| Hulkster2013 | 26.10.2013 13:33 |
FRST
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-10-2013
Ran by ***** (administrator) on ***** on 26-10-2013 19:25:29
Running from C:\Users\*****.*****\AppData\Local\Evernote\Evernote\Databases\Attachments
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(AuthenTec, Inc) C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\devolo\dlan\devolonetsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Baidu Inc.) C:\Program Files\Baidu Security\PC App Store\3.8.12.2253\PCAppStoreSvc.exe
(Baidu Inc.) C:\Program Files\Baidu Security\PC Faster\3.7.0.0\PCFasterSvc.exe
() C:\Windows\system32\PnkBstrA.exe
() C:\Windows\system32\PnkBstrB.exe
(Protexis Inc.) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
() C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink Corp.) C:\Program Files\Hp\QuickPlay\QPService.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
() C:\Program Files\AIS\AutoDect.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Baidu Inc.) C:\Program Files\Baidu Security\PC Faster\3.7.0.0\PCFaster.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
() C:\Users\*****.*****\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe
() C:\Users\*****.*****\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\tv_w32.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files\Digiarty\Air_Playit\airplayit.exe
(BitTorrent, Inc.) D:\001. bit torrent\BTSync.exe
(Digiarty, Inc.) C:\Program Files\Digiarty\Air_Playit\AirPS.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
(AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\TouchControl.exe
(AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\BioMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files\Evernote\Evernote\Evernote.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files\Evernote\Evernote\EvernoteTray.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.)
HKLM\...\Run: [QPService] - C:\Program Files\HP\QuickPlay\QPService.exe [468264 2009-03-11] (CyberLink Corp.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [autodetect] - C:\Program Files\AIS\AutoDect.exe [129360 2010-07-05] ()
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-03] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [hpqSRMon] - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM\...\Run: [Nvtmru] - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM\...\Run: [Baidu PC Faster 3.7.0.0] - C:\Program Files\Baidu Security\PC Faster\3.7.0.0\PCFaster.exe [1808880 2013-09-25] (Baidu Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
HKCU\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
HKCU\...\Run: [AppsHat] - C:\Users\*****.*****\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe [202752 2012-10-26] ()
HKCU\...\Run: [AppleIEDAV] - C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe [1315144 2013-09-04] (Apple Inc.)
HKCU\...\Run: [FLV Player] - C:\Users\*****.*****\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe [202752 2012-10-26] ()
HKCU\...\Run: [Digiarty_Software_AirPlayit] - C:\Program Files\Digiarty\Air_Playit\airplayit.exe [10468672 2012-02-28] ()
HKCU\...\Run: [BitTorrent Sync] - D:\001. bit torrent\BTSync.exe [1538920 2013-10-14] (BitTorrent, Inc.)
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKCU\...\Runonce: [Uninstall C:\Users\*****.*****\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\*****.*****\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910"
HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\*****\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [ 2013-09-14] (Apple Inc.)
HKU\*****\...\Run: [ApplePhotoStreams] - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [ 2013-09-15] (Apple Inc.)
HKU\*****\...\Run: [Akamai NetSession Interface] - C:\Users\*****\AppData\Local\Akamai\netsession_win.exe [ 2013-06-05] (Akamai Technologies, Inc.)
HKU\*****\...\Run: [com.apple.dav.bookmarks.daemon] - C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
HKU\*****\...\Run: [Pando Media Booster] - C:\Program Files\Pando Networks\Media Booster\PMB.exe [ 2013-03-05] ()
HKU\*****\...\Run: [Badoo Desktop] - C:\ProgramData\Badoo\Badoo Desktop\1.6.58.1220\Badoo.Desktop.exe [ 2012-12-24] (Badoo)
HKU\*****\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2013-06-03] (Skype Technologies S.A.)
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\*****.*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\*****.*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1DBB408298A0CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKLM - DefaultScope {9FBD7A86-9040-4403-A5F3-2BAEE35D55CB} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM - {9FBD7A86-9040-4403-A5F3-2BAEE35D55CB} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP216B6698-FAB8-4722-8E64-2FB0727FA65F&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=TH&userid=416cca6a-07ef-4f8f-88f1-383e3dd1d277&searchtype=ds&q={searchTerms}&installDate=19/09/2013
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP216B6698-FAB8-4722-8E64-2FB0727FA65F&q={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.only-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=283C001E37BCC9CA&affID=126950&tsp=5037
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKCU - {9FBD7A86-9040-4403-A5F3-2BAEE35D55CB} URL = hxxp://www.sm.de/?q={searchTerms}
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: SelectionLinks - {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} - C:\Program Files\OApps\SelectionLinks.dll (SelectionLinks)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - QuickShare Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {4E1318B0-53F0-4274-99FB-F5621625340D} hxxp://operaapp/installOperaPrintCtrl.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {DAAC8ECF-DB09-4821-8126-E2C9499A20BA} hxxp://operaapp/installregterm.exe
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 02 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 03 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 04 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 05 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 06 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 07 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 08 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 09 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 10 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 11 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 14 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 15 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 16 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 17 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 18 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 19 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 20 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 21 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 22 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 23 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 24 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 25 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 26 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 27 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 28 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 29 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 30 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 31 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 32 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 33 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 34 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 35 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 36 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 37 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 38 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 39 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 40 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 41 mswsock.dll File Not found (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\*****.*****\AppData\Roaming\Mozilla\Firefox\Profiles\rsv2lh3t.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\*****.*****\AppData\Roaming\Mozilla\Firefox\Profiles\rsv2lh3t.default\searchplugins\search_engine.xml
FF SearchPlugin: C:\Users\*****.*****\AppData\Roaming\Mozilla\Firefox\Profiles\rsv2lh3t.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\fcmdSrchdesktop.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@babylon.com
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKCU\...\Firefox\Extensions: [{a9dd2140-08b7-49ac-84e3-3b1b7bdc5f8f}] - C:\Program Files\a2zlyr\131.xpi
Chrome:
=======
CHR Extension: (QuickShare Widget) - C:\Users\SVENOL~1.SVE\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0
CHR Extension: (LinkedIn) - C:\Users\SVENOL~1.SVE\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmcnjkffdmaokilmcjkplkofhgakbnhk\0.95_0
CHR Extension: (HDvid Codec 3) - C:\Users\SVENOL~1.SVE\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnllcmllkjofnojidnaknldfehfhehoo\3.0_0
CHR Extension: (Video Downloader professional) - C:\Users\SVENOL~1.SVE\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil\1.97.37_0
CHR Extension: (Silver Bird) - C:\Users\SVENOL~1.SVE\AppData\Local\Google\Chrome\User Data\Default\Extensions\encaiiljifbdbjlphpgpiimidegddhic\1.9.10.2_0
CHR Extension: (Facebook for Chrome) - C:\Users\SVENOL~1.SVE\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdalhedleemkkdjddjgfjmcnbpejpapp\6.3.1_0
CHR Extension: () - C:\Users\SVENOL~1.SVE\AppData\Local\Google\Chrome\User Data\Default\Extensions\goficmpcgcnombioohjcgdhbaloknabb\5.0.1.27_0
CHR Extension: (Cool Clock) - C:\Users\SVENOL~1.SVE\AppData\Local\Google\Chrome\User Data\Default\Extensions\icegcmhgphfkgglbljbkdegiaaihifce\3.0.1.2_0
CHR Extension: (Start!) - C:\Users\SVENOL~1.SVE\AppData\Local\Google\Chrome\User Data\Default\Extensions\iniabgbbmccaomaocmhcfioahgipigbh\1.0.12_0
CHR Extension: (Top Eleven) - C:\Users\SVENOL~1.SVE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljphpjlafmmdmegmfbkacafhbegjfkkn\2.0.0.4_0
CHR Extension: (FlashControl) - C:\Users\SVENOL~1.SVE\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe\3.3.15_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\SVENOL~1.SVE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\SVENOL~1.SVE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_1
CHR HKLM\...\Chrome\Extension: [ciljpgjahkpnilhbolpaphfjhlejnplm] - C:\Program Files\a2zlyr\131.crx
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx
CHR HKLM\...\Chrome\Extension: [leocdeigfnkaojcapikdjcdbedcjmffc] - C:\Users\SVENOL~1\AppData\Local\Temp\crx5B4B.tmp
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
========================== Services (Whitelisted) =================
R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-09-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-03] (Avira Operations GmbH & Co. KG)
R2 DevoloNetworkService; C:\Program Files\devolo\dlan\devolonetsvc.exe [2231616 2010-07-20] ()
R2 FPLService; C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe [265576 2012-08-30] (AuthenTec, Inc)
R3 hpqcxs08; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll [253568 2009-11-18] (Hewlett-Packard Co.)
