| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Bundeskriminalamt TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
07.09.2014, 12:02
| #1 |
 |  Bundeskriminalamt Trojaner ja, bei Avira habe ich alles deaktiviert, sprich Echtzeitscanner und Firewall auf OFF geschaltet. Hier das Log: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:31-08-2014 02
Ran by user at 2014-09-07 12:58:49 Run:1
Running from C:\Users\user\Desktop\Trojanercheck
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
cmd: type "c:\windows\softwaredistribution\ReportingEvents.txt"
*****************
========= type "c:\windows\softwaredistribution\ReportingEvents.txt" =========
Das System kann die angegebene Datei nicht finden.
========= End of CMD: =========
==== End of Fixlog ====
|
|
10.09.2014, 07:31
| #2 |
| | Bundeskriminalamt TrojanerCode:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-09-10 08:29:02
Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0001 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\user\AppData\Local\Temp\kxldapob.sys
---- System - GMER 2.1 ----
SSDT 8E403556 ZwCreateSection
SSDT 8E403560 ZwRequestWaitReplyPort
SSDT 8E40355B ZwSetContextThread
SSDT 8E403565 ZwSetSecurityObject
SSDT 8E40356A ZwSystemDebugControl
SSDT 8E4034F7 ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntoskrnl.exe!ZwRollbackTransaction + 13F5 82C538A9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82C73302 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 14B7 82C7A684 4 Bytes [56, 35, 40, 8E]
.text ntoskrnl.exe!KeRemoveQueueEx + 1813 82C7A9E0 4 Bytes [60, 35, 40, 8E]
.text ntoskrnl.exe!KeRemoveQueueEx + 1857 82C7AA24 4 Bytes [5B, 35, 40, 8E]
.text ntoskrnl.exe!KeRemoveQueueEx + 18D3 82C7AAA0 4 Bytes [65, 35, 40, 8E]
.text ntoskrnl.exe!KeRemoveQueueEx + 1927 82C7AAF4 4 Bytes [6A, 35, 40, 8E]
.text ...
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@LazyCheckPointUpdateInterval 604800
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
|
10.09.2014, 07:46
| #3 |
| /// TB-Ausbilder   | Bundeskriminalamt Trojaner Sorry, die Avira Meldung beunruhigt mich etwas, deshalb noch ein paar Schritte:
__________________Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Und bitte neue FRST Logs. Haken setzen bei addition.txt dann auf Scan klicken 
__________________ |
|
10.09.2014, 15:17
| #4 |
| | Bundeskriminalamt Trojaner So.... Ich schreib das schon einmal hierhin, da ich zwar nicht gesehen habe, dass Antivir abgeschaltet sein soll währen aswMBR läuft... (hatte nur deine Kurzanleitung beachtet), aber auch nicht sicher bin, dass die Kombination der Programme das hervorgerufen hat. Avira ist aufgepoppt mit C:\Users\user}AppData\Local...\ljz0ogk4kg[1].htm mit dem unerwünschten Programm ÄJS/Axpergle.EB.52'... While aswMBR lief. Ich lass aswMBR gleich noch einmal laufen ohne dass Antivir läuft.... Und danach den Rest.... Wieviel von dem, was ich hier poste kann man eigentlich aktiv nutzen um auf meinem Rechner zu landen? Edit: bevor ich es deaktivieren konnte poppte es noch einmal auf (diesemal war aswMbR schon durchgelaufen. obupdat.exe mit TR/Crypt.ZPACK.96.96697 das Antivirenprogramm abzuschalten, wenn dauernd so etwas aufpoppt ist irgendwie nicht so ganz meine Sache.... also: Log1 mit Avast an: Code:
ATTFilter aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-09-10 15:41:09
-----------------------------
15:41:09.958 OS Version: Windows 6.1.7600
15:41:09.958 Number of processors: 2 586 0x170A
15:41:09.958 ComputerName: USER-PC UserName: user
15:41:10.629 Initialize success
15:41:10.629 VM: initialized successfully
15:41:10.645 VM: Intel CPU virtualization not supported
15:42:28.255 AVAST engine defs: 14091000
15:43:05.555 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:43:05.555 Disk 0 Vendor: ST950032 0001 Size: 476940MB BusType: 3
15:43:05.758 Disk 0 MBR read successfully
15:43:05.758 Disk 0 MBR scan
15:43:05.773 Disk 0 unknown MBR code
15:43:05.789 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
15:43:05.820 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31459328
15:43:05.820 Disk 0 default boot code
15:43:05.851 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 230738 MB offset 31664128
15:43:05.867 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 230740 MB offset 504215552
15:43:05.882 Disk 0 scanning sectors +976771072
15:43:06.226 Disk 0 scanning C:\windows\system32\drivers
15:43:26.116 Service scanning
15:44:23.867 Modules scanning
15:44:48.219 Disk 0 trace - called modules:
15:44:48.234
15:44:55.816 AVAST engine scan C:\windows
15:45:06.471 AVAST engine scan C:\windows\system32
15:49:49.720 AVAST engine scan C:\windows\system32\drivers
15:50:05.258 AVAST engine scan C:\Users\user
15:56:05.788 AVAST engine scan C:\ProgramData
15:56:48.782 Scan finished successfully
15:57:38.811 Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\Trojanercheck\MBR.dat"
15:57:38.811 The log file has been saved successfully to "C:\Users\user\Desktop\Trojanercheck\aswMBR_sicherung1.txt"
Code:
ATTFilter aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-09-10 15:41:09
-----------------------------
15:41:09.958 OS Version: Windows 6.1.7600
15:41:09.958 Number of processors: 2 586 0x170A
15:41:09.958 ComputerName: USER-PC UserName: user
15:41:10.629 Initialize success
15:41:10.629 VM: initialized successfully
15:41:10.645 VM: Intel CPU virtualization not supported
15:42:28.255 AVAST engine defs: 14091000
15:43:05.555 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:43:05.555 Disk 0 Vendor: ST950032 0001 Size: 476940MB BusType: 3
15:43:05.758 Disk 0 MBR read successfully
15:43:05.758 Disk 0 MBR scan
15:43:05.773 Disk 0 unknown MBR code
15:43:05.789 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
15:43:05.820 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31459328
15:43:05.820 Disk 0 default boot code
15:43:05.851 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 230738 MB offset 31664128
15:43:05.867 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 230740 MB offset 504215552
15:43:05.882 Disk 0 scanning sectors +976771072
15:43:06.226 Disk 0 scanning C:\windows\system32\drivers
15:43:26.116 Service scanning
15:44:23.867 Modules scanning
15:44:48.219 Disk 0 trace - called modules:
15:44:48.234
15:44:55.816 AVAST engine scan C:\windows
15:45:06.471 AVAST engine scan C:\windows\system32
15:49:49.720 AVAST engine scan C:\windows\system32\drivers
15:50:05.258 AVAST engine scan C:\Users\user
15:56:05.788 AVAST engine scan C:\ProgramData
15:56:48.782 Scan finished successfully
15:57:38.811 Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\Trojanercheck\MBR.dat"
15:57:38.811 The log file has been saved successfully to "C:\Users\user\Desktop\Trojanercheck\aswMBR_sicherung1.txt"
16:01:26.876 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:01:26.892 Disk 0 Vendor: ST950032 0001 Size: 476940MB BusType: 3
16:01:27.157 Disk 0 MBR read successfully
16:01:27.172 Disk 0 MBR scan
16:01:27.172 Disk 0 unknown MBR code
16:01:27.204 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
16:01:27.219 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31459328
16:01:27.250 Disk 0 default boot code
16:01:27.266 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 230738 MB offset 31664128
16:01:27.297 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 230740 MB offset 504215552
16:01:27.313 Disk 0 scanning sectors +976771072
16:01:27.625 Disk 0 scanning C:\windows\system32\drivers
16:01:45.612 Service scanning
16:02:10.790 Modules scanning
16:02:26.874 Disk 0 trace - called modules:
16:02:26.905
16:02:27.794 AVAST engine scan C:\windows
16:02:36.748 AVAST engine scan C:\windows\system32
16:05:46.055 AVAST engine scan C:\windows\system32\drivers
16:05:59.658 AVAST engine scan C:\Users\user
16:08:36.688 File: C:\Users\user\AppData\Local\Temp\Low\obupdat.exe **INFECTED** Win32:Rootkit-gen [Rtk]
16:10:55.138 AVAST engine scan C:\ProgramData
16:11:30.893 Scan finished successfully
16:13:09.127 Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\Trojanercheck\MBR.dat"
16:13:09.127 The log file has been saved successfully to "C:\Users\user\Desktop\Trojanercheck\aswMBR.txt"
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-09-2014
Ran by user (administrator) on USER-PC on 10-09-2014 16:13:31
Running from C:\Users\user\Desktop\Trojanercheck
Platform: Microsoft Windows 7 Home Premium (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
() C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_12_0_0_70_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Program Files\Samsung\Samsung Update Plus\SUPNotifier.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7711264 2009-08-19] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1541416 2009-07-15] (Synaptics Incorporated)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-14] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-771618654-3341757510-301361698-1000\...\MountPoints2: {7059c972-c02c-11de-a172-806e6f6e6963} - E:\setup\rsrc\Autorun.exe
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: PDF Architect 2 -> C:\Program Files\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
Chrome:
=======
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1021520 2014-08-14] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-14] (Microsoft Corporation)
R2 OberonGameConsoleService; C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [44312 2009-08-13] ()
S3 PDF Architect 2; C:\Program Files\PDF Architect 2\ws.exe [1771560 2014-06-26] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files\PDF Architect 2\crash-handler-ws.exe [861736 2014-06-26] (pdfforge GmbH)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [97648 2014-07-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [136216 2014-06-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\windows\System32\DRIVERS\avnetflt.sys [35848 2014-07-24] (Avira Operations GmbH & Co. KG)
R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2013-12-09] (Avira GmbH)
S3 MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys [X]
U3 aswMBR; \??\C:\Users\user\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\user\AppData\Local\Temp\aswVmm.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-08 17:14 - 2014-09-08 17:14 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-07 14:27 - 2014-09-07 14:29 - 00005639 _____ () C:\Users\user\Desktop\Rote Grütze.txt
2014-09-07 12:58 - 2014-09-10 16:13 - 00000000 ____D () C:\FRST
2014-09-06 08:42 - 2014-09-06 08:42 - 00000689 _____ () C:\Users\user\Desktop\updatefix.bat
2014-09-05 13:48 - 2014-09-05 13:50 - 00000000 ____D () C:\windows\SoftwareDistribution.old
2014-09-05 12:55 - 2014-09-05 12:55 - 00000207 _____ () C:\windows\tweaking.com-regbackup-USER-PC-Microsoft-Windows-7-Home-Premium-(32-bit).dat
2014-09-05 12:55 - 2014-09-05 12:55 - 00000000 ____D () C:\RegBackup
2014-09-05 12:20 - 2014-09-05 12:20 - 07489465 _____ () C:\Users\user\Downloads\tweaking.com_windows_repair_aio[1].zip
2014-09-05 09:04 - 2014-09-05 09:05 - 231030439 _____ () C:\Users\user\Downloads\Windows6.1-KB947821-v33-x86 (2).msu
2014-09-04 21:29 - 2014-09-04 21:30 - 00000720 _____ () C:\DelFix.txt
2014-09-04 21:28 - 2014-09-04 21:28 - 00000000 _____ () C:\Users\user\Desktop\Neues Textdokument.txt
2014-09-04 20:55 - 2014-09-04 20:58 - 563934504 _____ (Microsoft Corporation) C:\Users\user\Downloads\windows6.1-KB976932-X86.exe
2014-09-04 20:21 - 2014-09-04 20:23 - 231030439 _____ () C:\Users\user\Downloads\Windows6.1-KB947821-v33-x86 (1).msu
2014-09-04 20:17 - 2014-09-04 20:17 - 00002278 _____ () C:\Users\user\AppData\Local\recently-used.xbel
2014-09-04 19:28 - 2014-09-04 19:28 - 00000000 ____D () C:\windows\system32\EventProviders
2014-09-04 17:57 - 2014-09-04 17:57 - 00000000 ____D () C:\windows\CheckSur
2014-09-04 17:53 - 2014-09-04 17:54 - 231030439 _____ () C:\Users\user\Downloads\Windows6.1-KB947821-v33-x86.msu
2014-09-03 17:12 - 2014-09-03 17:12 - 00000000 ____D () C:\Program Files\ESET
2014-09-03 11:49 - 2014-09-03 11:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-03 11:43 - 2014-09-04 21:29 - 00000000 ____D () C:\windows\ERUNT
2014-09-02 19:27 - 2014-09-10 16:13 - 00000000 ____D () C:\Users\user\Desktop\Trojanercheck
2014-09-02 16:15 - 2014-09-02 16:15 - 00000000 ____D () C:\windows\pss
2014-09-02 13:41 - 2014-09-02 13:41 - 00000000 ____D () C:\windows\PIF
2014-08-26 19:41 - 2014-08-26 19:41 - 00000000 ____D () C:\ProgramData\Arcade Lab
2014-08-15 10:16 - 2014-09-08 17:14 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-15 10:13 - 2014-08-07 03:35 - 00410112 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-08-15 10:13 - 2014-08-07 03:32 - 00303104 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-08-14 18:09 - 2014-08-14 18:09 - 00000000 ____D () C:\Users\user\Documents\PDF Architect 2
2014-08-14 18:09 - 2014-08-14 18:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2
2014-08-14 18:09 - 2014-08-14 18:09 - 00000000 ____D () C:\Program Files\PDF Architect 2
2014-08-14 18:08 - 2014-08-14 18:10 - 00000000 ____D () C:\Program Files\PDFCreator
2014-08-14 18:08 - 2014-08-14 18:08 - 00000000 ____D () C:\ProgramData\PDF Architect 2
2014-08-14 18:08 - 2014-08-14 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-08-14 18:08 - 2014-04-25 17:44 - 00662288 _____ (Microsoft Corporation) C:\windows\system32\MSCOMCT2.OCX
2014-08-14 18:08 - 2014-04-25 17:44 - 00137000 _____ (Microsoft Corporation) C:\windows\system32\MSMAPI32.OCX
2014-08-14 18:08 - 2014-04-25 17:44 - 00095416 _____ (pdfforge GmbH) C:\windows\system32\pdfcmon.dll
2014-08-14 18:08 - 2014-04-25 17:44 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\MSMPIDE.DLL
2014-08-14 18:08 - 1998-07-06 18:56 - 00125712 _____ (Microsoft Corporation) C:\windows\system32\VB6DE.DLL
2014-08-14 18:08 - 1998-07-06 18:55 - 00158208 _____ (Microsoft Corporation) C:\windows\system32\MSCMCDE.DLL
2014-08-14 18:08 - 1998-07-06 18:55 - 00064512 _____ (Microsoft Corporation) C:\windows\system32\MSCC2DE.DLL
2014-08-13 17:06 - 2014-08-13 17:06 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Brother
2014-08-11 18:49 - 2014-08-11 18:52 - 00000000 ____D () C:\Users\user\Documents\Gramps
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-10 16:13 - 2014-09-07 12:58 - 00000000 ____D () C:\FRST
2014-09-10 16:13 - 2014-09-02 19:27 - 00000000 ____D () C:\Users\user\Desktop\Trojanercheck
2014-09-10 15:45 - 2009-09-22 07:23 - 01226358 _____ () C:\windows\WindowsUpdate.log
2014-09-10 15:41 - 2009-07-14 06:34 - 00020400 _____ () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-10 15:41 - 2009-07-14 06:34 - 00020400 _____ () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-10 15:40 - 2009-07-26 22:06 - 01759924 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-10 15:36 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-10 15:36 - 2009-07-14 06:39 - 00061743 _____ () C:\windows\setupact.log
2014-09-08 17:14 - 2014-09-08 17:14 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-08 17:14 - 2014-08-15 10:16 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-08 17:14 - 2014-01-05 15:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-08 17:14 - 2014-01-05 15:07 - 00000000 ____D () C:\Program Files\Avira
2014-09-07 14:29 - 2014-09-07 14:27 - 00005639 _____ () C:\Users\user\Desktop\Rote Grütze.txt
2014-09-07 12:15 - 2009-09-22 07:48 - 00740366 _____ () C:\windows\PFRO.log
2014-09-06 08:42 - 2014-09-06 08:42 - 00000689 _____ () C:\Users\user\Desktop\updatefix.bat
2014-09-05 13:50 - 2014-09-05 13:48 - 00000000 ____D () C:\windows\SoftwareDistribution.old
2014-09-05 13:48 - 2009-12-05 20:11 - 00109280 _____ () C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-05 13:44 - 2009-07-14 06:33 - 00412776 _____ () C:\windows\system32\FNTCACHE.DAT
2014-09-05 12:55 - 2014-09-05 12:55 - 00000207 _____ () C:\windows\tweaking.com-regbackup-USER-PC-Microsoft-Windows-7-Home-Premium-(32-bit).dat
2014-09-05 12:55 - 2014-09-05 12:55 - 00000000 ____D () C:\RegBackup
2014-09-05 12:20 - 2014-09-05 12:20 - 07489465 _____ () C:\Users\user\Downloads\tweaking.com_windows_repair_aio[1].zip
2014-09-05 09:05 - 2014-09-05 09:04 - 231030439 _____ () C:\Users\user\Downloads\Windows6.1-KB947821-v33-x86 (2).msu
2014-09-04 21:30 - 2014-09-04 21:29 - 00000720 _____ () C:\DelFix.txt
2014-09-04 21:29 - 2014-09-03 11:43 - 00000000 ____D () C:\windows\ERUNT
2014-09-04 21:28 - 2014-09-04 21:28 - 00000000 _____ () C:\Users\user\Desktop\Neues Textdokument.txt
2014-09-04 20:58 - 2014-09-04 20:55 - 563934504 _____ (Microsoft Corporation) C:\Users\user\Downloads\windows6.1-KB976932-X86.exe
2014-09-04 20:23 - 2014-09-04 20:21 - 231030439 _____ () C:\Users\user\Downloads\Windows6.1-KB947821-v33-x86 (1).msu
2014-09-04 20:17 - 2014-09-04 20:17 - 00002278 _____ () C:\Users\user\AppData\Local\recently-used.xbel
2014-09-04 19:28 - 2014-09-04 19:28 - 00000000 ____D () C:\windows\system32\EventProviders
2014-09-04 17:57 - 2014-09-04 17:57 - 00000000 ____D () C:\windows\CheckSur
2014-09-04 17:54 - 2014-09-04 17:53 - 231030439 _____ () C:\Users\user\Downloads\Windows6.1-KB947821-v33-x86.msu
2014-09-03 17:12 - 2014-09-03 17:12 - 00000000 ____D () C:\Program Files\ESET
2014-09-03 12:05 - 2009-07-14 06:52 - 00000000 ____D () C:\windows\twain_32
2014-09-03 11:49 - 2014-09-03 11:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-02 17:16 - 2014-01-14 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Purplehills
2014-09-02 16:15 - 2014-09-02 16:15 - 00000000 ____D () C:\windows\pss
2014-09-02 13:41 - 2014-09-02 13:41 - 00000000 ____D () C:\windows\PIF
2014-09-01 12:36 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\NDF
2014-08-29 19:46 - 2014-01-14 10:56 - 00000000 ____D () C:\Users\user\Documents\2014
2014-08-26 19:41 - 2014-08-26 19:41 - 00000000 ____D () C:\ProgramData\Arcade Lab
2014-08-23 16:14 - 2014-02-04 21:59 - 00000000 ____D () C:\Users\user\Documents\gothic3
2014-08-15 11:13 - 2014-06-25 20:55 - 00000000 ____D () C:\windows\system32\MRT
2014-08-15 11:11 - 2014-06-25 20:55 - 96303304 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-08-15 11:10 - 2014-07-09 19:05 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-08-15 10:16 - 2014-01-05 15:07 - 00000000 ____D () C:\ProgramData\Avira
2014-08-14 18:10 - 2014-08-14 18:08 - 00000000 ____D () C:\Program Files\PDFCreator
2014-08-14 18:09 - 2014-08-14 18:09 - 00000000 ____D () C:\Users\user\Documents\PDF Architect 2
2014-08-14 18:09 - 2014-08-14 18:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2
2014-08-14 18:09 - 2014-08-14 18:09 - 00000000 ____D () C:\Program Files\PDF Architect 2
2014-08-14 18:08 - 2014-08-14 18:08 - 00000000 ____D () C:\ProgramData\PDF Architect 2
2014-08-14 18:08 - 2014-08-14 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-08-13 17:07 - 2014-01-21 09:23 - 00000432 _____ () C:\windows\BRWMARK.INI
2014-08-13 17:06 - 2014-08-13 17:06 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Brother
2014-08-11 22:34 - 2014-06-25 22:15 - 00000000 ____D () C:\Users\user\Desktop\Gramps
2014-08-11 18:52 - 2014-08-11 18:49 - 00000000 ____D () C:\Users\user\Documents\Gramps
Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-06 09:38
==================== End Of Log ============================
--- --- --- Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-09-2014
Ran by user at 2014-09-10 16:14:08
Running from C:\Users\user\Desktop\Trojanercheck
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader 9.1 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Alice Greenfingers (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version: - Oberon Media)
AnyPC Client (HKLM\...\{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}) (Version: 1.0.0.12 - Doctorsoft)
Atheros Client Installation Program (HKLM\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.1.0805 - Atheros)
Avira (HKLM\...\{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}) (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
BatteryLifeExtender (HKLM\...\{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}) (Version: 1.0.1 - Samsung)
Business Contact Manager für Outlook 2007 SP1 (HKLM\...\Business Contact Manager) (Version: 3.0.7311.0 - Microsoft Corporation)
Business Contact Manager für Outlook 2007 SP1 (Version: 3.0.7311.0 - Microsoft Corporation) Hidden
cadvilla professional 4 (HKLM\...\{DE09BEAB-5EA2-4C02-9D2E-DEC9B9FA885C}_is1) (Version: 4.0.1.9 - Trixl GmbH)
cadvilla Tutorials (HKLM\...\{0C2A6831-1A0A-4FB9-BC50-48332BDF0CF9}) (Version: 1.1.0.5 - Trixl GmbH)
Call of Duty(R) - World at War(TM) (HKLM\...\InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}) (Version: 1.0 - Activision)
Call of Duty(R) - World at War(TM) (Version: 1.0 - Activision) Hidden
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.2907 - CyberLink Corp.)
CyberLink YouCam (Version: 2.0.2907 - CyberLink Corp.) Hidden
Dairy Dash (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version: - Oberon Media)
DirectX for Managed Code Update (Summer 2004) (Version: 9.02.2904 - Microsoft) Hidden
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.0 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM\...\{A7581D39-EA20-4883-A480-80C21047052B}) (Version: 4.0.2 - Samsung)
Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 3.0.0.4 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM\...\{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}) (Version: 4.0.0.2 - Samsung)
Elf Bowling Hawaiian Vacation (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115246907}) (Version: - Oberon Media)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Farm Frenzy 2 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version: - Oberon Media)
Game Pack (HKLM\...\{63eafc52-b963-4297-a7eb-d412944e7065}_is1) (Version: 5.3.0.10 - Oberon Media, Inc.)
Go-Go Gourmet (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}) (Version: - Oberon Media)
Gothic III (HKLM\...\{02B244A2-7F6A-42E8-A36F-8C385D7A1625}) (Version: 1.00.0000 - JoWooD Productions Software AG)
GrampsAIO (HKLM\...\GrampsAIO 4.0.3) (Version: 4.0.3 - The GRAMPS project)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (HKLM\...\{90A40407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8003.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISER) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.3 (HKLM\...\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}) (Version: 2.0.2313.0 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM\...\{95120000-0122-0407-0000-0000000FF1CE}) (Version: 12.0.6423.1000 - Microsoft Corporation)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Professional Hybrid 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40624.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.2.3042.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (HKLM\...\{1D1D8ADC-BF08-4E61-9393-5FA305B16864}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{5C759B74-34F4-43C6-A5D9-039CB754C5E9}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mount&Blade (HKLM\...\Mount&Blade) (Version: - )
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 327.02 (Version: 327.02 - NVIDIA Corporation) Hidden
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.14.17 - NVIDIA Corporation) Hidden
PDF Architect 2 (HKLM\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)
PDF Architect 2 View Module (HKLM\...\{C960FF38-431D-429D-AD1F-FBD12A45B7C5}) (Version: 2.0.17.17583 - pdfforge GmbH)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5919 - Realtek Semiconductor Corp.)
Samsung Recovery Solution 4 (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.3 - Samsung)
Samsung Support Center (HKLM\...\{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}) (Version: 1.0.1 - Samsung)
Samsung Update Plus (HKLM\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.4.12 - Synaptics Incorporated)
TeighaX 3.08.01 (Version: 3.08.01 - Open Design Alliance) Hidden
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.3042.00 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Office 2007 (KB934528) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{2B939677-2FFD-48F6-9075-7BF48CB87C80}) (Version: - )
Update for Office System 2007 Setup (KB929722) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{D8E9BEBD-655F-467D-8176-CA9959C140A3}) (Version: - )
User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8093.805 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
05-09-2014 14:20:13 Windows 7 Service Pack 1
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2014-09-05 13:36 - 00000855 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1CCDF7FB-ACBA-4D0A-87CC-1EFE7E679086} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2009-08-01] (SAMSUNG Electronics co., LTD.)
Task: {31C68D58-AC39-4AF3-8080-45603F50948A} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-09-21] (Samsung Electronics. Co. Ltd.)
Task: {66C32559-3BF4-4CDE-8292-CF653355C3C2} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2009-09-07] (SAMSUNG Electronics)
Task: {A6A4519F-ADA4-443A-82CC-276A5E3522DE} - System32\Tasks\advSRS4 => C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2009-08-06] (SEC)
Task: {C7AD6C6B-CB53-402E-BDED-3E55E922E51C} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2009-05-20] ()
Task: {FCC85F9D-CE13-4427-ABDC-98A596891E6A} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2009-08-23] (Samsung Electronics Co., Ltd.)
Task: {FF520546-9FBB-40D0-B9B4-CEE701894095} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2009-09-08] (Samsung Electronics Co., Ltd.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Loaded Modules (whitelisted) =============
2014-06-25 21:00 - 2013-08-30 01:08 - 00088864 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2009-09-22 07:26 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2009-12-05 20:07 - 2009-08-13 22:58 - 00044312 _____ () C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
2014-08-15 10:16 - 2014-08-27 15:00 - 00052472 _____ () C:\Users\user\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00139056 _____ () C:\Program Files\Avira\My Avira\Avira.OE.NativeCore.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00066864 _____ () C:\Program Files\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2009-09-22 07:24 - 2009-05-20 10:58 - 00650920 _____ () C:\Program Files\Samsung\Samsung Update Plus\SUPNotifier.exe
2009-09-22 07:24 - 2009-05-13 10:51 - 00155648 _____ () C:\Program Files\Samsung\Samsung Update Plus\HMXML.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^program.lnk => C:\windows\pss\program.lnk.Startup
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/09/2014 07:36:49 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (09/09/2014 07:36:35 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (09/08/2014 06:04:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16526, Zeitstempel: 0x52855173
Name des fehlerhaften Moduls: bl-views.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x53ac387f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x590ebe08
ID des fehlerhaften Prozesses: 0xaf4
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3
Error: (09/06/2014 10:23:22 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (09/06/2014 10:23:16 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (09/06/2014 09:39:04 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (09/06/2014 09:38:49 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (09/05/2014 01:45:56 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
Error: (09/05/2014 01:25:55 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: 0x8004100aC:\PROGRAM FILES\MICROSOFT SQL SERVER\90\SHARED\SQLMGMPROVIDERXPSP2UP.MOF
Error: (09/05/2014 01:25:54 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: 0x80041002C:\WINDOWS\SYSTEM32\WBEM\IT-IT\MSFEEDS.MFL
System errors:
=============
Error: (09/10/2014 03:36:53 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Dienst "WMPNetworkSvc" konnte nicht ordnungsgemäß gestartet werden, da ein Fehler "0x80004005" in "CoCreateInstance(CLSID_UPnPDeviceFinder)" aufgetreten ist. Überprüfen Sie, ob der Dienst "UPnPHost" ausgeführt wird und ob die Windows-Komponente "UPnPHost" richtig installiert ist.
Error: (09/10/2014 08:06:38 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073701 fehlgeschlagen: Windows Update Aux
Error: (09/10/2014 08:04:28 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Dienst "WMPNetworkSvc" konnte nicht ordnungsgemäß gestartet werden, da ein Fehler "0x80070420" in "CoCreateInstance(CLSID_UPnPDeviceFinder)" aufgetreten ist. Überprüfen Sie, ob der Dienst "UPnPHost" ausgeführt wird und ob die Windows-Komponente "UPnPHost" richtig installiert ist.
Error: (09/09/2014 06:05:34 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Dienst "WMPNetworkSvc" konnte nicht ordnungsgemäß gestartet werden, da ein Fehler "0x80070420" in "CoCreateInstance(CLSID_UPnPDeviceFinder)" aufgetreten ist. Überprüfen Sie, ob der Dienst "UPnPHost" ausgeführt wird und ob die Windows-Komponente "UPnPHost" richtig installiert ist.
Error: (09/08/2014 10:30:09 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Dienst "WMPNetworkSvc" konnte nicht ordnungsgemäß gestartet werden, da ein Fehler "0x80004005" in "CoCreateInstance(CLSID_UPnPDeviceFinder)" aufgetreten ist. Überprüfen Sie, ob der Dienst "UPnPHost" ausgeführt wird und ob die Windows-Komponente "UPnPHost" richtig installiert ist.
Error: (09/08/2014 07:52:23 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073701 fehlgeschlagen: Windows Update Aux
Error: (09/08/2014 07:50:12 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Dienst "WMPNetworkSvc" konnte nicht ordnungsgemäß gestartet werden, da ein Fehler "0x80004005" in "CoCreateInstance(CLSID_UPnPDeviceFinder)" aufgetreten ist. Überprüfen Sie, ob der Dienst "UPnPHost" ausgeführt wird und ob die Windows-Komponente "UPnPHost" richtig installiert ist.
Error: (09/08/2014 05:08:25 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Dienst "WMPNetworkSvc" konnte nicht ordnungsgemäß gestartet werden, da ein Fehler "0x80004005" in "CoCreateInstance(CLSID_UPnPDeviceFinder)" aufgetreten ist. Überprüfen Sie, ob der Dienst "UPnPHost" ausgeführt wird und ob die Windows-Komponente "UPnPHost" richtig installiert ist.
Error: (09/07/2014 08:12:15 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Dienst "WMPNetworkSvc" konnte nicht ordnungsgemäß gestartet werden, da ein Fehler "0x80004005" in "CoCreateInstance(CLSID_UPnPDeviceFinder)" aufgetreten ist. Überprüfen Sie, ob der Dienst "UPnPHost" ausgeführt wird und ob die Windows-Komponente "UPnPHost" richtig installiert ist.
Error: (09/07/2014 08:11:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz
Percentage of memory in use: 33%
Total physical RAM: 3036.61 MB
Available physical RAM: 2022.74 MB
Total Pagefile: 6069.45 MB
Available Pagefile: 4700.85 MB
Total Virtual: 2047.88 MB
Available Virtual: 1907.22 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:225.33 GB) (Free:186.46 GB) NTFS
Drive d: () (Fixed) (Total:225.33 GB) (Free:207.11 GB) NTFS
Drive e: (CODWAW) (CDROM) (Total:6.82 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 031AA195)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=225.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=225.3 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
10.09.2014, 16:05
| #5 |
| /// TB-Ausbilder | Bundeskriminalamt Trojaner Bitte Avast! ausschalten für diesen Fix: Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\user\AppData\Local\Temp\Low\obupdat.exe
emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Danach bitte mal ein FRST Scan, dort aber vorher bei Registry,Services,Drivers,Processes den Haken innerhalb von Whitelist herausnehmen.
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
|
10.09.2014, 16:25
| #6 |
| | Bundeskriminalamt Trojaner ok 1) FIxtlog.txt Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-09-2014
Ran by user at 2014-09-10 17:14:00 Run:3
Running from C:\Users\user\Desktop\Trojanercheck
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\Users\user\AppData\Local\Temp\Low\obupdat.exe
emptytemp:
*****************
C:\Users\user\AppData\Local\Temp\Low\obupdat.exe => Moved successfully.
EmptyTemp: => Removed 482.6 MB temporary data.
The system needed a reboot.
==== End of Fixlog ====
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-09-2014
Ran by user (administrator) on USER-PC on 10-09-2014 17:17:38
Running from C:\Users\user\Desktop\Trojanercheck
Platform: Microsoft Windows 7 Home Premium (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (All) =========================
(Microsoft Corporation) C:\Windows\System32\smss.exe
(Microsoft Corporation) C:\Windows\System32\csrss.exe
(Microsoft Corporation) C:\Windows\System32\wininit.exe
(Microsoft Corporation) C:\Windows\System32\csrss.exe
(Microsoft Corporation) C:\Windows\System32\services.exe
(Microsoft Corporation) C:\Windows\System32\lsass.exe
(Microsoft Corporation) C:\Windows\System32\lsm.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\winlogon.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\spoolsv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Windows\System32\taskhost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\dwm.exe
(Microsoft Corporation) C:\Windows\explorer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Windows\System32\taskeng.exe
() C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
() C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\sppsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe
(Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Farbar) C:\Users\user\Desktop\Trojanercheck\FRST.exe
==================== Registry (All) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7711264 2009-08-19] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1541416 2009-07-15] (Synaptics Incorporated)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-14] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
HKLM\...\Winlogon: [Userinit] C:\windows\System32\Userinit.exe, [26112 2009-07-14] (Microsoft Corporation)
HKLM\...\Winlogon: [Shell] explorer.exe [2614272 2009-10-31] (Microsoft Corporation)
HKU\S-1-5-19\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1173504 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [93696 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1173504 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [93696 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-771618654-3341757510-301361698-1000\...\MountPoints2: {7059c972-c02c-11de-a172-806e6f6e6963} - E:\setup\rsrc\Autorun.exe
Lsa: [Authentication Packages] msv1_0
Lsa: [Notification Packages] scecli
SecurityProviders: credssp.dll
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No File
ShellIconOverlayIdentifiers: EnhancedStorageShell -> {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} => C:\windows\system32\EhStorShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: SharingPrivate -> {08244EE6-92F0-47f2-9FC9-929BAA2E7235} => C:\windows\system32\ntshrui.dll (Microsoft Corporation)
BootExecute: autocheck autochk *
AlternateShell: cmd.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: PDF Architect 2 -> C:\Program Files\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
Chrome:
=======
==================== Services (All) ========================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 AeLookupSvc; C:\windows\System32\aelupsvc.dll [62464 2009-07-14] (Microsoft Corporation)
S3 ALG; C:\windows\System32\alg.exe [59392 2009-07-14] (Microsoft Corporation)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1021520 2014-08-14] (Avira Operations GmbH & Co. KG)
S3 AppIDSvc; C:\windows\System32\appidsvc.dll [27648 2009-07-14] (Microsoft Corporation)
R3 Appinfo; C:\windows\System32\appinfo.dll [46592 2009-07-14] (Microsoft Corporation)
S3 aspnet_state; C:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [35160 2010-03-18] (Microsoft Corporation)
R2 AudioEndpointBuilder; C:\windows\System32\Audiosrv.dll [473088 2009-07-14] (Microsoft Corporation)
R2 Audiosrv; C:\windows\System32\Audiosrv.dll [473088 2009-07-14] (Microsoft Corporation)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
S3 AxInstSV; C:\windows\System32\AxInstSV.dll [88064 2009-07-14] (Microsoft Corporation)
R2 BcmSqlStartupSvc; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [30312 2008-01-16] (Microsoft Corporation)
S3 BDESVC; C:\windows\System32\bdesvc.dll [76800 2009-07-14] (Microsoft Corporation)
R2 BFE; C:\windows\System32\bfe.dll [493568 2009-07-14] (Microsoft Corporation)
S2 BITS; C:\windows\System32\qmgr.dll [589312 2009-07-14] (Microsoft Corporation)
R3 Browser; C:\windows\System32\browser.dll [102912 2012-07-04] (Microsoft Corporation)
S3 bthserv; C:\windows\system32\bthserv.dll [64512 2009-07-14] (Microsoft Corporation)
S3 CertPropSvc; C:\windows\System32\certprop.dll [67584 2009-07-14] (Microsoft Corporation)
S3 clr_optimization_v2.0.50727_32; C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [66384 2009-06-10] (Microsoft Corporation)
S2 clr_optimization_v4.0.30319_32; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [130384 2010-03-18] (Microsoft Corporation)
S3 COMSysApp; C:\windows\system32\dllhost.exe [7168 2009-07-14] (Microsoft Corporation)
R2 CryptSvc; C:\windows\system32\cryptsvc.dll [139264 2012-06-02] (Microsoft Corporation)
R2 DcomLaunch; C:\windows\system32\rpcss.dll [376320 2009-07-14] (Microsoft Corporation)
S3 defragsvc; C:\windows\System32\defragsvc.dll [218624 2009-07-14] (Microsoft Corporation)
R2 Dhcp; C:\windows\system32\dhcpcore.dll [253440 2009-07-14] (Microsoft Corporation)
R2 Dnscache; C:\windows\System32\dnsrslvr.dll [132608 2011-03-03] (Microsoft Corporation)
S3 dot3svc; C:\windows\System32\dot3svc.dll [214016 2009-07-14] (Microsoft Corporation)
R2 DPS; C:\windows\system32\dps.dll [143360 2009-07-14] (Microsoft Corporation)
R3 EapHost; C:\windows\System32\eapsvc.dll [98304 2009-07-14] (Microsoft Corporation)
S3 EFS; C:\windows\System32\lsass.exe [22528 2011-11-17] (Microsoft Corporation)
S2 ehRecvr; C:\windows\ehome\ehRecvr.exe [556032 2010-08-04] (Microsoft Corporation)
S2 ehSched; C:\windows\ehome\ehsched.exe [94720 2009-07-14] (Microsoft Corporation)
R2 eventlog; C:\windows\System32\wevtsvc.dll [1086464 2009-07-14] (Microsoft Corporation)
R2 EventSystem; C:\windows\system32\es.dll [271360 2009-07-14] (Microsoft Corporation)
S3 Fax; C:\windows\system32\fxssvc.exe [522752 2009-07-14] (Microsoft Corporation)
S3 fdPHost; C:\windows\system32\fdPHost.dll [12800 2009-07-14] (Microsoft Corporation)
R2 FDResPub; C:\windows\system32\fdrespub.dll [28160 2009-07-14] (Microsoft Corporation)
R2 FontCache; C:\windows\system32\FntCache.dll [802304 2011-02-19] (Microsoft Corporation)
S3 FontCache3.0.0.0; C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [42856 2009-06-10] (Microsoft Corporation)
S3 fsssvc; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [704864 2009-08-05] (Microsoft Corporation)
R2 gpsvc; C:\windows\System32\gpsvc.dll [591360 2009-07-14] (Microsoft Corporation)
S3 hidserv; C:\windows\system32\hidserv.dll [49152 2009-07-14] (Microsoft Corporation)
S3 hkmsvc; C:\windows\system32\kmsvc.dll [71168 2009-07-14] (Microsoft Corporation)
S3 HomeGroupListener; C:\windows\system32\ListSvc.dll [194560 2009-07-14] (Microsoft Corporation)
S3 HomeGroupProvider; C:\windows\system32\provsvc.dll [165376 2009-07-14] (Microsoft Corporation)
S3 idsvc; C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [878416 2009-06-10] (Microsoft Corporation)
R2 IKEEXT; C:\windows\System32\ikeext.dll [667136 2009-07-14] (Microsoft Corporation)
S3 IPBusEnum; C:\windows\system32\ipbusenum.dll [78848 2009-07-14] (Microsoft Corporation)
R2 iphlpsvc; C:\windows\System32\iphlpsvc.dll [497152 2009-07-14] (Microsoft Corporation)
R3 KeyIso; C:\windows\system32\lsass.exe [22528 2011-11-17] (Microsoft Corporation)
S3 KtmRm; C:\windows\system32\msdtckrm.dll [308736 2009-07-14] (Microsoft Corporation)
R2 LanmanServer; C:\windows\system32\srvsvc.dll [168448 2010-08-27] (Microsoft Corporation)
R2 LanmanWorkstation; C:\windows\System32\wkssvc.dll [84480 2009-07-14] (Microsoft Corporation)
S3 lltdsvc; C:\windows\System32\lltdsvc.dll [189952 2009-07-14] (Microsoft Corporation)
R2 lmhosts; C:\windows\System32\lmhsvc.dll [18432 2009-07-14] (Microsoft Corporation)
S4 Mcx2Svc; C:\windows\system32\Mcx2Svc.dll [67584 2009-07-14] (Microsoft Corporation)
S3 Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [65824 2006-10-27] (Microsoft Corporation)
R2 MMCSS; C:\windows\system32\mmcss.dll [49664 2009-07-14] (Microsoft Corporation)
R2 MpsSvc; C:\windows\system32\mpssvc.dll [565760 2009-07-14] (Microsoft Corporation)
S3 MSDTC; C:\windows\System32\msdtc.exe [134144 2009-07-14] (Microsoft Corporation)
S3 MSiSCSI; C:\windows\system32\iscsiexe.dll [114688 2009-07-14] (Microsoft Corporation)
S3 msiserver; C:\windows\System32\msiexec.exe [73216 2009-07-14] (Microsoft Corporation)
S3 MSSQL$MSSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29178224 2007-02-10] (Microsoft Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-14] (Microsoft Corporation)
S3 napagent; C:\windows\system32\qagentRT.dll [330240 2009-07-14] (Microsoft Corporation)
S3 Netlogon; C:\windows\system32\lsass.exe [22528 2011-11-17] (Microsoft Corporation)
R3 Netman; C:\windows\System32\netman.dll [280576 2009-07-14] (Microsoft Corporation)
S4 NetMsmqActivator; C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
S4 NetPipeActivator; C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
R3 netprofm; C:\windows\System32\netprofm.dll [360448 2009-07-14] (Microsoft Corporation)
S4 NetTcpActivator; C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
S4 NetTcpPortSharing; C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
R2 NlaSvc; C:\windows\System32\nlasvc.dll [242688 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\windows\system32\nsisvc.dll [19456 2009-07-14] (Microsoft Corporation)
R2 nvsvc; C:\windows\system32\nvvsvc.exe [662816 2013-08-30] (NVIDIA Corporation)
S2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1364256 2013-09-05] (NVIDIA Corporation)
R2 OberonGameConsoleService; C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [44312 2009-08-13] ()
S3 odserv; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [441136 2006-10-26] (Microsoft Corporation)
S3 ose; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [145184 2006-10-26] (Microsoft Corporation)
S3 p2pimsvc; C:\windows\system32\pnrpsvc.dll [269824 2009-07-14] (Microsoft Corporation)
S3 p2psvc; C:\windows\system32\p2psvc.dll [327680 2009-07-14] (Microsoft Corporation)
R2 PcaSvc; C:\windows\System32\pcasvc.dll [154624 2009-07-14] (Microsoft Corporation)
S3 PDF Architect 2; C:\Program Files\PDF Architect 2\ws.exe [1771560 2014-06-26] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files\PDF Architect 2\crash-handler-ws.exe [861736 2014-06-26] (pdfforge GmbH)
S3 pla; C:\windows\system32\pla.dll [1508864 2009-07-14] (Microsoft Corporation)
R2 PlugPlay; C:\windows\system32\umpnpmgr.dll [294912 2011-05-24] (Microsoft Corporation)
S3 PNRPAutoReg; C:\windows\system32\pnrpauto.dll [20480 2009-07-14] (Microsoft Corporation)
S3 PNRPsvc; C:\windows\system32\pnrpsvc.dll [269824 2009-07-14] (Microsoft Corporation)
R3 PolicyAgent; C:\windows\System32\ipsecsvc.dll [350720 2009-07-14] (Microsoft Corporation)
R2 Power; C:\windows\system32\umpo.dll [119808 2009-07-14] (Microsoft Corporation)
R2 ProfSvc; C:\windows\system32\profsvc.dll [163328 2012-05-02] (Microsoft Corporation)
S3 ProtectedStorage; C:\windows\system32\lsass.exe [22528 2011-11-17] (Microsoft Corporation)
S3 QWAVE; C:\windows\system32\qwave.dll [210944 2009-07-14] (Microsoft Corporation)
S3 RasAuto; C:\windows\System32\rasauto.dll [90624 2009-07-14] (Microsoft Corporation)
S3 RasMan; C:\windows\System32\rasmans.dll [285184 2009-07-14] (Microsoft Corporation)
S4 RemoteAccess; C:\windows\System32\mprdim.dll [75264 2009-07-14] (Microsoft Corporation)
S3 RemoteRegistry; C:\windows\system32\regsvc.dll [112640 2009-07-14] (Microsoft Corporation)
R2 RpcEptMapper; C:\windows\System32\RpcEpMap.dll [43520 2009-07-14] (Microsoft Corporation)
S3 RpcLocator; C:\windows\system32\locator.exe [9216 2009-07-14] (Microsoft Corporation)
R2 RpcSs; C:\windows\system32\rpcss.dll [376320 2009-07-14] (Microsoft Corporation)
R2 SamSs; C:\windows\system32\lsass.exe [22528 2011-11-17] (Microsoft Corporation)
S3 SCardSvr; C:\windows\System32\SCardSvr.dll [132608 2009-07-14] (Microsoft Corporation)
R2 Schedule; C:\windows\system32\schedsvc.dll [749056 2010-11-02] (Microsoft Corporation)
S3 SCPolicySvc; C:\windows\System32\certprop.dll [67584 2009-07-14] (Microsoft Corporation)
S3 SDRSVC; C:\windows\System32\SDRSVC.dll [125952 2009-07-14] (Microsoft Corporation)
S3 seclogon; C:\windows\system32\seclogon.dll [21504 2009-07-14] (Microsoft Corporation)
R2 SENS; C:\windows\System32\sens.dll [49664 2009-07-14] (Microsoft Corporation)
S3 SensrSvc; C:\windows\system32\sensrsvc.dll [25088 2009-07-14] (Microsoft Corporation)
S3 SessionEnv; C:\windows\system32\sessenv.dll [99328 2009-07-14] (Microsoft Corporation)
S4 SharedAccess; C:\windows\System32\ipnathlp.dll [300544 2009-07-14] (Microsoft Corporation)
R2 ShellHWDetection; C:\windows\System32\shsvcs.dll [328192 2009-07-14] (Microsoft Corporation)
S3 SNMPTRAP; C:\windows\System32\snmptrap.exe [12800 2009-07-14] (Microsoft Corporation)
R2 Spooler; C:\windows\System32\spoolsv.exe [316928 2010-08-21] (Microsoft Corporation)
R2 sppsvc; C:\windows\system32\sppsvc.exe [3179520 2009-07-14] (Microsoft Corporation)
S3 sppuinotify; C:\windows\system32\sppuinotify.dll [53760 2009-07-14] (Microsoft Corporation)
S4 SQLBrowser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [242544 2007-02-10] (Microsoft Corporation)
R2 SQLWriter; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [89968 2007-02-10] (Microsoft Corporation)
R3 SSDPSRV; C:\windows\System32\ssdpsrv.dll [162816 2009-07-14] (Microsoft Corporation)
S3 SstpSvc; C:\windows\system32\sstpsvc.dll [90112 2009-07-14] (Microsoft Corporation)
R2 StiSvc; C:\windows\System32\wiaservc.dll [462336 2009-07-14] (Microsoft Corporation)
S3 swprv; C:\windows\System32\swprv.dll [313856 2009-07-14] (Microsoft Corporation)
R2 SysMain; C:\windows\system32\sysmain.dll [1169408 2009-07-14] (Microsoft Corporation)
S3 TabletInputService; C:\windows\System32\TabSvc.dll [73728 2009-07-14] (Microsoft Corporation)
S3 TapiSrv; C:\windows\System32\tapisrv.dll [241664 2009-07-14] (Microsoft Corporation)
S3 TBS; C:\windows\System32\tbssvc.dll [55808 2009-07-14] (Microsoft Corporation)
R2 TermService; C:\windows\System32\termsrv.dll [543232 2009-07-14] (Microsoft Corporation)
R2 Themes; C:\windows\system32\themeservice.dll [37376 2009-07-14] (Microsoft Corporation)
S3 THREADORDER; C:\windows\system32\mmcss.dll [49664 2009-07-14] (Microsoft Corporation)
R2 TrkWks; C:\windows\System32\trkwks.dll [77312 2009-07-14] (Microsoft Corporation)
S3 TrustedInstaller; C:\windows\servicing\TrustedInstaller.exe [204800 2009-07-14] (Microsoft Corporation)
S3 UI0Detect; C:\windows\system32\UI0Detect.exe [35840 2009-07-14] (Microsoft Corporation)
R3 upnphost; C:\windows\System32\upnphost.dll [266752 2009-07-14] (Microsoft Corporation)
R2 UxSms; C:\windows\System32\uxsms.dll [29696 2009-07-14] (Microsoft Corporation)
S3 VaultSvc; C:\windows\system32\lsass.exe [22528 2011-11-17] (Microsoft Corporation)
S3 vds; C:\windows\System32\vds.exe [452608 2009-07-14] (Microsoft Corporation)
S3 VSS; C:\windows\system32\vssvc.exe [1025536 2009-07-14] (Microsoft Corporation)
S3 W32Time; C:\windows\system32\w32time.dll [288768 2009-07-14] (Microsoft Corporation)
S3 wbengine; C:\windows\system32\wbengine.exe [1202688 2009-07-14] (Microsoft Corporation)
S3 WbioSrvc; C:\windows\System32\wbiosrvc.dll [151552 2009-07-14] (Microsoft Corporation)
S3 wcncsvc; C:\windows\System32\wcncsvc.dll [276992 2010-09-14] (Microsoft Corporation)
S3 WcsPlugInService; C:\windows\System32\WcsPlugInService.dll [32768 2009-07-14] (Microsoft Corporation)
R3 WdiServiceHost; C:\windows\system32\wdi.dll [76288 2009-07-14] (Microsoft Corporation)
R3 WdiSystemHost; C:\windows\system32\wdi.dll [76288 2009-07-14] (Microsoft Corporation)
S3 WebClient; C:\windows\System32\webclnt.dll [204800 2010-12-21] (Microsoft Corporation)
S3 Wecsvc; C:\windows\system32\wecsvc.dll [147968 2009-07-14] (Microsoft Corporation)
S3 wercplsupport; C:\windows\System32\wercplsupport.dll [61440 2009-07-14] (Microsoft Corporation)
R3 WerSvc; C:\windows\System32\WerSvc.dll [65024 2009-07-14] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
R3 WinHttpAutoProxySvc; C:\windows\system32\winhttp.dll [350720 2010-12-21] (Microsoft Corporation)
R2 Winmgmt; C:\windows\system32\wbem\WMIsvc.dll [168960 2009-07-14] (Microsoft Corporation)
S3 WinRM; C:\windows\system32\WsmSvc.dll [1175040 2009-07-14] (Microsoft Corporation)
R2 Wlansvc; C:\windows\System32\wlansvc.dll [829440 2009-07-14] (Microsoft Corporation)
S3 wmiApSrv; C:\windows\system32\wbem\WmiApSrv.exe [136192 2009-07-14] (Microsoft Corporation)
S2 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1121280 2009-07-14] (Microsoft Corporation)
S3 WPCSvc; C:\windows\System32\wpcsvc.dll [10752 2009-07-14] (Microsoft Corporation)
R3 WPDBusEnum; C:\windows\system32\wpdbusenum.dll [84480 2009-07-14] (Microsoft Corporation)
R2 wscsvc; C:\windows\system32\wscsvc.dll [73728 2010-12-21] (Microsoft Corporation)
R2 WSearch; C:\windows\system32\SearchIndexer.exe [428032 2011-05-04] (Microsoft Corporation)
S2 wuauserv; C:\windows\system32\wuaueng.dll [1933848 2012-06-03] (Microsoft Corporation)
S3 wudfsvc; C:\windows\System32\WUDFSvc.dll [73216 2012-07-26] (Microsoft Corporation)
S3 WwanSvc; C:\windows\System32\wwansvc.dll [185856 2009-07-14] (Microsoft Corporation)
==================== Drivers (All) ==========================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 1394ohci; C:\windows\system32\DRIVERS\1394ohci.sys [163328 2009-07-14] (Microsoft Corporation)
R0 ACPI; C:\windows\System32\DRIVERS\ACPI.sys [274496 2009-07-14] (Microsoft Corporation)
S3 AcpiPmi; C:\windows\system32\DRIVERS\acpipmi.sys [9728 2009-07-14] (Microsoft Corporation)
S3 adp94xx; C:\windows\system32\DRIVERS\adp94xx.sys [422976 2009-07-14] (Adaptec, Inc.)
S3 adpahci; C:\windows\system32\DRIVERS\adpahci.sys [297552 2009-07-14] (Adaptec, Inc.)
S3 adpu320; C:\windows\system32\DRIVERS\adpu320.sys [146512 2009-07-14] (Adaptec, Inc.)
R1 AFD; C:\windows\system32\drivers\afd.sys [338944 2011-04-25] (Microsoft Corporation)
S3 agp440; C:\windows\system32\DRIVERS\agp440.sys [53312 2009-07-14] (Microsoft Corporation)
S3 aic78xx; C:\windows\system32\DRIVERS\djsvs.sys [70720 2009-07-14] (Adaptec, Inc.)
S3 aliide; C:\windows\system32\DRIVERS\aliide.sys [14400 2009-07-14] (Acer Laboratories Inc.)
S3 amdagp; C:\windows\system32\DRIVERS\amdagp.sys [53312 2009-07-14] (Microsoft Corporation)
S3 amdide; C:\windows\system32\DRIVERS\amdide.sys [14912 2009-07-14] (Microsoft Corporation)
S3 AmdK8; C:\windows\system32\DRIVERS\amdk8.sys [55296 2009-07-14] (Microsoft Corporation)
S3 AmdPPM; C:\windows\system32\DRIVERS\amdppm.sys [52736 2009-07-14] (Microsoft Corporation)
S3 amdsata; C:\windows\system32\drivers\amdsata.sys [80256 2011-03-11] (Advanced Micro Devices)
S3 amdsbs; C:\windows\system32\DRIVERS\amdsbs.sys [159312 2009-07-14] (AMD Technologies Inc.)
R0 amdxata; C:\windows\System32\drivers\amdxata.sys [22400 2011-03-11] (Advanced Micro Devices)
S3 AppID; C:\windows\system32\drivers\appid.sys [50176 2009-07-14] (Microsoft Corporation)
S3 arc; C:\windows\system32\DRIVERS\arc.sys [76368 2009-07-14] (Adaptec, Inc.)
S3 arcsas; C:\windows\system32\DRIVERS\arcsas.sys [86608 2009-07-14] (Adaptec, Inc.)
S3 AsyncMac; C:\windows\System32\DRIVERS\asyncmac.sys [17920 2009-07-14] (Microsoft Corporation)
R0 atapi; C:\windows\System32\DRIVERS\atapi.sys [21584 2009-07-14] (Microsoft Corporation)
R3 athr; C:\windows\System32\DRIVERS\athr.sys [2228224 2011-12-13] (Atheros Communications, Inc.)
R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [97648 2014-07-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [136216 2014-06-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\windows\System32\DRIVERS\avnetflt.sys [35848 2014-07-24] (Avira Operations GmbH & Co. KG)
S3 b06bdrv; C:\windows\system32\DRIVERS\bxvbdx.sys [430080 2009-07-14] (Broadcom Corporation)
S3 b57nd60x; C:\windows\System32\DRIVERS\b57nd60x.sys [229888 2009-07-14] (Broadcom Corporation)
R1 Beep; C:\windows\system32\Drivers\Beep.sys [6144 2009-07-14] (Microsoft Corporation)
R1 blbdrive; C:\windows\System32\DRIVERS\blbdrive.sys [35328 2009-07-14] (Microsoft Corporation)
R3 bowser; C:\windows\System32\DRIVERS\bowser.sys [69632 2011-02-23] (Microsoft Corporation)
S3 BrFiltLo; C:\windows\system32\DRIVERS\BrFiltLo.sys [13568 2009-07-14] (Brother Industries, Ltd.)
S3 BrFiltUp; C:\windows\system32\DRIVERS\BrFiltUp.sys [5248 2009-07-14] (Brother Industries, Ltd.)
S3 Brserid; C:\windows\System32\Drivers\Brserid.sys [272128 2009-07-14] (Brother Industries Ltd.)
S3 BrSerWdm; C:\windows\System32\Drivers\BrSerWdm.sys [62336 2009-07-14] (Brother Industries Ltd.)
S3 BrUsbMdm; C:\windows\System32\Drivers\BrUsbMdm.sys [12160 2009-07-14] (Brother Industries Ltd.)
S3 BrUsbSer; C:\windows\System32\Drivers\BrUsbSer.sys [11904 2009-07-14] (Brother Industries Ltd.)
S3 BTHMODEM; C:\windows\system32\DRIVERS\bthmodem.sys [56320 2009-07-14] (Microsoft Corporation)
S4 cdfs; C:\windows\System32\DRIVERS\cdfs.sys [70656 2009-07-14] (Microsoft Corporation)
R1 cdrom; C:\windows\System32\DRIVERS\cdrom.sys [108544 2009-07-14] (Microsoft Corporation)
S3 circlass; C:\windows\system32\DRIVERS\circlass.sys [37888 2009-07-14] (Microsoft Corporation)
R0 CLFS; C:\windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R3 CmBatt; C:\windows\System32\DRIVERS\CmBatt.sys [14080 2009-07-14] (Microsoft Corporation)
S3 cmdide; C:\windows\system32\DRIVERS\cmdide.sys [15952 2009-07-14] (CMD Technology, Inc.)
R0 CNG; C:\windows\System32\Drivers\cng.sys [369336 2012-06-02] (Microsoft Corporation)
R0 Compbatt; C:\windows\System32\DRIVERS\compbatt.sys [19024 2009-07-14] (Microsoft Corporation)
R3 CompositeBus; C:\windows\System32\DRIVERS\CompositeBus.sys [31232 2009-07-14] (Microsoft Corporation)
S4 crcdisk; C:\windows\system32\DRIVERS\crcdisk.sys [22096 2009-07-14] (Microsoft Corporation)
R1 DfsC; C:\windows\System32\Drivers\dfsc.sys [78336 2011-04-27] (Microsoft Corporation)
R1 discache; C:\windows\System32\drivers\discache.sys [32256 2009-07-14] (Microsoft Corporation)
R0 Disk; C:\windows\System32\DRIVERS\disk.sys [57424 2009-07-14] (Microsoft Corporation)
S3 drmkaud; C:\windows\System32\drivers\drmkaud.sys [5120 2009-07-14] (Microsoft Corporation)
R3 DXGKrnl; C:\windows\System32\drivers\dxgkrnl.sys [728448 2010-11-02] (Microsoft Corporation)
S3 ebdrv; C:\windows\system32\DRIVERS\evbdx.sys [3100160 2009-07-14] (Broadcom Corporation)
S3 elxstor; C:\windows\system32\DRIVERS\elxstor.sys [453712 2009-07-14] (Emulex)
S3 ErrDev; C:\windows\system32\DRIVERS\errdev.sys [7168 2009-07-14] (Microsoft Corporation)
S3 exfat; C:\windows\system32\Drivers\exfat.sys [142336 2009-07-14] (Microsoft Corporation)
S3 fastfat; C:\windows\system32\Drivers\fastfat.sys [148480 2009-07-14] (Microsoft Corporation)
S3 fdc; C:\windows\system32\DRIVERS\fdc.sys [25088 2009-07-14] (Microsoft Corporation)
R0 FileInfo; C:\windows\System32\drivers\fileinfo.sys [58448 2009-07-14] (Microsoft Corporation)
S3 Filetrace; C:\windows\System32\drivers\filetrace.sys [28160 2009-07-14] (Microsoft Corporation)
S3 flpydisk; C:\windows\system32\DRIVERS\flpydisk.sys [19968 2009-07-14] (Microsoft Corporation)
R0 FltMgr; C:\windows\System32\drivers\fltmgr.sys [198208 2009-07-14] (Microsoft Corporation)
S3 FsDepends; C:\windows\System32\drivers\FsDepends.sys [46160 2009-07-14] (Microsoft Corporation)
S3 fssfltr; C:\windows\System32\DRIVERS\fssfltr.sys [54632 2009-08-05] (Microsoft Corporation)
U0 Fs_Rec; C:\windows\system32\Drivers\Fs_Rec.sys [19312 2012-03-01] (Microsoft Corporation)
R0 fvevol; C:\windows\System32\DRIVERS\fvevol.sys [195816 2013-01-24] (Microsoft Corporation)
S3 gagp30kx; C:\windows\system32\DRIVERS\gagp30kx.sys [57936 2009-07-14] (Microsoft Corporation)
S3 hcw85cir; C:\windows\system32\drivers\hcw85cir.sys [26624 2009-07-14] (Hauppauge Computer Works, Inc.)
S3 HdAudAddService; C:\windows\System32\drivers\HdAudio.sys [304128 2009-07-14] (Microsoft Corporation)
R3 HDAudBus; C:\windows\System32\DRIVERS\HDAudBus.sys [108544 2009-07-14] (Microsoft Corporation)
S3 HidBatt; C:\windows\system32\DRIVERS\HidBatt.sys [21504 2009-07-14] (Microsoft Corporation)
S3 HidBth; C:\windows\system32\DRIVERS\hidbth.sys [91136 2009-07-14] (Microsoft Corporation)
S3 HidIr; C:\windows\system32\DRIVERS\hidir.sys [37888 2009-07-14] (Microsoft Corporation)
S3 HidUsb; C:\windows\System32\DRIVERS\hidusb.sys [24064 2009-07-14] (Microsoft Corporation)
S3 HpSAMD; C:\windows\system32\DRIVERS\HpSAMD.sys [67152 2009-07-14] (Hewlett-Packard Company)
R3 HTTP; C:\windows\System32\drivers\HTTP.sys [513024 2009-07-14] (Microsoft Corporation)
R0 hwpolicy; C:\windows\System32\drivers\hwpolicy.sys [13904 2009-07-14] (Microsoft Corporation)
R3 i8042prt; C:\windows\System32\DRIVERS\i8042prt.sys [80896 2009-07-14] (Microsoft Corporation)
R0 iaStor; C:\windows\System32\DRIVERS\iaStor.sys [330264 2009-06-04] (Intel Corporation)
S3 iaStorV; C:\windows\system32\drivers\iaStorV.sys [332160 2011-03-11] (Intel Corporation)
S3 igfx; C:\windows\System32\DRIVERS\igdkmd32.sys [4756480 2009-06-10] (Intel Corporation)
S3 iirsp; C:\windows\system32\DRIVERS\iirsp.sys [41040 2009-07-14] (Intel Corp./ICP vortex GmbH)
R3 IntcAzAudAddService; C:\windows\System32\drivers\RTKVHDA.sys [2752352 2009-08-19] (Realtek Semiconductor Corp.)
S3 intelide; C:\windows\system32\DRIVERS\intelide.sys [15424 2009-07-14] (Microsoft Corporation)
R3 intelppm; C:\windows\System32\DRIVERS\intelppm.sys [53760 2009-07-14] (Microsoft Corporation)
S3 IpFilterDriver; C:\windows\System32\DRIVERS\ipfltdrv.sys [58880 2009-07-14] (Microsoft Corporation)
S3 IPMIDRV; C:\windows\system32\DRIVERS\IPMIDrv.sys [65536 2009-07-14] (Microsoft Corporation)
S3 IPNAT; C:\windows\System32\drivers\ipnat.sys [101888 2009-07-14] (Microsoft Corporation)
S3 IRENUM; C:\windows\System32\drivers\irenum.sys [13824 2009-07-14] (Microsoft Corporation)
S3 isapnp; C:\windows\system32\DRIVERS\isapnp.sys [46656 2009-07-14] (Microsoft Corporation)
S3 iScsiPrt; C:\windows\system32\DRIVERS\msiscsi.sys [186960 2009-07-14] (Microsoft Corporation)
R3 kbdclass; C:\windows\System32\DRIVERS\kbdclass.sys [42576 2009-07-14] (Microsoft Corporation)
S3 kbdhid; C:\windows\system32\DRIVERS\kbdhid.sys [28160 2009-07-14] (Microsoft Corporation)
R0 KSecDD; C:\windows\System32\Drivers\ksecdd.sys [67440 2012-06-02] (Microsoft Corporation)
R0 KSecPkg; C:\windows\System32\Drivers\ksecpkg.sys [134000 2012-06-02] (Microsoft Corporation)
R2 lltdio; C:\windows\System32\DRIVERS\lltdio.sys [48128 2009-07-14] (Microsoft Corporation)
S3 LSI_FC; C:\windows\system32\DRIVERS\lsi_fc.sys [95824 2009-07-14] (LSI Corporation)
S3 LSI_SAS; C:\windows\system32\DRIVERS\lsi_sas.sys [89168 2009-07-14] (LSI Corporation)
S3 LSI_SAS2; C:\windows\system32\DRIVERS\lsi_sas2.sys [54864 2009-07-14] (LSI Corporation)
S3 LSI_SCSI; C:\windows\system32\DRIVERS\lsi_scsi.sys [96848 2009-07-14] (LSI Corporation)
R2 luafv; C:\windows\system32\drivers\luafv.sys [86528 2009-07-14] (Microsoft Corporation)
S3 megasas; C:\windows\system32\DRIVERS\megasas.sys [30800 2009-07-14] (LSI Corporation)
S3 MegaSR; C:\windows\system32\DRIVERS\MegaSR.sys [235584 2009-07-14] (LSI Corporation, Inc.)
S3 Modem; C:\windows\System32\drivers\modem.sys [31744 2009-07-14] (Microsoft Corporation)
R3 monitor; C:\windows\System32\DRIVERS\monitor.sys [23552 2009-07-14] (Microsoft Corporation)
R3 mouclass; C:\windows\System32\DRIVERS\mouclass.sys [41552 2009-07-14] (Microsoft Corporation)
S3 mouhid; C:\windows\System32\DRIVERS\mouhid.sys [26112 2009-07-14] (Microsoft Corporation)
R0 mountmgr; C:\windows\System32\drivers\mountmgr.sys [78416 2009-07-14] (Microsoft Corporation)
S3 mpio; C:\windows\system32\DRIVERS\mpio.sys [130624 2009-07-14] (Microsoft Corporation)
R3 mpsdrv; C:\windows\System32\drivers\mpsdrv.sys [60416 2009-07-14] (Microsoft Corporation)
S3 MRxDAV; C:\windows\system32\drivers\mrxdav.sys [115712 2009-07-14] (Microsoft Corporation)
R3 mrxsmb; C:\windows\System32\DRIVERS\mrxsmb.sys [123392 2011-05-04] (Microsoft Corporation)
R3 mrxsmb10; C:\windows\System32\DRIVERS\mrxsmb10.sys [222720 2011-07-09] (Microsoft Corporation)
R3 mrxsmb20; C:\windows\System32\DRIVERS\mrxsmb20.sys [96256 2011-05-04] (Microsoft Corporation)
R0 msahci; C:\windows\System32\DRIVERS\msahci.sys [27712 2009-07-14] (Microsoft Corporation)
S3 msdsm; C:\windows\system32\DRIVERS\msdsm.sys [115792 2009-07-14] (Microsoft Corporation)
R1 Msfs; C:\windows\system32\Drivers\Msfs.sys [22528 2009-07-14] (Microsoft Corporation)
S3 mshidkmdf; C:\windows\System32\drivers\mshidkmdf.sys [4096 2009-07-14] (Microsoft Corporation)
R0 msisadrv; C:\windows\System32\DRIVERS\msisadrv.sys [13888 2009-07-14] (Microsoft Corporation)
S3 MSKSSRV; C:\windows\System32\drivers\MSKSSRV.sys [8320 2009-07-14] (Microsoft Corporation)
S3 MSPCLOCK; C:\windows\System32\drivers\MSPCLOCK.sys [5888 2009-07-14] (Microsoft Corporation)
S3 MSPQM; C:\windows\System32\drivers\MSPQM.sys [5504 2009-07-14] (Microsoft Corporation)
S3 MsRPC; C:\windows\system32\Drivers\MsRPC.sys [162896 2009-07-14] (Microsoft Corporation)
R1 mssmbios; C:\windows\System32\DRIVERS\mssmbios.sys [28240 2009-07-14] (Microsoft Corporation)
S3 MSTEE; C:\windows\System32\drivers\MSTEE.sys [6144 2009-07-14] (Microsoft Corporation)
S3 MTConfig; C:\windows\system32\DRIVERS\MTConfig.sys [12288 2009-07-14] (Microsoft Corporation)
R0 Mup; C:\windows\System32\Drivers\mup.sys [49728 2009-07-14] (Microsoft Corporation)
R3 NativeWifiP; C:\windows\System32\DRIVERS\nwifi.sys [267264 2009-07-14] (Microsoft Corporation)
R0 NDIS; C:\windows\System32\drivers\ndis.sys [710720 2009-07-14] (Microsoft Corporation)
S3 NdisCap; C:\windows\System32\DRIVERS\ndiscap.sys [27136 2009-07-14] (Microsoft Corporation)
R3 NdisTapi; C:\windows\System32\DRIVERS\ndistapi.sys [20992 2009-07-14] (Microsoft Corporation)
R3 Ndisuio; C:\windows\System32\DRIVERS\ndisuio.sys [45568 2009-07-14] (Microsoft Corporation)
R3 NdisWan; C:\windows\System32\DRIVERS\ndiswan.sys [118784 2009-07-14] (Microsoft Corporation)
R3 NDProxy; C:\windows\system32\Drivers\NDProxy.sys [48128 2009-07-14] (Microsoft Corporation)
R1 NetBIOS; C:\windows\System32\DRIVERS\netbios.sys [36352 2009-07-14] (Microsoft Corporation)
R1 NetBT; C:\windows\System32\DRIVERS\netbt.sys [187904 2009-07-14] (Microsoft Corporation)
S3 nfrd960; C:\windows\system32\DRIVERS\nfrd960.sys [44624 2009-07-14] (IBM Corporation)
R1 Npfs; C:\windows\system32\Drivers\Npfs.sys [35328 2009-07-14] (Microsoft Corporation)
R1 nsiproxy; C:\windows\System32\drivers\nsiproxy.sys [16896 2009-07-14] (Microsoft Corporation)
R3 Ntfs; C:\windows\system32\Drivers\Ntfs.sys [1210728 2013-04-12] (Microsoft Corporation)
R1 Null; C:\windows\system32\Drivers\Null.sys [4608 2009-07-14] (Microsoft Corporation)
R3 nvlddmkm; C:\windows\System32\DRIVERS\nvlddmkm.sys [9253664 2013-09-05] (NVIDIA Corporation)
S3 nvraid; C:\windows\system32\drivers\nvraid.sys [117120 2011-03-11] (NVIDIA Corporation)
S3 nvstor; C:\windows\system32\drivers\nvstor.sys [143744 2011-03-11] (NVIDIA Corporation)
S3 nv_agp; C:\windows\system32\DRIVERS\nv_agp.sys [105024 2009-07-14] (Microsoft Corporation)
S3 ohci1394; C:\windows\system32\DRIVERS\ohci1394.sys [62464 2009-07-14] (Microsoft Corporation)
S3 Parport; C:\windows\system32\DRIVERS\parport.sys [79360 2009-07-14] (Microsoft Corporation)
R0 partmgr; C:\windows\System32\drivers\partmgr.sys [56688 2012-03-17] (Microsoft Corporation)
S2 Parvdm; C:\windows\system32\DRIVERS\parvdm.sys [8704 2009-07-14] (Microsoft Corporation)
R0 pci; C:\windows\System32\DRIVERS\pci.sys [153680 2009-07-14] (Microsoft Corporation)
S3 pciide; C:\windows\system32\DRIVERS\pciide.sys [12368 2009-07-14] (Microsoft Corporation)
S3 pcmcia; C:\windows\system32\DRIVERS\pcmcia.sys [180288 2009-07-14] (Microsoft Corporation)
R0 pcw; C:\windows\System32\drivers\pcw.sys [43088 2009-07-14] (Microsoft Corporation)
R2 PEAUTH; C:\windows\System32\drivers\peauth.sys [586752 2009-07-14] (Microsoft Corporation)
R3 PptpMiniport; C:\windows\System32\DRIVERS\raspptp.sys [73728 2009-07-14] (Microsoft Corporation)
S3 Processor; C:\windows\system32\DRIVERS\processr.sys [52224 2009-07-14] (Microsoft Corporation)
R1 Psched; C:\windows\System32\DRIVERS\pacer.sys [104448 2009-07-14] (Microsoft Corporation)
S3 ql2300; C:\windows\system32\DRIVERS\ql2300.sys [1383488 2009-07-14] (QLogic Corporation)
S3 ql40xx; C:\windows\system32\DRIVERS\ql40xx.sys [106064 2009-07-14] (QLogic Corporation)
S3 QWAVEdrv; C:\windows\system32\drivers\qwavedrv.sys [31744 2009-07-14] (Microsoft Corporation)
S3 RasAcd; C:\windows\System32\DRIVERS\rasacd.sys [11776 2009-07-14] (Microsoft Corporation)
R3 RasAgileVpn; C:\windows\System32\DRIVERS\AgileVpn.sys [49152 2009-07-14] (Microsoft Corporation)
R3 Rasl2tp; C:\windows\System32\DRIVERS\rasl2tp.sys [78848 2009-07-14] (Microsoft Corporation)
R3 RasPppoe; C:\windows\System32\DRIVERS\raspppoe.sys [77824 2009-07-14] (Microsoft Corporation)
R3 RasSstp; C:\windows\System32\DRIVERS\rassstp.sys [75264 2009-07-14] (Microsoft Corporation)
R1 rdbss; C:\windows\System32\DRIVERS\rdbss.sys [241664 2009-07-14] (Microsoft Corporation)
S3 rdpbus; C:\windows\system32\DRIVERS\rdpbus.sys [18944 2009-07-14] (Microsoft Corporation)
R1 RDPCDD; C:\windows\System32\DRIVERS\RDPCDD.sys [6656 2009-07-14] (Microsoft Corporation)
R1 RDPENCDD; C:\windows\System32\drivers\rdpencdd.sys [6656 2009-07-14] (Microsoft Corporation)
R1 RDPREFMP; C:\windows\System32\drivers\rdprefmp.sys [7168 2009-07-14] (Microsoft Corporation)
S3 RDPWD; C:\windows\system32\Drivers\RDPWD.sys [177152 2012-04-28] (Microsoft Corporation)
R0 rdyboost; C:\windows\System32\drivers\rdyboost.sys [173648 2009-07-14] (Microsoft Corporation)
R2 rspndr; C:\windows\System32\DRIVERS\rspndr.sys [60928 2009-07-14] (Microsoft Corporation)
R3 RTL8167; C:\windows\System32\DRIVERS\Rt86win7.sys [187392 2009-07-31] (Realtek )
R1 SABI; C:\windows\system32\Drivers\SABI.sys [10752 2009-05-28] (SAMSUNG ELECTRONICS)
S3 sbp2port; C:\windows\system32\DRIVERS\sbp2port.sys [85568 2009-07-14] (Microsoft Corporation)
S3 scfilter; C:\windows\System32\DRIVERS\scfilter.sys [26624 2009-07-14] (Microsoft Corporation)
R2 secdrv; C:\windows\system32\Drivers\secdrv.sys [20480 2009-07-13] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
S3 Serenum; C:\windows\system32\DRIVERS\serenum.sys [17920 2009-07-14] (Microsoft Corporation)
S3 Serial; C:\windows\system32\DRIVERS\serial.sys [83456 2009-07-14] (Microsoft Corporation)
S3 sermouse; C:\windows\system32\DRIVERS\sermouse.sys [19968 2009-07-14] (Microsoft Corporation)
S3 sffdisk; C:\windows\system32\drivers\sffdisk.sys [11264 2009-07-14] (Microsoft Corporation)
S3 sffp_mmc; C:\windows\system32\drivers\sffp_mmc.sys [12288 2009-07-14] (Microsoft Corporation)
S3 sffp_sd; C:\windows\system32\drivers\sffp_sd.sys [12800 2009-10-10] (Microsoft Corporation)
S3 sfloppy; C:\windows\system32\DRIVERS\sfloppy.sys [13824 2009-07-14] (Microsoft Corporation)
S3 sisagp; C:\windows\system32\DRIVERS\sisagp.sys [52304 2009-07-14] (Microsoft Corporation)
S3 SiSRaid2; C:\windows\system32\DRIVERS\SiSRaid2.sys [40016 2009-07-14] (Silicon Integrated Systems Corp.)
S3 SiSRaid4; C:\windows\system32\DRIVERS\sisraid4.sys [77888 2009-07-14] (Silicon Integrated Systems)
S3 Smb; C:\windows\System32\DRIVERS\smb.sys [71168 2009-07-14] (Microsoft Corporation)
R0 spldr; C:\windows\system32\Drivers\spldr.sys [17472 2009-07-14] (Microsoft Corporation)
R3 srv; C:\windows\System32\DRIVERS\srv.sys [311296 2011-04-29] (Microsoft Corporation)
R3 srv2; C:\windows\System32\DRIVERS\srv2.sys [309760 2011-04-29] (Microsoft Corporation)
R3 srvnet; C:\windows\System32\DRIVERS\srvnet.sys [114176 2011-04-29] (Microsoft Corporation)
R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2013-12-09] (Avira GmbH)
S3 stexstor; C:\windows\system32\DRIVERS\stexstor.sys [21072 2009-07-14] (Promise Technology)
R3 swenum; C:\windows\System32\DRIVERS\swenum.sys [12240 2009-07-14] (Microsoft Corporation)
R3 SynTP; C:\windows\System32\DRIVERS\SynTP.sys [212656 2009-07-15] (Synaptics Incorporated)
R1 Tcpip; C:\windows\System32\drivers\tcpip.sys [1287528 2013-01-04] (Microsoft Corporation)
S3 TCPIP6; C:\windows\System32\DRIVERS\tcpip.sys [1287528 2013-01-04] (Microsoft Corporation)
R2 tcpipreg; C:\windows\System32\drivers\tcpipreg.sys [34816 2009-07-14] (Microsoft Corporation)
S3 TDPIPE; C:\windows\System32\drivers\tdpipe.sys [17920 2009-07-14] (Microsoft Corporation)
S3 TDTCP; C:\windows\System32\drivers\tdtcp.sys [24064 2012-02-15] (Microsoft Corporation)
R1 tdx; C:\windows\System32\DRIVERS\tdx.sys [74240 2009-07-14] (Microsoft Corporation)
R1 TermDD; C:\windows\System32\DRIVERS\termdd.sys [51776 2009-07-14] (Microsoft Corporation)
S3 tssecsrv; C:\windows\System32\DRIVERS\tssecsrv.sys [30208 2009-07-14] (Microsoft Corporation)
R3 tunnel; C:\windows\System32\DRIVERS\tunnel.sys [108544 2009-07-14] (Microsoft Corporation)
S3 uagp35; C:\windows\system32\DRIVERS\uagp35.sys [55888 2009-07-14] (Microsoft Corporation)
R4 udfs; C:\windows\System32\DRIVERS\udfs.sys [246784 2009-07-14] (Microsoft Corporation)
S3 uliagpkx; C:\windows\system32\DRIVERS\uliagpkx.sys [57424 2009-07-14] (Microsoft Corporation)
R3 umbus; C:\windows\System32\DRIVERS\umbus.sys [39936 2009-07-14] (Microsoft Corporation)
S3 UmPass; C:\windows\system32\DRIVERS\umpass.sys [8192 2009-07-14] (Microsoft Corporation)
R3 usbccgp; C:\windows\System32\DRIVERS\usbccgp.sys [75776 2011-03-25] (Microsoft Corporation)
S3 usbcir; C:\windows\system32\DRIVERS\usbcir.sys [86016 2009-07-14] (Microsoft Corporation)
R3 usbehci; C:\windows\System32\DRIVERS\usbehci.sys [43008 2011-03-25] (Microsoft Corporation)
R3 usbhub; C:\windows\System32\DRIVERS\usbhub.sys [258560 2011-03-25] (Microsoft Corporation)
S3 usbohci; C:\windows\system32\drivers\usbohci.sys [20480 2011-03-25] (Microsoft Corporation)
S3 usbprint; C:\windows\System32\DRIVERS\usbprint.sys [19968 2009-07-14] (Microsoft Corporation)
S3 USBSTOR; C:\windows\System32\DRIVERS\USBSTOR.SYS [75776 2011-03-11] (Microsoft Corporation)
R3 usbuhci; C:\windows\System32\DRIVERS\usbuhci.sys [24064 2011-03-25] (Microsoft Corporation)
R3 usbvideo; C:\windows\System32\Drivers\usbvideo.sys [146176 2009-07-14] (Microsoft Corporation)
R0 vdrvroot; C:\windows\System32\DRIVERS\vdrvroot.sys [32832 2009-07-14] (Microsoft Corporation)
S3 vga; C:\windows\System32\DRIVERS\vgapnp.sys [26112 2009-07-14] (Microsoft Corporation)
R1 VgaSave; C:\windows\System32\drivers\vga.sys [25088 2009-07-14] (Microsoft Corporation)
S3 vhdmp; C:\windows\system32\DRIVERS\vhdmp.sys [159824 2009-07-14] (Microsoft Corporation)
S3 viaagp; C:\windows\system32\DRIVERS\viaagp.sys [53328 2009-07-14] (Microsoft Corporation)
S3 ViaC7; C:\windows\system32\DRIVERS\viac7.sys [52736 2009-07-14] (Microsoft Corporation)
S3 viaide; C:\windows\system32\DRIVERS\viaide.sys [16976 2009-07-14] (VIA Technologies, Inc.)
R0 volmgr; C:\windows\System32\DRIVERS\volmgr.sys [53312 2009-07-14] (Microsoft Corporation)
R0 volmgrx; C:\windows\System32\drivers\volmgrx.sys [297040 2009-07-14] (Microsoft Corporation)
R0 volsnap; C:\windows\System32\DRIVERS\volsnap.sys [245328 2009-07-14] (Microsoft Corporation)
S3 vsmraid; C:\windows\system32\DRIVERS\vsmraid.sys [141904 2009-07-14] (VIA Technologies Inc.,Ltd)
R3 vwifibus; C:\windows\System32\DRIVERS\vwifibus.sys [19968 2009-07-14] (Microsoft Corporation)
R1 vwififlt; C:\windows\System32\DRIVERS\vwififlt.sys [48128 2009-07-14] (Microsoft Corporation)
S3 WacomPen; C:\windows\system32\DRIVERS\wacompen.sys [21632 2009-07-14] (Microsoft Corporation)
S3 WANARP; C:\windows\System32\DRIVERS\wanarp.sys [63488 2009-07-14] (Microsoft Corporation)
R1 Wanarpv6; C:\windows\System32\DRIVERS\wanarp.sys [63488 2009-07-14] (Microsoft Corporation)
S3 Wd; C:\windows\system32\DRIVERS\wd.sys [19024 2009-07-14] (Microsoft Corporation)
R0 Wdf01000; C:\windows\System32\drivers\Wdf01000.sys [526952 2012-07-26] (Microsoft Corporation)
R1 WfpLwf; C:\windows\System32\DRIVERS\wfplwf.sys [9728 2009-07-14] (Microsoft Corporation)
S3 WIMMount; C:\windows\System32\drivers\wimmount.sys [19008 2009-07-14] (Microsoft Corporation)
U3 Winsock; No ImagePath
S3 WinUsb; C:\windows\System32\DRIVERS\WinUsb.sys [34944 2009-07-14] (Microsoft Corporation)
S3 WmiAcpi; C:\windows\system32\DRIVERS\wmiacpi.sys [11264 2009-07-14] (Microsoft Corporation)
S4 ws2ifsl; C:\windows\system32\drivers\ws2ifsl.sys [16384 2009-07-14] (Microsoft Corporation)
S3 WudfPf; C:\windows\System32\drivers\WudfPf.sys [66560 2012-07-26] (Microsoft Corporation)
S3 WUDFRd; C:\windows\System32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)
U5 BattC; C:\Windows\System32\Drivers\BattC.sys [25168 2009-07-14] (Microsoft Corporation)
S3 MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-10 15:45 - 2014-09-05 03:42 - 00444416 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-09-10 15:45 - 2014-09-05 03:38 - 00303104 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-09-08 17:14 - 2014-09-08 17:14 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-07 14:27 - 2014-09-07 14:29 - 00005639 _____ () C:\Users\user\Desktop\Rote Grütze.txt
2014-09-07 12:58 - 2014-09-10 17:17 - 00000000 ____D () C:\FRST
2014-09-06 08:42 - 2014-09-06 08:42 - 00000689 _____ () C:\Users\user\Desktop\updatefix.bat
2014-09-05 13:48 - 2014-09-05 13:50 - 00000000 ____D () C:\windows\SoftwareDistribution.old
2014-09-05 12:55 - 2014-09-05 12:55 - 00000207 _____ () C:\windows\tweaking.com-regbackup-USER-PC-Microsoft-Windows-7-Home-Premium-(32-bit).dat
2014-09-05 12:55 - 2014-09-05 12:55 - 00000000 ____D () C:\RegBackup
2014-09-05 12:20 - 2014-09-05 12:20 - 07489465 _____ () C:\Users\user\Downloads\tweaking.com_windows_repair_aio[1].zip
2014-09-05 09:04 - 2014-09-05 09:05 - 231030439 _____ () C:\Users\user\Downloads\Windows6.1-KB947821-v33-x86 (2).msu
2014-09-04 21:29 - 2014-09-04 21:30 - 00000720 _____ () C:\DelFix.txt
2014-09-04 21:28 - 2014-09-04 21:28 - 00000000 _____ () C:\Users\user\Desktop\Neues Textdokument.txt
2014-09-04 20:55 - 2014-09-04 20:58 - 563934504 _____ (Microsoft Corporation) C:\Users\user\Downloads\windows6.1-KB976932-X86.exe
2014-09-04 20:21 - 2014-09-04 20:23 - 231030439 _____ () C:\Users\user\Downloads\Windows6.1-KB947821-v33-x86 (1).msu
2014-09-04 20:17 - 2014-09-04 20:17 - 00002278 _____ () C:\Users\user\AppData\Local\recently-used.xbel
2014-09-04 19:28 - 2014-09-04 19:28 - 00000000 ____D () C:\windows\system32\EventProviders
2014-09-04 17:57 - 2014-09-04 17:57 - 00000000 ____D () C:\windows\CheckSur
2014-09-04 17:53 - 2014-09-04 17:54 - 231030439 _____ () C:\Users\user\Downloads\Windows6.1-KB947821-v33-x86.msu
2014-09-03 17:12 - 2014-09-03 17:12 - 00000000 ____D () C:\Program Files\ESET
2014-09-03 11:49 - 2014-09-03 11:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-03 11:43 - 2014-09-04 21:29 - 00000000 ____D () C:\windows\ERUNT
2014-09-02 19:27 - 2014-09-10 17:17 - 00000000 ____D () C:\Users\user\Desktop\Trojanercheck
2014-09-02 16:15 - 2014-09-02 16:15 - 00000000 ____D () C:\windows\pss
2014-09-02 13:41 - 2014-09-02 13:41 - 00000000 ____D () C:\windows\PIF
2014-08-26 19:41 - 2014-08-26 19:41 - 00000000 ____D () C:\ProgramData\Arcade Lab
2014-08-15 10:16 - 2014-09-08 17:14 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-14 18:09 - 2014-08-14 18:09 - 00000000 ____D () C:\Users\user\Documents\PDF Architect 2
2014-08-14 18:09 - 2014-08-14 18:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2
2014-08-14 18:09 - 2014-08-14 18:09 - 00000000 ____D () C:\Program Files\PDF Architect 2
2014-08-14 18:08 - 2014-08-14 18:10 - 00000000 ____D () C:\Program Files\PDFCreator
2014-08-14 18:08 - 2014-08-14 18:08 - 00000000 ____D () C:\ProgramData\PDF Architect 2
2014-08-14 18:08 - 2014-08-14 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-08-14 18:08 - 2014-04-25 17:44 - 00662288 _____ (Microsoft Corporation) C:\windows\system32\MSCOMCT2.OCX
2014-08-14 18:08 - 2014-04-25 17:44 - 00137000 _____ (Microsoft Corporation) C:\windows\system32\MSMAPI32.OCX
2014-08-14 18:08 - 2014-04-25 17:44 - 00095416 _____ (pdfforge GmbH) C:\windows\system32\pdfcmon.dll
2014-08-14 18:08 - 2014-04-25 17:44 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\MSMPIDE.DLL
2014-08-14 18:08 - 1998-07-06 18:56 - 00125712 _____ (Microsoft Corporation) C:\windows\system32\VB6DE.DLL
2014-08-14 18:08 - 1998-07-06 18:55 - 00158208 _____ (Microsoft Corporation) C:\windows\system32\MSCMCDE.DLL
2014-08-14 18:08 - 1998-07-06 18:55 - 00064512 _____ (Microsoft Corporation) C:\windows\system32\MSCC2DE.DLL
2014-08-13 17:06 - 2014-08-13 17:06 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Brother
2014-08-11 18:49 - 2014-08-11 18:52 - 00000000 ____D () C:\Users\user\Documents\Gramps
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-10 17:17 - 2014-09-07 12:58 - 00000000 ____D () C:\FRST
2014-09-10 17:17 - 2014-09-02 19:27 - 00000000 ____D () C:\Users\user\Desktop\Trojanercheck
2014-09-10 17:16 - 2009-09-22 07:48 - 00750666 _____ () C:\windows\PFRO.log
2014-09-10 17:16 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-10 17:16 - 2009-07-14 06:39 - 00061855 _____ () C:\windows\setupact.log
2014-09-10 17:15 - 2009-09-22 07:23 - 01259023 _____ () C:\windows\WindowsUpdate.log
2014-09-10 17:15 - 2009-07-14 06:34 - 00020400 _____ () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-10 17:15 - 2009-07-14 06:34 - 00020400 _____ () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-10 16:19 - 2014-07-09 19:05 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-09-10 15:40 - 2009-07-26 22:06 - 01759924 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-08 17:14 - 2014-09-08 17:14 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-08 17:14 - 2014-08-15 10:16 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-08 17:14 - 2014-01-05 15:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-08 17:14 - 2014-01-05 15:07 - 00000000 ____D () C:\Program Files\Avira
2014-09-07 14:29 - 2014-09-07 14:27 - 00005639 _____ () C:\Users\user\Desktop\Rote Grütze.txt
2014-09-06 08:42 - 2014-09-06 08:42 - 00000689 _____ () C:\Users\user\Desktop\updatefix.bat
2014-09-05 13:50 - 2014-09-05 13:48 - 00000000 ____D () C:\windows\SoftwareDistribution.old
2014-09-05 13:48 - 2009-12-05 20:11 - 00109280 _____ () C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-05 13:44 - 2009-07-14 06:33 - 00412776 _____ () C:\windows\system32\FNTCACHE.DAT
2014-09-05 12:55 - 2014-09-05 12:55 - 00000207 _____ () C:\windows\tweaking.com-regbackup-USER-PC-Microsoft-Windows-7-Home-Premium-(32-bit).dat
2014-09-05 12:55 - 2014-09-05 12:55 - 00000000 ____D () C:\RegBackup
2014-09-05 12:20 - 2014-09-05 12:20 - 07489465 _____ () C:\Users\user\Downloads\tweaking.com_windows_repair_aio[1].zip
2014-09-05 09:05 - 2014-09-05 09:04 - 231030439 _____ () C:\Users\user\Downloads\Windows6.1-KB947821-v33-x86 (2).msu
2014-09-05 03:42 - 2014-09-10 15:45 - 00444416 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-09-05 03:38 - 2014-09-10 15:45 - 00303104 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-09-04 21:30 - 2014-09-04 21:29 - 00000720 _____ () C:\DelFix.txt
2014-09-04 21:29 - 2014-09-03 11:43 - 00000000 ____D () C:\windows\ERUNT
2014-09-04 21:28 - 2014-09-04 21:28 - 00000000 _____ () C:\Users\user\Desktop\Neues Textdokument.txt
2014-09-04 20:58 - 2014-09-04 20:55 - 563934504 _____ (Microsoft Corporation) C:\Users\user\Downloads\windows6.1-KB976932-X86.exe
2014-09-04 20:23 - 2014-09-04 20:21 - 231030439 _____ () C:\Users\user\Downloads\Windows6.1-KB947821-v33-x86 (1).msu
2014-09-04 20:17 - 2014-09-04 20:17 - 00002278 _____ () C:\Users\user\AppData\Local\recently-used.xbel
2014-09-04 19:28 - 2014-09-04 19:28 - 00000000 ____D () C:\windows\system32\EventProviders
2014-09-04 17:57 - 2014-09-04 17:57 - 00000000 ____D () C:\windows\CheckSur
2014-09-04 17:54 - 2014-09-04 17:53 - 231030439 _____ () C:\Users\user\Downloads\Windows6.1-KB947821-v33-x86.msu
2014-09-03 17:12 - 2014-09-03 17:12 - 00000000 ____D () C:\Program Files\ESET
2014-09-03 12:05 - 2009-07-14 06:52 - 00000000 ____D () C:\windows\twain_32
2014-09-03 11:49 - 2014-09-03 11:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-02 17:16 - 2014-01-14 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Purplehills
2014-09-02 16:15 - 2014-09-02 16:15 - 00000000 ____D () C:\windows\pss
2014-09-02 13:41 - 2014-09-02 13:41 - 00000000 ____D () C:\windows\PIF
2014-09-01 12:36 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\NDF
2014-08-29 19:46 - 2014-01-14 10:56 - 00000000 ____D () C:\Users\user\Documents\2014
2014-08-26 19:41 - 2014-08-26 19:41 - 00000000 ____D () C:\ProgramData\Arcade Lab
2014-08-23 16:14 - 2014-02-04 21:59 - 00000000 ____D () C:\Users\user\Documents\gothic3
2014-08-15 11:13 - 2014-06-25 20:55 - 00000000 ____D () C:\windows\system32\MRT
2014-08-15 11:11 - 2014-06-25 20:55 - 96303304 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-08-15 10:16 - 2014-01-05 15:07 - 00000000 ____D () C:\ProgramData\Avira
2014-08-14 18:10 - 2014-08-14 18:08 - 00000000 ____D () C:\Program Files\PDFCreator
2014-08-14 18:09 - 2014-08-14 18:09 - 00000000 ____D () C:\Users\user\Documents\PDF Architect 2
2014-08-14 18:09 - 2014-08-14 18:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2
2014-08-14 18:09 - 2014-08-14 18:09 - 00000000 ____D () C:\Program Files\PDF Architect 2
2014-08-14 18:08 - 2014-08-14 18:08 - 00000000 ____D () C:\ProgramData\PDF Architect 2
2014-08-14 18:08 - 2014-08-14 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-08-13 17:07 - 2014-01-21 09:23 - 00000432 _____ () C:\windows\BRWMARK.INI
2014-08-13 17:06 - 2014-08-13 17:06 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Brother
2014-08-11 22:34 - 2014-06-25 22:15 - 00000000 ____D () C:\Users\user\Desktop\Gramps
2014-08-11 18:52 - 2014-08-11 18:49 - 00000000 ____D () C:\Users\user\Documents\Gramps
Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-06 09:38
==================== End Of Log ============================
--- --- --- --- --- --- Nach dem Fix gab es einen Neustart Dieses FRST Logfile unter 2) setzt er da irgendwie automatisch hin... gehe ich auf editieren fügt er noch einen beim speichern hinzu... merkwürdig... |
|
12.09.2014, 08:42
| #7 |
| | Bundeskriminalamt Trojaner Hi, das Game Pack Shortcut war schon von Anfang an auf dem Laptop. Dachte ich zumindest ... Hier das Log Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-09-2014
Ran by user at 2014-09-12 09:41:14 Run:4
Running from C:\Users\user\Desktop\Trojanercheck
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
file: C:\Users\Public\Desktop\Game Pack.lnk
*****************
========================= file: C:\Users\Public\Desktop\Game Pack.lnk ========================
MD5: 989F6FAA3DE31A1218D428F96B457AC7
Creation and modification date: 2009-12-05 20:07 - 2009-12-05 20:07
Size: 0002121
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product Name:
Description:
File Version:
Product Version:
Copyright:
====== End Of File: ======
==== End of Fixlog ====
|
|
12.09.2014, 11:15
| #8 |
| /// TB-Ausbilder | Bundeskriminalamt Trojaner Ok, die Datei scheint ne Falschmeldung zu sein. Wir hatten ja noch das Problem der SP1 Installation, richtig ? Hast du schon versucht, das Update herunterzuladen und manuell zu installieren ? Download Windows 7 und Windows Server 2008 R2 Service Pack 1 (KB976932) from Official Microsoft Download Center Falls nein, mal testen und berichten, was passiert.
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
|
12.09.2014, 11:57
| #9 |
| | Bundeskriminalamt Trojaner ja hatte ich schon. Da kam diese Assembly Fehlermeldung, ich starte es noch einmal neu... hab die Datei windwos6.1-KB976932-X86.exe gespeichert. Er startet auch "Computer wird vorbereitet".... (12:34 Uhr) Klick auf "Installieren" mit Häkchen für den Computer Neustart (12:35 Uhr) der grüne Balken schreitet voran bis ca. zur Hälfte da bleibt er stehen bis zum Abbruch (12:56 Uhr) "Installation war nich terfolgreich die referenziert Assembly konnte nicht gefunden werden." Details: "Fehler: ERROR_SXS_ASSEMBL_MISSING(0x80073701) |
|
12.09.2014, 13:53
| #10 |
| | Bundeskriminalamt Trojaner sieht schlecht aus. Da scheint zuviel drin zu sein. Ich splitte das mal.... 11.09.2014 - Teil 1: Code:
ATTFilter 2014-09-11 00:18:52, Info CBS Starting TrustedInstaller initialization.
2014-09-11 00:18:52, Info CBS Loaded Servicing Stack v6.1.7601.17592 with Core: C:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\cbscore.dll
2014-09-11 00:18:53, Info CSI 00000001@2014/9/10:22:18:53.969 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x583ade79 @0x6a685d7d @0x6a66205a @0xfa1c99 @0xfa1236 @0x77aa75a8)
2014-09-11 00:18:53, Info CSI 00000002@2014/9/10:22:18:53.969 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x583ade79 @0x6a6c7183 @0x6a6c4013 @0xfa1c99 @0xfa1236 @0x77aa75a8)
2014-09-11 00:18:53, Info CSI 00000003@2014/9/10:22:18:53.969 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x583ade79 @0x712c4bc8 @0x712c54a6 @0xfa1327 @0xfa1245 @0x77aa75a8)
2014-09-11 00:18:53, Info CBS Ending TrustedInstaller initialization.
2014-09-11 00:18:53, Info CBS Starting the TrustedInstaller main loop.
2014-09-11 00:18:53, Info CBS TrustedInstaller service starts successfully.
2014-09-11 00:18:53, Info CBS SQM: Initializing online with Windows opt-in: False
2014-09-11 00:18:53, Info CBS SQM: Cleaning up report files older than 10 days.
2014-09-11 00:18:53, Info CBS SQM: Requesting upload of all unsent reports.
2014-09-11 00:18:53, Info CBS SQM: Failed to start upload with file pattern: C:\windows\servicing\sqm\*_std.sqm, flags: 0x2 [HRESULT = 0x80004005 - E_FAIL]
2014-09-11 00:18:53, Info CBS SQM: Failed to start standard sample upload. [HRESULT = 0x80004005 - E_FAIL]
2014-09-11 00:18:53, Info CBS SQM: Failed to start upload with file pattern: C:\windows\servicing\sqm\*_all.sqm, flags: 0x6 [HRESULT = 0x80004005 - E_FAIL]
2014-09-11 00:18:53, Info CBS SQM: Failed to start always sample upload. [HRESULT = 0x80004005 - E_FAIL]
2014-09-11 00:18:53, Info CBS SQM: Warning: Failed to upload all unsent reports. [HRESULT = 0x80004005 - E_FAIL]
2014-09-11 00:18:53, Info CBS No startup processing required, TrustedInstaller service was not set as autostart, or else a reboot is still pending.
2014-09-11 00:18:53, Info CBS NonStart: Checking to ensure startup processing was not required.
2014-09-11 00:18:53, Info CSI 00000004 IAdvancedInstallerAwareStore_ResolvePendingTransactions (call 1) (flags = 00000004, progress = NULL, phase = 0, pdwDisposition = @0xd0f9e0
2014-09-11 00:18:53, Info CSI 00000005 Creating NT transaction (seq 1), objectname [6]"(null)"
2014-09-11 00:18:53, Info CSI 00000006 Created NT transaction (seq 1) result 0x00000000, handle @0x1d8
2014-09-11 00:18:53, Info CSI 00000007@2014/9/10:22:18:53.984 CSI perf trace:
CSIPERF:TXCOMMIT;710
2014-09-11 00:18:53, Info CBS NonStart: Success, startup processing not required as expected.
2014-09-11 00:18:53, Info CBS Startup processing thread terminated normally
2014-09-11 00:18:54, Info CBS Loading offline registry hive: SOFTWARE, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy3/windows/System32/config/SOFTWARE' from path '\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy3\windows\System32\config\SOFTWARE'.
2014-09-11 00:18:54, Info CBS Loading offline registry hive: SYSTEM, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy3/windows/System32/config/SYSTEM' from path '\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy3\windows\System32\config\SYSTEM'.
2014-09-11 00:18:54, Info CBS Loading offline registry hive: SECURITY, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy3/windows/System32/config/SECURITY' from path '\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy3\windows\System32\config\SECURITY'.
2014-09-11 00:18:54, Info CBS Loading offline registry hive: SAM, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy3/windows/System32/config/SAM' from path '\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy3\windows\System32\config\SAM'.
2014-09-11 00:18:54, Info CBS Loading offline registry hive: COMPONENTS, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy3/windows/System32/config/COMPONENTS' from path '\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy3\windows\System32\config\COMPONENTS'.
2014-09-11 00:18:54, Info CBS Loading offline registry hive: DEFAULT, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy3/windows/System32/config/DEFAULT' from path '\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy3\windows\System32\config\DEFAULT'.
2014-09-11 00:18:54, Info CBS Loading offline registry hive: ntuser.dat, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy3/Users/default/ntuser.dat' from path '\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy3\Users\default\ntuser.dat'.
2014-09-11 00:18:54, Info CBS Loading offline registry hive: schema.dat, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy3/windows/system32/smi/store/Machine/schema.dat' from path '\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy3\windows\system32\smi\store\Machine\schema.dat'.
2014-09-11 00:18:54, Info CBS Offline image is: read-only
2014-09-11 00:18:54, Info CBS Disabling manifest caching, because the image is not writeable.
2014-09-11 00:18:54, Info CSI 00000008 CSI Store 2694480 (0x00291d50) initialized
2014-09-11 00:18:54, Info CBS Session: 4852_17984824 initialized by client SPP.
2014-09-11 00:19:03, Info CBS Archived backup log: C:\windows\Logs\CBS\CbsPersist_20140910221852.cab.
2014-09-11 00:19:25, Info CBS Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy3/windows/System32/config/SOFTWARE
2014-09-11 00:19:25, Info CBS Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy3/windows/System32/config/SYSTEM
2014-09-11 00:19:25, Info CBS Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy3/windows/System32/config/SECURITY
2014-09-11 00:19:25, Info CBS Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy3/windows/System32/config/SAM
2014-09-11 00:19:25, Info CBS Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy3/windows/System32/config/COMPONENTS
2014-09-11 00:19:25, Info CBS Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy3/windows/System32/config/DEFAULT
2014-09-11 00:19:25, Info CBS Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy3/Users/default/ntuser.dat
2014-09-11 00:19:25, Info CBS Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy3/windows/system32/smi/store/Machine/schema.dat
2014-09-11 00:29:26, Info CBS Reboot mark refs incremented to: 1
2014-09-11 00:29:26, Info CBS Scavenge: Starts
2014-09-11 00:29:26, Info CSI 00000009 CSI Store 2221488 (0x0021e5b0) initialized
2014-09-11 00:29:26, Info CSI 0000000a@2014/9/10:22:29:26.316 CSI Transaction @0x220828 initialized for deployment engine {d16d444c-56d8-11d5-882d-0080c847b195} with flags 00000002 and client id [10]"TI6.0_0:0/"
2014-09-11 00:29:26, Info CBS Scavenge: Begin CSI Store
2014-09-11 00:29:26, Info CSI 0000000b Performing 1 operations; 1 are not lock/unlock and follow:
Scavenge (8): flags: 00000017
2014-09-11 00:29:26, Info CSI 0000000c Store coherency cookie matches last scavenge cookie, skipping scavenge.
2014-09-11 00:29:26, Info CSI 0000000d ICSITransaction::Commit calling IStorePendingTransaction::Apply - coldpatching=FALSE applyflags=7
2014-09-11 00:29:26, Info CSI 0000000e Creating NT transaction (seq 2), objectname [6]"(null)"
2014-09-11 00:29:26, Info CSI 0000000f Created NT transaction (seq 2) result 0x00000000, handle @0x214
2014-09-11 00:29:26, Info CSI 00000010@2014/9/10:22:29:26.612 CSI perf trace:
CSIPERF:TXCOMMIT;21987
2014-09-11 00:29:26, Info CBS Scavenge: Completed, disposition: 0X1
2014-09-11 00:29:26, Info CSI 00000011@2014/9/10:22:29:26.612 CSI Transaction @0x220828 destroyed
2014-09-11 00:29:26, Info CBS Reboot mark refs: 0
2014-09-11 00:29:26, Info CBS Idle processing thread terminated normally
2014-09-11 00:29:26, Info CBS Ending the TrustedInstaller main loop.
2014-09-11 00:29:26, Info CBS Starting TrustedInstaller finalization.
2014-09-11 00:29:26, Info CBS Ending TrustedInstaller finalization.
2014-09-11 00:40:21, Info CBS Starting TrustedInstaller initialization.
2014-09-11 00:40:21, Info CBS Loaded Servicing Stack v6.1.7601.17592 with Core: C:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\cbscore.dll
2014-09-11 00:40:22, Info CSI 00000001@2014/9/10:22:40:22.531 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x5724de79 @0x6a685d7d @0x6a66205a @0xa31c99 @0xa31236 @0x77aa75a8)
2014-09-11 00:40:22, Info CSI 00000002@2014/9/10:22:40:22.547 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x5724de79 @0x6a6c7183 @0x6a6c4013 @0xa31c99 @0xa31236 @0x77aa75a8)
2014-09-11 00:40:22, Info CSI 00000003@2014/9/10:22:40:22.547 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x5724de79 @0x6f5e4bc8 @0x6f5e54a6 @0xa31327 @0xa31245 @0x77aa75a8)
2014-09-11 00:40:22, Info CBS Ending TrustedInstaller initialization.
2014-09-11 00:40:22, Info CBS Starting the TrustedInstaller main loop.
2014-09-11 00:40:22, Info CBS TrustedInstaller service starts successfully.
2014-09-11 00:40:22, Info CBS SQM: Initializing online with Windows opt-in: False
2014-09-11 00:40:22, Info CBS SQM: Cleaning up report files older than 10 days.
2014-09-11 00:40:22, Info CBS SQM: Requesting upload of all unsent reports.
2014-09-11 00:40:22, Info CBS SQM: Failed to start upload with file pattern: C:\windows\servicing\sqm\*_std.sqm, flags: 0x2 [HRESULT = 0x80004005 - E_FAIL]
2014-09-11 00:40:22, Info CBS SQM: Failed to start standard sample upload. [HRESULT = 0x80004005 - E_FAIL]
2014-09-11 00:40:22, Info CBS SQM: Failed to start upload with file pattern: C:\windows\servicing\sqm\*_all.sqm, flags: 0x6 [HRESULT = 0x80004005 - E_FAIL]
2014-09-11 00:40:22, Info CBS SQM: Failed to start always sample upload. [HRESULT = 0x80004005 - E_FAIL]
2014-09-11 00:40:22, Info CBS SQM: Warning: Failed to upload all unsent reports. [HRESULT = 0x80004005 - E_FAIL]
2014-09-11 00:40:22, Info CBS No startup processing required, TrustedInstaller service was not set as autostart, or else a reboot is still pending.
2014-09-11 00:40:22, Info CBS NonStart: Checking to ensure startup processing was not required.
2014-09-11 00:40:22, Info CSI 00000004 IAdvancedInstallerAwareStore_ResolvePendingTransactions (call 1) (flags = 00000004, progress = NULL, phase = 0, pdwDisposition = @0xa2fa74
2014-09-11 00:40:22, Info CSI 00000005 Creating NT transaction (seq 1), objectname [6]"(null)"
2014-09-11 00:40:22, Info CSI 00000006 Created NT transaction (seq 1) result 0x00000000, handle @0x1c0
2014-09-11 00:40:22, Info CSI 00000007@2014/9/10:22:40:22.562 CSI perf trace:
CSIPERF:TXCOMMIT;936
2014-09-11 00:40:22, Info CBS NonStart: Success, startup processing not required as expected.
2014-09-11 00:40:22, Info CBS Startup processing thread terminated normally
2014-09-11 00:40:22, Info CSI 00000008 CSI Store 2352528 (0x0023e590) initialized
2014-09-11 00:40:22, Info CBS Session: 30395720_887565687 initialized by client WinMgmt.
2014-09-11 00:40:36, Info CBS Session: 30395720_887565687 finalized. Reboot required: no [HRESULT = 0x00000000 - S_OK]
2014-09-11 00:50:36, Info CBS Reboot mark refs incremented to: 1
2014-09-11 00:50:36, Info CBS Scavenge: Starts
2014-09-11 00:50:36, Info CSI 00000009@2014/9/10:22:50:36.735 CSI Transaction @0x2a30768 initialized for deployment engine {d16d444c-56d8-11d5-882d-0080c847b195} with flags 00000002 and client id [10]"TI6.0_0:0/"
2014-09-11 00:50:36, Info CBS Scavenge: Begin CSI Store
2014-09-11 00:50:36, Info CSI 0000000a Performing 1 operations; 1 are not lock/unlock and follow:
Scavenge (8): flags: 00000017
2014-09-11 00:50:36, Info CSI 0000000b Store coherency cookie matches last scavenge cookie, skipping scavenge.
2014-09-11 00:50:36, Info CSI 0000000c ICSITransaction::Commit calling IStorePendingTransaction::Apply - coldpatching=FALSE applyflags=7
2014-09-11 00:50:36, Info CSI 0000000d Creating NT transaction (seq 2), objectname [6]"(null)"
2014-09-11 00:50:36, Info CSI 0000000e Created NT transaction (seq 2) result 0x00000000, handle @0x1fc
2014-09-11 00:50:36, Info CSI 0000000f@2014/9/10:22:50:36.969 CSI perf trace:
CSIPERF:TXCOMMIT;24251
2014-09-11 00:50:36, Info CBS Scavenge: Completed, disposition: 0X1
2014-09-11 00:50:36, Info CSI 00000010@2014/9/10:22:50:36.985 CSI Transaction @0x2a30768 destroyed
2014-09-11 00:50:37, Info CBS Reboot mark refs: 0
2014-09-11 00:50:37, Info CBS Idle processing thread terminated normally
2014-09-11 00:50:37, Info CBS Ending the TrustedInstaller main loop.
2014-09-11 00:50:37, Info CBS Starting TrustedInstaller finalization.
2014-09-11 00:50:37, Info CBS Ending TrustedInstaller finalization.
2014-09-11 06:50:09, Info CBS Starting TrustedInstaller initialization.
2014-09-11 06:50:09, Info CBS Loaded Servicing Stack v6.1.7601.17592 with Core: C:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\cbscore.dll
2014-09-11 06:50:10, Info CSI 00000001@2014/9/11:04:50:10.351 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x7313de79 @0x73325d7d @0x7330205a @0xae1c99 @0xae1236 @0x77aa75a8)
2014-09-11 06:50:10, Info CSI 00000002@2014/9/11:04:50:10.366 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x7313de79 @0x73367183 @0x73364013 @0xae1c99 @0xae1236 @0x77aa75a8)
2014-09-11 06:50:10, Info CSI 00000003@2014/9/11:04:50:10.366 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x7313de79 @0x73734bc8 @0x737354a6 @0xae1327 @0xae1245 @0x77aa75a8)
2014-09-11 06:50:10, Info CBS Ending TrustedInstaller initialization.
2014-09-11 06:50:10, Info CBS Starting the TrustedInstaller main loop.
2014-09-11 06:50:10, Info CBS TrustedInstaller service starts successfully.
2014-09-11 06:50:10, Info CBS SQM: Initializing online with Windows opt-in: False
2014-09-11 06:50:10, Info CBS SQM: Cleaning up report files older than 10 days.
2014-09-11 06:50:10, Info CBS SQM: Requesting upload of all unsent reports.
2014-09-11 06:50:10, Info CBS SQM: Failed to start upload with file pattern: C:\windows\servicing\sqm\*_std.sqm, flags: 0x2 [HRESULT = 0x80004005 - E_FAIL]
2014-09-11 06:50:10, Info CBS SQM: Failed to start standard sample upload. [HRESULT = 0x80004005 - E_FAIL]
2014-09-11 06:50:10, Info CBS SQM: Queued 0 file(s) for upload with pattern: C:\windows\servicing\sqm\*_all.sqm, flags: 0x6
2014-09-11 06:50:10, Info CBS SQM: Warning: Failed to upload all unsent reports. [HRESULT = 0x80004005 - E_FAIL]
2014-09-11 06:50:10, Info CBS No startup processing required, TrustedInstaller service was not set as autostart, or else a reboot is still pending.
2014-09-11 06:50:10, Info CBS NonStart: Checking to ensure startup processing was not required.
2014-09-11 06:50:10, Info CSI 00000004 IAdvancedInstallerAwareStore_ResolvePendingTransactions (call 1) (flags = 00000004, progress = NULL, phase = 0, pdwDisposition = @0xdbf9ec
2014-09-11 06:50:10, Info CSI 00000005 Creating NT transaction (seq 1), objectname [6]"(null)"
2014-09-11 06:50:10, Info CSI 00000006 Created NT transaction (seq 1) result 0x00000000, handle @0x1c0
2014-09-11 06:50:10, Info CSI 00000007@2014/9/11:04:50:10.398 CSI perf trace:
CSIPERF:TXCOMMIT;690
2014-09-11 06:50:10, Info CBS NonStart: Success, startup processing not required as expected.
2014-09-11 06:50:10, Info CBS Startup processing thread terminated normally
2014-09-11 06:50:10, Info CSI 00000008 CSI Store 1762672 (0x001ae570) initialized
2014-09-11 06:50:10, Info CBS Session: 30395771_3722431991 initialized by client WindowsUpdateAgent.
2014-09-11 06:50:11, Info CBS Trusted Installer signaled for shutdown, going to exit.
2014-09-11 06:50:11, Info CBS Ending the TrustedInstaller main loop.
2014-09-11 06:50:11, Info CBS Starting TrustedInstaller finalization.
2014-09-11 06:50:12, Info CBS Ending TrustedInstaller finalization.
2014-09-11 17:14:04, Info CBS Starting TrustedInstaller initialization.
2014-09-11 17:14:04, Info CBS Loaded Servicing Stack v6.1.7601.17592 with Core: C:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\cbscore.dll
2014-09-11 17:14:05, Info CSI 00000001@2014/9/11:15:14:05.469 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x5958de79 @0x59775d7d @0x5975205a @0xd81c99 @0xd81236 @0x76c975a8)
2014-09-11 17:14:05, Info CSI 00000002@2014/9/11:15:14:05.484 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x5958de79 @0x597b7183 @0x597b4013 @0xd81c99 @0xd81236 @0x76c975a8)
2014-09-11 17:14:05, Info CSI 00000003@2014/9/11:15:14:05.484 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x5958de79 @0x6c014bc8 @0x6c0154a6 @0xd81327 @0xd81245 @0x76c975a8)
2014-09-11 17:14:05, Info CBS Ending TrustedInstaller initialization.
2014-09-11 17:14:05, Info CBS Starting the TrustedInstaller main loop.
2014-09-11 17:14:05, Info CBS TrustedInstaller service starts successfully.
2014-09-11 17:14:05, Info CBS SQM: Initializing online with Windows opt-in: False
2014-09-11 17:14:05, Info CBS SQM: Cleaning up report files older than 10 days.
2014-09-11 17:14:05, Info CBS SQM: Requesting upload of all unsent reports.
2014-09-11 17:14:05, Info CBS SQM: Failed to start upload with file pattern: C:\windows\servicing\sqm\*_std.sqm, flags: 0x2 [HRESULT = 0x80004005 - E_FAIL]
2014-09-11 17:14:05, Info CBS SQM: Failed to start standard sample upload. [HRESULT = 0x80004005 - E_FAIL]
2014-09-11 17:14:05, Info CBS SQM: Queued 0 file(s) for upload with pattern: C:\windows\servicing\sqm\*_all.sqm, flags: 0x6
2014-09-11 17:14:05, Info CBS SQM: Warning: Failed to upload all unsent reports. [HRESULT = 0x80004005 - E_FAIL]
2014-09-11 17:14:05, Info CBS No startup processing required, TrustedInstaller service was not set as autostart, or else a reboot is still pending.
2014-09-11 17:14:05, Info CBS NonStart: Checking to ensure startup processing was not required.
2014-09-11 17:14:05, Info CSI 00000004 IAdvancedInstallerAwareStore_ResolvePendingTransactions (call 1) (flags = 00000004, progress = NULL, phase = 0, pdwDisposition = @0x150fbb4
2014-09-11 17:14:05, Info CSI 00000005 Creating NT transaction (seq 1), objectname [6]"(null)"
2014-09-11 17:14:05, Info CSI 00000006 Created NT transaction (seq 1) result 0x00000000, handle @0x1c0
2014-09-11 17:14:05, Info CSI 00000007@2014/9/11:15:14:05.609 CSI perf trace:
CSIPERF:TXCOMMIT;660
2014-09-11 17:14:05, Info CBS NonStart: Success, startup processing not required as expected.
2014-09-11 17:14:05, Info CBS Startup processing thread terminated normally
2014-09-11 17:14:05, Info CSI 00000008 CSI Store 4515184 (0x0044e570) initialized
2014-09-11 17:14:05, Info CBS Session: 30395859_117581771 initialized by client WindowsUpdateAgent.
2014-09-11 17:14:05, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~x86~~7.6.7600.256, Parent: Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.0.6000.16386, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:05, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~x86~~7.6.7600.256, parent found: Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7600.16385, state: Installed
2014-09-11 17:14:05, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~x86~~7.6.7600.256, disposition state from detectParent: Installed
2014-09-11 17:14:05, Info CBS Appl: Evaluating package applicability for package WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~x86~~7.6.7600.256, applicable state: Installed
2014-09-11 17:14:05, Info CSI 00000009@2014/9/11:15:14:05.672 CSI Transaction @0x49fbf8 initialized for deployment engine {d16d444c-56d8-11d5-882d-0080c847b195} with flags 00000002 and client id [25]"TI5.30395859_117581771:1/"
2014-09-11 17:14:05, Info CSI 0000000a@2014/9/11:15:14:05.796 CSI Transaction @0x49fbf8 destroyed
2014-09-11 17:14:05, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_0.0.0.0_none_62d84d22ab3b4066 (7.6.7600.256), elevation:32, lower version revision holder: 7.3.7600.16385
2014-09-11 17:14:05, Info CBS Applicability(ComponentAnalyzerEvaluateSelfUpdate): Component: x86_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.6.7600.256_none_09f272fb52ab0c3f, elevate: 32, applicable(true/false): 1
2014-09-11 17:14:05, Info CBS Appl: SelfUpdate detect, component: x86_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.6.7600.256_none_09f272fb52ab0c3f, elevation: 32, applicable: 1
2014-09-11 17:14:05, Info CBS Appl: Evaluating applicability block(non detectUpdate part), disposition is: Staged, applicability: Applicable, result applicability state: Installed
2014-09-11 17:14:05, Info CBS Appl: Package: WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~x86~~7.6.7600.256, Update: ActiveX, Applicable: Applicable, Disposition: Installed
2014-09-11 17:14:05, Info CBS External EvaluateApplicability, package: WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~x86~~7.6.7600.256, package applicable State: Installed, highest update applicable state: Installed, resulting applicable state:Installed
2014-09-11 17:14:05, Info CBS Session: 30395859_119765775 initialized by client WindowsUpdateAgent.
2014-09-11 17:14:05, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.6.7600.256, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~en-US~6.0.6000.16386, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:05, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.6.7600.256, parent found: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~en-US~6.1.7600.16385, state: Installed
2014-09-11 17:14:05, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.6.7600.256, disposition state from detectParent: Installed
2014-09-11 17:14:05, Info CBS Appl: Evaluating package applicability for package WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.6.7600.256, applicable state: Installed
2014-09-11 17:14:05, Info CBS Appl: Evaluating package applicability for package WUClient-SelfUpdate-Aux~31bf3856ad364e35~x86~~7.6.7600.256, applicable state: Installed
2014-09-11 17:14:05, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Aux-AuxComp~31bf3856ad364e35~x86~~7.6.7600.256, Parent: Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.0.6000.16386, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:05, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Aux-AuxComp~31bf3856ad364e35~x86~~7.6.7600.256, parent found: Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7600.16385, state: Installed
2014-09-11 17:14:05, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Aux-AuxComp~31bf3856ad364e35~x86~~7.6.7600.256, disposition state from detectParent: Installed
2014-09-11 17:14:05, Info CBS Appl: Evaluating package applicability for package WUClient-SelfUpdate-Aux-AuxComp~31bf3856ad364e35~x86~~7.6.7600.256, applicable state: Installed
2014-09-11 17:14:05, Info CSI 0000000b@2014/9/11:15:14:05.999 CSI Transaction @0x4c1008 initialized for deployment engine {d16d444c-56d8-11d5-882d-0080c847b195} with flags 00000002 and client id [25]"TI5.30395859_119765775:1/"
2014-09-11 17:14:05, Info CSI 0000000c@2014/9/11:15:14:05.999 CSI Transaction @0x4c1008 destroyed
2014-09-11 17:14:05, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_0.0.0.0_none_b8cd8ce205840e6a (7.6.7600.256), elevation:32, lower version revision holder: 7.3.7600.16385
2014-09-11 17:14:05, Info CBS Applicability(ComponentAnalyzerEvaluateSelfUpdate): Component: x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.6.7600.256_none_5fe7b2baacf3da43, elevate: 32, applicable(true/false): 1
2014-09-11 17:14:05, Info CBS Appl: SelfUpdate detect, component: x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.6.7600.256_none_5fe7b2baacf3da43, elevation: 32, applicable: 1
2014-09-11 17:14:05, Info CBS Appl: Evaluating applicability block(non detectUpdate part), disposition is: Staged, applicability: Applicable, result applicability state: Installed
2014-09-11 17:14:05, Info CBS Appl: Package: WUClient-SelfUpdate-Aux-AuxComp~31bf3856ad364e35~x86~~7.6.7600.256, Update: Aux, Applicable: Applicable, Disposition: Installed
2014-09-11 17:14:05, Info CBS External EvaluateApplicability, package: WUClient-SelfUpdate-Aux-AuxComp~31bf3856ad364e35~x86~~7.6.7600.256, package applicable State: Installed, highest update applicable state: Installed, resulting applicable state:Installed
2014-09-11 17:14:05, Info CBS External EvaluateApplicability, package: WUClient-SelfUpdate-Aux~31bf3856ad364e35~x86~~7.6.7600.256, package applicable State: Installed, highest update applicable state: Installed, resulting applicable state:Installed
2014-09-11 17:14:05, Info CBS External EvaluateApplicability, package: WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.6.7600.256, package applicable State: Installed, highest update applicable state: Installed, resulting applicable state:Installed
2014-09-11 17:14:05, Info CBS Session: 30395859_121169778 initialized by client WindowsUpdateAgent.
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~x86~~7.6.7600.256, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~en-US~6.0.6000.16386, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~x86~~7.6.7600.256, parent found: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~en-US~6.1.7600.16385, state: Installed
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~x86~~7.6.7600.256, disposition state from detectParent: Installed
2014-09-11 17:14:06, Info CBS Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~x86~~7.6.7600.256, applicable state: Installed
2014-09-11 17:14:06, Info CBS Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core~31bf3856ad364e35~x86~~7.6.7600.256, applicable state: Installed
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, Parent: Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.0.6000.16386, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, parent found: Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7600.16385, state: Installed
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, disposition state from detectParent: Installed
2014-09-11 17:14:06, Info CBS Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, applicable state: Installed
2014-09-11 17:14:06, Info CSI 0000000d@2014/9/11:15:14:06.140 CSI Transaction @0x4bcee8 initialized for deployment engine {d16d444c-56d8-11d5-882d-0080c847b195} with flags 00000002 and client id [25]"TI5.30395859_121169778:1/"
2014-09-11 17:14:06, Info CSI 0000000e@2014/9/11:15:14:06.140 CSI Transaction @0x4bcee8 destroyed
2014-09-11 17:14:06, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_0.0.0.0_none_d2bc5295f1c3b567 (7.6.7600.256), elevation:32, lower version revision holder: 7.3.7600.16385
2014-09-11 17:14:06, Info CBS Applicability(ComponentAnalyzerEvaluateSelfUpdate): Component: x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7600.256_none_79d6786e99338140, elevate: 32, applicable(true/false): 1
2014-09-11 17:14:06, Info CBS Appl: SelfUpdate detect, component: x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7600.256_none_79d6786e99338140, elevation: 32, applicable: 1
2014-09-11 17:14:06, Info CBS Appl: Evaluating applicability block(non detectUpdate part), disposition is: Staged, applicability: Applicable, result applicability state: Installed
2014-09-11 17:14:06, Info CBS Appl: Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, Update: Core, Applicable: Applicable, Disposition: Installed
2014-09-11 17:14:06, Info CBS External EvaluateApplicability, package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, package applicable State: Installed, highest update applicable state: Installed, resulting applicable state:Installed
2014-09-11 17:14:06, Info CBS External EvaluateApplicability, package: WUClient-SelfUpdate-Core~31bf3856ad364e35~x86~~7.6.7600.256, package applicable State: Installed, highest update applicable state: Installed, resulting applicable state:Installed
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, Parent: Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.0.6000.16386, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, parent found: Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7600.16385, state: Installed
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, disposition state from detectParent: Installed
2014-09-11 17:14:06, Info CBS Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, applicable state: Installed
2014-09-11 17:14:06, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_0.0.0.0_none_d2bc5295f1c3b567 (7.6.7600.256), elevation:32, lower version revision holder: 7.3.7600.16385
2014-09-11 17:14:06, Info CBS Applicability(ComponentAnalyzerEvaluateSelfUpdate): Component: x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7600.256_none_79d6786e99338140, elevate: 32, applicable(true/false): 1
2014-09-11 17:14:06, Info CBS Appl: SelfUpdate detect, component: x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7600.256_none_79d6786e99338140, elevation: 32, applicable: 1
2014-09-11 17:14:06, Info CBS Appl: Evaluating applicability block(non detectUpdate part), disposition is: Staged, applicability: Applicable, result applicability state: Installed
2014-09-11 17:14:06, Info CBS Appl: Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, Update: Core, Applicable: Applicable, Disposition: Installed
2014-09-11 17:14:06, Info CBS External EvaluateApplicability, package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, package applicable State: Installed, highest update applicable state: Installed, resulting applicable state:Installed
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~~7.6.7600.256, Parent: Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.0.6000.16386, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~~7.6.7600.256, parent found: Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7600.16385, state: Installed
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~~7.6.7600.256, disposition state from detectParent: Installed
2014-09-11 17:14:06, Info CBS Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~~7.6.7600.256, applicable state: Installed
2014-09-11 17:14:06, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-windowsupdateclient-ui_31bf3856ad364e35_0.0.0.0_none_5069764091c7f818 (7.6.7600.256), elevation:32, lower version revision holder: 7.3.7600.16385
2014-09-11 17:14:06, Info CBS Applicability(ComponentAnalyzerEvaluateSelfUpdate): Component: x86_microsoft-windows-windowsupdateclient-ui_31bf3856ad364e35_7.6.7600.256_none_f7839c193937c3f1, elevate: 32, applicable(true/false): 1
2014-09-11 17:14:06, Info CBS Appl: SelfUpdate detect, component: x86_microsoft-windows-windowsupdateclient-ui_31bf3856ad364e35_7.6.7600.256_none_f7839c193937c3f1, elevation: 32, applicable: 1
2014-09-11 17:14:06, Info CBS Appl: Evaluating applicability block(non detectUpdate part), disposition is: Staged, applicability: Applicable, result applicability state: Installed
2014-09-11 17:14:06, Info CBS Appl: Package: WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~~7.6.7600.256, Update: UI, Applicable: Applicable, Disposition: Installed
2014-09-11 17:14:06, Info CBS External EvaluateApplicability, package: WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~~7.6.7600.256, package applicable State: Installed, highest update applicable state: Installed, resulting applicable state:Installed
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~~7.6.7600.256, Parent: Microsoft-Windows-GroupPolicy-ClientTools-Package~31bf3856ad364e35~x86~~6.0.6000.16386, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~~7.6.7600.256, parent found: Microsoft-Windows-GroupPolicy-ClientTools-Package~31bf3856ad364e35~x86~~6.1.7600.16385, state: Staged
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~~7.6.7600.256, Parent: Microsoft-Windows-GroupPolicy-ClientTools-Package~31bf3856ad364e35~x86~~6.0.6001.18000, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~~7.6.7600.256, parent found: Microsoft-Windows-GroupPolicy-ClientTools-Package~31bf3856ad364e35~x86~~6.1.7600.16385, state: Staged
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~~7.6.7600.256, Parent: Microsoft-Windows-GroupPolicy-ClientTools-Package~31bf3856ad364e35~x86~~6.1.7600.16385, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~~7.6.7600.256, parent found: Microsoft-Windows-GroupPolicy-ClientTools-Package~31bf3856ad364e35~x86~~6.1.7600.16385, state: Staged
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~~7.6.7600.256, disposition state from detectParent: Staged
2014-09-11 17:14:06, Info CBS Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~~7.6.7600.256, applicable state: Staged
2014-09-11 17:14:06, Info CBS EvaluateApplicability, package: WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~~7.6.7600.256, Package applicability: Staged.
2014-09-11 17:14:06, Info CBS Appl: Partial install Status testing, package: WUClient-SelfUpdate-Core~31bf3856ad364e35~x86~~7.6.7600.256, partially installed (true/false), 0
2014-09-11 17:14:06, Info CBS External EvaluateApplicability, package: WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~x86~~7.6.7600.256, package applicable State: Installed, highest update applicable state: Installed, resulting applicable state:Installed
2014-09-11 17:14:06, Info CBS Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core~31bf3856ad364e35~x86~~7.6.7600.256, applicable state: Installed
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, Parent: Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.0.6000.16386, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, parent found: Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7600.16385, state: Installed
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, disposition state from detectParent: Installed
2014-09-11 17:14:06, Info CBS Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, applicable state: Installed
2014-09-11 17:14:06, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_0.0.0.0_none_d2bc5295f1c3b567 (7.6.7600.256), elevation:32, lower version revision holder: 7.3.7600.16385
2014-09-11 17:14:06, Info CBS Applicability(ComponentAnalyzerEvaluateSelfUpdate): Component: x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7600.256_none_79d6786e99338140, elevate: 32, applicable(true/false): 1
2014-09-11 17:14:06, Info CBS Appl: SelfUpdate detect, component: x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7600.256_none_79d6786e99338140, elevation: 32, applicable: 1
2014-09-11 17:14:06, Info CBS Appl: Evaluating applicability block(non detectUpdate part), disposition is: Staged, applicability: Applicable, result applicability state: Installed
2014-09-11 17:14:06, Info CBS Appl: Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, Update: Core, Applicable: Applicable, Disposition: Installed
2014-09-11 17:14:06, Info CBS External EvaluateApplicability, package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, package applicable State: Installed, highest update applicable state: Installed, resulting applicable state:Installed
2014-09-11 17:14:06, Info CBS External EvaluateApplicability, package: WUClient-SelfUpdate-Core~31bf3856ad364e35~x86~~7.6.7600.256, package applicable State: Installed, highest update applicable state: Installed, resulting applicable state:Installed
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, Parent: Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.0.6000.16386, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, parent found: Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7600.16385, state: Installed
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, disposition state from detectParent: Installed
2014-09-11 17:14:06, Info CBS Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, applicable state: Installed
2014-09-11 17:14:06, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_0.0.0.0_none_d2bc5295f1c3b567 (7.6.7600.256), elevation:32, lower version revision holder: 7.3.7600.16385
2014-09-11 17:14:06, Info CBS Applicability(ComponentAnalyzerEvaluateSelfUpdate): Component: x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7600.256_none_79d6786e99338140, elevate: 32, applicable(true/false): 1
2014-09-11 17:14:06, Info CBS Appl: SelfUpdate detect, component: x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7600.256_none_79d6786e99338140, elevation: 32, applicable: 1
2014-09-11 17:14:06, Info CBS Appl: Evaluating applicability block(non detectUpdate part), disposition is: Staged, applicability: Applicable, result applicability state: Installed
2014-09-11 17:14:06, Info CBS Appl: Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, Update: Core, Applicable: Applicable, Disposition: Installed
2014-09-11 17:14:06, Info CBS External EvaluateApplicability, package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, package applicable State: Installed, highest update applicable state: Installed, resulting applicable state:Installed
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~~7.6.7600.256, Parent: Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.0.6000.16386, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~~7.6.7600.256, parent found: Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7600.16385, state: Installed
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~~7.6.7600.256, disposition state from detectParent: Installed
2014-09-11 17:14:06, Info CBS Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~~7.6.7600.256, applicable state: Installed
2014-09-11 17:14:06, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-windowsupdateclient-ui_31bf3856ad364e35_0.0.0.0_none_5069764091c7f818 (7.6.7600.256), elevation:32, lower version revision holder: 7.3.7600.16385
2014-09-11 17:14:06, Info CBS Applicability(ComponentAnalyzerEvaluateSelfUpdate): Component: x86_microsoft-windows-windowsupdateclient-ui_31bf3856ad364e35_7.6.7600.256_none_f7839c193937c3f1, elevate: 32, applicable(true/false): 1
2014-09-11 17:14:06, Info CBS Appl: SelfUpdate detect, component: x86_microsoft-windows-windowsupdateclient-ui_31bf3856ad364e35_7.6.7600.256_none_f7839c193937c3f1, elevation: 32, applicable: 1
2014-09-11 17:14:06, Info CBS Appl: Evaluating applicability block(non detectUpdate part), disposition is: Staged, applicability: Applicable, result applicability state: Installed
2014-09-11 17:14:06, Info CBS Appl: Package: WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~~7.6.7600.256, Update: UI, Applicable: Applicable, Disposition: Installed
2014-09-11 17:14:06, Info CBS External EvaluateApplicability, package: WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~~7.6.7600.256, package applicable State: Installed, highest update applicable state: Installed, resulting applicable state:Installed
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~~7.6.7600.256, Parent: Microsoft-Windows-GroupPolicy-ClientTools-Package~31bf3856ad364e35~x86~~6.0.6000.16386, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~~7.6.7600.256, parent found: Microsoft-Windows-GroupPolicy-ClientTools-Package~31bf3856ad364e35~x86~~6.1.7600.16385, state: Staged
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~~7.6.7600.256, Parent: Microsoft-Windows-GroupPolicy-ClientTools-Package~31bf3856ad364e35~x86~~6.0.6001.18000, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~~7.6.7600.256, parent found: Microsoft-Windows-GroupPolicy-ClientTools-Package~31bf3856ad364e35~x86~~6.1.7600.16385, state: Staged
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~~7.6.7600.256, Parent: Microsoft-Windows-GroupPolicy-ClientTools-Package~31bf3856ad364e35~x86~~6.1.7600.16385, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~~7.6.7600.256, parent found: Microsoft-Windows-GroupPolicy-ClientTools-Package~31bf3856ad364e35~x86~~6.1.7600.16385, state: Staged
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~~7.6.7600.256, disposition state from detectParent: Staged
2014-09-11 17:14:06, Info CBS Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~~7.6.7600.256, applicable state: Staged
2014-09-11 17:14:06, Info CBS EvaluateApplicability, package: WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~~7.6.7600.256, Package applicability: Staged.
2014-09-11 17:14:06, Info CBS Appl: Partial install Status testing, package: WUClient-SelfUpdate-Core~31bf3856ad364e35~x86~~7.6.7600.256, partially installed (true/false), 0
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~en-US~7.6.7600.256, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~en-US~6.0.6000.16386, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~en-US~7.6.7600.256, parent found: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~en-US~6.1.7600.16385, state: Installed
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~en-US~7.6.7600.256, disposition state from detectParent: Installed
2014-09-11 17:14:06, Info CBS Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~en-US~7.6.7600.256, applicable state: Installed
2014-09-11 17:14:06, Info CBS Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core~31bf3856ad364e35~x86~en-US~7.6.7600.256, applicable state: Installed
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~en-US~7.6.7600.256, Parent: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~en-US~7.6.7600.256, parent found: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, state: Installed
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~en-US~7.6.7600.256, disposition state from detectParent: Installed
2014-09-11 17:14:06, Info CBS Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~en-US~7.6.7600.256, applicable state: Installed
2014-09-11 17:14:06, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-w..ient-core.resources_31bf3856ad364e35_0.0.0.0_en-us_2830c01d265d652e (7.6.7600.256), elevation:32, lower version revision holder: 0.0.0.0
2014-09-11 17:14:06, Info CBS Applicability(ComponentAnalyzerEvaluateSelfUpdate): Component: x86_microsoft-windows-w..ient-core.resources_31bf3856ad364e35_7.6.7600.256_en-us_cf4ae5f5cdcd3107, elevate: 32, applicable(true/false): 0
2014-09-11 17:14:06, Info CBS Appl: SelfUpdate detect, component: x86_microsoft-windows-w..ient-core.resources_31bf3856ad364e35_7.6.7600.256_en-us_cf4ae5f5cdcd3107, elevation: 32, applicable: 0
2014-09-11 17:14:06, Info CBS Appl: Evaluating applicability block(non detectUpdate part), disposition is: Staged, applicability: NotApplicable, result applicability state: Staged
2014-09-11 17:14:06, Info CBS Appl: Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~en-US~7.6.7600.256, Update: Core, Applicable: NotApplicable, Disposition: Staged
2014-09-11 17:14:06, Info CBS External EvaluateApplicability, package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~en-US~7.6.7600.256, package applicable State: Installed, highest update applicable state: Staged, resulting applicable state:Staged
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~en-US~7.6.7600.256, Parent: WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~~7.6.7600.256, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~en-US~7.6.7600.256, parent found: WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~~7.6.7600.256, state: Installed
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~en-US~7.6.7600.256, disposition state from detectParent: Installed
2014-09-11 17:14:06, Info CBS Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~en-US~7.6.7600.256, applicable state: Installed
2014-09-11 17:14:06, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-w..client-ui.resources_31bf3856ad364e35_0.0.0.0_en-us_3988c727b40b5caf (7.6.7600.256), elevation:32, lower version revision holder: 0.0.0.0
2014-09-11 17:14:06, Info CBS Applicability(ComponentAnalyzerEvaluateSelfUpdate): Component: x86_microsoft-windows-w..client-ui.resources_31bf3856ad364e35_7.6.7600.256_en-us_e0a2ed005b7b2888, elevate: 32, applicable(true/false): 0
2014-09-11 17:14:06, Info CBS Appl: SelfUpdate detect, component: x86_microsoft-windows-w..client-ui.resources_31bf3856ad364e35_7.6.7600.256_en-us_e0a2ed005b7b2888, elevation: 32, applicable: 0
2014-09-11 17:14:06, Info CBS Appl: Evaluating applicability block(non detectUpdate part), disposition is: Staged, applicability: NotApplicable, result applicability state: Staged
2014-09-11 17:14:06, Info CBS Appl: Package: WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~en-US~7.6.7600.256, Update: UI, Applicable: NotApplicable, Disposition: Staged
2014-09-11 17:14:06, Info CBS External EvaluateApplicability, package: WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~en-US~7.6.7600.256, package applicable State: Installed, highest update applicable state: Staged, resulting applicable state:Staged
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~en-US~7.6.7600.256, Parent: WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~~7.6.7600.256, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~en-US~7.6.7600.256, parent found: WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~~7.6.7600.256, state: Staged
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~en-US~7.6.7600.256, disposition state from detectParent: Staged
2014-09-11 17:14:06, Info CBS Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~en-US~7.6.7600.256, applicable state: Staged
2014-09-11 17:14:06, Info CBS EvaluateApplicability, package: WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~en-US~7.6.7600.256, Package applicability: Staged.
2014-09-11 17:14:06, Info CBS External EvaluateApplicability, package: WUClient-SelfUpdate-Core~31bf3856ad364e35~x86~en-US~7.6.7600.256, package applicable State: Installed, highest update applicable state: Staged, resulting applicable state:Staged
2014-09-11 17:14:06, Info CBS External EvaluateApplicability, package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~en-US~7.6.7600.256, package applicable State: Installed, highest update applicable state: Staged, resulting applicable state:Staged
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~ja-JP~7.6.7600.256, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~ja-JP~6.0.6000.16386, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~ja-JP~7.6.7600.256, no parent found, go absent
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~ja-JP~7.6.7600.256, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~ja-JP~6.0.6001.18000, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~ja-JP~7.6.7600.256, no parent found, go absent
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~ja-JP~7.6.7600.256, Parent: Microsoft-Windows-Server-LanguagePack-Package~31bf3856ad364e35~x86~ja-JP~6.0.6001.18000, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~ja-JP~7.6.7600.256, no parent found, go absent
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~ja-JP~7.6.7600.256, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~ja-JP~6.1.7600.16385, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~ja-JP~7.6.7600.256, no parent found, go absent
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~ja-JP~7.6.7600.256, Parent: Microsoft-Windows-Server-LanguagePack-Package~31bf3856ad364e35~x86~ja-JP~6.1.7600.16385, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~ja-JP~7.6.7600.256, no parent found, go absent
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~ja-JP~7.6.7600.256, disposition state from detectParent: Absent
2014-09-11 17:14:06, Info CBS Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~ja-JP~7.6.7600.256, applicable state: Absent
2014-09-11 17:14:06, Info CBS EvaluateApplicability, package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~ja-JP~7.6.7600.256, Package applicability: Absent.
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~ar-SA~7.6.7600.256, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~ar-SA~6.0.6000.16386, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~ar-SA~7.6.7600.256, no parent found, go absent
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~ar-SA~7.6.7600.256, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~ar-SA~6.0.6001.18000, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~ar-SA~7.6.7600.256, no parent found, go absent
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~ar-SA~7.6.7600.256, Parent: Microsoft-Windows-Server-LanguagePack-Package~31bf3856ad364e35~x86~ar-SA~6.0.6001.18000, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~ar-SA~7.6.7600.256, no parent found, go absent
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~ar-SA~7.6.7600.256, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~ar-SA~6.1.7600.16385, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~ar-SA~7.6.7600.256, no parent found, go absent
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~ar-SA~7.6.7600.256, Parent: Microsoft-Windows-Server-LanguagePack-Package~31bf3856ad364e35~x86~ar-SA~6.1.7600.16385, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~ar-SA~7.6.7600.256, no parent found, go absent
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~ar-SA~7.6.7600.256, disposition state from detectParent: Absent
2014-09-11 17:14:06, Info CBS Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~ar-SA~7.6.7600.256, applicable state: Absent
2014-09-11 17:14:06, Info CBS EvaluateApplicability, package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~ar-SA~7.6.7600.256, Package applicability: Absent.
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~zh-CN~7.6.7600.256, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~zh-CN~6.0.6000.16386, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~zh-CN~7.6.7600.256, no parent found, go absent
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~zh-CN~7.6.7600.256, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~zh-CN~6.0.6001.18000, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~zh-CN~7.6.7600.256, no parent found, go absent
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~zh-CN~7.6.7600.256, Parent: Microsoft-Windows-Server-LanguagePack-Package~31bf3856ad364e35~x86~zh-CN~6.0.6001.18000, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~zh-CN~7.6.7600.256, no parent found, go absent
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~zh-CN~7.6.7600.256, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~zh-CN~6.1.7600.16385, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~zh-CN~7.6.7600.256, no parent found, go absent
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~zh-CN~7.6.7600.256, Parent: Microsoft-Windows-Server-LanguagePack-Package~31bf3856ad364e35~x86~zh-CN~6.1.7600.16385, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~zh-CN~7.6.7600.256, no parent found, go absent
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~zh-CN~7.6.7600.256, disposition state from detectParent: Absent
2014-09-11 17:14:06, Info CBS Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~zh-CN~7.6.7600.256, applicable state: Absent
2014-09-11 17:14:06, Info CBS EvaluateApplicability, package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~zh-CN~7.6.7600.256, Package applicability: Absent.
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~zh-TW~7.6.7600.256, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~zh-TW~6.0.6000.16386, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~zh-TW~7.6.7600.256, no parent found, go absent
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~zh-TW~7.6.7600.256, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~zh-TW~6.0.6001.18000, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~zh-TW~7.6.7600.256, no parent found, go absent
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~zh-TW~7.6.7600.256, Parent: Microsoft-Windows-Server-LanguagePack-Package~31bf3856ad364e35~x86~zh-TW~6.0.6001.18000, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~zh-TW~7.6.7600.256, no parent found, go absent
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~zh-TW~7.6.7600.256, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~zh-TW~6.1.7600.16385, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~zh-TW~7.6.7600.256, no parent found, go absent
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~zh-TW~7.6.7600.256, Parent: Microsoft-Windows-Server-LanguagePack-Package~31bf3856ad364e35~x86~zh-TW~6.1.7600.16385, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~zh-TW~7.6.7600.256, no parent found, go absent
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~zh-TW~7.6.7600.256, disposition state from detectParent: Absent
2014-09-11 17:14:06, Info CBS Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~zh-TW~7.6.7600.256, applicable state: Absent
2014-09-11 17:14:06, Info CBS EvaluateApplicability, package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~zh-TW~7.6.7600.256, Package applicability: Absent.
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~cs-CZ~7.6.7600.256, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~cs-CZ~6.0.6000.16386, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~cs-CZ~7.6.7600.256, no parent found, go absent
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~cs-CZ~7.6.7600.256, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~cs-CZ~6.0.6001.18000, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~cs-CZ~7.6.7600.256, no parent found, go absent
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~cs-CZ~7.6.7600.256, Parent: Microsoft-Windows-Server-LanguagePack-Package~31bf3856ad364e35~x86~cs-CZ~6.0.6001.18000, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~cs-CZ~7.6.7600.256, no parent found, go absent
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~cs-CZ~7.6.7600.256, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~cs-CZ~6.1.7600.16385, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~cs-CZ~7.6.7600.256, no parent found, go absent
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~cs-CZ~7.6.7600.256, Parent: Microsoft-Windows-Server-LanguagePack-Package~31bf3856ad364e35~x86~cs-CZ~6.1.7600.16385, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~cs-CZ~7.6.7600.256, no parent found, go absent
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~cs-CZ~7.6.7600.256, disposition state from detectParent: Absent
2014-09-11 17:14:06, Info CBS Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~cs-CZ~7.6.7600.256, applicable state: Absent
2014-09-11 17:14:06, Info CBS EvaluateApplicability, package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~cs-CZ~7.6.7600.256, Package applicability: Absent.
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~da-DK~7.6.7600.256, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~da-DK~6.0.6000.16386, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~da-DK~7.6.7600.256, no parent found, go absent
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~da-DK~7.6.7600.256, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~da-DK~6.0.6001.18000, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~da-DK~7.6.7600.256, no parent found, go absent
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~da-DK~7.6.7600.256, Parent: Microsoft-Windows-Server-LanguagePack-Package~31bf3856ad364e35~x86~da-DK~6.0.6001.18000, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~da-DK~7.6.7600.256, no parent found, go absent
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~da-DK~7.6.7600.256, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~da-DK~6.1.7600.16385, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~da-DK~7.6.7600.256, no parent found, go absent
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~da-DK~7.6.7600.256, Parent: Microsoft-Windows-Server-LanguagePack-Package~31bf3856ad364e35~x86~da-DK~6.1.7600.16385, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~da-DK~7.6.7600.256, no parent found, go absent
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~da-DK~7.6.7600.256, disposition state from detectParent: Absent
2014-09-11 17:14:06, Info CBS Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~da-DK~7.6.7600.256, applicable state: Absent
2014-09-11 17:14:06, Info CBS EvaluateApplicability, package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~da-DK~7.6.7600.256, Package applicability: Absent.
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~de-DE~7.6.7600.256, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~de-DE~6.0.6000.16386, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~de-DE~7.6.7600.256, parent found: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~de-DE~6.1.7600.16385, state: Installed
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~de-DE~7.6.7600.256, disposition state from detectParent: Installed
2014-09-11 17:14:06, Info CBS Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~de-DE~7.6.7600.256, applicable state: Installed
2014-09-11 17:14:06, Info CBS Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core~31bf3856ad364e35~x86~de-DE~7.6.7600.256, applicable state: Installed
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, Parent: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, parent found: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, state: Installed
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, disposition state from detectParent: Installed
2014-09-11 17:14:06, Info CBS Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, applicable state: Installed
2014-09-11 17:14:06, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-w..ient-core.resources_31bf3856ad364e35_0.0.0.0_de-de_7f3fea24377f5969 (7.6.7600.256), elevation:32, lower version revision holder: 7.3.7600.16385
2014-09-11 17:14:06, Info CBS Applicability(ComponentAnalyzerEvaluateSelfUpdate): Component: x86_microsoft-windows-w..ient-core.resources_31bf3856ad364e35_7.6.7600.256_de-de_265a0ffcdeef2542, elevate: 32, applicable(true/false): 1
2014-09-11 17:14:06, Info CBS Appl: SelfUpdate detect, component: x86_microsoft-windows-w..ient-core.resources_31bf3856ad364e35_7.6.7600.256_de-de_265a0ffcdeef2542, elevation: 32, applicable: 1
2014-09-11 17:14:06, Info CBS Appl: Evaluating applicability block(non detectUpdate part), disposition is: Staged, applicability: Applicable, result applicability state: Installed
2014-09-11 17:14:06, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_0.0.0.0_none_d2bc5295f1c3b567 (7.6.7600.256), elevation:32, lower version revision holder: 7.3.7600.16385
2014-09-11 17:14:06, Info CBS Applicability(ComponentAnalyzerEvaluateSelfUpdate): Component: x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7600.256_none_79d6786e99338140, elevate: 32, applicable(true/false): 1
2014-09-11 17:14:06, Info CBS Appl: SelfUpdate detect, component: x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7600.256_none_79d6786e99338140, elevation: 32, applicable: 1
2014-09-11 17:14:06, Info CBS Appl: Evaluating applicability block(non detectUpdate part), disposition is: Staged, applicability: Applicable, result applicability state: Installed
2014-09-11 17:14:06, Info CBS Appl: Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, Update: Core, Applicable: Applicable, Disposition: Installed
2014-09-11 17:14:06, Info CBS Appl: DetectUpdate, Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, Remote Parent: Core, Intended State: Installed
2014-09-11 17:14:06, Info CBS Appl: Evaluating applicability block(detectUpdate part), disposition is: Staged, applicability: Applicable, result applicability state: Installed
2014-09-11 17:14:06, Info CBS Appl: Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, Update: Core, Applicable: Applicable, Disposition: Installed
2014-09-11 17:14:06, Info CBS External EvaluateApplicability, package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, package applicable State: Installed, highest update applicable state: Installed, resulting applicable state:Installed
2014-09-11 17:14:06, Info CBS External EvaluateApplicability, package: WUClient-SelfUpdate-Core~31bf3856ad364e35~x86~de-DE~7.6.7600.256, package applicable State: Installed, highest update applicable state: Installed, resulting applicable state:Installed
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, Parent: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, parent found: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, state: Installed
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, disposition state from detectParent: Installed
2014-09-11 17:14:06, Info CBS Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, applicable state: Installed
2014-09-11 17:14:06, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-w..ient-core.resources_31bf3856ad364e35_0.0.0.0_de-de_7f3fea24377f5969 (7.6.7600.256), elevation:32, lower version revision holder: 7.3.7600.16385
2014-09-11 17:14:06, Info CBS Applicability(ComponentAnalyzerEvaluateSelfUpdate): Component: x86_microsoft-windows-w..ient-core.resources_31bf3856ad364e35_7.6.7600.256_de-de_265a0ffcdeef2542, elevate: 32, applicable(true/false): 1
2014-09-11 17:14:06, Info CBS Appl: SelfUpdate detect, component: x86_microsoft-windows-w..ient-core.resources_31bf3856ad364e35_7.6.7600.256_de-de_265a0ffcdeef2542, elevation: 32, applicable: 1
2014-09-11 17:14:06, Info CBS Appl: Evaluating applicability block(non detectUpdate part), disposition is: Staged, applicability: Applicable, result applicability state: Installed
2014-09-11 17:14:06, Info CBS Appl: DetectUpdate, Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, Remote Parent: Core, Intended State: Installed
2014-09-11 17:14:06, Info CBS Appl: Evaluating applicability block(detectUpdate part), disposition is: Staged, applicability: Applicable, result applicability state: Installed
2014-09-11 17:14:06, Info CBS Appl: Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, Update: Core, Applicable: Applicable, Disposition: Installed
2014-09-11 17:14:06, Info CBS External EvaluateApplicability, package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, package applicable State: Installed, highest update applicable state: Installed, resulting applicable state:Installed
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, Parent: WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~~7.6.7600.256, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, parent found: WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~~7.6.7600.256, state: Installed
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, disposition state from detectParent: Installed
2014-09-11 17:14:06, Info CBS Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, applicable state: Installed
2014-09-11 17:14:06, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-w..client-ui.resources_31bf3856ad364e35_0.0.0.0_de-de_9097f12ec52d50ea (7.6.7600.256), elevation:32, lower version revision holder: 7.3.7600.16385
2014-09-11 17:14:06, Info CBS Applicability(ComponentAnalyzerEvaluateSelfUpdate): Component: x86_microsoft-windows-w..client-ui.resources_31bf3856ad364e35_7.6.7600.256_de-de_37b217076c9d1cc3, elevate: 32, applicable(true/false): 1
2014-09-11 17:14:06, Info CBS Appl: SelfUpdate detect, component: x86_microsoft-windows-w..client-ui.resources_31bf3856ad364e35_7.6.7600.256_de-de_37b217076c9d1cc3, elevation: 32, applicable: 1
2014-09-11 17:14:06, Info CBS Appl: Evaluating applicability block(non detectUpdate part), disposition is: Staged, applicability: Applicable, result applicability state: Installed
2014-09-11 17:14:06, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-windowsupdateclient-ui_31bf3856ad364e35_0.0.0.0_none_5069764091c7f818 (7.6.7600.256), elevation:32, lower version revision holder: 7.3.7600.16385
2014-09-11 17:14:06, Info CBS Applicability(ComponentAnalyzerEvaluateSelfUpdate): Component: x86_microsoft-windows-windowsupdateclient-ui_31bf3856ad364e35_7.6.7600.256_none_f7839c193937c3f1, elevate: 32, applicable(true/false): 1
2014-09-11 17:14:06, Info CBS Appl: SelfUpdate detect, component: x86_microsoft-windows-windowsupdateclient-ui_31bf3856ad364e35_7.6.7600.256_none_f7839c193937c3f1, elevation: 32, applicable: 1
2014-09-11 17:14:06, Info CBS Appl: Evaluating applicability block(non detectUpdate part), disposition is: Staged, applicability: Applicable, result applicability state: Installed
2014-09-11 17:14:06, Info CBS Appl: Package: WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~~7.6.7600.256, Update: UI, Applicable: Applicable, Disposition: Installed
2014-09-11 17:14:06, Info CBS Appl: DetectUpdate, Package: WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, Remote Parent: UI, Intended State: Installed
2014-09-11 17:14:06, Info CBS Appl: Evaluating applicability block(detectUpdate part), disposition is: Staged, applicability: Applicable, result applicability state: Installed
2014-09-11 17:14:06, Info CBS Appl: Package: WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, Update: UI, Applicable: Applicable, Disposition: Installed
2014-09-11 17:14:06, Info CBS External EvaluateApplicability, package: WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, package applicable State: Installed, highest update applicable state: Installed, resulting applicable state:Installed
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, Parent: WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~~7.6.7600.256, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, parent found: WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~~7.6.7600.256, state: Staged
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, disposition state from detectParent: Staged
2014-09-11 17:14:06, Info CBS Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, applicable state: Staged
2014-09-11 17:14:06, Info CBS EvaluateApplicability, package: WUClient-SelfUpdate-Core-AdmComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, Package applicability: Staged.
2014-09-11 17:14:06, Info CBS Appl: Partial install Status testing, package: WUClient-SelfUpdate-Core~31bf3856ad364e35~x86~de-DE~7.6.7600.256, partially installed (true/false), 0
2014-09-11 17:14:06, Info CBS External EvaluateApplicability, package: WUClient-SelfUpdate-Core-MiniLP~31bf3856ad364e35~x86~de-DE~7.6.7600.256, package applicable State: Installed, highest update applicable state: Installed, resulting applicable state:Installed
2014-09-11 17:14:06, Info CBS Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core~31bf3856ad364e35~x86~de-DE~7.6.7600.256, applicable state: Installed
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, Parent: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, parent found: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, state: Installed
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, disposition state from detectParent: Installed
2014-09-11 17:14:06, Info CBS Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, applicable state: Installed
2014-09-11 17:14:06, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-w..ient-core.resources_31bf3856ad364e35_0.0.0.0_de-de_7f3fea24377f5969 (7.6.7600.256), elevation:32, lower version revision holder: 7.3.7600.16385
2014-09-11 17:14:06, Info CBS Applicability(ComponentAnalyzerEvaluateSelfUpdate): Component: x86_microsoft-windows-w..ient-core.resources_31bf3856ad364e35_7.6.7600.256_de-de_265a0ffcdeef2542, elevate: 32, applicable(true/false): 1
2014-09-11 17:14:06, Info CBS Appl: SelfUpdate detect, component: x86_microsoft-windows-w..ient-core.resources_31bf3856ad364e35_7.6.7600.256_de-de_265a0ffcdeef2542, elevation: 32, applicable: 1
2014-09-11 17:14:06, Info CBS Appl: Evaluating applicability block(non detectUpdate part), disposition is: Staged, applicability: Applicable, result applicability state: Installed
2014-09-11 17:14:06, Info CBS Appl: DetectUpdate, Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, Remote Parent: Core, Intended State: Installed
2014-09-11 17:14:06, Info CBS Appl: Evaluating applicability block(detectUpdate part), disposition is: Staged, applicability: Applicable, result applicability state: Installed
2014-09-11 17:14:06, Info CBS Appl: Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, Update: Core, Applicable: Applicable, Disposition: Installed
2014-09-11 17:14:06, Info CBS External EvaluateApplicability, package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, package applicable State: Installed, highest update applicable state: Installed, resulting applicable state:Installed
2014-09-11 17:14:06, Info CBS External EvaluateApplicability, package: WUClient-SelfUpdate-Core~31bf3856ad364e35~x86~de-DE~7.6.7600.256, package applicable State: Installed, highest update applicable state: Installed, resulting applicable state:Installed
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, Parent: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, parent found: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~~7.6.7600.256, state: Installed
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, disposition state from detectParent: Installed
2014-09-11 17:14:06, Info CBS Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, applicable state: Installed
2014-09-11 17:14:06, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-w..ient-core.resources_31bf3856ad364e35_0.0.0.0_de-de_7f3fea24377f5969 (7.6.7600.256), elevation:32, lower version revision holder: 7.3.7600.16385
2014-09-11 17:14:06, Info CBS Applicability(ComponentAnalyzerEvaluateSelfUpdate): Component: x86_microsoft-windows-w..ient-core.resources_31bf3856ad364e35_7.6.7600.256_de-de_265a0ffcdeef2542, elevate: 32, applicable(true/false): 1
2014-09-11 17:14:06, Info CBS Appl: SelfUpdate detect, component: x86_microsoft-windows-w..ient-core.resources_31bf3856ad364e35_7.6.7600.256_de-de_265a0ffcdeef2542, elevation: 32, applicable: 1
2014-09-11 17:14:06, Info CBS Appl: Evaluating applicability block(non detectUpdate part), disposition is: Staged, applicability: Applicable, result applicability state: Installed
2014-09-11 17:14:06, Info CBS Appl: DetectUpdate, Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, Remote Parent: Core, Intended State: Installed
2014-09-11 17:14:06, Info CBS Appl: Evaluating applicability block(detectUpdate part), disposition is: Staged, applicability: Applicable, result applicability state: Installed
2014-09-11 17:14:06, Info CBS Appl: Package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, Update: Core, Applicable: Applicable, Disposition: Installed
2014-09-11 17:14:06, Info CBS External EvaluateApplicability, package: WUClient-SelfUpdate-Core-CoreComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, package applicable State: Installed, highest update applicable state: Installed, resulting applicable state:Installed
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, Parent: WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~~7.6.7600.256, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present
2014-09-11 17:14:06, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, parent found: WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~~7.6.7600.256, state: Installed
2014-09-11 17:14:06, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, disposition state from detectParent: Installed
2014-09-11 17:14:06, Info CBS Appl: Evaluating package applicability for package WUClient-SelfUpdate-Core-UIComp~31bf3856ad364e35~x86~de-DE~7.6.7600.256, applicable state: Installed
2014-09-11 17:14:06, Info CBS Appl: Selfupdate, Component: x86_microsoft-windows-w..client-ui.resources_31bf3856ad364e35_0.0.0.0_de-de_9097f12ec52d50ea (7.6.7600.256), elevation:32, lower version revision holder: 7.3.7600.16385
2014-09-11 17:14:06, Info CBS Applicability(ComponentAnalyzerEvaluateSelfUpdate): Component: x86_microsoft-windows-w..client-ui.resources_31bf3856ad364e35_7.6.7600.256_de-de_37b217076c9d1cc3, elevate: 32, applicable(true/false): 1
2014-09-11 17:14:06, Info CBS Appl: SelfUpdate detect, component: x86_microsoft-windows-w..client-ui.resources_31bf3856ad364e35_7.6.7600.256_de-de_37b217076c9d1cc3, elevation: 32, applicable: 1
2014-09-11 17:14:06, Info CBS Appl: Evaluating applicability block(non detectUpdate part), disposition is: Staged, applicability: Applicable, result applicability state: Installed
ok.. dafür müsste ich mehr Zeit haben. die Datei ist 6043 kb groß und man darf nur 97 kb hochladen.... ich guck mal, ob ich das Sonntag hinbekomme |
|
12.09.2014, 16:16
| #11 |
| /// TB-Ausbilder | Bundeskriminalamt Trojaner Du kannst z.b. Pastebin.com - #1 paste tool since 2002! nutzen, ohne Anmeldung. Musst mir halt nur den Link dahin schicken.
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
|
15.09.2014, 09:37
| #12 |
| | Bundeskriminalamt Trojaner hast du noch eine Idee? Habe fünf verschiedene ausprobiert. Alle sagen die Größe sei zuviel für sie oder reagieren einfach nicht mehr.... ha, hier ist es.... textsave | The easy way to save text online! hxxp://txs.io/R0rb textsave | Der einfache Weg um Texte online zu speichern! textsave | Der einfache Weg um Texte online zu speichern! also das mit dem Link-Einfügen klappt nicht so richtig.... entweder mut den URL-Tags drumzu dieser Text oder aber er hxxp? hxxp://de.textsave.org/R0rb das müsste schon http sein |
|
15.09.2014, 14:04
| #13 |
| /// TB-Ausbilder | Bundeskriminalamt Trojaner Lad dir bitte http://download.windowsupdate.com/v9...6.7600.256.cab auf den Desktop. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter cmd: pkgmgr /ip /m:"%userprofle%\Desktop\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.6.7600.256.cab"
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Danach Rechner neustarten und erneut versuchen, SP1 zu installieren.
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
|
Hybrid-Darstellung
