pnrpauto.dll [20480 2009-07-14] (Microsoft Corporation)
S3 PNRPsvc; C:\windows\system32\pnrpsvc.dll [269824 2009-07-14] (Microsoft Corporation)
R3 PolicyAgent; C:\windows\System32\ipsecsvc.dll [350720 2009-07-14] (Microsoft Corporation)
R2 Power; C:\windows\system32\umpo.dll [119808 2009-07-14] (Microsoft Corporation)
R2 ProfSvc; C:\windows\system32\profsvc.dll [163328 2012-05-02] (Microsoft Corporation)
S3 ProtectedStorage; C:\windows\system32\lsass.exe [22528 2011-11-17] (Microsoft Corporation)
S3 QWAVE; C:\windows\system32\qwave.dll [210944 2009-07-14] (Microsoft Corporation)
S3 RasAuto; C:\windows\System32\rasauto.dll [90624 2009-07-14] (Microsoft Corporation)
S3 RasMan; C:\windows\System32\rasmans.dll [285184 2009-07-14] (Microsoft Corporation)
S4 RemoteAccess; C:\windows\System32\mprdim.dll [75264 2009-07-14] (Microsoft Corporation)
S3 RemoteRegistry; C:\windows\system32\regsvc.dll [112640 2009-07-14] (Microsoft Corporation)
R2 RpcEptMapper; C:\windows\System32\RpcEpMap.dll [43520 2009-07-14] (Microsoft Corporation)
S3 RpcLocator; C:\windows\system32\locator.exe [9216 2009-07-14] (Microsoft Corporation)
R2 RpcSs; C:\windows\system32\rpcss.dll [376320 2009-07-14] (Microsoft Corporation)
R2 SamSs; C:\windows\system32\lsass.exe [22528 2011-11-17] (Microsoft Corporation)
S3 SCardSvr; C:\windows\System32\SCardSvr.dll [132608 2009-07-14] (Microsoft Corporation)
R2 Schedule; C:\windows\system32\schedsvc.dll [749056 2010-11-02] (Microsoft Corporation)
S3 SCPolicySvc; C:\windows\System32\certprop.dll [67584 2009-07-14] (Microsoft Corporation)
S3 SDRSVC; C:\windows\System32\SDRSVC.dll [125952 2009-07-14] (Microsoft Corporation)
S3 seclogon; C:\windows\system32\seclogon.dll [21504 2009-07-14] (Microsoft Corporation)
R2 SENS; C:\windows\System32\sens.dll [49664 2009-07-14] (Microsoft Corporation)
S3 SensrSvc; C:\windows\system32\sensrsvc.dll [25088 2009-07-14] (Microsoft Corporation)
S3 SessionEnv; C:\windows\system32\sessenv.dll [99328 2009-07-14] (Microsoft Corporation)
S4 SharedAccess; C:\windows\System32\ipnathlp.dll [300544 2009-07-14] (Microsoft Corporation)
R2 ShellHWDetection; C:\windows\System32\shsvcs.dll [328192 2009-07-14] (Microsoft Corporation)
S3 SNMPTRAP; C:\windows\System32\snmptrap.exe [12800 2009-07-14] (Microsoft Corporation)
R2 Spooler; C:\windows\System32\spoolsv.exe [316928 2010-08-21] (Microsoft Corporation)
R2 sppsvc; C:\windows\system32\sppsvc.exe [3179520 2009-07-14] (Microsoft Corporation)
S3 sppuinotify; C:\windows\system32\sppuinotify.dll [53760 2009-07-14] (Microsoft Corporation)
S4 SQLBrowser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [242544 2007-02-10] (Microsoft Corporation)
R2 SQLWriter; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [89968 2007-02-10] (Microsoft Corporation)
R3 SSDPSRV; C:\windows\System32\ssdpsrv.dll [162816 2009-07-14] (Microsoft Corporation)
S3 SstpSvc; C:\windows\system32\sstpsvc.dll [90112 2009-07-14] (Microsoft Corporation)
R2 StiSvc; C:\windows\System32\wiaservc.dll [462336 2009-07-14] (Microsoft Corporation)
S3 swprv; C:\windows\System32\swprv.dll [313856 2009-07-14] (Microsoft Corporation)
R2 SysMain; C:\windows\system32\sysmain.dll [1169408 2009-07-14] (Microsoft Corporation)
S3 TabletInputService; C:\windows\System32\TabSvc.dll [73728 2009-07-14] (Microsoft Corporation)
S3 TapiSrv; C:\windows\System32\tapisrv.dll [241664 2009-07-14] (Microsoft Corporation)
S3 TBS; C:\windows\System32\tbssvc.dll [55808 2009-07-14] (Microsoft Corporation)
R2 TermService; C:\windows\System32\termsrv.dll [543232 2009-07-14] (Microsoft Corporation)
R2 Themes; C:\windows\system32\themeservice.dll [37376 2009-07-14] (Microsoft Corporation)
S3 THREADORDER; C:\windows\system32\mmcss.dll [49664 2009-07-14] (Microsoft Corporation)
R2 TrkWks; C:\windows\System32\trkwks.dll [77312 2009-07-14] (Microsoft Corporation)
S3 TrustedInstaller; C:\windows\servicing\TrustedInstaller.exe [204800 2009-07-14] (Microsoft Corporation)
S3 UI0Detect; C:\windows\system32\UI0Detect.exe [35840 2009-07-14] (Microsoft Corporation)
R3 upnphost; C:\windows\System32\upnphost.dll [266752 2009-07-14] (Microsoft Corporation)
R2 UxSms; C:\windows\System32\uxsms.dll [29696 2009-07-14] (Microsoft Corporation)
S3 VaultSvc; C:\windows\system32\lsass.exe [22528 2011-11-17] (Microsoft Corporation)
S3 vds; C:\windows\System32\vds.exe [452608 2009-07-14] (Microsoft Corporation)
S3 VSS; C:\windows\system32\vssvc.exe [1025536 2009-07-14] (Microsoft Corporation)
S3 W32Time; C:\windows\system32\w32time.dll [288768 2009-07-14] (Microsoft Corporation)
S3 wbengine; C:\windows\system32\wbengine.exe [1202688 2009-07-14] (Microsoft Corporation)
S3 WbioSrvc; C:\windows\System32\wbiosrvc.dll [151552 2009-07-14] (Microsoft Corporation)
S3 wcncsvc; C:\windows\System32\wcncsvc.dll [276992 2010-09-14] (Microsoft Corporation)
S3 WcsPlugInService; C:\windows\System32\WcsPlugInService.dll [32768 2009-07-14] (Microsoft Corporation)
R3 WdiServiceHost; C:\windows\system32\wdi.dll [76288 2009-07-14] (Microsoft Corporation)
R3 WdiSystemHost; C:\windows\system32\wdi.dll [76288 2009-07-14] (Microsoft Corporation)
S3 WebClient; C:\windows\System32\webclnt.dll [204800 2010-12-21] (Microsoft Corporation)
S3 Wecsvc; C:\windows\system32\wecsvc.dll [147968 2009-07-14] (Microsoft Corporation)
S3 wercplsupport; C:\windows\System32\wercplsupport.dll [61440 2009-07-14] (Microsoft Corporation)
R3 WerSvc; C:\windows\System32\WerSvc.dll [65024 2009-07-14] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
R3 WinHttpAutoProxySvc; C:\windows\system32\winhttp.dll [350720 2010-12-21] (Microsoft Corporation)
R2 Winmgmt; C:\windows\system32\wbem\WMIsvc.dll [168960 2009-07-14] (Microsoft Corporation)
S3 WinRM; C:\windows\system32\WsmSvc.dll [1175040 2009-07-14] (Microsoft Corporation)
R2 Wlansvc; C:\windows\System32\wlansvc.dll [829440 2009-07-14] (Microsoft Corporation)
S3 wmiApSrv; C:\windows\system32\wbem\WmiApSrv.exe [136192 2009-07-14] (Microsoft Corporation)
S2 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1121280 2009-07-14] (Microsoft Corporation)
S3 WPCSvc; C:\windows\System32\wpcsvc.dll [10752 2009-07-14] (Microsoft Corporation)
R3 WPDBusEnum; C:\windows\system32\wpdbusenum.dll [84480 2009-07-14] (Microsoft Corporation)
R2 wscsvc; C:\windows\system32\wscsvc.dll [73728 2010-12-21] (Microsoft Corporation)
R2 WSearch; C:\windows\system32\SearchIndexer.exe [428032 2011-05-04] (Microsoft Corporation)
S2 wuauserv; C:\windows\system32\wuaueng.dll [1933848 2012-06-03] (Microsoft Corporation)
S3 wudfsvc; C:\windows\System32\WUDFSvc.dll [73216 2012-07-26] (Microsoft Corporation)
S3 WwanSvc; C:\windows\System32\wwansvc.dll [185856 2009-07-14] (Microsoft Corporation)

