bigdaniel | 02.11.2013 14:44 | FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-10-2013
Ran by Daniel (administrator) on LAPTOPDANIEL on 02-11-2013 14:31:17
Running from C:\Users\Daniel\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Microsoft Corporation) C:\Windows\System32\lpksetup.exe
(Andrea Electronics Corporation) C:\Windows\system32\AERTSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
(O2Micro International) C:\Windows\system32\DRIVERS\o2flash.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Spotify Ltd) C:\Users\Daniel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynToshiba.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicator.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE
(Microsoft Corporation) C:\Windows\system32\conime.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4907008 2008-02-04] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1451304 2009-03-20] (Synaptics Incorporated)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NVHotkey] - rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-04] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [Wondershare Helper Compact.exe] - C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1679360 2012-02-28] (Wondershare)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [125952 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Daniel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-19] (Spotify Ltd)
HKCU\...\Run: [HP Officejet 4620 series (NET)] - C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
MountPoints2: G - G:\setup.exe
MountPoints2: {284237f0-eb6b-11df-be39-001e37ec3d8e} - G:\Install.exe
MountPoints2: {ad320a92-f338-11df-a4cb-001e37ec3d8e} - H:\Install.exe
MountPoints2: {ad320a96-f338-11df-a4cb-001e37ec3d8e} - G:\Startme.exe
MountPoints2: {ea49a688-97b6-11dd-b8ad-001e37ec3d8e} - G:\LaunchU3.exe -a
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Gast\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Gast\...\Run: [MsnMsgr] - "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
HKU\Gast\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-21] (Microsoft Corporation)
HKU\Gast\...\Run: [ISUSPM] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [ 2008-10-24] (Macrovision Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = astroburn-search.com
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://start.icq.com/
SearchScopes: HKLM - DefaultScope {CFBFAE00-17A6-11D0-99CB-00C04FD64497} URL =
SearchScopes: HKCU - DefaultScope {01_TL-YODL-DE-E1416B8B2E3A} URL = hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q={searchTerms}
SearchScopes: HKCU - {01_TL-YODL-DE-E1416B8B2E3A} URL = hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q={searchTerms}
SearchScopes: HKCU - {03_TL-TELEFONBUCH-DE-E1416B8B2E3A} URL = hxxp://www.yodl.de/href.php?hrefname=FF-splug_telefonbuch&q={searchTerms}
SearchScopes: HKCU - {04_TL-AMAZON-DE-E1416B8B2E3A} URL = hxxp://www.yodl.de/href.php?hrefname=FF-splug_amazon&q={searchTerms}
SearchScopes: HKCU - {05_TL-EBAY-DE-E1416B8B2E3A} URL = hxxp://www.yodl.de/href.php?hrefname=FF-splug_ebay&q={searchTerms}
SearchScopes: HKCU - {06_TL-DISCOUNT24-DE-E1416B8B2E3A} URL = hxxp://www.yodl.de/href.php?hrefname=FF-splug_discount24&q={searchTerms}
SearchScopes: HKCU - {07_TL-CONRAD-DE-E1416B8B2E3A} URL = hxxp://www.yodl.de/href.php?hrefname=FF-splug_conrad&q={searchTerms}
SearchScopes: HKCU - {08_TL-OTTO-DE-E1416B8B2E3A} URL = hxxp://www.yodl.de/href.php?hrefname=FF-splug_otto&q={searchTerms}
SearchScopes: HKCU - {09_TL-CLIPFISH-DE-E1416B8B2E3A} URL = hxxp://www.yodl.de/href.php?hrefname=FF-splug_clipfish&q={searchTerms}
SearchScopes: HKCU - {10_TL-MYVIDEO-DE-E1416B8B2E3A} URL = hxxp://www.yodl.de/href.php?hrefname=FF-splug_myvideo&q={searchTerms}
SearchScopes: HKCU - {11_TL-MUSICLOAD-DE-E1416B8B2E3A} URL = hxxp://www.yodl.de/href.php?hrefname=FF-splug_musicload&q={searchTerms}
SearchScopes: HKCU - {5F970FDE-702B-4ef9-920C-5F2848A5AF26} URL = hxxp://www.astroburn-search.com/search/web?q={searchTerms}
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {7F81EE51-3954-4630-9284-C842159E3D7B} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.24.6\bh\delta.dll (Delta-search.com)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.24.6\deltaTlbr.dll (Delta-search.com)
Toolbar: HKCU - No Name - {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog9 11 mswsock.dll File Not found ()
Winsock: Catalog9 12 mswsock.dll File Not found ()
Winsock: Catalog9 13 mswsock.dll File Not found ()
Winsock: Catalog9 14 mswsock.dll File Not found ()
Winsock: Catalog9 15 mswsock.dll File Not found ()
Winsock: Catalog9 16 mswsock.dll File Not found ()
Winsock: Catalog9 17 mswsock.dll File Not found ()
Winsock: Catalog9 18 mswsock.dll File Not found ()
Winsock: Catalog9 19 mswsock.dll File Not found ()
Winsock: Catalog9 20 mswsock.dll File Not found ()
Winsock: Catalog9 21 mswsock.dll File Not found ()
Winsock: Catalog9 22 mswsock.dll File Not found ()
Winsock: Catalog9 23 mswsock.dll File Not found ()
Winsock: Catalog9 24 mswsock.dll File Not found ()
Winsock: Catalog9 25 mswsock.dll File Not found ()
Winsock: Catalog9 26 mswsock.dll File Not found ()
Winsock: Catalog9 27 mswsock.dll File Not found ()
Winsock: Catalog9 28 mswsock.dll File Not found ()
Winsock: Catalog9 29 mswsock.dll File Not found ()
Winsock: Catalog9 30 mswsock.dll File Not found ()
Winsock: Catalog9 31 mswsock.dll File Not found ()
Winsock: Catalog9 32 mswsock.dll File Not found ()
Winsock: Catalog9 33 mswsock.dll File Not found ()
Winsock: Catalog9 34 mswsock.dll File Not found ()