R2 hpqddsvc; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll [137344 2009-11-18] (Hewlett-Packard Co.)
R2 HPSLPSVC; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-20] (Hewlett-Packard Co.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 npggsvc; C:\Windows\system32\GameMon.des [4005936 2011-06-06] (INCA Internet Co., Ltd.)
R2 PCAppStoreSvc_{PCAppStore_3.8.12.2253}; C:\Program Files\Baidu Security\PC App Store\3.8.12.2253\PCAppStoreSvc.exe [549408 2013-10-11] (Baidu Inc.)
R2 PCFasterSvc_{PCFaster_3.7.0.0}; C:\Program Files\Baidu Security\PC Faster\3.7.0.0\PCFasterSvc.exe [639168 2013-09-25] (Baidu Inc.)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75064 2011-08-07] ()
R2 PnkBstrB; C:\Windows\system32\PnkBstrB.exe [189248 2011-08-07] ()
R2 QPCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [292216 2009-01-12] ()
R2 QPSched; C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [116080 2009-01-12] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [254552 2012-09-11] ()
U2 *etadpug; "C:\Program Files\Google\Desktop\Install\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\ \...\???\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136672 2013-09-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-29] (Avira Operations GmbH & Co. KG)
R0 Bhbase; C:\Windows\System32\drivers\Bhbase.sys [47456 2013-09-03] (Baidu, Inc.)
R1 BprotectEx; C:\Windows\System32\drivers\BprotectEx.sys [95552 2013-09-03] (Baidu, Inc.)
R3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [7168 2007-07-11] (Hewlett-Packard Development Company, L.P.)
S3 KOBCCEX; C:\Windows\System32\drivers\KOBCCEX.sys [23424 2009-10-08] (KOBIL Systems GmbH)
S3 KOBCCID; C:\Windows\System32\drivers\KOBCCID.sys [84352 2009-10-08] (KOBIL Systems GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-10-26] (Malwarebytes Corporation)
R2 NPF_devolo; C:\Windows\system32\drivers\npf_devolo.sys [35840 2010-06-10] (CACE Technologies)
S3 NPPTNT2; C:\Windows\system32\npptNT2.sys [4682 2005-01-02] (INCA Internet Co., Ltd.)
R3 PCFApiUtil; C:\Program Files\Baidu Security\PC Faster\3.7.0.0\PCFApiUtil.sys [111264 2013-09-02] (Baidu, Inc.)
S1 prodrv06; C:\Windows\System32\drivers\prodrv06.sys [80576 2004-10-07] (Protection Technology)
S0 prohlp02; C:\Windows\System32\drivers\prohlp02.sys [115744 2004-10-07] (Protection Technology)
S0 prosync1; C:\Windows\System32\drivers\prosync1.sys [7040 2004-07-19] (Protection Technology)
S0 sfhlp01; C:\Windows\System32\drivers\sfhlp01.sys [4832 2003-12-01] (Protection Technology)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-02-26] (Avira GmbH)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)
S3 XDva401; \??\C:\Windows\system32\XDva401.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-26 19:24 - 2013-10-26 19:24 - 00000000 ___DC C:\FRST
2013-10-26 04:25 - 2013-10-26 04:25 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2013-10-26 02:34 - 2013-10-26 02:34 - 00000000 ____D C:\Users\*****.*****\AppData\Roaming\HpUpdate
2013-10-26 00:45 - 2013-10-26 18:39 - 103108672 _____ C:\Windows\system32\�ᵌ]
2013-10-25 21:43 - 2013-10-25 21:43 - 17813896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2013-10-25 21:02 - 2013-10-25 21:02 - 00000056 _____ C:\Windows\setupact.log
2013-10-25 21:02 - 2013-10-25 21:02 - 00000000 _____ C:\Windows\setuperr.log
2013-10-25 21:01 - 2013-10-25 21:01 - 00422902 _____ C:\Windows\PFRO.log
2013-10-25 21:00 - 2013-10-26 02:04 - 1227751422 ____C C:\avenger.txt
2013-10-25 21:00 - 2013-10-25 21:00 - 00000000 ___DC C:\Avenger
2013-10-25 20:34 - 2013-10-25 20:34 - 00001029 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-25 20:34 - 2013-10-25 20:34 - 00000000 ____D C:\Users\*****.*****\AppData\Roaming\Malwarebytes
2013-10-25 20:34 - 2013-10-25 20:34 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-25 20:34 - 2013-10-25 20:34 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-25 20:34 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-25 20:15 - 2013-10-25 20:15 - 00001634 _____ C:\Users\*****.*****\Documents\cc_20131025_201507.reg
2013-10-25 19:56 - 2013-10-25 19:56 - 102975063 _____ C:\Windows\system32\黸뤱ᵌe
2013-10-25 19:50 - 2013-10-25 19:50 - 00000000 __SHD C:\Windows\system32\%APPDATA%
2013-10-25 19:02 - 2013-10-25 19:02 - 00026900 _____ C:\Users\*****.*****\Documents\cc_20131025_190204.reg
2013-10-25 18:57 - 2013-10-25 18:57 - 00001715 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-25 18:56 - 2013-10-25 18:57 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-10-25 18:56 - 2013-10-25 18:57 - 00000000 ____D C:\Program Files\iTunes
2013-10-25 18:56 - 2013-10-25 18:56 - 00000000 ____D C:\Program Files\iPod
2013-10-22 22:05 - 2013-10-22 22:05 - 00000000 ____D C:\ProgramData\Oracle
2013-10-22 22:05 - 2013-10-22 22:05 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-22 21:29 - 2013-10-22 21:29 - 00000000 ____D C:\Windows\system32\SearchProtect
2013-10-20 20:06 - 2013-10-20 20:06 - 00000000 ____D C:\Users\*****.*****\AppData\Local\Macromedia
2013-10-16 23:59 - 2013-10-17 00:00 - 00327408 _____ C:\Users\*****.*****\Downloads\voxware-metasound-audio-codec-windows-downloader.exe
2013-10-16 23:53 - 2013-10-16 23:54 - 00000000 ____D C:\Users\*****.*****\AppData\Roaming\vlc
2013-10-16 23:52 - 2013-10-25 18:46 - 00000000 ____D C:\Program Files\VideoLAN
2013-10-16 23:52 - 2013-10-16 23:52 - 00001212 _____ C:\Users\*****.*****\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
2013-10-16 23:32 - 2013-10-16 23:45 - 25132744 _____ C:\Users\*****.*****\Downloads\vlc-2.1.0-win32.exe
2013-10-16 23:23 - 2013-10-24 03:30 - 00006825 _____ C:\Users\*****.*****\daemonprocess.txt
2013-10-16 23:23 - 2013-10-19 21:06 - 00000000 ____D C:\Users\*****.*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hao123
2013-10-16 23:23 - 2013-10-16 23:38 - 00000000 ____D C:\Users\*****.*****\AppData\Local\Mobogenie
2013-10-16 23:23 - 2013-10-16 23:23 - 00000000 ____D C:\Users\*****.*****\Documents\Mobogenie
2013-10-16 23:23 - 2013-10-16 23:23 - 00000000 ____D C:\Users\*****.*****\AppData\Roaming\baidu
2013-10-16 23:23 - 2013-10-16 23:23 - 00000000 ____D C:\Users\*****.*****\AppData\Local\cache
2013-10-16 23:17 - 2013-10-19 21:07 - 00000000 ____D C:\Program Files\ReviverSoft
2013-10-16 23:17 - 2013-10-16 23:17 - 00000000 ____D C:\Windows\system32\C2MP
2013-10-16 23:09 - 2013-10-26 00:32 - 00000000 ____D C:\Users\*****.*****\AppData\Roaming\Standard