==================== Drivers (All) ==========================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 1394ohci; C:\windows\system32\DRIVERS\1394ohci.sys [163328 2009-07-14] (Microsoft Corporation)
R0 ACPI; C:\windows\System32\DRIVERS\ACPI.sys [274496 2009-07-14] (Microsoft Corporation)
S3 AcpiPmi; C:\windows\system32\DRIVERS\acpipmi.sys [9728 2009-07-14] (Microsoft Corporation)
S3 adp94xx; C:\windows\system32\DRIVERS\adp94xx.sys [422976 2009-07-14] (Adaptec, Inc.)
S3 adpahci; C:\windows\system32\DRIVERS\adpahci.sys [297552 2009-07-14] (Adaptec, Inc.)
S3 adpu320; C:\windows\system32\DRIVERS\adpu320.sys [146512 2009-07-14] (Adaptec, Inc.)
R1 AFD; C:\windows\system32\drivers\afd.sys [338944 2011-04-25] (Microsoft Corporation)
S3 agp440; C:\windows\system32\DRIVERS\agp440.sys [53312 2009-07-14] (Microsoft Corporation)
S3 aic78xx; C:\windows\system32\DRIVERS\djsvs.sys [70720 2009-07-14] (Adaptec, Inc.)
S3 aliide; C:\windows\system32\DRIVERS\aliide.sys [14400 2009-07-14] (Acer Laboratories Inc.)
S3 amdagp; C:\windows\system32\DRIVERS\amdagp.sys [53312 2009-07-14] (Microsoft Corporation)
S3 amdide; C:\windows\system32\DRIVERS\amdide.sys [14912 2009-07-14] (Microsoft Corporation)
S3 AmdK8; C:\windows\system32\DRIVERS\amdk8.sys [55296 2009-07-14] (Microsoft Corporation)
S3 AmdPPM; C:\windows\system32\DRIVERS\amdppm.sys [52736 2009-07-14] (Microsoft Corporation)
S3 amdsata; C:\windows\system32\drivers\amdsata.sys [80256 2011-03-11] (Advanced Micro Devices)
S3 amdsbs; C:\windows\system32\DRIVERS\amdsbs.sys [159312 2009-07-14] (AMD Technologies Inc.)
R0 amdxata; C:\windows\System32\drivers\amdxata.sys [22400 2011-03-11] (Advanced Micro Devices)
S3 AppID; C:\windows\system32\drivers\appid.sys [50176 2009-07-14] (Microsoft Corporation)
S3 arc; C:\windows\system32\DRIVERS\arc.sys [76368 2009-07-14] (Adaptec, Inc.)
S3 arcsas; C:\windows\system32\DRIVERS\arcsas.sys [86608 2009-07-14] (Adaptec, Inc.)
S3 AsyncMac; C:\windows\System32\DRIVERS\asyncmac.sys [17920 2009-07-14] (Microsoft Corporation)
R0 atapi; C:\windows\System32\DRIVERS\atapi.sys [21584 2009-07-14] (Microsoft Corporation)
R3 athr; C:\windows\System32\DRIVERS\athr.sys [2228224 2011-12-13] (Atheros Communications, Inc.)
R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [97648 2014-07-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [136216 2014-06-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\windows\System32\DRIVERS\avnetflt.sys [35848 2014-07-24] (Avira Operations GmbH & Co. KG)
S3 b06bdrv; C:\windows\system32\DRIVERS\bxvbdx.sys [430080 2009-07-14] (Broadcom Corporation)
S3 b57nd60x; C:\windows\System32\DRIVERS\b57nd60x.sys [229888 2009-07-14] (Broadcom Corporation)
R1 Beep; C:\windows\system32\Drivers\Beep.sys [6144 2009-07-14] (Microsoft Corporation)
R1 blbdrive; C:\windows\System32\DRIVERS\blbdrive.sys [35328 2009-07-14] (Microsoft Corporation)
R3 bowser; C:\windows\System32\DRIVERS\bowser.sys [69632 2011-02-23] (Microsoft Corporation)
S3 BrFiltLo; C:\windows\system32\DRIVERS\BrFiltLo.sys [13568 2009-07-14] (Brother Industries, Ltd.)
S3 BrFiltUp; C:\windows\system32\DRIVERS\BrFiltUp.sys [5248 2009-07-14] (Brother Industries, Ltd.)
S3 Brserid; C:\windows\System32\Drivers\Brserid.sys [272128 2009-07-14] (Brother Industries Ltd.)
S3 BrSerWdm; C:\windows\System32\Drivers\BrSerWdm.sys [62336 2009-07-14] (Brother Industries Ltd.)
S3 BrUsbMdm; C:\windows\System32\Drivers\BrUsbMdm.sys [12160 2009-07-14] (Brother Industries Ltd.)
S3 BrUsbSer; C:\windows\System32\Drivers\BrUsbSer.sys [11904 2009-07-14] (Brother Industries Ltd.)
S3 BTHMODEM; C:\windows\system32\DRIVERS\bthmodem.sys [56320 2009-07-14] (Microsoft Corporation)
S4 cdfs; C:\windows\System32\DRIVERS\cdfs.sys [70656 2009-07-14] (Microsoft Corporation)
R1 cdrom; C:\windows\System32\DRIVERS\cdrom.sys [108544 2009-07-14] (Microsoft Corporation)
S3 circlass; C:\windows\system32\DRIVERS\circlass.sys [37888 2009-07-14] (Microsoft Corporation)
R0 CLFS; C:\windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R3 CmBatt; C:\windows\System32\DRIVERS\CmBatt.sys [14080 2009-07-14] (Microsoft Corporation)
S3 cmdide; C:\windows\system32\DRIVERS\cmdide.sys [15952 2009-07-14] (CMD Technology, Inc.)
R0 CNG; C:\windows\System32\Drivers\cng.sys [369336 2012-06-02] (Microsoft Corporation)
R0 Compbatt; C:\windows\System32\DRIVERS\compbatt.sys [19024 2009-07-14] (Microsoft Corporation)
R3 CompositeBus; C:\windows\System32\DRIVERS\CompositeBus.sys [31232 2009-07-14] (Microsoft Corporation)
S4 crcdisk; C:\windows\system32\DRIVERS\crcdisk.sys [22096 2009-07-14] (Microsoft Corporation)
R1 DfsC; C:\windows\System32\Drivers\dfsc.sys [78336 2011-04-27] (Microsoft Corporation)
R1 discache; C:\windows\System32\drivers\discache.sys [32256 2009-07-14] (Microsoft Corporation)
R0 Disk; C:\windows\System32\DRIVERS\disk.sys [57424 2009-07-14] (Microsoft Corporation)
S3 drmkaud; C:\windows\System32\drivers\drmkaud.sys [5120 2009-07-14] (Microsoft Corporation)
R3 DXGKrnl; C:\windows\System32\drivers\dxgkrnl.sys [728448 2010-11-02] (Microsoft Corporation)
S3 ebdrv; C:\windows\system32\DRIVERS\evbdx.sys [3100160 2009-07-14] (Broadcom Corporation)
S3 elxstor; C:\windows\system32\DRIVERS\elxstor.sys [453712 2009-07-14] (Emulex)
S3 ErrDev; C:\windows\system32\DRIVERS\errdev.sys [7168 2009-07-14] (Microsoft Corporation)
S3 exfat; C:\windows\system32\Drivers\exfat.sys [142336 2009-07-14] (Microsoft Corporation)
S3 fastfat; C:\windows\system32\Drivers\fastfat.sys [148480 2009-07-14] (Microsoft Corporation)
