Hallo. Konnte leider nicht früher. Das o.g. Problem habe ich schon seit einem Monat(ca.) Ich habe noch was vergessen zu erwähnen. Eines Tages konnte ich in der Windows-Leiste ein rotes Fähnchen sehen, was besagt dass mein Windows-Sicherheitscenter ist nicht aktiviert. Gehe drauf tut sich nichts, kann die Windows Einstellungen nicht ändern. Dann später über suchen - Dienste versucht, tat sich auch nichts, bzw. habe den Dienst gar nicht gefunden. Beim nächsten Schritt habe ich einfach mein AVIRA deinstalliert und dafür den Kaspersky Schutz gekauft. Kaspersky hatte auch irgendwelche Funde gemeldet und dann beseitigt, weiß aber nicht mehr was es war. Seit dem lasse ich immer aktuellen scan durchlaufen und ich denke, wenn es irgendwann ein Virus ist, wird Kaspersky was entdecken. Auf jeden Fall ist das Problem mit Downloaden total lästig und wenn ich es in den Griff bekomme dann wäre es toll, ansonsten wird Laptop platt gemacht.
Hier sind FRST.txt und Addition.txt Hoffe hab das richtig gemacht, ansonsten melden, hab nicht viel Ahnung von alledem.:)
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2013 01
Ran by lana (administrator) on LANA-PC on 28-12-2013 17:17:05
Running from C:\Users\lana\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
() C:\ProgramData\DataCardService\HWDeviceService64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(X10) C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DataCardService\DCSHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\OSD.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe
() C:\Program Files (x86)\watchmi\TvdTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11548264 2010-11-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2181224 2010-11-03] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [LMgrVolOSD] - C:\Program Files (x86)\Launch Manager\OSD.exe [348960 2009-12-12] (Wistron Corp.)
HKLM-x32\...\Run: [LMgrOSD] - "C:\Program Files (x86)\Launch Manager\OSDCtrl.exe"
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-12-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM-x32\...\Run: [YouCam Mirror Tray icon] - C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [171104 2010-03-03] (CyberLink Corp.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Usidsaz] - C:\Users\lana\AppData\Roaming\Onywaz\fimo.exe
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
MountPoints2: F - F:\AutoRun.exe
MountPoints2: {4a904dbe-7163-11e2-9ffa-00262dc33e09} - F:\AutoRun.exe
MountPoints2: {4a904ddb-7163-11e2-9ffa-00262dc33e09} - F:\AutoRun.exe
MountPoints2: {58d8b9a6-2c32-11e3-9b33-485d6046a87c} - F:\AutoRun.exe
MountPoints2: {5fda75f8-90d1-11e0-9ebe-806e6f6e6963} - E:\setup.exe
MountPoints2: {89be720a-71f2-11e2-9921-001e101f9843} - F:\AutoRun.exe
MountPoints2: {bcd34a47-c431-11e0-a55a-00262dc33e09} - F:\AutoRun.exe
AppInit_DLLs: [ ] ()
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x20D20B37E8F8CE01
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=628&systemid=1&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=628&systemid=1&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {E88E0043-C9D4-4e33-8555-FEE4F5B63060} URL =
SearchScopes: HKCU - DefaultScope {E88E0043-C9D4-4e33-8555-FEE4F5B63060} URL = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=FA2500262DC33E09&affID=121565&tsp=5020
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=628&systemid=1&sr=0&q={searchTerms}
SearchScopes: HKCU - {E88E0043-C9D4-4e33-8555-FEE4F5B63060} URL = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: No Name - {8984B388-A5BB-4DF7-B274-77B879E179DB} - No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM - No Name - !{09900DE8-1DCA-443F-9243-26FF581438AF} - No File
Toolbar: HKLM-x32 - No Name - !{09900DE8-1DCA-443F-9243-26FF581438AF} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{48903E4F-5D60-4AD6-91D3-F236F5F13F68}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{82CDBE93-B819-4BB9-AAC8-6B6C20E12CFC}: [NameServer]193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{BFD639D2-2649-450F-AD50-B1B851AD2248}: [NameServer]193.189.244.225 193.189.244.206
FireFox:
========
FF ProfilePath: C:\Users\lana\AppData\Roaming\Mozilla\Firefox\Profiles\d75gtcre.default
FF user.js: detected! => C:\Users\lana\AppData\Roaming\Mozilla\Firefox\Profiles\d75gtcre.default\user.js
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\lana\AppData\Roaming\Mozilla\Firefox\Profiles\d75gtcre.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\lana\AppData\Roaming\Mozilla\Firefox\Profiles\d75gtcre.default\searchplugins\delta.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF Extension: Iminent Minibar - C:\Users\lana\AppData\Roaming\Mozilla\Firefox\Profiles\d75gtcre.default\Extensions\webbooster@iminent.com