2013-10-16 23:09 - 2013-10-26 00:15 - 00000000 ____D C:\Program Files\Shark007
2013-10-16 23:08 - 2013-10-26 00:31 - 00000000 ____D C:\ProgramData\Standard
2013-10-16 23:03 - 2013-10-16 23:05 - 16545226 _____ C:\Users\*****.*****\Downloads\32bit_Standard_v172.exe
2013-10-16 22:56 - 2013-10-25 19:15 - 00000000 ____D C:\Users\*****.*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\x264 Video Codec
2013-10-16 22:56 - 2013-10-25 19:15 - 00000000 ____D C:\Program Files\x264 Video Codec
2013-10-16 03:54 - 2013-10-16 03:54 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cec9e8c76a70af.job
2013-10-14 23:37 - 2013-10-14 23:37 - 00000000 ____D C:\Users\*****.*****\AppData\Roaming\Mozilla
2013-10-14 23:37 - 2013-10-14 23:37 - 00000000 ____D C:\Users\*****.*****\AppData\Local\Mozilla
2013-10-14 22:47 - 2013-10-14 22:47 - 00000000 ____D C:\Users\*****.*****\BTSync
2013-10-14 22:46 - 2013-10-26 19:08 - 00000000 ____D C:\Users\*****.*****\AppData\Roaming\BitTorrent Sync
2013-10-14 22:46 - 2013-10-26 00:15 - 00000000 ____D C:\Program Files\SearchProtect
2013-10-14 22:46 - 2013-10-14 22:47 - 00000000 ____D C:\Users\*****.*****\AppData\Local\SearchProtect
2013-10-14 22:45 - 2013-10-25 20:58 - 00000000 ____D C:\Users\*****.*****\AppData\Roaming\BitTorrent
2013-10-14 22:45 - 2013-10-14 22:45 - 00000883 _____ C:\Users\*****.*****\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2013-10-14 22:44 - 2013-10-14 22:44 - 01127000 _____ (BitTorrent Inc.) C:\Users\*****.*****\Downloads\BitTorrent_7.8.2_b30182.exe
2013-10-11 23:43 - 2013-08-29 08:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-10-11 23:43 - 2013-08-29 08:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-11 23:43 - 2013-08-29 08:50 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-11 23:43 - 2013-08-29 08:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-11 23:43 - 2013-08-29 08:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-10 03:13 - 2013-09-22 17:22 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-10 03:13 - 2013-09-22 17:13 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-10 03:13 - 2013-09-22 17:09 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-10 03:13 - 2013-09-22 17:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-10-10 03:13 - 2013-09-22 17:07 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-10 03:13 - 2013-09-22 17:06 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-10-10 03:13 - 2013-09-22 17:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-10 03:13 - 2013-09-22 17:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-10 03:13 - 2013-09-22 17:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-10-10 03:13 - 2013-09-22 16:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-10 03:12 - 2013-09-22 17:29 - 12336128 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-10 03:12 - 2013-09-22 17:22 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-10 03:12 - 2013-09-22 17:14 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-10-10 03:12 - 2013-09-22 17:13 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-10 03:12 - 2013-09-22 17:12 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-10-10 03:12 - 2013-09-22 17:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-10 00:53 - 2013-09-14 07:48 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-10 00:53 - 2013-09-08 09:07 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-10 00:53 - 2013-09-08 09:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-10 00:33 - 2013-09-04 08:15 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-10 00:33 - 2013-09-04 08:14 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-10 00:33 - 2013-09-04 08:14 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-10 00:33 - 2013-09-04 08:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-10 00:33 - 2013-09-04 08:14 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-10 00:33 - 2013-09-04 08:14 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-10 00:33 - 2013-09-04 08:14 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-10 00:33 - 2013-07-04 18:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-10 00:33 - 2013-07-03 11:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-10 00:33 - 2013-07-03 10:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-10 00:33 - 2013-07-03 10:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-10 00:32 - 2013-08-28 08:04 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-10 00:32 - 2013-08-28 07:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-10 00:32 - 2013-08-01 18:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-10 00:32 - 2013-07-20 17:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 00:32 - 2013-07-12 17:08 - 00146816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-10 00:32 - 2013-07-12 17:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-10 00:32 - 2013-07-04 18:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-10 00:32 - 2013-07-04 18:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-10 00:32 - 2013-07-04 16:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-10 00:32 - 2013-06-26 05:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-10 00:32 - 2013-06-06 11:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-10 00:32 - 2013-06-06 11:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-10 00:32 - 2013-06-06 11:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-10 00:32 - 2013-06-06 10:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-10 00:32 - 2013-06-06 10:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-08 22:05 - 2013-10-08 22:20 - 00000000 ____D C:\Users\*****.*****\AppData\Roaming\Digiarty
2013-10-08 22:05 - 2013-10-08 22:05 - 00000000 ____D C:\Program Files\Digiarty
2013-10-08 21:54 - 2013-10-08 21:56 - 11274056 _____ (Digiarty ) C:\Users\*****.*****\Downloads\airplayitserver_setup.exe
2013-10-08 20:29 - 2013-10-08 20:29 - 00001050 _____ C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-10-01 22:43 - 2013-10-19 19:09 - 00000000 ____D C:\Users\*****.*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
2013-09-26 23:54 - 2013-09-26 23:55 - 00000000 ____D C:\Users\*****.*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player
==================== One Month Modified Files and Folders =======
2013-10-26 19:24 - 2013-10-26 19:24 - 00000000 ___DC C:\FRST
2013-10-26 19:21 - 2013-06-07 13:41 - 00001114 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-26 19:08 - 2013-10-14 22:46 - 00000000 ____D C:\Users\*****.*****\AppData\Roaming\BitTorrent Sync
2013-10-26 18:59 - 2013-07-02 16:59 - 00000314 _____ C:\Windows\Tasks\Dealply.job
2013-10-26 18:58 - 2013-08-24 12:45 - 00002254 _____ C:\Users\*****.*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2013-10-26 18:58 - 2013-07-02 16:36 - 00000000 ___RD C:\Users\*****.*****\SkyDrive
2013-10-26 18:55 - 2013-08-26 13:40 - 00000000 ____D C:\Users\*****.*****\AppData\Local\3DE2F1A9-50B9-4183-A62C-A34698E8A191.aplzod
2013-10-26 18:53 - 2012-04-04 22:18 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-26 18:39 - 2013-10-26 00:45 - 103108672 _____ C:\Windows\system32\�ᵌ]
2013-10-26 04:41 - 2013-06-05 12:30 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-26 04:25 - 2013-10-26 04:25 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2013-10-26 02:34 - 2013-10-26 02:34 - 00000000 ____D C:\Users\*****.*****\AppData\Roaming\HpUpdate
2013-10-26 02:04 - 2013-10-25 21:00 - 1227751422 ____C C:\avenger.txt
2013-10-26 00:32 - 2013-10-16 23:09 - 00000000 ____D C:\Users\*****.*****\AppData\Roaming\Standard
2013-10-26 00:32 - 2013-08-24 12:33 - 00000000 ____D C:\Users\Administrator
2013-10-26 00:32 - 2013-08-24 11:41 - 00000000 ____D C:\Users\sveno
2013-10-26 00:32 - 2013-08-24 11:36 - 00000000 ____D C:\Users\taweepornp
2013-10-26 00:32 - 2011-08-03 02:40 - 00000000 ____D C:\Users\*****
2013-10-26 00:31 - 2013-10-16 23:08 - 00000000 ____D C:\ProgramData\Standard
2013-10-26 00:31 - 2013-09-15 16:05 - 00000000 ____D C:\Users\*****.*****\AppData\Local\QuickPlay
2013-10-26 00:31 - 2012-09-19 02:14 - 00000000 ____D C:\Program Files\GIMP 2
2013-10-26 00:30 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\registration
2013-10-26 00:15 - 2013-10-16 23:09 - 00000000 ____D C:\Program Files\Shark007
2013-10-26 00:15 - 2013-10-14 22:46 - 00000000 ____D C:\Program Files\SearchProtect
2013-10-25 21:43 - 2013-10-25 21:43 - 17813896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2013-10-25 21:43 - 2012-04-04 22:18 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-10-25 21:43 - 2011-08-03 03:05 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-10-25 21:22 - 2011-08-05 17:00 - 00000249 _____ C:\ProgramData\hpqp.ini
2013-10-25 21:11 - 2009-07-14 11:34 - 00020304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-25 21:11 - 2009-07-14 11:34 - 00020304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-25 21:02 - 2013-10-25 21:02 - 00000056 _____ C:\Windows\setupact.log
2013-10-25 21:02 - 2013-10-25 21:02 - 00000000 _____ C:\Windows\setuperr.log
2013-10-25 21:02 - 2011-08-05 14:06 - 00000000 ____D C:\Program Files\Common Files\Akamai
2013-10-25 21:02 - 2009-07-14 11:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-25 21:01 - 2013-10-25 21:01 - 00422902 _____ C:\Windows\PFRO.log
2013-10-25 21:00 - 2013-10-25 21:00 - 00000000 ___DC C:\Avenger
2013-10-25 21:00 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\PLA
2013-10-25 20:58 - 2013-10-14 22:45 - 00000000 ____D C:\Users\*****.*****\AppData\Roaming\BitTorrent
2013-10-25 20:56 - 2013-06-06 20:58 - 00000000 ____D C:\Users\*****\AppData\Roaming\DefaultTab
2013-10-25 20:36 - 2010-11-21 04:01 - 01642112 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-25 20:34 - 2013-10-25 20:34 - 00001029 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-25 20:34 - 2013-10-25 20:34 - 00000000 ____D C:\Users\*****.*****\AppData\Roaming\Malwarebytes
2013-10-25 20:34 - 2013-10-25 20:34 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-25 20:34 - 2013-10-25 20:34 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-25 20:15 - 2013-10-25 20:15 - 00001634 _____ C:\Users\*****.*****\Documents\cc_20131025_201507.reg
2013-10-25 19:57 - 2011-08-07 19:20 - 00000000 ____D C:\Program Files\Steam
2013-10-25 19:56 - 2013-10-25 19:56 - 102975063 _____ C:\Windows\system32\黸뤱ᵌe
2013-10-25 19:55 - 2013-07-02 16:57 - 00000000 ____D C:\Program Files\DealPly
2013-10-25 19:50 - 2013-10-25 19:50 - 00000000 __SHD C:\Windows\system32\%APPDATA%
2013-10-25 19:15 - 2013-10-16 22:56 - 00000000 ____D C:\Users\*****.*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\x264 Video Codec
2013-10-25 19:15 - 2013-10-16 22:56 - 00000000 ____D C:\Program Files\x264 Video Codec
2013-10-25 19:07 - 2011-08-23 17:06 - 00000000 ____D C:\Windows\Downloaded Installations
2013-10-25 19:02 - 2013-10-25 19:02 - 00026900 _____ C:\Users\*****.*****\Documents\cc_20131025_190204.reg
2013-10-25 18:57 - 2013-10-25 18:57 - 00001715 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-25 18:57 - 2013-10-25 18:56 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-10-25 18:57 - 2013-10-25 18:56 - 00000000 ____D C:\Program Files\iTunes
2013-10-25 18:56 - 2013-10-25 18:56 - 00000000 ____D C:\Program Files\iPod
2013-10-25 18:56 - 2011-08-03 05:23 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-10-25 18:46 - 2013-10-16 23:52 - 00000000 ____D C:\Program Files\VideoLAN
2013-10-25 18:40 - 2013-08-24 11:58 - 00000022 _____ C:\Windows\system32\.zip
2013-10-25 18:39 - 2013-08-24 12:45 - 00000000 ____D C:\Users\*****.*****
2013-10-24 03:30 - 2013-10-16 23:23 - 00006825 _____ C:\Users\*****.*****\daemonprocess.txt
2013-10-24 00:32 - 2011-08-03 02:47 - 00000000 ____D C:\Windows\Panther
2013-10-22 22:05 - 2013-10-22 22:05 - 00000000 ____D C:\ProgramData\Oracle
2013-10-22 22:05 - 2013-10-22 22:05 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-22 21:29 - 2013-10-22 21:29 - 00000000 ____D C:\Windows\system32\SearchProtect
2013-10-20 20:06 - 2013-10-20 20:06 - 00000000 ____D C:\Users\*****.*****\AppData\Local\Macromedia
2013-10-19 21:07 - 2013-10-16 23:17 - 00000000 ____D C:\Program Files\ReviverSoft
2013-10-19 21:06 - 2013-10-16 23:23 - 00000000 ____D C:\Users\*****.*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hao123
2013-10-19 21:02 - 2013-07-30 11:18 - 00000000 ____D C:\Program Files\Ashampoo
2013-10-19 19:24 - 2013-06-07 13:42 - 00002131 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-19 19:09 - 2013-10-01 22:43 - 00000000 ____D C:\Users\*****.*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
2013-10-19 19:08 - 2013-08-31 16:23 - 00000000 ____D C:\Users\*****.*****\AppData\Local\WebPlayer
2013-10-19 19:00 - 2013-06-07 13:41 - 00000000 ____D C:\Program Files\Google
2013-10-19 18:56 - 2013-08-24 13:40 - 00000000 ____D C:\Users\*****.*****\AppData\Local\Google
2013-10-17 00:04 - 2013-08-31 14:45 - 00000000 ____D C:\Users\*****.*****\AppData\Roaming\WinRAR
2013-10-17 00:00 - 2013-10-16 23:59 - 00327408 _____ C:\Users\*****.*****\Downloads\voxware-metasound-audio-codec-windows-downloader.exe
2013-10-16 23:54 - 2013-10-16 23:53 - 00000000 ____D C:\Users\*****.*****\AppData\Roaming\vlc
2013-10-16 23:52 - 2013-10-16 23:52 - 00001212 _____ C:\Users\*****.*****\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
2013-10-16 23:45 - 2013-10-16 23:32 - 25132744 _____ C:\Users\*****.*****\Downloads\vlc-2.1.0-win32.exe
2013-10-16 23:38 - 2013-10-16 23:23 - 00000000 ____D C:\Users\*****.*****\AppData\Local\Mobogenie
2013-10-16 23:23 - 2013-10-16 23:23 - 00000000 ____D C:\Users\*****.*****\Documents\Mobogenie
2013-10-16 23:23 - 2013-10-16 23:23 - 00000000 ____D C:\Users\*****.*****\AppData\Roaming\baidu
2013-10-16 23:23 - 2013-10-16 23:23 - 00000000 ____D C:\Users\*****.*****\AppData\Local\cache
2013-10-16 23:18 - 2009-07-14 09:37 - 00000000 ___RD C:\Users\Public
2013-10-16 23:17 - 2013-10-16 23:17 - 00000000 ____D C:\Windows\system32\C2MP
2013-10-16 23:05 - 2013-10-16 23:03 - 16545226 _____ C:\Users\*****.*****\Downloads\32bit_Standard_v172.exe
2013-10-16 22:58 - 2013-09-25 22:47 - 00000000 ____D C:\Users\*****.*****\AppData\Roaming\DivX
2013-10-16 03:54 - 2013-10-16 03:54 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cec9e8c76a70af.job
2013-10-15 22:43 - 2013-08-24 12:46 - 00000932 __RSH C:\Users\*****.*****\ntuser.pol
2013-10-14 23:37 - 2013-10-14 23:37 - 00000000 ____D C:\Users\*****.*****\AppData\Roaming\Mozilla
2013-10-14 23:37 - 2013-10-14 23:37 - 00000000 ____D C:\Users\*****.*****\AppData\Local\Mozilla
2013-10-14 22:47 - 2013-10-14 22:47 - 00000000 ____D C:\Users\*****.*****\BTSync
2013-10-14 22:47 - 2013-10-14 22:46 - 00000000 ____D C:\Users\*****.*****\AppData\Local\SearchProtect
2013-10-14 22:45 - 2013-10-14 22:45 - 00000883 _____ C:\Users\*****.*****\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2013-10-14 22:44 - 2013-10-14 22:44 - 01127000 _____ (BitTorrent Inc.) C:\Users\*****.*****\Downloads\BitTorrent_7.8.2_b30182.exe
2013-10-12 03:17 - 2013-09-12 15:38 - 00000000 ____D C:\Users\*****.*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster
2013-10-11 23:14 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-11 23:01 - 2011-08-03 03:51 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-11 23:01 - 2009-07-14 11:33 - 00418096 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-11 02:23 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-10-10 03:17 - 2011-08-03 02:58 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-10 03:12 - 2013-07-25 10:18 - 00000000 ____D C:\Windows\system32\MRT
2013-10-10 03:06 - 2011-08-03 03:00 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-08 22:20 - 2013-10-08 22:05 - 00000000 ____D C:\Users\*****.*****\AppData\Roaming\Digiarty
2013-10-08 22:05 - 2013-10-08 22:05 - 00000000 ____D C:\Program Files\Digiarty
2013-10-08 21:56 - 2013-10-08 21:54 - 11274056 _____ (Digiarty ) C:\Users\*****.*****\Downloads\airplayitserver_setup.exe
2013-10-08 20:29 - 2013-10-08 20:29 - 00001050 _____ C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-09-26 23:55 - 2013-09-26 23:54 - 00000000 ____D C:\Users\*****.*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player
Files to move or delete:
====================
ZeroAccess:
C:\Users\*****.*****\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files\Google\Desktop\Install
C:\ProgramData\DVD.exe
C:\ProgramData\Games.exe
C:\ProgramData\Karaoke.exe
C:\ProgramData\MobileTV.exe
C:\ProgramData\MPV.exe
Some content of TEMP:
====================
C:\Users\*****.*****\AppData\Local\Temp\bi_cleaner.exe
C:\Users\*****.*****\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\*****.*****\AppData\Local\Temp\uninst1.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
C:\Program Files\Microsoft Security Client\Antimalware => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client
LastRegBack: 2012-08-16 19:17
==================== End Of Log ============================
--- --- ---
Addition Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-10-2013
Ran by ***** at 2013-10-26 19:28:47
Running from C:\Users\*****.*****\AppData\Local\Evernote\Evernote\Databases\Attachments
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
32 Bit HP CIO Components Installer (Version: 7.1.8)
7-Zip 9.20
Adobe Acrobat 4.0
Adobe AIR (Version: 2.7.1.19610)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
AIO_CDB_Software (Version: 130.0.365.000)
AIO_Scan (Version: 130.0.421.000)
Air Playit 2.0.0
AIS (Version: 1.0.0.1)
Akamai NetSession Interface Service
Alliance of Valiant Arms
Avira Free Antivirus (Version: 13.0.0.4052)
Badoo Desktop (Version: 1.6.58.1220)
Baidu PC Faster (Version: 3.7.1.43557)
BitTorrent (HKCU Version: 7.8.1.30016)
BitTorrent Sync (Version: 1.1.74)
Blacklight: Retribution
Brink
BufferChm (Version: 140.0.212.000)
Canon SELPHY CP800
CCleaner (Version: 4.03)
CMS
Copy (Version: 140.0.212.000)
Corel Graphics - Windows Shell Extension (Version: 15.1.0.588)
CorelDRAW Graphics Suite X5 - Capture (Version: 15.1)
CorelDRAW Graphics Suite X5 - Common (Version: 15.1)
CorelDRAW Graphics Suite X5 - Connect (Version: 15.1)
CorelDRAW Graphics Suite X5 - Custom Data (Version: 15.1)
CorelDRAW Graphics Suite X5 - DE (Version: 15.1)
CorelDRAW Graphics Suite X5 - Draw (Version: 15.1)
CorelDRAW Graphics Suite X5 - Filters (Version: 15.1)
CorelDRAW Graphics Suite X5 - FontNav (Version: 15.1)
CorelDRAW Graphics Suite X5 - PHOTO-PAINT (Version: 15.1)
CorelDRAW Graphics Suite X5 - Photozoom Plugin (Version: 15.0)
CorelDRAW Graphics Suite X5 - Redist (Version: 15.0)
CorelDRAW Graphics Suite X5 - Setup Files (Version: 15.1)
CorelDRAW Graphics Suite X5 - VBA (Version: 15.1)
CorelDRAW Graphics Suite X5 - VideoBrowser (Version: 15.1)
CorelDRAW Graphics Suite X5 - VSTA (Version: 15.1)
CorelDRAW Graphics Suite X5 (Version: 15.1)
CorelDRAW(R) Graphics Suite X5 (Version: 15.1.0.588)
Crossfire Europe (Version: 1.144)
CyberLink PowerDirector 11 (Version: 11.0.0.2418)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DeviceDiscovery (Version: 140.0.212.000)
devolo dLAN Cockpit (Version: 1.0)
DirectX for Managed Code Update (Summer 2004) (Version: 9.02.2904)
DirectX Media Runtime 5.2b
DiskPlayer (Version: 1.0)
DivX-Setup (Version: 2.6.1.44)
DJ_AIO_06_K209a-z_SW_Min (Version: 140.0.690.000)
DocProc (Version: 13.0.0.0)
Erotic Empire (Version: Erotic Empire 1.05)
Fax (Version: 130.0.418.000)
FLV Player (HKCU Version: 1.0)
Fotogalerie (Version: 16.4.3508.0205)
Foxit Reader 5.0 (Version: 5.0.2.718)
Free DWG Viewer 7.1 (Version: 7.1)
Free Video to iPad Converter version 5.0.24.430 (Version: 5.0.24.430)
FUSSBALL MANAGER 13 (Version: 1.0.3.0)
Ghostscript GPL 8.64 (Msi Setup) (Version: 8.64)
GIMP 2.8.4 (Version: 2.8.4)
Google Chrome (Version: 30.0.1599.101)
Google Update Helper (Version: 1.3.21.165)
GPBaseService2 (Version: 140.0.211.000)
Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (Version: 1)
HP Customer Participation Program 14.0 (Version: 14.0)
HP Deskjet Ink Advant K209a-z All-in-One Driver Software 14.0 Rel. 6 (Version: 14.0)
HP Imaging Device Functions 14.0 (Version: 14.0)
HP Photosmart Essential 3.5 (Version: 3.5)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (Version: 13.0)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 14.0 (Version: 14.0)
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000)
HPPhotosmartEssential (Version: 2.04.0000)
HPProductAssistant (Version: 140.0.212.000)
HPSSupply (Version: 140.0.211.000)
iCloud (Version: 3.0.2.163)
iLivid (Version: 4.0.0.3276)
Junk Mail filter update (Version: 16.4.3508.0205)
K209a-z (Version: 140.0.690.000)
KWHotel Free EN (0.41.50) (Version: 0.41.50.0)
LINE (Version: 3.1.7.10)
LinkedIn Outlook Connector (Version: 1.1.10.0)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
MarketResearch (Version: 140.0.212.000)
Micros Fidelio Opera Print Control
Micros Fidelio Opera Print Utility
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft .NET Framework 4.5 DEU Language Pack (Version: 4.5.50709)
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office Access 2003 Runtime (Version: 11.0.8173.0)
Microsoft Office Home and Business 2010 (Version: 14.0.7015.1000)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Outlook Social Connector Provider for Facebook 32-bit (Version: 14.0.5117.5000)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (Version: 14.0.5120.5000)
Microsoft Report Viewer Redistributable 2005
Microsoft Report Viewer Redistributable 2005 (Version: 8.0.56405)
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0)
Microsoft SkyDrive (HKCU Version: 17.0.2015.0811)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (Version: 11.0.51106.1)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU (Version: 9.0.30729)
MobileMe Control Panel (Version: 3.1.8.0)
Movie Maker (Version: 16.4.3508.0205)
Mozilla Firefox 22.0 (x86 de) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NetSurveillance
Network (Version: 130.0.572.000)
Newblue Art Effects for PowerDirector (Version: 2.0)
NVIDIA 3D Vision Controller Driver (Version: 275.33)
NVIDIA 3D Vision Controller-Treiber 320.49 (Version: 320.49)
NVIDIA GeForce Experience 1.5 (Version: 1.5)
NVIDIA Grafiktreiber 320.49 (Version: 320.49)
NVIDIA Install Application (Version: 2.1002.124.810)
NVIDIA PhysX-Systemsoftware 9.13.0604 (Version: 9.13.0604)
NVIDIA Systemsteuerung 320.49 (Version: 320.49)
NVIDIA Update 4.11.9 (Version: 4.11.9)
NVIDIA Update Components (Version: 4.11.9)
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
Opera JinitCheck Control
Opera Register Terminal
Origin (Version: 9.0.11.77)
Pando Media Booster (Version: 2.6.0.8)
PDF24 Creator 5.2.0
Photo Common (Version: 16.4.3508.0205)
Photo Gallery (Version: 16.4.3508.0205)
Photo to Movie 5.0 (Version: 5.0.704)
Prime Time
PunkBuster Services (Version: 0.989)
QuickShare (Version: 1.146.60.12450)
RICOH Media Driver (Version: 2.10.00.04)
Scan (Version: 140.0.80.000)
Search Protect (Version: 2.7.14.4)
SelectionLinks (Version: 1.0)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Shop for HP Supplies (Version: 14.0)
SmartSound Quicktracks 5 (Version: 5.1.8)
SmartWebPrinting (Version: 140.0.186.000)
SolutionCenter (Version: 140.0.213.000)
Star Wars: The Old Republic (Version: 1.00)
Status (Version: 140.0.212.000)
Steam (Version: 1.0.0.0)
Supreme Ruler 2020 Gold 6.8.1
Synaptics Pointing Device Driver (Version: 15.3.29.0)
System Requirements Lab
TeamViewer 8 (Version: 8.0.22298)
The Guild II
The Guild II - Pirates of the European Seas
Toolbox (Version: 140.0.428.000)
TrayApp (Version: 140.0.212.000)
UnloadSupport (Version: 11.0.0)
Update for Microsoft .NET Framework 4.5 (KB2750147) (Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805221) (Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805226) (Version: 1)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition
Upgrade
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Veranstaltungsplaner Professional (Version: 1.2.0328)
Visual Basic for Applications (R) Core - English (Version: 6.4.99.69)
Visual Basic for Applications (R) Core - German (Version: 6.4.99.69)
Visual Basic for Applications (R) Core (Version: 6.4.99.69)
WebReg (Version: 140.0.212.017)
Windows 7 Codec Pack 4.0.8 (Version: 4.0.8)
Windows Live Communications Platform (Version: 16.4.3508.0205)
Windows Live Essentials (Version: 16.4.3508.0205)
Windows Live Family Safety (Version: 16.4.3508.0205)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (Version: 16.4.3508.0205)
Windows Live Mail (Version: 16.4.3508.0205)
Windows Live Messenger (Version: 16.4.3508.0205)
Windows Live MIME IFilter (Version: 16.4.3508.0205)
Windows Live Photo Common (Version: 16.4.3508.0205)
Windows Live PIMT Platform (Version: 16.4.3508.0205)
Windows Live SOXE (Version: 16.4.3508.0205)
Windows Live SOXE Definitions (Version: 16.4.3508.0205)
Windows Live UX Platform (Version: 16.4.3508.0205)
Windows Live UX Platform Language Pack (Version: 16.4.3508.0205)
Windows Live Writer (Version: 16.4.3508.0205)
Windows Live Writer Resources (Version: 16.4.3508.0205)
WinRAR 4.20 (32-bit) (Version: 4.20.0)
XING Connector 1.2 (Version: 1.2)
XnView 2.03 (Version: 2.03)
==================== Restore Points =========================
25-10-2013 14:12:53 Windows-Sicherung
==================== Hosts content: ==========================
2009-07-14 09:04 - 2009-06-11 04:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0048766B-9F06-433D-A059-82E890CF364F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-07] (Google Inc.)