S3 fdc; C:\windows\system32\DRIVERS\fdc.sys [25088 2009-07-14] (Microsoft Corporation)
R0 FileInfo; C:\windows\System32\drivers\fileinfo.sys [58448 2009-07-14] (Microsoft Corporation)
S3 Filetrace; C:\windows\System32\drivers\filetrace.sys [28160 2009-07-14] (Microsoft Corporation)
S3 flpydisk; C:\windows\system32\DRIVERS\flpydisk.sys [19968 2009-07-14] (Microsoft Corporation)
R0 FltMgr; C:\windows\System32\drivers\fltmgr.sys [198208 2009-07-14] (Microsoft Corporation)
S3 FsDepends; C:\windows\System32\drivers\FsDepends.sys [46160 2009-07-14] (Microsoft Corporation)
S3 fssfltr; C:\windows\System32\DRIVERS\fssfltr.sys [54632 2009-08-05] (Microsoft Corporation)
U0 Fs_Rec; C:\windows\system32\Drivers\Fs_Rec.sys [19312 2012-03-01] (Microsoft Corporation)
R0 fvevol; C:\windows\System32\DRIVERS\fvevol.sys [195816 2013-01-24] (Microsoft Corporation)
S3 gagp30kx; C:\windows\system32\DRIVERS\gagp30kx.sys [57936 2009-07-14] (Microsoft Corporation)
S3 hcw85cir; C:\windows\system32\drivers\hcw85cir.sys [26624 2009-07-14] (Hauppauge Computer Works, Inc.)
S3 HdAudAddService; C:\windows\System32\drivers\HdAudio.sys [304128 2009-07-14] (Microsoft Corporation)
R3 HDAudBus; C:\windows\System32\DRIVERS\HDAudBus.sys [108544 2009-07-14] (Microsoft Corporation)
S3 HidBatt; C:\windows\system32\DRIVERS\HidBatt.sys [21504 2009-07-14] (Microsoft Corporation)
S3 HidBth; C:\windows\system32\DRIVERS\hidbth.sys [91136 2009-07-14] (Microsoft Corporation)
S3 HidIr; C:\windows\system32\DRIVERS\hidir.sys [37888 2009-07-14] (Microsoft Corporation)
S3 HidUsb; C:\windows\System32\DRIVERS\hidusb.sys [24064 2009-07-14] (Microsoft Corporation)
S3 HpSAMD; C:\windows\system32\DRIVERS\HpSAMD.sys [67152 2009-07-14] (Hewlett-Packard Company)
R3 HTTP; C:\windows\System32\drivers\HTTP.sys [513024 2009-07-14] (Microsoft Corporation)
R0 hwpolicy; C:\windows\System32\drivers\hwpolicy.sys [13904 2009-07-14] (Microsoft Corporation)
R3 i8042prt; C:\windows\System32\DRIVERS\i8042prt.sys [80896 2009-07-14] (Microsoft Corporation)
R0 iaStor; C:\windows\System32\DRIVERS\iaStor.sys [330264 2009-06-04] (Intel Corporation)
S3 iaStorV; C:\windows\system32\drivers\iaStorV.sys [332160 2011-03-11] (Intel Corporation)
S3 igfx; C:\windows\System32\DRIVERS\igdkmd32.sys [4756480 2009-06-10] (Intel Corporation)
S3 iirsp; C:\windows\system32\DRIVERS\iirsp.sys [41040 2009-07-14] (Intel Corp./ICP vortex GmbH)
R3 IntcAzAudAddService; C:\windows\System32\drivers\RTKVHDA.sys [2752352 2009-08-19] (Realtek Semiconductor Corp.)
S3 intelide; C:\windows\system32\DRIVERS\intelide.sys [15424 2009-07-14] (Microsoft Corporation)
R3 intelppm; C:\windows\System32\DRIVERS\intelppm.sys [53760 2009-07-14] (Microsoft Corporation)
S3 IpFilterDriver; C:\windows\System32\DRIVERS\ipfltdrv.sys [58880 2009-07-14] (Microsoft Corporation)
S3 IPMIDRV; C:\windows\system32\DRIVERS\IPMIDrv.sys [65536 2009-07-14] (Microsoft Corporation)
S3 IPNAT; C:\windows\System32\drivers\ipnat.sys [101888 2009-07-14] (Microsoft Corporation)
S3 IRENUM; C:\windows\System32\drivers\irenum.sys [13824 2009-07-14] (Microsoft Corporation)
S3 isapnp; C:\windows\system32\DRIVERS\isapnp.sys [46656 2009-07-14] (Microsoft Corporation)
S3 iScsiPrt; C:\windows\system32\DRIVERS\msiscsi.sys [186960 2009-07-14] (Microsoft Corporation)
R3 kbdclass; C:\windows\System32\DRIVERS\kbdclass.sys [42576 2009-07-14] (Microsoft Corporation)
S3 kbdhid; C:\windows\system32\DRIVERS\kbdhid.sys [28160 2009-07-14] (Microsoft Corporation)
R0 KSecDD; C:\windows\System32\Drivers\ksecdd.sys [67440 2012-06-02] (Microsoft Corporation)
R0 KSecPkg; C:\windows\System32\Drivers\ksecpkg.sys [134000 2012-06-02] (Microsoft Corporation)
R2 lltdio; C:\windows\System32\DRIVERS\lltdio.sys [48128 2009-07-14] (Microsoft Corporation)
S3 LSI_FC; C:\windows\system32\DRIVERS\lsi_fc.sys [95824 2009-07-14] (LSI Corporation)
S3 LSI_SAS; C:\windows\system32\DRIVERS\lsi_sas.sys [89168 2009-07-14] (LSI Corporation)
S3 LSI_SAS2; C:\windows\system32\DRIVERS\lsi_sas2.sys [54864 2009-07-14] (LSI Corporation)
S3 LSI_SCSI; C:\windows\system32\DRIVERS\lsi_scsi.sys [96848 2009-07-14] (LSI Corporation)
R2 luafv; C:\windows\system32\drivers\luafv.sys [86528 2009-07-14] (Microsoft Corporation)
S3 megasas; C:\windows\system32\DRIVERS\megasas.sys [30800 2009-07-14] (LSI Corporation)
S3 MegaSR; C:\windows\system32\DRIVERS\MegaSR.sys [235584 2009-07-14] (LSI Corporation, Inc.)
S3 Modem; C:\windows\System32\drivers\modem.sys [31744 2009-07-14] (Microsoft Corporation)
R3 monitor; C:\windows\System32\DRIVERS\monitor.sys [23552 2009-07-14] (Microsoft Corporation)
R3 mouclass; C:\windows\System32\DRIVERS\mouclass.sys [41552 2009-07-14] (Microsoft Corporation)
S3 mouhid; C:\windows\System32\DRIVERS\mouhid.sys [26112 2009-07-14] (Microsoft Corporation)
R0 mountmgr; C:\windows\System32\drivers\mountmgr.sys [78416 2009-07-14] (Microsoft Corporation)
S3 mpio; C:\windows\system32\DRIVERS\mpio.sys [130624 2009-07-14] (Microsoft Corporation)
R3 mpsdrv; C:\windows\System32\drivers\mpsdrv.sys [60416 2009-07-14] (Microsoft Corporation)
S3 MRxDAV; C:\windows\system32\drivers\mrxdav.sys [115712 2009-07-14] (Microsoft Corporation)
R3 mrxsmb; C:\windows\System32\DRIVERS\mrxsmb.sys [123392 2011-05-04] (Microsoft Corporation)
R3 mrxsmb10; C:\windows\System32\DRIVERS\mrxsmb10.sys [222720 2011-07-09] (Microsoft Corporation)
R3 mrxsmb20; C:\windows\System32\DRIVERS\mrxsmb20.sys [96256 2011-05-04] (Microsoft Corporation)