Winsock: Catalog9 35 mswsock.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\4d0nkw6o.default
FF user.js: detected! => C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\4d0nkw6o.default\user.js
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VLC Player\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\clipfish.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\conrad.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\discount24.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\musicload.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\myvideo.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\otto.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\quelle.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\telefonbuch-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\webnews.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\4d0nkw6o.default\Extensions\ffxtlbr@babylon.com
FF Extension: Delta Toolbar - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\4d0nkw6o.default\Extensions\ffxtlbr@delta.com
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
Chrome:
=======
CHR HomePage: https://mail.google.com/mail/ca/u/0/#inbox
CHR RestoreOnStartup: "https://mail.google.com/mail/ca/u/0/#inbox"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Daniel\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Daniel\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Daniel\AppData\Local\Google\Chrome\Application\30.0.1599.101\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll No File
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll No File
CHR Plugin: (Reallusion CT4Player for Mozilla) - C:\Program Files\Mozilla Firefox\plugins\npRLCT4Player.dll ( )
CHR Plugin: (Google Talk Plugin) - C:\Users\Daniel\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll No File
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Daniel\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Picasa) - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Media Go Detector) - C:\Program Files\Sony\Media Go\npmediago.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (ProxTube) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.4_0
CHR Extension: (YouTube) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Feedly - News, Blogs and Youtube) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob\18.1_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0
CHR Extension: (Gmail) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR Extension: (AVG PrivacyFix) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmejhjjecaldkllonlokhkglbdbkdcni\5.0.2_0
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
========================== Services (Whitelisted) =================
R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2008-02-04] (Andrea Electronics Corporation)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-09-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-04] (Avira Operations GmbH & Co. KG)
R2 HFGService; C:\Windows\System32\HFGService.dll [356864 2006-11-20] (CSR, plc)
R2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [87344 2007-09-04] (AVM Berlin)
R2 o2flash; C:\Windows\system32\DRIVERS\o2flash.exe [71512 2008-07-29] (O2Micro International)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S4 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [x]
U2 *etadpug; "C:\Program Files\Google\Desktop\Install\{4b8b7837-0924-61b3-bfaf-63132f8dde8b}\ \...\???\{4b8b7837-0924-61b3-bfaf-63132f8dde8b}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
==================== Drivers (Whitelisted) ====================
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [103744 2009-03-18] (SlySoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136672 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-04-14] (Avira Operations GmbH & Co. KG)
R3 avmaudio; C:\Windows\System32\DRIVERS\avmaudio.sys [101248 2009-11-29] (AVM Berlin)
R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [101248 2009-11-29] (AVM Berlin)
S3 BthAudioHF; C:\Windows\System32\DRIVERS\BthAudioHF.sys [29184 2006-11-20] (CSR, plc)
S3 bthav; C:\Windows\System32\drivers\bthav.sys [36352 2007-01-23] (CSR, plc)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [12800 2007-01-23] (CSR, plc)
S3 BTHFILT; C:\Windows\System32\DRIVERS\BthFilt.sys [13824 2006-11-06] (CSR, plc)
R1 Cdr4_xp; C:\Windows\System32\Drivers\Cdr4_xp.sys [9072 2007-06-20] (Sonic Solutions)
R1 Cdralw2k; C:\Windows\System32\Drivers\Cdralw2k.sys [9200 2007-06-20] (Sonic Solutions)
S3 CSRBC; C:\Windows\System32\Drivers\csrbcxp.sys [31744 2007-01-16] (CSR, plc)
R2 DLABMFSM; C:\Windows\System32\Drivers\DLABMFSM.SYS [37360 2007-07-23] (Roxio)
R2 DLABOIOM; C:\Windows\System32\Drivers\DLABOIOM.SYS [32848 2007-07-23] (Roxio)
R2 DLADResM; C:\Windows\System32\Drivers\DLADResM.SYS [9104 2007-07-23] (Roxio)
R2 DLAIFS_M; C:\Windows\System32\Drivers\DLAIFS_M.SYS [108752 2007-07-23] (Roxio)
R2 DLAOPIOM; C:\Windows\System32\Drivers\DLAOPIOM.SYS [27216 2007-07-23] (Roxio)
R2 DLAPoolM; C:\Windows\System32\Drivers\DLAPoolM.SYS [16304 2007-07-23] (Roxio)
R2 DLAUDFAM; C:\Windows\System32\Drivers\DLAUDFAM.SYS [93552 2007-07-23] (Roxio)
R2 DLAUDF_M; C:\Windows\System32\Drivers\DLAUDF_M.SYS [98448 2007-07-23] (Roxio)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [24232 2009-02-17] (Elaborate Bytes AG)
R3 ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [11984 2007-02-16] (Elaborate Bytes AG)
R3 OEM13Vfx; C:\Windows\System32\DRIVERS\OEM13Vfx.sys [7424 2007-03-05] (EyePower Games Pte. Ltd.)