Task: {1461BBC4-B70F-4CA4-9D0F-D6016CFC3BFB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {197F5155-4534-4EDD-863F-DB90A9A25EBF} - System32\Tasks\{2E107B58-58DB-4B13-AA48-65677E2C8180} => C:\Windows.old\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
Task: {1AC3E5A6-3855-4C35-A4FF-5359A6E325C7} - System32\Tasks\DealPlyLiveUpdateTaskMachineUA => C:\Program Files\DealPlyLive\Update\DealPlyLive.exe
Task: {1FD4ABEB-0783-4CDE-A2EA-5D584A9B2850} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] ()
Task: {2B5209F6-DBFF-480E-B713-B45815B21E1A} - System32\Tasks\Dealply => C:\Users\SVENOL~1\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE
Task: {2C6A7537-9581-444A-A24E-746D54C20E06} - System32\Tasks\{57CE8C34-9486-4745-B495-ACDBC541054A} => C:\Windows.old\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
Task: {2C759223-C2D9-4A62-8F73-1E91676A3FEF} - System32\Tasks\Express FilesUpdate => C:\Program Files\ExpressFiles\EFUpdater.exe
Task: {36F2706B-95FE-4A10-A3C1-A2C8B8CB37AA} - System32\Tasks\{E8ACF492-CEDA-441E-A8DB-A9ADB0E707E3} => C:\Windows.old\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
Task: {3B419D24-06B9-4C25-A20F-67651F5333A7} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe
Task: {3B7CBF3F-EDDA-45E5-A232-91C2F0BD0298} - System32\Tasks\HP online update program => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2009-11-18] (Hewlett-Packard)
Task: {45BAF49C-240A-4B94-8C2E-BDC8107D0DC5} - System32\Tasks\{A14E7258-B5EC-4EF4-B87B-D8D2FFC0525C} => C:\Windows.old\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
Task: {5C927D6B-CBF4-4969-AC2A-81EBCA378CC2} - System32\Tasks\{C0450D6E-0B05-45F8-A942-695CB6DA13AC} => C:\Windows.old\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
Task: {6072A469-7F7C-4711-9D01-4CF3067067C7} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {623DB8C3-87AD-47BA-8B3F-45D56C1DA798} - System32\Tasks\{51A2C2CE-88F3-4FAF-8577-80CE0350CA86} => C:\Windows.old\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
Task: {66A26901-5D35-4400-9718-C03E792EB4A1} - System32\Tasks\{A6DEF5AC-D062-4B96-AB67-D202ADF15E85} => C:\Windows.old\Program Files\Microsoft Office\Office12\SCANPST.EXE
Task: {75337090-85A3-4DBE-8658-5A3307F68793} - System32\Tasks\HDvid Codec V1-updater => C:\Program Files\HDvid Codec V1\HDvid Codec V1-updater.exe
Task: {7A099C55-0049-4740-8AD3-62910788F809} - \a2zLyrics Update No Task File
Task: {7D156311-7F91-4035-9E07-E66FF2BC13F4} - System32\Tasks\{AD6CED73-83B8-4558-A4E6-A960D532B3A7} => C:\Windows.old\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
Task: {81AF5D19-788F-4758-8703-E2BE4FD9680F} - System32\Tasks\HDvid Codec V1-codedownloader => C:\Program Files\HDvid Codec V1\HDvid Codec V1-codedownloader.exe
Task: {829A00FE-49DB-4A94-BA92-2B1BB1CB7681} - System32\Tasks\{0D1BE9AA-CC03-47A1-93AC-0D7B05205E65} => C:\Windows.old\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
Task: {8808CBA2-D56C-4996-BEC0-33C5C51BF9F9} - System32\Tasks\{01C9B6D2-B69A-452F-8E14-8A6663EB2693} => C:\Windows.old\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
Task: {914B9502-3EB8-4C1A-B61F-7D09A915D775} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-07] (Google Inc.)
Task: {9CF9698D-41C5-4EEC-98BE-4E98FDAF890D} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] ()
Task: {A9CFDC86-0EDD-4384-8ECC-8B1AB9F8F433} - System32\Tasks\{0AD67B08-70B9-404C-8F15-A4CF5919F2BC} => C:\Users\*****\Downloads\Dune II - The Building of a Dynasty\DUNE2\DUNE2.EXE
Task: {AA1F2E47-75B6-4A14-9B1B-90407A9A8AE3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-25] (Adobe Systems Incorporated)
Task: {ABC687CE-D6D9-4E8B-91DE-2E2CDD59825E} - System32\Tasks\{87A6789A-E292-44E9-AFE8-1302807E6A33} => C:\Windows.old\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
Task: {AD38B916-571A-40EF-B669-ACFF26D9914A} - System32\Tasks\HDvid Codec V1-enabler => C:\Program Files\HDvid Codec V1\HDvid Codec V1-enabler.exe
Task: {C44E9309-C873-42C3-9415-14E2C12389D3} - System32\Tasks\Baidu PC Faster Update => $szInstallingDir\Updater.exe
Task: {C88491A0-3718-415F-B15B-EB43F3D0BCEE} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2013-09-14] (Apple Inc.)
Task: {CB93C464-BBF0-46CE-B332-7B9EF08E5927} - System32\Tasks\{E6EDA8F6-0992-4E55-8D7B-4ED350CB8683} => C:\Windows.old\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
Task: {D0C9DAA6-5640-46B4-A4A5-06C5EFF97EF8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {DAC05766-BDC5-4B1F-874C-7C76F7E3E879} - System32\Tasks\DealPlyLiveUpdateTaskMachineCore => C:\Program Files\DealPlyLive\Update\DealPlyLive.exe
Task: {F1D3344E-A6C1-4552-8CC0-3043B560AC05} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-05] (Adobe Systems Incorporated)
Task: {F6E86304-4265-4FBB-9B20-97A3944695DF} - System32\Tasks\GoforFilesUpdate => C:\Program Files\GoforFiles\GFFUpdater.exe
Task: {FDEF8AD6-BC3B-4F75-A6FA-886966445082} - System32\Tasks\{30655FB6-6A63-41BA-905C-A830FDDF7AE3} => C:\Windows.old\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Dealply.job => C:\Users\SVENOL~1\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cec9e8c76a70af.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2011-08-05 16:56 - 2009-01-12 21:50 - 00120216 ____N () C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll
2011-08-05 16:56 - 2009-01-12 21:50 - 00038184 ____N () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll
2011-08-05 16:56 - 2009-01-12 21:50 - 00259480 ____N () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
2011-08-05 16:56 - 2009-01-12 21:50 - 00345384 ____N () C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll
2011-06-25 03:56 - 2011-06-25 03:56 - 00087328 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-25 03:56 - 2011-06-25 03:56 - 01241888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll
2013-10-08 22:05 - 2011-07-18 18:11 - 00435560 _____ () C:\Program Files\Digiarty\Air_Playit\CI.DLL
2013-10-08 22:05 - 2012-02-08 17:09 - 00780096 _____ () C:\Program Files\Digiarty\Air_Playit\SERVERADMIN.DLL
2013-10-08 22:05 - 2011-12-31 10:51 - 01654592 _____ () C:\Program Files\Digiarty\Air_Playit\Config.dll
2013-10-08 22:05 - 2011-07-12 02:25 - 00572336 _____ () C:\Program Files\Digiarty\Air_Playit\sqlite3.dll
2013-06-05 12:30 - 2013-07-06 09:34 - 03285912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2012-08-30 13:10 - 2012-08-30 13:10 - 00394600 _____ () C:\Program Files\AuthenTec TrueSuite\DataManager.dll
2012-08-30 13:11 - 2012-08-30 13:11 - 00094056 _____ () C:\Program Files\AuthenTec TrueSuite\ssutil.dll
2013-04-04 01:09 - 2013-04-04 01:09 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-02-14 15:46 - 2013-02-14 15:46 - 01044048 _____ () C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2013-09-26 13:50 - 2013-09-26 13:50 - 00433664 _____ () C:\Program Files\Evernote\Evernote\libxml2.dll
2013-09-26 13:49 - 2013-09-26 13:49 - 00315392 _____ () C:\Program Files\Evernote\Evernote\libtidy.dll
2013-09-26 13:55 - 2013-09-26 13:55 - 21115392 _____ () C:\Program Files\Evernote\Evernote\libcef.dll
2013-09-26 13:54 - 2013-09-26 13:54 - 00983054 _____ () C:\Program Files\Evernote\Evernote\avcodec-54.dll
2013-09-26 13:54 - 2013-09-26 13:54 - 00133134 _____ () C:\Program Files\Evernote\Evernote\avutil-51.dll
2013-09-26 13:54 - 2013-09-26 13:54 - 00189454 _____ () C:\Program Files\Evernote\Evernote\avformat-54.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/26/2013 07:01:23 PM) (Source: MsiInstaller) (User: *****)
Description: Produkt: Evernote v. 5.0.2 -- Fehler 1706. Ein Installationspaket des Programms Evernote v. 5.0.2 konnte nicht gefunden werden. Wiederholen Sie das Setup unter Verwendung einer gültigen Kopie des Installationspakets "Evernote.msi".
Error: (10/26/2013 07:00:04 PM) (Source: MsiInstaller) (User: *****)
Description: Produkt: Evernote v. 5.0.2 -- Fehler 1706. Ein Installationspaket des Programms Evernote v. 5.0.2 konnte nicht gefunden werden. Wiederholen Sie das Setup unter Verwendung einer gültigen Kopie des Installationspakets "Evernote.msi".
Error: (10/26/2013 02:34:34 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: HPWUCli.exe, Version: 5.0.9.0, Zeitstempel: 0x4acfa581
Name des fehlerhaften Moduls: HPWUCli.exe, Version: 5.0.9.0, Zeitstempel: 0x4acfa581
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00009b66
ID des fehlerhaften Prozesses: 0x1f40
Startzeit der fehlerhaften Anwendung: 0xHPWUCli.exe0
Pfad der fehlerhaften Anwendung: HPWUCli.exe1
Pfad des fehlerhaften Moduls: HPWUCli.exe2
Berichtskennung: HPWUCli.exe3
Error: (10/26/2013 02:34:29 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: HPWUCli.exe, Version: 5.0.9.0, Zeitstempel: 0x4acfa581
Name des fehlerhaften Moduls: hpupdatecomponent.dll, Version: 1.0.16.0, Zeitstempel: 0x4acfa56c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00007e34
ID des fehlerhaften Prozesses: 0x1f40
Startzeit der fehlerhaften Anwendung: 0xHPWUCli.exe0
Pfad der fehlerhaften Anwendung: HPWUCli.exe1
Pfad des fehlerhaften Moduls: HPWUCli.exe2
Berichtskennung: HPWUCli.exe3
Error: (10/26/2013 02:29:08 AM) (Source: Windows Backup) (User: )
Description: Die Sicherung war nicht erfolgreich. Fehler: "Auf diesem Laufwerk ist nicht genügend Speicherplatz zum Speichern der Sicherung verfügbar. Löschen Sie ältere Sicherungen und nicht benötigte Daten, um Speicherplatz freizugeben, oder ändern Sie die Sicherungseinstellungen. (0x81000005)"
Error: (10/25/2013 09:03:53 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/25/2013 08:53:29 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0135c710
ID des fehlerhaften Prozesses: 0x38ac
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
Error: (10/25/2013 08:52:28 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0114c710
ID des fehlerhaften Prozesses: 0x45dc
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
Error: (10/25/2013 08:51:28 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00f6c710
ID des fehlerhaften Prozesses: 0x40b4
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
Error: (10/25/2013 08:50:27 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00f6c710
ID des fehlerhaften Prozesses: 0x2044
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
System errors:
=============
Error: (10/25/2013 09:21:31 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst TeamViewer8 erreicht.
Error: (10/25/2013 09:20:43 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst MBAMService erreicht.
Error: (10/25/2013 09:04:24 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
prodrv06
prohlp02
prosync1
sfhlp01
Error: (10/25/2013 09:02:40 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
Error: (10/25/2013 09:01:00 PM) (Source: Application Popup) (User: )
Description: Treiber prodrv06.sys konnte nicht geladen werden.
Error: (10/25/2013 09:00:52 PM) (Source: Application Popup) (User: )
Description: Treiber prohlp02.sys konnte nicht geladen werden.
Error: (10/25/2013 09:00:52 PM) (Source: Application Popup) (User: )
Description: Treiber prosync1.sys konnte nicht geladen werden.
Error: (10/25/2013 09:00:52 PM) (Source: Application Popup) (User: )
Description: Treiber sfhlp01.sys konnte nicht geladen werden.
Error: (10/25/2013 06:45:27 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (10/25/2013 06:45:27 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.
Microsoft Office Sessions:
=========================
Error: (10/26/2013 07:01:23 PM) (Source: MsiInstaller)(User: *****)
Description: Produkt: Evernote v. 5.0.2 -- Fehler 1706. Ein Installationspaket des Programms Evernote v. 5.0.2 konnte nicht gefunden werden. Wiederholen Sie das Setup unter Verwendung einer gültigen Kopie des Installationspakets "Evernote.msi".(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (10/26/2013 07:00:04 PM) (Source: MsiInstaller)(User: *****)
Description: Produkt: Evernote v. 5.0.2 -- Fehler 1706. Ein Installationspaket des Programms Evernote v. 5.0.2 konnte nicht gefunden werden. Wiederholen Sie das Setup unter Verwendung einer gültigen Kopie des Installationspakets "Evernote.msi".(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (10/26/2013 02:34:34 AM) (Source: Application Error)(User: )
Description: HPWUCli.exe5.0.9.04acfa581HPWUCli.exe5.0.9.04acfa581c000000500009b661f4001ced1b9363052bbC:\Program Files\Hp\HP Software Update\HPWUCli.exeC:\Program Files\Hp\HP Software Update\HPWUCli.exe79926a84-3dac-11e3-923d-001e37bcc9ca
Error: (10/26/2013 02:34:29 AM) (Source: Application Error)(User: )
Description: HPWUCli.exe5.0.9.04acfa581hpupdatecomponent.dll1.0.16.04acfa56cc000000500007e341f4001ced1b9363052bbC:\Program Files\Hp\HP Software Update\HPWUCli.exeC:\Program Files\Hp\Common\hpupdatecomponent.dll76ba0570-3dac-11e3-923d-001e37bcc9ca
Error: (10/26/2013 02:29:08 AM) (Source: Windows Backup)(User: )
Description: Auf diesem Laufwerk ist nicht genügend Speicherplatz zum Speichern der Sicherung verfügbar. Löschen Sie ältere Sicherungen und nicht benötigte Daten, um Speicherplatz freizugeben, oder ändern Sie die Sicherungseinstellungen. (0x81000005)
Error: (10/25/2013 09:03:53 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/25/2013 08:53:29 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c00000050135c71038ac01ced18995ff0fd2C:\Windows\System32\svchost.exeunknownd3c82b36-3d7c-11e3-ae70-001e37bcc9ca
Error: (10/25/2013 08:52:28 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c00000050114c71045dc01ced189718e5f00C:\Windows\System32\svchost.exeunknownaf420e02-3d7c-11e3-ae70-001e37bcc9ca
Error: (10/25/2013 08:51:28 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c000000500f6c71040b401ced1894d8ab84aC:\Windows\System32\svchost.exeunknown8b3e674b-3d7c-11e3-ae70-001e37bcc9ca
Error: (10/25/2013 08:50:27 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c000000500f6c710204401ced1892963d220C:\Windows\System32\svchost.exeunknown67497e07-3d7c-11e3-ae70-001e37bcc9ca
CodeIntegrity Errors:
===================================
Date: 2011-08-03 05:41:10.820
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows.old\Windows\System32\bcrypt.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-08-03 05:41:10.807
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows.old\Windows\System32\bcrypt.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-08-03 05:41:10.795
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows.old\Windows\System32\bcrypt.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-08-03 05:41:10.782
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows.old\Windows\System32\bcrypt.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 58%
Total physical RAM: 3070.43 MB
Available physical RAM: 1283.95 MB
Total Pagefile: 6139.15 MB
Available Pagefile: 4084 MB
Total Virtual: 2047.88 MB
Available Virtual: 1901.36 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:220.98 GB) (Free:16.65 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:232.88 GB) (Free:0.02 GB) NTFS
Drive e: (HP_RECOVERY) (Fixed) (Total:11.9 GB) (Free:2.13 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (Datalux Extern) (Fixed) (Total:111.79 GB) (Free:26.28 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 0E5F0E5F)
Partition 1: (Active) - (Size=221 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=12 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 233 GB) (Disk ID: 625C0812)
Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 112 GB) (Disk ID: 2527A2C7)
Partition 1: (Not Active) - (Size=112 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
FRST 32-Bit | FRST 64-Bit
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
SecurityCheck und:
