Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Bundeskriminalamt Trojaner (https://www.trojaner-board.de/158226-bundeskriminalamt-trojaner.html)

Keyssie 02.09.2014 16:58
Bundeskriminalamt Trojaner
 
Hi

hatte vermutlich den Trojaner auf meinem Rechner. Habe ihn selber nicht zu gesicht bekommen. Mir wurde nur erzählt, dass nach einem falschen Klicke der Bildschirm gesperrt war und gegen Endgelt wieder entsperrt weden sollte. YouToube hat da anscheinend soweit geholfen, dass man wieder arbeiten kann. Ich komme jetzt wieder an den Monitor ran, bin mir allerdings nicht wirklich sicher, ob alles weg ist, da z.B: in der Systemkonfiguration unter Systemstart noch ein EIntrag ist, der zwar deaktiviert ist, aber halt meiner Ansicht nach nicht mehr da sein sollte um sich wohl zu fühlen...

Ich hoffe ihr könnt mir da helfen. Eigentlich habe ich nicht soviel Lust den schon wieder neu zu installieren.

Danke & Gruß
Keyssie

Warlord711 02.09.2014 17:50
Hallo Keyssie

:hallo:

Mein Name ist Timo und ich werde Dir bei deinem Problem behilflich sein.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scans durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist immer der sicherste Weg.

Wir "arbeiten" hier alle freiwillig und in unserer Freizeit *hust*. Daher kann es bei Antworten zu Verzögerungen kommen.
Solltest du innerhalb 48 Std keine Antwort von mir erhalten, dann schreib mit eine PM
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis ich oder jemand vom Team sagt, dass Du clean bist.



Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Keyssie 02.09.2014 18:32
Hallo Timo,

super diese schnelle Reaktion.

Hier meine Resultate FRST.txt:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-08-2014 02
Ran by user (administrator) on USER-PC on 02-09-2014 19:27:45
Running from C:\Users\user\Desktop\Trojanercheck
Platform: Windows 7 Home Premium (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_12_0_0_70_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7711264 2009-08-19] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1541416 2009-07-15] (Synaptics Incorporated)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-14] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [161584 2014-08-04] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-771618654-3341757510-301361698-1000\...\MountPoints2: {7059c972-c02c-11de-a172-806e6f6e6963} - E:\setup\rsrc\Autorun.exe
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
SearchScopes: HKLM - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: PDF Architect 2 -> C:\Program Files\PDF Architect 2\np-previewer.dll (pdfforge GmbH)

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1021520 2014-08-14] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [149296 2014-08-04] (Avira Operations GmbH & Co. KG)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-14] (Microsoft Corporation)
R2 OberonGameConsoleService; C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [44312 2009-08-13] ()
S3 PDF Architect 2; C:\Program Files\PDF Architect 2\ws.exe [1771560 2014-06-26] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files\PDF Architect 2\crash-handler-ws.exe [861736 2014-06-26] (pdfforge GmbH)
S2 Winmgmt; C:\PROGRA~2\7EFE05C.cpp [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [97648 2014-07-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [136216 2014-06-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\windows\System32\DRIVERS\avnetflt.sys [35848 2014-07-24] (Avira Operations GmbH & Co. KG)
R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2013-12-09] (Avira GmbH)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-02 19:27 - 2014-09-02 19:27 - 00000000 ____D () C:\Users\user\Desktop\Trojanercheck
2014-09-02 17:32 - 2014-09-02 19:27 - 00000000 ____D () C:\FRST
2014-09-02 16:15 - 2014-09-02 16:15 - 00000000 ____D () C:\windows\pss
2014-09-02 13:41 - 2014-09-02 13:41 - 00000000 ___HD () C:\windows\PIF
2014-08-26 19:41 - 2014-08-26 19:41 - 00000000 ____D () C:\ProgramData\Arcade Lab
2014-08-23 13:37 - 2014-08-23 13:37 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-15 10:16 - 2014-08-23 13:38 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-15 10:13 - 2014-08-07 03:35 - 00410112 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-08-15 10:13 - 2014-08-07 03:32 - 00303104 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-08-14 18:09 - 2014-08-14 18:09 - 00000000 ____D () C:\Users\user\Documents\PDF Architect 2
2014-08-14 18:09 - 2014-08-14 18:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2
2014-08-14 18:09 - 2014-08-14 18:09 - 00000000 ____D () C:\Program Files\PDF Architect 2
2014-08-14 18:08 - 2014-08-14 18:10 - 00000000 ____D () C:\Program Files\PDFCreator
2014-08-14 18:08 - 2014-08-14 18:08 - 00000000 ____D () C:\Users\user\AppData\Roaming\pdfforge
2014-08-14 18:08 - 2014-08-14 18:08 - 00000000 ____D () C:\ProgramData\PDF Architect 2
2014-08-14 18:08 - 2014-08-14 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-08-14 18:08 - 2014-04-25 17:44 - 00662288 _____ (Microsoft Corporation) C:\windows\system32\MSCOMCT2.OCX
2014-08-14 18:08 - 2014-04-25 17:44 - 00137000 _____ (Microsoft Corporation) C:\windows\system32\MSMAPI32.OCX
2014-08-14 18:08 - 2014-04-25 17:44 - 00095416 _____ (pdfforge GmbH) C:\windows\system32\pdfcmon.dll
2014-08-14 18:08 - 2014-04-25 17:44 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\MSMPIDE.DLL
2014-08-14 18:08 - 1998-07-06 18:56 - 00125712 _____ (Microsoft Corporation) C:\windows\system32\VB6DE.DLL
2014-08-14 18:08 - 1998-07-06 18:55 - 00158208 _____ (Microsoft Corporation) C:\windows\system32\MSCMCDE.DLL
2014-08-14 18:08 - 1998-07-06 18:55 - 00064512 _____ (Microsoft Corporation) C:\windows\system32\MSCC2DE.DLL
2014-08-13 17:06 - 2014-08-13 17:06 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Brother
2014-08-11 19:33 - 2014-08-11 19:33 - 00003922 _____ () C:\Users\user\AppData\Local\recently-used.xbel
2014-08-11 18:57 - 2014-08-11 18:57 - 00000000 ____D () C:\Users\user\Schmitz_2014-08-11.gpkg.media
2014-08-11 18:49 - 2014-08-11 18:52 - 00000000 ____D () C:\Users\user\Documents\Gramps

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-02 19:27 - 2014-09-02 19:27 - 00000000 ____D () C:\Users\user\Desktop\Trojanercheck
2014-09-02 19:27 - 2014-09-02 17:32 - 00000000 ____D () C:\FRST
2014-09-02 18:33 - 2009-07-14 06:39 - 00060399 _____ () C:\windows\setupact.log
2014-09-02 17:16 - 2014-01-14 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Purplehills
2014-09-02 17:15 - 2009-09-22 07:23 - 01637600 _____ () C:\windows\WindowsUpdate.log
2014-09-02 16:43 - 2009-07-14 06:34 - 00020400 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-02 16:43 - 2009-07-14 06:34 - 00020400 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-02 16:36 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-02 16:15 - 2014-09-02 16:15 - 00000000 ____D () C:\windows\pss
2014-09-02 13:41 - 2014-09-02 13:41 - 00000000 ___HD () C:\windows\PIF
2014-09-01 12:36 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\NDF
2014-08-29 19:46 - 2014-01-14 10:56 - 00000000 ____D () C:\Users\user\Documents\2014
2014-08-26 19:41 - 2014-08-26 19:41 - 00000000 ____D () C:\ProgramData\Arcade Lab
2014-08-23 16:14 - 2014-02-04 21:59 - 00000000 ____D () C:\Users\user\Documents\gothic3
2014-08-23 13:38 - 2014-08-15 10:16 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-23 13:37 - 2014-08-23 13:37 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-23 13:37 - 2014-01-05 15:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-23 13:37 - 2014-01-05 15:07 - 00000000 ____D () C:\Program Files\Avira
2014-08-15 11:13 - 2014-06-25 20:55 - 00000000 ____D () C:\windows\system32\MRT
2014-08-15 11:11 - 2014-06-25 20:55 - 96303304 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-08-15 11:10 - 2014-07-09 19:05 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-08-15 10:16 - 2014-01-05 15:07 - 00000000 ____D () C:\ProgramData\Avira
2014-08-14 18:10 - 2014-08-14 18:08 - 00000000 ____D () C:\Program Files\PDFCreator
2014-08-14 18:09 - 2014-08-14 18:09 - 00000000 ____D () C:\Users\user\Documents\PDF Architect 2
2014-08-14 18:09 - 2014-08-14 18:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2
2014-08-14 18:09 - 2014-08-14 18:09 - 00000000 ____D () C:\Program Files\PDF Architect 2
2014-08-14 18:08 - 2014-08-14 18:08 - 00000000 ____D () C:\Users\user\AppData\Roaming\pdfforge
2014-08-14 18:08 - 2014-08-14 18:08 - 00000000 ____D () C:\ProgramData\PDF Architect 2
2014-08-14 18:08 - 2014-08-14 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-08-14 16:40 - 2009-07-26 22:06 - 01759924 _____ () C:\windows\system32\PerfStringBackup.INI
2014-08-13 17:07 - 2014-01-21 09:23 - 00000432 _____ () C:\windows\BRWMARK.INI
2014-08-13 17:06 - 2014-08-13 17:06 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Brother
2014-08-11 22:34 - 2014-06-25 22:15 - 00000000 ____D () C:\Users\user\Desktop\Gramps
2014-08-11 19:33 - 2014-08-11 19:33 - 00003922 _____ () C:\Users\user\AppData\Local\recently-used.xbel
2014-08-11 18:57 - 2014-08-11 18:57 - 00000000 ____D () C:\Users\user\Schmitz_2014-08-11.gpkg.media
2014-08-11 18:52 - 2014-08-11 18:49 - 00000000 ____D () C:\Users\user\Documents\Gramps
2014-08-07 22:00 - 2009-07-14 06:53 - 00032640 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-08-07 03:35 - 2014-08-15 10:13 - 00410112 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-08-07 03:32 - 2014-08-15 10:13 - 00303104 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll

Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\avgnt.exe
C:\Users\user\AppData\Local\Temp\GLB1A2B.EXE


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-28 18:35

==================== End Of Log ============================
--- --- ---


eine Addition.txt wurde nicht erstellt.

Warlord711 02.09.2014 20:33
Ok, dann Haken setzen bei addition.txt dann auf Scan klicken

http://saved.im/mtg0mjy4yjlu/2014-04...ryscantool.png

Keyssie 03.09.2014 08:56
ok. das hätte ich auch selber sehen können.... blind...
hier die addition.txt:
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version:31-08-2014 02
Ran by user at 2014-09-03 09:42:43
Running from C:\Users\user\Desktop\Trojanercheck
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader 9.1 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Alice Greenfingers (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version:  - Oberon Media)
AnyPC Client (HKLM\...\{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}) (Version: 1.0.0.12 - Doctorsoft)
Atheros Client Installation Program (HKLM\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.1.0805 - Atheros)
Avira (HKLM\...\{e67154a7-9cc5-4167-b782-f3982bc6c70d}) (Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
BatteryLifeExtender (HKLM\...\{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}) (Version: 1.0.1 - Samsung)
Business Contact Manager für Outlook 2007 SP1 (HKLM\...\Business Contact Manager) (Version: 3.0.7311.0 - Microsoft Corporation)
Business Contact Manager für Outlook 2007 SP1 (Version: 3.0.7311.0 - Microsoft Corporation) Hidden
cadvilla professional 4 (HKLM\...\{DE09BEAB-5EA2-4C02-9D2E-DEC9B9FA885C}_is1) (Version: 4.0.1.9 - Trixl GmbH)
cadvilla Tutorials (HKLM\...\{0C2A6831-1A0A-4FB9-BC50-48332BDF0CF9}) (Version: 1.1.0.5 - Trixl GmbH)
Call of Duty(R) - World at War(TM) (HKLM\...\InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}) (Version: 1.0 - Activision)
Call of Duty(R) - World at War(TM) (Version: 1.0 - Activision) Hidden
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.2907 - CyberLink Corp.)
CyberLink YouCam (Version: 2.0.2907 - CyberLink Corp.) Hidden
Dairy Dash (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version:  - Oberon Media)
DirectX for Managed Code Update (Summer 2004) (Version: 9.02.2904 - Microsoft) Hidden
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.0 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM\...\{A7581D39-EA20-4883-A480-80C21047052B}) (Version: 4.0.2 - Samsung)
Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 3.0.0.4 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM\...\{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}) (Version: 4.0.0.2 - Samsung)
Elf Bowling Hawaiian Vacation (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115246907}) (Version:  - Oberon Media)
Farm Frenzy 2 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)
Game Pack (HKLM\...\{63eafc52-b963-4297-a7eb-d412944e7065}_is1) (Version: 5.3.0.10 - Oberon Media, Inc.)
Go-Go Gourmet (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}) (Version:  - Oberon Media)
Gothic III (HKLM\...\{02B244A2-7F6A-42E8-A36F-8C385D7A1625}) (Version: 1.00.0000 - JoWooD Productions Software AG)
GrampsAIO (HKLM\...\GrampsAIO 4.0.3) (Version: 4.0.3 - The GRAMPS project)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (HKLM\...\{90A40407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8003.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISER) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.3 (HKLM\...\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}) (Version: 2.0.2313.0 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM\...\{95120000-0122-0407-0000-0000000FF1CE}) (Version: 12.0.6423.1000 - Microsoft Corporation)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Professional Hybrid 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40624.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.2.3042.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (HKLM\...\{1D1D8ADC-BF08-4E61-9393-5FA305B16864}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{5C759B74-34F4-43C6-A5D9-039CB754C5E9}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mount&Blade (HKLM\...\Mount&Blade) (Version:  - )
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 327.02 (Version: 327.02 - NVIDIA Corporation) Hidden
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.14.17 - NVIDIA Corporation) Hidden
PDF Architect 2 (HKLM\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)
PDF Architect 2 View Module (HKLM\...\{C960FF38-431D-429D-AD1F-FBD12A45B7C5}) (Version: 2.0.17.17583 - pdfforge GmbH)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Realtek Ethernet Controller  Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5919 - Realtek Semiconductor Corp.)
Samsung Recovery Solution 4 (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.3 - Samsung)
Samsung Support Center (HKLM\...\{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}) (Version: 1.0.1 - Samsung)
Samsung Update Plus (HKLM\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.4.12 - Synaptics Incorporated)
TeighaX 3.08.01 (Version: 3.08.01 - Open Design Alliance) Hidden
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.3042.00 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Office 2007 (KB934528) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{2B939677-2FFD-48F6-9075-7BF48CB87C80}) (Version:  - )
Update for Office System 2007 Setup (KB929722) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{D8E9BEBD-655F-467D-8176-CA9959C140A3}) (Version:  - )
User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8093.805 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1CCDF7FB-ACBA-4D0A-87CC-1EFE7E679086} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2009-08-01] (SAMSUNG Electronics co., LTD.)
Task: {31C68D58-AC39-4AF3-8080-45603F50948A} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-09-21] (Samsung Electronics. Co. Ltd.)
Task: {66C32559-3BF4-4CDE-8292-CF653355C3C2} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2009-09-07] (SAMSUNG Electronics)
Task: {A6A4519F-ADA4-443A-82CC-276A5E3522DE} - System32\Tasks\advSRS4 => C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2009-08-06] (SEC)
Task: {C7AD6C6B-CB53-402E-BDED-3E55E922E51C} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2009-05-20] ()
Task: {FCC85F9D-CE13-4427-ABDC-98A596891E6A} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2009-08-23] (Samsung Electronics Co., Ltd.)
Task: {FF520546-9FBB-40D0-B9B4-CEE701894095} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2009-09-08] (Samsung Electronics Co., Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (whitelisted) =============

2014-06-25 21:00 - 2013-08-30 01:08 - 00088864 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2009-09-22 07:26 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2009-12-05 20:07 - 2009-08-13 22:58 - 00044312 _____ () C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
2014-08-15 10:16 - 2014-08-04 14:20 - 00052472 _____ () C:\Users\user\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^program.lnk => C:\windows\pss\program.lnk.Startup

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/03/2014 09:37:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SUPBackground.exe, Version: 0.0.0.0, Zeitstempel: 0x4a13c45e
Name des fehlerhaften Moduls: SUPBackground.exe, Version: 0.0.0.0, Zeitstempel: 0x4a13c45e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000ad92
ID des fehlerhaften Prozesses: 0x1d4
Startzeit der fehlerhaften Anwendung: 0xSUPBackground.exe0
Pfad der fehlerhaften Anwendung: SUPBackground.exe1
Pfad des fehlerhaften Moduls: SUPBackground.exe2
Berichtskennung: SUPBackground.exe3

Error: (09/02/2014 04:37:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SUPBackground.exe, Version: 0.0.0.0, Zeitstempel: 0x4a13c45e
Name des fehlerhaften Moduls: SUPBackground.exe, Version: 0.0.0.0, Zeitstempel: 0x4a13c45e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000ad92
ID des fehlerhaften Prozesses: 0x7f8
Startzeit der fehlerhaften Anwendung: 0xSUPBackground.exe0
Pfad der fehlerhaften Anwendung: SUPBackground.exe1
Pfad des fehlerhaften Moduls: SUPBackground.exe2
Berichtskennung: SUPBackground.exe3

Error: (09/02/2014 01:31:27 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/02/2014 00:29:07 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/02/2014 00:25:46 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/01/2014 11:44:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SUPBackground.exe, Version: 0.0.0.0, Zeitstempel: 0x4a13c45e
Name des fehlerhaften Moduls: SUPBackground.exe, Version: 0.0.0.0, Zeitstempel: 0x4a13c45e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000ad92
ID des fehlerhaften Prozesses: 0x23c
Startzeit der fehlerhaften Anwendung: 0xSUPBackground.exe0
Pfad der fehlerhaften Anwendung: SUPBackground.exe1
Pfad des fehlerhaften Moduls: SUPBackground.exe2
Berichtskennung: SUPBackground.exe3

Error: (09/01/2014 11:38:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SUPBackground.exe, Version: 0.0.0.0, Zeitstempel: 0x4a13c45e
Name des fehlerhaften Moduls: SUPBackground.exe, Version: 0.0.0.0, Zeitstempel: 0x4a13c45e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000ad92
ID des fehlerhaften Prozesses: 0x110
Startzeit der fehlerhaften Anwendung: 0xSUPBackground.exe0
Pfad der fehlerhaften Anwendung: SUPBackground.exe1
Pfad des fehlerhaften Moduls: SUPBackground.exe2
Berichtskennung: SUPBackground.exe3

Error: (09/01/2014 11:32:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SUPBackground.exe, Version: 0.0.0.0, Zeitstempel: 0x4a13c45e
Name des fehlerhaften Moduls: SUPBackground.exe, Version: 0.0.0.0, Zeitstempel: 0x4a13c45e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000ad92
ID des fehlerhaften Prozesses: 0x70
Startzeit der fehlerhaften Anwendung: 0xSUPBackground.exe0
Pfad der fehlerhaften Anwendung: SUPBackground.exe1
Pfad des fehlerhaften Moduls: SUPBackground.exe2
Berichtskennung: SUPBackground.exe3

Error: (09/01/2014 11:22:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SUPBackground.exe, Version: 0.0.0.0, Zeitstempel: 0x4a13c45e
Name des fehlerhaften Moduls: SUPBackground.exe, Version: 0.0.0.0, Zeitstempel: 0x4a13c45e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000ad92
ID des fehlerhaften Prozesses: 0x52c
Startzeit der fehlerhaften Anwendung: 0xSUPBackground.exe0
Pfad der fehlerhaften Anwendung: SUPBackground.exe1
Pfad des fehlerhaften Moduls: SUPBackground.exe2
Berichtskennung: SUPBackground.exe3

Error: (09/01/2014 11:16:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm rundll32.exe, Version 6.1.7600.16385 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2700

Startzeit: 01cfc629b5c9bf24

Endzeit: 16

Anwendungspfad: C:\windows\system32\rundll32.exe

Berichts-ID: 49cba0b2-321d-11e4-bdd0-0024542207f4


System errors:
=============
Error: (09/03/2014 09:47:40 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126

Error: (09/03/2014 09:47:10 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126

Error: (09/03/2014 09:46:40 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126

Error: (09/03/2014 09:46:10 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126

Error: (09/03/2014 09:45:40 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126

Error: (09/03/2014 09:45:10 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126

Error: (09/03/2014 09:44:40 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126

Error: (09/03/2014 09:44:10 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126

Error: (09/03/2014 09:43:40 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126

Error: (09/03/2014 09:43:10 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz
Percentage of memory in use: 29%
Total physical RAM: 3036.61 MB
Available physical RAM: 2140.09 MB
Total Pagefile: 6069.45 MB
Available Pagefile: 4968.91 MB
Total Virtual: 2047.88 MB
Available Virtual: 1916.28 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:225.33 GB) (Free:179.74 GB) NTFS
Drive d: () (Fixed) (Total:225.33 GB) (Free:207.09 GB) NTFS
Drive e: (CODWAW) (CDROM) (Total:6.82 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 031AA195)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=225.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=225.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Warlord711 03.09.2014 09:13
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
S2 Winmgmt; C:\PROGRA~2\7EFE05C.cpp [X]

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.



Und bitte neue FRST Logs+Addition. Haken setzen bei addition.txt dann auf Scan klicken

http://saved.im/mtg0mjy4yjlu/2014-04...ryscantool.png

Keyssie 03.09.2014 09:47
Hi,

Fix gestartet, dann wurde der Rechner automatisch neu gestartet.
Hier die Datei Fixlog.txt

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:31-08-2014 02
Ran by user at 2014-09-03 10:32:47 Run:1
Running from C:\Users\user\Desktop\Trojanercheck
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
S2 Winmgmt; C:\PROGRA~2\7EFE05C.cpp [X]
*****************

Winmgmt => Service restored successfully.


The system needed a reboot.

==== End of Fixlog ====

Rest folgt gleich

ok.

den AdwCLeaner konnte ich nicht starten. Es kam die Meldung, dass die Version veraltet ist und ich auf der folgenden offiziellen Seite eine neuere herunterladen soll:

hxxp://general-changelog-team.fr/fr/downloads/viewdownload/20-outils-de-xplode/2-adwcleaner

Die wurde aber nicht angezeigt "Die Webseite kann nicht angezeigt werden".

War mir nicht sicher, ob ich die Sachen der Reihe nach abarbeiten soll, deswegen habe ich den Junware Remover gar nicht erst versucht und Malwarebytes...

Der Scan hat aber folgendes ergeben.. der schadet ja nicht, wenn er zwischendurch nochmal erfolgt...


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-08-2014 02
Ran by user (administrator) on USER-PC on 03-09-2014 10:40:34
Running from C:\Users\user\Desktop\Trojanercheck
Platform: Microsoft Windows 7 Home Premium  (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
() C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_12_0_0_70_ActiveX.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Program Files\Samsung\Samsung Update Plus\SUPNotifier.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7711264 2009-08-19] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1541416 2009-07-15] (Synaptics Incorporated)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-14] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [161584 2014-08-04] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-771618654-3341757510-301361698-1000\...\MountPoints2: {7059c972-c02c-11de-a172-806e6f6e6963} - E:\setup\rsrc\Autorun.exe
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
SearchScopes: HKLM - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: PDF Architect 2 -> C:\Program Files\PDF Architect 2\np-previewer.dll (pdfforge GmbH)

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1021520 2014-08-14] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [149296 2014-08-04] (Avira Operations GmbH & Co. KG)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-14] (Microsoft Corporation)
R2 OberonGameConsoleService; C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [44312 2009-08-13] ()
S3 PDF Architect 2; C:\Program Files\PDF Architect 2\ws.exe [1771560 2014-06-26] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files\PDF Architect 2\crash-handler-ws.exe [861736 2014-06-26] (pdfforge GmbH)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [97648 2014-07-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [136216 2014-06-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\windows\System32\DRIVERS\avnetflt.sys [35848 2014-07-24] (Avira Operations GmbH & Co. KG)
R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2013-12-09] (Avira GmbH)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-02 19:27 - 2014-09-03 10:40 - 00000000 ____D () C:\Users\user\Desktop\Trojanercheck
2014-09-02 17:32 - 2014-09-03 10:40 - 00000000 ____D () C:\FRST
2014-09-02 16:15 - 2014-09-02 16:15 - 00000000 ____D () C:\windows\pss
2014-09-02 13:41 - 2014-09-02 13:41 - 00000000 ___HD () C:\windows\PIF
2014-08-26 19:41 - 2014-08-26 19:41 - 00000000 ____D () C:\ProgramData\Arcade Lab
2014-08-23 13:37 - 2014-08-23 13:37 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-15 10:16 - 2014-08-23 13:38 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-15 10:13 - 2014-08-07 03:35 - 00410112 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-08-15 10:13 - 2014-08-07 03:32 - 00303104 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-08-14 18:09 - 2014-08-14 18:09 - 00000000 ____D () C:\Users\user\Documents\PDF Architect 2
2014-08-14 18:09 - 2014-08-14 18:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2
2014-08-14 18:09 - 2014-08-14 18:09 - 00000000 ____D () C:\Program Files\PDF Architect 2
2014-08-14 18:08 - 2014-08-14 18:10 - 00000000 ____D () C:\Program Files\PDFCreator
2014-08-14 18:08 - 2014-08-14 18:08 - 00000000 ____D () C:\Users\user\AppData\Roaming\pdfforge
2014-08-14 18:08 - 2014-08-14 18:08 - 00000000 ____D () C:\ProgramData\PDF Architect 2
2014-08-14 18:08 - 2014-08-14 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-08-14 18:08 - 2014-04-25 17:44 - 00662288 _____ (Microsoft Corporation) C:\windows\system32\MSCOMCT2.OCX
2014-08-14 18:08 - 2014-04-25 17:44 - 00137000 _____ (Microsoft Corporation) C:\windows\system32\MSMAPI32.OCX
2014-08-14 18:08 - 2014-04-25 17:44 - 00095416 _____ (pdfforge GmbH) C:\windows\system32\pdfcmon.dll
2014-08-14 18:08 - 2014-04-25 17:44 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\MSMPIDE.DLL
2014-08-14 18:08 - 1998-07-06 18:56 - 00125712 _____ (Microsoft Corporation) C:\windows\system32\VB6DE.DLL
2014-08-14 18:08 - 1998-07-06 18:55 - 00158208 _____ (Microsoft Corporation) C:\windows\system32\MSCMCDE.DLL
2014-08-14 18:08 - 1998-07-06 18:55 - 00064512 _____ (Microsoft Corporation) C:\windows\system32\MSCC2DE.DLL
2014-08-13 17:06 - 2014-08-13 17:06 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Brother
2014-08-11 19:33 - 2014-08-11 19:33 - 00003922 _____ () C:\Users\user\AppData\Local\recently-used.xbel
2014-08-11 18:57 - 2014-08-11 18:57 - 00000000 ____D () C:\Users\user\Schmitz_2014-08-11.gpkg.media
2014-08-11 18:49 - 2014-08-11 18:52 - 00000000 ____D () C:\Users\user\Documents\Gramps

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-03 10:40 - 2014-09-02 19:27 - 00000000 ____D () C:\Users\user\Desktop\Trojanercheck
2014-09-03 10:40 - 2014-09-02 17:32 - 00000000 ____D () C:\FRST
2014-09-03 10:37 - 2009-09-22 07:23 - 01653444 _____ () C:\windows\WindowsUpdate.log
2014-09-03 10:34 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-03 10:34 - 2009-07-14 06:39 - 00060567 _____ () C:\windows\setupact.log
2014-09-03 10:33 - 2009-07-14 06:34 - 00020400 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-03 10:33 - 2009-07-14 06:34 - 00020400 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-02 17:16 - 2014-01-14 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Purplehills
2014-09-02 16:15 - 2014-09-02 16:15 - 00000000 ____D () C:\windows\pss
2014-09-02 13:41 - 2014-09-02 13:41 - 00000000 ___HD () C:\windows\PIF
2014-09-01 12:36 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\NDF
2014-08-29 19:46 - 2014-01-14 10:56 - 00000000 ____D () C:\Users\user\Documents\2014
2014-08-26 19:41 - 2014-08-26 19:41 - 00000000 ____D () C:\ProgramData\Arcade Lab
2014-08-23 16:14 - 2014-02-04 21:59 - 00000000 ____D () C:\Users\user\Documents\gothic3
2014-08-23 13:38 - 2014-08-15 10:16 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-23 13:37 - 2014-08-23 13:37 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-23 13:37 - 2014-01-05 15:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-23 13:37 - 2014-01-05 15:07 - 00000000 ____D () C:\Program Files\Avira
2014-08-15 11:13 - 2014-06-25 20:55 - 00000000 ____D () C:\windows\system32\MRT
2014-08-15 11:11 - 2014-06-25 20:55 - 96303304 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-08-15 11:10 - 2014-07-09 19:05 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-08-15 10:16 - 2014-01-05 15:07 - 00000000 ____D () C:\ProgramData\Avira
2014-08-14 18:10 - 2014-08-14 18:08 - 00000000 ____D () C:\Program Files\PDFCreator
2014-08-14 18:09 - 2014-08-14 18:09 - 00000000 ____D () C:\Users\user\Documents\PDF Architect 2
2014-08-14 18:09 - 2014-08-14 18:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2
2014-08-14 18:09 - 2014-08-14 18:09 - 00000000 ____D () C:\Program Files\PDF Architect 2
2014-08-14 18:08 - 2014-08-14 18:08 - 00000000 ____D () C:\Users\user\AppData\Roaming\pdfforge
2014-08-14 18:08 - 2014-08-14 18:08 - 00000000 ____D () C:\ProgramData\PDF Architect 2
2014-08-14 18:08 - 2014-08-14 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-08-14 16:40 - 2009-07-26 22:06 - 01759924 _____ () C:\windows\system32\PerfStringBackup.INI
2014-08-13 17:07 - 2014-01-21 09:23 - 00000432 _____ () C:\windows\BRWMARK.INI
2014-08-13 17:06 - 2014-08-13 17:06 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Brother
2014-08-11 22:34 - 2014-06-25 22:15 - 00000000 ____D () C:\Users\user\Desktop\Gramps
2014-08-11 19:33 - 2014-08-11 19:33 - 00003922 _____ () C:\Users\user\AppData\Local\recently-used.xbel
2014-08-11 18:57 - 2014-08-11 18:57 - 00000000 ____D () C:\Users\user\Schmitz_2014-08-11.gpkg.media
2014-08-11 18:52 - 2014-08-11 18:49 - 00000000 ____D () C:\Users\user\Documents\Gramps
2014-08-07 22:00 - 2009-07-14 06:53 - 00032640 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-08-07 03:35 - 2014-08-15 10:13 - 00410112 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-08-07 03:32 - 2014-08-15 10:13 - 00303104 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll

Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\avgnt.exe
C:\Users\user\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-28 18:35

==================== End Of Log ============================
--- --- ---

--- --- ---


Addition.txt:

Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version:31-08-2014 02
Ran by user at 2014-09-03 10:41:14
Running from C:\Users\user\Desktop\Trojanercheck
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader 9.1 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Alice Greenfingers (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version:  - Oberon Media)
AnyPC Client (HKLM\...\{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}) (Version: 1.0.0.12 - Doctorsoft)
Atheros Client Installation Program (HKLM\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.1.0805 - Atheros)
Avira (HKLM\...\{e67154a7-9cc5-4167-b782-f3982bc6c70d}) (Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
BatteryLifeExtender (HKLM\...\{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}) (Version: 1.0.1 - Samsung)
Business Contact Manager für Outlook 2007 SP1 (HKLM\...\Business Contact Manager) (Version: 3.0.7311.0 - Microsoft Corporation)
Business Contact Manager für Outlook 2007 SP1 (Version: 3.0.7311.0 - Microsoft Corporation) Hidden
cadvilla professional 4 (HKLM\...\{DE09BEAB-5EA2-4C02-9D2E-DEC9B9FA885C}_is1) (Version: 4.0.1.9 - Trixl GmbH)
cadvilla Tutorials (HKLM\...\{0C2A6831-1A0A-4FB9-BC50-48332BDF0CF9}) (Version: 1.1.0.5 - Trixl GmbH)
Call of Duty(R) - World at War(TM) (HKLM\...\InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}) (Version: 1.0 - Activision)
Call of Duty(R) - World at War(TM) (Version: 1.0 - Activision) Hidden
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.2907 - CyberLink Corp.)
CyberLink YouCam (Version: 2.0.2907 - CyberLink Corp.) Hidden
Dairy Dash (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version:  - Oberon Media)
DirectX for Managed Code Update (Summer 2004) (Version: 9.02.2904 - Microsoft) Hidden
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.0 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM\...\{A7581D39-EA20-4883-A480-80C21047052B}) (Version: 4.0.2 - Samsung)
Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 3.0.0.4 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM\...\{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}) (Version: 4.0.0.2 - Samsung)
Elf Bowling Hawaiian Vacation (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115246907}) (Version:  - Oberon Media)
Farm Frenzy 2 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)
Game Pack (HKLM\...\{63eafc52-b963-4297-a7eb-d412944e7065}_is1) (Version: 5.3.0.10 - Oberon Media, Inc.)
Go-Go Gourmet (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}) (Version:  - Oberon Media)
Gothic III (HKLM\...\{02B244A2-7F6A-42E8-A36F-8C385D7A1625}) (Version: 1.00.0000 - JoWooD Productions Software AG)
GrampsAIO (HKLM\...\GrampsAIO 4.0.3) (Version: 4.0.3 - The GRAMPS project)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (HKLM\...\{90A40407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8003.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISER) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.3 (HKLM\...\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}) (Version: 2.0.2313.0 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM\...\{95120000-0122-0407-0000-0000000FF1CE}) (Version: 12.0.6423.1000 - Microsoft Corporation)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Professional Hybrid 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40624.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.2.3042.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (HKLM\...\{1D1D8ADC-BF08-4E61-9393-5FA305B16864}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{5C759B74-34F4-43C6-A5D9-039CB754C5E9}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mount&Blade (HKLM\...\Mount&Blade) (Version:  - )
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 327.02 (Version: 327.02 - NVIDIA Corporation) Hidden
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.14.17 - NVIDIA Corporation) Hidden
PDF Architect 2 (HKLM\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)
PDF Architect 2 View Module (HKLM\...\{C960FF38-431D-429D-AD1F-FBD12A45B7C5}) (Version: 2.0.17.17583 - pdfforge GmbH)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Realtek Ethernet Controller  Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5919 - Realtek Semiconductor Corp.)
Samsung Recovery Solution 4 (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.3 - Samsung)
Samsung Support Center (HKLM\...\{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}) (Version: 1.0.1 - Samsung)
Samsung Update Plus (HKLM\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.4.12 - Synaptics Incorporated)
TeighaX 3.08.01 (Version: 3.08.01 - Open Design Alliance) Hidden
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.3042.00 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Office 2007 (KB934528) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{2B939677-2FFD-48F6-9075-7BF48CB87C80}) (Version:  - )
Update for Office System 2007 Setup (KB929722) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{D8E9BEBD-655F-467D-8176-CA9959C140A3}) (Version:  - )
User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8093.805 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

09-07-2014 17:00:17 Windows Update
20-07-2014 07:34:08 Geplanter Prüfpunkt
29-07-2014 11:45:23 Geplanter Prüfpunkt
09-08-2014 07:07:22 Geplanter Prüfpunkt
14-08-2014 16:08:57 Installed PDF Architect 2 View Module
15-08-2014 09:10:34 Windows Update
23-08-2014 14:09:02 Geplanter Prüfpunkt
30-08-2014 20:38:35 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1CCDF7FB-ACBA-4D0A-87CC-1EFE7E679086} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2009-08-01] (SAMSUNG Electronics co., LTD.)
Task: {31C68D58-AC39-4AF3-8080-45603F50948A} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-09-21] (Samsung Electronics. Co. Ltd.)
Task: {66C32559-3BF4-4CDE-8292-CF653355C3C2} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2009-09-07] (SAMSUNG Electronics)
Task: {A6A4519F-ADA4-443A-82CC-276A5E3522DE} - System32\Tasks\advSRS4 => C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2009-08-06] (SEC)
Task: {C7AD6C6B-CB53-402E-BDED-3E55E922E51C} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2009-05-20] ()
Task: {FCC85F9D-CE13-4427-ABDC-98A596891E6A} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2009-08-23] (Samsung Electronics Co., Ltd.)
Task: {FF520546-9FBB-40D0-B9B4-CEE701894095} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2009-09-08] (Samsung Electronics Co., Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (whitelisted) =============

2014-06-25 21:00 - 2013-08-30 01:08 - 00088864 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2009-09-22 07:26 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2014-08-15 10:16 - 2014-08-04 14:20 - 00052472 _____ () C:\Users\user\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2009-12-05 20:07 - 2009-08-13 22:58 - 00044312 _____ () C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
2014-08-04 14:20 - 2014-08-04 14:20 - 00139056 _____ () C:\Program Files\Avira\My Avira\Avira.OE.NativeCore.dll
2014-08-04 14:20 - 2014-08-04 14:20 - 00067832 _____ () C:\Program Files\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2009-09-22 07:24 - 2009-05-20 10:58 - 00650920 _____ () C:\Program Files\Samsung\Samsung Update Plus\SUPNotifier.exe
2009-09-22 07:24 - 2009-05-13 10:51 - 00155648 _____ () C:\Program Files\Samsung\Samsung Update Plus\HMXML.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^program.lnk => C:\windows\pss\program.lnk.Startup

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/03/2014 10:30:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SUPBackground.exe, Version: 0.0.0.0, Zeitstempel: 0x4a13c45e
Name des fehlerhaften Moduls: SUPBackground.exe, Version: 0.0.0.0, Zeitstempel: 0x4a13c45e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000ad92
ID des fehlerhaften Prozesses: 0x1ec
Startzeit der fehlerhaften Anwendung: 0xSUPBackground.exe0
Pfad der fehlerhaften Anwendung: SUPBackground.exe1
Pfad des fehlerhaften Moduls: SUPBackground.exe2
Berichtskennung: SUPBackground.exe3

Error: (09/03/2014 09:37:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SUPBackground.exe, Version: 0.0.0.0, Zeitstempel: 0x4a13c45e
Name des fehlerhaften Moduls: SUPBackground.exe, Version: 0.0.0.0, Zeitstempel: 0x4a13c45e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000ad92
ID des fehlerhaften Prozesses: 0x1d4
Startzeit der fehlerhaften Anwendung: 0xSUPBackground.exe0
Pfad der fehlerhaften Anwendung: SUPBackground.exe1
Pfad des fehlerhaften Moduls: SUPBackground.exe2
Berichtskennung: SUPBackground.exe3

Error: (09/02/2014 04:37:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SUPBackground.exe, Version: 0.0.0.0, Zeitstempel: 0x4a13c45e
Name des fehlerhaften Moduls: SUPBackground.exe, Version: 0.0.0.0, Zeitstempel: 0x4a13c45e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000ad92
ID des fehlerhaften Prozesses: 0x7f8
Startzeit der fehlerhaften Anwendung: 0xSUPBackground.exe0
Pfad der fehlerhaften Anwendung: SUPBackground.exe1
Pfad des fehlerhaften Moduls: SUPBackground.exe2
Berichtskennung: SUPBackground.exe3

Error: (09/02/2014 01:31:27 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/02/2014 00:29:07 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/02/2014 00:25:46 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/01/2014 11:44:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SUPBackground.exe, Version: 0.0.0.0, Zeitstempel: 0x4a13c45e
Name des fehlerhaften Moduls: SUPBackground.exe, Version: 0.0.0.0, Zeitstempel: 0x4a13c45e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000ad92
ID des fehlerhaften Prozesses: 0x23c
Startzeit der fehlerhaften Anwendung: 0xSUPBackground.exe0
Pfad der fehlerhaften Anwendung: SUPBackground.exe1
Pfad des fehlerhaften Moduls: SUPBackground.exe2
Berichtskennung: SUPBackground.exe3

Error: (09/01/2014 11:38:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SUPBackground.exe, Version: 0.0.0.0, Zeitstempel: 0x4a13c45e
Name des fehlerhaften Moduls: SUPBackground.exe, Version: 0.0.0.0, Zeitstempel: 0x4a13c45e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000ad92
ID des fehlerhaften Prozesses: 0x110
Startzeit der fehlerhaften Anwendung: 0xSUPBackground.exe0
Pfad der fehlerhaften Anwendung: SUPBackground.exe1
Pfad des fehlerhaften Moduls: SUPBackground.exe2
Berichtskennung: SUPBackground.exe3

Error: (09/01/2014 11:32:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SUPBackground.exe, Version: 0.0.0.0, Zeitstempel: 0x4a13c45e
Name des fehlerhaften Moduls: SUPBackground.exe, Version: 0.0.0.0, Zeitstempel: 0x4a13c45e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000ad92
ID des fehlerhaften Prozesses: 0x70
Startzeit der fehlerhaften Anwendung: 0xSUPBackground.exe0
Pfad der fehlerhaften Anwendung: SUPBackground.exe1
Pfad des fehlerhaften Moduls: SUPBackground.exe2
Berichtskennung: SUPBackground.exe3

Error: (09/01/2014 11:22:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SUPBackground.exe, Version: 0.0.0.0, Zeitstempel: 0x4a13c45e
Name des fehlerhaften Moduls: SUPBackground.exe, Version: 0.0.0.0, Zeitstempel: 0x4a13c45e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000ad92
ID des fehlerhaften Prozesses: 0x52c
Startzeit der fehlerhaften Anwendung: 0xSUPBackground.exe0
Pfad der fehlerhaften Anwendung: SUPBackground.exe1
Pfad des fehlerhaften Moduls: SUPBackground.exe2
Berichtskennung: SUPBackground.exe3


System errors:
=============
Error: (09/03/2014 10:33:26 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.

Error: (09/03/2014 10:33:02 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126

Error: (09/03/2014 10:32:32 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126

Error: (09/03/2014 10:32:02 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126

Error: (09/03/2014 10:31:34 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Sicherheitscenter" ist vom Dienst "Windows-Verwaltungsinstrumentation" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%126

Error: (09/03/2014 10:31:34 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126

Error: (09/03/2014 10:31:32 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126

Error: (09/03/2014 10:31:01 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126

Error: (09/03/2014 10:31:01 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (09/03/2014 10:30:31 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz
Percentage of memory in use: 30%
Total physical RAM: 3036.61 MB
Available physical RAM: 2116.11 MB
Total Pagefile: 6069.45 MB
Available Pagefile: 5001.69 MB
Total Virtual: 2047.88 MB
Available Virtual: 1902.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:225.33 GB) (Free:179.72 GB) NTFS
Drive d: () (Fixed) (Total:225.33 GB) (Free:207.09 GB) NTFS
Drive e: (CODWAW) (CDROM) (Total:6.82 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 031AA195)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=225.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=225.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Warlord711 03.09.2014 10:00
Die Schritte bitte der Reihe nach ausführen.

Lad AdwCleaner hier runter: https://toolslib.net/downloads/finish/1/

DANN JRT

DANN Malwarebytes

und erst DANACH neues FRST+Addition Log.

Keyssie 03.09.2014 10:07
Öffnet sich ebenfalls nur mit einer "Die Webseite kann nicht angezeigt werden" Seite... --> Diagnose von Verbindungsproblemen" So als wäre ich gar nicht im Internet... Aber dann könnte ich hier ja auch nicht schreiben.

Warlord711 03.09.2014 10:21
Wie schauts mit AdwCleaner Download aus ?

Keyssie 03.09.2014 11:16
ok. der hat geklappt:

ADWCleaner:
Code:
# AdwCleaner v3.309 - Bericht erstellt am 03/09/2014 um 11:39:36
# Aktualisiert 02/09/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium  (32 bits)
# Benutzername : user - USER-PC
# Gestartet von : C:\Users\user\Desktop\Trojanercheck\AdwCleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\users\user\AppData\Roaming\pdfforge

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16526


*************************

AdwCleaner[R0].txt - [1050 octets] - [03/09/2014 11:26:00]
AdwCleaner[S0].txt - [973 octets] - [03/09/2014 11:39:36]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1032 octets] ##########
next one JRT:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x86
Ran by user on 03.09.2014 at 11:44:01,16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.09.2014 at 11:46:31,15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
und der letzte:


Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 03.09.2014
Suchlauf-Zeit: 11:52:07
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.09.03.02
Rootkit Datenbank: v2014.08.21.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7
CPU: x86
Dateisystem: NTFS
Benutzer: user

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 305652
Verstrichene Zeit: 9 Min, 46 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 2
Trojan.Ransom.ED, C:\Users\user\AppData\Local\Temp\Low\AAQT.dll, In Quarantäne, [67d713d6e2991125928ddfc5cb368080],
Trojan.Ransom.VEGen, C:\Users\user\AppData\Local\Temp\Low\yDwH.dll, In Quarantäne, [3d01e00994e783b308bdc6dc5ba68878],

Physische Sektoren: 0
(No malicious items detected)


(end)
FRST.txt:


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-08-2014 02
Ran by user (administrator) on USER-PC on 03-09-2014 12:11:16
Running from C:\Users\user\Desktop\Trojanercheck
Platform: Microsoft Windows 7 Home Premium  (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_12_0_0_70_ActiveX.exe
() C:\Program Files\Samsung\Samsung Update Plus\SUPNotifier.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7711264 2009-08-19] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1541416 2009-07-15] (Synaptics Incorporated)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-14] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [161584 2014-08-04] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-771618654-3341757510-301361698-1000\...\MountPoints2: {7059c972-c02c-11de-a172-806e6f6e6963} - E:\setup\rsrc\Autorun.exe
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: PDF Architect 2 -> C:\Program Files\PDF Architect 2\np-previewer.dll (pdfforge GmbH)

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1021520 2014-08-14] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [149296 2014-08-04] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-14] (Microsoft Corporation)
R2 OberonGameConsoleService; C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [44312 2009-08-13] ()
S3 PDF Architect 2; C:\Program Files\PDF Architect 2\ws.exe [1771560 2014-06-26] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files\PDF Architect 2\crash-handler-ws.exe [861736 2014-06-26] (pdfforge GmbH)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [97648 2014-07-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [136216 2014-06-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\windows\System32\DRIVERS\avnetflt.sys [35848 2014-07-24] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2013-12-09] (Avira GmbH)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-03 11:49 - 2014-09-03 12:07 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-03 11:49 - 2014-09-03 11:49 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-03 11:49 - 2014-09-03 11:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-03 11:49 - 2014-09-03 11:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-03 11:49 - 2014-09-03 11:49 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-03 11:49 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-09-03 11:49 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-09-03 11:49 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-09-03 11:46 - 2014-09-03 11:46 - 00000624 _____ () C:\Users\user\Desktop\JRT.txt
2014-09-03 11:43 - 2014-09-03 11:43 - 00000000 ____D () C:\windows\ERUNT
2014-09-03 11:25 - 2014-09-03 11:39 - 00000000 ____D () C:\AdwCleaner
2014-09-02 19:27 - 2014-09-03 12:11 - 00000000 ____D () C:\Users\user\Desktop\Trojanercheck
2014-09-02 17:32 - 2014-09-03 12:11 - 00000000 ____D () C:\FRST
2014-09-02 16:15 - 2014-09-02 16:15 - 00000000 ____D () C:\windows\pss
2014-09-02 13:41 - 2014-09-02 13:41 - 00000000 ___HD () C:\windows\PIF
2014-08-26 19:41 - 2014-08-26 19:41 - 00000000 ____D () C:\ProgramData\Arcade Lab
2014-08-23 13:37 - 2014-08-23 13:37 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-15 10:16 - 2014-08-23 13:38 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-15 10:13 - 2014-08-07 03:35 - 00410112 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-08-15 10:13 - 2014-08-07 03:32 - 00303104 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-08-14 18:09 - 2014-08-14 18:09 - 00000000 ____D () C:\Users\user\Documents\PDF Architect 2
2014-08-14 18:09 - 2014-08-14 18:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2
2014-08-14 18:09 - 2014-08-14 18:09 - 00000000 ____D () C:\Program Files\PDF Architect 2
2014-08-14 18:08 - 2014-08-14 18:10 - 00000000 ____D () C:\Program Files\PDFCreator
2014-08-14 18:08 - 2014-08-14 18:08 - 00000000 ____D () C:\ProgramData\PDF Architect 2
2014-08-14 18:08 - 2014-08-14 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-08-14 18:08 - 2014-04-25 17:44 - 00662288 _____ (Microsoft Corporation) C:\windows\system32\MSCOMCT2.OCX
2014-08-14 18:08 - 2014-04-25 17:44 - 00137000 _____ (Microsoft Corporation) C:\windows\system32\MSMAPI32.OCX
2014-08-14 18:08 - 2014-04-25 17:44 - 00095416 _____ (pdfforge GmbH) C:\windows\system32\pdfcmon.dll
2014-08-14 18:08 - 2014-04-25 17:44 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\MSMPIDE.DLL
2014-08-14 18:08 - 1998-07-06 18:56 - 00125712 _____ (Microsoft Corporation) C:\windows\system32\VB6DE.DLL
2014-08-14 18:08 - 1998-07-06 18:55 - 00158208 _____ (Microsoft Corporation) C:\windows\system32\MSCMCDE.DLL
2014-08-14 18:08 - 1998-07-06 18:55 - 00064512 _____ (Microsoft Corporation) C:\windows\system32\MSCC2DE.DLL
2014-08-13 17:06 - 2014-08-13 17:06 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Brother
2014-08-11 19:33 - 2014-08-11 19:33 - 00003922 _____ () C:\Users\user\AppData\Local\recently-used.xbel
2014-08-11 18:57 - 2014-08-11 18:57 - 00000000 ____D () C:\Users\user\Schmitz_2014-08-11.gpkg.media
2014-08-11 18:49 - 2014-08-11 18:52 - 00000000 ____D () C:\Users\user\Documents\Gramps

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-03 12:11 - 2014-09-02 19:27 - 00000000 ____D () C:\Users\user\Desktop\Trojanercheck
2014-09-03 12:11 - 2014-09-02 17:32 - 00000000 ____D () C:\FRST
2014-09-03 12:10 - 2009-09-22 07:23 - 01670806 _____ () C:\windows\WindowsUpdate.log
2014-09-03 12:07 - 2014-09-03 11:49 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-03 12:05 - 2009-09-22 07:48 - 00739362 _____ () C:\windows\PFRO.log
2014-09-03 12:05 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-03 12:05 - 2009-07-14 06:52 - 00000000 ____D () C:\windows\twain_32
2014-09-03 12:05 - 2009-07-14 06:39 - 00060735 _____ () C:\windows\setupact.log
2014-09-03 11:49 - 2014-09-03 11:49 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-03 11:49 - 2014-09-03 11:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-03 11:49 - 2014-09-03 11:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-03 11:49 - 2014-09-03 11:49 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-03 11:48 - 2009-07-14 06:34 - 00020400 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-03 11:48 - 2009-07-14 06:34 - 00020400 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-03 11:46 - 2014-09-03 11:46 - 00000624 _____ () C:\Users\user\Desktop\JRT.txt
2014-09-03 11:43 - 2014-09-03 11:43 - 00000000 ____D () C:\windows\ERUNT
2014-09-03 11:39 - 2014-09-03 11:25 - 00000000 ____D () C:\AdwCleaner
2014-09-02 17:16 - 2014-01-14 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Purplehills
2014-09-02 16:15 - 2014-09-02 16:15 - 00000000 ____D () C:\windows\pss
2014-09-02 13:41 - 2014-09-02 13:41 - 00000000 ___HD () C:\windows\PIF
2014-09-01 12:36 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\NDF
2014-08-29 19:46 - 2014-01-14 10:56 - 00000000 ____D () C:\Users\user\Documents\2014
2014-08-26 19:41 - 2014-08-26 19:41 - 00000000 ____D () C:\ProgramData\Arcade Lab
2014-08-23 16:14 - 2014-02-04 21:59 - 00000000 ____D () C:\Users\user\Documents\gothic3
2014-08-23 13:38 - 2014-08-15 10:16 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-23 13:37 - 2014-08-23 13:37 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-23 13:37 - 2014-01-05 15:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-23 13:37 - 2014-01-05 15:07 - 00000000 ____D () C:\Program Files\Avira
2014-08-15 11:13 - 2014-06-25 20:55 - 00000000 ____D () C:\windows\system32\MRT
2014-08-15 11:11 - 2014-06-25 20:55 - 96303304 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-08-15 11:10 - 2014-07-09 19:05 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-08-15 10:16 - 2014-01-05 15:07 - 00000000 ____D () C:\ProgramData\Avira
2014-08-14 18:10 - 2014-08-14 18:08 - 00000000 ____D () C:\Program Files\PDFCreator
2014-08-14 18:09 - 2014-08-14 18:09 - 00000000 ____D () C:\Users\user\Documents\PDF Architect 2
2014-08-14 18:09 - 2014-08-14 18:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2
2014-08-14 18:09 - 2014-08-14 18:09 - 00000000 ____D () C:\Program Files\PDF Architect 2
2014-08-14 18:08 - 2014-08-14 18:08 - 00000000 ____D () C:\ProgramData\PDF Architect 2
2014-08-14 18:08 - 2014-08-14 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-08-14 16:40 - 2009-07-26 22:06 - 01759924 _____ () C:\windows\system32\PerfStringBackup.INI
2014-08-13 17:07 - 2014-01-21 09:23 - 00000432 _____ () C:\windows\BRWMARK.INI
2014-08-13 17:06 - 2014-08-13 17:06 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Brother
2014-08-11 22:34 - 2014-06-25 22:15 - 00000000 ____D () C:\Users\user\Desktop\Gramps
2014-08-11 19:33 - 2014-08-11 19:33 - 00003922 _____ () C:\Users\user\AppData\Local\recently-used.xbel
2014-08-11 18:57 - 2014-08-11 18:57 - 00000000 ____D () C:\Users\user\Schmitz_2014-08-11.gpkg.media
2014-08-11 18:52 - 2014-08-11 18:49 - 00000000 ____D () C:\Users\user\Documents\Gramps
2014-08-07 22:00 - 2009-07-14 06:53 - 00032640 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-08-07 03:35 - 2014-08-15 10:13 - 00410112 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-08-07 03:32 - 2014-08-15 10:13 - 00303104 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll

Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\avgnt.exe
C:\Users\user\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-28 18:35

==================== End Of Log ============================
--- --- ---

--- --- ---


Addition.txt:

Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version:31-08-2014 02
Ran by user at 2014-09-03 12:11:58
Running from C:\Users\user\Desktop\Trojanercheck
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader 9.1 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Alice Greenfingers (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version:  - Oberon Media)
AnyPC Client (HKLM\...\{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}) (Version: 1.0.0.12 - Doctorsoft)
Atheros Client Installation Program (HKLM\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.1.0805 - Atheros)
Avira (HKLM\...\{e67154a7-9cc5-4167-b782-f3982bc6c70d}) (Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
BatteryLifeExtender (HKLM\...\{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}) (Version: 1.0.1 - Samsung)
Business Contact Manager für Outlook 2007 SP1 (HKLM\...\Business Contact Manager) (Version: 3.0.7311.0 - Microsoft Corporation)
Business Contact Manager für Outlook 2007 SP1 (Version: 3.0.7311.0 - Microsoft Corporation) Hidden
cadvilla professional 4 (HKLM\...\{DE09BEAB-5EA2-4C02-9D2E-DEC9B9FA885C}_is1) (Version: 4.0.1.9 - Trixl GmbH)
cadvilla Tutorials (HKLM\...\{0C2A6831-1A0A-4FB9-BC50-48332BDF0CF9}) (Version: 1.1.0.5 - Trixl GmbH)
Call of Duty(R) - World at War(TM) (HKLM\...\InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}) (Version: 1.0 - Activision)
Call of Duty(R) - World at War(TM) (Version: 1.0 - Activision) Hidden
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.2907 - CyberLink Corp.)
CyberLink YouCam (Version: 2.0.2907 - CyberLink Corp.) Hidden
Dairy Dash (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version:  - Oberon Media)
DirectX for Managed Code Update (Summer 2004) (Version: 9.02.2904 - Microsoft) Hidden
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.0 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM\...\{A7581D39-EA20-4883-A480-80C21047052B}) (Version: 4.0.2 - Samsung)
Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 3.0.0.4 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM\...\{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}) (Version: 4.0.0.2 - Samsung)
Elf Bowling Hawaiian Vacation (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115246907}) (Version:  - Oberon Media)
Farm Frenzy 2 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)
Game Pack (HKLM\...\{63eafc52-b963-4297-a7eb-d412944e7065}_is1) (Version: 5.3.0.10 - Oberon Media, Inc.)
Go-Go Gourmet (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}) (Version:  - Oberon Media)
Gothic III (HKLM\...\{02B244A2-7F6A-42E8-A36F-8C385D7A1625}) (Version: 1.00.0000 - JoWooD Productions Software AG)
GrampsAIO (HKLM\...\GrampsAIO 4.0.3) (Version: 4.0.3 - The GRAMPS project)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (HKLM\...\{90A40407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8003.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISER) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.3 (HKLM\...\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}) (Version: 2.0.2313.0 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM\...\{95120000-0122-0407-0000-0000000FF1CE}) (Version: 12.0.6423.1000 - Microsoft Corporation)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Professional Hybrid 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40624.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.2.3042.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (HKLM\...\{1D1D8ADC-BF08-4E61-9393-5FA305B16864}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{5C759B74-34F4-43C6-A5D9-039CB754C5E9}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mount&Blade (HKLM\...\Mount&Blade) (Version:  - )
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 327.02 (Version: 327.02 - NVIDIA Corporation) Hidden
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.14.17 - NVIDIA Corporation) Hidden
PDF Architect 2 (HKLM\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)
PDF Architect 2 View Module (HKLM\...\{C960FF38-431D-429D-AD1F-FBD12A45B7C5}) (Version: 2.0.17.17583 - pdfforge GmbH)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Realtek Ethernet Controller  Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5919 - Realtek Semiconductor Corp.)
Samsung Recovery Solution 4 (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.3 - Samsung)
Samsung Support Center (HKLM\...\{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}) (Version: 1.0.1 - Samsung)
Samsung Update Plus (HKLM\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.4.12 - Synaptics Incorporated)
TeighaX 3.08.01 (Version: 3.08.01 - Open Design Alliance) Hidden
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.3042.00 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Office 2007 (KB934528) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{2B939677-2FFD-48F6-9075-7BF48CB87C80}) (Version:  - )
Update for Office System 2007 Setup (KB929722) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{D8E9BEBD-655F-467D-8176-CA9959C140A3}) (Version:  - )
User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8093.805 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

09-07-2014 17:00:17 Windows Update
20-07-2014 07:34:08 Geplanter Prüfpunkt
29-07-2014 11:45:23 Geplanter Prüfpunkt
09-08-2014 07:07:22 Geplanter Prüfpunkt
14-08-2014 16:08:57 Installed PDF Architect 2 View Module
15-08-2014 09:10:34 Windows Update
23-08-2014 14:09:02 Geplanter Prüfpunkt
30-08-2014 20:38:35 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1CCDF7FB-ACBA-4D0A-87CC-1EFE7E679086} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2009-08-01] (SAMSUNG Electronics co., LTD.)
Task: {31C68D58-AC39-4AF3-8080-45603F50948A} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-09-21] (Samsung Electronics. Co. Ltd.)
Task: {66C32559-3BF4-4CDE-8292-CF653355C3C2} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2009-09-07] (SAMSUNG Electronics)
Task: {A6A4519F-ADA4-443A-82CC-276A5E3522DE} - System32\Tasks\advSRS4 => C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2009-08-06] (SEC)
Task: {C7AD6C6B-CB53-402E-BDED-3E55E922E51C} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2009-05-20] ()
Task: {FCC85F9D-CE13-4427-ABDC-98A596891E6A} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2009-08-23] (Samsung Electronics Co., Ltd.)
Task: {FF520546-9FBB-40D0-B9B4-CEE701894095} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2009-09-08] (Samsung Electronics Co., Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (whitelisted) =============

2014-06-25 21:00 - 2013-08-30 01:08 - 00088864 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2009-09-22 07:26 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2009-12-05 20:07 - 2009-08-13 22:58 - 00044312 _____ () C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
2014-08-04 14:20 - 2014-08-04 14:20 - 00139056 _____ () C:\Program Files\Avira\My Avira\Avira.OE.NativeCore.dll
2014-08-04 14:20 - 2014-08-04 14:20 - 00067832 _____ () C:\Program Files\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-08-15 10:16 - 2014-08-04 14:20 - 00052472 _____ () C:\Users\user\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2009-09-22 07:24 - 2009-05-20 10:58 - 00650920 _____ () C:\Program Files\Samsung\Samsung Update Plus\SUPNotifier.exe
2009-09-22 07:24 - 2009-05-13 10:51 - 00155648 _____ () C:\Program Files\Samsung\Samsung Update Plus\HMXML.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^program.lnk => C:\windows\pss\program.lnk.Startup

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz
Percentage of memory in use: 37%
Total physical RAM: 3036.61 MB
Available physical RAM: 1901.16 MB
Total Pagefile: 6069.45 MB
Available Pagefile: 4652.13 MB
Total Virtual: 2047.88 MB
Available Virtual: 1906.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:225.33 GB) (Free:179.6 GB) NTFS
Drive d: () (Fixed) (Total:225.33 GB) (Free:207.09 GB) NTFS
Drive e: (CODWAW) (CDROM) (Total:6.82 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 031AA195)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=225.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=225.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Warlord711 03.09.2014 11:36
Ok, das sieht schon mal besser aus.

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.


Und dann darauf den ESET Scan, der dauert länger:



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Keyssie 03.09.2014 20:10
Checkup.txt:

Code:
Results of screen317's Security Check version 0.99.87 
 Windows 7  x86 (UAC is enabled) 
 Out of date service pack!!
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
 Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

jetzt wird eset gestartet....

Das hat jetzt wirklich lange gedauert.... und was ich erst bei ca. 65 % bemerkt habe...vor ca. 10 min... Avira war noch aktiv... ich poste es troztdem hier.

Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=05f141e5653b684588cd169c538f82b0
# engine=19981
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-03 07:00:52
# local_time=2014-09-03 09:00:52 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7600 NT
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 14141 23189014 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 66 85 20829183 161402043 0 0
# scanned=125337
# found=6
# cleaned=0
# scan_time=13511
sh=B9A96D9AE94C4B42CA5499933F6DF218B3903768 ft=1 fh=966b3592656dc188 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Program Files\Avira\AntiVir Desktop\offercast_avirav7_.exe"
sh=E2C028A886AA7352539DEE32CBB38770C529A76E ft=1 fh=d2aeb2930bcba9f7 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZP99X4F4\PDFCreator-1_7_3_setup.exe"
sh=69383E68017AAC2D5C2A69EE5CEDF8910F3D696D ft=0 fh=0000000000000000 vn="JS/Exploit.Agent.NHE Trojaner" ac=I fn="C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EWT5UINV\h0peo00mh2[1].htm"
sh=FD8ED382621B57FF78DE0E5D6A6A6B61C224F2B4 ft=0 fh=0000000000000000 vn="JS/Exploit.Agent.NFO Trojaner" ac=I fn="C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JIQKS8DE\1ieoi0a488[1].htm"
sh=326DF26E2AE1E2AE373BBF507C39DF9DFA43D123 ft=0 fh=0000000000000000 vn="LNK/Agent.AZ Trojaner" ac=I fn="C:\Windows\pss\program.lnk.Startup"
sh=0B756802CDD8FCA064D7546EC920F16F3187448B ft=1 fh=75a4f95b51866dba vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="D:\avira_free_antivirus_de.exe"

Warlord711 04.09.2014 07:43
Dir fehlt das SP1 + ca. gefühlte 150 Folgeupdates !

Aktualität von System und Software

Das Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:
  • Windows Vista/7/8: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren


Update: Adobe Reader
Deinstalliere bitte deine aktuelle Version von Adobe Reader
Start--> Systemsteuerung--> Software--> Adobe Reader
und lade dir die neue Version von Hier herunter-
Entferne den Haken für den McAfee SecurityScan bzw. Google Chrome.

Somit wären die Logs dann sauber !

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems.

Ändere regelmäßig alle deine Passwörter, jetzt, nach der Bereinigung ist ein idealer Zeitpunkt dafür
  • verwende für jede Anwendung und jeden Account ein anderes Passwort
  • ändere regelmäßig dein Passwort, vor allem bei Onlinebanking oder deinem Emailpostfach ist dieses sehr wichtig
  • speichere keine Passwörter auf deinem PC, gib diese nicht an dritte weiter
  • ein sicheres Passwort besteht aus mindestens 8 Zeichen und beinhaltet Groß- und Kleinbuchstaben, Zahlen und Sonderzeichen
  • benutze keine Zahlen- oder Buchstabenkombinationen, ( zB 12345678, qwertzui) auch keine Zahlen oder Buchstabenmuster
  • verwende keine Passwörter die einen Bezug zu dir, deinem Wohnort, Familienmitglied oder Haustier (Geburtsdatum, Postleitzahl, Adresse, Name) haben

Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7 / 8 : Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti-Viren-Programm und zusätzlicher Schutz
  • Gehe sicher, dass du immer nur eine Anti-Viren Software installiert hast und dass diese auch up to date ist!
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion bietet zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • AdwCleaner
    Dieses Tool erkennt eine Vielzahl von Werbeprogrammen (Adware) und unerwümschten Programmen (PUPs).
    Starte das Tool einmal die Woche und lass es laufen. Sollte eine neue Version verfügbar sein, so wird dies angezeigt und du kannst dir die neueste Version direkt auf den Desktop downloaden.
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • WOT (Web of trust)
    Dieses AddOn warnt dich, bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Mozilla Firefox
  • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
  • NoScript
    Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt, wenn Du es bestätigst.
  • AdblockPlus
    Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
    Es spart außerdem Downloadkapazität.


Performance
  • Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
  • Halte dich fern von Registry Cleanern.
    Diese Schaden deinem System mehr als dass sie helfen. Hier ein englischer Link:
    Miekemoes Blogspot ( MVP )


Was du vermeiden solltest:
  • Klicke nicht auf alles, nur weil es dich dazu auffordert und schön bunt ist.
  • Verwende keine P2P oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie z.B. deinFoto.jpg.exe.
  • Lade keine Software von Softonic oder Chip herunter, da diese Installer oft mit Adware oder unerünschter Software versehen sind!



Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen?

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

Die AdWare von Avira lösch ich nicht, da sonst der "tolle" Surfschutz wegfällt.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\Windows\pss\program.lnk.Startup
emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Keyssie 04.09.2014 16:34
Das klingt jetzt vielleicht merkwürdig, aber kann das System einem vorgaukeln SP1 wäre drauf? Ich bin fest davon überzeugt, es installiert zu haben. Nach dem Recovern taten die automatischen Updates nämlich zunächst nicht, erst nachdem ich das SP1 installiert hatte.

Die Automatischen Updates sind auch auf automatisch installieren gestellt. Ich muss leider zugeben, dass es jetzt nicht mehr danach aussieht, als wäre das SP1 installiert... aber irgendwie hätte ich erwartet, dass es dann bei den automatischen Updates dabei wäre und halt automatisch installiert wird...

Würde es also, da das nicht passiert ist, jetzt von der Microsoft Seite herunterladen und installieren?

ok... muss mich ein klein wenig korrigieren. Es gab 1 Update (63MB) unter "automatisch Updates"... hab auf installieren geklickt und es ist fehlgeschlagen....Code 80073701.... unbekannter Fehler... unter "wichtige Updates überprüfen" steht dann das SP1... nehme mal an, dass das SP1 dauernt fehlschlägt....

Warlord711 04.09.2014 16:36
Hört sich gut an. Mach das mal.

Keyssie 04.09.2014 19:00
Hat leider auch nicht geklappt....

Fehlermeldung:" Die referenzierte Assembly konnte nicht gefunden werden."

Fehler: ERROR_SXS_ASSEMBLY_MISSING(0x80073701)

Warlord711 04.09.2014 22:44
1. Systemupdate-Vorbereitungstool für Windows 7

Lad dir bitte Download Systemupdate-Vorbereitungstool für Windows 7 (KB947821) [Mai 2014] from Official Microsoft Download Center herunter und installier es.




2. sfc /scannow - Windows Systemintegritätsüberprüfung

Durch Programm-Installationen, Tuning-Tools oder Viren und Trojaner kann es passieren, dass Systemdateien von Windows beschädigt oder ausgetauscht werden. Die häufigsten Symptome sind:
  • Windows startet mit Fehlermeldungen
  • Windows wird instabil oder
  • produziert andere Fehler.
Aber es gibt ein Windows Board-Mittel, um defekte Systemdateien zu ersetzen, ohne eine Neuinstallation des Systems und/oder der Programme notwendig zu machen: Die Systemintegritätsüberprüfung und Reparatur. Das dafür eingesetzte Tool SFC (System File Checker) untersucht die Windows-Installation auf beschädigte Systemdateien und tauscht sie bei Bedarf gegen das Original aus. Dennoch ist die sicherste Variante die einer System-Sicherung und Erstellung eines Image des Betriebssystems.

Um die Systemintegritätsüberprüfung zu starten:
  1. klicken auf den Start-Button und
  2. in das Suchfenster cmd eingeben.
    Es erscheint im oberen Teil des Fensters ein schwarzes Symbol.
  3. Hierauf folgt ein Rechtsklick und
  4. wählen aus dem Kontextmenü den Eintrag Als Administrator ausführen aus.
http://www.trojaner-board.de/attachm...1&d=1318287800


Im nun geöffneten Fenster geben wir am blinkenden Cursor


Code:
sfc /scannow

ein, gefolgt von einem Druck auf die Enter-Taste. Schon beginnt das Tool mit seiner Arbeit und überprüft die Systemdateien. Sollten hierbei korrupte Dateien gefunden werden, erscheint ein Hinweis zum Einlegen der Installations-DVD und das Original wird wiederhergestellt. Zu beachten ist dabei, dass es die DVD sein muss, von welcher Windows installiert wurde. Wer also eine Version mit integriertem SP1 bei Windows 7 oder Vista verwendet hat, muss auch dieses einlegen. Wird die Original-DVD ohne SP1 verwendet, kann SFC die Datei nicht verwenden, weil sie älter ist und somit nicht mit dem aktuellen System kompatibel.

http://www.trojaner-board.de/attachm...1&d=1318287800


Nach Abschluss der Aktion wird darüber informiert welche Fehler durch SFC gefunden wurden. Auch, wenn keine Fehler gefunden wurden, teilt SFC dies am Ende mit, wie auf dem Screenshot zu sehen.


http://www.trojaner-board.de/attachm...1&d=1318287800


Mit Exit beendet man die Eingabeaufforderung.

Falls dort etwas anderes ausser der Meldung "Der Ressourcenschutz hat keine Integritätsverletzungen gefunden", bitte die Meldung mir hier mitteilen.

  • Klick jetzt noch einmal auf den Startbutton
  • Gib in das Suchfenster "Systemupdate-Vorbereitungstool" ein
  • Klick auf das Systemupdate-Vorbereitungstool
  • Falls eine Abfrage kommt, diese bestätigen
  • Sobald das Programm durchgelaufen ist, nochmal versuchen die Updates und das SP1 zu installieren

Keyssie 05.09.2014 08:32
Hi,

scannnow hat nichts gefunden. Ich kann den Schritt danach allerdings nicht so wie beschrieben ausführen. Sobald ich bei "Systemup" bin, wird nichts mehr angezeigt.
Die Installation am Anfang war erfolgreich.
Was nun? Komm ich da irgendwie anders ran?

Warlord711 05.09.2014 08:48
Aber das Systemupdate Vorbereitungstool hast du heruntergeladen und installiert ?
Dann kannst du ja im Startmenü mal in Ruhe schauen, ob du es findest.

Keyssie 05.09.2014 09:33
Da bin ich jeden einzelnen Punkt durch. Sofern das Ding nicht anders heißt, ist es auch dort nicht. Ebenfalls wird es nicht per Suche im Explorer gefunden und Ja, ich habe es installiert...gespeichert und dann installiert.
Ich hab das Gefühl irgendwas ist hier richtig schrott und ich muss aufgeben es ohne neuinstallation hinzubekommen...

Warlord711 05.09.2014 09:45
Probier trotzdem noch einmal, das SP1 zu installieren.

Keyssie 05.09.2014 10:44
Leider immer noch nichts....

Warlord711 05.09.2014 11:18
Dann lass mal Windows All-in-One Repair laufen:

http://www.trojaner-board.de/126216-...epair-aio.html

Keyssie 05.09.2014 12:54
Ist durchgelaufen....
jetzt noch ein Versuch oder soll ich vorher noch etwas anderes machen?

Warlord711 05.09.2014 13:47
Ja, bitte nochmal probieren.

Keyssie 05.09.2014 15:18
Fehlschlag

Warlord711 05.09.2014 21:09
Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument
Code:
@echo off
net stop wuauserv
ren %windir%\SoftwareDistribution SoftwareDistribution.old
net start wuauserv
net stop cryptsvc
Ren %systemroot%\System32\Catroot2 oldcatroot2
net start cryptsvc

REGSVR32 WUPS2.DLL /S
REGSVR32 WUPS.DLL /S
REGSVR32 WUAUENG.DLL /S
REGSVR32 WUAPI.DLL /S
REGSVR32 WUCLTUX.DLL /S
REGSVR32 WUWEBV.DLL /S
REGSVR32 JSCRIPT.DLL /S
REGSVR32 MSXML3.DLL /S

Net stop bits
Net stop wuauserv
Ipconfig /flushdns
cd \documents and settings\all users\application data\microsoft\network\downloader
Del qmgr0.dat
Del qmgr1.dat
Net start bits
Net start wuauserv

takeown /f C:\Windows\winsxs\pending.xml
Ren c:\windows\winsxs\pending.xml pending.old
  • Wähle Datei --> Speichern unter
  • Dateiname: updatefix.bat
  • Dateityp: Wähle Alle Dateien (*.*)
  • Speichere die Datei auf deinem Desktop.

    Es sollte nun ungefähr so aussehen http://larusso.trojaner-board.de/Images/bat.jpg
  • Starte die updatefix.bat.
WICHTIG: Mit Rechtsklick "als Administrator starten"

Antivirenschutz deaktivieren ! ! !
Danach Windows Updates starten. Sollte jetzt aussehen wie "nie gelaufen".

Jetzt nochmal versuchen die Updates zu installieren.

Keyssie 06.09.2014 07:59
Hi,

die .bat-datei ist durchgelaufen, das Windows Update stand auf "Nie", ist bis 32% angefangen zu laufen und dann wieder fehlgeschlagen mit dem gleichen Fehler.

Warlord711 07.09.2014 11:35
Antivirensoftware hast du ausgeschaltet gehabt ?
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
cmd: type "c:\windows\softwaredistribution\ReportingEvents.txt"

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Keyssie 07.09.2014 12:02
ja, bei Avira habe ich alles deaktiviert, sprich Echtzeitscanner und Firewall auf OFF geschaltet.

Hier das Log:

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:31-08-2014 02
Ran by user at 2014-09-07 12:58:49 Run:1
Running from C:\Users\user\Desktop\Trojanercheck
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
cmd: type "c:\windows\softwaredistribution\ReportingEvents.txt"
*****************


=========  type "c:\windows\softwaredistribution\ReportingEvents.txt" =========

Das System kann die angegebene Datei nicht finden.

========= End of CMD: =========


==== End of Fixlog ====

Warlord711 08.09.2014 08:18
Sorry hatte mich verschrieben :headbang:

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
cmd: type "c:\windows\softwaredistribution\ReportingEvents.log"

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Keyssie 08.09.2014 16:11
bitteschön:

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-09-2014
Ran by user at 2014-09-08 17:11:00 Run:2
Running from C:\Users\user\Desktop\Trojanercheck
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
cmd: type "c:\windows\softwaredistribution\ReportingEvents.log"
*****************


=========  type "c:\windows\softwaredistribution\ReportingEvents.log" =========

{F288E897-71F4-4014-B9EC-BB8C95D869F2}        2014-09-06 08:51:59:621+0200        1        147        101        {00000000-0000-0000-0000-000000000000}        0        0        AutomaticUpdates        Success        Software Synchronization        Windows Update Client successfully detected 1 updates.
{089E5948-CF98-47F2-8869-0B36F7E9686A}        2014-09-06 08:56:36:288+0200        1        161        106        {456197CA-06FF-4BCF-AEAE-C5183E3AE72F}        109        80073701        AutomaticUpdatesWuApp        Failure        Content Download        Error: Download failed.
{82816010-9315-408A-A843-A0D03EC76F11}        2014-09-06 09:03:21:350+0200        1        161        106        {456197CA-06FF-4BCF-AEAE-C5183E3AE72F}        109        80073701        AutomaticUpdatesWuApp        Failure        Content Download        Error: Download failed.
{DE587A8A-DB67-4C73-B312-5B121DB285D9}        2014-09-07 08:06:54:379+0200        1        198        101        {0011B9ED-9189-4D58-BE25-FA2F13FC3D6C}        1        80073701        SelfUpdate        Failure        Content Install        Installation Failure: Windows failed to install the following update with error 0x80073701: Windows Update Aux.
{20800E33-71F0-41AC-91CF-8499B4B0BA2E}        2014-09-07 08:07:49:790+0200        1        162        101        {61CA813A-7585-442E-A66B-B0D15CE6BDC0}        1        0        SelfUpdate        Success        Content Download        Download succeeded.
{82AAC447-E771-4771-9A14-1BF2EC087F31}        2014-09-07 08:09:02:970+0200        1        147        101        {00000000-0000-0000-0000-000000000000}        0        0        AutomaticUpdates        Success        Software Synchronization        Windows Update Client successfully detected 1 updates.
{34A00FDF-703E-4BF9-AD3A-D566569286C4}        2014-09-07 08:16:44:646+0200        1        161        106        {456197CA-06FF-4BCF-AEAE-C5183E3AE72F}        109        80073701        AutomaticUpdates        Failure        Content Download        Error: Download failed.
{F9ED3A9E-E0D7-415E-8BC7-EB31BE13AB42}        2014-09-07 11:25:28:060+0200        1        198        101        {0011B9ED-9189-4D58-BE25-FA2F13FC3D6C}        1        80073701        SelfUpdate        Failure        Content Install        Installation Failure: Windows failed to install the following update with error 0x80073701: Windows Update Aux.
{4AFA287C-0665-4D41-8B20-46020B46C06E}        2014-09-07 12:18:54:882+0200        1        202        102        {00000000-0000-0000-0000-000000000000}        0        0        AutomaticUpdates        Success        Content Install        Reboot completed.

========= End of CMD: =========


==== End of Fixlog ====

Warlord711 08.09.2014 16:27
Ok, mal sehen ob wir noch was finden.

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Keyssie 08.09.2014 17:19
nothing found

Code:
17:35:36.0290 0x10c8  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
17:35:38.0490 0x10c8  ============================================================
17:35:38.0490 0x10c8  Current date / time: 2014/09/08 17:35:38.0490
17:35:38.0490 0x10c8  SystemInfo:
17:35:38.0490 0x10c8 
17:35:38.0490 0x10c8  OS Version: 6.1.7600 ServicePack: 0.0
17:35:38.0490 0x10c8  Product type: Workstation
17:35:38.0490 0x10c8  ComputerName: USER-PC
17:35:38.0490 0x10c8  UserName: user
17:35:38.0490 0x10c8  Windows directory: C:\windows
17:35:38.0490 0x10c8  System windows directory: C:\windows
17:35:38.0490 0x10c8  Processor architecture: Intel x86
17:35:38.0490 0x10c8  Number of processors: 2
17:35:38.0490 0x10c8  Page size: 0x1000
17:35:38.0490 0x10c8  Boot type: Normal boot
17:35:38.0490 0x10c8  ============================================================
17:35:39.0082 0x10c8  KLMD registered as C:\windows\system32\drivers\23362629.sys
17:35:39.0426 0x10c8  System UUID: {983CF3E4-7434-A9F4-AE89-6622E3A3B669}
17:35:40.0112 0x10c8  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:35:40.0112 0x10c8  ============================================================
17:35:40.0112 0x10c8  \Device\Harddisk0\DR0:
17:35:40.0112 0x10c8  MBR partitions:
17:35:40.0112 0x10c8  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
17:35:40.0112 0x10c8  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x1C2A9000
17:35:40.0112 0x10c8  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1E0DB800, BlocksNum 0x1C2AA000
17:35:40.0112 0x10c8  ============================================================
17:35:40.0143 0x10c8  C: <-> \Device\Harddisk0\DR0\Partition2
17:35:40.0206 0x10c8  D: <-> \Device\Harddisk0\DR0\Partition3
17:35:40.0206 0x10c8  ============================================================
17:35:40.0206 0x10c8  Initialize success
17:35:40.0206 0x10c8  ============================================================
17:35:46.0212 0x0954  ============================================================
17:35:46.0212 0x0954  Scan started
17:35:46.0212 0x0954  Mode: Manual; SigCheck; TDLFS;
17:35:46.0212 0x0954  ============================================================
17:35:46.0212 0x0954  KSN ping started
nur zur Info: gerade ist Avira aufgepoppt:

"Der Zugriff auf die Datei "C\Users\user\AppData\Local\Temp\Low\obupdat.exe mit de VIrus oder dem unerwünschten Programm 'TR/Crypt.ZPACK.Gen(Cloud)' wurde blockiert.
Sie können die Datei entfernen oder weitere Informationen zu diesem Problem erhalten"

Warlord711 09.09.2014 08:09
Das Logfile sollte definitiv länger sein.

Schalt mal bitte Avira Echtzeitschutz ab und dann

Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.
  • Klicke auf Wählen Sie eine
  • Kopiere nun folgendes in die Suchleiste
    Code:
    C\Users\user\AppData\Local\Temp\Low\obupdat.exe
  • und klicke auf Öffnen.
  • Klicke auf Scannen!.
  • Warte bitte bis die Datei vollständig hochgeladen wurde. Solltest Du folgende Meldung bekommen
    Zitat:
    Diese Datei wurde bereits von VirusTotal analysiert...
    klicke auf Neu analysieren.
  • Warte bis dir das Analysedatum angezeigt wird und der Scan abgeschlossen ist.
  • Kopiere den Link aus deiner Adresszeile und poste ihn hier.

Keyssie 09.09.2014 17:23
Damit wären wir bei einer anderen Frage...
Mein User ist Administrator mit dem ich hier gerade arbeite....
Dennoch kann ich nach "Wählen Sie..." Die Datei nicht auswählen... "Wenden Sie sich an den Besitzer der Datei oder den Administrator um diese Rechte zu erhalten"

ok, vergiss es.

https://www.virustotal.com/de/file/b432653006329ac698f591e4a8727bc683d23ec8dbc8ce9821d2b4a63803298c/analysis/1410279665/

Warlord711 09.09.2014 22:31
OK, da ist definitiv noch was und nix kleines.

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.

Keyssie 10.09.2014 07:31
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-09-10 08:29:02
Windows 6.1.7600  \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0001 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\user\AppData\Local\Temp\kxldapob.sys


---- System - GMER 2.1 ----

SSDT            8E403556                                                                                        ZwCreateSection
SSDT            8E403560                                                                                        ZwRequestWaitReplyPort
SSDT            8E40355B                                                                                        ZwSetContextThread
SSDT            8E403565                                                                                        ZwSetSecurityObject
SSDT            8E40356A                                                                                        ZwSystemDebugControl
SSDT            8E4034F7                                                                                        ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text          ntoskrnl.exe!ZwRollbackTransaction + 13F5                                                      82C538A9 1 Byte  [06]
.text          ntoskrnl.exe!KiDispatchInterrupt + 5A2                                                          82C73302 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text          ntoskrnl.exe!KeRemoveQueueEx + 14B7                                                            82C7A684 4 Bytes  [56, 35, 40, 8E]
.text          ntoskrnl.exe!KeRemoveQueueEx + 1813                                                            82C7A9E0 4 Bytes  [60, 35, 40, 8E]
.text          ntoskrnl.exe!KeRemoveQueueEx + 1857                                                            82C7AA24 4 Bytes  [5B, 35, 40, 8E]
.text          ntoskrnl.exe!KeRemoveQueueEx + 18D3                                                            82C7AAA0 4 Bytes  [65, 35, 40, 8E]
.text          ntoskrnl.exe!KeRemoveQueueEx + 1927                                                            82C7AAF4 4 Bytes  [6A, 35, 40, 8E]
.text          ...                                                                                           

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                        Wdf01000.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                        Wdf01000.sys

---- Registry - GMER 2.1 ----

Reg            HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@LazyCheckPointUpdateInterval  604800

---- Disk sectors - GMER 2.1 ----

Disk            \Device\Harddisk0\DR0                                                                          unknown MBR code

---- EOF - GMER 2.1 ----

Warlord711 10.09.2014 07:46
Sorry, die Avira Meldung beunruhigt mich etwas, deshalb noch ein paar Schritte:

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Und bitte neue FRST Logs. Haken setzen bei addition.txt dann auf Scan klicken

http://saved.im/mtg0mjy4yjlu/2014-04...ryscantool.png

Keyssie 10.09.2014 15:17
So....

Ich schreib das schon einmal hierhin, da ich zwar nicht gesehen habe, dass Antivir abgeschaltet sein soll währen aswMBR läuft... (hatte nur deine Kurzanleitung beachtet), aber auch nicht sicher bin, dass die Kombination der Programme das hervorgerufen hat.

Avira ist aufgepoppt mit C:\Users\user}AppData\Local...\ljz0ogk4kg[1].htm mit dem unerwünschten Programm ÄJS/Axpergle.EB.52'... While aswMBR lief.

Ich lass aswMBR gleich noch einmal laufen ohne dass Antivir läuft....

Und danach den Rest....

Wieviel von dem, was ich hier poste kann man eigentlich aktiv nutzen um auf meinem Rechner zu landen?

Edit: bevor ich es deaktivieren konnte poppte es noch einmal auf (diesemal war aswMbR schon durchgelaufen.


obupdat.exe mit TR/Crypt.ZPACK.96.96697

das Antivirenprogramm abzuschalten, wenn dauernd so etwas aufpoppt ist irgendwie nicht so ganz meine Sache....

also: Log1 mit Avast an:

Code:
aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-09-10 15:41:09
-----------------------------
15:41:09.958    OS Version: Windows 6.1.7600
15:41:09.958    Number of processors: 2 586 0x170A
15:41:09.958    ComputerName: USER-PC  UserName: user
15:41:10.629    Initialize success
15:41:10.629    VM: initialized successfully
15:41:10.645    VM: Intel CPU virtualization not supported
15:42:28.255    AVAST engine defs: 14091000
15:43:05.555    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:43:05.555    Disk 0 Vendor: ST950032 0001 Size: 476940MB BusType: 3
15:43:05.758    Disk 0 MBR read successfully
15:43:05.758    Disk 0 MBR scan
15:43:05.773    Disk 0 unknown MBR code
15:43:05.789    Disk 0 Partition 1 00    27 Hidden NTFS WinRE NTFS        15360 MB offset 2048
15:43:05.820    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 31459328
15:43:05.820    Disk 0 default boot code
15:43:05.851    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      230738 MB offset 31664128
15:43:05.867    Disk 0 Partition 4 00    07    HPFS/NTFS NTFS      230740 MB offset 504215552
15:43:05.882    Disk 0 scanning sectors +976771072
15:43:06.226    Disk 0 scanning C:\windows\system32\drivers
15:43:26.116    Service scanning
15:44:23.867    Modules scanning
15:44:48.219    Disk 0 trace - called modules:
15:44:48.234   
15:44:55.816    AVAST engine scan C:\windows
15:45:06.471    AVAST engine scan C:\windows\system32
15:49:49.720    AVAST engine scan C:\windows\system32\drivers
15:50:05.258    AVAST engine scan C:\Users\user
15:56:05.788    AVAST engine scan C:\ProgramData
15:56:48.782    Scan finished successfully
15:57:38.811    Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\Trojanercheck\MBR.dat"
15:57:38.811    The log file has been saved successfully to "C:\Users\user\Desktop\Trojanercheck\aswMBR_sicherung1.txt"
direkt danach gestartet ohne Avast an: 1 Fund

Code:
aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-09-10 15:41:09
-----------------------------
15:41:09.958    OS Version: Windows 6.1.7600
15:41:09.958    Number of processors: 2 586 0x170A
15:41:09.958    ComputerName: USER-PC  UserName: user
15:41:10.629    Initialize success
15:41:10.629    VM: initialized successfully
15:41:10.645    VM: Intel CPU virtualization not supported
15:42:28.255    AVAST engine defs: 14091000
15:43:05.555    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:43:05.555    Disk 0 Vendor: ST950032 0001 Size: 476940MB BusType: 3
15:43:05.758    Disk 0 MBR read successfully
15:43:05.758    Disk 0 MBR scan
15:43:05.773    Disk 0 unknown MBR code
15:43:05.789    Disk 0 Partition 1 00    27 Hidden NTFS WinRE NTFS        15360 MB offset 2048
15:43:05.820    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 31459328
15:43:05.820    Disk 0 default boot code
15:43:05.851    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      230738 MB offset 31664128
15:43:05.867    Disk 0 Partition 4 00    07    HPFS/NTFS NTFS      230740 MB offset 504215552
15:43:05.882    Disk 0 scanning sectors +976771072
15:43:06.226    Disk 0 scanning C:\windows\system32\drivers
15:43:26.116    Service scanning
15:44:23.867    Modules scanning
15:44:48.219    Disk 0 trace - called modules:
15:44:48.234   
15:44:55.816    AVAST engine scan C:\windows
15:45:06.471    AVAST engine scan C:\windows\system32
15:49:49.720    AVAST engine scan C:\windows\system32\drivers
15:50:05.258    AVAST engine scan C:\Users\user
15:56:05.788    AVAST engine scan C:\ProgramData
15:56:48.782    Scan finished successfully
15:57:38.811    Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\Trojanercheck\MBR.dat"
15:57:38.811    The log file has been saved successfully to "C:\Users\user\Desktop\Trojanercheck\aswMBR_sicherung1.txt"
16:01:26.876    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:01:26.892    Disk 0 Vendor: ST950032 0001 Size: 476940MB BusType: 3
16:01:27.157    Disk 0 MBR read successfully
16:01:27.172    Disk 0 MBR scan
16:01:27.172    Disk 0 unknown MBR code
16:01:27.204    Disk 0 Partition 1 00    27 Hidden NTFS WinRE NTFS        15360 MB offset 2048
16:01:27.219    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 31459328
16:01:27.250    Disk 0 default boot code
16:01:27.266    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      230738 MB offset 31664128
16:01:27.297    Disk 0 Partition 4 00    07    HPFS/NTFS NTFS      230740 MB offset 504215552
16:01:27.313    Disk 0 scanning sectors +976771072
16:01:27.625    Disk 0 scanning C:\windows\system32\drivers
16:01:45.612    Service scanning
16:02:10.790    Modules scanning
16:02:26.874    Disk 0 trace - called modules:
16:02:26.905   
16:02:27.794    AVAST engine scan C:\windows
16:02:36.748    AVAST engine scan C:\windows\system32
16:05:46.055    AVAST engine scan C:\windows\system32\drivers
16:05:59.658    AVAST engine scan C:\Users\user
16:08:36.688    File: C:\Users\user\AppData\Local\Temp\Low\obupdat.exe  **INFECTED** Win32:Rootkit-gen [Rtk]
16:10:55.138    AVAST engine scan C:\ProgramData
16:11:30.893    Scan finished successfully
16:13:09.127    Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\Trojanercheck\MBR.dat"
16:13:09.127    The log file has been saved successfully to "C:\Users\user\Desktop\Trojanercheck\aswMBR.txt"
FRST.txt


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-09-2014
Ran by user (administrator) on USER-PC on 10-09-2014 16:13:31
Running from C:\Users\user\Desktop\Trojanercheck
Platform: Microsoft Windows 7 Home Premium  (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
() C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_12_0_0_70_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Program Files\Samsung\Samsung Update Plus\SUPNotifier.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7711264 2009-08-19] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1541416 2009-07-15] (Synaptics Incorporated)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-14] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-771618654-3341757510-301361698-1000\...\MountPoints2: {7059c972-c02c-11de-a172-806e6f6e6963} - E:\setup\rsrc\Autorun.exe
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: PDF Architect 2 -> C:\Program Files\PDF Architect 2\np-previewer.dll (pdfforge GmbH)

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1021520 2014-08-14] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-14] (Microsoft Corporation)
R2 OberonGameConsoleService; C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [44312 2009-08-13] ()
S3 PDF Architect 2; C:\Program Files\PDF Architect 2\ws.exe [1771560 2014-06-26] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files\PDF Architect 2\crash-handler-ws.exe [861736 2014-06-26] (pdfforge GmbH)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [97648 2014-07-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [136216 2014-06-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\windows\System32\DRIVERS\avnetflt.sys [35848 2014-07-24] (Avira Operations GmbH & Co. KG)
R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2013-12-09] (Avira GmbH)
S3 MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys [X]
U3 aswMBR; \??\C:\Users\user\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\user\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-08 17:14 - 2014-09-08 17:14 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-07 14:27 - 2014-09-07 14:29 - 00005639 _____ () C:\Users\user\Desktop\Rote Grütze.txt
2014-09-07 12:58 - 2014-09-10 16:13 - 00000000 ____D () C:\FRST
2014-09-06 08:42 - 2014-09-06 08:42 - 00000689 _____ () C:\Users\user\Desktop\updatefix.bat
2014-09-05 13:48 - 2014-09-05 13:50 - 00000000 ____D () C:\windows\SoftwareDistribution.old
2014-09-05 12:55 - 2014-09-05 12:55 - 00000207 _____ () C:\windows\tweaking.com-regbackup-USER-PC-Microsoft-Windows-7-Home-Premium-(32-bit).dat
2014-09-05 12:55 - 2014-09-05 12:55 - 00000000 ____D () C:\RegBackup
2014-09-05 12:20 - 2014-09-05 12:20 - 07489465 _____ () C:\Users\user\Downloads\tweaking.com_windows_repair_aio[1].zip
2014-09-05 09:04 - 2014-09-05 09:05 - 231030439 _____ () C:\Users\user\Downloads\Windows6.1-KB947821-v33-x86 (2).msu
2014-09-04 21:29 - 2014-09-04 21:30 - 00000720 _____ () C:\DelFix.txt
2014-09-04 21:28 - 2014-09-04 21:28 - 00000000 _____ () C:\Users\user\Desktop\Neues Textdokument.txt
2014-09-04 20:55 - 2014-09-04 20:58 - 563934504 _____ (Microsoft Corporation) C:\Users\user\Downloads\windows6.1-KB976932-X86.exe
2014-09-04 20:21 - 2014-09-04 20:23 - 231030439 _____ () C:\Users\user\Downloads\Windows6.1-KB947821-v33-x86 (1).msu
2014-09-04 20:17 - 2014-09-04 20:17 - 00002278 _____ () C:\Users\user\AppData\Local\recently-used.xbel
2014-09-04 19:28 - 2014-09-04 19:28 - 00000000 ____D () C:\windows\system32\EventProviders
2014-09-04 17:57 - 2014-09-04 17:57 - 00000000 ____D () C:\windows\CheckSur
2014-09-04 17:53 - 2014-09-04 17:54 - 231030439 _____ () C:\Users\user\Downloads\Windows6.1-KB947821-v33-x86.msu
2014-09-03 17:12 - 2014-09-03 17:12 - 00000000 ____D () C:\Program Files\ESET
2014-09-03 11:49 - 2014-09-03 11:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-03 11:43 - 2014-09-04 21:29 - 00000000 ____D () C:\windows\ERUNT
2014-09-02 19:27 - 2014-09-10 16:13 - 00000000 ____D () C:\Users\user\Desktop\Trojanercheck
2014-09-02 16:15 - 2014-09-02 16:15 - 00000000 ____D () C:\windows\pss
2014-09-02 13:41 - 2014-09-02 13:41 - 00000000 ____D () C:\windows\PIF
2014-08-26 19:41 - 2014-08-26 19:41 - 00000000 ____D () C:\ProgramData\Arcade Lab
2014-08-15 10:16 - 2014-09-08 17:14 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-15 10:13 - 2014-08-07 03:35 - 00410112 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-08-15 10:13 - 2014-08-07 03:32 - 00303104 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-08-14 18:09 - 2014-08-14 18:09 - 00000000 ____D () C:\Users\user\Documents\PDF Architect 2
2014-08-14 18:09 - 2014-08-14 18:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2
2014-08-14 18:09 - 2014-08-14 18:09 - 00000000 ____D () C:\Program Files\PDF Architect 2
2014-08-14 18:08 - 2014-08-14 18:10 - 00000000 ____D () C:\Program Files\PDFCreator
2014-08-14 18:08 - 2014-08-14 18:08 - 00000000 ____D () C:\ProgramData\PDF Architect 2
2014-08-14 18:08 - 2014-08-14 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-08-14 18:08 - 2014-04-25 17:44 - 00662288 _____ (Microsoft Corporation) C:\windows\system32\MSCOMCT2.OCX
2014-08-14 18:08 - 2014-04-25 17:44 - 00137000 _____ (Microsoft Corporation) C:\windows\system32\MSMAPI32.OCX
2014-08-14 18:08 - 2014-04-25 17:44 - 00095416 _____ (pdfforge GmbH) C:\windows\system32\pdfcmon.dll
2014-08-14 18:08 - 2014-04-25 17:44 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\MSMPIDE.DLL
2014-08-14 18:08 - 1998-07-06 18:56 - 00125712 _____ (Microsoft Corporation) C:\windows\system32\VB6DE.DLL
2014-08-14 18:08 - 1998-07-06 18:55 - 00158208 _____ (Microsoft Corporation) C:\windows\system32\MSCMCDE.DLL
2014-08-14 18:08 - 1998-07-06 18:55 - 00064512 _____ (Microsoft Corporation) C:\windows\system32\MSCC2DE.DLL
2014-08-13 17:06 - 2014-08-13 17:06 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Brother
2014-08-11 18:49 - 2014-08-11 18:52 - 00000000 ____D () C:\Users\user\Documents\Gramps

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-10 16:13 - 2014-09-07 12:58 - 00000000 ____D () C:\FRST
2014-09-10 16:13 - 2014-09-02 19:27 - 00000000 ____D () C:\Users\user\Desktop\Trojanercheck
2014-09-10 15:45 - 2009-09-22 07:23 - 01226358 _____ () C:\windows\WindowsUpdate.log
2014-09-10 15:41 - 2009-07-14 06:34 - 00020400 _____ () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-10 15:41 - 2009-07-14 06:34 - 00020400 _____ () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-10 15:40 - 2009-07-26 22:06 - 01759924 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-10 15:36 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-10 15:36 - 2009-07-14 06:39 - 00061743 _____ () C:\windows\setupact.log
2014-09-08 17:14 - 2014-09-08 17:14 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-08 17:14 - 2014-08-15 10:16 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-08 17:14 - 2014-01-05 15:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-08 17:14 - 2014-01-05 15:07 - 00000000 ____D () C:\Program Files\Avira
2014-09-07 14:29 - 2014-09-07 14:27 - 00005639 _____ () C:\Users\user\Desktop\Rote Grütze.txt
2014-09-07 12:15 - 2009-09-22 07:48 - 00740366 _____ () C:\windows\PFRO.log
2014-09-06 08:42 - 2014-09-06 08:42 - 00000689 _____ () C:\Users\user\Desktop\updatefix.bat
2014-09-05 13:50 - 2014-09-05 13:48 - 00000000 ____D () C:\windows\SoftwareDistribution.old
2014-09-05 13:48 - 2009-12-05 20:11 - 00109280 _____ () C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-05 13:44 - 2009-07-14 06:33 - 00412776 _____ () C:\windows\system32\FNTCACHE.DAT
2014-09-05 12:55 - 2014-09-05 12:55 - 00000207 _____ () C:\windows\tweaking.com-regbackup-USER-PC-Microsoft-Windows-7-Home-Premium-(32-bit).dat
2014-09-05 12:55 - 2014-09-05 12:55 - 00000000 ____D () C:\RegBackup
2014-09-05 12:20 - 2014-09-05 12:20 - 07489465 _____ () C:\Users\user\Downloads\tweaking.com_windows_repair_aio[1].zip
2014-09-05 09:05 - 2014-09-05 09:04 - 231030439 _____ () C:\Users\user\Downloads\Windows6.1-KB947821-v33-x86 (2).msu
2014-09-04 21:30 - 2014-09-04 21:29 - 00000720 _____ () C:\DelFix.txt
2014-09-04 21:29 - 2014-09-03 11:43 - 00000000 ____D () C:\windows\ERUNT
2014-09-04 21:28 - 2014-09-04 21:28 - 00000000 _____ () C:\Users\user\Desktop\Neues Textdokument.txt
2014-09-04 20:58 - 2014-09-04 20:55 - 563934504 _____ (Microsoft Corporation) C:\Users\user\Downloads\windows6.1-KB976932-X86.exe
2014-09-04 20:23 - 2014-09-04 20:21 - 231030439 _____ () C:\Users\user\Downloads\Windows6.1-KB947821-v33-x86 (1).msu
2014-09-04 20:17 - 2014-09-04 20:17 - 00002278 _____ () C:\Users\user\AppData\Local\recently-used.xbel
2014-09-04 19:28 - 2014-09-04 19:28 - 00000000 ____D () C:\windows\system32\EventProviders
2014-09-04 17:57 - 2014-09-04 17:57 - 00000000 ____D () C:\windows\CheckSur
2014-09-04 17:54 - 2014-09-04 17:53 - 231030439 _____ () C:\Users\user\Downloads\Windows6.1-KB947821-v33-x86.msu
2014-09-03 17:12 - 2014-09-03 17:12 - 00000000 ____D () C:\Program Files\ESET
2014-09-03 12:05 - 2009-07-14 06:52 - 00000000 ____D () C:\windows\twain_32
2014-09-03 11:49 - 2014-09-03 11:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-02 17:16 - 2014-01-14 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Purplehills
2014-09-02 16:15 - 2014-09-02 16:15 - 00000000 ____D () C:\windows\pss
2014-09-02 13:41 - 2014-09-02 13:41 - 00000000 ____D () C:\windows\PIF
2014-09-01 12:36 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\NDF
2014-08-29 19:46 - 2014-01-14 10:56 - 00000000 ____D () C:\Users\user\Documents\2014
2014-08-26 19:41 - 2014-08-26 19:41 - 00000000 ____D () C:\ProgramData\Arcade Lab
2014-08-23 16:14 - 2014-02-04 21:59 - 00000000 ____D () C:\Users\user\Documents\gothic3
2014-08-15 11:13 - 2014-06-25 20:55 - 00000000 ____D () C:\windows\system32\MRT
2014-08-15 11:11 - 2014-06-25 20:55 - 96303304 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-08-15 11:10 - 2014-07-09 19:05 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-08-15 10:16 - 2014-01-05 15:07 - 00000000 ____D () C:\ProgramData\Avira
2014-08-14 18:10 - 2014-08-14 18:08 - 00000000 ____D () C:\Program Files\PDFCreator
2014-08-14 18:09 - 2014-08-14 18:09 - 00000000 ____D () C:\Users\user\Documents\PDF Architect 2
2014-08-14 18:09 - 2014-08-14 18:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2
2014-08-14 18:09 - 2014-08-14 18:09 - 00000000 ____D () C:\Program Files\PDF Architect 2
2014-08-14 18:08 - 2014-08-14 18:08 - 00000000 ____D () C:\ProgramData\PDF Architect 2
2014-08-14 18:08 - 2014-08-14 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-08-13 17:07 - 2014-01-21 09:23 - 00000432 _____ () C:\windows\BRWMARK.INI
2014-08-13 17:06 - 2014-08-13 17:06 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Brother
2014-08-11 22:34 - 2014-06-25 22:15 - 00000000 ____D () C:\Users\user\Desktop\Gramps
2014-08-11 18:52 - 2014-08-11 18:49 - 00000000 ____D () C:\Users\user\Documents\Gramps

Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-06 09:38

==================== End Of Log ============================
--- --- ---

--- --- ---


Addition.txt

Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-09-2014
Ran by user at 2014-09-10 16:14:08
Running from C:\Users\user\Desktop\Trojanercheck
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader 9.1 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Alice Greenfingers (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version:  - Oberon Media)
AnyPC Client (HKLM\...\{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}) (Version: 1.0.0.12 - Doctorsoft)
Atheros Client Installation Program (HKLM\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.1.0805 - Atheros)
Avira (HKLM\...\{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}) (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
BatteryLifeExtender (HKLM\...\{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}) (Version: 1.0.1 - Samsung)
Business Contact Manager für Outlook 2007 SP1 (HKLM\...\Business Contact Manager) (Version: 3.0.7311.0 - Microsoft Corporation)
Business Contact Manager für Outlook 2007 SP1 (Version: 3.0.7311.0 - Microsoft Corporation) Hidden
cadvilla professional 4 (HKLM\...\{DE09BEAB-5EA2-4C02-9D2E-DEC9B9FA885C}_is1) (Version: 4.0.1.9 - Trixl GmbH)
cadvilla Tutorials (HKLM\...\{0C2A6831-1A0A-4FB9-BC50-48332BDF0CF9}) (Version: 1.1.0.5 - Trixl GmbH)
Call of Duty(R) - World at War(TM) (HKLM\...\InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}) (Version: 1.0 - Activision)
Call of Duty(R) - World at War(TM) (Version: 1.0 - Activision) Hidden
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.2907 - CyberLink Corp.)
CyberLink YouCam (Version: 2.0.2907 - CyberLink Corp.) Hidden
Dairy Dash (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version:  - Oberon Media)
DirectX for Managed Code Update (Summer 2004) (Version: 9.02.2904 - Microsoft) Hidden
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.0 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM\...\{A7581D39-EA20-4883-A480-80C21047052B}) (Version: 4.0.2 - Samsung)
Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 3.0.0.4 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM\...\{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}) (Version: 4.0.0.2 - Samsung)
Elf Bowling Hawaiian Vacation (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115246907}) (Version:  - Oberon Media)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Farm Frenzy 2 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)
Game Pack (HKLM\...\{63eafc52-b963-4297-a7eb-d412944e7065}_is1) (Version: 5.3.0.10 - Oberon Media, Inc.)
Go-Go Gourmet (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}) (Version:  - Oberon Media)
Gothic III (HKLM\...\{02B244A2-7F6A-42E8-A36F-8C385D7A1625}) (Version: 1.00.0000 - JoWooD Productions Software AG)
GrampsAIO (HKLM\...\GrampsAIO 4.0.3) (Version: 4.0.3 - The GRAMPS project)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (HKLM\...\{90A40407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8003.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISER) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.3 (HKLM\...\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}) (Version: 2.0.2313.0 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM\...\{95120000-0122-0407-0000-0000000FF1CE}) (Version: 12.0.6423.1000 - Microsoft Corporation)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Professional Hybrid 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40624.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.2.3042.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (HKLM\...\{1D1D8ADC-BF08-4E61-9393-5FA305B16864}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{5C759B74-34F4-43C6-A5D9-039CB754C5E9}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mount&Blade (HKLM\...\Mount&Blade) (Version:  - )
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 327.02 (Version: 327.02 - NVIDIA Corporation) Hidden
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.14.17 - NVIDIA Corporation) Hidden
PDF Architect 2 (HKLM\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)
PDF Architect 2 View Module (HKLM\...\{C960FF38-431D-429D-AD1F-FBD12A45B7C5}) (Version: 2.0.17.17583 - pdfforge GmbH)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Realtek Ethernet Controller  Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5919 - Realtek Semiconductor Corp.)
Samsung Recovery Solution 4 (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.3 - Samsung)
Samsung Support Center (HKLM\...\{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}) (Version: 1.0.1 - Samsung)
Samsung Update Plus (HKLM\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.4.12 - Synaptics Incorporated)
TeighaX 3.08.01 (Version: 3.08.01 - Open Design Alliance) Hidden
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.3042.00 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Office 2007 (KB934528) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{2B939677-2FFD-48F6-9075-7BF48CB87C80}) (Version:  - )
Update for Office System 2007 Setup (KB929722) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{D8E9BEBD-655F-467D-8176-CA9959C140A3}) (Version:  - )
User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8093.805 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

05-09-2014 14:20:13 Windows 7 Service Pack 1

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2014-09-05 13:36 - 00000855 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1CCDF7FB-ACBA-4D0A-87CC-1EFE7E679086} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2009-08-01] (SAMSUNG Electronics co., LTD.)
Task: {31C68D58-AC39-4AF3-8080-45603F50948A} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-09-21] (Samsung Electronics. Co. Ltd.)
Task: {66C32559-3BF4-4CDE-8292-CF653355C3C2} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2009-09-07] (SAMSUNG Electronics)
Task: {A6A4519F-ADA4-443A-82CC-276A5E3522DE} - System32\Tasks\advSRS4 => C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2009-08-06] (SEC)
Task: {C7AD6C6B-CB53-402E-BDED-3E55E922E51C} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2009-05-20] ()
Task: {FCC85F9D-CE13-4427-ABDC-98A596891E6A} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2009-08-23] (Samsung Electronics Co., Ltd.)
Task: {FF520546-9FBB-40D0-B9B4-CEE701894095} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2009-09-08] (Samsung Electronics Co., Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (whitelisted) =============

2014-06-25 21:00 - 2013-08-30 01:08 - 00088864 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2009-09-22 07:26 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2009-12-05 20:07 - 2009-08-13 22:58 - 00044312 _____ () C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
2014-08-15 10:16 - 2014-08-27 15:00 - 00052472 _____ () C:\Users\user\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00139056 _____ () C:\Program Files\Avira\My Avira\Avira.OE.NativeCore.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00066864 _____ () C:\Program Files\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2009-09-22 07:24 - 2009-05-20 10:58 - 00650920 _____ () C:\Program Files\Samsung\Samsung Update Plus\SUPNotifier.exe
2009-09-22 07:24 - 2009-05-13 10:51 - 00155648 _____ () C:\Program Files\Samsung\Samsung Update Plus\HMXML.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^program.lnk => C:\windows\pss\program.lnk.Startup

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/09/2014 07:36:49 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/09/2014 07:36:35 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/08/2014 06:04:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16526, Zeitstempel: 0x52855173
Name des fehlerhaften Moduls: bl-views.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x53ac387f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x590ebe08
ID des fehlerhaften Prozesses: 0xaf4
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (09/06/2014 10:23:22 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/06/2014 10:23:16 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/06/2014 09:39:04 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/06/2014 09:38:49 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/05/2014 01:45:56 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (09/05/2014 01:25:55 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: 0x8004100aC:\PROGRAM FILES\MICROSOFT SQL SERVER\90\SHARED\SQLMGMPROVIDERXPSP2UP.MOF

Error: (09/05/2014 01:25:54 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: 0x80041002C:\WINDOWS\SYSTEM32\WBEM\IT-IT\MSFEEDS.MFL


System errors:
=============
Error: (09/10/2014 03:36:53 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Dienst "WMPNetworkSvc" konnte nicht ordnungsgemäß gestartet werden, da ein Fehler "0x80004005" in "CoCreateInstance(CLSID_UPnPDeviceFinder)" aufgetreten ist. Überprüfen Sie, ob der Dienst "UPnPHost" ausgeführt wird und ob die Windows-Komponente "UPnPHost" richtig installiert ist.

Error: (09/10/2014 08:06:38 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073701 fehlgeschlagen: Windows Update Aux

Error: (09/10/2014 08:04:28 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Dienst "WMPNetworkSvc" konnte nicht ordnungsgemäß gestartet werden, da ein Fehler "0x80070420" in "CoCreateInstance(CLSID_UPnPDeviceFinder)" aufgetreten ist. Überprüfen Sie, ob der Dienst "UPnPHost" ausgeführt wird und ob die Windows-Komponente "UPnPHost" richtig installiert ist.

Error: (09/09/2014 06:05:34 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Dienst "WMPNetworkSvc" konnte nicht ordnungsgemäß gestartet werden, da ein Fehler "0x80070420" in "CoCreateInstance(CLSID_UPnPDeviceFinder)" aufgetreten ist. Überprüfen Sie, ob der Dienst "UPnPHost" ausgeführt wird und ob die Windows-Komponente "UPnPHost" richtig installiert ist.

Error: (09/08/2014 10:30:09 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Dienst "WMPNetworkSvc" konnte nicht ordnungsgemäß gestartet werden, da ein Fehler "0x80004005" in "CoCreateInstance(CLSID_UPnPDeviceFinder)" aufgetreten ist. Überprüfen Sie, ob der Dienst "UPnPHost" ausgeführt wird und ob die Windows-Komponente "UPnPHost" richtig installiert ist.

Error: (09/08/2014 07:52:23 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073701 fehlgeschlagen: Windows Update Aux

Error: (09/08/2014 07:50:12 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Dienst "WMPNetworkSvc" konnte nicht ordnungsgemäß gestartet werden, da ein Fehler "0x80004005" in "CoCreateInstance(CLSID_UPnPDeviceFinder)" aufgetreten ist. Überprüfen Sie, ob der Dienst "UPnPHost" ausgeführt wird und ob die Windows-Komponente "UPnPHost" richtig installiert ist.

Error: (09/08/2014 05:08:25 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Dienst "WMPNetworkSvc" konnte nicht ordnungsgemäß gestartet werden, da ein Fehler "0x80004005" in "CoCreateInstance(CLSID_UPnPDeviceFinder)" aufgetreten ist. Überprüfen Sie, ob der Dienst "UPnPHost" ausgeführt wird und ob die Windows-Komponente "UPnPHost" richtig installiert ist.

Error: (09/07/2014 08:12:15 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Dienst "WMPNetworkSvc" konnte nicht ordnungsgemäß gestartet werden, da ein Fehler "0x80004005" in "CoCreateInstance(CLSID_UPnPDeviceFinder)" aufgetreten ist. Überprüfen Sie, ob der Dienst "UPnPHost" ausgeführt wird und ob die Windows-Komponente "UPnPHost" richtig installiert ist.

Error: (09/07/2014 08:11:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz
Percentage of memory in use: 33%
Total physical RAM: 3036.61 MB
Available physical RAM: 2022.74 MB
Total Pagefile: 6069.45 MB
Available Pagefile: 4700.85 MB
Total Virtual: 2047.88 MB
Available Virtual: 1907.22 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:225.33 GB) (Free:186.46 GB) NTFS
Drive d: () (Fixed) (Total:225.33 GB) (Free:207.11 GB) NTFS
Drive e: (CODWAW) (CDROM) (Total:6.82 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 031AA195)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=225.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=225.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Warlord711 10.09.2014 16:05
Bitte Avast! ausschalten für diesen Fix:

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\Users\user\AppData\Local\Temp\Low\obupdat.exe
emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Danach bitte mal ein FRST Scan, dort aber vorher bei Registry,Services,Drivers,Processes den Haken innerhalb von Whitelist herausnehmen.

Keyssie 10.09.2014 16:25
ok

1) FIxtlog.txt

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-09-2014
Ran by user at 2014-09-10 17:14:00 Run:3
Running from C:\Users\user\Desktop\Trojanercheck
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\Users\user\AppData\Local\Temp\Low\obupdat.exe
emptytemp:
*****************

C:\Users\user\AppData\Local\Temp\Low\obupdat.exe => Moved successfully.
EmptyTemp: => Removed 482.6 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====
2) FRST.txt


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-09-2014
Ran by user (administrator) on USER-PC on 10-09-2014 17:17:38
Running from C:\Users\user\Desktop\Trojanercheck
Platform: Microsoft Windows 7 Home Premium  (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (All) =========================

(Microsoft Corporation) C:\Windows\System32\smss.exe
(Microsoft Corporation) C:\Windows\System32\csrss.exe
(Microsoft Corporation) C:\Windows\System32\wininit.exe
(Microsoft Corporation) C:\Windows\System32\csrss.exe
(Microsoft Corporation) C:\Windows\System32\services.exe
(Microsoft Corporation) C:\Windows\System32\lsass.exe
(Microsoft Corporation) C:\Windows\System32\lsm.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\winlogon.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\spoolsv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Windows\System32\taskhost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\dwm.exe
(Microsoft Corporation) C:\Windows\explorer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Windows\System32\taskeng.exe
() C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
() C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\sppsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe
(Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Farbar) C:\Users\user\Desktop\Trojanercheck\FRST.exe

==================== Registry (All) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7711264 2009-08-19] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1541416 2009-07-15] (Synaptics Incorporated)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-14] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
HKLM\...\Winlogon: [Userinit] C:\windows\System32\Userinit.exe, [26112 2009-07-14] (Microsoft Corporation)
HKLM\...\Winlogon: [Shell] explorer.exe [2614272 2009-10-31] (Microsoft Corporation)
HKU\S-1-5-19\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1173504 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [93696 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1173504 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [93696 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-771618654-3341757510-301361698-1000\...\MountPoints2: {7059c972-c02c-11de-a172-806e6f6e6963} - E:\setup\rsrc\Autorun.exe
Lsa: [Authentication Packages] msv1_0
Lsa: [Notification Packages] scecli
SecurityProviders: credssp.dll
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -  No File
ShellIconOverlayIdentifiers: EnhancedStorageShell -> {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} => C:\windows\system32\EhStorShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: SharingPrivate -> {08244EE6-92F0-47f2-9FC9-929BAA2E7235} => C:\windows\system32\ntshrui.dll (Microsoft Corporation)
BootExecute: autocheck autochk *
AlternateShell: cmd.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: PDF Architect 2 -> C:\Program Files\PDF Architect 2\np-previewer.dll (pdfforge GmbH)

Chrome:
=======

==================== Services (All) ========================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AeLookupSvc; C:\windows\System32\aelupsvc.dll [62464 2009-07-14] (Microsoft Corporation)
S3 ALG; C:\windows\System32\alg.exe [59392 2009-07-14] (Microsoft Corporation)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1021520 2014-08-14] (Avira Operations GmbH & Co. KG)
S3 AppIDSvc; C:\windows\System32\appidsvc.dll [27648 2009-07-14] (Microsoft Corporation)
R3 Appinfo; C:\windows\System32\appinfo.dll [46592 2009-07-14] (Microsoft Corporation)
S3 aspnet_state; C:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [35160 2010-03-18] (Microsoft Corporation)
R2 AudioEndpointBuilder; C:\windows\System32\Audiosrv.dll [473088 2009-07-14] (Microsoft Corporation)
R2 Audiosrv; C:\windows\System32\Audiosrv.dll [473088 2009-07-14] (Microsoft Corporation)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
S3 AxInstSV; C:\windows\System32\AxInstSV.dll [88064 2009-07-14] (Microsoft Corporation)
R2 BcmSqlStartupSvc; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [30312 2008-01-16] (Microsoft Corporation)
S3 BDESVC; C:\windows\System32\bdesvc.dll [76800 2009-07-14] (Microsoft Corporation)
R2 BFE; C:\windows\System32\bfe.dll [493568 2009-07-14] (Microsoft Corporation)
S2 BITS; C:\windows\System32\qmgr.dll [589312 2009-07-14] (Microsoft Corporation)
R3 Browser; C:\windows\System32\browser.dll [102912 2012-07-04] (Microsoft Corporation)
S3 bthserv; C:\windows\system32\bthserv.dll [64512 2009-07-14] (Microsoft Corporation)
S3 CertPropSvc; C:\windows\System32\certprop.dll [67584 2009-07-14] (Microsoft Corporation)
S3 clr_optimization_v2.0.50727_32; C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [66384 2009-06-10] (Microsoft Corporation)
S2 clr_optimization_v4.0.30319_32; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [130384 2010-03-18] (Microsoft Corporation)
S3 COMSysApp; C:\windows\system32\dllhost.exe [7168 2009-07-14] (Microsoft Corporation)
R2 CryptSvc; C:\windows\system32\cryptsvc.dll [139264 2012-06-02] (Microsoft Corporation)
R2 DcomLaunch; C:\windows\system32\rpcss.dll [376320 2009-07-14] (Microsoft Corporation)
S3 defragsvc; C:\windows\System32\defragsvc.dll [218624 2009-07-14] (Microsoft Corporation)
R2 Dhcp; C:\windows\system32\dhcpcore.dll [253440 2009-07-14] (Microsoft Corporation)
R2 Dnscache; C:\windows\System32\dnsrslvr.dll [132608 2011-03-03] (Microsoft Corporation)
S3 dot3svc; C:\windows\System32\dot3svc.dll [214016 2009-07-14] (Microsoft Corporation)
R2 DPS; C:\windows\system32\dps.dll [143360 2009-07-14] (Microsoft Corporation)
R3 EapHost; C:\windows\System32\eapsvc.dll [98304 2009-07-14] (Microsoft Corporation)
S3 EFS; C:\windows\System32\lsass.exe [22528 2011-11-17] (Microsoft Corporation)
S2 ehRecvr; C:\windows\ehome\ehRecvr.exe [556032 2010-08-04] (Microsoft Corporation)
S2 ehSched; C:\windows\ehome\ehsched.exe [94720 2009-07-14] (Microsoft Corporation)
R2 eventlog; C:\windows\System32\wevtsvc.dll [1086464 2009-07-14] (Microsoft Corporation)
R2 EventSystem; C:\windows\system32\es.dll [271360 2009-07-14] (Microsoft Corporation)
S3 Fax; C:\windows\system32\fxssvc.exe [522752 2009-07-14] (Microsoft Corporation)
S3 fdPHost; C:\windows\system32\fdPHost.dll [12800 2009-07-14] (Microsoft Corporation)
R2 FDResPub; C:\windows\system32\fdrespub.dll [28160 2009-07-14] (Microsoft Corporation)
R2 FontCache; C:\windows\system32\FntCache.dll [802304 2011-02-19] (Microsoft Corporation)
S3 FontCache3.0.0.0; C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [42856 2009-06-10] (Microsoft Corporation)
S3 fsssvc; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [704864 2009-08-05] (Microsoft Corporation)
R2 gpsvc; C:\windows\System32\gpsvc.dll [591360 2009-07-14] (Microsoft Corporation)
S3 hidserv; C:\windows\system32\hidserv.dll [49152 2009-07-14] (Microsoft Corporation)
S3 hkmsvc; C:\windows\system32\kmsvc.dll [71168 2009-07-14] (Microsoft Corporation)
S3 HomeGroupListener; C:\windows\system32\ListSvc.dll [194560 2009-07-14] (Microsoft Corporation)
S3 HomeGroupProvider; C:\windows\system32\provsvc.dll [165376 2009-07-14] (Microsoft Corporation)
S3 idsvc; C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [878416 2009-06-10] (Microsoft Corporation)
R2 IKEEXT; C:\windows\System32\ikeext.dll [667136 2009-07-14] (Microsoft Corporation)
S3 IPBusEnum; C:\windows\system32\ipbusenum.dll [78848 2009-07-14] (Microsoft Corporation)
R2 iphlpsvc; C:\windows\System32\iphlpsvc.dll [497152 2009-07-14] (Microsoft Corporation)
R3 KeyIso; C:\windows\system32\lsass.exe [22528 2011-11-17] (Microsoft Corporation)
S3 KtmRm; C:\windows\system32\msdtckrm.dll [308736 2009-07-14] (Microsoft Corporation)
R2 LanmanServer; C:\windows\system32\srvsvc.dll [168448 2010-08-27] (Microsoft Corporation)
R2 LanmanWorkstation; C:\windows\System32\wkssvc.dll [84480 2009-07-14] (Microsoft Corporation)
S3 lltdsvc; C:\windows\System32\lltdsvc.dll [189952 2009-07-14] (Microsoft Corporation)
R2 lmhosts; C:\windows\System32\lmhsvc.dll [18432 2009-07-14] (Microsoft Corporation)
S4 Mcx2Svc; C:\windows\system32\Mcx2Svc.dll [67584 2009-07-14] (Microsoft Corporation)
S3 Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [65824 2006-10-27] (Microsoft Corporation)
R2 MMCSS; C:\windows\system32\mmcss.dll [49664 2009-07-14] (Microsoft Corporation)
R2 MpsSvc; C:\windows\system32\mpssvc.dll [565760 2009-07-14] (Microsoft Corporation)
S3 MSDTC; C:\windows\System32\msdtc.exe [134144 2009-07-14] (Microsoft Corporation)
S3 MSiSCSI; C:\windows\system32\iscsiexe.dll [114688 2009-07-14] (Microsoft Corporation)
S3 msiserver; C:\windows\System32\msiexec.exe [73216 2009-07-14] (Microsoft Corporation)
S3 MSSQL$MSSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29178224 2007-02-10] (Microsoft Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-14] (Microsoft Corporation)
S3 napagent; C:\windows\system32\qagentRT.dll [330240 2009-07-14] (Microsoft Corporation)
S3 Netlogon; C:\windows\system32\lsass.exe [22528 2011-11-17] (Microsoft Corporation)
R3 Netman; C:\windows\System32\netman.dll [280576 2009-07-14] (Microsoft Corporation)
S4 NetMsmqActivator; C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
S4 NetPipeActivator; C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
R3 netprofm; C:\windows\System32\netprofm.dll [360448 2009-07-14] (Microsoft Corporation)
S4 NetTcpActivator; C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
S4 NetTcpPortSharing; C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
R2 NlaSvc; C:\windows\System32\nlasvc.dll [242688 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\windows\system32\nsisvc.dll [19456 2009-07-14] (Microsoft Corporation)
R2 nvsvc; C:\windows\system32\nvvsvc.exe [662816 2013-08-30] (NVIDIA Corporation)
S2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1364256 2013-09-05] (NVIDIA Corporation)
R2 OberonGameConsoleService; C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [44312 2009-08-13] ()
S3 odserv; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [441136 2006-10-26] (Microsoft Corporation)
S3 ose; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [145184 2006-10-26] (Microsoft Corporation)
S3 p2pimsvc; C:\windows\system32\pnrpsvc.dll [269824 2009-07-14] (Microsoft Corporation)
S3 p2psvc; C:\windows\system32\p2psvc.dll [327680 2009-07-14] (Microsoft Corporation)
R2 PcaSvc; C:\windows\System32\pcasvc.dll [154624 2009-07-14] (Microsoft Corporation)
S3 PDF Architect 2; C:\Program Files\PDF Architect 2\ws.exe [1771560 2014-06-26] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files\PDF Architect 2\crash-handler-ws.exe [861736 2014-06-26] (pdfforge GmbH)
S3 pla; C:\windows\system32\pla.dll [1508864 2009-07-14] (Microsoft Corporation)
R2 PlugPlay; C:\windows\system32\umpnpmgr.dll [294912 2011-05-24] (Microsoft Corporation)
S3 PNRPAutoReg; C:\windows\system32\pnrpauto.dll [20480 2009-07-14] (Microsoft Corporation)
S3 PNRPsvc; C:\windows\system32\pnrpsvc.dll [269824 2009-07-14] (Microsoft Corporation)
R3 PolicyAgent; C:\windows\System32\ipsecsvc.dll [350720 2009-07-14] (Microsoft Corporation)
R2 Power; C:\windows\system32\umpo.dll [119808 2009-07-14] (Microsoft Corporation)
R2 ProfSvc; C:\windows\system32\profsvc.dll [163328 2012-05-02] (Microsoft Corporation)
S3 ProtectedStorage; C:\windows\system32\lsass.exe [22528 2011-11-17] (Microsoft Corporation)
S3 QWAVE; C:\windows\system32\qwave.dll [210944 2009-07-14] (Microsoft Corporation)
S3 RasAuto; C:\windows\System32\rasauto.dll [90624 2009-07-14] (Microsoft Corporation)
S3 RasMan; C:\windows\System32\rasmans.dll [285184 2009-07-14] (Microsoft Corporation)
S4 RemoteAccess; C:\windows\System32\mprdim.dll [75264 2009-07-14] (Microsoft Corporation)
S3 RemoteRegistry; C:\windows\system32\regsvc.dll [112640 2009-07-14] (Microsoft Corporation)
R2 RpcEptMapper; C:\windows\System32\RpcEpMap.dll [43520 2009-07-14] (Microsoft Corporation)
S3 RpcLocator; C:\windows\system32\locator.exe [9216 2009-07-14] (Microsoft Corporation)
R2 RpcSs; C:\windows\system32\rpcss.dll [376320 2009-07-14] (Microsoft Corporation)
R2 SamSs; C:\windows\system32\lsass.exe [22528 2011-11-17] (Microsoft Corporation)
S3 SCardSvr; C:\windows\System32\SCardSvr.dll [132608 2009-07-14] (Microsoft Corporation)
R2 Schedule; C:\windows\system32\schedsvc.dll [749056 2010-11-02] (Microsoft Corporation)
S3 SCPolicySvc; C:\windows\System32\certprop.dll [67584 2009-07-14] (Microsoft Corporation)
S3 SDRSVC; C:\windows\System32\SDRSVC.dll [125952 2009-07-14] (Microsoft Corporation)
S3 seclogon; C:\windows\system32\seclogon.dll [21504 2009-07-14] (Microsoft Corporation)
R2 SENS; C:\windows\System32\sens.dll [49664 2009-07-14] (Microsoft Corporation)
S3 SensrSvc; C:\windows\system32\sensrsvc.dll [25088 2009-07-14] (Microsoft Corporation)
S3 SessionEnv; C:\windows\system32\sessenv.dll [99328 2009-07-14] (Microsoft Corporation)
S4 SharedAccess; C:\windows\System32\ipnathlp.dll [300544 2009-07-14] (Microsoft Corporation)
R2 ShellHWDetection; C:\windows\System32\shsvcs.dll [328192 2009-07-14] (Microsoft Corporation)
S3 SNMPTRAP; C:\windows\System32\snmptrap.exe [12800 2009-07-14] (Microsoft Corporation)
R2 Spooler; C:\windows\System32\spoolsv.exe [316928 2010-08-21] (Microsoft Corporation)
R2 sppsvc; C:\windows\system32\sppsvc.exe [3179520 2009-07-14] (Microsoft Corporation)
S3 sppuinotify; C:\windows\system32\sppuinotify.dll [53760 2009-07-14] (Microsoft Corporation)
S4 SQLBrowser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [242544 2007-02-10] (Microsoft Corporation)
R2 SQLWriter; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [89968 2007-02-10] (Microsoft Corporation)
R3 SSDPSRV; C:\windows\System32\ssdpsrv.dll [162816 2009-07-14] (Microsoft Corporation)
S3 SstpSvc; C:\windows\system32\sstpsvc.dll [90112 2009-07-14] (Microsoft Corporation)
R2 StiSvc; C:\windows\System32\wiaservc.dll [462336 2009-07-14] (Microsoft Corporation)
S3 swprv; C:\windows\System32\swprv.dll [313856 2009-07-14] (Microsoft Corporation)
R2 SysMain; C:\windows\system32\sysmain.dll [1169408 2009-07-14] (Microsoft Corporation)
S3 TabletInputService; C:\windows\System32\TabSvc.dll [73728 2009-07-14] (Microsoft Corporation)
S3 TapiSrv; C:\windows\System32\tapisrv.dll [241664 2009-07-14] (Microsoft Corporation)
S3 TBS; C:\windows\System32\tbssvc.dll [55808 2009-07-14] (Microsoft Corporation)
R2 TermService; C:\windows\System32\termsrv.dll [543232 2009-07-14] (Microsoft Corporation)
R2 Themes; C:\windows\system32\themeservice.dll [37376 2009-07-14] (Microsoft Corporation)
S3 THREADORDER; C:\windows\system32\mmcss.dll [49664 2009-07-14] (Microsoft Corporation)
R2 TrkWks; C:\windows\System32\trkwks.dll [77312 2009-07-14] (Microsoft Corporation)
S3 TrustedInstaller; C:\windows\servicing\TrustedInstaller.exe [204800 2009-07-14] (Microsoft Corporation)
S3 UI0Detect; C:\windows\system32\UI0Detect.exe [35840 2009-07-14] (Microsoft Corporation)
R3 upnphost; C:\windows\System32\upnphost.dll [266752 2009-07-14] (Microsoft Corporation)
R2 UxSms; C:\windows\System32\uxsms.dll [29696 2009-07-14] (Microsoft Corporation)
S3 VaultSvc; C:\windows\system32\lsass.exe [22528 2011-11-17] (Microsoft Corporation)
S3 vds; C:\windows\System32\vds.exe [452608 2009-07-14] (Microsoft Corporation)
S3 VSS; C:\windows\system32\vssvc.exe [1025536 2009-07-14] (Microsoft Corporation)
S3 W32Time; C:\windows\system32\w32time.dll [288768 2009-07-14] (Microsoft Corporation)
S3 wbengine; C:\windows\system32\wbengine.exe [1202688 2009-07-14] (Microsoft Corporation)
S3 WbioSrvc; C:\windows\System32\wbiosrvc.dll [151552 2009-07-14] (Microsoft Corporation)
S3 wcncsvc; C:\windows\System32\wcncsvc.dll [276992 2010-09-14] (Microsoft Corporation)
S3 WcsPlugInService; C:\windows\System32\WcsPlugInService.dll [32768 2009-07-14] (Microsoft Corporation)
R3 WdiServiceHost; C:\windows\system32\wdi.dll [76288 2009-07-14] (Microsoft Corporation)
R3 WdiSystemHost; C:\windows\system32\wdi.dll [76288 2009-07-14] (Microsoft Corporation)
S3 WebClient; C:\windows\System32\webclnt.dll [204800 2010-12-21] (Microsoft Corporation)
S3 Wecsvc; C:\windows\system32\wecsvc.dll [147968 2009-07-14] (Microsoft Corporation)
S3 wercplsupport; C:\windows\System32\wercplsupport.dll [61440 2009-07-14] (Microsoft Corporation)
R3 WerSvc; C:\windows\System32\WerSvc.dll [65024 2009-07-14] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
R3 WinHttpAutoProxySvc; C:\windows\system32\winhttp.dll [350720 2010-12-21] (Microsoft Corporation)
R2 Winmgmt; C:\windows\system32\wbem\WMIsvc.dll [168960 2009-07-14] (Microsoft Corporation)
S3 WinRM; C:\windows\system32\WsmSvc.dll [1175040 2009-07-14] (Microsoft Corporation)
R2 Wlansvc; C:\windows\System32\wlansvc.dll [829440 2009-07-14] (Microsoft Corporation)
S3 wmiApSrv; C:\windows\system32\wbem\WmiApSrv.exe [136192 2009-07-14] (Microsoft Corporation)
S2 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1121280 2009-07-14] (Microsoft Corporation)
S3 WPCSvc; C:\windows\System32\wpcsvc.dll [10752 2009-07-14] (Microsoft Corporation)
R3 WPDBusEnum; C:\windows\system32\wpdbusenum.dll [84480 2009-07-14] (Microsoft Corporation)
R2 wscsvc; C:\windows\system32\wscsvc.dll [73728 2010-12-21] (Microsoft Corporation)
R2 WSearch; C:\windows\system32\SearchIndexer.exe [428032 2011-05-04] (Microsoft Corporation)
S2 wuauserv; C:\windows\system32\wuaueng.dll [1933848 2012-06-03] (Microsoft Corporation)
S3 wudfsvc; C:\windows\System32\WUDFSvc.dll [73216 2012-07-26] (Microsoft Corporation)
S3 WwanSvc; C:\windows\System32\wwansvc.dll [185856 2009-07-14] (Microsoft Corporation)

==================== Drivers (All) ==========================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 1394ohci; C:\windows\system32\DRIVERS\1394ohci.sys [163328 2009-07-14] (Microsoft Corporation)
R0 ACPI; C:\windows\System32\DRIVERS\ACPI.sys [274496 2009-07-14] (Microsoft Corporation)
S3 AcpiPmi; C:\windows\system32\DRIVERS\acpipmi.sys [9728 2009-07-14] (Microsoft Corporation)
S3 adp94xx; C:\windows\system32\DRIVERS\adp94xx.sys [422976 2009-07-14] (Adaptec, Inc.)
S3 adpahci; C:\windows\system32\DRIVERS\adpahci.sys [297552 2009-07-14] (Adaptec, Inc.)
S3 adpu320; C:\windows\system32\DRIVERS\adpu320.sys [146512 2009-07-14] (Adaptec, Inc.)
R1 AFD; C:\windows\system32\drivers\afd.sys [338944 2011-04-25] (Microsoft Corporation)
S3 agp440; C:\windows\system32\DRIVERS\agp440.sys [53312 2009-07-14] (Microsoft Corporation)
S3 aic78xx; C:\windows\system32\DRIVERS\djsvs.sys [70720 2009-07-14] (Adaptec, Inc.)
S3 aliide; C:\windows\system32\DRIVERS\aliide.sys [14400 2009-07-14] (Acer Laboratories Inc.)
S3 amdagp; C:\windows\system32\DRIVERS\amdagp.sys [53312 2009-07-14] (Microsoft Corporation)
S3 amdide; C:\windows\system32\DRIVERS\amdide.sys [14912 2009-07-14] (Microsoft Corporation)
S3 AmdK8; C:\windows\system32\DRIVERS\amdk8.sys [55296 2009-07-14] (Microsoft Corporation)
S3 AmdPPM; C:\windows\system32\DRIVERS\amdppm.sys [52736 2009-07-14] (Microsoft Corporation)
S3 amdsata; C:\windows\system32\drivers\amdsata.sys [80256 2011-03-11] (Advanced Micro Devices)
S3 amdsbs; C:\windows\system32\DRIVERS\amdsbs.sys [159312 2009-07-14] (AMD Technologies Inc.)
R0 amdxata; C:\windows\System32\drivers\amdxata.sys [22400 2011-03-11] (Advanced Micro Devices)
S3 AppID; C:\windows\system32\drivers\appid.sys [50176 2009-07-14] (Microsoft Corporation)
S3 arc; C:\windows\system32\DRIVERS\arc.sys [76368 2009-07-14] (Adaptec, Inc.)
S3 arcsas; C:\windows\system32\DRIVERS\arcsas.sys [86608 2009-07-14] (Adaptec, Inc.)
S3 AsyncMac; C:\windows\System32\DRIVERS\asyncmac.sys [17920 2009-07-14] (Microsoft Corporation)
R0 atapi; C:\windows\System32\DRIVERS\atapi.sys [21584 2009-07-14] (Microsoft Corporation)
R3 athr; C:\windows\System32\DRIVERS\athr.sys [2228224 2011-12-13] (Atheros Communications, Inc.)
R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [97648 2014-07-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [136216 2014-06-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\windows\System32\DRIVERS\avnetflt.sys [35848 2014-07-24] (Avira Operations GmbH & Co. KG)
S3 b06bdrv; C:\windows\system32\DRIVERS\bxvbdx.sys [430080 2009-07-14] (Broadcom Corporation)
S3 b57nd60x; C:\windows\System32\DRIVERS\b57nd60x.sys [229888 2009-07-14] (Broadcom Corporation)
R1 Beep; C:\windows\system32\Drivers\Beep.sys [6144 2009-07-14] (Microsoft Corporation)
R1 blbdrive; C:\windows\System32\DRIVERS\blbdrive.sys [35328 2009-07-14] (Microsoft Corporation)
R3 bowser; C:\windows\System32\DRIVERS\bowser.sys [69632 2011-02-23] (Microsoft Corporation)
S3 BrFiltLo; C:\windows\system32\DRIVERS\BrFiltLo.sys [13568 2009-07-14] (Brother Industries, Ltd.)
S3 BrFiltUp; C:\windows\system32\DRIVERS\BrFiltUp.sys [5248 2009-07-14] (Brother Industries, Ltd.)
S3 Brserid; C:\windows\System32\Drivers\Brserid.sys [272128 2009-07-14] (Brother Industries Ltd.)
S3 BrSerWdm; C:\windows\System32\Drivers\BrSerWdm.sys [62336 2009-07-14] (Brother Industries Ltd.)
S3 BrUsbMdm; C:\windows\System32\Drivers\BrUsbMdm.sys [12160 2009-07-14] (Brother Industries Ltd.)
S3 BrUsbSer; C:\windows\System32\Drivers\BrUsbSer.sys [11904 2009-07-14] (Brother Industries Ltd.)
S3 BTHMODEM; C:\windows\system32\DRIVERS\bthmodem.sys [56320 2009-07-14] (Microsoft Corporation)
S4 cdfs; C:\windows\System32\DRIVERS\cdfs.sys [70656 2009-07-14] (Microsoft Corporation)
R1 cdrom; C:\windows\System32\DRIVERS\cdrom.sys [108544 2009-07-14] (Microsoft Corporation)
S3 circlass; C:\windows\system32\DRIVERS\circlass.sys [37888 2009-07-14] (Microsoft Corporation)
R0 CLFS; C:\windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R3 CmBatt; C:\windows\System32\DRIVERS\CmBatt.sys [14080 2009-07-14] (Microsoft Corporation)
S3 cmdide; C:\windows\system32\DRIVERS\cmdide.sys [15952 2009-07-14] (CMD Technology, Inc.)
R0 CNG; C:\windows\System32\Drivers\cng.sys [369336 2012-06-02] (Microsoft Corporation)
R0 Compbatt; C:\windows\System32\DRIVERS\compbatt.sys [19024 2009-07-14] (Microsoft Corporation)
R3 CompositeBus; C:\windows\System32\DRIVERS\CompositeBus.sys [31232 2009-07-14] (Microsoft Corporation)
S4 crcdisk; C:\windows\system32\DRIVERS\crcdisk.sys [22096 2009-07-14] (Microsoft Corporation)
R1 DfsC; C:\windows\System32\Drivers\dfsc.sys [78336 2011-04-27] (Microsoft Corporation)
R1 discache; C:\windows\System32\drivers\discache.sys [32256 2009-07-14] (Microsoft Corporation)
R0 Disk; C:\windows\System32\DRIVERS\disk.sys [57424 2009-07-14] (Microsoft Corporation)
S3 drmkaud; C:\windows\System32\drivers\drmkaud.sys [5120 2009-07-14] (Microsoft Corporation)
R3 DXGKrnl; C:\windows\System32\drivers\dxgkrnl.sys [728448 2010-11-02] (Microsoft Corporation)
S3 ebdrv; C:\windows\system32\DRIVERS\evbdx.sys [3100160 2009-07-14] (Broadcom Corporation)
S3 elxstor; C:\windows\system32\DRIVERS\elxstor.sys [453712 2009-07-14] (Emulex)
S3 ErrDev; C:\windows\system32\DRIVERS\errdev.sys [7168 2009-07-14] (Microsoft Corporation)
S3 exfat; C:\windows\system32\Drivers\exfat.sys [142336 2009-07-14] (Microsoft Corporation)
S3 fastfat; C:\windows\system32\Drivers\fastfat.sys [148480 2009-07-14] (Microsoft Corporation)
S3 fdc; C:\windows\system32\DRIVERS\fdc.sys [25088 2009-07-14] (Microsoft Corporation)
R0 FileInfo; C:\windows\System32\drivers\fileinfo.sys [58448 2009-07-14] (Microsoft Corporation)
S3 Filetrace; C:\windows\System32\drivers\filetrace.sys [28160 2009-07-14] (Microsoft Corporation)
S3 flpydisk; C:\windows\system32\DRIVERS\flpydisk.sys [19968 2009-07-14] (Microsoft Corporation)
R0 FltMgr; C:\windows\System32\drivers\fltmgr.sys [198208 2009-07-14] (Microsoft Corporation)
S3 FsDepends; C:\windows\System32\drivers\FsDepends.sys [46160 2009-07-14] (Microsoft Corporation)
S3 fssfltr; C:\windows\System32\DRIVERS\fssfltr.sys [54632 2009-08-05] (Microsoft Corporation)
U0 Fs_Rec; C:\windows\system32\Drivers\Fs_Rec.sys [19312 2012-03-01] (Microsoft Corporation)
R0 fvevol; C:\windows\System32\DRIVERS\fvevol.sys [195816 2013-01-24] (Microsoft Corporation)
S3 gagp30kx; C:\windows\system32\DRIVERS\gagp30kx.sys [57936 2009-07-14] (Microsoft Corporation)
S3 hcw85cir; C:\windows\system32\drivers\hcw85cir.sys [26624 2009-07-14] (Hauppauge Computer Works, Inc.)
S3 HdAudAddService; C:\windows\System32\drivers\HdAudio.sys [304128 2009-07-14] (Microsoft Corporation)
R3 HDAudBus; C:\windows\System32\DRIVERS\HDAudBus.sys [108544 2009-07-14] (Microsoft Corporation)
S3 HidBatt; C:\windows\system32\DRIVERS\HidBatt.sys [21504 2009-07-14] (Microsoft Corporation)
S3 HidBth; C:\windows\system32\DRIVERS\hidbth.sys [91136 2009-07-14] (Microsoft Corporation)
S3 HidIr; C:\windows\system32\DRIVERS\hidir.sys [37888 2009-07-14] (Microsoft Corporation)
S3 HidUsb; C:\windows\System32\DRIVERS\hidusb.sys [24064 2009-07-14] (Microsoft Corporation)
S3 HpSAMD; C:\windows\system32\DRIVERS\HpSAMD.sys [67152 2009-07-14] (Hewlett-Packard Company)
R3 HTTP; C:\windows\System32\drivers\HTTP.sys [513024 2009-07-14] (Microsoft Corporation)
R0 hwpolicy; C:\windows\System32\drivers\hwpolicy.sys [13904 2009-07-14] (Microsoft Corporation)
R3 i8042prt; C:\windows\System32\DRIVERS\i8042prt.sys [80896 2009-07-14] (Microsoft Corporation)
R0 iaStor; C:\windows\System32\DRIVERS\iaStor.sys [330264 2009-06-04] (Intel Corporation)
S3 iaStorV; C:\windows\system32\drivers\iaStorV.sys [332160 2011-03-11] (Intel Corporation)
S3 igfx; C:\windows\System32\DRIVERS\igdkmd32.sys [4756480 2009-06-10] (Intel Corporation)
S3 iirsp; C:\windows\system32\DRIVERS\iirsp.sys [41040 2009-07-14] (Intel Corp./ICP vortex GmbH)
R3 IntcAzAudAddService; C:\windows\System32\drivers\RTKVHDA.sys [2752352 2009-08-19] (Realtek Semiconductor Corp.)
S3 intelide; C:\windows\system32\DRIVERS\intelide.sys [15424 2009-07-14] (Microsoft Corporation)
R3 intelppm; C:\windows\System32\DRIVERS\intelppm.sys [53760 2009-07-14] (Microsoft Corporation)
S3 IpFilterDriver; C:\windows\System32\DRIVERS\ipfltdrv.sys [58880 2009-07-14] (Microsoft Corporation)
S3 IPMIDRV; C:\windows\system32\DRIVERS\IPMIDrv.sys [65536 2009-07-14] (Microsoft Corporation)
S3 IPNAT; C:\windows\System32\drivers\ipnat.sys [101888 2009-07-14] (Microsoft Corporation)
S3 IRENUM; C:\windows\System32\drivers\irenum.sys [13824 2009-07-14] (Microsoft Corporation)
S3 isapnp; C:\windows\system32\DRIVERS\isapnp.sys [46656 2009-07-14] (Microsoft Corporation)
S3 iScsiPrt; C:\windows\system32\DRIVERS\msiscsi.sys [186960 2009-07-14] (Microsoft Corporation)
R3 kbdclass; C:\windows\System32\DRIVERS\kbdclass.sys [42576 2009-07-14] (Microsoft Corporation)
S3 kbdhid; C:\windows\system32\DRIVERS\kbdhid.sys [28160 2009-07-14] (Microsoft Corporation)
R0 KSecDD; C:\windows\System32\Drivers\ksecdd.sys [67440 2012-06-02] (Microsoft Corporation)
R0 KSecPkg; C:\windows\System32\Drivers\ksecpkg.sys [134000 2012-06-02] (Microsoft Corporation)
R2 lltdio; C:\windows\System32\DRIVERS\lltdio.sys [48128 2009-07-14] (Microsoft Corporation)
S3 LSI_FC; C:\windows\system32\DRIVERS\lsi_fc.sys [95824 2009-07-14] (LSI Corporation)
S3 LSI_SAS; C:\windows\system32\DRIVERS\lsi_sas.sys [89168 2009-07-14] (LSI Corporation)
S3 LSI_SAS2; C:\windows\system32\DRIVERS\lsi_sas2.sys [54864 2009-07-14] (LSI Corporation)
S3 LSI_SCSI; C:\windows\system32\DRIVERS\lsi_scsi.sys [96848 2009-07-14] (LSI Corporation)
R2 luafv; C:\windows\system32\drivers\luafv.sys [86528 2009-07-14] (Microsoft Corporation)
S3 megasas; C:\windows\system32\DRIVERS\megasas.sys [30800 2009-07-14] (LSI Corporation)
S3 MegaSR; C:\windows\system32\DRIVERS\MegaSR.sys [235584 2009-07-14] (LSI Corporation, Inc.)
S3 Modem; C:\windows\System32\drivers\modem.sys [31744 2009-07-14] (Microsoft Corporation)
R3 monitor; C:\windows\System32\DRIVERS\monitor.sys [23552 2009-07-14] (Microsoft Corporation)
R3 mouclass; C:\windows\System32\DRIVERS\mouclass.sys [41552 2009-07-14] (Microsoft Corporation)
S3 mouhid; C:\windows\System32\DRIVERS\mouhid.sys [26112 2009-07-14] (Microsoft Corporation)
R0 mountmgr; C:\windows\System32\drivers\mountmgr.sys [78416 2009-07-14] (Microsoft Corporation)
S3 mpio; C:\windows\system32\DRIVERS\mpio.sys [130624 2009-07-14] (Microsoft Corporation)
R3 mpsdrv; C:\windows\System32\drivers\mpsdrv.sys [60416 2009-07-14] (Microsoft Corporation)
S3 MRxDAV; C:\windows\system32\drivers\mrxdav.sys [115712 2009-07-14] (Microsoft Corporation)
R3 mrxsmb; C:\windows\System32\DRIVERS\mrxsmb.sys [123392 2011-05-04] (Microsoft Corporation)
R3 mrxsmb10; C:\windows\System32\DRIVERS\mrxsmb10.sys [222720 2011-07-09] (Microsoft Corporation)
R3 mrxsmb20; C:\windows\System32\DRIVERS\mrxsmb20.sys [96256 2011-05-04] (Microsoft Corporation)
R0 msahci; C:\windows\System32\DRIVERS\msahci.sys [27712 2009-07-14] (Microsoft Corporation)
S3 msdsm; C:\windows\system32\DRIVERS\msdsm.sys [115792 2009-07-14] (Microsoft Corporation)
R1 Msfs; C:\windows\system32\Drivers\Msfs.sys [22528 2009-07-14] (Microsoft Corporation)
S3 mshidkmdf; C:\windows\System32\drivers\mshidkmdf.sys [4096 2009-07-14] (Microsoft Corporation)
R0 msisadrv; C:\windows\System32\DRIVERS\msisadrv.sys [13888 2009-07-14] (Microsoft Corporation)
S3 MSKSSRV; C:\windows\System32\drivers\MSKSSRV.sys [8320 2009-07-14] (Microsoft Corporation)
S3 MSPCLOCK; C:\windows\System32\drivers\MSPCLOCK.sys [5888 2009-07-14] (Microsoft Corporation)
S3 MSPQM; C:\windows\System32\drivers\MSPQM.sys [5504 2009-07-14] (Microsoft Corporation)
S3 MsRPC; C:\windows\system32\Drivers\MsRPC.sys [162896 2009-07-14] (Microsoft Corporation)
R1 mssmbios; C:\windows\System32\DRIVERS\mssmbios.sys [28240 2009-07-14] (Microsoft Corporation)
S3 MSTEE; C:\windows\System32\drivers\MSTEE.sys [6144 2009-07-14] (Microsoft Corporation)
S3 MTConfig; C:\windows\system32\DRIVERS\MTConfig.sys [12288 2009-07-14] (Microsoft Corporation)
R0 Mup; C:\windows\System32\Drivers\mup.sys [49728 2009-07-14] (Microsoft Corporation)
R3 NativeWifiP; C:\windows\System32\DRIVERS\nwifi.sys [267264 2009-07-14] (Microsoft Corporation)
R0 NDIS; C:\windows\System32\drivers\ndis.sys [710720 2009-07-14] (Microsoft Corporation)
S3 NdisCap; C:\windows\System32\DRIVERS\ndiscap.sys [27136 2009-07-14] (Microsoft Corporation)
R3 NdisTapi; C:\windows\System32\DRIVERS\ndistapi.sys [20992 2009-07-14] (Microsoft Corporation)
R3 Ndisuio; C:\windows\System32\DRIVERS\ndisuio.sys [45568 2009-07-14] (Microsoft Corporation)
R3 NdisWan; C:\windows\System32\DRIVERS\ndiswan.sys [118784 2009-07-14] (Microsoft Corporation)
R3 NDProxy; C:\windows\system32\Drivers\NDProxy.sys [48128 2009-07-14] (Microsoft Corporation)
R1 NetBIOS; C:\windows\System32\DRIVERS\netbios.sys [36352 2009-07-14] (Microsoft Corporation)
R1 NetBT; C:\windows\System32\DRIVERS\netbt.sys [187904 2009-07-14] (Microsoft Corporation)
S3 nfrd960; C:\windows\system32\DRIVERS\nfrd960.sys [44624 2009-07-14] (IBM Corporation)
R1 Npfs; C:\windows\system32\Drivers\Npfs.sys [35328 2009-07-14] (Microsoft Corporation)
R1 nsiproxy; C:\windows\System32\drivers\nsiproxy.sys [16896 2009-07-14] (Microsoft Corporation)
R3 Ntfs; C:\windows\system32\Drivers\Ntfs.sys [1210728 2013-04-12] (Microsoft Corporation)
R1 Null; C:\windows\system32\Drivers\Null.sys [4608 2009-07-14] (Microsoft Corporation)
R3 nvlddmkm; C:\windows\System32\DRIVERS\nvlddmkm.sys [9253664 2013-09-05] (NVIDIA Corporation)
S3 nvraid; C:\windows\system32\drivers\nvraid.sys [117120 2011-03-11] (NVIDIA Corporation)
S3 nvstor; C:\windows\system32\drivers\nvstor.sys [143744 2011-03-11] (NVIDIA Corporation)
S3 nv_agp; C:\windows\system32\DRIVERS\nv_agp.sys [105024 2009-07-14] (Microsoft Corporation)
S3 ohci1394; C:\windows\system32\DRIVERS\ohci1394.sys [62464 2009-07-14] (Microsoft Corporation)
S3 Parport; C:\windows\system32\DRIVERS\parport.sys [79360 2009-07-14] (Microsoft Corporation)
R0 partmgr; C:\windows\System32\drivers\partmgr.sys [56688 2012-03-17] (Microsoft Corporation)
S2 Parvdm; C:\windows\system32\DRIVERS\parvdm.sys [8704 2009-07-14] (Microsoft Corporation)
R0 pci; C:\windows\System32\DRIVERS\pci.sys [153680 2009-07-14] (Microsoft Corporation)
S3 pciide; C:\windows\system32\DRIVERS\pciide.sys [12368 2009-07-14] (Microsoft Corporation)
S3 pcmcia; C:\windows\system32\DRIVERS\pcmcia.sys [180288 2009-07-14] (Microsoft Corporation)
R0 pcw; C:\windows\System32\drivers\pcw.sys [43088 2009-07-14] (Microsoft Corporation)
R2 PEAUTH; C:\windows\System32\drivers\peauth.sys [586752 2009-07-14] (Microsoft Corporation)
R3 PptpMiniport; C:\windows\System32\DRIVERS\raspptp.sys [73728 2009-07-14] (Microsoft Corporation)
S3 Processor; C:\windows\system32\DRIVERS\processr.sys [52224 2009-07-14] (Microsoft Corporation)
R1 Psched; C:\windows\System32\DRIVERS\pacer.sys [104448 2009-07-14] (Microsoft Corporation)
S3 ql2300; C:\windows\system32\DRIVERS\ql2300.sys [1383488 2009-07-14] (QLogic Corporation)
S3 ql40xx; C:\windows\system32\DRIVERS\ql40xx.sys [106064 2009-07-14] (QLogic Corporation)
S3 QWAVEdrv; C:\windows\system32\drivers\qwavedrv.sys [31744 2009-07-14] (Microsoft Corporation)
S3 RasAcd; C:\windows\System32\DRIVERS\rasacd.sys [11776 2009-07-14] (Microsoft Corporation)
R3 RasAgileVpn; C:\windows\System32\DRIVERS\AgileVpn.sys [49152 2009-07-14] (Microsoft Corporation)
R3 Rasl2tp; C:\windows\System32\DRIVERS\rasl2tp.sys [78848 2009-07-14] (Microsoft Corporation)
R3 RasPppoe; C:\windows\System32\DRIVERS\raspppoe.sys [77824 2009-07-14] (Microsoft Corporation)
R3 RasSstp; C:\windows\System32\DRIVERS\rassstp.sys [75264 2009-07-14] (Microsoft Corporation)
R1 rdbss; C:\windows\System32\DRIVERS\rdbss.sys [241664 2009-07-14] (Microsoft Corporation)
S3 rdpbus; C:\windows\system32\DRIVERS\rdpbus.sys [18944 2009-07-14] (Microsoft Corporation)
R1 RDPCDD; C:\windows\System32\DRIVERS\RDPCDD.sys [6656 2009-07-14] (Microsoft Corporation)
R1 RDPENCDD; C:\windows\System32\drivers\rdpencdd.sys [6656 2009-07-14] (Microsoft Corporation)
R1 RDPREFMP; C:\windows\System32\drivers\rdprefmp.sys [7168 2009-07-14] (Microsoft Corporation)
S3 RDPWD; C:\windows\system32\Drivers\RDPWD.sys [177152 2012-04-28] (Microsoft Corporation)
R0 rdyboost; C:\windows\System32\drivers\rdyboost.sys [173648 2009-07-14] (Microsoft Corporation)
R2 rspndr; C:\windows\System32\DRIVERS\rspndr.sys [60928 2009-07-14] (Microsoft Corporation)
R3 RTL8167; C:\windows\System32\DRIVERS\Rt86win7.sys [187392 2009-07-31] (Realtek                                            )
R1 SABI; C:\windows\system32\Drivers\SABI.sys [10752 2009-05-28] (SAMSUNG ELECTRONICS)
S3 sbp2port; C:\windows\system32\DRIVERS\sbp2port.sys [85568 2009-07-14] (Microsoft Corporation)
S3 scfilter; C:\windows\System32\DRIVERS\scfilter.sys [26624 2009-07-14] (Microsoft Corporation)
R2 secdrv; C:\windows\system32\Drivers\secdrv.sys [20480 2009-07-13] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
S3 Serenum; C:\windows\system32\DRIVERS\serenum.sys [17920 2009-07-14] (Microsoft Corporation)
S3 Serial; C:\windows\system32\DRIVERS\serial.sys [83456 2009-07-14] (Microsoft Corporation)
S3 sermouse; C:\windows\system32\DRIVERS\sermouse.sys [19968 2009-07-14] (Microsoft Corporation)
S3 sffdisk; C:\windows\system32\drivers\sffdisk.sys [11264 2009-07-14] (Microsoft Corporation)
S3 sffp_mmc; C:\windows\system32\drivers\sffp_mmc.sys [12288 2009-07-14] (Microsoft Corporation)
S3 sffp_sd; C:\windows\system32\drivers\sffp_sd.sys [12800 2009-10-10] (Microsoft Corporation)
S3 sfloppy; C:\windows\system32\DRIVERS\sfloppy.sys [13824 2009-07-14] (Microsoft Corporation)
S3 sisagp; C:\windows\system32\DRIVERS\sisagp.sys [52304 2009-07-14] (Microsoft Corporation)
S3 SiSRaid2; C:\windows\system32\DRIVERS\SiSRaid2.sys [40016 2009-07-14] (Silicon Integrated Systems Corp.)
S3 SiSRaid4; C:\windows\system32\DRIVERS\sisraid4.sys [77888 2009-07-14] (Silicon Integrated Systems)
S3 Smb; C:\windows\System32\DRIVERS\smb.sys [71168 2009-07-14] (Microsoft Corporation)
R0 spldr; C:\windows\system32\Drivers\spldr.sys [17472 2009-07-14] (Microsoft Corporation)
R3 srv; C:\windows\System32\DRIVERS\srv.sys [311296 2011-04-29] (Microsoft Corporation)
R3 srv2; C:\windows\System32\DRIVERS\srv2.sys [309760 2011-04-29] (Microsoft Corporation)
R3 srvnet; C:\windows\System32\DRIVERS\srvnet.sys [114176 2011-04-29] (Microsoft Corporation)
R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2013-12-09] (Avira GmbH)
S3 stexstor; C:\windows\system32\DRIVERS\stexstor.sys [21072 2009-07-14] (Promise Technology)
R3 swenum; C:\windows\System32\DRIVERS\swenum.sys [12240 2009-07-14] (Microsoft Corporation)
R3 SynTP; C:\windows\System32\DRIVERS\SynTP.sys [212656 2009-07-15] (Synaptics Incorporated)
R1 Tcpip; C:\windows\System32\drivers\tcpip.sys [1287528 2013-01-04] (Microsoft Corporation)
S3 TCPIP6; C:\windows\System32\DRIVERS\tcpip.sys [1287528 2013-01-04] (Microsoft Corporation)
R2 tcpipreg; C:\windows\System32\drivers\tcpipreg.sys [34816 2009-07-14] (Microsoft Corporation)
S3 TDPIPE; C:\windows\System32\drivers\tdpipe.sys [17920 2009-07-14] (Microsoft Corporation)
S3 TDTCP; C:\windows\System32\drivers\tdtcp.sys [24064 2012-02-15] (Microsoft Corporation)
R1 tdx; C:\windows\System32\DRIVERS\tdx.sys [74240 2009-07-14] (Microsoft Corporation)
R1 TermDD; C:\windows\System32\DRIVERS\termdd.sys [51776 2009-07-14] (Microsoft Corporation)
S3 tssecsrv; C:\windows\System32\DRIVERS\tssecsrv.sys [30208 2009-07-14] (Microsoft Corporation)
R3 tunnel; C:\windows\System32\DRIVERS\tunnel.sys [108544 2009-07-14] (Microsoft Corporation)
S3 uagp35; C:\windows\system32\DRIVERS\uagp35.sys [55888 2009-07-14] (Microsoft Corporation)
R4 udfs; C:\windows\System32\DRIVERS\udfs.sys [246784 2009-07-14] (Microsoft Corporation)
S3 uliagpkx; C:\windows\system32\DRIVERS\uliagpkx.sys [57424 2009-07-14] (Microsoft Corporation)
R3 umbus; C:\windows\System32\DRIVERS\umbus.sys [39936 2009-07-14] (Microsoft Corporation)
S3 UmPass; C:\windows\system32\DRIVERS\umpass.sys [8192 2009-07-14] (Microsoft Corporation)
R3 usbccgp; C:\windows\System32\DRIVERS\usbccgp.sys [75776 2011-03-25] (Microsoft Corporation)
S3 usbcir; C:\windows\system32\DRIVERS\usbcir.sys [86016 2009-07-14] (Microsoft Corporation)
R3 usbehci; C:\windows\System32\DRIVERS\usbehci.sys [43008 2011-03-25] (Microsoft Corporation)
R3 usbhub; C:\windows\System32\DRIVERS\usbhub.sys [258560 2011-03-25] (Microsoft Corporation)
S3 usbohci; C:\windows\system32\drivers\usbohci.sys [20480 2011-03-25] (Microsoft Corporation)
S3 usbprint; C:\windows\System32\DRIVERS\usbprint.sys [19968 2009-07-14] (Microsoft Corporation)
S3 USBSTOR; C:\windows\System32\DRIVERS\USBSTOR.SYS [75776 2011-03-11] (Microsoft Corporation)
R3 usbuhci; C:\windows\System32\DRIVERS\usbuhci.sys [24064 2011-03-25] (Microsoft Corporation)
R3 usbvideo; C:\windows\System32\Drivers\usbvideo.sys [146176 2009-07-14] (Microsoft Corporation)
R0 vdrvroot; C:\windows\System32\DRIVERS\vdrvroot.sys [32832 2009-07-14] (Microsoft Corporation)
S3 vga; C:\windows\System32\DRIVERS\vgapnp.sys [26112 2009-07-14] (Microsoft Corporation)
R1 VgaSave; C:\windows\System32\drivers\vga.sys [25088 2009-07-14] (Microsoft Corporation)
S3 vhdmp; C:\windows\system32\DRIVERS\vhdmp.sys [159824 2009-07-14] (Microsoft Corporation)
S3 viaagp; C:\windows\system32\DRIVERS\viaagp.sys [53328 2009-07-14] (Microsoft Corporation)
S3 ViaC7; C:\windows\system32\DRIVERS\viac7.sys [52736 2009-07-14] (Microsoft Corporation)
S3 viaide; C:\windows\system32\DRIVERS\viaide.sys [16976 2009-07-14] (VIA Technologies, Inc.)
R0 volmgr; C:\windows\System32\DRIVERS\volmgr.sys [53312 2009-07-14] (Microsoft Corporation)
R0 volmgrx; C:\windows\System32\drivers\volmgrx.sys [297040 2009-07-14] (Microsoft Corporation)
R0 volsnap; C:\windows\System32\DRIVERS\volsnap.sys [245328 2009-07-14] (Microsoft Corporation)
S3 vsmraid; C:\windows\system32\DRIVERS\vsmraid.sys [141904 2009-07-14] (VIA Technologies Inc.,Ltd)
R3 vwifibus; C:\windows\System32\DRIVERS\vwifibus.sys [19968 2009-07-14] (Microsoft Corporation)
R1 vwififlt; C:\windows\System32\DRIVERS\vwififlt.sys [48128 2009-07-14] (Microsoft Corporation)
S3 WacomPen; C:\windows\system32\DRIVERS\wacompen.sys [21632 2009-07-14] (Microsoft Corporation)
S3 WANARP; C:\windows\System32\DRIVERS\wanarp.sys [63488 2009-07-14] (Microsoft Corporation)
R1 Wanarpv6; C:\windows\System32\DRIVERS\wanarp.sys [63488 2009-07-14] (Microsoft Corporation)
S3 Wd; C:\windows\system32\DRIVERS\wd.sys [19024 2009-07-14] (Microsoft Corporation)
R0 Wdf01000; C:\windows\System32\drivers\Wdf01000.sys [526952 2012-07-26] (Microsoft Corporation)
R1 WfpLwf; C:\windows\System32\DRIVERS\wfplwf.sys [9728 2009-07-14] (Microsoft Corporation)
S3 WIMMount; C:\windows\System32\drivers\wimmount.sys [19008 2009-07-14] (Microsoft Corporation)
U3 Winsock; No ImagePath
S3 WinUsb; C:\windows\System32\DRIVERS\WinUsb.sys [34944 2009-07-14] (Microsoft Corporation)
S3 WmiAcpi; C:\windows\system32\DRIVERS\wmiacpi.sys [11264 2009-07-14] (Microsoft Corporation)
S4 ws2ifsl; C:\windows\system32\drivers\ws2ifsl.sys [16384 2009-07-14] (Microsoft Corporation)
S3 WudfPf; C:\windows\System32\drivers\WudfPf.sys [66560 2012-07-26] (Microsoft Corporation)
S3 WUDFRd; C:\windows\System32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)
U5 BattC; C:\Windows\System32\Drivers\BattC.sys [25168 2009-07-14] (Microsoft Corporation)
S3 MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-10 15:45 - 2014-09-05 03:42 - 00444416 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-09-10 15:45 - 2014-09-05 03:38 - 00303104 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-09-08 17:14 - 2014-09-08 17:14 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-07 14:27 - 2014-09-07 14:29 - 00005639 _____ () C:\Users\user\Desktop\Rote Grütze.txt
2014-09-07 12:58 - 2014-09-10 17:17 - 00000000 ____D () C:\FRST
2014-09-06 08:42 - 2014-09-06 08:42 - 00000689 _____ () C:\Users\user\Desktop\updatefix.bat
2014-09-05 13:48 - 2014-09-05 13:50 - 00000000 ____D () C:\windows\SoftwareDistribution.old
2014-09-05 12:55 - 2014-09-05 12:55 - 00000207 _____ () C:\windows\tweaking.com-regbackup-USER-PC-Microsoft-Windows-7-Home-Premium-(32-bit).dat
2014-09-05 12:55 - 2014-09-05 12:55 - 00000000 ____D () C:\RegBackup
2014-09-05 12:20 - 2014-09-05 12:20 - 07489465 _____ () C:\Users\user\Downloads\tweaking.com_windows_repair_aio[1].zip
2014-09-05 09:04 - 2014-09-05 09:05 - 231030439 _____ () C:\Users\user\Downloads\Windows6.1-KB947821-v33-x86 (2).msu
2014-09-04 21:29 - 2014-09-04 21:30 - 00000720 _____ () C:\DelFix.txt
2014-09-04 21:28 - 2014-09-04 21:28 - 00000000 _____ () C:\Users\user\Desktop\Neues Textdokument.txt
2014-09-04 20:55 - 2014-09-04 20:58 - 563934504 _____ (Microsoft Corporation) C:\Users\user\Downloads\windows6.1-KB976932-X86.exe
2014-09-04 20:21 - 2014-09-04 20:23 - 231030439 _____ () C:\Users\user\Downloads\Windows6.1-KB947821-v33-x86 (1).msu
2014-09-04 20:17 - 2014-09-04 20:17 - 00002278 _____ () C:\Users\user\AppData\Local\recently-used.xbel
2014-09-04 19:28 - 2014-09-04 19:28 - 00000000 ____D () C:\windows\system32\EventProviders
2014-09-04 17:57 - 2014-09-04 17:57 - 00000000 ____D () C:\windows\CheckSur
2014-09-04 17:53 - 2014-09-04 17:54 - 231030439 _____ () C:\Users\user\Downloads\Windows6.1-KB947821-v33-x86.msu
2014-09-03 17:12 - 2014-09-03 17:12 - 00000000 ____D () C:\Program Files\ESET
2014-09-03 11:49 - 2014-09-03 11:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-03 11:43 - 2014-09-04 21:29 - 00000000 ____D () C:\windows\ERUNT
2014-09-02 19:27 - 2014-09-10 17:17 - 00000000 ____D () C:\Users\user\Desktop\Trojanercheck
2014-09-02 16:15 - 2014-09-02 16:15 - 00000000 ____D () C:\windows\pss
2014-09-02 13:41 - 2014-09-02 13:41 - 00000000 ____D () C:\windows\PIF
2014-08-26 19:41 - 2014-08-26 19:41 - 00000000 ____D () C:\ProgramData\Arcade Lab
2014-08-15 10:16 - 2014-09-08 17:14 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-14 18:09 - 2014-08-14 18:09 - 00000000 ____D () C:\Users\user\Documents\PDF Architect 2
2014-08-14 18:09 - 2014-08-14 18:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2
2014-08-14 18:09 - 2014-08-14 18:09 - 00000000 ____D () C:\Program Files\PDF Architect 2
2014-08-14 18:08 - 2014-08-14 18:10 - 00000000 ____D () C:\Program Files\PDFCreator
2014-08-14 18:08 - 2014-08-14 18:08 - 00000000 ____D () C:\ProgramData\PDF Architect 2
2014-08-14 18:08 - 2014-08-14 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-08-14 18:08 - 2014-04-25 17:44 - 00662288 _____ (Microsoft Corporation) C:\windows\system32\MSCOMCT2.OCX
2014-08-14 18:08 - 2014-04-25 17:44 - 00137000 _____ (Microsoft Corporation) C:\windows\system32\MSMAPI32.OCX
2014-08-14 18:08 - 2014-04-25 17:44 - 00095416 _____ (pdfforge GmbH) C:\windows\system32\pdfcmon.dll
2014-08-14 18:08 - 2014-04-25 17:44 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\MSMPIDE.DLL
2014-08-14 18:08 - 1998-07-06 18:56 - 00125712 _____ (Microsoft Corporation) C:\windows\system32\VB6DE.DLL
2014-08-14 18:08 - 1998-07-06 18:55 - 00158208 _____ (Microsoft Corporation) C:\windows\system32\MSCMCDE.DLL
2014-08-14 18:08 - 1998-07-06 18:55 - 00064512 _____ (Microsoft Corporation) C:\windows\system32\MSCC2DE.DLL
2014-08-13 17:06 - 2014-08-13 17:06 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Brother
2014-08-11 18:49 - 2014-08-11 18:52 - 00000000 ____D () C:\Users\user\Documents\Gramps

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-10 17:17 - 2014-09-07 12:58 - 00000000 ____D () C:\FRST
2014-09-10 17:17 - 2014-09-02 19:27 - 00000000 ____D () C:\Users\user\Desktop\Trojanercheck
2014-09-10 17:16 - 2009-09-22 07:48 - 00750666 _____ () C:\windows\PFRO.log
2014-09-10 17:16 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-10 17:16 - 2009-07-14 06:39 - 00061855 _____ () C:\windows\setupact.log
2014-09-10 17:15 - 2009-09-22 07:23 - 01259023 _____ () C:\windows\WindowsUpdate.log
2014-09-10 17:15 - 2009-07-14 06:34 - 00020400 _____ () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-10 17:15 - 2009-07-14 06:34 - 00020400 _____ () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-10 16:19 - 2014-07-09 19:05 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-09-10 15:40 - 2009-07-26 22:06 - 01759924 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-08 17:14 - 2014-09-08 17:14 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-08 17:14 - 2014-08-15 10:16 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-08 17:14 - 2014-01-05 15:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-08 17:14 - 2014-01-05 15:07 - 00000000 ____D () C:\Program Files\Avira
2014-09-07 14:29 - 2014-09-07 14:27 - 00005639 _____ () C:\Users\user\Desktop\Rote Grütze.txt
2014-09-06 08:42 - 2014-09-06 08:42 - 00000689 _____ () C:\Users\user\Desktop\updatefix.bat
2014-09-05 13:50 - 2014-09-05 13:48 - 00000000 ____D () C:\windows\SoftwareDistribution.old
2014-09-05 13:48 - 2009-12-05 20:11 - 00109280 _____ () C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-05 13:44 - 2009-07-14 06:33 - 00412776 _____ () C:\windows\system32\FNTCACHE.DAT
2014-09-05 12:55 - 2014-09-05 12:55 - 00000207 _____ () C:\windows\tweaking.com-regbackup-USER-PC-Microsoft-Windows-7-Home-Premium-(32-bit).dat
2014-09-05 12:55 - 2014-09-05 12:55 - 00000000 ____D () C:\RegBackup
2014-09-05 12:20 - 2014-09-05 12:20 - 07489465 _____ () C:\Users\user\Downloads\tweaking.com_windows_repair_aio[1].zip
2014-09-05 09:05 - 2014-09-05 09:04 - 231030439 _____ () C:\Users\user\Downloads\Windows6.1-KB947821-v33-x86 (2).msu
2014-09-05 03:42 - 2014-09-10 15:45 - 00444416 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-09-05 03:38 - 2014-09-10 15:45 - 00303104 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-09-04 21:30 - 2014-09-04 21:29 - 00000720 _____ () C:\DelFix.txt
2014-09-04 21:29 - 2014-09-03 11:43 - 00000000 ____D () C:\windows\ERUNT
2014-09-04 21:28 - 2014-09-04 21:28 - 00000000 _____ () C:\Users\user\Desktop\Neues Textdokument.txt
2014-09-04 20:58 - 2014-09-04 20:55 - 563934504 _____ (Microsoft Corporation) C:\Users\user\Downloads\windows6.1-KB976932-X86.exe
2014-09-04 20:23 - 2014-09-04 20:21 - 231030439 _____ () C:\Users\user\Downloads\Windows6.1-KB947821-v33-x86 (1).msu
2014-09-04 20:17 - 2014-09-04 20:17 - 00002278 _____ () C:\Users\user\AppData\Local\recently-used.xbel
2014-09-04 19:28 - 2014-09-04 19:28 - 00000000 ____D () C:\windows\system32\EventProviders
2014-09-04 17:57 - 2014-09-04 17:57 - 00000000 ____D () C:\windows\CheckSur
2014-09-04 17:54 - 2014-09-04 17:53 - 231030439 _____ () C:\Users\user\Downloads\Windows6.1-KB947821-v33-x86.msu
2014-09-03 17:12 - 2014-09-03 17:12 - 00000000 ____D () C:\Program Files\ESET
2014-09-03 12:05 - 2009-07-14 06:52 - 00000000 ____D () C:\windows\twain_32
2014-09-03 11:49 - 2014-09-03 11:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-02 17:16 - 2014-01-14 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Purplehills
2014-09-02 16:15 - 2014-09-02 16:15 - 00000000 ____D () C:\windows\pss
2014-09-02 13:41 - 2014-09-02 13:41 - 00000000 ____D () C:\windows\PIF
2014-09-01 12:36 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\NDF
2014-08-29 19:46 - 2014-01-14 10:56 - 00000000 ____D () C:\Users\user\Documents\2014
2014-08-26 19:41 - 2014-08-26 19:41 - 00000000 ____D () C:\ProgramData\Arcade Lab
2014-08-23 16:14 - 2014-02-04 21:59 - 00000000 ____D () C:\Users\user\Documents\gothic3
2014-08-15 11:13 - 2014-06-25 20:55 - 00000000 ____D () C:\windows\system32\MRT
2014-08-15 11:11 - 2014-06-25 20:55 - 96303304 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-08-15 10:16 - 2014-01-05 15:07 - 00000000 ____D () C:\ProgramData\Avira
2014-08-14 18:10 - 2014-08-14 18:08 - 00000000 ____D () C:\Program Files\PDFCreator
2014-08-14 18:09 - 2014-08-14 18:09 - 00000000 ____D () C:\Users\user\Documents\PDF Architect 2
2014-08-14 18:09 - 2014-08-14 18:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2
2014-08-14 18:09 - 2014-08-14 18:09 - 00000000 ____D () C:\Program Files\PDF Architect 2
2014-08-14 18:08 - 2014-08-14 18:08 - 00000000 ____D () C:\ProgramData\PDF Architect 2
2014-08-14 18:08 - 2014-08-14 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-08-13 17:07 - 2014-01-21 09:23 - 00000432 _____ () C:\windows\BRWMARK.INI
2014-08-13 17:06 - 2014-08-13 17:06 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Brother
2014-08-11 22:34 - 2014-06-25 22:15 - 00000000 ____D () C:\Users\user\Desktop\Gramps
2014-08-11 18:52 - 2014-08-11 18:49 - 00000000 ____D () C:\Users\user\Documents\Gramps

Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-06 09:38

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---



Nach dem Fix gab es einen Neustart

Dieses FRST Logfile unter 2) setzt er da irgendwie automatisch hin... gehe ich auf editieren fügt er noch einen beim speichern hinzu... merkwürdig...

Warlord711 10.09.2014 19:52
Wie schauts aus ? Gabs noch irgendwann Meldungen ?

Ich würd gern noch einen "2. Meinung" Scan laufen lassen über das System, der dann auch wieder länger dauern wird.

Nur um sicherzugehen.

Emsisoft Emergency Kit - Scanner

Vorbereitung
  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.

Los gehts

Keyssie 11.09.2014 05:49
Code:
Emsisoft Emergency Kit - Version 9.0
Letztes Update: 9/10/2014 9:07:11 PM
Benutzerkonto: user-PC\user

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\, F:\, G:\

PUPs-Erkennung: An
Archiv Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan Beginn:        9/10/2014 9:08:43 PM
C:\Users\Public\Desktop\Game Pack.lnk        gefunden: Trojan.Win32.Hupigon (A)
C:\FRST\Quarantine\C\Users\user\AppData\Local\Temp\Low\obupdat.exe.xBAD        gefunden: Trojan.GenericKD.1851464 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\4c4ac099.qua -> (Quarantine-8)        gefunden: Gen:Variant.Application.Bundler.Amonetize.10 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\54dde2ae.qua -> (Quarantine-8)        gefunden: Gen:Variant.Application.Bundler.Amonetize.10 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\57afd8b2.qua -> (Quarantine-8)        gefunden: Gen:Variant.Symmi.39805 (B)

Gescannt        262855
Gefunden        5

Scan Ende:        9/10/2014 11:46:05 PM
Scan Zeit:        2:37:22

Warlord711 11.09.2014 08:32
Starte noch einmal FRST.
  • Setz bitte den Haken bei Shortcut.txt und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

Keyssie 11.09.2014 16:43
Frist.txt


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-09-2014
Ran by user (administrator) on USER-PC on 11-09-2014 17:37:41
Running from C:\Users\user\Desktop\Trojanercheck
Platform: Microsoft Windows 7 Home Premium  (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
() C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Program Files\Samsung\Samsung Update Plus\SUPNotifier.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_12_0_0_70_ActiveX.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7711264 2009-08-19] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1541416 2009-07-15] (Synaptics Incorporated)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-14] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-771618654-3341757510-301361698-1000\...\MountPoints2: {7059c972-c02c-11de-a172-806e6f6e6963} - E:\setup\rsrc\Autorun.exe
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: PDF Architect 2 -> C:\Program Files\PDF Architect 2\np-previewer.dll (pdfforge GmbH)

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1021520 2014-08-14] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-14] (Microsoft Corporation)
R2 OberonGameConsoleService; C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [44312 2009-08-13] ()
S3 PDF Architect 2; C:\Program Files\PDF Architect 2\ws.exe [1771560 2014-06-26] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files\PDF Architect 2\crash-handler-ws.exe [861736 2014-06-26] (pdfforge GmbH)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [97648 2014-07-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [136216 2014-06-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\windows\System32\DRIVERS\avnetflt.sys [35848 2014-07-24] (Avira Operations GmbH & Co. KG)
R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2013-12-09] (Avira GmbH)
S3 cleanhlp; \??\C:\EEK\bin\cleanhlp32.sys [X]
S3 MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-10 21:03 - 2014-09-10 21:03 - 00000743 _____ () C:\Users\user\Desktop\Start Emsisoft Emergency Kit.lnk
2014-09-10 15:45 - 2014-09-05 03:42 - 00444416 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-09-10 15:45 - 2014-09-05 03:38 - 00303104 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-09-08 17:14 - 2014-09-08 17:14 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-07 14:27 - 2014-09-07 14:29 - 00005639 _____ () C:\Users\user\Desktop\Rote Grütze.txt
2014-09-07 12:58 - 2014-09-11 17:37 - 00000000 ____D () C:\FRST
2014-09-06 08:42 - 2014-09-06 08:42 - 00000689 _____ () C:\Users\user\Desktop\updatefix.bat
2014-09-05 13:48 - 2014-09-05 13:50 - 00000000 ____D () C:\windows\SoftwareDistribution.old
2014-09-05 12:55 - 2014-09-05 12:55 - 00000207 _____ () C:\windows\tweaking.com-regbackup-USER-PC-Microsoft-Windows-7-Home-Premium-(32-bit).dat
2014-09-05 12:55 - 2014-09-05 12:55 - 00000000 ____D () C:\RegBackup
2014-09-05 12:20 - 2014-09-05 12:20 - 07489465 _____ () C:\Users\user\Downloads\tweaking.com_windows_repair_aio[1].zip
2014-09-05 09:04 - 2014-09-05 09:05 - 231030439 _____ () C:\Users\user\Downloads\Windows6.1-KB947821-v33-x86 (2).msu
2014-09-04 21:29 - 2014-09-04 21:30 - 00000720 _____ () C:\DelFix.txt
2014-09-04 21:28 - 2014-09-04 21:28 - 00000000 _____ () C:\Users\user\Desktop\Neues Textdokument.txt
2014-09-04 20:55 - 2014-09-04 20:58 - 563934504 _____ (Microsoft Corporation) C:\Users\user\Downloads\windows6.1-KB976932-X86.exe
2014-09-04 20:21 - 2014-09-04 20:23 - 231030439 _____ () C:\Users\user\Downloads\Windows6.1-KB947821-v33-x86 (1).msu
2014-09-04 20:17 - 2014-09-04 20:17 - 00002278 _____ () C:\Users\user\AppData\Local\recently-used.xbel
2014-09-04 19:28 - 2014-09-04 19:28 - 00000000 ____D () C:\windows\system32\EventProviders
2014-09-04 17:57 - 2014-09-04 17:57 - 00000000 ____D () C:\windows\CheckSur
2014-09-04 17:53 - 2014-09-04 17:54 - 231030439 _____ () C:\Users\user\Downloads\Windows6.1-KB947821-v33-x86.msu
2014-09-03 17:12 - 2014-09-03 17:12 - 00000000 ____D () C:\Program Files\ESET
2014-09-03 11:49 - 2014-09-03 11:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-03 11:43 - 2014-09-04 21:29 - 00000000 ____D () C:\windows\ERUNT
2014-09-02 19:27 - 2014-09-11 17:37 - 00000000 ____D () C:\Users\user\Desktop\Trojanercheck
2014-09-02 16:15 - 2014-09-02 16:15 - 00000000 ____D () C:\windows\pss
2014-09-02 13:41 - 2014-09-02 13:41 - 00000000 ____D () C:\windows\PIF
2014-08-26 19:41 - 2014-08-26 19:41 - 00000000 ____D () C:\ProgramData\Arcade Lab
2014-08-15 10:16 - 2014-09-08 17:14 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-14 18:09 - 2014-08-14 18:09 - 00000000 ____D () C:\Users\user\Documents\PDF Architect 2
2014-08-14 18:09 - 2014-08-14 18:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2
2014-08-14 18:09 - 2014-08-14 18:09 - 00000000 ____D () C:\Program Files\PDF Architect 2
2014-08-14 18:08 - 2014-08-14 18:10 - 00000000 ____D () C:\Program Files\PDFCreator
2014-08-14 18:08 - 2014-08-14 18:08 - 00000000 ____D () C:\ProgramData\PDF Architect 2
2014-08-14 18:08 - 2014-08-14 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-08-14 18:08 - 2014-04-25 17:44 - 00662288 _____ (Microsoft Corporation) C:\windows\system32\MSCOMCT2.OCX
2014-08-14 18:08 - 2014-04-25 17:44 - 00137000 _____ (Microsoft Corporation) C:\windows\system32\MSMAPI32.OCX
2014-08-14 18:08 - 2014-04-25 17:44 - 00095416 _____ (pdfforge GmbH) C:\windows\system32\pdfcmon.dll
2014-08-14 18:08 - 2014-04-25 17:44 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\MSMPIDE.DLL
2014-08-14 18:08 - 1998-07-06 18:56 - 00125712 _____ (Microsoft Corporation) C:\windows\system32\VB6DE.DLL
2014-08-14 18:08 - 1998-07-06 18:55 - 00158208 _____ (Microsoft Corporation) C:\windows\system32\MSCMCDE.DLL
2014-08-14 18:08 - 1998-07-06 18:55 - 00064512 _____ (Microsoft Corporation) C:\windows\system32\MSCC2DE.DLL
2014-08-13 17:06 - 2014-08-13 17:06 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Brother

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-11 17:37 - 2014-09-07 12:58 - 00000000 ____D () C:\FRST
2014-09-11 17:37 - 2014-09-02 19:27 - 00000000 ____D () C:\Users\user\Desktop\Trojanercheck
2014-09-11 17:27 - 2009-07-14 06:34 - 00020400 _____ () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-11 17:27 - 2009-07-14 06:34 - 00020400 _____ () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-11 17:14 - 2009-09-22 07:23 - 01319823 _____ () C:\windows\WindowsUpdate.log
2014-09-11 17:14 - 2009-07-26 22:06 - 01759924 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-11 17:09 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-11 17:09 - 2009-07-14 06:39 - 00061967 _____ () C:\windows\setupact.log
2014-09-10 21:03 - 2014-09-10 21:03 - 00000743 _____ () C:\Users\user\Desktop\Start Emsisoft Emergency Kit.lnk
2014-09-10 20:55 - 2014-06-25 20:55 - 00000000 ____D () C:\windows\system32\MRT
2014-09-10 20:52 - 2014-06-25 20:55 - 98758480 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-09-10 17:16 - 2009-09-22 07:48 - 00750666 _____ () C:\windows\PFRO.log
2014-09-10 16:19 - 2014-07-09 19:05 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-09-08 17:14 - 2014-09-08 17:14 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-08 17:14 - 2014-08-15 10:16 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-08 17:14 - 2014-01-05 15:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-08 17:14 - 2014-01-05 15:07 - 00000000 ____D () C:\Program Files\Avira
2014-09-07 14:29 - 2014-09-07 14:27 - 00005639 _____ () C:\Users\user\Desktop\Rote Grütze.txt
2014-09-06 08:42 - 2014-09-06 08:42 - 00000689 _____ () C:\Users\user\Desktop\updatefix.bat
2014-09-05 13:50 - 2014-09-05 13:48 - 00000000 ____D () C:\windows\SoftwareDistribution.old
2014-09-05 13:48 - 2009-12-05 20:11 - 00109280 _____ () C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-05 13:44 - 2009-07-14 06:33 - 00412776 _____ () C:\windows\system32\FNTCACHE.DAT
2014-09-05 12:55 - 2014-09-05 12:55 - 00000207 _____ () C:\windows\tweaking.com-regbackup-USER-PC-Microsoft-Windows-7-Home-Premium-(32-bit).dat
2014-09-05 12:55 - 2014-09-05 12:55 - 00000000 ____D () C:\RegBackup
2014-09-05 12:20 - 2014-09-05 12:20 - 07489465 _____ () C:\Users\user\Downloads\tweaking.com_windows_repair_aio[1].zip
2014-09-05 09:05 - 2014-09-05 09:04 - 231030439 _____ () C:\Users\user\Downloads\Windows6.1-KB947821-v33-x86 (2).msu
2014-09-05 03:42 - 2014-09-10 15:45 - 00444416 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-09-05 03:38 - 2014-09-10 15:45 - 00303104 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-09-04 21:30 - 2014-09-04 21:29 - 00000720 _____ () C:\DelFix.txt
2014-09-04 21:29 - 2014-09-03 11:43 - 00000000 ____D () C:\windows\ERUNT
2014-09-04 21:28 - 2014-09-04 21:28 - 00000000 _____ () C:\Users\user\Desktop\Neues Textdokument.txt
2014-09-04 20:58 - 2014-09-04 20:55 - 563934504 _____ (Microsoft Corporation) C:\Users\user\Downloads\windows6.1-KB976932-X86.exe
2014-09-04 20:23 - 2014-09-04 20:21 - 231030439 _____ () C:\Users\user\Downloads\Windows6.1-KB947821-v33-x86 (1).msu
2014-09-04 20:17 - 2014-09-04 20:17 - 00002278 _____ () C:\Users\user\AppData\Local\recently-used.xbel
2014-09-04 19:28 - 2014-09-04 19:28 - 00000000 ____D () C:\windows\system32\EventProviders
2014-09-04 17:57 - 2014-09-04 17:57 - 00000000 ____D () C:\windows\CheckSur
2014-09-04 17:54 - 2014-09-04 17:53 - 231030439 _____ () C:\Users\user\Downloads\Windows6.1-KB947821-v33-x86.msu
2014-09-03 17:12 - 2014-09-03 17:12 - 00000000 ____D () C:\Program Files\ESET
2014-09-03 12:05 - 2009-07-14 06:52 - 00000000 ____D () C:\windows\twain_32
2014-09-03 11:49 - 2014-09-03 11:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-02 17:16 - 2014-01-14 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Purplehills
2014-09-02 16:15 - 2014-09-02 16:15 - 00000000 ____D () C:\windows\pss
2014-09-02 13:41 - 2014-09-02 13:41 - 00000000 ____D () C:\windows\PIF
2014-09-01 12:36 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\NDF
2014-08-29 19:46 - 2014-01-14 10:56 - 00000000 ____D () C:\Users\user\Documents\2014
2014-08-26 19:41 - 2014-08-26 19:41 - 00000000 ____D () C:\ProgramData\Arcade Lab
2014-08-23 16:14 - 2014-02-04 21:59 - 00000000 ____D () C:\Users\user\Documents\gothic3
2014-08-15 10:16 - 2014-01-05 15:07 - 00000000 ____D () C:\ProgramData\Avira
2014-08-14 18:10 - 2014-08-14 18:08 - 00000000 ____D () C:\Program Files\PDFCreator
2014-08-14 18:09 - 2014-08-14 18:09 - 00000000 ____D () C:\Users\user\Documents\PDF Architect 2
2014-08-14 18:09 - 2014-08-14 18:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2
2014-08-14 18:09 - 2014-08-14 18:09 - 00000000 ____D () C:\Program Files\PDF Architect 2
2014-08-14 18:08 - 2014-08-14 18:08 - 00000000 ____D () C:\ProgramData\PDF Architect 2
2014-08-14 18:08 - 2014-08-14 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-08-13 17:07 - 2014-01-21 09:23 - 00000432 _____ () C:\windows\BRWMARK.INI
2014-08-13 17:06 - 2014-08-13 17:06 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Brother

Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-06 09:38

==================== End Of Log ============================
--- --- ---


Shortcut.txt

Code:
Users shortcut scan result (x86) Version: 07-09-2014
Ran by user at 2014-09-11 17:38:13
Running from C:\Users\user\Desktop\Trojanercheck
Boot Mode: Normal
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)



Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1031-7B44-A91000000001}\SC_Reader.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeUI.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Call.lnk -> C:\Program Files\Windows Live\Messenger\wlcstart.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Family Safety.lnk -> C:\Windows\Installer\{994223F3-A99B-4DDD-9E1D-0190A17C6860}\fssicon.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Fotogalerie.lnk -> C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Mail.lnk -> C:\Program Files\Windows Live\Mail\wlmail.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Messenger .lnk -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Movie Maker.lnk -> C:\Program Files\Windows Live\Photo Gallery\MovieMaker.Exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Writer.lnk -> C:\Program Files\Windows Live\Writer\WindowsLiveWriter.exe (Microsoft Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Casual Games\Game Pack.lnk -> C:\Program Files\Samsung Casual Games\GameConsole\GamePack.exe (Oberon Media)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Casual Games\Go-Go Gourmet\Go-Go Gourmet.lnk -> C:\Program Files\Samsung Casual Games\Go-Go Gourmet\Launch.exe (Oberon Media Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Casual Games\Go-Go Gourmet\Uninstall.lnk -> C:\Program Files\Samsung Casual Games\Go-Go Gourmet\Uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Casual Games\Farm Frenzy 2\Farm Frenzy 2.lnk -> C:\Program Files\Samsung Casual Games\Farm Frenzy 2\Launch.exe (Oberon Media Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Casual Games\Farm Frenzy 2\Uninstall.lnk -> C:\Program Files\Samsung Casual Games\Farm Frenzy 2\Uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Casual Games\Elf Bowling Hawaiian Vacation\Elf Bowling Hawaiian Vacation.lnk -> C:\Program Files\Samsung Casual Games\Elf Bowling Hawaiian Vacation\Launch.exe (Oberon Media Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Casual Games\Elf Bowling Hawaiian Vacation\Uninstall.lnk -> C:\Program Files\Samsung Casual Games\Elf Bowling Hawaiian Vacation\Uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Casual Games\Dairy Dash\Dairy Dash.lnk -> C:\Program Files\Samsung Casual Games\Dairy Dash\Launch.exe (Oberon Media Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Casual Games\Dairy Dash\Uninstall.lnk -> C:\Program Files\Samsung Casual Games\Dairy Dash\Uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Casual Games\Alice Greenfingers\Alice Greenfingers.lnk -> C:\Program Files\Samsung Casual Games\Alice Greenfingers\Launch.exe (Oberon Media Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Casual Games\Alice Greenfingers\Uninstall.lnk -> C:\Program Files\Samsung Casual Games\Alice Greenfingers\Uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\User Guide\User Guide.lnk -> C:\Program Files\Samsung\SamsungManual\RunManual.exe (Samsung Electronics)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Samsung Update Plus\Samsung Update Plus Help.lnk -> C:\Program Files\Samsung\Samsung Update Plus\SUPHelp.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Samsung Update Plus\Samsung Update Plus.lnk -> C:\Program Files\Samsung\Samsung Update Plus\SupClientApp.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Samsung Support Center\Samsung Support Center.lnk -> C:\Program Files\Samsung\Samsung Support Center\SSCMain.exe (SAMSUNG Electronics)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Samsung Recovery Solution 4\Samsung Recovery Solution 4.lnk -> C:\Program Files\Samsung\Samsung Recovery Solution 4\Manager1.exe (SEC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Easy Network Manager\Easy Network Manager Help.lnk -> C:\Program Files\Samsung\Easy Network Manager\HelpLaunch.exe (Samsung Electronics)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Easy Network Manager\Easy Network Manager.lnk -> C:\Program Files\Samsung\Easy Network Manager\ENM.exe (Samsung Electronics Co. Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Easy Display Manager\Easy Display Manager Option.lnk -> C:\Program Files\Samsung\Easy Display Manager\HotKeyOption.exe (Samsung Electronics Co., Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Easy Display Manager\Easy Display Manager.lnk -> C:\Program Files\Samsung\Easy Display Manager\DMLauncher_Vista.exe (SAMSUNG Electronics)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Battery Life Extender\BatteryLifeExtender.lnk -> C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe (Samsung Electronics. Co. Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Historie.lnk -> C:\Program Files\PDFCreator\History.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\PDFCreator Hilfe.lnk -> C:\Program Files\PDFCreator\PDFCreator_german.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\PDFCreator im Internet.lnk -> C:\Program Files\PDFCreator\PDFCreator.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\PDFCreator.lnk -> C:\Program Files\PDFCreator\PDFCreator.exe (pdfforge  GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Translation Tool.lnk -> C:\Program Files\PDFCreator\languages\TransTool.exe (pdfforge  hxxp://www.pdfforge.org/)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Unterstütze PDFCreator.lnk -> C:\Program Files\PDFCreator\Unterstütze PDFCreator.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Licenses\AFPL License.lnk -> C:\Program Files\PDFCreator\AFPL License.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Licenses\FairPlay License.lnk -> C:\Program Files\PDFCreator\FairPlay License.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Licenses\GPL License.lnk -> C:\Program Files\PDFCreator\GNU License.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Images2PDF\Images2PDF.lnk -> C:\Program Files\PDFCreator\Images2PDF\Images2PDF.exe (pdfforge GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2\PDF Architect 2.lnk -> C:\Program Files\PDF Architect 2\PDF Architect 2.exe (pdfforge GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mount&Blade\Mount&Blade.lnk -> D:\Spiele\Mount&Blade\mount&blade.exe ( Taleworlds Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mount&Blade\Uninstall.lnk -> D:\Spiele\Mount&Blade\uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2005\Konfigurationstools\Fehler- und Verwendungsberichterstellung von SQL Server.lnk -> C:\Program Files\Microsoft SQL Server\90\Shared\SqlWtsn.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2005\Konfigurationstools\SQL Server-Oberflächenkonfiguration.lnk -> C:\Program Files\Microsoft SQL Server\90\Shared\SqlSAC.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office - 60 Day Trial.lnk -> C:\Program Files\Microsoft Office Suite Activation Assistant\OAA.exe (Digital River Inc. )
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Access 2007.lnk -> C:\Windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\accicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Excel 2007.lnk -> C:\Windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\xlicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Groove 2007.lnk -> C:\Windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\GrooveIcon.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office InfoPath 2007.lnk -> C:\Windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\inficon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office OneNote 2007.lnk -> C:\Windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\joticon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Outlook 2007.lnk -> C:\Windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office PowerPoint 2007.lnk -> C:\Windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pptico.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Publisher 2007.lnk -> C:\Windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pubs.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Word 2007.lnk -> C:\Windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\wordicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Digitales Zertifikat für VBA-Projekte.lnk -> C:\Windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk -> C:\Windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\cagicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2007 Spracheinstellungen.lnk -> C:\Windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk -> C:\Windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\oisicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office-Diagnose.lnk -> C:\Windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GrampsAIO 4.0.3\GrampsAIO 4.0.3-console.lnk -> C:\Program Files\GrampsAIO-4.0.3\bin\gramps.exe (www.gramps-project.org)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GrampsAIO 4.0.3\GrampsAIO 4.0.3-debug.lnk -> C:\Program Files\GrampsAIO-4.0.3\bin\grampsd.exe (www.gramps-project.org)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GrampsAIO 4.0.3\GrampsAIO 4.0.3.lnk -> C:\Program Files\GrampsAIO-4.0.3\bin\grampsw.exe (www.gramps-project.org)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gothic III\Deep Silver Webseite.lnk -> C:\Program Files\Gothic III\copublisher.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gothic III\Gothic III deinstallieren.lnk -> C:\Program Files\InstallShield Installation Information\{02B244A2-7F6A-42E8-A36F-8C385D7A1625}\setup.exe (InstallShield Software Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gothic III\Gothic III liesmich.lnk -> C:\Program Files\Gothic III\Readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gothic III\Gothic III online registrieren.lnk -> C:\Program Files\Gothic III\register.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gothic III\Gothic III starten.lnk -> C:\Program Files\Gothic III\Gothic3.exe (Pluto 13 GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gothic III\Gothic III Webseite.lnk -> C:\Program Files\Gothic III\site.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gothic III\JoWooD Productions Webseite.lnk -> C:\Program Files\Gothic III\publisher.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cadvilla professional 4\cadvilla professional 4.lnk -> C:\Program Files\cadvilla professional 4\Program\CACAD.exe (Creative Amadeo GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cadvilla professional 4\cadvilla Tutorials.lnk -> C:\Program Files\cadvilla professional 4\tutorial.exe (mirabyte GmbH & Co. KG)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cadvilla professional 4\Hilfe\cadvilla professional 4.lnk -> C:\Program Files\cadvilla professional 4\Program\cadvilla.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cadvilla professional 4\Handbücher\Handbuch 3D-Konverter.lnk -> C:\Program Files\cadvilla professional 4\Manuals\3DKonverter.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cadvilla professional 4\Handbücher\Handbuch cadvilla professional 4.lnk -> C:\Program Files\cadvilla professional 4\Manuals\manual.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cadvilla professional 4\Handbücher\Handbuch DXF-Import.lnk -> C:\Program Files\cadvilla professional 4\Manuals\DXFImport.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cadvilla professional 4\Handbücher\Handbuch Fensterkonstruktion.lnk -> C:\Program Files\cadvilla professional 4\Manuals\OpeningConstruction.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cadvilla professional 4\Handbücher\Handbuch Massenermittlung.lnk -> C:\Program Files\cadvilla professional 4\Manuals\Quantities.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cadvilla professional 4\Handbücher\Handbuch Planzusammenstellung.lnk -> C:\Program Files\cadvilla professional 4\Manuals\Planzusammenstellung.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cadvilla professional 4\Handbücher\Tastaturbelegung.lnk -> C:\Program Files\cadvilla professional 4\Manuals\ShortCuts.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Desktop\Avira Free Antivirus Hilfe.lnk -> C:\Program Files\Avira\AntiVir Desktop\avwin.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Desktop\Avira Free Antivirus starten.lnk -> C:\Program Files\Avira\AntiVir Desktop\avcenter.exe (Avira Operations GmbH & Co. KG)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Desktop\Avira im Internet.lnk -> C:\Program Files\Avira\AntiVir Desktop\weblink.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyPC Client\AnyPC deinstallieren.lnk -> C:\Program Files\InstallShield Installation Information\{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}\Setup.exe (InstallShield Software Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyPC Client\AnyPC.lnk -> C:\Program Files\AnyPC Client\APStart.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyPC Client\Erstellen einer AnyPC-Server-Installationsdatei.lnk -> C:\Program Files\AnyPC Client\SetupMaker.exe (Doctorsoft)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{DADC8F83-AFB8-4255-8036-052238A18A8A}\PlayTasks\0\Play.lnk -> C:\Program Files\Samsung Casual Games\Alice Greenfingers\Launch.exe (Oberon Media Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{D58C7682-084C-45CC-A1CF-EA7051A963A0}\PlayTasks\0\Play.lnk -> C:\Program Files\Samsung Casual Games\Go-Go Gourmet\Launch.exe (Oberon Media Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{72897716-6367-488F-98F0-12B17DBFBDD7}\PlayTasks\1\Call of Duty(R) - World at War(TM) - Mehrspieler.lnk -> C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe (Activision Blizzard, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{72897716-6367-488F-98F0-12B17DBFBDD7}\PlayTasks\0\Call of Duty(R) - World at War(TM) Einzelspieler - Koop.lnk -> C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe (Activision Blizzard, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{6282B6D7-8324-4F43-AF35-8ED766468E9C}\PlayTasks\0\Play.lnk -> C:\Program Files\Samsung Casual Games\Farm Frenzy 2\Launch.exe (Oberon Media Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{299C23BE-883D-4038-ACB4-4C8FCF07DC5A}\PlayTasks\0\Play.lnk -> C:\Program Files\Samsung Casual Games\Dairy Dash\Launch.exe (Oberon Media Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{07E7878E-762D-46D5-B8B8-7632A8DA579B}\PlayTasks\0\Play.lnk -> C:\Program Files\Samsung Casual Games\Elf Bowling Hawaiian Vacation\Launch.exe (Oberon Media Inc.)
Shortcut: C:\Users\Default\Desktop\CyberLink YouCam.lnk -> C:\Program Files\CyberLink\YouCam\YouCam.exe (CyberLink Corp.)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam\CyberLink YouCam.lnk -> C:\Program Files\CyberLink\YouCam\YouCam.exe (CyberLink Corp.)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam\Readme.lnk -> C:\Program Files\CyberLink\YouCam\Language\YouCamDEU.htm ()
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam\YouCam Hilfe.lnk -> C:\Program Files\CyberLink\YouCam\Language\YouCamDeu.chm ()
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Adobe Reader 9.lnk -> C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\Public\Desktop\AnyPC.lnk -> C:\Program Files\AnyPC Client\APStart.exe ()
Shortcut: C:\Users\Public\Desktop\Easy Network Manager.lnk -> C:\Program Files\Samsung\Easy Network Manager\ENM.exe (Samsung Electronics Co. Ltd)
Shortcut: C:\Users\Public\Desktop\Game Pack.lnk -> C:\Program Files\Samsung Casual Games\GameConsole\GamePack.exe (Oberon Media)
Shortcut: C:\Users\Public\Desktop\Gothic III.lnk -> C:\Program Files\Gothic III\Gothic3.exe (Pluto 13 GmbH)
Shortcut: C:\Users\Public\Desktop\Microsoft Office - 60 Day Trial.lnk -> C:\Program Files\Microsoft Office Suite Activation Assistant\OAA.exe (Digital River Inc. )
Shortcut: C:\Users\Public\Desktop\Samsung Recovery Solution 4.lnk -> C:\Program Files\Samsung\Samsung Recovery Solution 4\Manager1.exe (SEC)
Shortcut: C:\Users\Public\Desktop\Samsung Support Center.lnk -> C:\Program Files\Samsung\Samsung Support Center\SSCMain.exe (SAMSUNG Electronics)
Shortcut: C:\Users\Public\Desktop\Samsung Update Plus.lnk -> C:\Program Files\Samsung\Samsung Update Plus\SupClientApp.exe ()
Shortcut: C:\Users\Public\Desktop\User Guide.lnk -> C:\Program Files\Samsung\SamsungManual\RunManual.exe (Samsung Electronics)
Shortcut: C:\Users\UpdatusUser\Desktop\CyberLink YouCam.lnk -> C:\Program Files\CyberLink\YouCam\YouCam.exe (CyberLink Corp.)
Shortcut: C:\Users\UpdatusUser\Desktop\Mount&Blade.lnk -> D:\Spiele\Mount&Blade\mount&blade.exe ( Taleworlds Entertainment)
Shortcut: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam\CyberLink YouCam.lnk -> C:\Program Files\CyberLink\YouCam\YouCam.exe (CyberLink Corp.)
Shortcut: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam\Readme.lnk -> C:\Program Files\CyberLink\YouCam\Language\YouCamDEU.htm ()
Shortcut: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam\YouCam Hilfe.lnk -> C:\Program Files\CyberLink\YouCam\Language\YouCamDeu.chm ()
Shortcut: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\user\Links\Desktop.lnk -> C:\Users\user\Desktop ()
Shortcut: C:\Users\user\Links\Downloads.lnk -> C:\Users\user\Downloads ()
Shortcut: C:\Users\user\Desktop\CyberLink YouCam.lnk -> C:\Program Files\CyberLink\YouCam\YouCam.exe (CyberLink Corp.)
Shortcut: C:\Users\user\Desktop\Mount&Blade.lnk -> D:\Spiele\Mount&Blade\mount&blade.exe ( Taleworlds Entertainment)
Shortcut: C:\Users\user\Desktop\Start Emsisoft Emergency Kit.lnk -> C:\EEK\bin\a2emergencykit.exe (No File)
Shortcut: C:\Users\user\Desktop\Gramps\GrampsAIO 4.0.3-console.lnk -> C:\Program Files\GrampsAIO-4.0.3\bin\gramps.exe (www.gramps-project.org)
Shortcut: C:\Users\user\Desktop\Gramps\GrampsAIO 4.0.3-debug.lnk -> C:\Program Files\GrampsAIO-4.0.3\bin\grampsd.exe (www.gramps-project.org)
Shortcut: C:\Users\user\Desktop\Gramps\GrampsAIO 4.0.3.lnk -> C:\Program Files\GrampsAIO-4.0.3\bin\grampsw.exe (www.gramps-project.org)
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam\CyberLink YouCam.lnk -> C:\Program Files\CyberLink\YouCam\YouCam.exe (CyberLink Corp.)
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam\Readme.lnk -> C:\Program Files\CyberLink\YouCam\Language\YouCamDEU.htm ()
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam\YouCam Hilfe.lnk -> C:\Program Files\CyberLink\YouCam\Language\YouCamDeu.chm ()
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\user\AppData\Local\Microsoft\Windows\GameExplorer\{DADC8F83-AFB8-4255-8036-052238A18A8A}\PlayTasks\0\Play.lnk -> C:\Program Files\Samsung Casual Games\Alice Greenfingers\Launch.exe (Oberon Media Inc.)
Shortcut: C:\Users\user\AppData\Local\Microsoft\Windows\GameExplorer\{72897716-6367-488F-98F0-12B17DBFBDD7}\PlayTasks\1\Call of Duty(R) - World at War(TM) - Mehrspieler.lnk -> C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe (Activision Blizzard, Inc.)
Shortcut: C:\Users\user\AppData\Local\Microsoft\Windows\GameExplorer\{72897716-6367-488F-98F0-12B17DBFBDD7}\PlayTasks\0\Call of Duty(R) - World at War(TM) Einzelspieler - Koop.lnk -> C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe (Activision Blizzard, Inc.)
Shortcut: C:\Users\user\AppData\Local\Microsoft\Windows\GameExplorer\{1CCDAE49-A8C0-4524-AA17-07BCF836569F}\PlayTasks\0\Spielen.lnk -> C:\Program Files\Gothic III\Gothic3.exe (Pluto 13 GmbH)
Shortcut: C:\Users\user\AppData\Local\Microsoft\Windows\GameExplorer\{07E7878E-762D-46D5-B8B8-7632A8DA579B}\PlayTasks\0\Play.lnk -> C:\Program Files\Samsung Casual Games\Elf Bowling Hawaiian Vacation\Launch.exe (Oberon Media Inc.)




ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Images2PDF\Images2PDF Console Application.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k "C:\Program Files\PDFCreator\Images2PDF\Images2PDFC.exe"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2\Uninstall or Modify PDF Architect 2.lnk -> C:\ProgramData\PDF Architect 2\Installation\PDFArchitect2Installer.exe (© pdfforge GmbH.) -> /uninstall
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2005\Konfigurationstools\SQL Server-Konfigurations-Manager.lnk -> C:\Windows\System32\mmc.exe (Microsoft Corporation) -> /32 "C:\windows\system32\SQLServerManager.msc"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\My Avira\Avira.lnk -> C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG) -> /showMiniGui
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam\Online Registrierung.lnk -> C:\Program Files\CyberLink\YouCam\OLRSubmission\OLRSubmission.exe () -> /LANG:DEU
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam\YouCam deinstallieren.lnk -> C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe (Macrovision Corporation                                  ) -> -l0x000407 /z-uninstall
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Public\Desktop\Avira.lnk -> C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG) -> /showMiniGui
ShortcutWithArgument: C:\Users\Public\Desktop\Browserwahl.lnk -> C:\Windows\System32\browserchoice.exe (Microsoft Corporation) -> /launch
ShortcutWithArgument: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam\Online Registrierung.lnk -> C:\Program Files\CyberLink\YouCam\OLRSubmission\OLRSubmission.exe () -> /LANG:DEU
ShortcutWithArgument: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam\YouCam deinstallieren.lnk -> C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe (Macrovision Corporation                                  ) -> -l0x000407 /z-uninstall
ShortcutWithArgument: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) -> /tsr
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam\Online Registrierung.lnk -> C:\Program Files\CyberLink\YouCam\OLRSubmission\OLRSubmission.exe () -> /LANG:DEU
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam\YouCam deinstallieren.lnk -> C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe (Macrovision Corporation                                  ) -> -l0x000407 /z-uninstall
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1


InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cadvilla professional 4\Support.url -> hxxp://www.cadvilla.com/support
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cadvilla professional 4\Hilfe\Online-Tutorial.url -> hxxp://www.cadvilla.com/de/tutorial
InternetURL: C:\Users\user\Favorites\Cottage Lake House Plan 5572 - 4 Bedrooms and 3 Baths  The House Designers.url -> hxxp://www.thehousedesigners.com/plan/cottage-lake-5572/
InternetURL: C:\Users\user\Favorites\Galleries of Timber Houses - Timber Home Living.url -> hxxp://www.timberhomeliving.com/category/timber-home-galleries/
InternetURL: C:\Users\user\Favorites\http--www.kotte-zeller.de-5-11-Tactical-Umhaengetasche-Rush-Moab-6-schwarz.htmwebsale8=kotte-zeller-shop&pi=122207&ci=017019.url -> hxxp://www.kotte-zeller.de/5-11-Tactical-Umhaengetasche-Rush-Moab-6-schwarz.htm?websale8=kotte-zeller-shop&pi=122207&ci=017019
InternetURL: C:\Users\user\Favorites\Tipp Kolumbien – Elfenbeinküste WM 2014 Prognose  Fussball Wetten.url -> hxxp://www.fussball-wetten.com/wm-2014-tipps/tipp-kolumbien-elfenbeinkueste-wm-2014-prognose/
InternetURL: C:\Users\user\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742
InternetURL: C:\Users\user\Favorites\Windows Live\Windows Live Ideas.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72700
InternetURL: C:\Users\user\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72681
InternetURL: C:\Users\user\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72682
InternetURL: C:\Users\user\Favorites\Urlaub\Reisen zu Piratenpreisen!.url -> hxxp://www.urlaubspiraten.de/
InternetURL: C:\Users\user\Favorites\Urlaub\Urlaubsguru » Reise Schnäppchen Blog für Urlaub, Flüge und Hotels.url -> hxxp://www.urlaubsguru.de/
InternetURL: C:\Users\user\Favorites\MSN-Websites\MSN Auto.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72680
InternetURL: C:\Users\user\Favorites\MSN-Websites\MSN Fernsehen.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72659
InternetURL: C:\Users\user\Favorites\MSN-Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72640
InternetURL: C:\Users\user\Favorites\MSN-Websites\MSN Nachrichten.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72636
InternetURL: C:\Users\user\Favorites\MSN-Websites\MSN Sport.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72635
InternetURL: C:\Users\user\Favorites\MSN-Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72630
InternetURL: C:\Users\user\Favorites\Microsoft-Websites\IE-Site auf Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72186
InternetURL: C:\Users\user\Favorites\Microsoft-Websites\Microsoft Deutschland GmbH.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72520
InternetURL: C:\Users\user\Favorites\Microsoft-Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\user\Favorites\Microsoft-Websites\Microsoft Windows - Start.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72629
InternetURL: C:\Users\user\Favorites\Microsoft-Websites\Microsoft zu Hause.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72406
InternetURL: C:\Users\user\Favorites\Microsoft-Websites\Microsoft.com durchsuchen.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72893
InternetURL: C:\Users\user\Favorites\Microsoft-Websites\Site für IE Add-Ons.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\user\Favorites\Links\Vorgeschlagene Sites.url -> https://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\user\Favorites\Links\Web Slice-Katalog.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315

==================== End of log =============================
Es ist übrigens seitdem nichts mehr aufgepoppt.

Warlord711 12.09.2014 07:51
Mal schauen ob wir noch Infos zu diesem einen Fund bekommen:

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
file: C:\Users\Public\Desktop\Game Pack.lnk

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Keyssie 12.09.2014 08:42
Hi,

das Game Pack Shortcut war schon von Anfang an auf dem Laptop. Dachte ich zumindest ...

Hier das Log
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-09-2014
Ran by user at 2014-09-12 09:41:14 Run:4
Running from C:\Users\user\Desktop\Trojanercheck
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
file: C:\Users\Public\Desktop\Game Pack.lnk
*****************


========================= file: C:\Users\Public\Desktop\Game Pack.lnk ========================

MD5: 989F6FAA3DE31A1218D428F96B457AC7
Creation and modification date: 2009-12-05 20:07 - 2009-12-05 20:07
Size: 0002121
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product Name:
Description:
File Version:
Product Version:
Copyright:

====== End Of File: ======


==== End of Fixlog ====

Warlord711 12.09.2014 11:15
Ok, die Datei scheint ne Falschmeldung zu sein.

Wir hatten ja noch das Problem der SP1 Installation, richtig ?


Hast du schon versucht, das Update herunterzuladen und manuell zu installieren ?

Download Windows 7 und Windows Server 2008 R2 Service Pack 1 (KB976932) from Official Microsoft Download Center

Falls nein, mal testen und berichten, was passiert.

Keyssie 12.09.2014 11:57
ja hatte ich schon. Da kam diese Assembly Fehlermeldung, ich starte es noch einmal neu...

hab die Datei windwos6.1-KB976932-X86.exe gespeichert. Er startet auch
"Computer wird vorbereitet".... (12:34 Uhr)
Klick auf "Installieren" mit Häkchen für den Computer Neustart (12:35 Uhr)
der grüne Balken schreitet voran bis ca. zur Hälfte
da bleibt er stehen bis zum Abbruch (12:56 Uhr)
"Installation war nich terfolgreich die referenziert Assembly konnte nicht gefunden werden."
Details:
"Fehler: ERROR_SXS_ASSEMBL_MISSING(0x80073701)

Warlord711 12.09.2014 12:17
Kannst du mir die Datei c:\windows\Logs\CBS\CBS.log von deinem Rechner hochladen ?

Keyssie 12.09.2014 13:53
sieht schlecht aus. Da scheint zuviel drin zu sein. Ich splitte das mal....

11.09.2014 - Teil 1:

Code:
2014-09-11 00:18:52, Info                  CBS    Starting TrustedInstaller initialization.
2014-09-11 00:18:52, Info                  CBS    Loaded Servicing Stack v6.1.7601.17592 with Core: C:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\cbscore.dll
2014-09-11 00:18:53, Info                  CSI    00000001@2014/9/10:22:18:53.969 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x583ade79 @0x6a685d7d @0x6a66205a @0xfa1c99 @0xfa1236 @0x77aa75a8)
2014-09-11 00:18:53, Info                  CSI    00000002@2014/9/10:22:18:53.969 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x583ade79 @0x6a6c7183 @0x6a6c4013 @0xfa1c99 @0xfa1236 @0x77aa75a8)
2014-09-11 00:18:53, Info                  CSI    00000003@2014/9/10:22:18:53.969 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x583ade79 @0x712c4bc8 @0x712c54a6 @0xfa1327 @0xfa1245 @0x77aa75a8)
2014-09-11 00:18:53, Info                  CBS    Ending TrustedInstaller initialization.
2014-09-11 00:18:53, Info                  CBS    Starting the TrustedInstaller main loop.
2014-09-11 00:18:53, Info                  CBS    TrustedInstaller service starts successfully.
2014-09-11 00:18:53, Info                  CBS    SQM: Initializing online with Windows opt-in: False
2014-09-11 00:18:53, Info                  CBS    SQM: Cleaning up report files older than 10 days.
2014-09-11 00:18:53, Info                  CBS    SQM: Requesting upload of all unsent reports.
2014-09-11 00:18:53, Info                  CBS    SQM: Failed to start upload with file pattern: C:\windows\servicing\sqm\*_std.sqm, flags: 0x2 [HRESULT = 0x80004005 - E_FAIL]
2014-09-11 00:18:53, Info                  CBS    SQM: Failed to start standard sample upload. [HRESULT = 0x80004005 - E_FAIL]
2014-09-11 00:18:53, Info                  CBS    SQM: Failed to start upload with file pattern: C:\windows\servicing\sqm\*_all.sqm, flags: 0x6 [HRESULT = 0x80004005 - E_FAIL]
2014-09-11 00:18:53, Info                  CBS    SQM: Failed to start always sample upload. [HRESULT = 0x80004005 - E_FAIL]
2014-09-11 00:18:53, Info                  CBS    SQM: Warning: Failed to upload all unsent reports. [HRESULT = 0x80004005 - E_FAIL]
2014-09-11 00:18:53, Info                  CBS    No startup processing required, TrustedInstaller service was not set as autostart, or else a reboot is still pending.
2014-09-11 00:18:53, Info                  CBS    NonStart: Checking to ensure startup processing was not required.
2014-09-11 00:18:53, Info                  CSI    00000004 IAdvancedInstallerAwareStore_ResolvePendingTransactions (call 1) (flags = 00000004, progress = NULL, phase = 0, pdwDisposition = @0xd0f9e0
2014-09-11 00:18:53, Info                  CSI    00000005 Creating NT transaction (seq 1), objectname [6]"(null)"
2014-09-11 00:18:53, Info                  CSI    00000006 Created NT transaction (seq 1) result 0x00000000, handle @0x1d8
2014-09-11 00:18:53, Info                  CSI    00000007@2014/9/10:22:18:53.984 CSI perf trace:
CSIPERF:TXCOMMIT;710
2014-09-11 00:18:53, Info                  CBS    NonStart: Success, startup processing not required as expected.
2014-09-11 00:18:53, Info                  CBS    Startup processing thread terminated normally
2014-09-11 00:18:54, Info                  CBS    Loading offline registry hive: SOFTWARE, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy3/windows/System32/config/SOFTWARE' from path '\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy3\windows\System32\config\SOFTWARE'.
2014-09-11 00:18:54, Info                  CBS    Loading offline registry hive: SYSTEM, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy3/windows/System32/config/SYSTEM' from path '\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy3\windows\System32\config\SYSTEM'.
2014-09-11 00:18:54, Info                  CBS    Loading offline registry hive: SECURITY, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy3/windows/System32/config/SECURITY' from path '\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy3\windows\System32\config\SECURITY'.
2014-09-11 00:18:54, Info                  CBS    Loading offline registry hive: SAM, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy3/windows/System32/config/SAM' from path '\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy3\windows\System32\config\SAM'.
2014-09-11 00:18:54, Info                  CBS    Loading offline registry hive: COMPONENTS, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy3/windows/System32/config/COMPONENTS' from path '\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy3\windows\System32\config\COMPONENTS'.
2014-09-11 00:18:54, Info                  CBS    Loading offline registry hive: DEFAULT, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy3/windows/System32/config/DEFAULT' from path '\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy3\windows\System32\config\DEFAULT'.
2014-09-11 00:18:54, Info                  CBS    Loading offline registry hive: ntuser.dat, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy3/Users/default/ntuser.dat' from path '\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy3\Users\default\ntuser.dat'.
2014-09-11 00:18:54, Info                  CBS    Loading offline registry hive: schema.dat, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy3/windows/system32/smi/store/Machine/schema.dat' from path '\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy3\windows\system32\smi\store\Machine\schema.dat'.
2014-09-11 00:18:54, Info                  CBS    Offline image is: read-only
2014-09-11 00:18:54, Info                  CBS    Disabling manifest caching, because the image is not writeable.
2014-09-11 00:18:54, Info                  CSI    00000008 CSI Store 2694480 (0x00291d50) initialized
2014-09-11 00:18:54, Info                  CBS    Session: 4852_17984824 initialized by client SPP.
2014-09-11 00:19:03, Info                  CBS    Archived backup log: C:\windows\Logs\CBS\CbsPersist_20140910221852.cab.
2014-09-11 00:19:25, Info                  CBS    Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy3/windows/System32/config/SOFTWARE
2014-09-11 00:19:25, Info                  CBS    Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy3/windows/System32/config/SYSTEM
2014-09-11 00:19:25, Info                  CBS    Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy3/windows/System32/config/SECURITY
2014-09-11 00:19:25, Info                  CBS    Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy3/windows/System32/config/SAM
2014-09-11 00:19:25, Info                  CBS    Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy3/windows/System32/config/COMPONENTS
2014-09-11 00:19:25, Info                  CBS    Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy3/windows/System32/config/DEFAULT
2014-09-11 00:19:25, Info                  CBS    Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy3/Users/default/ntuser.dat
2014-09-11 00:19:25, Info                  CBS    Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy3/windows/system32/smi/store/Machine/schema.dat
2014-09-11 00:29:26, Info                  CBS    Reboot mark refs incremented to: 1
2014-09-11 00:29:26, Info                  CBS    Scavenge: Starts
2014-09-11 00:29:26, Info                  CSI    00000009 CSI Store 2221488 (0x0021e5b0) initialized
2014-09-11 00:29:26, Info                  CSI    0000000a@2014/9/10:22:29:26.316 CSI Transaction @0x220828 initialized for deployment engine {d16d444c-56d8-11d5-882d-0080c847b195} with flags 00000002 and client id [10]"TI6.0_0:0/"

2014-09-11 00:29:26, Info                  CBS    Scavenge: Begin CSI Store
2014-09-11 00:29:26, Info                  CSI    0000000b Performing 1 operations; 1 are not lock/unlock and follow:
  Scavenge (8): flags: 00000017
2014-09-11 00:29:26, Info                  CSI    0000000c Store coherency cookie matches last scavenge cookie, skipping scavenge.
2014-09-11 00:29:26, Info                  CSI    0000000d ICSITransaction::Commit calling IStorePendingTransaction::Apply - coldpatching=FALSE applyflags=7
2014-09-11 00:29:26, Info                  CSI    0000000e Creating NT transaction (seq 2), objectname [6]"(null)"
2014-09-11 00:29:26, Info                  CSI    0000000f Created NT transaction (seq 2) result 0x00000000, handle @0x214
2014-09-11 00:29:26, Info                  CSI    00000010@2014/9/10:22:29:26.612 CSI perf trace:
CSIPERF:TXCOMMIT;21987
2014-09-11 00:29:26, Info                  CBS    Scavenge: Completed, disposition: 0X1
2014-09-11 00:29:26, Info                  CSI    00000011@2014/9/10:22:29:26.612 CSI Transaction @0x220828 destroyed
2014-09-11 00:29:26, Info                  CBS    Reboot mark refs: 0
2014-09-11 00:29:26, Info                  CBS    Idle processing thread terminated normally
2014-09-11 00:29:26, Info                  CBS    Ending the TrustedInstaller main loop.
2014-09-11 00:29:26, Info                  CBS    Starting TrustedInstaller finalization.
2014-09-11 00:29:26, Info                  CBS    Ending TrustedInstaller finalization.
2014-09-11 00:40:21, Info                  CBS    Starting TrustedInstaller initialization.
2014-09-11 00:40:21, Info                  CBS    Loaded Servicing Stack v6.1.7601.17592 with Core: C:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\cbscore.dll
2014-09-11 00:40:22, Info                  CSI    00000001@2014/9/10:22:40:22.531 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x5724de79 @0x6a685d7d @0x6a66205a @0xa31c99 @0xa31236 @0x77aa75a8)
2014-09-11 00:40:22, Info                  CSI    00000002@2014/9/10:22:40:22.547 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x5724de79 @0x6a6c7183 @0x6a6c4013 @0xa31c99 @0xa31236 @0x77aa75a8)
2014-09-11 00:40:22, Info                  CSI    00000003@2014/9/10:22:40:22.547 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x5724de79 @0x6f5e4bc8 @0x6f5e54a6 @0xa31327 @0xa31245 @0x77aa75a8)
2014-09-11 00:40:22, Info                  CBS    Ending TrustedInstaller initialization.
2014-09-11 00:40:22, Info                  CBS    Starting the TrustedInstaller main loop.
2014-09-11 00:40:22, Info                  CBS    TrustedInstaller service starts successfully.
2014-09-11 00:40:22, Info                  CBS    SQM: Initializing online with Windows opt-in: False
2014-09-11 00:40:22, Info                  CBS    SQM: Cleaning up report files older than 10 days.
2014-09-11 00:40:22, Info                  CBS    SQM: Requesting upload of all unsent reports.
2014-09-11 00:40:22, Info                  CBS    SQM: Failed to start upload with file pattern: C:\windows\servicing\sqm\*_std.sqm, flags: 0x2 [HRESULT = 0x80004005 - E_FAIL]
2014-09-11 00:40:22, Info                  CBS    SQM: Failed to start standard sample upload. [HRESULT = 0x80004005 - E_FAIL]
2014-09-11 00:40:22, Info                  CBS    SQM: Failed to start upload with file pattern: C:\windows\servicing\sqm\*_all.sqm, flags: 0x6 [HRESULT = 0x80004005 - E_FAIL]
2014-09-11 00:40:22, Info                  CBS    SQM: Failed to start always sample upload. [HRESULT = 0x80004005 - E_FAIL]
2014-09-11 00:40:22, Info                  CBS    SQM: Warning: Failed to upload all unsent reports. [HRESULT = 0x80004005 - E_FAIL]
2014-09-11 00:40:22, Info                  CBS    No startup processing required, TrustedInstaller service was not set as autostart, or else a reboot is still pending.
2014-09-11 00:40:22, Info                  CBS    NonStart: Checking to ensure startup processing was not required.
2014-09-11 00:40:22, Info                  CSI    00000004 IAdvancedInstallerAwareStore_ResolvePendingTransactions (call 1) (flags = 00000004, progress = NULL, phase = 0, pdwDisposition = @0xa2fa74
2014-09-11 00:40:22, Info                  CSI    00000005 Creating NT transaction (seq 1), objectname [6]"(null)"
2014-09-11 00:40:22, Info                  CSI    00000006 Created NT transaction (seq 1) result 0x00000000, handle @0x1c0
2014-09-11 00:40:22, Info                  CSI    00000007@2014/9/10:22:40:22.562 CSI perf trace:
CSIPERF:TXCOMMIT;936
2014-09-11 00:40:22, Info                  CBS    NonStart: Success, startup processing not required as expected.
2014-09-11 00:40:22, Info                  CBS    Startup processing thread terminated normally
2014-09-11 00:40:22, Info                  CSI    00000008 CSI Store 2352528 (0x0023e590) initialized
2014-09-11 00:40:22, Info                  CBS    Session: 30395720_887565687 initialized by client WinMgmt.
2014-09-11 00:40:36, Info                  CBS    Session: 30395720_887565687 finalized. Reboot required: no [HRESULT = 0x00000000 - S_OK]
2014-09-11 00:50:36, Info                  CBS    Reboot mark refs incremented to: 1
2014-09-11 00:50:36, Info                  CBS    Scavenge: Starts
2014-09-11 00:50:36, Info                  CSI    00000009@2014/9/10:22:50:36.735 CSI Transaction @0x2a30768 initialized for deployment engine {d16d444c-56d8-11d5-882d-0080c847b195} with flags 00000002 and client id [10]"TI6.0_0:0/"

2014-09-11 00:50:36, Info                  CBS    Scavenge: Begin CSI Store
2014-09-11 00:50:36, Info                  CSI    0000000a Performing 1 operations; 1 are not lock/unlock and follow:
  Scavenge (8): flags: 00000017
2014-09-11 00:50:36, Info                  CSI    0000000b Store coherency cookie matches last scavenge cookie, skipping scavenge.
2014-09-11 00:50:36, Info                  CSI    0000000c ICSITransaction::Commit calling IStorePendingTransaction::Apply - coldpatching=FALSE applyflags=7
2014-09-11 00:50:36, Info                  CSI    0000000d Creating NT transaction (seq 2), objectname [6]"(null)"
2014-09-11 00:50:36, Info                  CSI    0000000e Created NT transaction (seq 2) result 0x00000000, handle @0x1fc
2014-09-11 00:50:36, Info                  CSI    0000000f@2014/9/10:22:50:36.969 CSI perf trace:
CSIPERF:TXCOMMIT;24251
2014-09-11 00:50:36, Info                  CBS    Scavenge: Completed, disposition: 0X1
2014-09-11 00:50:36, Info                  CSI    00000010@2014/9/10:22:50:36.985 CSI Transaction @0x2a30768 destroyed
2014-09-11 00:50:37, Info                  CBS    Reboot mark refs: 0
2014-09-11 00:50:37, Info                  CBS    Idle processing thread terminated normally
2014-09-11 00:50:37, Info                  CBS    Ending the TrustedInstaller main loop.
2014-09-11 00:50:37, Info                  CBS    Starting TrustedInstaller finalization.
2014-09-11 00:50:37, Info                  CBS    Ending TrustedInstaller finalization.
2014-09-11 06:50:09, Info                  CBS    Starting TrustedInstaller initialization.
2014-09-11 06:50:09, Info                  CBS    Loaded Servicing Stack v6.1.7601.17592 with Core: C:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\cbscore.dll
2014-09-11 06:50:10, Info                  CSI    00000001@2014/9/11:04:50:10.351 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x7313de79 @0x73325d7d @0x7330205a @0xae1c99 @0xae1236 @0x77aa75a8)
2014-09-11 06:50:10, Info                  CSI    00000002@2014/9/11:04:50:10.366 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x7313de79 @0x73367183 @0x73364013 @0xae1c99 @0xae1236 @0x77aa75a8)
2014-09-11 06:50:10, Info                  CSI    00000003@2014/9/11:04:50:10.366 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x7313de79 @0x73734bc8 @0x737354a6 @0xae1327 @0xae1245 @0x77aa75a8)
2014-09-11 06:50:10, Info                  CBS    Ending TrustedInstaller initialization.
2014-09-11 06:50:10, Info                  CBS    Starting the TrustedInstaller main loop.
2014-09-11 06:50:10, Info                  CBS    TrustedInstaller service starts successfully.
2014-09-11 06:50:10, Info                  CBS    SQM: Initializing online with Windows opt-in: False
2014-09-11 06:50:10, Info                  CBS    SQM: Cleaning up report files older than 10 days.
2014-09-11 06:50:10, Info                  CBS    SQM: Requesting upload of all unsent reports.
2014-09-11 06:50:10, Info                  CBS    SQM: Failed to start upload with file pattern: C:\windows\servicing\sqm\*_std.sqm, flags: 0x2 [HRESULT = 0x80004005 - E_FAIL]
2014-09-11 06:50:10, Info                  CBS    SQM: Failed to start standard sample upload. [HRESULT = 0x80004005 - E_FAIL]
2014-09-11 06:50:10, Info                  CBS    SQM: Queued 0 file(s) for upload with pattern: C:\windows\servicing\sqm\*_all.sqm, flags: 0x6
2014-09-11 06:50:10, Info                  CBS    SQM: Warning: Failed to upload all unsent reports. [HRESULT = 0x80004005 - E_FAIL]
2014-09-11 06:50:10, Info                  CBS    No startup processing required, TrustedInstaller service was not set as autostart, or else a reboot is still pending.
2014-09-11 06:50:10, Info                  CBS    NonStart: Checking to ensure startup processing was not required.
2014-09-11 06:50:10, Info                  CSI    00000004 IAdvancedInstallerAwareStore_ResolvePendingTransactions (call 1) (flags = 00000004, progress = NULL, phase = 0, pdwDisposition = @0xdbf9ec
2014-09-11 06:50:10, Info                  CSI    00000005 Creating NT transaction (seq 1), objectname [6]"(null)"
2014-09-11 06:50:10, Info                  CSI    00000006 Created NT transaction (seq 1) result 0x00000000, handle @0x1c0
2014-09-11 06:50:10, Info                  CSI    00000007@2014/9/11:04:50:10.398 CSI perf trace:
CSIPERF:TXCOMMIT;690
2014-09-11 06:50:10, Info                  CBS    NonStart: Success, startup processing not required as expected.
2014-09-11 06:50:10, Info                  CBS    Startup processing thread terminated normally
2014-09-11 06:50:10, Info                  CSI    00000008 CSI Store 1762672 (0x001ae570) initialized
2014-09-11 06:50:10, Info                  CBS    Session: 30395771_3722431991 initialized by client WindowsUpdateAgent.
2014-09-11 06:50:11, Info                  CBS    Trusted Installer signaled for shutdown, going to exit.
2014-09-11 06:50:11, Info                  CBS    Ending the TrustedInstaller main loop.
2014-09-11 06:50:11, Info                  CBS    Starting TrustedInstaller finalization.
2014-09-11 06:50:12, Info                  CBS    Ending TrustedInstaller finalization.
2014-09-11 17:14:04, Info                  CBS    Starting TrustedInstaller initialization.
2014-09-11 17:14:04, Info                  CBS    Loaded Servicing Stack v6.1.7601.17592 with Core: C:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\cbscore.dll
2014-09-11 17:14:05, Info                  CSI    00000001@2014/9/11:15:14:05.469 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x5958de79 @0x59775d7d @0x5975205a @0xd81c99 @0xd81236 @0x76c975a8)
2014-09-11 17:14:05, Info                  CSI    00000002@2014/9/11:15:14:05.484 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x5958de79 @0x597b7183 @0x597b4013 @0xd81c99 @0xd81236 @0x76c975a8)
2014-09-11 17:14:05, Info                  CSI    00000003@2014/9/11:15:14:05.484 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x5958de79 @0x6c014bc8 @0x6c0154a6 @0xd81327 @0xd81245 @0x76c975a8)
2014-09-11 17:14:05, Info                  CBS    Ending TrustedInstaller initialization.
2014-09-11 17:14:05, Info                  CBS    Starting the TrustedInstaller main loop.
2014-09-11 17:14:05, Info                  CBS    TrustedInstaller service starts successfully.
2014-09-11 17:14:05, Info                  CBS    SQM: Initializing online with Windows opt-in: False
2014-09-11 17:14:05, Info                  CBS    SQM: Cleaning up report files older than 10 days.
2014-09-11 17:14:05, Info                  CBS    SQM: Requesting upload of all unsent reports.
2014-09-11 17:14:05, Info                  CBS    SQM: Failed to start upload with file pattern: C:\windows\servicing\sqm\*_std.sqm, flags: 0x2 [HRESULT = 0x80004005 - E_FAIL]
2014-09-11 17:14:05, Info                  CBS    SQM: Failed to start standard sample upload. [HRESULT = 0x80004005 - E_FAIL]
2014-09-11 17:14:05, Info                  CBS    SQM: Queued 0 file(s) for upload with pattern: C:\windows\servicing\sqm\*_all.sqm, flags: 0x6
2014-09-11 17:14:05, Info                  CBS    SQM: Warning: Failed to upload all unsent reports. [HRESULT = 0x80004005 - E_FAIL]
2014-09-11 17:14:05, Info                  CBS    No startup processing required, TrustedInstaller service was not set as autostart, or else a reboot is still pending.
2014-09-11 17:14:05, Info                  CBS    NonStart: Checking to ensure startup processing was not required.
2014-09-11 17:14:05, Info                  CSI    00000004 IAdvancedInstallerAwareStore_ResolvePendingTransactions (call 1) (flags = 00000004, progress = NULL, phase = 0, pdwDisposition = @0x150fbb4
2014-09-11 17:14:05, Info                  CSI    00000005 Creating NT transaction (seq 1), objectname [6]"(null)"
2014-09-11 17:14:05, Info                  CSI    00000006 Created NT transaction (seq 1) result 0x00000000, handle @0x1c0
2014-09-11 17:14:05, Info                  CSI    00000007@2014/9/11:15:14:05.609 CSI perf trace:
CSIPERF:TXCOMMIT;660
2014-09-11 17:14:05, Info                  CBS    NonStart: Success, startup processing not required as expected.
2014-09-11 17:14:05, Info                  CBS    Startup processing thread terminated normally
2014-09-11 17:14:05, Info                  CSI    00000008 CSI Store 4515184 (0x0044e570) initialized
2014-09-11 17:14:05, Info                  CBS    Session: 30395859_117581771 initialized by client WindowsUpdateAgent.
2014-09-11 17:14:05, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~x86~~7.6.7600.256, Parent: Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.0.6000.16386, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:05, Info                  CBS    Appl: detectParent: package: WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~x86~~7.6.7600.256, parent found: Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7600.16385, state: Installed
2014-09-11 17:14:05, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~x86~~7.6.7600.256, disposition state from detectParent: Installed
2014-09-11 17:14:05, Info                  CBS    Appl: Evaluating package applicability for package WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~x86~~7.6.7600.256, applicable state: Installed
2014-09-11 17:14:05, Info                  CSI    00000009@2014/9/11:15:14:05.672 CSI Transaction @0x49fbf8 initialized for deployment engine {d16d444c-56d8-11d5-882d-0080c847b195} with flags 00000002 and client id [25]"TI5.30395859_117581771:1/"

2014-09-11 17:14:05, Info                  CSI    0000000a@2014/9/11:15:14:05.796 CSI Transaction @0x49fbf8 destroyed
2014-09-11 17:14:05, Info                  CBS    Appl: Selfupdate, Component: x86_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_0.0.0.0_none_62d84d22ab3b4066 (7.6.7600.256), elevation:32, lower version revision holder: 7.3.7600.16385
2014-09-11 17:14:05, Info                  CBS    Applicability(ComponentAnalyzerEvaluateSelfUpdate): Component: x86_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.6.7600.256_none_09f272fb52ab0c3f, elevate: 32, applicable(true/false): 1
2014-09-11 17:14:05, Info                  CBS    Appl: SelfUpdate detect, component: x86_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.6.7600.256_none_09f272fb52ab0c3f, elevation: 32, applicable: 1
2014-09-11 17:14:05, Info                  CBS    Appl: Evaluating applicability block(non detectUpdate part), disposition is: Staged, applicability: Applicable, result applicability state: Installed
2014-09-11 17:14:05, Info                  CBS    Appl: Package: WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~x86~~7.6.7600.256, Update: ActiveX, Applicable: Applicable, Disposition: Installed
2014-09-11 17:14:05, Info                  CBS    External EvaluateApplicability, package: WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~x86~~7.6.7600.256, package applicable State: Installed, highest update applicable state: Installed, resulting applicable state:Installed
2014-09-11 17:14:05, Info                  CBS    Session: 30395859_119765775 initialized by client WindowsUpdateAgent.
2014-09-11 17:14:05, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.6.7600.256, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~en-US~6.0.6000.16386, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:05, Info                  CBS    Appl: detectParent: package: WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.6.7600.256, parent found: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~en-US~6.1.7600.16385, state: Installed
2014-09-11 17:14:05, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.6.7600.256, disposition state from detectParent: Installed
2014-09-11 17:14:05, Info                  CBS    Appl: Evaluating package applicability for package WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.6.7600.256, applicable state: Installed
2014-09-11 17:14:05, Info                  CBS    Appl: Evaluating package applicability for package WUClient-SelfUpdate-Aux~31bf3856ad364e35~x86~~7.6.7600.256, applicable state: Installed
2014-09-11 17:14:05, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Aux-AuxComp~31bf3856ad364e35~x86~~7.6.7600.256, Parent: Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.0.6000.16386, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:05, Info                  CBS    Appl: detectParent: package: WUClient-SelfUpdate-Aux-AuxComp~31bf3856ad364e35~x86~~7.6.7600.256, parent found: Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7600.16385, state: Installed
2014-09-11 17:14:05, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Aux-AuxComp~31bf3856ad364e35~x86~~7.6.7600.256, disposition state from detectParent: Installed
2014-09-11 17:14:05, Info                  CBS    Appl: Evaluating package applicability for package WUClient-SelfUpdate-Aux-AuxComp~31bf3856ad364e35~x86~~7.6.7600.256, applicable state: Installed
2014-09-11 17:14:05, Info                  CSI    0000000b@2014/9/11:15:14:05.999 CSI Transaction @0x4c1008 initialized for deployment engine {d16d444c-56d8-11d5-882d-0080c847b195} with flags 00000002 and client id [25]"TI5.30395859_119765775:1/"

2014-09-11 17:14:05, Info                  CSI    0000000c@2014/9/11:15:14:05.999 CSI Transaction @0x4c1008 destroyed
2014-09-11 17:14:05, Info                  CBS    Appl: Selfupdate, Component: x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_0.0.0.0_none_b8cd8ce205840e6a (7.6.7600.256), elevation:32, lower version revision holder: 7.3.7600.16385
2014-09-11 17:14:05, Info                  CBS    Applicability(ComponentAnalyzerEvaluateSelfUpdate): Component: x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.6.7600.256_none_5fe7b2baacf3da43, elevate: 32, applicable(true/false): 1
2014-09-11 17:14:05, Info                  CBS    Appl: SelfUpdate detect, component: x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.6.7600.256_none_5fe7b2baacf3da43, elevation: 32, applicable: 1
2014-09-11 17:14:05, Info                  CBS    Appl: Evaluating applicability block(non detectUpdate part), disposition is: Staged, applicability: Applicable, result applicability state: Installed
2014-09-11 17:14:05, Info                  CBS    Appl: Package: WUClient-SelfUpdate-Aux-AuxComp~31bf3856ad364e35~x86~~7.6.7600.256, Update: Aux, Applicable: Applicable, Disposition: Installed
2014-09-11 17:14:05, Info                  CBS    External EvaluateApplicability, package: WUClient-SelfUpdate-Aux-AuxComp~31bf3856ad364e35~x86~~7.6.7600.256, package applicable State: Installed, highest update applicable state: Installed, resulting applicable state:Installed
2014-09-11 17:14:05, Info                  CBS    External EvaluateApplicability, package: WUClient-SelfUpdate-Aux~31bf3856ad364e35~x86~~7.6.7600.256, package applicable State: Installed, highest update applicable state: Installed, resulting applicable state:Installed
2014-09-11 17:14:05, Info                  CBS    External EvaluateApplicability, package: WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.6.7600.256, package applicable State: Installed, highest update applicable state: Installed, resulting applicable state:Installed
2014-09-11 17:14:05, Info                  CBS    Session: 30395859_121169778 initialized by client WindowsUpdateAgent.
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~x86~~7.6.7600.256, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~en-US~6.0.6000.16386, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info                  CBS    Appl: detectParent: package: WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~x86~~7.6.7600.256, parent found: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~en-US~6.1.7600.16385, state: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~x86~~7.6.7600.256, disposition state from detectParent: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~x86~~7.6.7600.256, applicable state: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core~31bf3856ad364e35~x86~~7.6.7600.256, applicable state: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, Parent: Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.0.6000.16386, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info                  CBS    Appl: detectParent: package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, parent found: Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7600.16385, state: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, disposition state from detectParent: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, applicable state: Installed
2014-09-11 17:14:06, Info                  CSI    0000000d@2014/9/11:15:14:06.140 CSI Transaction @0x4bcee8 initialized for deployment engine {d16d444c-56d8-11d5-882d-0080c847b195} with flags 00000002 and client id [25]"TI5.30395859_121169778:1/"

2014-09-11 17:14:06, Info                  CSI    0000000e@2014/9/11:15:14:06.140 CSI Transaction @0x4bcee8 destroyed
2014-09-11 17:14:06, Info                  CBS    Appl: Selfupdate, Component: x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_0.0.0.0_none_d2bc5295f1c3b567 (7.6.7600.256), elevation:32, lower version revision holder: 7.3.7600.16385
2014-09-11 17:14:06, Info                  CBS    Applicability(ComponentAnalyzerEvaluateSelfUpdate): Component: x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7600.256_none_79d6786e99338140, elevate: 32, applicable(true/false): 1
2014-09-11 17:14:06, Info                  CBS    Appl: SelfUpdate detect, component: x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7600.256_none_79d6786e99338140, elevation: 32, applicable: 1
2014-09-11 17:14:06, Info                  CBS    Appl: Evaluating applicability block(non detectUpdate part), disposition is: Staged, applicability: Applicable, result applicability state: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, Update: Core, Applicable: Applicable, Disposition: Installed
2014-09-11 17:14:06, Info                  CBS    External EvaluateApplicability, package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, package applicable State: Installed, highest update applicable state: Installed, resulting applicable state:Installed
2014-09-11 17:14:06, Info                  CBS    External EvaluateApplicability, package: WUClient-SelfUpdate-Core~31bf3856ad364e35~x86~~7.6.7600.256, package applicable State: Installed, highest update applicable state: Installed, resulting applicable state:Installed
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, Parent: Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.0.6000.16386, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info                  CBS    Appl: detectParent: package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, parent found: Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7600.16385, state: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, disposition state from detectParent: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, applicable state: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: Selfupdate, Component: x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_0.0.0.0_none_d2bc5295f1c3b567 (7.6.7600.256), elevation:32, lower version revision holder: 7.3.7600.16385
2014-09-11 17:14:06, Info                  CBS    Applicability(ComponentAnalyzerEvaluateSelfUpdate): Component: x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7600.256_none_79d6786e99338140, elevate: 32, applicable(true/false): 1
2014-09-11 17:14:06, Info                  CBS    Appl: SelfUpdate detect, component: x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7600.256_none_79d6786e99338140, elevation: 32, applicable: 1
2014-09-11 17:14:06, Info                  CBS    Appl: Evaluating applicability block(non detectUpdate part), disposition is: Staged, applicability: Applicable, result applicability state: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, Update: Core, Applicable: Applicable, Disposition: Installed
2014-09-11 17:14:06, Info                  CBS    External EvaluateApplicability, package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, package applicable State: Installed, highest update applicable state: Installed, resulting applicable state:Installed
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~~7.6.7600.256, Parent: Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.0.6000.16386, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info                  CBS    Appl: detectParent: package: WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~~7.6.7600.256, parent found: Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7600.16385, state: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~~7.6.7600.256, disposition state from detectParent: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~~7.6.7600.256, applicable state: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: Selfupdate, Component: x86_microsoft-windows-windowsupdateclient-ui_31bf3856ad364e35_0.0.0.0_none_5069764091c7f818 (7.6.7600.256), elevation:32, lower version revision holder: 7.3.7600.16385
2014-09-11 17:14:06, Info                  CBS    Applicability(ComponentAnalyzerEvaluateSelfUpdate): Component: x86_microsoft-windows-windowsupdateclient-ui_31bf3856ad364e35_7.6.7600.256_none_f7839c193937c3f1, elevate: 32, applicable(true/false): 1
2014-09-11 17:14:06, Info                  CBS    Appl: SelfUpdate detect, component: x86_microsoft-windows-windowsupdateclient-ui_31bf3856ad364e35_7.6.7600.256_none_f7839c193937c3f1, elevation: 32, applicable: 1
2014-09-11 17:14:06, Info                  CBS    Appl: Evaluating applicability block(non detectUpdate part), disposition is: Staged, applicability: Applicable, result applicability state: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: Package: WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~~7.6.7600.256, Update: UI, Applicable: Applicable, Disposition: Installed
2014-09-11 17:14:06, Info                  CBS    External EvaluateApplicability, package: WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~~7.6.7600.256, package applicable State: Installed, highest update applicable state: Installed, resulting applicable state:Installed
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~~7.6.7600.256, Parent: Microsoft-Windows-GroupPolicy-ClientTools-Package~31bf3856ad364e35~x86~~6.0.6000.16386, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info                  CBS    Appl: detectParent: package: WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~~7.6.7600.256, parent found: Microsoft-Windows-GroupPolicy-ClientTools-Package~31bf3856ad364e35~x86~~6.1.7600.16385, state: Staged
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~~7.6.7600.256, Parent: Microsoft-Windows-GroupPolicy-ClientTools-Package~31bf3856ad364e35~x86~~6.0.6001.18000, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info                  CBS    Appl: detectParent: package: WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~~7.6.7600.256, parent found: Microsoft-Windows-GroupPolicy-ClientTools-Package~31bf3856ad364e35~x86~~6.1.7600.16385, state: Staged
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~~7.6.7600.256, Parent: Microsoft-Windows-GroupPolicy-ClientTools-Package~31bf3856ad364e35~x86~~6.1.7600.16385, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info                  CBS    Appl: detectParent: package: WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~~7.6.7600.256, parent found: Microsoft-Windows-GroupPolicy-ClientTools-Package~31bf3856ad364e35~x86~~6.1.7600.16385, state: Staged
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~~7.6.7600.256, disposition state from detectParent: Staged
2014-09-11 17:14:06, Info                  CBS    Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~~7.6.7600.256, applicable state: Staged
2014-09-11 17:14:06, Info                  CBS    EvaluateApplicability, package: WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~~7.6.7600.256, Package applicability: Staged.
2014-09-11 17:14:06, Info                  CBS    Appl: Partial install Status testing, package: WUClient-SelfUpdate-Core~31bf3856ad364e35~x86~~7.6.7600.256, partially installed (true/false), 0
2014-09-11 17:14:06, Info                  CBS    External EvaluateApplicability, package: WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~x86~~7.6.7600.256, package applicable State: Installed, highest update applicable state: Installed, resulting applicable state:Installed
2014-09-11 17:14:06, Info                  CBS    Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core~31bf3856ad364e35~x86~~7.6.7600.256, applicable state: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, Parent: Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.0.6000.16386, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info                  CBS    Appl: detectParent: package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, parent found: Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7600.16385, state: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, disposition state from detectParent: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, applicable state: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: Selfupdate, Component: x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_0.0.0.0_none_d2bc5295f1c3b567 (7.6.7600.256), elevation:32, lower version revision holder: 7.3.7600.16385
2014-09-11 17:14:06, Info                  CBS    Applicability(ComponentAnalyzerEvaluateSelfUpdate): Component: x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7600.256_none_79d6786e99338140, elevate: 32, applicable(true/false): 1
2014-09-11 17:14:06, Info                  CBS    Appl: SelfUpdate detect, component: x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7600.256_none_79d6786e99338140, elevation: 32, applicable: 1
2014-09-11 17:14:06, Info                  CBS    Appl: Evaluating applicability block(non detectUpdate part), disposition is: Staged, applicability: Applicable, result applicability state: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, Update: Core, Applicable: Applicable, Disposition: Installed
2014-09-11 17:14:06, Info                  CBS    External EvaluateApplicability, package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, package applicable State: Installed, highest update applicable state: Installed, resulting applicable state:Installed
2014-09-11 17:14:06, Info                  CBS    External EvaluateApplicability, package: WUClient-SelfUpdate-Core~31bf3856ad364e35~x86~~7.6.7600.256, package applicable State: Installed, highest update applicable state: Installed, resulting applicable state:Installed
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, Parent: Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.0.6000.16386, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info                  CBS    Appl: detectParent: package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, parent found: Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7600.16385, state: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, disposition state from detectParent: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, applicable state: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: Selfupdate, Component: x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_0.0.0.0_none_d2bc5295f1c3b567 (7.6.7600.256), elevation:32, lower version revision holder: 7.3.7600.16385
2014-09-11 17:14:06, Info                  CBS    Applicability(ComponentAnalyzerEvaluateSelfUpdate): Component: x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7600.256_none_79d6786e99338140, elevate: 32, applicable(true/false): 1
2014-09-11 17:14:06, Info                  CBS    Appl: SelfUpdate detect, component: x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7600.256_none_79d6786e99338140, elevation: 32, applicable: 1
2014-09-11 17:14:06, Info                  CBS    Appl: Evaluating applicability block(non detectUpdate part), disposition is: Staged, applicability: Applicable, result applicability state: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, Update: Core, Applicable: Applicable, Disposition: Installed
2014-09-11 17:14:06, Info                  CBS    External EvaluateApplicability, package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, package applicable State: Installed, highest update applicable state: Installed, resulting applicable state:Installed
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~~7.6.7600.256, Parent: Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.0.6000.16386, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info                  CBS    Appl: detectParent: package: WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~~7.6.7600.256, parent found: Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7600.16385, state: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~~7.6.7600.256, disposition state from detectParent: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~~7.6.7600.256, applicable state: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: Selfupdate, Component: x86_microsoft-windows-windowsupdateclient-ui_31bf3856ad364e35_0.0.0.0_none_5069764091c7f818 (7.6.7600.256), elevation:32, lower version revision holder: 7.3.7600.16385
2014-09-11 17:14:06, Info                  CBS    Applicability(ComponentAnalyzerEvaluateSelfUpdate): Component: x86_microsoft-windows-windowsupdateclient-ui_31bf3856ad364e35_7.6.7600.256_none_f7839c193937c3f1, elevate: 32, applicable(true/false): 1
2014-09-11 17:14:06, Info                  CBS    Appl: SelfUpdate detect, component: x86_microsoft-windows-windowsupdateclient-ui_31bf3856ad364e35_7.6.7600.256_none_f7839c193937c3f1, elevation: 32, applicable: 1
2014-09-11 17:14:06, Info                  CBS    Appl: Evaluating applicability block(non detectUpdate part), disposition is: Staged, applicability: Applicable, result applicability state: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: Package: WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~~7.6.7600.256, Update: UI, Applicable: Applicable, Disposition: Installed
2014-09-11 17:14:06, Info                  CBS    External EvaluateApplicability, package: WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~~7.6.7600.256, package applicable State: Installed, highest update applicable state: Installed, resulting applicable state:Installed
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~~7.6.7600.256, Parent: Microsoft-Windows-GroupPolicy-ClientTools-Package~31bf3856ad364e35~x86~~6.0.6000.16386, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info                  CBS    Appl: detectParent: package: WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~~7.6.7600.256, parent found: Microsoft-Windows-GroupPolicy-ClientTools-Package~31bf3856ad364e35~x86~~6.1.7600.16385, state: Staged
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~~7.6.7600.256, Parent: Microsoft-Windows-GroupPolicy-ClientTools-Package~31bf3856ad364e35~x86~~6.0.6001.18000, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info                  CBS    Appl: detectParent: package: WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~~7.6.7600.256, parent found: Microsoft-Windows-GroupPolicy-ClientTools-Package~31bf3856ad364e35~x86~~6.1.7600.16385, state: Staged
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~~7.6.7600.256, Parent: Microsoft-Windows-GroupPolicy-ClientTools-Package~31bf3856ad364e35~x86~~6.1.7600.16385, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info                  CBS    Appl: detectParent: package: WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~~7.6.7600.256, parent found: Microsoft-Windows-GroupPolicy-ClientTools-Package~31bf3856ad364e35~x86~~6.1.7600.16385, state: Staged
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~~7.6.7600.256, disposition state from detectParent: Staged
2014-09-11 17:14:06, Info                  CBS    Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~~7.6.7600.256, applicable state: Staged
2014-09-11 17:14:06, Info                  CBS    EvaluateApplicability, package: WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~~7.6.7600.256, Package applicability: Staged.
2014-09-11 17:14:06, Info                  CBS    Appl: Partial install Status testing, package: WUClient-SelfUpdate-Core~31bf3856ad364e35~x86~~7.6.7600.256, partially installed (true/false), 0
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~en-US~7.6.7600.256, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~en-US~6.0.6000.16386, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info                  CBS    Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~en-US~7.6.7600.256, parent found: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~en-US~6.1.7600.16385, state: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~en-US~7.6.7600.256, disposition state from detectParent: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~en-US~7.6.7600.256, applicable state: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core~31bf3856ad364e35~x86~en-US~7.6.7600.256, applicable state: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~en-US~7.6.7600.256, Parent: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info                  CBS    Appl: detectParent: package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~en-US~7.6.7600.256, parent found: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, state: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~en-US~7.6.7600.256, disposition state from detectParent: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~en-US~7.6.7600.256, applicable state: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: Selfupdate, Component: x86_microsoft-windows-w..ient-core.resources_31bf3856ad364e35_0.0.0.0_en-us_2830c01d265d652e (7.6.7600.256), elevation:32, lower version revision holder: 0.0.0.0
2014-09-11 17:14:06, Info                  CBS    Applicability(ComponentAnalyzerEvaluateSelfUpdate): Component: x86_microsoft-windows-w..ient-core.resources_31bf3856ad364e35_7.6.7600.256_en-us_cf4ae5f5cdcd3107, elevate: 32, applicable(true/false): 0
2014-09-11 17:14:06, Info                  CBS    Appl: SelfUpdate detect, component: x86_microsoft-windows-w..ient-core.resources_31bf3856ad364e35_7.6.7600.256_en-us_cf4ae5f5cdcd3107, elevation: 32, applicable: 0
2014-09-11 17:14:06, Info                  CBS    Appl: Evaluating applicability block(non detectUpdate part), disposition is: Staged, applicability: NotApplicable, result applicability state: Staged
2014-09-11 17:14:06, Info                  CBS    Appl: Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~en-US~7.6.7600.256, Update: Core, Applicable: NotApplicable, Disposition: Staged
2014-09-11 17:14:06, Info                  CBS    External EvaluateApplicability, package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~en-US~7.6.7600.256, package applicable State: Installed, highest update applicable state: Staged, resulting applicable state:Staged
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~en-US~7.6.7600.256, Parent: WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~~7.6.7600.256, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info                  CBS    Appl: detectParent: package: WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~en-US~7.6.7600.256, parent found: WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~~7.6.7600.256, state: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~en-US~7.6.7600.256, disposition state from detectParent: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~en-US~7.6.7600.256, applicable state: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: Selfupdate, Component: x86_microsoft-windows-w..client-ui.resources_31bf3856ad364e35_0.0.0.0_en-us_3988c727b40b5caf (7.6.7600.256), elevation:32, lower version revision holder: 0.0.0.0
2014-09-11 17:14:06, Info                  CBS    Applicability(ComponentAnalyzerEvaluateSelfUpdate): Component: x86_microsoft-windows-w..client-ui.resources_31bf3856ad364e35_7.6.7600.256_en-us_e0a2ed005b7b2888, elevate: 32, applicable(true/false): 0
2014-09-11 17:14:06, Info                  CBS    Appl: SelfUpdate detect, component: x86_microsoft-windows-w..client-ui.resources_31bf3856ad364e35_7.6.7600.256_en-us_e0a2ed005b7b2888, elevation: 32, applicable: 0
2014-09-11 17:14:06, Info                  CBS    Appl: Evaluating applicability block(non detectUpdate part), disposition is: Staged, applicability: NotApplicable, result applicability state: Staged
2014-09-11 17:14:06, Info                  CBS    Appl: Package: WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~en-US~7.6.7600.256, Update: UI, Applicable: NotApplicable, Disposition: Staged
2014-09-11 17:14:06, Info                  CBS    External EvaluateApplicability, package: WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~en-US~7.6.7600.256, package applicable State: Installed, highest update applicable state: Staged, resulting applicable state:Staged
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~en-US~7.6.7600.256, Parent: WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~~7.6.7600.256, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info                  CBS    Appl: detectParent: package: WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~en-US~7.6.7600.256, parent found: WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~~7.6.7600.256, state: Staged
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~en-US~7.6.7600.256, disposition state from detectParent: Staged
2014-09-11 17:14:06, Info                  CBS    Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~en-US~7.6.7600.256, applicable state: Staged
2014-09-11 17:14:06, Info                  CBS    EvaluateApplicability, package: WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~en-US~7.6.7600.256, Package applicability: Staged.
2014-09-11 17:14:06, Info                  CBS    External EvaluateApplicability, package: WUClient-SelfUpdate-Core~31bf3856ad364e35~x86~en-US~7.6.7600.256, package applicable State: Installed, highest update applicable state: Staged, resulting applicable state:Staged
2014-09-11 17:14:06, Info                  CBS    External EvaluateApplicability, package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~en-US~7.6.7600.256, package applicable State: Installed, highest update applicable state: Staged, resulting applicable state:Staged
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~ja-JP~7.6.7600.256, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~ja-JP~6.0.6000.16386, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info                  CBS    Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~ja-JP~7.6.7600.256, no parent found, go absent
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~ja-JP~7.6.7600.256, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~ja-JP~6.0.6001.18000, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info                  CBS    Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~ja-JP~7.6.7600.256, no parent found, go absent
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~ja-JP~7.6.7600.256, Parent: Microsoft-Windows-Server-LanguagePack-Package~31bf3856ad364e35~x86~ja-JP~6.0.6001.18000, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info                  CBS    Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~ja-JP~7.6.7600.256, no parent found, go absent
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~ja-JP~7.6.7600.256, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~ja-JP~6.1.7600.16385, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info                  CBS    Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~ja-JP~7.6.7600.256, no parent found, go absent
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~ja-JP~7.6.7600.256, Parent: Microsoft-Windows-Server-LanguagePack-Package~31bf3856ad364e35~x86~ja-JP~6.1.7600.16385, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info                  CBS    Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~ja-JP~7.6.7600.256, no parent found, go absent
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~ja-JP~7.6.7600.256, disposition state from detectParent: Absent
2014-09-11 17:14:06, Info                  CBS    Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~ja-JP~7.6.7600.256, applicable state: Absent
2014-09-11 17:14:06, Info                  CBS    EvaluateApplicability, package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~ja-JP~7.6.7600.256, Package applicability: Absent.
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~ar-SA~7.6.7600.256, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~ar-SA~6.0.6000.16386, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info                  CBS    Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~ar-SA~7.6.7600.256, no parent found, go absent
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~ar-SA~7.6.7600.256, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~ar-SA~6.0.6001.18000, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info                  CBS    Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~ar-SA~7.6.7600.256, no parent found, go absent
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~ar-SA~7.6.7600.256, Parent: Microsoft-Windows-Server-LanguagePack-Package~31bf3856ad364e35~x86~ar-SA~6.0.6001.18000, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info                  CBS    Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~ar-SA~7.6.7600.256, no parent found, go absent
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~ar-SA~7.6.7600.256, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~ar-SA~6.1.7600.16385, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info                  CBS    Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~ar-SA~7.6.7600.256, no parent found, go absent
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~ar-SA~7.6.7600.256, Parent: Microsoft-Windows-Server-LanguagePack-Package~31bf3856ad364e35~x86~ar-SA~6.1.7600.16385, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info                  CBS    Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~ar-SA~7.6.7600.256, no parent found, go absent
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~ar-SA~7.6.7600.256, disposition state from detectParent: Absent
2014-09-11 17:14:06, Info                  CBS    Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~ar-SA~7.6.7600.256, applicable state: Absent
2014-09-11 17:14:06, Info                  CBS    EvaluateApplicability, package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~ar-SA~7.6.7600.256, Package applicability: Absent.
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~zh-CN~7.6.7600.256, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~zh-CN~6.0.6000.16386, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info                  CBS    Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~zh-CN~7.6.7600.256, no parent found, go absent
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~zh-CN~7.6.7600.256, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~zh-CN~6.0.6001.18000, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info                  CBS    Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~zh-CN~7.6.7600.256, no parent found, go absent
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~zh-CN~7.6.7600.256, Parent: Microsoft-Windows-Server-LanguagePack-Package~31bf3856ad364e35~x86~zh-CN~6.0.6001.18000, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info                  CBS    Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~zh-CN~7.6.7600.256, no parent found, go absent
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~zh-CN~7.6.7600.256, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~zh-CN~6.1.7600.16385, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info                  CBS    Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~zh-CN~7.6.7600.256, no parent found, go absent
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~zh-CN~7.6.7600.256, Parent: Microsoft-Windows-Server-LanguagePack-Package~31bf3856ad364e35~x86~zh-CN~6.1.7600.16385, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info                  CBS    Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~zh-CN~7.6.7600.256, no parent found, go absent
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~zh-CN~7.6.7600.256, disposition state from detectParent: Absent
2014-09-11 17:14:06, Info                  CBS    Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~zh-CN~7.6.7600.256, applicable state: Absent
2014-09-11 17:14:06, Info                  CBS    EvaluateApplicability, package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~zh-CN~7.6.7600.256, Package applicability: Absent.
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~zh-TW~7.6.7600.256, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~zh-TW~6.0.6000.16386, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info                  CBS    Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~zh-TW~7.6.7600.256, no parent found, go absent
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~zh-TW~7.6.7600.256, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~zh-TW~6.0.6001.18000, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info                  CBS    Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~zh-TW~7.6.7600.256, no parent found, go absent
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~zh-TW~7.6.7600.256, Parent: Microsoft-Windows-Server-LanguagePack-Package~31bf3856ad364e35~x86~zh-TW~6.0.6001.18000, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info                  CBS    Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~zh-TW~7.6.7600.256, no parent found, go absent
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~zh-TW~7.6.7600.256, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~zh-TW~6.1.7600.16385, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info                  CBS    Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~zh-TW~7.6.7600.256, no parent found, go absent
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~zh-TW~7.6.7600.256, Parent: Microsoft-Windows-Server-LanguagePack-Package~31bf3856ad364e35~x86~zh-TW~6.1.7600.16385, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info                  CBS    Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~zh-TW~7.6.7600.256, no parent found, go absent
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~zh-TW~7.6.7600.256, disposition state from detectParent: Absent
2014-09-11 17:14:06, Info                  CBS    Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~zh-TW~7.6.7600.256, applicable state: Absent
2014-09-11 17:14:06, Info                  CBS    EvaluateApplicability, package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~zh-TW~7.6.7600.256, Package applicability: Absent.
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~cs-CZ~7.6.7600.256, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~cs-CZ~6.0.6000.16386, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info                  CBS    Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~cs-CZ~7.6.7600.256, no parent found, go absent
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~cs-CZ~7.6.7600.256, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~cs-CZ~6.0.6001.18000, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info                  CBS    Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~cs-CZ~7.6.7600.256, no parent found, go absent
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~cs-CZ~7.6.7600.256, Parent: Microsoft-Windows-Server-LanguagePack-Package~31bf3856ad364e35~x86~cs-CZ~6.0.6001.18000, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info                  CBS    Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~cs-CZ~7.6.7600.256, no parent found, go absent
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~cs-CZ~7.6.7600.256, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~cs-CZ~6.1.7600.16385, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info                  CBS    Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~cs-CZ~7.6.7600.256, no parent found, go absent
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~cs-CZ~7.6.7600.256, Parent: Microsoft-Windows-Server-LanguagePack-Package~31bf3856ad364e35~x86~cs-CZ~6.1.7600.16385, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info                  CBS    Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~cs-CZ~7.6.7600.256, no parent found, go absent
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~cs-CZ~7.6.7600.256, disposition state from detectParent: Absent
2014-09-11 17:14:06, Info                  CBS    Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~cs-CZ~7.6.7600.256, applicable state: Absent
2014-09-11 17:14:06, Info                  CBS    EvaluateApplicability, package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~cs-CZ~7.6.7600.256, Package applicability: Absent.
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~da-DK~7.6.7600.256, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~da-DK~6.0.6000.16386, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info                  CBS    Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~da-DK~7.6.7600.256, no parent found, go absent
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~da-DK~7.6.7600.256, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~da-DK~6.0.6001.18000, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info                  CBS    Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~da-DK~7.6.7600.256, no parent found, go absent
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~da-DK~7.6.7600.256, Parent: Microsoft-Windows-Server-LanguagePack-Package~31bf3856ad364e35~x86~da-DK~6.0.6001.18000, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info                  CBS    Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~da-DK~7.6.7600.256, no parent found, go absent
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~da-DK~7.6.7600.256, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~da-DK~6.1.7600.16385, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info                  CBS    Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~da-DK~7.6.7600.256, no parent found, go absent
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~da-DK~7.6.7600.256, Parent: Microsoft-Windows-Server-LanguagePack-Package~31bf3856ad364e35~x86~da-DK~6.1.7600.16385, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info                  CBS    Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~da-DK~7.6.7600.256, no parent found, go absent
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~da-DK~7.6.7600.256, disposition state from detectParent: Absent
2014-09-11 17:14:06, Info                  CBS    Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~da-DK~7.6.7600.256, applicable state: Absent
2014-09-11 17:14:06, Info                  CBS    EvaluateApplicability, package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~da-DK~7.6.7600.256, Package applicability: Absent.
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~de-DE~7.6.7600.256, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~de-DE~6.0.6000.16386, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info                  CBS    Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~de-DE~7.6.7600.256, parent found: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~de-DE~6.1.7600.16385, state: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~de-DE~7.6.7600.256, disposition state from detectParent: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~de-DE~7.6.7600.256, applicable state: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core~31bf3856ad364e35~x86~de-DE~7.6.7600.256, applicable state: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, Parent: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info                  CBS    Appl: detectParent: package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, parent found: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, state: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, disposition state from detectParent: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, applicable state: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: Selfupdate, Component: x86_microsoft-windows-w..ient-core.resources_31bf3856ad364e35_0.0.0.0_de-de_7f3fea24377f5969 (7.6.7600.256), elevation:32, lower version revision holder: 7.3.7600.16385
2014-09-11 17:14:06, Info                  CBS    Applicability(ComponentAnalyzerEvaluateSelfUpdate): Component: x86_microsoft-windows-w..ient-core.resources_31bf3856ad364e35_7.6.7600.256_de-de_265a0ffcdeef2542, elevate: 32, applicable(true/false): 1
2014-09-11 17:14:06, Info                  CBS    Appl: SelfUpdate detect, component: x86_microsoft-windows-w..ient-core.resources_31bf3856ad364e35_7.6.7600.256_de-de_265a0ffcdeef2542, elevation: 32, applicable: 1
2014-09-11 17:14:06, Info                  CBS    Appl: Evaluating applicability block(non detectUpdate part), disposition is: Staged, applicability: Applicable, result applicability state: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: Selfupdate, Component: x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_0.0.0.0_none_d2bc5295f1c3b567 (7.6.7600.256), elevation:32, lower version revision holder: 7.3.7600.16385
2014-09-11 17:14:06, Info                  CBS    Applicability(ComponentAnalyzerEvaluateSelfUpdate): Component: x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7600.256_none_79d6786e99338140, elevate: 32, applicable(true/false): 1
2014-09-11 17:14:06, Info                  CBS    Appl: SelfUpdate detect, component: x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7600.256_none_79d6786e99338140, elevation: 32, applicable: 1
2014-09-11 17:14:06, Info                  CBS    Appl: Evaluating applicability block(non detectUpdate part), disposition is: Staged, applicability: Applicable, result applicability state: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, Update: Core, Applicable: Applicable, Disposition: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: DetectUpdate, Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, Remote Parent: Core, Intended State: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: Evaluating applicability block(detectUpdate part), disposition is: Staged, applicability: Applicable, result applicability state: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, Update: Core, Applicable: Applicable, Disposition: Installed
2014-09-11 17:14:06, Info                  CBS    External EvaluateApplicability, package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, package applicable State: Installed, highest update applicable state: Installed, resulting applicable state:Installed
2014-09-11 17:14:06, Info                  CBS    External EvaluateApplicability, package: WUClient-SelfUpdate-Core~31bf3856ad364e35~x86~de-DE~7.6.7600.256, package applicable State: Installed, highest update applicable state: Installed, resulting applicable state:Installed
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, Parent: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info                  CBS    Appl: detectParent: package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, parent found: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, state: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, disposition state from detectParent: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, applicable state: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: Selfupdate, Component: x86_microsoft-windows-w..ient-core.resources_31bf3856ad364e35_0.0.0.0_de-de_7f3fea24377f5969 (7.6.7600.256), elevation:32, lower version revision holder: 7.3.7600.16385
2014-09-11 17:14:06, Info                  CBS    Applicability(ComponentAnalyzerEvaluateSelfUpdate): Component: x86_microsoft-windows-w..ient-core.resources_31bf3856ad364e35_7.6.7600.256_de-de_265a0ffcdeef2542, elevate: 32, applicable(true/false): 1
2014-09-11 17:14:06, Info                  CBS    Appl: SelfUpdate detect, component: x86_microsoft-windows-w..ient-core.resources_31bf3856ad364e35_7.6.7600.256_de-de_265a0ffcdeef2542, elevation: 32, applicable: 1
2014-09-11 17:14:06, Info                  CBS    Appl: Evaluating applicability block(non detectUpdate part), disposition is: Staged, applicability: Applicable, result applicability state: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: DetectUpdate, Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, Remote Parent: Core, Intended State: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: Evaluating applicability block(detectUpdate part), disposition is: Staged, applicability: Applicable, result applicability state: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, Update: Core, Applicable: Applicable, Disposition: Installed
2014-09-11 17:14:06, Info                  CBS    External EvaluateApplicability, package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, package applicable State: Installed, highest update applicable state: Installed, resulting applicable state:Installed
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, Parent: WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~~7.6.7600.256, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info                  CBS    Appl: detectParent: package: WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, parent found: WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~~7.6.7600.256, state: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, disposition state from detectParent: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, applicable state: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: Selfupdate, Component: x86_microsoft-windows-w..client-ui.resources_31bf3856ad364e35_0.0.0.0_de-de_9097f12ec52d50ea (7.6.7600.256), elevation:32, lower version revision holder: 7.3.7600.16385
2014-09-11 17:14:06, Info                  CBS    Applicability(ComponentAnalyzerEvaluateSelfUpdate): Component: x86_microsoft-windows-w..client-ui.resources_31bf3856ad364e35_7.6.7600.256_de-de_37b217076c9d1cc3, elevate: 32, applicable(true/false): 1
2014-09-11 17:14:06, Info                  CBS    Appl: SelfUpdate detect, component: x86_microsoft-windows-w..client-ui.resources_31bf3856ad364e35_7.6.7600.256_de-de_37b217076c9d1cc3, elevation: 32, applicable: 1
2014-09-11 17:14:06, Info                  CBS    Appl: Evaluating applicability block(non detectUpdate part), disposition is: Staged, applicability: Applicable, result applicability state: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: Selfupdate, Component: x86_microsoft-windows-windowsupdateclient-ui_31bf3856ad364e35_0.0.0.0_none_5069764091c7f818 (7.6.7600.256), elevation:32, lower version revision holder: 7.3.7600.16385
2014-09-11 17:14:06, Info                  CBS    Applicability(ComponentAnalyzerEvaluateSelfUpdate): Component: x86_microsoft-windows-windowsupdateclient-ui_31bf3856ad364e35_7.6.7600.256_none_f7839c193937c3f1, elevate: 32, applicable(true/false): 1
2014-09-11 17:14:06, Info                  CBS    Appl: SelfUpdate detect, component: x86_microsoft-windows-windowsupdateclient-ui_31bf3856ad364e35_7.6.7600.256_none_f7839c193937c3f1, elevation: 32, applicable: 1
2014-09-11 17:14:06, Info                  CBS    Appl: Evaluating applicability block(non detectUpdate part), disposition is: Staged, applicability: Applicable, result applicability state: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: Package: WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~~7.6.7600.256, Update: UI, Applicable: Applicable, Disposition: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: DetectUpdate, Package: WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, Remote Parent: UI, Intended State: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: Evaluating applicability block(detectUpdate part), disposition is: Staged, applicability: Applicable, result applicability state: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: Package: WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, Update: UI, Applicable: Applicable, Disposition: Installed
2014-09-11 17:14:06, Info                  CBS    External EvaluateApplicability, package: WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, package applicable State: Installed, highest update applicable state: Installed, resulting applicable state:Installed
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, Parent: WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~~7.6.7600.256, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info                  CBS    Appl: detectParent: package: WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, parent found: WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~~7.6.7600.256, state: Staged
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, disposition state from detectParent: Staged
2014-09-11 17:14:06, Info                  CBS    Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, applicable state: Staged
2014-09-11 17:14:06, Info                  CBS    EvaluateApplicability, package: WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, Package applicability: Staged.
2014-09-11 17:14:06, Info                  CBS    Appl: Partial install Status testing, package: WUClient-SelfUpdate-Core~31bf3856ad364e35~x86~de-DE~7.6.7600.256, partially installed (true/false), 0
2014-09-11 17:14:06, Info                  CBS    External EvaluateApplicability, package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~de-DE~7.6.7600.256, package applicable State: Installed, highest update applicable state: Installed, resulting applicable state:Installed
2014-09-11 17:14:06, Info                  CBS    Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core~31bf3856ad364e35~x86~de-DE~7.6.7600.256, applicable state: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, Parent: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info                  CBS    Appl: detectParent: package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, parent found: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, state: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, disposition state from detectParent: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, applicable state: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: Selfupdate, Component: x86_microsoft-windows-w..ient-core.resources_31bf3856ad364e35_0.0.0.0_de-de_7f3fea24377f5969 (7.6.7600.256), elevation:32, lower version revision holder: 7.3.7600.16385
2014-09-11 17:14:06, Info                  CBS    Applicability(ComponentAnalyzerEvaluateSelfUpdate): Component: x86_microsoft-windows-w..ient-core.resources_31bf3856ad364e35_7.6.7600.256_de-de_265a0ffcdeef2542, elevate: 32, applicable(true/false): 1
2014-09-11 17:14:06, Info                  CBS    Appl: SelfUpdate detect, component: x86_microsoft-windows-w..ient-core.resources_31bf3856ad364e35_7.6.7600.256_de-de_265a0ffcdeef2542, elevation: 32, applicable: 1
2014-09-11 17:14:06, Info                  CBS    Appl: Evaluating applicability block(non detectUpdate part), disposition is: Staged, applicability: Applicable, result applicability state: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: DetectUpdate, Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, Remote Parent: Core, Intended State: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: Evaluating applicability block(detectUpdate part), disposition is: Staged, applicability: Applicable, result applicability state: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, Update: Core, Applicable: Applicable, Disposition: Installed
2014-09-11 17:14:06, Info                  CBS    External EvaluateApplicability, package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, package applicable State: Installed, highest update applicable state: Installed, resulting applicable state:Installed
2014-09-11 17:14:06, Info                  CBS    External EvaluateApplicability, package: WUClient-SelfUpdate-Core~31bf3856ad364e35~x86~de-DE~7.6.7600.256, package applicable State: Installed, highest update applicable state: Installed, resulting applicable state:Installed
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, Parent: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info                  CBS    Appl: detectParent: package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, parent found: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, state: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, disposition state from detectParent: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, applicable state: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: Selfupdate, Component: x86_microsoft-windows-w..ient-core.resources_31bf3856ad364e35_0.0.0.0_de-de_7f3fea24377f5969 (7.6.7600.256), elevation:32, lower version revision holder: 7.3.7600.16385
2014-09-11 17:14:06, Info                  CBS    Applicability(ComponentAnalyzerEvaluateSelfUpdate): Component: x86_microsoft-windows-w..ient-core.resources_31bf3856ad364e35_7.6.7600.256_de-de_265a0ffcdeef2542, elevate: 32, applicable(true/false): 1
2014-09-11 17:14:06, Info                  CBS    Appl: SelfUpdate detect, component: x86_microsoft-windows-w..ient-core.resources_31bf3856ad364e35_7.6.7600.256_de-de_265a0ffcdeef2542, elevation: 32, applicable: 1
2014-09-11 17:14:06, Info                  CBS    Appl: Evaluating applicability block(non detectUpdate part), disposition is: Staged, applicability: Applicable, result applicability state: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: DetectUpdate, Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, Remote Parent: Core, Intended State: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: Evaluating applicability block(detectUpdate part), disposition is: Staged, applicability: Applicable, result applicability state: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, Update: Core, Applicable: Applicable, Disposition: Installed
2014-09-11 17:14:06, Info                  CBS    External EvaluateApplicability, package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, package applicable State: Installed, highest update applicable state: Installed, resulting applicable state:Installed
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, Parent: WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~~7.6.7600.256, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info                  CBS    Appl: detectParent: package: WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, parent found: WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~~7.6.7600.256, state: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: detect Parent, Package: WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, disposition state from detectParent: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, applicable state: Installed
2014-09-11 17:14:06, Info                  CBS    Appl: Selfupdate, Component: x86_microsoft-windows-w..client-ui.resources_31bf3856ad364e35_0.0.0.0_de-de_9097f12ec52d50ea (7.6.7600.256), elevation:32, lower version revision holder: 7.3.7600.16385
2014-09-11 17:14:06, Info                  CBS    Applicability(ComponentAnalyzerEvaluateSelfUpdate): Component: x86_microsoft-windows-w..client-ui.resources_31bf3856ad364e35_7.6.7600.256_de-de_37b217076c9d1cc3, elevate: 32, applicable(true/false): 1
2014-09-11 17:14:06, Info                  CBS    Appl: SelfUpdate detect, component: x86_microsoft-windows-w..client-ui.resources_31bf3856ad364e35_7.6.7600.256_de-de_37b217076c9d1cc3, elevation: 32, applicable: 1
2014-09-11 17:14:06, Info                  CBS    Appl: Evaluating applicability block(non detectUpdate part), disposition is: Staged, applicability: Applicable, result applicability state: Installed
... ah... ok. so hattest du es nicht gemeint.... bleibt allerdings zu groß...

ok.. dafür müsste ich mehr Zeit haben. die Datei ist 6043 kb groß und man darf nur 97 kb hochladen....

ich guck mal, ob ich das Sonntag hinbekomme

Warlord711 12.09.2014 16:16
Du kannst z.b. Pastebin.com - #1 paste tool since 2002! nutzen, ohne Anmeldung.

Musst mir halt nur den Link dahin schicken.

Keyssie 15.09.2014 09:37
hast du noch eine Idee? Habe fünf verschiedene ausprobiert. Alle sagen die Größe sei zuviel für sie oder reagieren einfach nicht mehr....

ha, hier ist es....
textsave | The easy way to save text online!

hxxp://txs.io/R0rb

textsave | Der einfache Weg um Texte online zu speichern!

textsave | Der einfache Weg um Texte online zu speichern!

also das mit dem Link-Einfügen klappt nicht so richtig.... entweder mut den URL-Tags drumzu dieser Text oder aber er hxxp?

hxxp://de.textsave.org/R0rb

das müsste schon http sein

Warlord711 15.09.2014 14:04
Lad dir bitte http://download.windowsupdate.com/v9...6.7600.256.cab

auf den Desktop.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
cmd: pkgmgr /ip /m:"%userprofle%\Desktop\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.6.7600.256.cab"

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Danach Rechner neustarten und erneut versuchen, SP1 zu installieren.

Keyssie 15.09.2014 19:22
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-09-2014
Ran by user at 2014-09-15 19:46:56 Run:5
Running from C:\Users\user\Desktop\Trojanercheck
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
cmd: pkgmgr /ip /m:"%userprofle%\Desktop\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.6.7600.256.cab"

*****************


=========  pkgmgr /ip /m:"%userprofle%\Desktop\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.6.7600.256.cab" =========


========= End of CMD: =========


==== End of Fixlog ====
vielleicht sollte ich dabei erwähnen, dass zwischendurch eine Fehlermeldung aufpoppte.
Pfad nicht gefunden oder so etwas und 0xirgendwas...
konnte es nicht lange genug sehen um alles zu lesen

nichtsdestotrotz habe ich den rechner neu gestartet und das heruntergeladene updatefile versucht zu installieren - mit dem gleichen negativen Ergebnis

Warlord711 16.09.2014 08:25
Zitat:
Zitat von Keyssie (Beitrag 1360100)
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-09-2014
Ran by user at 2014-09-15 19:46:56 Run:5
Running from C:\Users\user\Desktop\Trojanercheck
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
cmd: pkgmgr /ip /m:"%userprofle%\Desktop\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.6.7600.256.cab"

*****************


=========  pkgmgr /ip /m:"%userprofle%\Desktop\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.6.7600.256.cab" =========


========= End of CMD: =========


==== End of Fixlog ====
vielleicht sollte ich dabei erwähnen, dass zwischendurch eine Fehlermeldung aufpoppte.
Pfad nicht gefunden oder so etwas und 0xirgendwas...
konnte es nicht lange genug sehen um alles zu lesen

nichtsdestotrotz habe ich den rechner neu gestartet und das heruntergeladene updatefile versucht zu installieren - mit dem gleichen negativen Ergebnis
Ja sorry, hab mich vertippt ! Entschuldigung :headbang:

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
cmd: pkgmgr /ip /m:"%userprofile%\Desktop\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.6.7600.256.cab"

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Keyssie 16.09.2014 17:17
diesmal ist FRST etwas länger gelaufen und ohne Probleme.... Das Resultat sieht aber identisch aus. Update nicht durchgelaufen...
hier das log

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-09-2014
Ran by user at 2014-09-16 17:43:47 Run:6
Running from C:\Users\user\Desktop\Trojanercheck
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
cmd: pkgmgr /ip /m:"%userprofile%\Desktop\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.6.7600.256.cab"
       
*****************


=========  pkgmgr /ip /m:"%userprofile%\Desktop\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.6.7600.256.cab" =========


========= End of CMD: =========


==== End of Fixlog ====

Warlord711 17.09.2014 10:22
Kannst du nochmal den Schritt in http://www.trojaner-board.de/158226-...ml#post1354598 wiederholen und dann nochmal die Updates über Windows Update starten ?

Keyssie 17.09.2014 17:51
Liste der Anhänge anzeigen (Anzahl: 1)
so. ich hoffe das klappt mit dem Anhang. Habe mal einen Screenshot gemacht von dem updatefix.bat

diesmal hat das update aber auch nicht ausgesehen, als wäre es noch nie gestartet.
"herunterladen" des updates ist fehlgeschlagen

Warlord711 17.09.2014 19:29
Hm, ok die .bat passt jetzt auch nicht mehr 100%ig.

Mach mal ne neue mit diesem Inhalt:

Code:
@echo off
net stop cryptsvc
Net stop bits
Net stop wuauserv
del /F /S /Q %windir%\SoftwareDistribution.old
del /F /S /Q %systemroot%\System32\oldcatroot2
ren %windir%\SoftwareDistribution SoftwareDistribution.old
Ren %systemroot%\System32\Catroot2 oldcatroot2
takeown /f C:\Windows\winsxs\pending.xml
del /F /S /Q C:\Windows\winsxs\pending.old
Ren c:\windows\winsxs\pending.xml pending.old

REGSVR32 WUPS2.DLL /S
REGSVR32 WUPS.DLL /S
REGSVR32 WUAUENG.DLL /S
REGSVR32 WUAPI.DLL /S
REGSVR32 WUCLTUX.DLL /S
REGSVR32 WUWEBV.DLL /S
REGSVR32 JSCRIPT.DLL /S
REGSVR32 MSXML3.DLL /S

Ipconfig /flushdns

Net start bits
Net start wuauserv
net start cryptsvc
Und dann probier das Update nochmal.

Keyssie 17.09.2014 19:48
Liste der Anhänge anzeigen (Anzahl: 1)
siehe anhang...

update ist immer noch nicht "frisch"

Warlord711 17.09.2014 19:51
Sorry ich bin heut nicht auf der Höhe :headbang:

Code:
@echo off
net stop cryptsvc
Net stop bits
Net stop wuauserv
del /F /S /Q %windir%\SoftwareDistribution.old
del /F /S /Q %systemroot%\System32\oldcatroot2
rmdir /s /q %systemroot%\System32\oldcatroot2
rmdir /s /q %windir%\SoftwareDistribution.old
ren %windir%\SoftwareDistribution SoftwareDistribution.old
Ren %systemroot%\System32\Catroot2 oldcatroot2
takeown /f C:\Windows\winsxs\pending.xml
del /F /S /Q C:\Windows\winsxs\pending.old
Ren c:\windows\winsxs\pending.xml pending.old

REGSVR32 WUPS2.DLL /S
REGSVR32 WUPS.DLL /S
REGSVR32 WUAUENG.DLL /S
REGSVR32 WUAPI.DLL /S
REGSVR32 WUCLTUX.DLL /S
REGSVR32 WUWEBV.DLL /S
REGSVR32 JSCRIPT.DLL /S
REGSVR32 MSXML3.DLL /S

Ipconfig /flushdns

Net start bits
Net start wuauserv
net start cryptsvc

Keyssie 17.09.2014 20:04
Liste der Anhänge anzeigen (Anzahl: 1)
ok. diesmal hat es geklappt. hab den Screenshot trotzdem hinzugefügt, weil es noch eine Meldung gab.... aber wie gesagt. Update sauber. hat das gleiche Update wieder gefunden. Beim Herunterladen schafft er 32 %, ne sorry, er hat am Ende auf 33 % erhöht, ist danach aber sofort abgebrochen - 80073701, ich glaube wie zuvor

Warlord711 17.09.2014 20:13
Folge mal der Anleitung: .NET-Framework macht Probleme | Borns IT- und Windows-Blog

Sprich, das .Net 3.5 einmal entfernen und dann neu initialisieren.

Dann nochmal das Update starten.

Keyssie 17.09.2014 20:27
Liste der Anhänge anzeigen (Anzahl: 1)
konnte es nicht beenden. Haken weg und OK ergibt die Fehlermeldung aus dem Bild. Neustart erwartet der Rechner trotzdem. Nach dem Neustart passiert das gleiche wieder. (Hatte gehofft, dass es danach evtl. geht)

Keyssie 17.09.2014 20:39
.NET Framework Setup Verification Tool ?

Warlord711 18.09.2014 09:13
Zitat:
Zitat von Keyssie (Beitrag 1361077)
.NET Framework Setup Verification Tool ?
Ja, das sollte jetzt als nächstes laufen:

http://blogs.msdn.com/cfs-file.ashx/...r_5F00_new.zip

Keyssie 18.09.2014 16:22
gedownloaded - entpackt und für 3.5.1 gestartet:
Hier das Log

Code:
======================================================================
[09/18/14,17:20:43] Beginning of new SetupVerifier activity logging session
[09/18/14,17:20:43] Build created on June 24, 2014
[09/18/14,17:20:43] For more information about repairing the .NET Framework, see hxxp://support.microsoft.com/kb/2698555 and hxxp://go.microsoft.com/fwlink/?LinkID=246062
[09/18/14,17:20:43] Activity log file location: C:\Users\user\AppData\Local\Temp\setupverifier_main_09-18-14_17.20.43.txt
[09/18/14,17:20:43] Error log file location: C:\Users\user\AppData\Local\Temp\setupverifier_errors_09-18-14_17.20.43.txt
[09/18/14,17:20:43] Detected operating system: Windows 7 (x86)
[09/18/14,17:20:43] Windows directory: C:\windows
[09/18/14,17:20:43] System directory: C:\windows\system32
[09/18/14,17:20:43] Program Files directory: C:\Program Files
[09/18/14,17:20:43] Common Files directory: C:\Program Files\Common Files
[09/18/14,17:20:43] Install state for .NET Framework 1.0: not installed.
[09/18/14,17:20:43] Install state for .NET Framework 1.1: not installed.
[09/18/14,17:20:43] Install state for .NET Framework 2.0: installed with service pack 2.
[09/18/14,17:20:43] Install state for .NET Framework 3.0: installed with service pack 2.
[09/18/14,17:20:43] Install state for .NET Framework 3.5: installed with service pack 1.
[09/18/14,17:20:43] Install state for .NET Framework 4 Client: installed with no service packs.
[09/18/14,17:20:43] Install state for .NET Framework 4 Full: installed with no service packs.
[09/18/14,17:20:43] Install state for .NET Framework 4.5: not installed.
[09/18/14,17:20:43] Install state for .NET Framework 4.5.1: not installed.
[09/18/14,17:20:43] Install state for .NET Framework 4.5.2: not installed.
[09/18/14,17:20:43] Not adding product '.NET Framework 1.0' because it is not currently installed
[09/18/14,17:20:43] Not adding product '.NET Framework 1.1' because it is not currently installed
[09/18/14,17:20:43] Not adding product '.NET Framework 1.1 SP1' because it is not currently installed
[09/18/14,17:20:43] Not adding product '.NET Framework 2.0' because it is not currently installed
[09/18/14,17:20:43] Not adding product '.NET Framework 2.0 SP1' because it is not currently installed
[09/18/14,17:20:43] Not adding product '.NET Framework 3.0' because it is not currently installed
[09/18/14,17:20:43] Not adding product '.NET Framework 3.0 SP1' because it is not currently installed
[09/18/14,17:20:43] Not adding product '.NET Framework 3.5' because it is not currently installed
[09/18/14,17:20:43] Not adding product '.NET Framework 4.5' because it is not currently installed
[09/18/14,17:20:43] Not adding product '.NET Framework 4.5.1' because it is not currently installed
[09/18/14,17:20:43] Not adding product '.NET Framework 4.5.2' because it is not currently installed
[09/18/14,17:21:00] Starting verification for product .NET Framework 3.5 SP1
[09/18/14,17:21:00] Section [Files - .NET Framework 2.0 (Common)] - start parsing entries
[09/18/14,17:21:00] File C:\windows\system32\mscoree.dll (version 4.0.31106.0) is installed on the system
[09/18/14,17:21:00] File C:\windows\system32\dfshim.dll (version 4.0.31106.0) is installed on the system
[09/18/14,17:21:00] File C:\windows\system32\mscorier.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:00] File C:\windows\system32\mscories.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:00] File C:\windows\system32\MUI\0409\mscorees.dll (version 4.0.31106.0) is installed on the system
[09/18/14,17:21:00] File C:\windows\Assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:00] File C:\windows\Assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:00] File C:\windows\Assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\big5.nlp (no version info) is installed on the system
[09/18/14,17:21:00] File C:\windows\Assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bopomofo.nlp (no version info) is installed on the system
[09/18/14,17:21:00] File C:\windows\Assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\ksc.nlp (no version info) is installed on the system
[09/18/14,17:21:01] File C:\windows\Assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll (version 2.0.50727.4984) is installed on the system
[09/18/14,17:21:01] File C:\windows\Assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normidna.nlp (no version info) is installed on the system
[09/18/14,17:21:01] File C:\windows\Assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfc.nlp (no version info) is installed on the system
[09/18/14,17:21:01] File C:\windows\Assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfd.nlp (no version info) is installed on the system
[09/18/14,17:21:01] File C:\windows\Assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkc.nlp (no version info) is installed on the system
[09/18/14,17:21:01] File C:\windows\Assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkd.nlp (no version info) is installed on the system
[09/18/14,17:21:01] File C:\windows\Assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prc.nlp (no version info) is installed on the system
[09/18/14,17:21:01] File C:\windows\Assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prcp.nlp (no version info) is installed on the system
[09/18/14,17:21:01] File C:\windows\Assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp (no version info) is installed on the system
[09/18/14,17:21:01] File C:\windows\Assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp (no version info) is installed on the system
[09/18/14,17:21:01] File C:\windows\Assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\xjis.nlp (no version info) is installed on the system
[09/18/14,17:21:01] File C:\windows\Assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:01] File C:\windows\Assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:01] File C:\windows\Assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:01] File C:\windows\Assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:01] File C:\windows\Assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:01] File C:\windows\Assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll (version 2.0.50727.4971) is installed on the system
[09/18/14,17:21:01] File C:\windows\Assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:01] File C:\windows\Assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll (version 8.0.50727.4927) is installed on the system
[09/18/14,17:21:01] File C:\windows\Assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:01] File C:\windows\Assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:01] File C:\windows\Assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:02] File C:\windows\Assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:02] File C:\windows\Assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:02] File C:\windows\Assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:02] File C:\windows\Assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:02] File C:\windows\Assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll (version 8.0.50727.4984) is installed on the system
[09/18/14,17:21:02] File C:\windows\Assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll (version 8.0.50727.4927) is installed on the system
[09/18/14,17:21:02] File C:\windows\Assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll (version 8.0.50727.4927) is installed on the system
[09/18/14,17:21:02] File C:\windows\Assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll (version 8.0.50727.4927) is installed on the system
[09/18/14,17:21:02] File C:\windows\Assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll (version 8.0.50727.4927) is installed on the system
[09/18/14,17:21:02] File C:\windows\Assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll (version 8.0.50727.4927) is installed on the system
[09/18/14,17:21:02] File C:\windows\Assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll (version 8.0.50727.4927) is installed on the system
[09/18/14,17:21:02] File C:\windows\Assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll (version 8.0.50727.4927) is installed on the system
[09/18/14,17:21:02] File C:\windows\Assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll (version 8.0.50727.4927) is installed on the system
[09/18/14,17:21:02] File C:\windows\Assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:02] File C:\windows\Assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:02] File C:\windows\Assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:02] File C:\windows\Assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:02] File C:\windows\Assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:03] File C:\windows\Assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll (version 2.0.50727.4986) is installed on the system
[09/18/14,17:21:03] File C:\windows\Assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll (version 2.0.50727.4985) is installed on the system
[09/18/14,17:21:03] File C:\windows\Assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll (version 2.0.50727.4985) is installed on the system
[09/18/14,17:21:03] File C:\windows\Assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:03] File C:\windows\Assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll (version 2.0.50727.4985) is installed on the system
[09/18/14,17:21:03] File C:\windows\Assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:03] File C:\windows\Assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:03] File C:\windows\Assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:03] File C:\windows\Assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:03] File C:\windows\Assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll (version 2.0.50727.4985) is installed on the system
[09/18/14,17:21:03] File C:\windows\Assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:03] File C:\windows\Assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:03] File C:\windows\Assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:03] File C:\windows\Assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:04] File C:\windows\Assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll (version 2.0.50727.4986) is installed on the system
[09/18/14,17:21:04] File C:\windows\Assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:04] File C:\windows\Assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll (version 2.0.50727.4985) is installed on the system
[09/18/14,17:21:04] File C:\windows\Microsoft.NET\Framework\NETFXSBS10.exe (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:04] File C:\windows\Microsoft.NET\Framework\netfxsbs12.hkf (no version info) is installed on the system
[09/18/14,17:21:04] File C:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll (version 8.0.50727.4927) is installed on the system
[09/18/14,17:21:04] File C:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll (version 8.0.50727.4927) is installed on the system
[09/18/14,17:21:04] File C:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll (version 8.0.50727.4927) is installed on the system
[09/18/14,17:21:04] File C:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll (version 8.0.50727.4927) is installed on the system
[09/18/14,17:21:04] File C:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll (version 8.0.50727.4927) is installed on the system
[09/18/14,17:21:04] File C:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:04] File C:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:04] File C:\windows\Microsoft.NET\Framework\v2.0.50727\adonetdiag.mof (no version info) is installed on the system
[09/18/14,17:21:04] File C:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll (version 8.0.50727.4927) is installed on the system
[09/18/14,17:21:04] File C:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:04] File C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet.mof (no version info) is installed on the system
[09/18/14,17:21:04] File C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet.mof.uninstall (no version info) is installed on the system
[09/18/14,17:21:04] File C:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:04] File C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_perf.h (no version info) is installed on the system
[09/18/14,17:21:04] File C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_perf.ini (no version info) is installed on the system
[09/18/14,17:21:04] File C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_perf2.ini (no version info) is installed on the system
[09/18/14,17:21:04] File C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state_perf.h (no version info) is installed on the system
[09/18/14,17:21:04] File C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state_perf.ini (no version info) is installed on the system
[09/18/14,17:21:04] File C:\windows\Microsoft.NET\Framework\v2.0.50727\big5.nlp (no version info) is installed on the system
[09/18/14,17:21:04] File C:\windows\Microsoft.NET\Framework\v2.0.50727\bopomofo.nlp (no version info) is installed on the system
[09/18/14,17:21:04] File C:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:04] File C:\windows\Microsoft.NET\Framework\v2.0.50727\CLR.mof (no version info) is installed on the system
[09/18/14,17:21:04] File C:\windows\Microsoft.NET\Framework\v2.0.50727\CLR.mof.uninstall (no version info) is installed on the system
[09/18/14,17:21:04] File C:\windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config (no version info) is installed on the system
[09/18/14,17:21:04] File C:\windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config.comments (no version info) is installed on the system
[09/18/14,17:21:04] File C:\windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config.default (no version info) is installed on the system
[09/18/14,17:21:04] File C:\windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\web.config (no version info) is installed on the system
[09/18/14,17:21:04] File C:\windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\web.config.comments (no version info) is installed on the system
[09/18/14,17:21:04] File C:\windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\web.config.default (no version info) is installed on the system
[09/18/14,17:21:04] File C:\windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\web_hightrust.config (no version info) is installed on the system
[09/18/14,17:21:05] File C:\windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\web_hightrust.config.default (no version info) is installed on the system
[09/18/14,17:21:05] File C:\windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\web_lowtrust.config (no version info) is installed on the system
[09/18/14,17:21:05] File C:\windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\web_lowtrust.config.default (no version info) is installed on the system
[09/18/14,17:21:05] File C:\windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\web_mediumtrust.config (no version info) is installed on the system
[09/18/14,17:21:05] File C:\windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\web_mediumtrust.config.default (no version info) is installed on the system
[09/18/14,17:21:05] File C:\windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\web_minimaltrust.config (no version info) is installed on the system
[09/18/14,17:21:05] File C:\windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\web_minimaltrust.config.default (no version info) is installed on the system
[09/18/14,17:21:05] File C:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:05] File C:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe (version 8.0.50727.4927) is installed on the system
[09/18/14,17:21:05] File C:\windows\Microsoft.NET\Framework\v2.0.50727\csc.rsp (no version info) is installed on the system
[09/18/14,17:21:05] File C:\windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll (version 8.0.50727.4927) is installed on the system
[09/18/14,17:21:05] File C:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll (version 8.0.50727.4927) is installed on the system
[09/18/14,17:21:05] File C:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:05] File C:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:05] File C:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe (version 8.0.50727.4927) is installed on the system
[09/18/14,17:21:05] File C:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:05] File C:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:05] File C:\windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll (version 8.0.50727.4927) is installed on the system
[09/18/14,17:21:05] File C:\windows\Microsoft.NET\Framework\v2.0.50727\dv_aspnetmmc.chm (no version info) is installed on the system
[09/18/14,17:21:05] File C:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:05] File C:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:05] File C:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:05] File C:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:05] File C:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:05] File C:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:05] File C:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:05] File C:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:05] File C:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:05] File C:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:05] File C:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe (version 8.0.50727.4927) is installed on the system
[09/18/14,17:21:05] File C:\windows\Microsoft.NET\Framework\v2.0.50727\ksc.nlp (no version info) is installed on the system
[09/18/14,17:21:05] File C:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:05] File C:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:05] File C:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:05] File C:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:05] File C:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.xsd (no version info) is installed on the system
[09/18/14,17:21:05] File C:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Common.targets (no version info) is installed on the system
[09/18/14,17:21:05] File C:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Common.Tasks (no version info) is installed on the system
[09/18/14,17:21:05] File C:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.CSharp.targets (no version info) is installed on the system
[09/18/14,17:21:05] File C:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll (version 8.0.50727.4984) is installed on the system
[09/18/14,17:21:05] File C:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.tlb (version 8.0.50727.4927) is installed on the system
[09/18/14,17:21:05] File C:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll (version 8.0.50727.4927) is installed on the system
[09/18/14,17:21:05] File C:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll (version 8.0.50727.4927) is installed on the system
[09/18/14,17:21:05] File C:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll (version 8.0.50727.4927) is installed on the system
[09/18/14,17:21:05] File C:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.targets (no version info) is installed on the system
[09/18/14,17:21:06] File C:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll (version 8.0.50727.4927) is installed on the system
[09/18/14,17:21:06] File C:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll (version 8.0.50727.4927) is installed on the system
[09/18/14,17:21:06] File C:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll (version 8.0.50727.4927) is installed on the system
[09/18/14,17:21:06] File C:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.tlb (version 8.0.50727.4927) is installed on the system
[09/18/14,17:21:06] File C:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll (version 8.0.50727.4927) is installed on the system
[09/18/14,17:21:06] File C:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.tlb (version 8.0.50727.4927) is installed on the system
[09/18/14,17:21:06] File C:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll (version 8.0.50727.4927) is installed on the system
[09/18/14,17:21:06] File C:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:06] File C:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:06] File C:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.rsp (no version info) is installed on the system
[09/18/14,17:21:06] File C:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild\Microsoft.Build.Commontypes.xsd (no version info) is installed on the system
[09/18/14,17:21:06] File C:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild\Microsoft.Build.Core.xsd (no version info) is installed on the system
[09/18/14,17:21:06] File C:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll (version 2.0.50727.4984) is installed on the system
[09/18/14,17:21:06] File C:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:06] File C:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:06] File C:\windows\Microsoft.NET\Framework\v2.0.50727\mscoree.tlb (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:06] File C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:06] File C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll (version 2.0.50727.4985) is installed on the system
[09/18/14,17:21:06] File C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:06] File C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll (version 2.0.50727.4984) is installed on the system
[09/18/14,17:21:06] File C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.tlb (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:06] File C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:06] File C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:06] File C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:06] File C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:06] File C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:06] File C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:06] File C:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:06] File C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll (version 2.0.50727.4984) is installed on the system
[09/18/14,17:21:06] File C:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:06] File C:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:06] File C:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:06] File C:\windows\Microsoft.NET\Framework\v2.0.50727\normidna.nlp (no version info) is installed on the system
[09/18/14,17:21:06] File C:\windows\Microsoft.NET\Framework\v2.0.50727\normnfc.nlp (no version info) is installed on the system
[09/18/14,17:21:06] File C:\windows\Microsoft.NET\Framework\v2.0.50727\normnfd.nlp (no version info) is installed on the system
[09/18/14,17:21:06] File C:\windows\Microsoft.NET\Framework\v2.0.50727\normnfkc.nlp (no version info) is installed on the system
[09/18/14,17:21:06] File C:\windows\Microsoft.NET\Framework\v2.0.50727\normnfkd.nlp (no version info) is installed on the system
[09/18/14,17:21:07] File C:\windows\Microsoft.NET\Framework\v2.0.50727\peverify.dll (version 2.0.50727.4985) is installed on the system
[09/18/14,17:21:07] File C:\windows\Microsoft.NET\Framework\v2.0.50727\prc.nlp (no version info) is installed on the system
[09/18/14,17:21:07] File C:\windows\Microsoft.NET\Framework\v2.0.50727\prcp.nlp (no version info) is installed on the system
[09/18/14,17:21:07] File C:\windows\Microsoft.NET\Framework\v2.0.50727\RedistList\FrameworkList.xml (no version info) is installed on the system
[09/18/14,17:21:07] File C:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:07] File C:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:07] File C:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:07] File C:\windows\Microsoft.NET\Framework\v2.0.50727\shfusion.chm (no version info) is installed on the system
[09/18/14,17:21:07] File C:\windows\Microsoft.NET\Framework\v2.0.50727\shfusion.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:07] File C:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:07] File C:\windows\Microsoft.NET\Framework\v2.0.50727\sortkey.nlp (no version info) is installed on the system
[09/18/14,17:21:07] File C:\windows\Microsoft.NET\Framework\v2.0.50727\sorttbls.nlp (no version info) is installed on the system
[09/18/14,17:21:07] File C:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll (version 2.0.50727.4984) is installed on the system
[09/18/14,17:21:07] File C:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:07] File C:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:07] File C:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:07] File C:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:07] File C:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:07] File C:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:07] File C:\windows\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:07] File C:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll (version 2.0.50727.4986) is installed on the system
[09/18/14,17:21:07] File C:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll (version 2.0.50727.4985) is installed on the system
[09/18/14,17:21:07] File C:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll (version 2.0.50727.4985) is installed on the system
[09/18/14,17:21:07] File C:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll (version 2.0.50727.4985) is installed on the system
[09/18/14,17:21:07] File C:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:07] File C:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll (version 2.0.50727.4985) is installed on the system
[09/18/14,17:21:07] File C:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.tlb (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:07] File C:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:07] File C:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:07] File C:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.tlb (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:07] File C:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:07] File C:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:07] File C:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:07] File C:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:07] File C:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:07] File C:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll (version 2.0.50727.4985) is installed on the system
[09/18/14,17:21:07] File C:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:07] File C:\windows\Microsoft.NET\Framework\v2.0.50727\System.tlb (version 8.0.50727.4926) is installed on the system
[09/18/14,17:21:07] File C:\windows\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:07] File C:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll (version 2.0.50727.4971) is installed on the system
[09/18/14,17:21:07] File C:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:08] File C:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:08] File C:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:08] File C:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.tlb (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:08] File C:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll (version 2.0.50727.4986) is installed on the system
[09/18/14,17:21:08] File C:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.tlb (version 8.0.50727.4926) is installed on the system
[09/18/14,17:21:08] File C:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:08] File C:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:08] File C:\windows\Microsoft.NET\Framework\v2.0.50727\UninstallCommon.sql (no version info) is installed on the system
[09/18/14,17:21:08] File C:\windows\Microsoft.NET\Framework\v2.0.50727\UninstallMembership.sql (no version info) is installed on the system
[09/18/14,17:21:08] File C:\windows\Microsoft.NET\Framework\v2.0.50727\UninstallPersistSqlState.sql (no version info) is installed on the system
[09/18/14,17:21:08] File C:\windows\Microsoft.NET\Framework\v2.0.50727\UninstallPersonalization.sql (no version info) is installed on the system
[09/18/14,17:21:08] File C:\windows\Microsoft.NET\Framework\v2.0.50727\UnInstallProfile.SQL (no version info) is installed on the system
[09/18/14,17:21:08] File C:\windows\Microsoft.NET\Framework\v2.0.50727\UninstallSqlState.sql (no version info) is installed on the system
[09/18/14,17:21:08] File C:\windows\Microsoft.NET\Framework\v2.0.50727\UninstallSqlStateTemplate.sql (no version info) is installed on the system
[09/18/14,17:21:08] File C:\windows\Microsoft.NET\Framework\v2.0.50727\UninstallWebEventSqlProvider.sql (no version info) is installed on the system
[09/18/14,17:21:08] File C:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe (version 8.0.50727.4927) is installed on the system
[09/18/14,17:21:08] File C:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.rsp (no version info) is installed on the system
[09/18/14,17:21:08] File C:\windows\Microsoft.NET\Framework\v2.0.50727\vsavb7.olb (version 8.0.50727.4927) is installed on the system
[09/18/14,17:21:08] File C:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll (version 8.0.50727.4927) is installed on the system
[09/18/14,17:21:08] File C:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll (version 2.0.50727.4927) is installed on the system
[09/18/14,17:21:08] File C:\windows\Microsoft.NET\Framework\v2.0.50727\xjis.nlp (no version info) is installed on the system
[09/18/14,17:21:08] File C:\windows\Microsoft.NET\Framework\v2.0.50727\XPThemes.manifest (no version info) is installed on the system
[09/18/14,17:21:08] Section [Files - .NET Framework 2.0 (Common)] - stop parsing entries
[09/18/14,17:21:08] Section [Files - .NET Framework 2.0 (32-bit)] - start parsing entries
[09/18/14,17:21:08] Section [Files - .NET Framework 2.0 (32-bit)] - stop parsing entries
[09/18/14,17:21:08] Not running action 'Files - .NET Framework 2.0 (64-bit)' for product '.NET Framework 3.5 SP1' because the OS condition does not match
[09/18/14,17:21:08] Section [Files - .NET Framework 3.0 (Common)] - start parsing entries
[09/18/14,17:21:08] File C:\windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll (version 3.0.6920.4902) is installed on the system
[09/18/14,17:21:08] File C:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll (version 3.0.6920.4902) is installed on the system
[09/18/14,17:21:08] File C:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll (version 3.0.6920.5005) is installed on the system
[09/18/14,17:21:08] File C:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll (version 3.0.6920.4902) is installed on the system
[09/18/14,17:21:08] File C:\windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll (version 3.0.6920.4902) is installed on the system
[09/18/14,17:21:08] File C:\windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll (version 3.0.6920.4902) is installed on the system
[09/18/14,17:21:09] File C:\windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll (version 3.0.6920.4902) is installed on the system
[09/18/14,17:21:09] File C:\windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll (version 3.0.6920.4902) is installed on the system
[09/18/14,17:21:09] File C:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll (version 3.0.6920.5005) is installed on the system
[09/18/14,17:21:09] File C:\windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll (version 3.0.6920.1109) is installed on the system
[09/18/14,17:21:09] File C:\windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll (version 3.0.6920.4902) is installed on the system
[09/18/14,17:21:09] File C:\windows\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll (version 3.0.6920.4902) is installed on the system
[09/18/14,17:21:09] File C:\windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll (version 3.0.6920.4902) is installed on the system
[09/18/14,17:21:09] File C:\windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll (version 3.0.6920.4902) is installed on the system
[09/18/14,17:21:09] File C:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll (version 3.0.6920.5005) is installed on the system
[09/18/14,17:21:09] File C:\windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll (version 3.0.6920.4902) is installed on the system
[09/18/14,17:21:09] File C:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll (version 3.0.4506.4926) is installed on the system
[09/18/14,17:21:09] File C:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMDiagnostics.dll (version 3.0.4506.5007) is installed on the system
[09/18/14,17:21:09] File C:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll (version 3.0.4506.5007) is installed on the system
[09/18/14,17:21:09] File C:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll (version 3.0.4506.4926) is installed on the system
[09/18/14,17:21:09] File C:\windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll (version 3.0.4506.4926) is installed on the system
[09/18/14,17:21:10] File C:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll (version 3.0.4506.5007) is installed on the system
[09/18/14,17:21:10] File C:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll (version 3.0.4506.5007) is installed on the system
[09/18/14,17:21:10] File C:\windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll (version 3.0.4506.4926) is installed on the system
[09/18/14,17:21:10] File C:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll (version 3.0.4506.5007) is installed on the system
[09/18/14,17:21:10] File C:\windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll (version 3.0.4203.4926) is installed on the system
[09/18/14,17:21:10] File C:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll (version 3.0.4203.4926) is installed on the system
[09/18/14,17:21:10] File C:\windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll (version 3.0.4203.4926) is installed on the system
[09/18/14,17:21:10] File C:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.WinFX.targets (no version info) is installed on the system
[09/18/14,17:21:10] File C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe (version 3.0.4506.4926) is installed on the system
[09/18/14,17:21:10] File C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (version 3.0.4506.4926) is installed on the system
[09/18/14,17:21:10] File C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll (version 3.0.4506.4926) is installed on the system
[09/18/14,17:21:11] File C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.Dtc.dll (version 3.0.4506.4926) is installed on the system
[09/18/14,17:21:11] File C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll (version 3.0.4506.4926) is installed on the system
[09/18/14,17:21:11] File C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe (version 3.0.4506.4926) is installed on the system
[09/18/14,17:21:11] File C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll (version 3.0.4506.5007) is installed on the system
[09/18/14,17:21:11] File C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll (version 3.0.4506.5007) is installed on the system
[09/18/14,17:21:11] File C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (version 3.0.4506.4926) is installed on the system
[09/18/14,17:21:11] File C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config (no version info) is installed on the system
[09/18/14,17:21:11] File C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll (version 3.0.4506.5007) is installed on the system
[09/18/14,17:21:11] File C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll (version 3.0.4506.5007) is installed on the system
[09/18/14,17:21:11] File C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll (version 3.0.4506.4926) is installed on the system
[09/18/14,17:21:11] File C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll (version 3.0.4506.5007) is installed on the system
[09/18/14,17:21:11] File C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe (version 3.0.4506.4926) is installed on the system
[09/18/14,17:21:11] File C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\_ServiceModelEndpointPerfCounters.reg (no version info) is installed on the system
[09/18/14,17:21:11] File C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\_ServiceModelEndpointPerfCounters.vrg (no version info) is installed on the system
[09/18/14,17:21:11] File C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\_ServiceModelOperationPerfCounters.reg (no version info) is installed on the system
[09/18/14,17:21:11] File C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\_ServiceModelOperationPerfCounters.vrg (no version info) is installed on the system
[09/18/14,17:21:11] File C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\_ServiceModelServicePerfCounters.reg (no version info) is installed on the system
[09/18/14,17:21:11] File C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\_ServiceModelServicePerfCounters.vrg (no version info) is installed on the system
[09/18/14,17:21:11] File C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\_SMSvcHostPerfCounters.reg (no version info) is installed on the system
[09/18/14,17:21:11] File C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\_SMSvcHostPerfCounters.vrg (no version info) is installed on the system
[09/18/14,17:21:11] File C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\_TransactionBridgePerfCounters.reg (no version info) is installed on the system
[09/18/14,17:21:11] File C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\_TransactionBridgePerfCounters.vrg (no version info) is installed on the system
[09/18/14,17:21:12] File C:\windows\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll (version 3.0.6920.4902) is installed on the system
[09/18/14,17:21:12] File C:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll (version 3.0.6920.4902) is installed on the system
[09/18/14,17:21:12] File C:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll (version 3.0.6920.5005) is installed on the system
[09/18/14,17:21:12] File C:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationUI.dll (version 3.0.6920.4902) is installed on the system
[09/18/14,17:21:12] File C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets (no version info) is installed on the system
[09/18/14,17:21:12] File C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets (no version info) is installed on the system
[09/18/14,17:21:12] File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationBuildTasks.dll (version 3.0.6920.4902) is installed on the system
[09/18/14,17:21:12] File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll (version 3.0.6920.5005) is installed on the system
[09/18/14,17:21:12] File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Aero.dll (version 3.0.6920.4902) is installed on the system
[09/18/14,17:21:12] File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Classic.dll (version 3.0.6920.4902) is installed on the system
[09/18/14,17:21:12] File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.dll (version 3.0.6920.5005) is installed on the system
[09/18/14,17:21:12] File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Luna.dll (version 3.0.6920.4902) is installed on the system
[09/18/14,17:21:12] File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Royale.dll (version 3.0.6920.4902) is installed on the system
[09/18/14,17:21:12] File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ReachFramework.dll (version 3.0.6920.5005) is installed on the system
[09/18/14,17:21:12] File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.dll (version 3.0.4506.5007) is installed on the system
[09/18/14,17:21:12] File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.Selectors.dll (version 3.0.4506.4926) is installed on the system
[09/18/14,17:21:12] File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IO.Log.dll (version 3.0.4506.4926) is installed on the system
[09/18/14,17:21:12] File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Printing.dll (version 3.0.6920.5005) is installed on the system
[09/18/14,17:21:13] File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll (version 3.0.4506.5007) is installed on the system
[09/18/14,17:21:13] File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dll (version 3.0.4506.5007) is installed on the system
[09/18/14,17:21:13] File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Speech.dll (version 3.0.6920.1109) is installed on the system
[09/18/14,17:21:13] File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Activities.dll (version 3.0.4203.4926) is installed on the system
[09/18/14,17:21:13] File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.ComponentModel.dll (version 3.0.4203.4926) is installed on the system
[09/18/14,17:21:13] File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Runtime.dll (version 3.0.4203.4926) is installed on the system
[09/18/14,17:21:13] File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationClient.dll (version 3.0.6920.4902) is installed on the system
[09/18/14,17:21:13] File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationClientsideProviders.dll (version 3.0.6920.4902) is installed on the system
[09/18/14,17:21:13] File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationProvider.dll (version 3.0.6920.4902) is installed on the system
[09/18/14,17:21:13] File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationTypes.dll (version 3.0.6920.4902) is installed on the system
[09/18/14,17:21:13] File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WindowsBase.dll (version 3.0.6920.5005) is installed on the system
[09/18/14,17:21:13] File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WindowsFormsIntegration.dll (version 3.0.6920.4902) is installed on the system
[09/18/14,17:21:13] Section [Files - .NET Framework 3.0 (Common)] - stop parsing entries
[09/18/14,17:21:13] Section [Files - .NET Framework 3.0 (32-bit)] - start parsing entries
[09/18/14,17:21:13] File C:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll (version 3.0.6920.5005) is installed on the system
[09/18/14,17:21:13] File C:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll (version 3.0.6920.5005) is installed on the system
[09/18/14,17:21:13] File C:\windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll (version 3.0.4506.4926) is installed on the system
[09/18/14,17:21:13] File C:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.cat (no version info) is installed on the system
[09/18/14,17:21:14] File C:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (version 3.0.6920.4902) is installed on the system
[09/18/14,17:21:14] Section [Files - .NET Framework 3.0 (32-bit)] - stop parsing entries
[09/18/14,17:21:14] Not running action 'Files - .NET Framework 3.0 (64-bit)' for product '.NET Framework 3.5 SP1' because the OS condition does not match
[09/18/14,17:21:14] Section [Files - .NET Framework 3.0 (Vista and higher)] - start parsing entries
[09/18/14,17:21:14] File C:\windows\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe (version 3.0.6920.4902) is installed on the system
[09/18/14,17:21:14] File C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll (version 3.0.4506.4926) is installed on the system
[09/18/14,17:21:14] File C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMConfigInstaller.exe (version 3.0.4506.4926) is installed on the system
[09/18/14,17:21:14] Section [Files - .NET Framework 3.0 (Vista and higher)] - stop parsing entries
[09/18/14,17:21:14] Section [Files - .NET Framework 3.5 (Common)] - start parsing entries
[09/18/14,17:21:14] File C:\windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll (version 3.5.30729.4926) is installed on the system
[09/18/14,17:21:14] File C:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll (version 3.5.30729.4926) is installed on the system
[09/18/14,17:21:14] File C:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll (version 3.5.30729.4926) is installed on the system
[09/18/14,17:21:14] File C:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll (version 3.5.30729.4926) is installed on the system
[09/18/14,17:21:14] File C:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll (version 3.5.30729.4926) is installed on the system
[09/18/14,17:21:14] File C:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll (version 3.5.30729.5005) is installed on the system
[09/18/14,17:21:14] File C:\windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll (version 3.5.30729.4926) is installed on the system
[09/18/14,17:21:14] File C:\windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll (version 3.5.30729.4926) is installed on the system
[09/18/14,17:21:14] File C:\windows\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll (version 3.5.30729.4926) is installed on the system
[09/18/14,17:21:14] File C:\windows\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll (version 3.5.30729.4926) is installed on the system
[09/18/14,17:21:14] File C:\windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll (version 3.5.30729.4926) is installed on the system
[09/18/14,17:21:14] File C:\windows\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll (version 3.5.30729.4926) is installed on the system
[09/18/14,17:21:14] File C:\windows\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll (version 3.5.30729.4926) is installed on the system
[09/18/14,17:21:15] File C:\windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll (version 3.5.594.4926) is installed on the system
[09/18/14,17:21:15] File C:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll (version 3.5.30729.4958) is installed on the system
[09/18/14,17:21:15] File C:\windows\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll (version 3.5.30729.4926) is installed on the system
[09/18/14,17:21:15] File C:\windows\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll (version 3.5.30729.4926) is installed on the system
[09/18/14,17:21:15] File C:\windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll (version 3.5.594.4926) is installed on the system
[09/18/14,17:21:15] File C:\windows\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll (version 3.5.30729.4926) is installed on the system
[09/18/14,17:21:15] File C:\windows\Microsoft.NET\Framework\v3.5\AddInProcess.exe (version 3.5.30729.4926) is installed on the system
[09/18/14,17:21:15] File C:\windows\Microsoft.NET\Framework\v3.5\AddInProcess.exe.config (no version info) is installed on the system
[09/18/14,17:21:15] File C:\windows\Microsoft.NET\Framework\v3.5\AddInProcess32.exe (version 3.5.30729.4926) is installed on the system
[09/18/14,17:21:15] File C:\windows\Microsoft.NET\Framework\v3.5\AddInProcess32.exe.config (no version info) is installed on the system
[09/18/14,17:21:15] File C:\windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe (version 3.5.30729.4926) is installed on the system
[09/18/14,17:21:15] File C:\windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe.config (no version info) is installed on the system
[09/18/14,17:21:15] File C:\windows\Microsoft.NET\Framework\v3.5\csc.exe (version 3.5.30729.4926) is installed on the system
[09/18/14,17:21:15] File C:\windows\Microsoft.NET\Framework\v3.5\csc.exe.config (no version info) is installed on the system
[09/18/14,17:21:15] File C:\windows\Microsoft.NET\Framework\v3.5\csc.rsp (no version info) is installed on the system
[09/18/14,17:21:15] File C:\windows\Microsoft.NET\Framework\v3.5\default.win32manifest (no version info) is installed on the system
[09/18/14,17:21:15] File C:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Build.Tasks.v3.5.dll (version 3.5.30729.4926) is installed on the system
[09/18/14,17:21:16] File C:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Build.xsd (no version info) is installed on the system
[09/18/14,17:21:16] File C:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Common.targets (no version info) is installed on the system
[09/18/14,17:21:16] File C:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Common.Tasks (no version info) is installed on the system
[09/18/14,17:21:16] File C:\windows\Microsoft.NET\Framework\v3.5\Microsoft.CSharp.targets (no version info) is installed on the system
[09/18/14,17:21:16] File C:\windows\Microsoft.NET\Framework\v3.5\Microsoft.VisualBasic.targets (no version info) is installed on the system
[09/18/14,17:21:16] File C:\windows\Microsoft.NET\Framework\v3.5\Microsoft.VisualC.STLCLR.dll (version 9.0.30729.4926) is installed on the system
[09/18/14,17:21:16] File C:\windows\Microsoft.NET\Framework\v3.5\Microsoft.WinFx.targets (no version info) is installed on the system
[09/18/14,17:21:16] File C:\windows\Microsoft.NET\Framework\v3.5\MSBuild.exe (version 3.5.30729.4926) is installed on the system
[09/18/14,17:21:16] File C:\windows\Microsoft.NET\Framework\v3.5\msbuild.exe.config (no version info) is installed on the system
[09/18/14,17:21:16] File C:\windows\Microsoft.NET\Framework\v3.5\MSBuild.rsp (no version info) is installed on the system
[09/18/14,17:21:16] File C:\windows\Microsoft.NET\Framework\v3.5\SqlServer.targets (no version info) is installed on the system
[09/18/14,17:21:16] File C:\windows\Microsoft.NET\Framework\v3.5\vbc.exe (version 9.0.30729.715) is installed on the system
[09/18/14,17:21:16] File C:\windows\Microsoft.NET\Framework\v3.5\vbc.exe.config (no version info) is installed on the system
[09/18/14,17:21:16] File C:\windows\Microsoft.NET\Framework\v3.5\vbc.rsp (no version info) is installed on the system
[09/18/14,17:21:16] File C:\windows\Microsoft.NET\Framework\v3.5\WFServicesReg.exe (version 3.5.594.4926) is installed on the system
[09/18/14,17:21:16] File C:\windows\Microsoft.NET\Framework\v3.5\MSBuild\Microsoft.Build.Commontypes.xsd (no version info) is installed on the system
[09/18/14,17:21:16] File C:\windows\Microsoft.NET\Framework\v3.5\MSBuild\Microsoft.Build.Core.xsd (no version info) is installed on the system
[09/18/14,17:21:16] File C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets (no version info) is installed on the system
[09/18/14,17:21:16] File C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets (no version info) is installed on the system
[09/18/14,17:21:16] File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Conversion.v3.5.dll (version 3.5.30729.4926) is installed on the system
[09/18/14,17:21:16] File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Engine.dll (version 3.5.30729.4926) is installed on the system
[09/18/14,17:21:16] File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Framework.dll (version 3.5.30729.4926) is installed on the system
[09/18/14,17:21:16] File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Utilities.v3.5.dll (version 3.5.30729.4926) is installed on the system
[09/18/14,17:21:16] File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.VisualC.STLCLR.dll (version 9.0.30729.4926) is installed on the system
[09/18/14,17:21:16] File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.AddIn.Contract.dll (version 3.5.30729.4926) is installed on the system
[09/18/14,17:21:16] File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.AddIn.dll (version 3.5.30729.5005) is installed on the system
[09/18/14,17:21:16] File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Core.dll (version 3.5.30729.4926) is installed on the system
[09/18/14,17:21:16] File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.DataSetExtensions.dll (version 3.5.30729.4926) is installed on the system
[09/18/14,17:21:16] File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Linq.dll (version 3.5.30729.4926) is installed on the system
[09/18/14,17:21:16] File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.DirectoryServices.AccountManagement.dll (version 3.5.30729.4926) is installed on the system
[09/18/14,17:21:16] File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Management.Instrumentation.dll (version 3.5.30729.4926) is installed on the system
[09/18/14,17:21:16] File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Net.dll (version 3.5.30729.4926) is installed on the system
[09/18/14,17:21:16] File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.ServiceModel.Web.dll (version 3.5.594.4926) is installed on the system
[09/18/14,17:21:16] File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.Design.dll (version 3.5.30729.4926) is installed on the system
[09/18/14,17:21:16] File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.dll (version 3.5.30729.4958) is installed on the system
[09/18/14,17:21:16] File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Windows.Presentation.dll (version 3.5.30729.4926) is installed on the system
[09/18/14,17:21:16] File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.WorkflowServices.dll (version 3.5.594.4926) is installed on the system
[09/18/14,17:21:16] File C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Xml.Linq.dll (version 3.5.30729.4926) is installed on the system
[09/18/14,17:21:16] Section [Files - .NET Framework 3.5 (Common)] - stop parsing entries
[09/18/14,17:21:16] Section [Files - .NET Framework 3.5 SP1 (32-bit)] - start parsing entries
[09/18/14,17:21:16] Section [Files - .NET Framework 3.5 SP1 (32-bit)] - stop parsing entries
[09/18/14,17:21:16] Not running action 'Files - .NET Framework 3.5 SP1 (64-bit)' for product '.NET Framework 3.5 SP1' because the OS condition does not match
[09/18/14,17:21:17] Section [Registry - .NET Framework 2.0 (Common)] - start parsing entries
[09/18/14,17:21:17] Key: HKLM\SOFTWARE\Microsoft\.NETFramework\policy\standards\v1.0.0
        Value: v2.0.50727
        Expected Data:        50727
        Actual Data:        50727
[09/18/14,17:21:17] Key: HKLM\SOFTWARE\Microsoft\.NETFramework\policy\standards\Standard CLI 2002
        Value: v2.0.50727
        Expected Data:        4095
        Actual Data:        4095
[09/18/14,17:21:17] Key: HKLM\SOFTWARE\Microsoft\.NETFramework\policy\standards\Standard CLI 2005
        Value: v2.0.50727
        Expected Data:        4095
        Actual Data:        4095
[09/18/14,17:21:17] Key: HKLM\SOFTWARE\Microsoft\.NETFramework\policy\upgrades
        Value: 2.0.50727
        Expected Data:        1.0.0-2.0.50727
        Actual Data:        1.0.0-2.0.50727
[09/18/14,17:21:17] Key: HKLM\SOFTWARE\Microsoft\.NETFramework\policy\v2.0
        Value: 50727
        Expected Data:        50727-50727
        Actual Data:        50727-50727
[09/18/14,17:21:17] Key: HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v2.0.50727
        Value: SP
        Actual Data:        REGISTRY VALUE FOUND
[09/18/14,17:21:17] Key: HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v2.0.50727
        Value: Install
        Expected Data:        1
        Actual Data:        1
[09/18/14,17:21:17] Section [Registry - .NET Framework 2.0 (Common)] - stop parsing entries
[09/18/14,17:21:17] Section [Registry - .NET Framework 2.0 (32-bit)] - start parsing entries
[09/18/14,17:21:17] Key: HKLM\SOFTWARE\Microsoft\.NETFramework
        Value: InstallRoot
        Expected Data:        c:\windows\microsoft.net\framework\
        Actual Data:        c:\windows\microsoft.net\framework\
[09/18/14,17:21:17] Section [Registry - .NET Framework 2.0 (32-bit)] - stop parsing entries
[09/18/14,17:21:17] Not running action 'Registry - .NET Framework 2.0 (64-bit)' for product '.NET Framework 3.5 SP1' because the OS condition does not match
[09/18/14,17:21:17] Not running action 'Registry - .NET Framework 2.0 (Wow6432Node)' for product '.NET Framework 3.5 SP1' because the OS condition does not match
[09/18/14,17:21:17] Section [Registry GE - .NET Framework 2.0 SP2 (Common)] - start parsing entries
[09/18/14,17:21:17] Key: HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v2.0.50727
        Value: SP
        Expected Data:        2
        Actual Data:        2
[09/18/14,17:21:17] Section [Registry GE - .NET Framework 2.0 SP2 (Common)] - stop parsing entries
[09/18/14,17:21:17] Section [Registry GE - .NET Framework 2.0 SP2 (32-bit)] - start parsing entries
[09/18/14,17:21:17] Section [Registry GE - .NET Framework 2.0 SP2 (32-bit)] - stop parsing entries
[09/18/14,17:21:17] Not running action 'Registry GE - .NET Framework 2.0 SP2 (64-bit)' for product '.NET Framework 3.5 SP1' because the OS condition does not match
[09/18/14,17:21:17] Section [Registry - .NET Framework 3.0 (Common)] - start parsing entries
[09/18/14,17:21:17] Key: HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v3.0\Setup
        Value: InstallSuccess
        Expected Data:        1
        Actual Data:        1
[09/18/14,17:21:17] Key: HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v3.0\Setup
        Value: Version
        Actual Data:        REGISTRY VALUE FOUND
[09/18/14,17:21:17] Key: HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v3.0\Setup\Windows Communication Foundation
        Value: InstallSuccess
        Expected Data:        1
        Actual Data:        1
[09/18/14,17:21:17] Key: HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v3.0\Setup\Windows Communication Foundation
        Value: Version
        Actual Data:        REGISTRY VALUE FOUND
[09/18/14,17:21:17] Key: HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v3.0\Setup\Windows Presentation Foundation
        Value: ProductVersion
        Actual Data:        REGISTRY VALUE FOUND
[09/18/14,17:21:17] Key: HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v3.0\Setup\Windows Workflow Foundation
        Value: InstallSuccess
        Expected Data:        1
        Actual Data:        1
[09/18/14,17:21:17] Key: HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v3.0\Setup\Windows Workflow Foundation
        Value: FileVersion
        Actual Data:        REGISTRY VALUE FOUND
[09/18/14,17:21:17] Section [Registry - .NET Framework 3.0 (Common)] - stop parsing entries
[09/18/14,17:21:18] Section [Registry - .NET Framework 3.0 (32-bit)] - start parsing entries
[09/18/14,17:21:18] Key: HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v3.0\Setup\Windows Presentation Foundation
        Value: Version
        Actual Data:        REGISTRY VALUE FOUND
[09/18/14,17:21:18] Section [Registry - .NET Framework 3.0 (32-bit)] - stop parsing entries
[09/18/14,17:21:18] Not running action 'Registry - .NET Framework 3.0 (64-bit)' for product '.NET Framework 3.5 SP1' because the OS condition does not match
[09/18/14,17:21:18] Not running action 'Registry - .NET Framework 3.0 (Wow6432Node)' for product '.NET Framework 3.5 SP1' because the OS condition does not match
[09/18/14,17:21:18] Section [Registry GE - .NET Framework 3.0 SP2 (Common)] - start parsing entries
[09/18/14,17:21:18] Key: HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v3.0
        Value: SP
        Expected Data:        2
        Actual Data:        2
[09/18/14,17:21:18] Key: HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v3.0
        Value: Install
        Expected Data:        1
        Actual Data:        1
[09/18/14,17:21:18] Section [Registry GE - .NET Framework 3.0 SP2 (Common)] - stop parsing entries
[09/18/14,17:21:18] Section [Registry GE - .NET Framework 3.0 SP2 (32-bit)] - start parsing entries
[09/18/14,17:21:18] Section [Registry GE - .NET Framework 3.0 SP2 (32-bit)] - stop parsing entries
[09/18/14,17:21:18] Not running action 'Registry GE - .NET Framework 3.0 SP2 (64-bit)' for product '.NET Framework 3.5 SP1' because the OS condition does not match
[09/18/14,17:21:18] Not running action 'Registry GE - .NET Framework 3.0 SP2 (Wow6432Node)' for product '.NET Framework 3.5 SP1' because the OS condition does not match
[09/18/14,17:21:18] Section [Registry - .NET Framework 3.5 (Common)] - start parsing entries
[09/18/14,17:21:18] Key: HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v3.5
        Value: SP
        Actual Data:        REGISTRY VALUE FOUND
[09/18/14,17:21:18] Key: HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v3.5
        Value: Install
        Expected Data:        1
        Actual Data:        1
[09/18/14,17:21:18] Section [Registry - .NET Framework 3.5 (Common)] - stop parsing entries
[09/18/14,17:21:18] Section [Registry - .NET Framework 3.5 (32-bit)] - start parsing entries
[09/18/14,17:21:18] Section [Registry - .NET Framework 3.5 (32-bit)] - stop parsing entries
[09/18/14,17:21:18] Not running action 'Registry - .NET Framework 3.5 (64-bit)' for product '.NET Framework 3.5 SP1' because the OS condition does not match
[09/18/14,17:21:18] Not running action 'Registry - .NET Framework 3.5 (Wow6432Node)' for product '.NET Framework 3.5 SP1' because the OS condition does not match
[09/18/14,17:21:19] Section [Registry GE - .NET Framework 3.5 SP1 (Common)] - start parsing entries
[09/18/14,17:21:19] Key: HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v3.5
        Value: SP
        Expected Data:        1
        Actual Data:        1
[09/18/14,17:21:19] Section [Registry GE - .NET Framework 3.5 SP1 (Common)] - stop parsing entries
[09/18/14,17:21:19] Section [Registry GE - .NET Framework 3.5 SP1 (32-bit)] - start parsing entries
[09/18/14,17:21:19] Section [Registry GE - .NET Framework 3.5 SP1 (32-bit)] - stop parsing entries
[09/18/14,17:21:19] Not running action 'Registry GE - .NET Framework 3.5 SP1 (64-bit)' for product '.NET Framework 3.5 SP1' because the OS condition does not match
[09/18/14,17:21:19] Not running action 'Registry GE - .NET Framework 3.5 SP1 (Wow6432Node)' for product '.NET Framework 3.5 SP1' because the OS condition does not match
[09/18/14,17:21:19] Section [Files - .NET Framework 3.0 SP1AndLater (Common)] - start parsing entries
[09/18/14,17:21:19] Section [Files - .NET Framework 3.0 SP1AndLater (Common)] - stop parsing entries
[09/18/14,17:21:19] Processing custom action 'Custom Action - .NET Framework 2.0 test application'
[09/18/14,17:21:19] ExecutablePath = 'Netfx20TestApplication.exe'
[09/18/14,17:21:19] FriendlyName = '.NET Framework 2.0 test application'
[09/18/14,17:21:19] TimeoutSeconds = '300'
[09/18/14,17:21:19] WaitOnExit = 'true'
[09/18/14,17:21:19] Silent = 'true'
[09/18/14,17:21:19] Launching process 'Netfx20TestApplication.exe' now
[09/18/14,17:21:19] Process successfully launched. Waiting 300 seconds for it to complete.
[09/18/14,17:21:21] Process 'Netfx20TestApplication.exe' exited with return code 0
[09/18/14,17:21:21] Section [Files - .NET Framework netfxperf.dll] - start parsing entries
[09/18/14,17:21:21] File C:\windows\system32\netfxperf.dll (version 4.0.31106.0) is installed on the system
[09/18/14,17:21:21] Section [Files - .NET Framework netfxperf.dll] - stop parsing entries
[09/18/14,17:21:21] Verification succeeded for product .NET Framework 3.5 SP1

Warlord711 19.09.2014 08:06
Hmm, ich glaub es hilft nur noch ein InPlace Upgrade:

Reparaturinstallation / Inplace-Upgrade (Windows 7/8) - Microsoft Community

Zitat:
Was passiert bei der Reparaturinstallation?

Kurz zusammengefasst sichert Windows bei der Reparaturinstallation das momentane Betriebssystem mit allen Einstellungen und Programmen ab. Danach werden die Windowskomponenten noch einmal von einem Windows-Datenträger neu installiert. Programme und Einstellungen bleiben jedoch bei dem Vorgang erhalten. Wenn während der Durchführung Fehler auftreten wird die anfangs erstellte Sicherung wiederhergestellt.

Während der Reparaturinstallation kann theoretisch nicht viel schief gehen, der Prozess sollte jedoch auf keinen Fall unterbrochen werden und es wird in grundsätzlich empfohlen die persönlichen Daten vorher zu sichern.

Im Anschluss an die Reparaturinstallation sollten die Windows-Updates durchgeführt werden, denn das System ist wieder auf dem Stand des entsprechenden Installationsdatenträgers. Bei Windows 7 ist es ratsam gleich das Service Pack 1 (32-Bit / 64-Bit) zu installieren, wenn dieses noch nicht im Installationsdatenträger enthalten war.

Anschließend werden dann Updates angeboten, bis das System wieder auf dem neuesten Stand ist, das können mitunter auch weit über 100 Updates sein. Da die Updates aufeinander aufbauen werden auch in der Folgezeit wahrscheinlich noch einige Updates installiert.

Keyssie 19.09.2014 09:54
Das Problem daran ist aber, dass ein Datenträger erwartet wird - also eine DVD mit dem Windows. Dies ist ein Laptop, der zu einem Zeitpunkt gekauft wurde, als die Mitlieferung von Recovery-Disks out war. Habe nur die Möglichkeit direkt von der Festplatte zu recovern. Geht das damit auch, oder muss ich diese ISO-Dateien runterladen und brennen?

Warlord711 19.09.2014 10:02
Lad bitte die passende .iso runter, das müsste bei dir

http://msft-dnl.digitalrivercontent..../X15-65740.iso sein.

Win 7 Home Premium 32 bit auf Deutsch

Keyssie 19.09.2014 14:48
Liste der Anhänge anzeigen (Anzahl: 2)
ich muss mich ja immer mitteilen :-)

upgrade scheint erfolgreich - also ohne Probleme gelaufen zu sein.
Desktop wieder erschienen mit Meldung

"Es wurde festgestellt, dass die .NET Framework-Version 4 repariert werden muss. Starten Sie den Computer erst nach Fertigstellung des Setup."

das läuft erst einmal noch.
Melde mich wieder, sofern es noch Probleme gibt oder, wenn die Updates und das SP1 komplett installiert sind. Das dauert jetzt ja erst einmal eine Weile.

ok. das ging schneller als erwartet....

windows update sagte mir 4 wichtige 11 weitere updates. unter den 4 wichtigen war u.a. das SP1.... alles erfolgreich installiert. jetzt steht da nur noch 11 weitere....

ABER: sollte ich jetzt nicht (nach 2 Neustarts, denn ich musste den IE aktivieren um wieder ins Internet zu kommen) per COmputer --> Eigenschaften sehen, dass SP1 installiert ist?

Keyssie 19.09.2014 16:40
Noch etwas, was mir aufgefallen ist:

Das Wartungscenter behauptet, es sei keine Anti-Virensoftware drauf.
Habe auf Grund dessen einmal versucht Antivir zu starten und es läuft noch. Hab dann auch gleich einmal den Luke gestartet...
1 Fund innerhalb der ersten Hälfte: TR/Crypt.ZPACK.96697
Das nimmt kein Ende...

Keyssie 19.09.2014 17:37
Liste der Anhänge anzeigen (Anzahl: 1)
der einzige Fund... wieder mal OBUPDAT

Warlord711 20.09.2014 16:24
Das ist nur nen Quarantäne-File.

Mach mal Start->Ausführen->
Code:
winver

Keyssie 21.09.2014 17:03
jo. da steht jetzt sp1.... allerdings jetzt auch unter computer-eigenschaften.

wer weiß. gestern abend wurde noch etwas installiert. vielleicht hat da noch etwas gefehlt....

wieso findet Antivir ein Quarantäne-File?
Zum einen dachte ich dass wir das gelöscht/entfernt hatten und zum anderen dachte ich, wenn etwas gefunden und in quarantäne geschickt wurde irgendwann einmal, wird es danach nicht mehr gefunden...

Warlord711 22.09.2014 09:19
Zitat:
Zitat von Keyssie (Beitrag 1362931)
wieso findet Antivir ein Quarantäne-File?
Zum einen dachte ich dass wir das gelöscht/entfernt hatten und zum anderen dachte ich, wenn etwas gefunden und in quarantäne geschickt wurde irgendwann einmal, wird es danach nicht mehr gefunden...
Wieso nicht ?
Wenn ich etwas fixe über FRST, dann wird das erstmal in Quarantäne geschickt, keiner ist unfehlbar und wenn ich was falsches lösche, was dann ?

Am ENDE löschen wir den Rest, auf die Quarantäne. Das Avira die Quarantäne scant ist normal. Die Dateien liegen dort auch nicht verschlüsselt sondern werden nur per zusätzlicher Endung kenntlich und startunfähig gemacht.

Also SP1 ist jetzt vorhanden ?
Das System war ja letzendlich sauber, dann löschen wir die Quarantäne und du bist "frei" :pfeiff:

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems.

Ändere regelmäßig alle deine Passwörter, jetzt, nach der Bereinigung ist ein idealer Zeitpunkt dafür
  • verwende für jede Anwendung und jeden Account ein anderes Passwort
  • ändere regelmäßig dein Passwort, vor allem bei Onlinebanking oder deinem Emailpostfach ist dieses sehr wichtig
  • speichere keine Passwörter auf deinem PC, gib diese nicht an dritte weiter
  • ein sicheres Passwort besteht aus mindestens 8 Zeichen und beinhaltet Groß- und Kleinbuchstaben, Zahlen und Sonderzeichen
  • benutze keine Zahlen- oder Buchstabenkombinationen, ( zB 12345678, qwertzui) auch keine Zahlen oder Buchstabenmuster
  • verwende keine Passwörter die einen Bezug zu dir, deinem Wohnort, Familienmitglied oder Haustier (Geburtsdatum, Postleitzahl, Adresse, Name) haben

Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7 / 8 : Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti-Viren-Programm und zusätzlicher Schutz
  • Gehe sicher, dass du immer nur eine Anti-Viren Software installiert hast und dass diese auch up to date ist!
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion bietet zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • AdwCleaner
    Dieses Tool erkennt eine Vielzahl von Werbeprogrammen (Adware) und unerwümschten Programmen (PUPs).
    Starte das Tool einmal die Woche und lass es laufen. Sollte eine neue Version verfügbar sein, so wird dies angezeigt und du kannst dir die neueste Version direkt auf den Desktop downloaden.
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • WOT (Web of trust)
    Dieses AddOn warnt dich, bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Mozilla Firefox
  • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
  • NoScript
    Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt, wenn Du es bestätigst.
  • AdblockPlus
    Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
    Es spart außerdem Downloadkapazität.


Performance
  • Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
  • Halte dich fern von Registry Cleanern.
    Diese Schaden deinem System mehr als dass sie helfen. Hier ein englischer Link:
    Miekemoes Blogspot ( MVP )


Was du vermeiden solltest:
  • Klicke nicht auf alles, nur weil es dich dazu auffordert und schön bunt ist.
  • Verwende keine P2P oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie z.B. deinFoto.jpg.exe.
  • Lade keine Software von Softonic oder Chip herunter, da diese Installer oft mit Adware oder unerünschter Software versehen sind!



Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen?

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

Keyssie 22.09.2014 16:34
Das ist eigentlich ziemlich einfach....

wenn AntiVir etwas findet und in Quarantäne schickt, sollte der Benutzer danach nicht wieder aufgeschreckt werden, es sei noch ein Virus da. Zumindest müsste ein Hinweis auftauchen, dass es ein sich in Quarantäne befindender Virus ist.
Aber vermutlich wäre das auch so, wenn es per AntiVir in Quarantäne geschickt worden wäre und er findet es nur, weil FRST das anders handhabt,... wie auch immer. ich hoffe ich konnte dir erklären, warum ich es merkwürdig finde, dass in Quarantäne befindliche Viren trotzdem noch gefunden werden.
Werde mal die Säuberungsaktion starten. Danach sollte AntiVir das ja nicht mehr finden und gut ist. Hast dich ja auch schon lange genug mit diesem Thema beschäftigen müssen.
Bin wirklich froh, dass wir es geschafft haben ohne den PC neu installieren zu müssen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:31 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131