R0 msahci; C:\windows\System32\DRIVERS\msahci.sys [27712 2009-07-14] (Microsoft Corporation)
S3 msdsm; C:\windows\system32\DRIVERS\msdsm.sys [115792 2009-07-14] (Microsoft Corporation)
R1 Msfs; C:\windows\system32\Drivers\Msfs.sys [22528 2009-07-14] (Microsoft Corporation)
S3 mshidkmdf; C:\windows\System32\drivers\mshidkmdf.sys [4096 2009-07-14] (Microsoft Corporation)
R0 msisadrv; C:\windows\System32\DRIVERS\msisadrv.sys [13888 2009-07-14] (Microsoft Corporation)
S3 MSKSSRV; C:\windows\System32\drivers\MSKSSRV.sys [8320 2009-07-14] (Microsoft Corporation)
S3 MSPCLOCK; C:\windows\System32\drivers\MSPCLOCK.sys [5888 2009-07-14] (Microsoft Corporation)
S3 MSPQM; C:\windows\System32\drivers\MSPQM.sys [5504 2009-07-14] (Microsoft Corporation)
S3 MsRPC; C:\windows\system32\Drivers\MsRPC.sys [162896 2009-07-14] (Microsoft Corporation)
R1 mssmbios; C:\windows\System32\DRIVERS\mssmbios.sys [28240 2009-07-14] (Microsoft Corporation)
S3 MSTEE; C:\windows\System32\drivers\MSTEE.sys [6144 2009-07-14] (Microsoft Corporation)
S3 MTConfig; C:\windows\system32\DRIVERS\MTConfig.sys [12288 2009-07-14] (Microsoft Corporation)
R0 Mup; C:\windows\System32\Drivers\mup.sys [49728 2009-07-14] (Microsoft Corporation)
R3 NativeWifiP; C:\windows\System32\DRIVERS\nwifi.sys [267264 2009-07-14] (Microsoft Corporation)
R0 NDIS; C:\windows\System32\drivers\ndis.sys [710720 2009-07-14] (Microsoft Corporation)
S3 NdisCap; C:\windows\System32\DRIVERS\ndiscap.sys [27136 2009-07-14] (Microsoft Corporation)
R3 NdisTapi; C:\windows\System32\DRIVERS\ndistapi.sys [20992 2009-07-14] (Microsoft Corporation)
R3 Ndisuio; C:\windows\System32\DRIVERS\ndisuio.sys [45568 2009-07-14] (Microsoft Corporation)
R3 NdisWan; C:\windows\System32\DRIVERS\ndiswan.sys [118784 2009-07-14] (Microsoft Corporation)
R3 NDProxy; C:\windows\system32\Drivers\NDProxy.sys [48128 2009-07-14] (Microsoft Corporation)
R1 NetBIOS; C:\windows\System32\DRIVERS\netbios.sys [36352 2009-07-14] (Microsoft Corporation)
R1 NetBT; C:\windows\System32\DRIVERS\netbt.sys [187904 2009-07-14] (Microsoft Corporation)
S3 nfrd960; C:\windows\system32\DRIVERS\nfrd960.sys [44624 2009-07-14] (IBM Corporation)
R1 Npfs; C:\windows\system32\Drivers\Npfs.sys [35328 2009-07-14] (Microsoft Corporation)
R1 nsiproxy; C:\windows\System32\drivers\nsiproxy.sys [16896 2009-07-14] (Microsoft Corporation)
R3 Ntfs; C:\windows\system32\Drivers\Ntfs.sys [1210728 2013-04-12] (Microsoft Corporation)
R1 Null; C:\windows\system32\Drivers\Null.sys [4608 2009-07-14] (Microsoft Corporation)
R3 nvlddmkm; C:\windows\System32\DRIVERS\nvlddmkm.sys [9253664 2013-09-05] (NVIDIA Corporation)
S3 nvraid; C:\windows\system32\drivers\nvraid.sys [117120 2011-03-11] (NVIDIA Corporation)
S3 nvstor; C:\windows\system32\drivers\nvstor.sys [143744 2011-03-11] (NVIDIA Corporation)
S3 nv_agp; C:\windows\system32\DRIVERS\nv_agp.sys [105024 2009-07-14] (Microsoft Corporation)
S3 ohci1394; C:\windows\system32\DRIVERS\ohci1394.sys [62464 2009-07-14] (Microsoft Corporation)
S3 Parport; C:\windows\system32\DRIVERS\parport.sys [79360 2009-07-14] (Microsoft Corporation)
R0 partmgr; C:\windows\System32\drivers\partmgr.sys [56688 2012-03-17] (Microsoft Corporation)
S2 Parvdm; C:\windows\system32\DRIVERS\parvdm.sys [8704 2009-07-14] (Microsoft Corporation)
R0 pci; C:\windows\System32\DRIVERS\pci.sys [153680 2009-07-14] (Microsoft Corporation)
S3 pciide; C:\windows\system32\DRIVERS\pciide.sys [12368 2009-07-14] (Microsoft Corporation)
S3 pcmcia; C:\windows\system32\DRIVERS\pcmcia.sys [180288 2009-07-14] (Microsoft Corporation)
R0 pcw; C:\windows\System32\drivers\pcw.sys [43088 2009-07-14] (Microsoft Corporation)
R2 PEAUTH; C:\windows\System32\drivers\peauth.sys [586752 2009-07-14] (Microsoft Corporation)
R3 PptpMiniport; C:\windows\System32\DRIVERS\raspptp.sys [73728 2009-07-14] (Microsoft Corporation)
S3 Processor; C:\windows\system32\DRIVERS\processr.sys [52224 2009-07-14] (Microsoft Corporation)
R1 Psched; C:\windows\System32\DRIVERS\pacer.sys [104448 2009-07-14] (Microsoft Corporation)
S3 ql2300; C:\windows\system32\DRIVERS\ql2300.sys [1383488 2009-07-14] (QLogic Corporation)
S3 ql40xx; C:\windows\system32\DRIVERS\ql40xx.sys [106064 2009-07-14] (QLogic Corporation)
S3 QWAVEdrv; C:\windows\system32\drivers\qwavedrv.sys [31744 2009-07-14] (Microsoft Corporation)
S3 RasAcd; C:\windows\System32\DRIVERS\rasacd.sys [11776 2009-07-14] (Microsoft Corporation)
R3 RasAgileVpn; C:\windows\System32\DRIVERS\AgileVpn.sys [49152 2009-07-14] (Microsoft Corporation)
R3 Rasl2tp; C:\windows\System32\DRIVERS\rasl2tp.sys [78848 2009-07-14] (Microsoft Corporation)
R3 RasPppoe; C:\windows\System32\DRIVERS\raspppoe.sys [77824 2009-07-14] (Microsoft Corporation)
R3 RasSstp; C:\windows\System32\DRIVERS\rassstp.sys [75264 2009-07-14] (Microsoft Corporation)
R1 rdbss; C:\windows\System32\DRIVERS\rdbss.sys [241664 2009-07-14] (Microsoft Corporation)
S3 rdpbus; C:\windows\system32\DRIVERS\rdpbus.sys [18944 2009-07-14] (Microsoft Corporation)
R1 RDPCDD; C:\windows\System32\DRIVERS\RDPCDD.sys [6656 2009-07-14] (Microsoft Corporation)
R1 RDPENCDD; C:\windows\System32\drivers\rdpencdd.sys [6656 2009-07-14] (Microsoft Corporation)
R1 RDPREFMP; C:\windows\System32\drivers\rdprefmp.sys [7168 2009-07-14] (Microsoft Corporation)
S3 RDPWD; C:\windows\system32\Drivers\RDPWD.sys [177152 2012-04-28] (Microsoft Corporation)
R0 rdyboost; C:\windows\System32\drivers\rdyboost.sys [173648 2009-07-14] (Microsoft Corporation)
R2 rspndr; C:\windows\System32\DRIVERS\rspndr.sys [60928 2009-07-14] (Microsoft Corporation)
R3 RTL8167; C:\windows\System32\DRIVERS\Rt86win7.sys [187392 2009-07-31] (Realtek                                            )
R1 SABI; C:\windows\system32\Drivers\SABI.sys [10752 2009-05-28] (SAMSUNG ELECTRONICS)
S3 sbp2port; C:\windows\system32\DRIVERS\sbp2port.sys [85568 2009-07-14] (Microsoft Corporation)
S3 scfilter; C:\windows\System32\DRIVERS\scfilter.sys [26624 2009-07-14] (Microsoft Corporation)
R2 secdrv; C:\windows\system32\Drivers\secdrv.sys [20480 2009-07-13] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
S3 Serenum; C:\windows\system32\DRIVERS\serenum.sys [17920 2009-07-14] (Microsoft Corporation)
S3 Serial; C:\windows\system32\DRIVERS\serial.sys [83456 2009-07-14] (Microsoft Corporation)
S3 sermouse; C:\windows\system32\DRIVERS\sermouse.sys [19968 2009-07-14] (Microsoft Corporation)
S3 sffdisk; C:\windows\system32\drivers\sffdisk.sys [11264 2009-07-14] (Microsoft Corporation)
S3 sffp_mmc; C:\windows\system32\drivers\sffp_mmc.sys [12288 2009-07-14] (Microsoft Corporation)
S3 sffp_sd; C:\windows\system32\drivers\sffp_sd.sys [12800 2009-10-10] (Microsoft Corporation)
S3 sfloppy; C:\windows\system32\DRIVERS\sfloppy.sys [13824 2009-07-14] (Microsoft Corporation)
S3 sisagp; C:\windows\system32\DRIVERS\sisagp.sys [52304 2009-07-14] (Microsoft Corporation)
S3 SiSRaid2; C:\windows\system32\DRIVERS\SiSRaid2.sys [40016 2009-07-14] (Silicon Integrated Systems Corp.)
S3 SiSRaid4; C:\windows\system32\DRIVERS\sisraid4.sys [77888 2009-07-14] (Silicon Integrated Systems)
S3 Smb; C:\windows\System32\DRIVERS\smb.sys [71168 2009-07-14] (Microsoft Corporation)
R0 spldr; C:\windows\system32\Drivers\spldr.sys [17472 2009-07-14] (Microsoft Corporation)
R3 srv; C:\windows\System32\DRIVERS\srv.sys [311296 2011-04-29] (Microsoft Corporation)
R3 srv2; C:\windows\System32\DRIVERS\srv2.sys [309760 2011-04-29] (Microsoft Corporation)
R3 srvnet; C:\windows\System32\DRIVERS\srvnet.sys [114176 2011-04-29] (Microsoft Corporation)
R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2013-12-09] (Avira GmbH)
S3 stexstor; C:\windows\system32\DRIVERS\stexstor.sys [21072 2009-07-14] (Promise Technology)
R3 swenum; C:\windows\System32\DRIVERS\swenum.sys [12240 2009-07-14] (Microsoft Corporation)
R3 SynTP; C:\windows\System32\DRIVERS\SynTP.sys [212656 2009-07-15] (Synaptics Incorporated)
R1 Tcpip; C:\windows\System32\drivers\tcpip.sys [1287528 2013-01-04] (Microsoft Corporation)
S3 TCPIP6; C:\windows\System32\DRIVERS\tcpip.sys [1287528 2013-01-04] (Microsoft Corporation)
R2 tcpipreg; C:\windows\System32\drivers\tcpipreg.sys [34816 2009-07-14] (Microsoft Corporation)
S3 TDPIPE; C:\windows\System32\drivers\tdpipe.sys [17920 2009-07-14] (Microsoft Corporation)
S3 TDTCP; C:\windows\System32\drivers\tdtcp.sys [24064 2012-02-15] (Microsoft Corporation)
R1 tdx; C:\windows\System32\DRIVERS\tdx.sys [74240 2009-07-14] (Microsoft Corporation)
R1 TermDD; C:\windows\System32\DRIVERS\termdd.sys [51776 2009-07-14] (Microsoft Corporation)
S3 tssecsrv; C:\windows\System32\DRIVERS\tssecsrv.sys [30208 2009-07-14] (Microsoft Corporation)
R3 tunnel; C:\windows\System32\DRIVERS\tunnel.sys [108544 2009-07-14] (Microsoft Corporation)
S3 uagp35; C:\windows\system32\DRIVERS\uagp35.sys [55888 2009-07-14] (Microsoft Corporation)
R4 udfs; C:\windows\System32\DRIVERS\udfs.sys [246784 2009-07-14] (Microsoft Corporation)
S3 uliagpkx; C:\windows\system32\DRIVERS\uliagpkx.sys [57424 2009-07-14] (Microsoft Corporation)
R3 umbus; C:\windows\System32\DRIVERS\umbus.sys [39936 2009-07-14] (Microsoft Corporation)
S3 UmPass; C:\windows\system32\DRIVERS\umpass.sys [8192 2009-07-14] (Microsoft Corporation)
R3 usbccgp; C:\windows\System32\DRIVERS\usbccgp.sys [75776 2011-03-25] (Microsoft Corporation)
S3 usbcir; C:\windows\system32\DRIVERS\usbcir.sys [86016 2009-07-14] (Microsoft Corporation)
R3 usbehci; C:\windows\System32\DRIVERS\usbehci.sys [43008 2011-03-25] (Microsoft Corporation)
R3 usbhub; C:\windows\System32\DRIVERS\usbhub.sys [258560 2011-03-25] (Microsoft Corporation)
S3 usbohci; C:\windows\system32\drivers\usbohci.sys [20480 2011-03-25] (Microsoft Corporation)
S3 usbprint; C:\windows\System32\DRIVERS\usbprint.sys [19968 2009-07-14] (Microsoft Corporation)
S3 USBSTOR; C:\windows\System32\DRIVERS\USBSTOR.SYS [75776 2011-03-11] (Microsoft Corporation)
R3 usbuhci; C:\windows\System32\DRIVERS\usbuhci.sys [24064 2011-03-25] (Microsoft Corporation)
R3 usbvideo; C:\windows\System32\Drivers\usbvideo.sys [146176 2009-07-14] (Microsoft Corporation)
R0 vdrvroot; C:\windows\System32\DRIVERS\vdrvroot.sys [32832 2009-07-14] (Microsoft Corporation)
S3 vga; C:\windows\System32\DRIVERS\vgapnp.sys [26112 2009-07-14] (Microsoft Corporation)
R1 VgaSave; C:\windows\System32\drivers\vga.sys [25088 2009-07-14] (Microsoft Corporation)
S3 vhdmp; C:\windows\system32\DRIVERS\vhdmp.sys [159824 2009-07-14] (Microsoft Corporation)
S3 viaagp; C:\windows\system32\DRIVERS\viaagp.sys [53328 2009-07-14] (Microsoft Corporation)
S3 ViaC7; C:\windows\system32\DRIVERS\viac7.sys [52736 2009-07-14] (Microsoft Corporation)
S3 viaide; C:\windows\system32\DRIVERS\viaide.sys [16976 2009-07-14] (VIA Technologies, Inc.)
R0 volmgr; C:\windows\System32\DRIVERS\volmgr.sys [53312 2009-07-14] (Microsoft Corporation)
R0 volmgrx; C:\windows\System32\drivers\volmgrx.sys [297040 2009-07-14] (Microsoft Corporation)
R0 volsnap; C:\windows\System32\DRIVERS\volsnap.sys [245328 2009-07-14] (Microsoft Corporation)
S3 vsmraid; C:\windows\system32\DRIVERS\vsmraid.sys [141904 2009-07-14] (VIA Technologies Inc.,Ltd)
R3 vwifibus; C:\windows\System32\DRIVERS\vwifibus.sys [19968 2009-07-14] (Microsoft Corporation)
R1 vwififlt; C:\windows\System32\DRIVERS\vwififlt.sys [48128 2009-07-14] (Microsoft Corporation)
S3 WacomPen; C:\windows\system32\DRIVERS\wacompen.sys [21632 2009-07-14] (Microsoft Corporation)
S3 WANARP; C:\windows\System32\DRIVERS\wanarp.sys [63488 2009-07-14] (Microsoft Corporation)
R1 Wanarpv6; C:\windows\System32\DRIVERS\wanarp.sys [63488 2009-07-14] (Microsoft Corporation)
S3 Wd; C:\windows\system32\DRIVERS\wd.sys [19024 2009-07-14] (Microsoft Corporation)
R0 Wdf01000; C:\windows\System32\drivers\Wdf01000.sys [526952 2012-07-26] (Microsoft Corporation)
R1 WfpLwf; C:\windows\System32\DRIVERS\wfplwf.sys [9728 2009-07-14] (Microsoft Corporation)
S3 WIMMount; C:\windows\System32\drivers\wimmount.sys [19008 2009-07-14] (Microsoft Corporation)
U3 Winsock; No ImagePath
S3 WinUsb; C:\windows\System32\DRIVERS\WinUsb.sys [34944 2009-07-14] (Microsoft Corporation)
S3 WmiAcpi; C:\windows\system32\DRIVERS\wmiacpi.sys [11264 2009-07-14] (Microsoft Corporation)
S4 ws2ifsl; C:\windows\system32\drivers\ws2ifsl.sys [16384 2009-07-14] (Microsoft Corporation)
S3 WudfPf; C:\windows\System32\drivers\WudfPf.sys [66560 2012-07-26] (Microsoft Corporation)
S3 WUDFRd; C:\windows\System32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)
U5 BattC; C:\Windows\System32\Drivers\BattC.sys [25168 2009-07-14] (Microsoft Corporation)
S3 MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-10 15:45 - 2014-09-05 03:42 - 00444416 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-09-10 15:45 - 2014-09-05 03:38 - 00303104 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-09-08 17:14 - 2014-09-08 17:14 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-07 14:27 - 2014-09-07 14:29 - 00005639 _____ () C:\Users\user\Desktop\Rote Grütze.txt
2014-09-07 12:58 - 2014-09-10 17:17 - 00000000 ____D () C:\FRST
2014-09-06 08:42 - 2014-09-06 08:42 - 00000689 _____ () C:\Users\user\Desktop\updatefix.bat
2014-09-05 13:48 - 2014-09-05 13:50 - 00000000 ____D () C:\windows\SoftwareDistribution.old
2014-09-05 12:55 - 2014-09-05 12:55 - 00000207 _____ () C:\windows\tweaking.com-regbackup-USER-PC-Microsoft-Windows-7-Home-Premium-(32-bit).dat
2014-09-05 12:55 - 2014-09-05 12:55 - 00000000 ____D () C:\RegBackup
2014-09-05 12:20 - 2014-09-05 12:20 - 07489465 _____ () C:\Users\user\Downloads\tweaking.com_windows_repair_aio[1].zip
2014-09-05 09:04 - 2014-09-05 09:05 - 231030439 _____ () C:\Users\user\Downloads\Windows6.1-KB947821-v33-x86 (2).msu
2014-09-04 21:29 - 2014-09-04 21:30 - 00000720 _____ () C:\DelFix.txt
2014-09-04 21:28 - 2014-09-04 21:28 - 00000000 _____ () C:\Users\user\Desktop\Neues Textdokument.txt
2014-09-04 20:55 - 2014-09-04 20:58 - 563934504 _____ (Microsoft Corporation) C:\Users\user\Downloads\windows6.1-KB976932-X86.exe
2014-09-04 20:21 - 2014-09-04 20:23 - 231030439 _____ () C:\Users\user\Downloads\Windows6.1-KB947821-v33-x86 (1).msu
2014-09-04 20:17 - 2014-09-04 20:17 - 00002278 _____ () C:\Users\user\AppData\Local\recently-used.xbel
2014-09-04 19:28 - 2014-09-04 19:28 - 00000000 ____D () C:\windows\system32\EventProviders
2014-09-04 17:57 - 2014-09-04 17:57 - 00000000 ____D () C:\windows\CheckSur
2014-09-04 17:53 - 2014-09-04 17:54 - 231030439 _____ () C:\Users\user\Downloads\Windows6.1-KB947821-v33-x86.msu
2014-09-03 17:12 - 2014-09-03 17:12 - 00000000 ____D () C:\Program Files\ESET
2014-09-03 11:49 - 2014-09-03 11:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-03 11:43 - 2014-09-04 21:29 - 00000000 ____D () C:\windows\ERUNT
2014-09-02 19:27 - 2014-09-10 17:17 - 00000000 ____D () C:\Users\user\Desktop\Trojanercheck
2014-09-02 16:15 - 2014-09-02 16:15 - 00000000 ____D () C:\windows\pss
2014-09-02 13:41 - 2014-09-02 13:41 - 00000000 ____D () C:\windows\PIF
2014-08-26 19:41 - 2014-08-26 19:41 - 00000000 ____D () C:\ProgramData\Arcade Lab
2014-08-15 10:16 - 2014-09-08 17:14 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-14 18:09 - 2014-08-14 18:09 - 00000000 ____D () C:\Users\user\Documents\PDF Architect 2
2014-08-14 18:09 - 2014-08-14 18:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2
2014-08-14 18:09 - 2014-08-14 18:09 - 00000000 ____D () C:\Program Files\PDF Architect 2
2014-08-14 18:08 - 2014-08-14 18:10 - 00000000 ____D () C:\Program Files\PDFCreator
2014-08-14 18:08 - 2014-08-14 18:08 - 00000000 ____D () C:\ProgramData\PDF Architect 2
2014-08-14 18:08 - 2014-08-14 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-08-14 18:08 - 2014-04-25 17:44 - 00662288 _____ (Microsoft Corporation) C:\windows\system32\MSCOMCT2.OCX
2014-08-14 18:08 - 2014-04-25 17:44 - 00137000 _____ (Microsoft Corporation) C:\windows\system32\MSMAPI32.OCX
2014-08-14 18:08 - 2014-04-25 17:44 - 00095416 _____ (pdfforge GmbH) C:\windows\system32\pdfcmon.dll
2014-08-14 18:08 - 2014-04-25 17:44 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\MSMPIDE.DLL
2014-08-14 18:08 - 1998-07-06 18:56 - 00125712 _____ (Microsoft Corporation) C:\windows\system32\VB6DE.DLL
2014-08-14 18:08 - 1998-07-06 18:55 - 00158208 _____ (Microsoft Corporation) C:\windows\system32\MSCMCDE.DLL
2014-08-14 18:08 - 1998-07-06 18:55 - 00064512 _____ (Microsoft Corporation) C:\windows\system32\MSCC2DE.DLL
2014-08-13 17:06 - 2014-08-13 17:06 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Brother
2014-08-11 18:49 - 2014-08-11 18:52 - 00000000 ____D () C:\Users\user\Documents\Gramps

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-10 17:17 - 2014-09-07 12:58 - 00000000 ____D () C:\FRST
2014-09-10 17:17 - 2014-09-02 19:27 - 00000000 ____D () C:\Users\user\Desktop\Trojanercheck
2014-09-10 17:16 - 2009-09-22 07:48 - 00750666 _____ () C:\windows\PFRO.log
2014-09-10 17:16 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-10 17:16 - 2009-07-14 06:39 - 00061855 _____ () C:\windows\setupact.log
2014-09-10 17:15 - 2009-09-22 07:23 - 01259023 _____ () C:\windows\WindowsUpdate.log
2014-09-10 17:15 - 2009-07-14 06:34 - 00020400 _____ () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-10 17:15 - 2009-07-14 06:34 - 00020400 _____ () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-10 16:19 - 2014-07-09 19:05 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-09-10 15:40 - 2009-07-26 22:06 - 01759924 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-08 17:14 - 2014-09-08 17:14 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-08 17:14 - 2014-08-15 10:16 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-08 17:14 - 2014-01-05 15:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-08 17:14 - 2014-01-05 15:07 - 00000000 ____D () C:\Program Files\Avira
2014-09-07 14:29 - 2014-09-07 14:27 - 00005639 _____ () C:\Users\user\Desktop\Rote Grütze.txt
2014-09-06 08:42 - 2014-09-06 08:42 - 00000689 _____ () C:\Users\user\Desktop\updatefix.bat
2014-09-05 13:50 - 2014-09-05 13:48 - 00000000 ____D () C:\windows\SoftwareDistribution.old
2014-09-05 13:48 - 2009-12-05 20:11 - 00109280 _____ () C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-05 13:44 - 2009-07-14 06:33 - 00412776 _____ () C:\windows\system32\FNTCACHE.DAT
2014-09-05 12:55 - 2014-09-05 12:55 - 00000207 _____ () C:\windows\tweaking.com-regbackup-USER-PC-Microsoft-Windows-7-Home-Premium-(32-bit).dat
2014-09-05 12:55 - 2014-09-05 12:55 - 00000000 ____D () C:\RegBackup
2014-09-05 12:20 - 2014-09-05 12:20 - 07489465 _____ () C:\Users\user\Downloads\tweaking.com_windows_repair_aio[1].zip
2014-09-05 09:05 - 2014-09-05 09:04 - 231030439 _____ () C:\Users\user\Downloads\Windows6.1-KB947821-v33-x86 (2).msu
2014-09-05 03:42 - 2014-09-10 15:45 - 00444416 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-09-05 03:38 - 2014-09-10 15:45 - 00303104 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-09-04 21:30 - 2014-09-04 21:29 - 00000720 _____ () C:\DelFix.txt
2014-09-04 21:29 - 2014-09-03 11:43 - 00000000 ____D () C:\windows\ERUNT
2014-09-04 21:28 - 2014-09-04 21:28 - 00000000 _____ () C:\Users\user\Desktop\Neues Textdokument.txt
2014-09-04 20:58 - 2014-09-04 20:55 - 563934504 _____ (Microsoft Corporation) C:\Users\user\Downloads\windows6.1-KB976932-X86.exe
2014-09-04 20:23 - 2014-09-04 20:21 - 231030439 _____ () C:\Users\user\Downloads\Windows6.1-KB947821-v33-x86 (1).msu
2014-09-04 20:17 - 2014-09-04 20:17 - 00002278 _____ () C:\Users\user\AppData\Local\recently-used.xbel
2014-09-04 19:28 - 2014-09-04 19:28 - 00000000 ____D () C:\windows\system32\EventProviders
2014-09-04 17:57 - 2014-09-04 17:57 - 00000000 ____D () C:\windows\CheckSur
2014-09-04 17:54 - 2014-09-04 17:53 - 231030439 _____ () C:\Users\user\Downloads\Windows6.1-KB947821-v33-x86.msu
2014-09-03 17:12 - 2014-09-03 17:12 - 00000000 ____D () C:\Program Files\ESET
2014-09-03 12:05 - 2009-07-14 06:52 - 00000000 ____D () C:\windows\twain_32
2014-09-03 11:49 - 2014-09-03 11:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-02 17:16 - 2014-01-14 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Purplehills
2014-09-02 16:15 - 2014-09-02 16:15 - 00000000 ____D () C:\windows\pss
2014-09-02 13:41 - 2014-09-02 13:41 - 00000000 ____D () C:\windows\PIF
2014-09-01 12:36 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\NDF
2014-08-29 19:46 - 2014-01-14 10:56 - 00000000 ____D () C:\Users\user\Documents\2014
2014-08-26 19:41 - 2014-08-26 19:41 - 00000000 ____D () C:\ProgramData\Arcade Lab
2014-08-23 16:14 - 2014-02-04 21:59 - 00000000 ____D () C:\Users\user\Documents\gothic3
2014-08-15 11:13 - 2014-06-25 20:55 - 00000000 ____D () C:\windows\system32\MRT
2014-08-15 11:11 - 2014-06-25 20:55 - 96303304 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-08-15 10:16 - 2014-01-05 15:07 - 00000000 ____D () C:\ProgramData\Avira
2014-08-14 18:10 - 2014-08-14 18:08 - 00000000 ____D () C:\Program Files\PDFCreator
2014-08-14 18:09 - 2014-08-14 18:09 - 00000000 ____D () C:\Users\user\Documents\PDF Architect 2
2014-08-14 18:09 - 2014-08-14 18:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2
2014-08-14 18:09 - 2014-08-14 18:09 - 00000000 ____D () C:\Program Files\PDF Architect 2
2014-08-14 18:08 - 2014-08-14 18:08 - 00000000 ____D () C:\ProgramData\PDF Architect 2
2014-08-14 18:08 - 2014-08-14 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-08-13 17:07 - 2014-01-21 09:23 - 00000432 _____ () C:\windows\BRWMARK.INI
2014-08-13 17:06 - 2014-08-13 17:06 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Brother
2014-08-11 22:34 - 2014-06-25 22:15 - 00000000 ____D () C:\Users\user\Desktop\Gramps
2014-08-11 18:52 - 2014-08-11 18:49 - 00000000 ____D () C:\Users\user\Documents\Gramps

Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-06 09:38

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---



Nach dem Fix gab es einen Neustart

Dieses FRST Logfile unter 2) setzt er da irgendwie automatisch hin... gehe ich auf editieren fügt er noch einen beim speichern hinzu... merkwürdig...

Warlord711 10.09.2014 19:52
Wie schauts aus ? Gabs noch irgendwann Meldungen ?

Ich würd gern noch einen "2. Meinung" Scan laufen lassen über das System, der dann auch wieder länger dauern wird.

Nur um sicherzugehen.

Emsisoft Emergency Kit - Scanner

Vorbereitung
  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.

Los gehts

Keyssie 11.09.2014 05:49
Code:
Emsisoft Emergency Kit - Version 9.0
Letztes Update: 9/10/2014 9:07:11 PM
Benutzerkonto: user-PC\user

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\, F:\, G:\

PUPs-Erkennung: An
Archiv Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan Beginn:        9/10/2014 9:08:43 PM
C:\Users\Public\Desktop\Game Pack.lnk        gefunden: Trojan.Win32.Hupigon (A)
C:\FRST\Quarantine\C\Users\user\AppData\Local\Temp\Low\obupdat.exe.xBAD        gefunden: Trojan.GenericKD.1851464 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\4c4ac099.qua -> (Quarantine-8)        gefunden: Gen:Variant.Application.Bundler.Amonetize.10 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\54dde2ae.qua -> (Quarantine-8)        gefunden: Gen:Variant.Application.Bundler.Amonetize.10 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\57afd8b2.qua -> (Quarantine-8)        gefunden: Gen:Variant.Symmi.39805 (B)

Gescannt        262855
Gefunden        5

Scan Ende:        9/10/2014 11:46:05 PM
Scan Zeit:        2:37:22


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:04 Uhr.
Seite 3 von 6 12 3 45 Letzte »
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19