FF Extension: No Name - C:\Users\lana\AppData\Roaming\Mozilla\Firefox\Profiles\d75gtcre.default\Extensions\webbooster@iminent.com.xpi
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
Chrome:
=======
CHR HomePage: hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=FA2500262DC33E09&affID=119293&tt=250613_gr3&tsp=4924
CHR RestoreOnStartup: "sync_promo": {
"show_on_first_run_allowed"
CHR DefaultSearchKeyword: babylon.com
CHR DefaultSearchProvider: Delta Search
CHR DefaultSearchURL: hxxp://www1.delta-search.com/?q={searchTerms}&affID=121240&babsrc=SP_ss&mntrId=FA25485D6046A87C
CHR Extension: (YouTube) - C:\Users\lana\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\lana\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Skype Extension) - C:\Users\lana\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0
CHR Extension: (Altergeo extension) - C:\Users\lana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhgcieglcpdegkhamigiokdphfhhnlhh\3.5.0_0
CHR Extension: (Gmail) - C:\Users\lana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx
==================== Services (Whitelisted) =================
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
S4 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3514360 2013-06-13] (devolo AG)
S4 Guard.Mail.ru; C:\Program Files (x86)\Mail.Ru\Guard\GuardMailRu.exe [6677536 2013-11-01] ()
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [246112 2013-02-07] ()
S4 OMSI download service; C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [90112 2009-04-30] ()
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-02-10] ()
S4 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [70144 2012-01-31] ()
R2 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [118560 2009-10-23] (Wistron Corp.)
R2 x10nets; C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe [20480 2009-11-07] (X10)
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{dd0b6037-a9c2-e38b-9363-0614255749a0}\ \...\???\{dd0b6037-a9c2-e38b-9363-0614255749a0}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
==================== Drivers (Whitelisted) ====================
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-16] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [112224 2013-06-08] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620640 2013-12-21] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2013-12-21] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 mod7764; C:\Windows\System32\DRIVERS\mod77-64.sys [909408 2009-08-13] (DiBcom SA)
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2013-06-13] (CACE Technologies)
S3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [113704 2008-10-21] (MCCI Corporation)
S3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [19496 2008-10-21] (MCCI Corporation)
S3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [152616 2008-10-21] (MCCI Corporation)
S3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [133160 2008-10-21] (MCCI Corporation)
S3 s0017nd5; C:\Windows\System32\DRIVERS\s0017nd5.sys [34856 2008-10-21] (MCCI Corporation)
S3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [128552 2008-10-21] (MCCI Corporation)
S3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [145960 2008-10-21] (MCCI Corporation)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [15896 2009-05-13] (X10 Wireless Technology, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [32792 2009-05-13] (X10 Wireless Technology, Inc.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-28 17:17 - 2013-12-28 17:17 - 00020170 _____ C:\Users\lana\Desktop\FRST.txt
2013-12-28 17:17 - 2013-12-28 17:17 - 00000000 ____D C:\FRST
2013-12-28 17:14 - 2013-12-28 15:49 - 01931176 ____N (Farbar) C:\Users\lana\Desktop\FRST64.exe
2013-12-28 17:14 - 2013-12-28 15:48 - 01064037 ____N (Farbar) C:\Users\lana\Desktop\FRST.exe
2013-12-27 23:21 - 2013-12-27 23:21 - 00000000 ____D C:\Users\lana\Documents\mwconn
2013-12-27 23:14 - 2013-12-27 23:14 - 00000000 ____D C:\Users\lana\Desktop\mwconn
2013-12-26 20:00 - 2013-12-26 20:00 - 00064990 _____ C:\Users\lana\Desktop\Extras.Txt
2013-12-26 19:59 - 2013-12-26 19:59 - 00132840 _____ C:\Users\lana\Desktop\OTL.Txt
2013-12-26 19:41 - 2013-12-26 19:24 - 00602112 ____N (OldTimer Tools) C:\Users\lana\Desktop\otl.exe
2013-12-26 18:51 - 2013-12-26 18:51 - 00000000 _____ C:\Users\lana\tasklist
2013-12-18 22:19 - 2013-12-18 23:36 - 00013680 _____ C:\Windows\diagwrn.xml
2013-12-18 22:19 - 2013-12-18 23:36 - 00001908 _____ C:\Windows\diagerr.xml
2013-12-16 20:53 - 2013-12-16 20:53 - 00000085 _____ C:\Windows\wininit.ini
2013-12-16 14:19 - 2013-12-16 14:19 - 00002338 _____ C:\Users\lana\Desktop\Sicherer Zahlungsverkehr.lnk
2013-12-16 14:18 - 2013-12-16 14:18 - 00001128 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2013-12-16 14:18 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2013-12-16 14:17 - 2013-12-16 14:17 - 00000000 ____D C:\Windows\ELAMBKUP
2013-12-16 14:16 - 2013-12-21 00:12 - 00620640 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2013-12-16 14:16 - 2013-06-08 20:18 - 00112224 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2013-12-14 15:21 - 2013-12-14 15:21 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-12-14 15:20 - 2013-12-16 20:55 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-12-14 15:20 - 2013-12-16 20:53 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-12-14 15:05 - 2013-12-14 15:05 - 00001117 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-14 15:05 - 2013-12-14 15:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-14 15:05 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-14 14:48 - 2013-12-28 17:11 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-12-14 14:48 - 2013-12-16 20:43 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-12-12 23:08 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-12 23:08 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-12 23:08 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-12 23:08 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-12 23:07 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 23:07 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 23:07 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-12 23:07 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-12 23:07 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-12 23:07 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-12 23:07 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 23:07 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 23:07 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-12 23:07 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-12 23:07 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 23:07 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-12 23:07 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-12 23:07 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-12 23:07 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-12 23:07 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-12 23:07 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-12 23:07 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 23:07 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-12 23:07 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-12 23:07 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-12 23:07 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-12 23:07 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 23:07 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-12 23:07 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-12 23:07 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 23:07 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-12 23:07 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-12 23:07 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-12 23:07 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-12 23:07 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-12 20:58 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-12 20:58 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-12 20:58 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-12 20:58 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-12 20:58 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-12 20:58 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-12 20:58 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-12 20:58 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-12 20:58 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-12 20:58 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-12 20:58 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-12 20:58 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-12 20:58 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-12 20:58 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-12 20:58 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-12 20:58 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-12 20:58 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-12 20:58 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-12 20:58 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
==================== One Month Modified Files and Folders =======
2013-12-28 17:17 - 2013-12-28 17:17 - 00020170 _____ C:\Users\lana\Desktop\FRST.txt
2013-12-28 17:17 - 2013-12-28 17:17 - 00000000 ____D C:\FRST
2013-12-28 17:14 - 2013-11-04 17:53 - 01219033 _____ C:\Windows\WindowsUpdate.log
2013-12-28 17:11 - 2013-12-14 14:48 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-12-28 17:09 - 2013-11-07 18:08 - 00010387 _____ C:\Windows\setupact.log