R3 OEM13Vid; C:\Windows\System32\DRIVERS\OEM13Vid.sys [235840 2008-05-28] (Creative Technology Ltd.)
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [31848 2012-03-20] (RapidSolution Software AG)
R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [31848 2012-03-20] (RapidSolution Software AG)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-02-24] (Avira GmbH)
R1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2006-07-24] ()
R3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [39016 2012-03-20] (RapidSolution Software AG)
S3 WsAudioDevice_383; C:\Windows\System32\drivers\WsAudioDevice_383.sys [25632 2013-05-30] (Wondershare)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S1 OMCI; \??\C:\Windows\SYSTEM32\DRIVERS\OMCI.SYS [x]
S3 RimUsb; System32\Drivers\RimUsb.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-02 14:30 - 2013-11-02 14:30 - 00000000 ____D C:\FRST
2013-10-31 19:26 - 2013-10-31 19:25 - 01957098 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe
2013-10-31 19:26 - 2013-10-31 19:24 - 01089445 _____ (Farbar) C:\Users\Daniel\Desktop\FRST.exe
2013-10-31 18:08 - 2013-10-31 18:09 - 00075232 _____ C:\Users\Daniel\Desktop\Ereignisse.txt
2013-10-29 19:36 - 2012-04-28 18:59 - 00000066 _____ C:\Users\Daniel\Downloads\com.apple.AppleTVIR.plist
2013-10-29 18:25 - 2013-10-29 18:25 - 103932228 _____ C:\Windows\system32\㢱渹ᴼ”
2013-10-28 19:58 - 2013-10-29 18:27 - 00000000 ____D C:\Program Files\Wondershare
2013-10-28 19:26 - 2013-10-28 19:26 - 00155648 _____ C:\Users\Daniel\Desktop\Urlaubsplan-2014.xls
2013-10-19 13:46 - 2013-10-28 17:56 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\HpUpdate
2013-10-19 13:46 - 2013-10-19 13:46 - 00002099 _____ C:\Users\Public\Desktop\HP Officejet 4620 series.lnk
2013-10-19 13:46 - 2013-10-19 13:46 - 00001036 _____ C:\Users\Public\Desktop\Shop für Zubehör - HP Officejet 4620 series.lnk
2013-10-19 13:46 - 2012-10-17 03:04 - 00580712 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPM6412.dll
2013-10-19 13:38 - 2013-10-19 13:47 - 00000000 ____D C:\Program Files\HP
2013-10-19 13:38 - 2013-10-19 13:38 - 00000057 _____ C:\ProgramData\Ament.ini
2013-10-19 13:38 - 2013-10-19 13:38 - 00000000 ____D C:\ProgramData\HP
2013-10-19 13:32 - 2013-10-19 13:53 - 00000000 ____D C:\Users\Daniel\AppData\Local\HP
2013-10-09 17:55 - 2013-10-09 18:06 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\iPumper
2013-10-09 17:17 - 2013-05-30 12:56 - 00025632 _____ (Wondershare) C:\Windows\system32\Drivers\WsAudioDevice_383.sys
2013-10-06 16:08 - 2013-10-06 16:08 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\RealNetworks
2013-10-06 16:05 - 2013-10-06 16:05 - 00000000 ____D C:\ProgramData\RealNetworks
2013-10-06 16:05 - 2013-10-06 16:05 - 00000000 ____D C:\Program Files\RealNetworks
2013-10-06 16:03 - 2013-10-06 16:03 - 00000000 ____D C:\Program Files\Common Files\xing shared
==================== One Month Modified Files and Folders =======
2013-11-02 14:30 - 2013-11-02 14:30 - 00000000 ____D C:\FRST
2013-11-02 14:29 - 2009-08-03 15:29 - 00000400 ____H C:\Windows\Tasks\User_Feed_Synchronization-{EABD42CB-95C4-4ED7-B918-FE41C447A979}.job
2013-11-02 14:29 - 2006-11-02 13:52 - 00107798 _____ C:\Windows\setupact.log
2013-11-02 14:26 - 2013-07-24 19:12 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-02 14:26 - 2008-07-01 22:02 - 00396658 _____ C:\ProgramData\nvModes.001
2013-11-02 14:26 - 2008-07-01 22:00 - 00396658 _____ C:\ProgramData\nvModes.dat
2013-11-02 14:26 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-02 14:26 - 2006-11-02 13:47 - 00004880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-02 14:26 - 2006-11-02 13:47 - 00004880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-01 19:14 - 2008-07-19 12:28 - 00000012 _____ C:\Windows\bthservsdp.dat
2013-11-01 19:14 - 2006-11-02 14:01 - 00032586 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-01 18:37 - 2006-11-02 11:33 - 00154160 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-31 19:25 - 2013-10-31 19:26 - 01957098 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe
2013-10-31 19:24 - 2013-10-31 19:26 - 01089445 _____ (Farbar) C:\Users\Daniel\Desktop\FRST.exe
2013-10-31 19:23 - 2013-07-24 19:12 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-31 19:19 - 2008-07-06 18:56 - 00098304 _____ C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-31 18:09 - 2013-10-31 18:08 - 00075232 _____ C:\Users\Daniel\Desktop\Ereignisse.txt
2013-10-31 17:38 - 2008-01-21 03:47 - 00734510 _____ C:\Windows\PFRO.log
2013-10-29 19:40 - 2008-07-06 19:37 - 00000000 ____D C:\Users\Daniel\AppData\Local\Google
2013-10-29 19:09 - 2008-07-05 10:02 - 00000000 ____D C:\Users\Daniel\Downloads\Programme
2013-10-29 18:49 - 2008-07-02 16:42 - 00000000 ____D C:\Users\Daniel\AppData\Local\Last.fm
2013-10-29 18:27 - 2013-10-28 19:58 - 00000000 ____D C:\Program Files\Wondershare
2013-10-29 18:26 - 2013-07-24 20:49 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Wondershare
2013-10-29 18:25 - 2013-10-29 18:25 - 103932228 _____ C:\Windows\system32\㢱渹ᴼ”
2013-10-28 20:06 - 2008-01-21 02:35 - 01671187 _____ C:\Windows\WindowsUpdate.log
2013-10-28 19:46 - 2008-07-06 19:37 - 00000000 ____D C:\Program Files\Google
2013-10-28 19:26 - 2013-10-28 19:26 - 00155648 _____ C:\Users\Daniel\Desktop\Urlaubsplan-2014.xls
2013-10-28 18:40 - 2008-07-05 10:03 - 00000000 ____D C:\Users\Daniel\Downloads\Musik
2013-10-28 17:56 - 2013-10-19 13:46 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\HpUpdate
2013-10-26 10:12 - 2013-07-05 19:53 - 00000000 __SHD C:\Users\Daniel\wc
2013-10-25 18:37 - 2012-03-31 14:30 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Spotify
2013-10-25 16:45 - 2010-09-04 11:24 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Skype
2013-10-25 16:22 - 2012-12-08 12:51 - 00000000 ___RD C:\Program Files\Skype
2013-10-25 16:22 - 2010-09-04 11:23 - 00000000 ____D C:\ProgramData\Skype
2013-10-24 17:17 - 2012-03-31 14:30 - 00000000 ____D C:\Users\Daniel\AppData\Local\Spotify
2013-10-20 14:37 - 2009-10-05 15:09 - 00000000 ____D C:\Users\Daniel\Documents\Bewerbung
2013-10-20 11:52 - 2012-04-01 20:12 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-10-20 11:52 - 2012-04-01 20:12 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-10-19 13:53 - 2013-10-19 13:32 - 00000000 ____D C:\Users\Daniel\AppData\Local\HP
2013-10-19 13:47 - 2013-10-19 13:38 - 00000000 ____D C:\Program Files\HP
2013-10-19 13:46 - 2013-10-19 13:46 - 00002099 _____ C:\Users\Public\Desktop\HP Officejet 4620 series.lnk
2013-10-19 13:46 - 2013-10-19 13:46 - 00001036 _____ C:\Users\Public\Desktop\Shop für Zubehör - HP Officejet 4620 series.lnk
2013-10-19 13:46 - 2008-07-01 20:27 - 00000000 ____D C:\Users\Daniel
2013-10-19 13:38 - 2013-10-19 13:38 - 00000057 _____ C:\ProgramData\Ament.ini
2013-10-19 13:38 - 2013-10-19 13:38 - 00000000 ____D C:\ProgramData\HP
2013-10-19 13:38 - 2006-11-02 13:37 - 00000000 ____D C:\Windows\twain_32
2013-10-17 17:27 - 2009-07-05 10:00 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\vlc
2013-10-09 18:06 - 2013-10-09 17:55 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\iPumper
2013-10-09 17:17 - 2008-07-05 06:48 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Tunebite
2013-10-06 16:08 - 2013-10-06 16:08 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\RealNetworks
2013-10-06 16:07 - 2008-07-02 16:52 - 00000000 ____D C:\Program Files\VLC Player
2013-10-06 16:05 - 2013-10-06 16:05 - 00000000 ____D C:\ProgramData\RealNetworks
2013-10-06 16:05 - 2013-10-06 16:05 - 00000000 ____D C:\Program Files\RealNetworks
2013-10-06 16:04 - 2008-07-05 10:02 - 00000000 ____D C:\Users\Daniel\Downloads\Bilder
2013-10-06 16:03 - 2013-10-06 16:03 - 00000000 ____D C:\Program Files\Common Files\xing shared
2013-10-06 16:02 - 2010-02-20 09:32 - 00000000 ____D C:\ProgramData\Real
2013-10-06 16:01 - 2013-01-23 18:11 - 00201872 _____ (RealNetworks, Inc.) C:\Windows\system32\rmoc3260.dll
2013-10-06 16:01 - 2013-01-23 18:10 - 00006656 _____ (RealNetworks, Inc.) C:\Windows\system32\pndx5016.dll
2013-10-06 16:01 - 2013-01-23 18:10 - 00005632 _____ (RealNetworks, Inc.) C:\Windows\system32\pndx5032.dll
2013-10-06 16:01 - 2009-02-28 06:50 - 00272896 _____ (Progressive Networks) C:\Windows\system32\pncrt.dll
2013-10-06 16:00 - 2008-07-01 21:56 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\msvcp71.dll
ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini
Files to move or delete:
====================
C:\Users\Daniel\AppData\Roaming\desktop.ini
ZeroAccess:
C:\Users\Daniel\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files\Google\Desktop\Install
C:\Users\Daniel\SkypeSetup.exe
Some content of TEMP:
====================
C:\Users\Daniel\AppData\Local\Temp\13616E~1.exe
C:\Users\Daniel\AppData\Local\Temp\2dcd1d63cb45e6613582211c3d5f4b23.exe
C:\Users\Daniel\AppData\Local\Temp\2tqkypd2.dll
C:\Users\Daniel\AppData\Local\Temp\3z3BD4.exe
C:\Users\Daniel\AppData\Local\Temp\5pqrtkyy.dll
C:\Users\Daniel\AppData\Local\Temp\AskSLib.dll
C:\Users\Daniel\AppData\Local\Temp\AstroburnLite140-0115.exe
C:\Users\Daniel\AppData\Local\Temp\AuraUpgradeHelper.exe
C:\Users\Daniel\AppData\Local\Temp\AutoRun.exe
C:\Users\Daniel\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Daniel\AppData\Local\Temp\Deployer.exe
C:\Users\Daniel\AppData\Local\Temp\DWPUpgradeInstaller.exe
C:\Users\Daniel\AppData\Local\Temp\eauninstall.exe
C:\Users\Daniel\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Daniel\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\Daniel\AppData\Local\Temp\FlashPlayerUpdate02.exe
C:\Users\Daniel\AppData\Local\Temp\FlashPlayerUpdate03.exe
C:\Users\Daniel\AppData\Local\Temp\GLF3AB4.tmp.tbElf_.dll
C:\Users\Daniel\AppData\Local\Temp\GLFBF70.tmp.tbElf_.dll
C:\Users\Daniel\AppData\Local\Temp\htmlayout.dll
C:\Users\Daniel\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Daniel\AppData\Local\Temp\iTunesPluginWinSetup_3.0.1.0.exe
C:\Users\Daniel\AppData\Local\Temp\iTunesPluginWinSetup_3.0.2.0.exe
C:\Users\Daniel\AppData\Local\Temp\iTunesPluginWinSetup_3.0.4.0.exe
C:\Users\Daniel\AppData\Local\Temp\jre-6u10-rc-windows-i586-p-iftw-k.exe
C:\Users\Daniel\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Daniel\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Daniel\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Daniel\AppData\Local\Temp\lame_1232042762_2851_12708.dll
C:\Users\Daniel\AppData\Local\Temp\lame_1232042812_2955_12872.dll
C:\Users\Daniel\AppData\Local\Temp\lame_1232042825_4541_12914.dll
C:\Users\Daniel\AppData\Local\Temp\lame_1232042836_2944_12950.dll
C:\Users\Daniel\AppData\Local\Temp\lame_1232042864_5851_13041.dll
C:\Users\Daniel\AppData\Local\Temp\lame_1232042925_5060_13241.dll
C:\Users\Daniel\AppData\Local\Temp\lame_1232043076_8475_13734.dll
C:\Users\Daniel\AppData\Local\Temp\lame_1232043102_9681_13819.dll
C:\Users\Daniel\AppData\Local\Temp\Last.fm-1.5.4.24567.exe
C:\Users\Daniel\AppData\Local\Temp\Last.fm-1.5.4.27091.exe
C:\Users\Daniel\AppData\Local\Temp\Last.fm-2.1.33.exe
C:\Users\Daniel\AppData\Local\Temp\mediago_setup.exe
C:\Users\Daniel\AppData\Local\Temp\mpengine.dll
C:\Users\Daniel\AppData\Local\Temp\MsgPlusUninstall.exe
C:\Users\Daniel\AppData\Local\Temp\ose00000.exe
C:\Users\Daniel\AppData\Local\Temp\pdf24-creator-update.exe
C:\Users\Daniel\AppData\Local\Temp\PicasaUpdater_4a42.exe
C:\Users\Daniel\AppData\Local\Temp\Px.dll
C:\Users\Daniel\AppData\Local\Temp\pxafs.dll
C:\Users\Daniel\AppData\Local\Temp\PxCpyA64.exe
C:\Users\Daniel\AppData\Local\Temp\PxCpyI64.exe
C:\Users\Daniel\AppData\Local\Temp\PxDrv.dll
C:\Users\Daniel\AppData\Local\Temp\pxhpinst.exe
C:\Users\Daniel\AppData\Local\Temp\PxInsA64.exe
C:\Users\Daniel\AppData\Local\Temp\PxInsI64.exe
C:\Users\Daniel\AppData\Local\Temp\PxMas.dll
C:\Users\Daniel\AppData\Local\Temp\pxsetup.exe
C:\Users\Daniel\AppData\Local\Temp\PxSFS.dll
C:\Users\Daniel\AppData\Local\Temp\PxWave.dll
C:\Users\Daniel\AppData\Local\Temp\pxwma.dll
C:\Users\Daniel\AppData\Local\Temp\SC4_uninst.exe
C:\Users\Daniel\AppData\Local\Temp\SimCity 4 Deluxe_uninst.exe
C:\Users\Daniel\AppData\Local\Temp\SIntf16.dll
C:\Users\Daniel\AppData\Local\Temp\SIntf32.dll
C:\Users\Daniel\AppData\Local\Temp\SIntfNT.dll
C:\Users\Daniel\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Daniel\AppData\Local\Temp\streaming-audio-recorder_full383.exe
C:\Users\Daniel\AppData\Local\Temp\stubhelper.dll
C:\Users\Daniel\AppData\Local\Temp\tmp2CBC.exe
C:\Users\Daniel\AppData\Local\Temp\ttsetup.tmp.exe
C:\Users\Daniel\AppData\Local\Temp\Update_f543.exe
C:\Users\Daniel\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\Daniel\AppData\Local\Temp\VxBlock.dll
C:\Users\Daniel\AppData\Local\Temp\WinampPluginSetup_2.1.0.9.exe
C:\Users\Daniel\AppData\Local\Temp\wlsetup-cvr.exe
C:\Users\Daniel\AppData\Local\Temp\wmpfirefoxplugin.exe
C:\Users\Daniel\AppData\Local\Temp\WmpPluginSetup_2.1.0.6.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
LastRegBack: 2013-11-02 14:32
==================== End Of Log ============================ --- --- ---
--- --- ---
--- --- ---
--- --- ---
Addition.txt Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 31-10-2013
Ran by Daniel at 2013-11-02 14:35:07
Running from C:\Users\Daniel\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
ActiveState ActivePython 2.7.2.5 (32-bit) (Version: 2.7.5)
Adobe AIR (Version: 3.2.0.2070)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.265)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Photoshop 7.0 (Version: 7.0)
Adobe Reader X (10.1.7) (Version: 10.1.7)
Advanced Audio FX Engine
Advanced Video FX Engine
Airfoil (Version: 3.3.2)
Amazon Kindle
AnyDVD
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
Audacity 1.3.13 (Unicode)
Audials (Version: 9.1.13600.0)
Audible Download Manager (Version: 6.5.0.3)
AudibleManager (Version: 4526172.48.2147348480.4526172)
Avira Free Antivirus (Version: 13.0.0.4052)
AVM FRITZ!Box USB-Fernanschluss (HKCU Version: 2.1.0.18)
AVM FRITZ!DSL (Version: 2.04.02)
Bonjour (Version: 3.0.0.10)
calibre (Version: 1.3.0)
CloneDVD2
Cyberduck 4.3.1 (11008) (Version: 4.3.1 (11008))
Data Lifeguard Diagnostic for Windows (Version: 1.13)
Definition update for Microsoft Office 2010 (KB982726)
Dell Resource CD (Version: 1.00.0000)
Dell Touchpad (Version: 7.1.102.7)
Dell Webcam Center
Dell Webcam Manager
Delta toolbar (Version: 1.8.24.6)
DivX-Setup (Version: 2.6.1.5)
ElsterFormular (Version: 14.1.11318)
ElsterFormular 2008/2009 (Version: 10.3.2.0)
EPSON-Drucker-Software
Free M4a to MP3 Converter 7.2
Free WebM Video Converter version 5.0.28.812 (Version: 5.0.28.812)
Google Earth Plug-in (Version: 7.1.1.1888)
Google Update Helper (Version: 1.3.21.165)
HP Officejet 4620 series - Grundlegende Software für das Gerät (Version: 28.0.1315.0)
HP Officejet 4620 series Hilfe (Version: 6.0.0)
HP Update (Version: 5.003.003.001)
I.R.I.S. OCR (Version: 12.3.4.0)
Intel(R) PROSet/Wireless Software (Version: 11.01.0000)
iPhone-Konfigurationsprogramm (Version: 2.1.0.163)
iTunes (Version: 11.1.0.126)
Java Auto Updater (Version: 2.0.7.1)
Java(TM) 6 Update 31 (Version: 6.0.310)
JDownloader 0.9 (Version: 0.9)
LAME v3.98.3 for Audacity
Laptop Integrated Webcam Driver (1.01.01.0529)
Last.fm Scrobbler 2.1.36
mCore (Version: 9.24.0000)
mDriver (Version: 9.24.0000)
mHelp (Version: 9.24.0000)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Expression Blend 3 (Version: 3.0.1927.0)
Microsoft Expression Blend 3 SDK (Version: 1.0.1327.0)
Microsoft Expression Design 3 (Version: 6.0.1739.0)
Microsoft Expression Encoder 3 (Version: 3.0.1332.0)
Microsoft Expression Studio 3 (Version: 3.0.1061.0)
Microsoft Expression Web 3 (Version: 3.0.1762.0)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Silverlight 3 SDK (Version: 3.0.40624.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Microsoft XML Parser (Version: 8.70.1104.04)
mMHouse (Version: 9.24.0000)
Mozilla Firefox 12.0 (x86 de) (Version: 12.0)
Mozilla Maintenance Service (Version: 12.0)
mPfMgr (Version: 9.24.0000)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
mWMI (Version: 9.24.0000)
neroxml (Version: 1.0.0)
NoLimits Coasters 1.8 (remove only)
NoLimits Track Packager 1.5 (Version: 1.5)
NVIDIA Drivers (Version: 1.9)
NVIDIA PhysX (Version: 9.09.0428)
O2Micro Flash Memory Card Reader Driver (x86) (Version: 3.27)
OpenOffice.org 3.0 (Version: 3.0.9358)
PanoramaStudio 1.6 (uninstall)
PDF24 Creator 5.3.0
Picasa 3 (Version: 3.9)
Python 2.7 pycrypto-2.1.0
QuickTime (Version: 7.74.80.86)
RealDownloader (Version: 1.3.3)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.3)
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista (Version: 1.00.0000)
Realtek High Definition Audio Driver (Version: 6.0.1.5555)
RealUpgrade 1.1 (Version: 1.1.0)
RollerCoaster Tycoon 2
RollerCoaster Tycoon 3
Roxio Activation Module (Version: 1.0)
Roxio Creator Audio (Version: 3.5.0)
Roxio Creator Copy (Version: 3.5.0)
Roxio Creator Data (Version: 3.5.0)
Roxio Creator DE (Version: 3.5.0)
Roxio Creator Tools (Version: 3.5.0)
Roxio Drag-to-Disc (Version: 9.1)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio Update Manager (Version: 6.0.0)
Skype™ 6.9 (Version: 6.9.106)
Sonic CinePlayer Decoder Pack (Version: 4.2.0)
Spotify (HKCU Version: 0.9.4.185.g7545a404)
Synaptics Pointing Device Driver (Version: 12.2.11.0)
Tropico
Tunebite (Version: 5.1.145.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VCRedistSetup (Version: 1.0.0)
VLC media player 2.0.8 (Version: 2.0.8)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR
WPF Toolkit June 2009 (Version 3.5.40619.1) (Version: 3.5.40619.1)
Xvid 1.2.2 final uninstall (Version: 1.2)
YTD Video Downloader 4.5 (Version: 4.5)
==================== Restore Points =========================
27-09-2013 16:09:28 Gerätetreiber-Paketinstallation: Apple Netzwerkadapter
09-10-2013 16:17:47 Gerätetreiber-Paketinstallation: WsAudioDevice_383 Audio-, Video- und Gamecontroller
14-10-2013 16:53:06 Geplanter Prüfpunkt
19-10-2013 12:39:12 Gerätetreiber-Paketinstallation: HP Drucker
19-10-2013 12:42:47 Gerätetreiber-Paketinstallation: Hewlett-Packard Bildverarbeitungsgeräte
19-10-2013 12:44:26 Gerätetreiber-Paketinstallation: HP Drucker
25-10-2013 16:20:08 Geplanter Prüfpunkt
29-10-2013 18:44:09 Removed Google Earth.
==================== Hosts content: ==========================
2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {183539C0-4C50-4D03-9F6C-65CF341B1617} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2008-01-21] (Microsoft Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {3031A5BA-F78D-489B-92D9-81C11288B9EB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-07-24] (Google Inc.)
Task: {3174CF12-B693-4A62-A232-B785609D44A7} - System32\Tasks\{658FBD9C-0C89-4612-992F-73CFD405AFFB} => Chrome.exe hxxp://ui.skype.com/ui/0/5.5.0.124.259/de/abandoninstall?source=lightinstaller&page=tsPlugin&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {379FCB1F-644F-4C0E-97F1-6227BEF6259B} - System32\Tasks\{C5EDB0FD-4DE2-40DD-BB75-877DEF9A2A96} => Chrome.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/de/abandoninstall?page=tsProgressBar
Task: {3817D508-AD8B-43C7-BE0B-DA7079D63876} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4143837596-1046665922-530285621-1000 => C:\Program Files\Real\RealUpgrade\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\System32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {68990D20-D184-4117-AD0B-1B1DEF82889C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {70361A8A-2122-4D25-8250-503D5BEA3945} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4143837596-1046665922-530285621-1000 => C:\Program Files\Real\RealUpgrade\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {9C23E42B-ABEF-4F9F-8444-F0566674E437} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4143837596-1046665922-530285621-1000 => C:\Program Files\Real\RealUpgrade\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {B45921D7-9D2B-45D4-A3DC-8BE2235EEDDA} - System32\Tasks\EPUpdater => C:\Users\Daniel\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-08-04] ()
Task: {B8BF9473-C0E1-4734-8E11-435BFE3A2C48} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4143837596-1046665922-530285621-1000 => C:\Program Files\Real\RealUpgrade\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {C217C7F8-0768-4CDD-B1C3-8AF6C2F3888B} - System32\Tasks\{982F295B-EEF6-475B-AB57-068ADBFFE8CF} => Chrome.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/de/abandoninstall?page=tsProgressBar
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\System32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {E9660CDD-8EE6-442B-A4AF-00C3E1F77C03} - System32\Tasks\{B48B1837-9C2E-4317-8F6B-CA74AB55B8E5} => Chrome.exe hxxp://ui.skype.com/ui/0/6.6.0.106/de/abandoninstall?page=tsPlugin
Task: {ED22DD73-59CD-4EEE-A7E6-CBC59958564E} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {FD36CB7D-0E09-42D9-B7BE-C35725691F79} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-07-24] (Google Inc.)
Task: {FDCD371F-E4EE-4081-9E6C-44E763F7394B} - System32\Tasks\{5E4DD0D1-5CCC-4436-B8BC-E1BE6A7621FA} => C:\Program Files\Skype\Phone\Skype.exe [2013-10-02] (Skype Technologies S.A.)
Task: {FDCE8C78-5A38-462A-BFBC-7B7F78A4653C} - System32\Tasks\{E3C1D82C-3183-4F17-9D8A-D91E78D89003} => Chrome.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/de/abandoninstall?page=tsProgressBar
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{EABD42CB-95C4-4ED7-B918-FE41C447A979}.job => C:\Windows\system32\msfeedssync.exe
==================== Loaded Modules (whitelisted) =============
2008-01-21 03:24 - 2008-01-21 03:24 - 00223232 _____ () C:\Windows\system32\MSWSOCK.dll
2007-07-23 14:04 - 2007-07-23 14:04 - 00068080 _____ () C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL
2008-07-05 06:43 - 2007-09-20 17:34 - 00129024 _____ () C:\Program Files\WinRAR\rarext.dll
2012-07-21 16:47 - 2012-07-21 16:47 - 00043520 _____ () C:\Windows\system32\CmdLineExt03.dll
2008-01-21 03:24 - 2008-01-21 03:24 - 00223232 _____ () C:\Windows\system32\mswsock.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Windows:8BEA3CE1B0467528
AlternateDataStreams: C:\Users\Daniel\Documents\Spritrechner.xls:Roxio EMC Stream
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/02/2013 02:36:03 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel 0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x00000000,
Prozess-ID 0x7d8, Anwendungsstartzeit svchost.exe0.
Error: (11/02/2013 02:34:59 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel 0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x00000000,
Prozess-ID 0x454, Anwendungsstartzeit svchost.exe0.
Error: (11/02/2013 02:33:55 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel 0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x00000000,
Prozess-ID 0xc84, Anwendungsstartzeit svchost.exe0.
Error: (11/02/2013 02:32:51 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel 0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x00000000,
Prozess-ID 0xa58, Anwendungsstartzeit svchost.exe0.
Error: (11/02/2013 02:31:46 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel 0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x00000000,
Prozess-ID 0xe3c, Anwendungsstartzeit svchost.exe0.
Error: (11/02/2013 02:27:53 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/01/2013 07:13:24 PM) (Source: Software Licensing Service) (User: )
Description: Fehler beim Starten des Softwarelizenzierungsdienstes. hr=0x80070002, [2, 4]
Error: (11/01/2013 06:55:11 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel 0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x00000000,
Prozess-ID 0x1478, Anwendungsstartzeit svchost.exe0.
Error: (11/01/2013 06:54:08 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel 0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x00000000,
Prozess-ID 0x588, Anwendungsstartzeit svchost.exe0.
Error: (11/01/2013 06:53:05 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel 0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x00000000,
Prozess-ID 0x144c, Anwendungsstartzeit svchost.exe0.
System errors:
=============
Error: (09/25/2009 06:32:04 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 24.09.2009 um 21:58:04 unerwartet heruntergefahren.
Error: (09/24/2009 05:56:03 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x80070032
Error: (09/24/2009 05:56:02 PM) (Source: Service Control Manager) (User: )
Description: OMCI
Error: (09/24/2009 05:56:02 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (09/24/2009 05:54:19 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos
Error: (09/24/2009 05:54:12 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 23.09.2009 um 19:47:21 unerwartet heruntergefahren.
Error: (09/23/2009 06:00:06 PM) (Source: Service Control Manager) (User: )
Description: OMCI
Error: (09/23/2009 06:00:06 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (09/23/2009 05:59:57 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x80070032
Error: (09/23/2009 05:58:35 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos
Microsoft Office Sessions:
=========================
Error: (11/02/2013 02:36:03 PM) (Source: Application Error)(User: )
Description: svchost.exe6.0.6001.1800047918b89unknown0.0.0.000000000c0000005000000007d801ced7d07971fd9a
Error: (11/02/2013 02:34:59 PM) (Source: Application Error)(User: )
Description: svchost.exe6.0.6001.1800047918b89unknown0.0.0.000000000c00000050000000045401ced7d0538dfa7a
Error: (11/02/2013 02:33:55 PM) (Source: Application Error)(User: )
Description: svchost.exe6.0.6001.1800047918b89unknown0.0.0.000000000c000000500000000c8401ced7d02d9dc25a
Error: (11/02/2013 02:32:51 PM) (Source: Application Error)(User: )
Description: svchost.exe6.0.6001.1800047918b89unknown0.0.0.000000000c000000500000000a5801ced7d00761ac5a
Error: (11/02/2013 02:31:46 PM) (Source: Application Error)(User: )
Description: svchost.exe6.0.6001.1800047918b89unknown0.0.0.000000000c000000500000000e3c01ced7cfddf51eba
Error: (11/02/2013 02:27:53 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/01/2013 07:13:24 PM) (Source: Software Licensing Service)(User: )
Description: hr=0x80070002, [2, 4]
Error: (11/01/2013 06:55:11 PM) (Source: Application Error)(User: )
Description: svchost.exe6.0.6001.1800047918b89unknown0.0.0.000000000c000000500000000147801ced72b82cd2135
Error: (11/01/2013 06:54:08 PM) (Source: Application Error)(User: )
Description: svchost.exe6.0.6001.1800047918b89unknown0.0.0.000000000c00000050000000058801ced72b5d2e25f5
Error: (11/01/2013 06:53:05 PM) (Source: Application Error)(User: )
Description: svchost.exe6.0.6001.1800047918b89unknown0.0.0.000000000c000000500000000144c01ced72b378343d5
CodeIntegrity Errors:
===================================
Date: 2013-11-02 14:32:17.741
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-02 14:32:17.663
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-02 14:32:17.569
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-02 14:32:17.491
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-02 14:32:17.397
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-02 14:32:17.304
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-02 14:32:17.226
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-02 14:32:17.132
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-26 10:04:18.233
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-21 18:23:14.326
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 31%
Total physical RAM: 3069.69 MB
Available physical RAM: 2104.37 MB
Total Pagefile: 6341.66 MB
Available Pagefile: 5340.05 MB
Total Virtual: 2047.88 MB
Available Virtual: 1912.86 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:287.98 GB) (Free:8.89 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:6.17 GB) NTFS
Drive f: () (Removable) (Total:0.94 GB) (Free:0.87 GB) FAT
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: F0000000)
Partition 1: (Not Active) - (Size=110 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=288 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 961 MB) (Disk ID: C801C696)
Partition 1: (Not Active) - (Size=961 MB) - (Type=06)
==================== End Of Log ============================ |