2013-12-28 17:09 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-28 16:07 - 2009-07-14 05:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-28 16:07 - 2009-07-14 05:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-28 15:49 - 2013-12-28 17:14 - 01931176 ____N (Farbar) C:\Users\lana\Desktop\FRST64.exe
2013-12-28 15:48 - 2013-12-28 17:14 - 01064037 ____N (Farbar) C:\Users\lana\Desktop\FRST.exe
2013-12-27 23:21 - 2013-12-27 23:21 - 00000000 ____D C:\Users\lana\Documents\mwconn
2013-12-27 23:14 - 2013-12-27 23:14 - 00000000 ____D C:\Users\lana\Desktop\mwconn
2013-12-27 22:54 - 2012-05-31 18:54 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-27 21:33 - 2011-02-10 21:14 - 00008926 _____ C:\Windows\system32\perfh01F.dat
2013-12-27 21:33 - 2011-02-10 21:14 - 00008542 _____ C:\Windows\system32\perfc01F.dat
2013-12-27 21:33 - 2011-02-10 21:05 - 00008926 _____ C:\Windows\system32\prfh0816.dat
2013-12-27 21:33 - 2011-02-10 21:05 - 00008542 _____ C:\Windows\system32\prfc0816.dat
2013-12-27 21:33 - 2011-02-10 21:00 - 00008926 _____ C:\Windows\system32\perfh015.dat
2013-12-27 21:33 - 2011-02-10 21:00 - 00008542 _____ C:\Windows\system32\perfc015.dat
2013-12-27 21:33 - 2011-02-10 20:55 - 00008926 _____ C:\Windows\system32\perfh013.dat
2013-12-27 21:33 - 2011-02-10 20:55 - 00008542 _____ C:\Windows\system32\perfc013.dat
2013-12-27 21:33 - 2011-02-10 20:49 - 00008926 _____ C:\Windows\system32\perfh010.dat
2013-12-27 21:33 - 2011-02-10 20:49 - 00008542 _____ C:\Windows\system32\perfc010.dat
2013-12-27 21:33 - 2011-02-10 20:44 - 00008926 _____ C:\Windows\system32\perfh00E.dat
2013-12-27 21:33 - 2011-02-10 20:44 - 00008542 _____ C:\Windows\system32\perfc00E.dat
2013-12-27 21:33 - 2011-02-10 20:39 - 00008926 _____ C:\Windows\system32\perfh00C.dat
2013-12-27 21:33 - 2011-02-10 20:39 - 00008542 _____ C:\Windows\system32\perfc00C.dat
2013-12-27 21:33 - 2011-02-10 20:34 - 00008926 _____ C:\Windows\system32\perfh00A.dat
2013-12-27 21:33 - 2011-02-10 20:34 - 00008542 _____ C:\Windows\system32\perfc00A.dat
2013-12-27 21:33 - 2011-02-10 20:29 - 00008926 _____ C:\Windows\system32\perfh008.dat
2013-12-27 21:33 - 2011-02-10 20:29 - 00008542 _____ C:\Windows\system32\perfc008.dat
2013-12-27 21:33 - 2011-02-10 20:25 - 00029586 _____ C:\Windows\system32\perfh007.dat
2013-12-27 21:33 - 2011-02-10 20:25 - 00009474 _____ C:\Windows\system32\perfc007.dat
2013-12-27 21:33 - 2009-07-14 06:13 - 00116412 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-26 20:00 - 2013-12-26 20:00 - 00064990 _____ C:\Users\lana\Desktop\Extras.Txt
2013-12-26 19:59 - 2013-12-26 19:59 - 00132840 _____ C:\Users\lana\Desktop\OTL.Txt
2013-12-26 19:24 - 2013-12-26 19:41 - 00602112 ____N (OldTimer Tools) C:\Users\lana\Desktop\otl.exe
2013-12-26 18:51 - 2013-12-26 18:51 - 00000000 _____ C:\Users\lana\tasklist
2013-12-26 18:51 - 2011-06-06 21:51 - 00000000 ____D C:\Users\lana
2013-12-26 16:40 - 2011-06-06 21:51 - 00063104 _____ C:\Users\lana\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-26 01:08 - 2011-08-25 21:00 - 00000000 ____D C:\Users\lana\AppData\Roaming\SoftGrid Client
2013-12-25 22:13 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-12-21 00:12 - 2013-12-16 14:16 - 00620640 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2013-12-21 00:12 - 2013-06-06 17:38 - 00178272 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
2013-12-18 23:36 - 2013-12-18 22:19 - 00013680 _____ C:\Windows\diagwrn.xml
2013-12-18 23:36 - 2013-12-18 22:19 - 00001908 _____ C:\Windows\diagerr.xml
2013-12-18 23:28 - 2013-11-07 18:08 - 00000000 _____ C:\Windows\setuperr.log
2013-12-18 21:45 - 2013-11-23 00:02 - 00368640 ___SH C:\Users\lana\Desktop\Thumbs.db
2013-12-16 20:55 - 2013-12-14 15:20 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-12-16 20:55 - 2013-11-25 22:48 - 00014576 _____ C:\Windows\PFRO.log
2013-12-16 20:53 - 2013-12-16 20:53 - 00000085 _____ C:\Windows\wininit.ini
2013-12-16 20:53 - 2013-12-14 15:20 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-12-16 20:43 - 2013-12-14 14:48 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-12-16 20:00 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-16 14:38 - 2013-10-17 15:47 - 00458336 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2013-12-16 14:19 - 2013-12-16 14:19 - 00002338 _____ C:\Users\lana\Desktop\Sicherer Zahlungsverkehr.lnk
2013-12-16 14:18 - 2013-12-16 14:18 - 00001128 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2013-12-16 14:17 - 2013-12-16 14:17 - 00000000 ____D C:\Windows\ELAMBKUP
2013-12-14 23:16 - 2013-08-14 22:54 - 00000000 ____D C:\Windows\system32\MRT
2013-12-14 23:15 - 2011-02-10 21:56 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-14 21:45 - 2013-10-20 20:53 - 00109568 ___SH C:\Users\lana\Downloads\Thumbs.db
2013-12-14 17:26 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-12-14 15:21 - 2013-12-14 15:21 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-12-14 15:05 - 2013-12-14 15:05 - 00001117 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-14 15:05 - 2013-12-14 15:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-13 21:50 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-13 21:45 - 2009-07-14 05:45 - 00277648 _____ C:\Windows\system32\FNTCACHE.DAT
ZeroAccess:
C:\Users\lana\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install
Files to move or delete:
====================
C:\ProgramData\hpeE81D.dll
Some content of TEMP:
====================
C:\Users\lana\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
LastRegBack: 2013-12-23 21:01
==================== End Of Log ============================
--- --- ---
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2013 01
Ran by lana at 2013-12-28 17:17:40
Running from C:\Users\lana\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader X (10.1.8) MUI (x32 Version: 10.1.8)
Adobe Shockwave Player 11.5 (x32 Version: 11.5.9.615)
Control ActiveX de Windows Live Mesh para conexiones remotas (x32 Version: 15.4.5722.2)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (x32 Version: 15.4.5722.2)
CyberLink MediaShow (x32 Version: 5.0.1410a)
CyberLink MediaShow Espresso (x32 Version: 5.5.1412_24021a)
CyberLink PhotoNow (x32 Version: 1.1.6904)
CyberLink Power2Go (x32 Version: 6.1.3602c)
CyberLink PowerDirector (x32 Version: 8.0.3101)
CyberLink PowerDVD 9 (x32 Version: 9.0.2925.52)
CyberLink PowerDVD Copy (x32 Version: 1.5.1306)
CyberLink PowerProducer (x32 Version: 5.0.2.2326)
CyberLink YouCam (x32 Version: 3.0.2626)
D3DX10 (x32 Version: 15.4.2368.0902)
devolo dLAN Cockpit (x32 Version: 4.1.1.0)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (x32 Version: 15.4.5722.2)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922)
Free YouTube Download version 3.2.13.925 (x32 Version: 3.2.13.925)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922)
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
Guard.Mail.ru (x32) <==== ATTENTION
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2279)
Intel(R) Rapid Storage Technology (x32 Version: 9.6.0.1014)
Internet-TV für Windows Media Center (x32 Version: 4.2.2.0)
Java Auto Updater (x32 Version: 2.0.2.4)
Java(TM) 6 Update 23 (64-bit) (Version: 6.0.230)
Java(TM) 6 Update 23 (x32 Version: 6.0.230)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Kaspersky Internet Security (x32 Version: 14.0.0.4651)
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (x32 Version: 15.4.5722.2)
Launch Manager (x32 Version: 1.5.1.3)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Medion Home Cinema (x32 Version: 8.0.1505)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mobile Partner (x32 Version: 21.005.15.00.705)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922)
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922)
Pošta Windows Live (x32 Version: 15.4.3502.0922)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6237)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30121)
REALTEK Wireless LAN Driver (x32 Version: 1.00.0148)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0)
Skype Toolbars (x32 Version: 5.3.7555)
Skype™ 5.10 (x32 Version: 5.10.116)
Update for Html5 geolocation provider (x32 Version: 3.6.2.901)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
watchmi (x32 Version: 3.0.0)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3508.1109)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922)
Windows Live Fotótár (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (x32 Version: 15.4.5722.2)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
X10 Hardware(TM) (x32)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922)
==================== Restore Points =========================
09-12-2013 18:00:20 Windows-Sicherung
09-12-2013 20:04:42 Windows-Sicherung
12-12-2013 22:05:56 Windows Update
14-12-2013 16:24:20 Windows Modules Installer
14-12-2013 22:14:35 Windows Update
15-12-2013 20:54:40 Windows-Sicherung
18-12-2013 17:55:33 Windows-Sicherung
19-12-2013 23:09:32 Windows-Sicherung
21-12-2013 20:32:00 Windows-Sicherung
21-12-2013 20:45:46 Windows-Sicherung
23-12-2013 13:38:03 Windows-Sicherung
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {7AC196E6-CF5C-4AC2-ADC9-CE881FC39F8C} - System32\Tasks\4593 => Wscript.exe C:\Users\lana\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {87D32AFB-F472-4EC4-A600-EF2A4A03FC09} - System32\Tasks\GoforFilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ATTENTION
Task: {CCF858FC-0B0E-4573-9D61-920B04763202} - System32\Tasks\{2EAD1A2A-98CE-464C-90AA-DA226777F6F2} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.)
Task: {D76E7013-8BB8-405A-B5FB-229622862940} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {F737E117-274C-4BC3-996A-40E867C4B6FC} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {F9E35878-D7CC-4B54-86A6-E707154A3AB4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2011-03-12 10:43 - 2011-01-08 01:57 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-01-31 10:24 - 2012-01-31 10:24 - 00004608 _____ () C:\Program Files (x86)\watchmi\de\TvdTray.resources.dll
2013-10-01 22:53 - 2013-10-01 22:53 - 00059904 _____ () C:\Windows\assembly\GAC_MSIL\Tvd.Remote\3.0.0.8__f722db7bec59a14b\Tvd.Remote.dll
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2009-11-02 23:20 - 2009-11-02 23:20 - 00619816 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 23:23 - 2009-11-02 23:23 - 00013096 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2013-08-20 22:11 - 2013-08-20 22:11 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\44bfa824a3b8a6f789fda79a2e01a8db\IsdiInterop.ni.dll
2011-03-12 10:51 - 2010-03-04 05:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/28/2013 05:11:22 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/28/2013 04:00:26 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/27/2013 11:30:39 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/26/2013 04:41:28 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/25/2013 10:10:35 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/25/2013 10:06:41 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/24/2013 11:11:21 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/24/2013 00:19:24 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/23/2013 06:42:09 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/23/2013 02:44:38 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung war nicht erfolgreich. Fehler: "Am Sicherungsspeicherort ist nicht genügend freier Speicherplatz verfügbar, um die Daten zu sichern. (0x80780048)"
System errors:
=============
Error: (12/28/2013 05:09:53 PM) (Source: NETLOGON) (User: )
Description: Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert, nicht als
Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser
Konfiguration nicht gestartet zu sein.
Error: (12/28/2013 05:09:52 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Firewall" wurde mit folgendem dienstspezifischem Fehler beendet: %%5.
Error: (12/28/2013 05:09:46 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 28.12.2013 um 16:14:35 unerwartet heruntergefahren.
Error: (12/28/2013 04:00:24 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows-Fehlerberichterstattungsdienst erreicht.
Error: (12/28/2013 03:58:46 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Firewall" wurde mit folgendem dienstspezifischem Fehler beendet: %%5.
Error: (12/28/2013 03:58:47 PM) (Source: NETLOGON) (User: )
Description: Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert, nicht als
Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser
Konfiguration nicht gestartet zu sein.
Error: (12/27/2013 11:29:07 AM) (Source: NETLOGON) (User: )
Description: Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert, nicht als
Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser
Konfiguration nicht gestartet zu sein.
Error: (12/27/2013 11:29:07 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Firewall" wurde mit folgendem dienstspezifischem Fehler beendet: %%5.
Error: (12/26/2013 10:26:52 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (12/26/2013 10:26:52 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Microsoft Office Sessions:
=========================
Error: (12/28/2013 05:11:22 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/28/2013 04:00:26 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/27/2013 11:30:39 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/26/2013 04:41:28 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/25/2013 10:10:35 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/25/2013 10:06:41 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/24/2013 11:11:21 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/24/2013 00:19:24 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/23/2013 06:42:09 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/23/2013 02:44:38 PM) (Source: Windows Backup)(User: )
Description: Am Sicherungsspeicherort ist nicht genügend freier Speicherplatz verfügbar, um die Daten zu sichern. (0x80780048)
CodeIntegrity Errors:
===================================
Date: 2013-12-26 21:27:25.925
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-26 21:27:25.925
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-26 21:27:25.909
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-26 21:27:25.847
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-26 21:27:25.847
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-26 21:27:25.847
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-24 13:13:23.293
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-24 13:13:23.293
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-24 13:13:23.277
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-24 12:56:45.156
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 44%
Total physical RAM: 3893.49 MB
Available physical RAM: 2165.55 MB
Total Pagefile: 7785.16 MB
Available Pagefile: 5728.4 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB
==================== Drives ================================
Drive c: (Boot) (Fixed) (Total:555.07 GB) (Free:466.07 GB) NTFS
Drive d: (Recover) (Fixed) (Total:40 GB) (Free:13.22 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 596 GB) (Disk ID: C53648CD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=555 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)
==================== End Of Log ============================
[/CODE]
FRST 32-Bit | FRST 64-Bit
Lesestoff: